Abstract: In a technology stack including members provided in communication, a system and method are provided for managing keys for use in encrypting and decrypting data. The system comprises a key manager configured to define a group of members and to create at least one encryption key associated with the defined group, and a communications manager configured to transmit the at least one encryption key associated with the group to members in the group. Data encrypted by a member in the group using the at least one encryption key received by the member from the communications manager is transmitted to another member in the group for decryption using the at least one encryption key received by the another member from the communications manager.

Abstract: In one aspect, a method comprises the steps of deriving a base point on an elliptic curve in a first processing device, generating authentication information in the first processing device utilizing the base point and a private key of the first processing device, and transmitting the authentication information from the first processing device to a second processing device. The base point on the elliptic curve may be derived, for example, by applying a one-way function to a current time value, or by computation based on a message to be signed.

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

Abstract: The disclosed apparatus may include (1) a reply-reception module, stored in memory, that receives, from a satellite device, an authentication reply that includes an original authentication message digitally signed by the aggregation device using a private key of the aggregation device and that is digitally signed by the satellite device using a private key of the satellite device, (2) a forwarding module, stored in memory, that forwards the authentication reply to a network management server, (3) a validation-reception module, stored in memory, that receives, from the network management server in response to forwarding the authentication reply, a validation message, and (4) an authentication module, stored in memory, that authenticates the satellite device based at least in part on receiving the validation message. Various other apparatuses, systems, and methods are also disclosed.

Abstract: In one embodiment, the present invention includes a system on a chip (SoC) that has a first agent with an intellectual property (IP) logic, an interface to a fabric including a target interface, a master interface and a sideband interface, and an access control plug-in unit to handle access control policy for the first agent with respect to incoming and outgoing transactions. This access control plug-in unit can be incorporated into the SoC at integration time and without any modification to the IP logic. Other embodiments are described and claimed.

Abstract: Methods and apparatus for detecting VOIP spoofing attacks in systems that provide communication services over IP networks, for gathering information that can be used for preventing or mitigating future malicious attacks, are described. The methods and apparatus send various signals and check for expected responses. Actual responses and/or lack of responses to signals, e.g., messages, are detected, logged and used for making decisions as well as generating a record for informational purposes and analysis which can facilitate identification of common features of malicious packets and/or messages. The methods are well suited for use in a session border controller.

Abstract: Systems and methods are disclosed for registering a host computing device at a server and registering a lock device at the server via an application running on a mobile computing device, each being provided host keys from the server that allow communication between the host computing device the lock device. Further, the lock device can only be registered with the server if a current registered device count is less than a maximum registered device threshold.

Abstract: Provided is a communication apparatus (121) that securely manages passwords for utilizing a server apparatus. A generator (203) generates a random table having the same number of rows and the same number of columns as a password table associated with a server name specified in an authentication request received by a receiver (202). An acceptor (205) accepts a key from a user to whom the random table is presented by a presenter (204). An identification unit (206) identifies, from the key and the random table, the user's of selection order of elements in the table. An acquirer (207) selects and arranges elements in the password table in the identified selection order, thereby acquiring a password. An output unit (208) displays the acquired password on a display or transmits the acquired password to the server apparatus, thereby allowing the user to utilize the server apparatus.

Abstract: A method and system for testing the cryptographic integrity of data m comprises at least the following elements: a module transmitting a message M, said module comprising a memory for storing the parameters used to execute the steps of the method, such as the key, the public data, a transmission medium, a receiver module also comprising storage means for storing at least the same parameters as in transmission. The system may comprise storage means for storing confidential data such as the secret keys, a processor suitable for executing the steps.

Abstract: Techniques for classifying non-process threats are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for classifying non-process threats comprising generating trace data of at least one observable event associated with execution of a process, representing a first feature of the at least one observable event of the trace data, calculating, using a computer processor, a similarity between the first feature and at least one sample feature, and classifying the process based on the similarity.

Abstract: A system and method for communicating with a client application that can include at a communication platform, receiving an authorization token of a first client application; verifying at least one permission associated with the authorization token; at a first server of the communication platform, accepting an incoming communication request; retrieving communication instructions from a server according to the incoming communication request; identifying an instruction to communicate with a communication destination of the first client application; and establishing communication with the first client application.

Abstract: A system and method for providing security in a virtual environment are provided. An example system includes a link module that links a secured logical component to a logical entity including a set of virtual machines. The example system also includes a security module that identifies a set of security policies for one or more communications to the logical entity or one or more communications from the logical entity. The example system further includes a control module that controls, based on the set of security policies, the one or more communications to the logical entity or the one or more communications from the logical entity.

Abstract: A technique provides malicious identity profiles. The technique involves storing unsuccessful authentication entries in a database, the unsuccessful authentication entries including (i) descriptions of failed attempts to authenticate users and (ii) biometric records captured from the users during the failed attempts to authenticate the users. The technique further involves generating a set of malicious identity profiles based on the descriptions and the biometric records of the unsuccessful authentication entries stored in the database. Each malicious identity profile includes a profile biometric record for comparison with new biometric records during new authentication attempts. The technique further involves outputting the set of malicious identity profiles. Such a set of malicious identity profiles is well suited for use in future authentication operations, i.e., well suited for predicting intruder attacks and fraud attempts, and for sharing risky identities among authentication systems (e.g.

Abstract: A virtual environment firewall receives a message having a request from a virtual environment entity intended for a virtual environment controller. The virtual environment firewall determines whether the request complies with one or more governance rules of the virtual environment controller. If the request does not comply with the one or more governance rules, the virtual environment firewall processes the message to prevent the request from being processed by the virtual environment controller.

Abstract: A searchable encryption resistant to frequency analysis. A conversion rule management device generates a conversion rule table associating a search keyword with a conversion keyword group. Based on the conversion rule table, a data registration device generates registration data associating encrypted data with an encrypted keyword, and registers the registration data in a server device. An information processing device obtains from the conversion rule table a conversion keyword group associated with a specified search keyword, generates an encrypted keyword group, and requests a data search by specifying the encrypted keyword group. Using as a search key an encrypted keyword included in the encrypted keyword group, the server device searches for encrypted data associated with the search key, and returns searched encrypted data. The information processing device decrypts the searched encrypted data, and outputs as a search result search data obtained by decryption.

Abstract: A computer identifies each web method, of a web service, declared in a web services description language (WSDL) file. The computer adds a node within a directed graph for each web method identified. The computer identifies pairs of web methods declared in the WSDL file in which a match exists between an output parameter of one of the web methods and an input parameter of another one of the web methods. The computer adds an edge within the directed graph for each of the pairs of web methods identified. The computer generates one or more sequences of web methods based on nodes connected by edges within the directed graph, wherein each of the one or more sequences includes at least one of the pairs of web methods identified. The computer tests each of the one or more sequences of web methods to identify stored vulnerabilities in the web service.

Abstract: A system and computer program product for using a multi-user operating system. A user attempts to access the multi-user operating system. The system prompts the user to enter a shared credential associated with the multi-user operating system and an individual credential of the user. The system verifies the entered shared credential and the entered individual credential. The system grants the access to the user if both the entered shared credential and the entered individual credential are verified. The system tracks commands entered by the user granted the access via the entered shared credential while the user is using the multi-user operating system. The tracked commands indicate the entered individual credential.

Abstract: Electronic electricity meter with integrated digital-certification mechanism for secure communication, comprising current sensors, voltage sensors, electronic circuit for conditioning the current signals and voltage signals in the electrical levels required by the processing unit, processing unit able to continuously sample the current signals and voltage signals provided by the circuit and that reflect, using a known ratio, the real value of the current and voltage delivered to the meter connection terminals, the processing unit calculates the active and passive through energy and determines the energy values to be counted, and a communication unit, linked to the processing unit, which uses a digital data protocol and a physical interface to communicate with the world outside the meter, and a processing unit with digital certification functions located between the processing unit and the communication unit.

Abstract: A method is provided for generating a human readable passcode to an authorized user including providing a control access datum and a PIN, and generating a unique machine identifier for the user machine. The method further includes modifying the controlled access datum, encrypting the controlled access datum using the PIN and/or a unique machine identifier to camouflage the datum, and generating a passcode using the camouflaged datum and the PIN and/or the unique machine identifier. A mobile user device may be used to execute the method in one embodiment. The passcode may be used to obtain transaction authorization and/or access to a secured system or secured data. The unique machine identifier may be defined by a machine effective speed calibration derived from information collected from and unique to the user machine.

Abstract: Systems and methods are provided for computing a secret shared with a portable electronic device and service entity. The service entity has a public key G and a private key g. A message comprising the public key G is broadcast to the portable electronic device. A public key B of the portable electronic device is obtained from a manufacturing server and used together with the private key g to compute the shared secret. The portable electronic device receives the broadcast message and computes the shared secret as a function of the public key G and the portable electronic device's private key b. The shared secret can be used to establish a trusted relationship between the portable electronic device and the service entity, to activate a service on the portable electronic device, and to generate certificates.