Abstract: A system and method for providing secondary-factor authentication with a third party application that can include enrolling a device application instance of an account into a secondary-factor authentication service on behalf of a service provider that includes at the secondary-factor authentication service, receiving a secondary factor of authentication enrollment request of an account, the request received from the service provider, transmitting an activation code, and pairing the device application instance with the account through the activation code; receiving an authentication request identifying the account; transmitting an authentication request to the device application instance paired with the account; validating a response to the application request; and transmitting an assessment to the service provider.

Abstract: In a data conversion auxiliary module which is at a higher level than a file system in a disk management hierarchy, data stored in a storage medium, which becomes an object, is successively accessed. Then, a data conversion module captures a sector-unit access request to a device driver from the file system, converts data of a sector which is returned from the device driver, and writes the conversion data in the sector. Thereby, data conversion can be executed on a specific region of the storage medium, which is associated with the data in the storage medium.

Abstract: A machine-readable medium may have stored thereon an instruction, which when executed by a machine causes the machine to perform a method. The method may include combining a first operand of the instruction and a second operand of the instruction to produce a result. The result may be encrypted using a key in accordance with an Advanced Encryption Standard (AES) algorithm to produce an encrypted result. The method may also include placing the encrypted result in a location of the first operand of the instruction.

Abstract: The invention relates to the technical field of information, and disclosed in the present invention are a key negotiation method and apparatus according to the SM2 key exchange protocol. The method is implemented as follows: two negotiation parties both calculate a parameter W according to the minimum positive integer value in the permissible values of X which enable an inequality n?2X to hold, and perform key negotiation with the opposite negotiation party according to the parameter W.

Abstract: A device comprises a data storage media storing data content and a digital signature. At least a portion of the digital signature is encrypted on the data storage media. The device also includes a removable control circuitry including a unique key. If the unique key corresponds to the encrypted portion of the digital signature, the removable control circuitry allows access to the data content. If the unique key does not correspond to the encrypted portion of the digital signature, the removable control circuitry prevents access to the data content. Embodiments of the invention may be useful to prevent a user from accessing the data content without the original control circuitry used to write the data content. For example, embodiments of the invention may prevent a user from using a different control circuitry that would readily allow unauthorized copying and distribution of the data content.

Abstract: The subject disclosure is directed towards secure computations of encrypted data over a network. In response to user desired security settings with respect to the encrypted data, software/hardware library components automatically select parameter data for configuring a fully homomorphic encryption scheme to secure the encrypted data items while executing a set of computational operations. A client initiates the set of computational operations via the library components and if requested, receives secure computation results in return.

Abstract: A method of detecting network intrusion based on improved support vector machine is disclosed. The method comprises the steps of identifying a plurality of features; computing information gain of each of the features; selecting a pre-determined number of features based on the computed information gain and augmenting that set of pre-determined number of features with special features to form a set of selected features; and classifying a network connection based on the selected features using support vector machine. In order to achieve better detection accuracy, cross-validation and grid-search are applied to select the radial basis function for the support vector machine.

Abstract: A Terminal Identity Token is created for identifying a User Equipment (UE) connected to a radio base station in a radio system. The UE communicates with the radio base station via a secure communication associated with an existing cryptographic key. The Terminal Identity Token is created based on a physical cell identity of a target cell known to both the UE and the radio base station, the terminal identity, and the existing key. By using the Terminal Identity Token, a secure communication can be established and enhanced without having to provide for additional security network components or additional signaling.

Abstract: A method of using a mobile terminal to implement cloud searching is provided. The method includes receiving, by the mobile terminal, searching conditions inputted by a user; executing, by the mobile terminal, local searching; and detecting whether networking is executed If networking is executed, the method includes detecting, by the mobile terminal, whether the local stores user account information; and connecting to a cloud server when the local of the mobile terminal stores the user account information. If networking is not executed, the method includes returning local searching results. The method further includes transmitting, by the mobile terminal, the searching conditions to the cloud server; and executing, by the cloud server, cloud searching according to the searching conditions; and returning searching results to the mobile terminal.

Abstract: Multiple apps of an ecosystem on a computer securely exchange encrypted data according to an information control policy of an enterprise, without allowing unauthorized access from outside of the ecosystem. An ecosystem agent creates an ecosystem directory, which contains policy information and identification information concerning each specific app in the ecosystem, including the ecosystem agent. Each ecosystem app generates an asymmetric key pair, the public key of which it shares only with apps in the ecosystem through the directory. The ecosystem agent's private key is used to encrypt the directory. Data is securely communicated between apps in the ecosystem, by encrypting and decrypting messages and data objects with the appropriate ecosystem app keys. Each specific app in the ecosystem complies with enterprise information control policy. Ecosystem apps can read a policy from the directory, and receive policy updates from the enterprise.

Abstract: A microcontroller includes on-chip key storage slots stored in a non-volatile memory, wherein selecting which key is to be used is restricted to software, wherein a predetermined key storage slot stores a Key Encrypt Key (KEK), and a register flag is provided for determining whether the predetermined key storage slot stores a key for encrypting/decrypting data or the KEK for encrypting/decrypting a key.

Abstract: According to one embodiment, a method for implementing computer security is provided. The method includes creating a token and populating a payload section of the token with key material and selecting a wrapping method that specifies how the key material is securely bound to key control information, wherein a structure of the key control information in the token is independent of the wrapping method. The method also includes wrapping the key material and binding key control information to the key material in the token, wherein the key control information includes information relating to usage and management of the key material.

Abstract: In at least one embodiment, a method for secured rollback of a virtual Trusted Platform Module (vTPM) that renders available functionalities offered by Trusted Platform Module (TPM) on a computer to a virtual machine (VM) is provided. The method includes taking and saving a snapshot of current state of a virtual machine as well as a snapshot of the corresponding vTPM, upon receiving a request for taking a snapshot of the virtual machine. The method further includes converting the snapshots into the current state of the virtual machine and the current state of the vTPM, respectively, upon receiving a request to roll back the virtual machine.

Abstract: Methods, systems, and computer program products for protecting information on a user interface based on a viewability of the information are disclosed. According to one method, a viewing position of a person other than a user with respect to information on a user interface is identified. An information viewability threshold is determined based on the information on the user interface. Further, an action associated with the user interface is performed based on the identified viewing position and the determined information viewability threshold.

Abstract: Apparatuses, methods, and non-transitory computer readable medium that evaluate a source code scanner are described. In one implementation, the method comprises obtaining source code. One or more good code snippets and one or more bad code snippets are inserted into the source code to obtain a modified source code. An issue list generated by the source code scanner upon scanning the modified source code is obtained. The issue list comprises code segments having security defects identified by the source code scanner, reasons for the security defects, and locations of the security defects in the modified source code. The code segments present in the issue list are compared with the one or more good code snippets and the one or more bad code snippets. A plurality of metrics, indicating quality of the source code scanner, are generated based on the comparison.

Abstract: A method of identifying a user of a device having a security policy and including a touch sensitive input device. The method includes receiving data corresponding to use of the touch sensitive input device by the user and determining from the received data at least one feature. Based on the at least one feature and a signature associated with an identifiable user, the method determines a likelihood that the user is the identifiable user and modifies, based on the likelihood, the security policy on the device.

Abstract: A method comprises establishing a network connection between the first processing device and the second processing device for transfer of data associated with a software authenticator from the first processing device to the second processing device, encrypting the software authenticator data with encryption that is separate from encryption used for the network connection, and transferring the encrypted software authenticator data from the first processing device to the second processing device.

Abstract: A system including a memory having regions including a first and second region, the first region being different from the second region, and a digital rights management engine to receive a plurality of ciphertext cipher blocks, decrypt the ciphertext cipher blocks yielding plaintext cipher blocks, output the plaintext cipher blocks to the first region of the memory over a period of time, provide a plurality of decoy cipher blocks in addition to the plaintext cipher blocks, the decoy cipher blocks having a pattern in which: a first one of the decoy cipher blocks consists of data, and a second one of the decoy cipher blocks consists of data which is the same as the data of the first one of the decoy cipher blocks, and output the decoy cipher blocks to the second region of the memory during the period of time. Related apparatus and methods are also included.

Abstract: A system for implementing computer security is provided. The system includes a computer processor and an application configured to execute on the computer processor, the application implementing a method that includes creating a token and populating a payload section of the token with key material and selecting a wrapping method that specifies how the key material is securely bound to key control information. A structure of the key control information in the token is independent of the wrapping method. Implementing computer security also includes wrapping the key material and binding key control information to the key material in the token. The key control information includes information relating to usage and management of the key material.

Abstract: A method is provided in one example embodiment and includes generating a first document and a second document associated with video data that includes a group of pictures (GOPs). The method also includes hashing a plurality of video frames associated with the video data. Additionally, the method includes appending each of the video frames' respective hash and respective display times to the first document, and appending each of a plurality of I-frames' respective hash and respective display times to the second document. The method further includes communicating the first document and the second document in a reliable manner over a network to a next destination.