Abstract: Technologies are generally described for methods and devices for generating a final signature. The methods may comprise receiving a message by a processor. The methods may comprise generating a random number by a random number generator. The methods may comprise forwarding, by the processor, the random number to a cloaking element generator. The methods may comprise forwarding, by the processor, a private key to the cloaking element generator. The methods may comprise forwarding, by the processor, a group to the cloaking element generator. The methods may comprise forwarding, by the processor, a homomorphism to the cloaking element generator. The methods may comprise processing, by the cloaking element generator, the random number, the group, the private key, and the homomorphism to produce a cloaking element. The methods may comprise applying the cloaking element to transform the message into the final signature.

Abstract: Communication partners known to be malignant or benign are input to a known communication partner input unit, a subject communication partner whose malignancy is to be calculated is input to a subject communication partner input unit, a characteristic extractor extracts changes over time in whether the known communication partners and the subject communication partner are listed at a past given time point on a malignancy communication partner list and a benign communication partner list, and a malignancy calculator calculates malignancy of the subject communication partner on the basis of the characteristic information about the known communication partners and the subject communication partner.

Abstract: A computer system, an IoT device monitoring method, and a program in which a security is improved are provided. A computer system for monitoring a connected IoT device 100 monitors a login state of the IoT device 100, detects an unauthorized access based on a result of the monitoring, learns any one or both of an ID or a password of the detected unauthorized access, and determines whether any one or both of an ID and a password held in advance by the IoT device 100 are easy to be released.

Abstract: A distributed security method is implemented in a processing node of a distributed security system comprising one or more processing nodes and one or more authority nodes, wherein the distributed security system is located external to a network edge of an enterprise and external from one of a computer device and a mobile device associated with a user. The distributed security method includes monitoring a content item sent from or requested by an external system which is external from a network edge of the external system; and responsive to a security policy associated with the external system, performing one of allowing the content item through the processing node; precluding the content item at the processing node; and threat detecting the content item at the processing node and one of allowing or precluding the content item based on the threat detecting.

Abstract: Disclosed are systems and methods for improving interactions with and between computers in an authentication system supported by or configured with personal computing devices, servers and/or platforms. The systems interact to identify and retrieve data across platforms, which data can be used to improve the quality of data used in processing interactions between or among processors in such systems. The disclosed systems and methods provide advanced, computerized security features that dynamically, in real-time, determine parameters that must be entered in order for a user to login to a system or platform, as well as the quantity and order such parameters must be entered. The disclosed systems and methods involve computerized mechanisms for authenticating a user or device for which access to a web-based resource is desired. Requested credentials in accordance with the dynamically determined manner in which such credentials are automatically determined and requested must be appropriately entered.

Abstract: A system that includes a plurality of cloud servers in signal communication with user devices and an authentication server. Each cloud server is configure to generate a cloud key that is uniquely linked with a user associated with a user device and the cloud server and send the cloud key to the user device. The authentication server is configured to receive a network resource access request comprising the cloud key from the user device, perform multi-factor authentication with the user associated with the user device, and identify a cloud server from among the plurality of cloud servers based on a user profile linked with the user. The authentication server is further configured to send a key validation request to the identified cloud server, receive a key validation response, determine whether the cloud key passes verification, and send a network resource access response to the user device.

Abstract: A distributed security method is implemented in a processing node of a distributed security system comprising one or more processing nodes and one or more authority nodes, wherein the distributed security system is located external to a network edge of an enterprise and external from one of a computer device and a mobile device associated with a user. The distributed security method includes obtaining security policy data associated with the user and the enterprise from an authority node; monitoring data communications between the user, the enterprise, and the Internet in a processing node; and controlling the data communications between the user, the enterprise, and the Internet based on the monitoring to provide security measures between the user, the enterprise, and the Internet.

Abstract: In one embodiment, a method includes receiving, from a device via a wireless signal, a request to access a WLAN of a router, the request including a device identifier. The provisioning agent may be within wireless ranges of the device and of the router. The provisioning agent may request, from an authentication server, a password for the device. The password may be uniquely generated by the authentication server for the device. The provisioning agent may receive the password from the authentication server. The provisioning agent may send, to the router, the password and the device identifier. The provisioning agent may receive, from the router, an indication that the router has verified the password with the authentication server. The router may store the device identifier in association with the password. The provisioning agent may send, to the device, the password. The password may authenticate the device to the router.

Abstract: A method for assigning a device fingerprint to a target device is provided. The method includes acquiring first attributes of the target device, the first attributes including at least one browser plug-in or one font; calculating a correlation value with respect the first attributes of the target device and second attributes of at least one second device having a device fingerprint stored in a device library. The first attributes correspond to the second attributes. The method further includes: if the correlation value is greater than or equal to a pre-determined threshold value, assigning the device fingerprint of the at least one second device to the target device; and if the correlation value is smaller than the pre-determined threshold value, storing the first attributes of the target device to the device library and assigning a new device fingerprint to the target device.

Abstract: A cyber-security threat detection system and method stores physical data measurements from a cyber-physical system and extracts synchronized measurement vectors synchronized to one or more timing pulses. The system and method synthesizes data integrity attacks in response to the physical data measurements and applies alternating parametrized linear and non-linear operations in response to the synthesized data integrity attacks. The synthesis renders optimized model parameters used to detect multiple cyber-attacks.

Abstract: A method for authenticating an individual for login to a server computer includes receiving at the server computer data for a first authentication image from an electronic computing device. First attributes are identified of one or more similar geometrical shapes from the data for the first authentication image. A determination is made as to whether the first attributes of the one or more similar geometrical shapes from the data for the first authentication image correspond to second attributes from a second authentication image accessible on or by the server computer. When the first attributes correspond to the second attributes, the individual is authenticated on the server computer.

Abstract: A method and apparatus for establishing a wireless connection. A digital certificate having a second name is obtained by a processor unit in response to receiving a selection of a network using a first name broadcast by a wireless access point. A determination is made by the processor unit as to whether the digital certificate is valid. A determination is made by the processor unit as to whether the second name in the digital certificate matches the first name broadcast by the wireless access point. The processor unit establishes the wireless connection to the wireless access point in response to the digital certificate being valid and the second name in the digital certificate matching the first name broadcast by the wireless access point.

Abstract: Systems and methods for copy and decrypt support for encrypted virtual machines are disclosed. An example method may include receiving, at a source host machine hosting a virtual machine (VM), a request to migrate the VM to a destination host machine, identifying a first page of memory of the VM on the source host machine for migration, write-protecting the first page, the first page of memory encrypted with a VM-specific encryption key, allocating a second page, executing a copy-and-reencrypt command using the first page and the second page as parameters for the copy-and-reencrypt command, the copy-and-reencrypt command to output the second page comprising contents of the first page re-encrypted with a migration key, and transmitting contents of the second page to the destination host machine.

Abstract: Technologies are generally described for methods and devices for generating a final signature. The methods may comprise receiving a message by a processor. The methods may comprise generating a random number by a random number generator. The methods may comprise forwarding, by the processor, the random number to a cloaking element generator. The methods may comprise forwarding, by the processor, a private key to the cloaking element generator. The methods may comprise forwarding, by the processor, a group to the cloaking element generator. The methods may comprise forwarding, by the processor, a homomorphism to the cloaking element generator. The methods may comprise processing, by the cloaking element generator, the random number, the group, the private key, and the homomorphism to produce a cloaking element. The methods may comprise applying the cloaking element to transform the message into the final signature.

Abstract: An identity management system prevents users' credential information from being harvested by phishing attackers. The identity management system can installed as a plug in on users' devices. Destinations that solicit users' credential information are verified. For example, web addresses or registered names of websites that receive users' credential information can be verified against known web addresses or registered names to verify their authenticity. When verification of the authenticity of a destination fails, a user is alerted and submission of credential information needs to be confirmed.

Abstract: A computer program product has a computer-readable storage medium having computer program instructions embodied therein for performing a method for implementing a privacy policy for a user. The method may include the user developing rules that determine whether another user (requester) can access information related to the user. The rules may be stored in a database coupled to a server and evaluated when a request is received from the requester to access the information. If a rule is satisfied by the requester, the server can return the information to the requester. The information can be returned at a level of granularity specified by the user in the satisfied rule. A privacy level can be set by the user to allow access to requesters based on the rules or to deny access to any requesters.

Abstract: Systems and methods for implementing access control by systems-on-chip (SoCs). An example SoC may comprise: an access control unit comprising a secure memory for storing access control data, the access control unit to: receive a message comprising an access control data item; store the access control data item in the secure memory; perform at least one of: authenticating the message using a message digest function, or validating contents of the secure memory by comparing a stored reference value with a calculated value of a message digest function of the contents of the secure memory; and control, in view of the access control data item, access by an initiator device to a target device.

Abstract: A data processing system is provided that includes applications, databases, encryption engines, and decryption engines. Encryption and decryption engines may be used to perform format-preserving encryption on data strings stored in a database. Applications may be used to embed information in data strings. Information may be embedded by using a character set that is larger than a character set being used by a data string. A data string may be converted into a larger character set, analogous to converting a number from a lower base to higher base. Such a conversion may shorten a data string, allowing information to be embedded as appended characters.

Abstract: Methods and systems for pairing a device to an account managed by a remote service include connecting to a commissioning device. The commissioning device is a device that manages pairing of devices to a remote service. Pairing the device to the fabric in a remote service also includes receiving service configuration details from the commissioning device. The commissioning device has previously retrieved the service configuration details that contain details configured to enable the joining device to connect to the remote service. Using the service configuration details, a device connects to the remote service using the received service configuration details.

Abstract: A method for runtime malware detection is described. In one embodiment, the method may include classifying a first file as clean and a second file as malware, performing a sample execution of the first and second files, identifying system processes called during sample executions of the first and second files, mapping each system process of the host operating system to a position on an image matrix, indicating each system process called during the sample execution of the first file in a first image matrix and each system process called during the sample execution of the second file in a second image matrix, and determining at runtime a probability an unknown file includes malware based at least in part on an analysis of the unknown file in relation to at least one of the first instance and the second instance of the generated image matrix.