Abstract: A server system receives messages from client computing devices. Each of the messages corresponds to a transaction. The server system assigns each respective transaction to a respective fresh virtual machine. Furthermore, the server system performs, as part of a respective virtual machine processing a respective transaction, a modification associated with the respective transaction to a shared database. The shared database is persisted independently of the plurality of virtual machines. In response to determining that processing of the respective transaction is complete, the server system discards the respective virtual machine. In response to a trigger, such as determining that the respective transaction is associated with a cyber-attack, the server system uses checkpoint data associated with the respective transaction to roll back the modifications associated with the respective transaction to the shared database.

Abstract: A server system receives messages from client computing devices. Each of the messages corresponds to a transaction. The server system assigns each respective transaction to a respective fresh virtual machine. Furthermore, the server system performs, as part of a respective virtual machine processing a respective transaction, a modification associated with the respective transaction to a shared database. The shared database is persisted independently of the plurality of virtual machines. In response to determining that processing of the respective transaction is complete, the server system discards the respective virtual machine. In response to determining that the respective transaction is associated with a cyber-attack, the server system uses checkpoint data associated with the respective transaction to roll back the modifications associated with the respective transaction to the shared database.

Abstract: Systems and methods to automatically generate signatures used to detect malware are provided. The systems and methods use machine learning techniques, to build an over-trained heuristic model to analyze software, cluster identified patterns, validate the clusters against known reputational metrics, automatically create signatures and, in some examples, deploy such signatures to remote computing devices.

Abstract: A encrypted text wildcard search method enables wildcard search of encrypted text by using a permuterm index storing permuted keyword strings that are encrypted using an order preserving encryption algorithm. The permuted keyword strings are encrypted using an order preserving encryption algorithm or a modular order preserving encryption algorithm and stored in the permuterm index. In response to a search query containing a wildcard search term, the encrypted text wildcard search method transforms the wildcard search term to a permuted search term having a prefix search format. The permuted search term having the prefix search format is then used to perform a range query of the permuterm index to retrieve permuted keyword strings having ciphertext values that fall within the range query. In some embodiments, the encrypted text wildcard search method enables prefix search, suffix search, inner-wildcard search, substring search and multiple wildcard search of encrypted text.

Abstract: The present invention discloses methods for effective network-security inspection in virtualized environments, the methods including the steps of: providing a data packet, embodied in machine-readable signals, being sent from a sending virtual machine to a receiving virtual machine via a virtual switch; intercepting the data packet by a sending security agent associated with the sending virtual machine; injecting the data packet into an inspecting security agent associated with a security virtual machine via a direct transmission channel which bypasses the virtual switch; forwarding the data packet to the security virtual machine by employing a packet-forwarding mechanism; determining, by the security virtual machine, whether the data packet is allowed for transmission; upon determining the data packet is allowed, injecting the data packet back into the sending security agent via the direct transmission channel; and forwarding the data packet to the receiving virtual machine via the virtual switch.

Abstract: A method of user logon to a computing device or computer system that, distinct from requiring entry of a set of known logon credentials such as a username and password, introduces an additional thought-directed user interface whereby the user must respond to one or more prompts that measure the user's cognitive function at the time of logon or during an active logon session. The user's responses to these prompts are evaluated for several purposes, including determining whether the user demonstrates the required level of cognitive function to gain access to the computer system or continue an active logon session. The user's responses and associated data may also be stored and retrieved at a later time for various purposes, including determining whether and to what extent the user's level of cognitive function is improving, diminishing, or remaining static over time.

Abstract: Techniques are described for securely provisioning a client device. A client device may output first client information over a secure interface to a trusted device to be transmitted to an authentication server. Second client information related to the first client information may be transmitted to the authentication server. The authentication server may link the second client information and the first client information. The client device may receive an encrypted authentication credential from the authentication server. The authentication credential may be encrypted based at least in part on the first client information or the second client information. The client device may decrypt the encrypted authentication credential using the first client information, the second client information, or a shared secret key.

Abstract: An apparatus to protect contents of a memory region is presented. In one embodiment, the apparatus includes a non-volatile memory, memory check logic to generate check values for protected memory regions, and comparison logic to compare stored check values from the non-volatile memory with generated check values from the memory check logic. The apparatus also includes security logic to prevent executing code in the protected memory regions if the comparison logic detects a mismatch between the stored check values and the generated check values.

Abstract: A device authenticates accessories by detecting that an accessory is attached to the device, determining a unique identification (ID) for the accessory, determining, based on the unique ID, if the accessory has been paired to the device, and in response to determining that the accessory has been paired to the device, enable use of the accessory by the device. In response to determining the accessory has not been paired to the device, the devices performs a secondary authentication process on the accessory.

Abstract: The disclosed computer-implemented method for attributing potentially malicious email campaigns to known threat groups may include (1) identifying a potentially malicious email campaign targeting at least one organization, (2) detecting, within the potentially malicious email campaign, an incriminating feature that has been linked to a known threat group, (3) determining, based at least in part on detecting the incriminating feature linked to the known threat group, that the known threat group is likely responsible for the potentially malicious email campaign, and then in response to determining that the known threat group is likely responsible for the potentially malicious email campaign, (4) attributing the potentially malicious email campaign to the known threat group. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The obfuscation of information included in Session Initiation Protocol (SIP) invites for the purposes of facilitating Lawfully Authorized Electronic Surveillance (LAES) is contemplated. The obfuscation may include the use of LAES headers with invites of sessions that require surveillance as well as those not requiring surveillance and/or selecting values or otherwise influencing parameter selection of data included in LAES headers according to a validity function, a shared secret, a key or other construct.

Abstract: A method and system for roaming website accounts and passwords are provided. The method is operational on a first client and includes: authenticating website accounts and passwords that have been stored; obtaining the stored website addresses, accounts and passwords according to a success verification; encrypting the stored website addresses, accounts and passwords for generating encrypted information, and generating a first QR code to be obtained by a second client according to the encrypted information. The website accounts and passwords are roamed and synchronized to be shared. The synchronization process verifies the accounts and passwords, and would not need a third-party server. Risk of data lost in case that the third-party server is attacked would be eliminated, and the safety for the accounts and passwords is improved.

Abstract: A system and method of providing a platform trust extension for an information handling system is disclosed herein. The platform trust extension receives a notification that an application is selected for installation or execution on an information handling system. The identify of the application or the source of the application is identified based upon a signature of the application. The platform trust extension determines whether the application or the source of the application is semi-trusted based upon the signature of the application. If the application is semi-trusted, the platform trust extension permits the application to run at an additional trust level.

Abstract: Various embodiments are generally directed to hardening the performance of calculations of a digital signature system for authenticating computing devices against side-channel attacks. An apparatus comprises a processor circuit and an interface operative to communicatively couple the processor circuit to a network; a storage communicatively coupled to the processor circuit and arranged to store instructions operative on the processor circuit to digitally sign a message to create a first signature using a modular arithmetic operation arranged to compensate for a value of a variable greater than a modulus without use of a branching instruction; and transmit the first signature to a verifying server via the network. Other embodiments are described and claimed herein.

Abstract: One embodiment provides a system for assembling a reconstructable content stream. The system obtains a content collection that includes a plurality of content components and generates a manifest. An entry in the manifest corresponds to a content component. The system obtains a set of stream-construction rules, generates a stream-construction manifest by attaching the set of stream-construction rules to the manifest, and constructs a set of stream objects based on the stream-construction rules. A respective stream object may include an embedded chunk of a content component. The system signs the set of stream objects and assembles the reconstructable content stream by including the stream-construction manifest followed by the set of stream objects, thereby enabling an intermediate node to extract and store one or more content components and to reconstruct, at a later time, stream objects for the one or more content components based on the stream-construction manifest and the stored components.

Abstract: Embodiments of an invention for virtualizing a hardware monotonic counter are disclosed. In one embodiment, an apparatus includes a hardware monotonic counter, virtualization logic, a first non-volatile storage location, and a second non-volatile storage location. The virtualization logic is to create a virtual monotonic counter from the hardware monotonic counter. The first non-volatile storage location is to store an indicator that the count of the hardware monotonic counter has changed. The second non-volatile storage location is to store an indicator that the count of the virtual monotonic counter has changed.

Abstract: A software module executes on a first operating system running. The software module determines that the first operating system has caused data to the written to a first clipboard maintained by the first operating system. The software module consults policy data to determine whether the data should additionally be written to a second clipboard maintained by a second operating system. The policy data may only allow the data to be written to the second clipboard if the data was written to the first clipboard at the initiation of or approved by a user. If the software module determines that the policy data allows the data to be written to the second clipboard, then the software module, without human instruction, causes the data to written to the second clipboard.

Abstract: A first request from a client using a first protocol is translated into one or more second requests by a servicer using a second protocol through a virtual request using the first protocol. A client may use parameters of the first protocol to pass virtual request components to the servicer. A format agreement between the client, servicer and/or authentication service may allow the servicer and/or authentication service to translate the virtual request components over the first protocol to one or more second requests using the second protocol. Virtual request components may prove the authenticity of the virtual request received by the servicer to an authentication service. Once satisfied the virtual request is valid, the authentication service may issue a credential to the servicer to send the one or more second requests to an independent service. Virtual requests may be included in various protocols, including credential-based protocols and certificate exchange-based protocols.

Abstract: A device may receive, from a first user device, a request to transmit a message to a user of a second user device. The request may include particular information indicating that content of the message is to be displayed to the user for a particular amount of time. The device may encrypt, based on receiving the request and using a key, the content of the message to obtain an encrypted message. The device may transmit the encrypted message to the second user device and receive, from the second user device, a request for the key. The device may transmit, to the second user device, the key and information identifying the particular amount of time to cause the second user device to decrypt the encrypted message, using the key, to obtain a decrypted message and cause the second user device to delete the decrypted message after the particular amount of time.

Abstract: Various exemplary embodiments relate to a method, device, and storage medium including: receiving an NDEF message by an NFC device including a payload and at least one of a digital signature and a reference to a digital signature; stripping data from the payload to produce a stripped payload; verifying the payload using the digital signature and the stripped payload; and conditionally interpreting the payload based on whether the payload is verified. Various embodiments are described wherein: the payload includes a URI including a fragment denoted by a pound character; and stripping data includes stripping the fragment from the URI. Various embodiments are described wherein the payload is verified, the fragment comprises fragment data, and interpreting the payload comprises: transmitting a message requesting a resource identified by the URI, wherein the request omits the fragment data; executing a received script to transmit the fragment data to a device.