Abstract: An electronic resource tracking and storage computer system communicates with computing systems operated by different participants. Computing systems store copies of a blockchain and have associated computing devices with sensors. A programmed rule set includes conditions to be met when cooperating to complete, in connection with a resource tracked via the blockchain, a modeled process including modeled tasks. A transceiver receives, from the computing devices, signed electronic data messages including identifiers and values from their respective sensors. Blockchain transactions including identifiers and value(s) in the respective messages are generated. Generated blockchain transactions are published for inclusion in blockchain's copies. Value(s) in the respective electronic data messages are validated against the set of programmed rules. Based on the validations' results, events are emitted to an event bus monitored by a management system.

Abstract: Protecting a network device from malicious executable code embedded in a computer document. In one embodiment, a method may include detecting executable code embedded in a computer document stored on a network device. The method may also include detecting a potential hoax object in the computer document. The method may further include determining that the potential hoax object is a hoax object by determining that the potential hoax object includes a message enticing a user to enable execution of the executable code. The method may also include, in response to determining that the potential hoax object is a hoax object, concluding that the executable code is malicious and performing a security action on the network device that secures the network device from the malicious executable code.

Abstract: The present disclosure pertains to detecting a network attack. In one embodiment, a first device may receive a high-precision time signal and may use the signal to associate a first time stamp with each of a plurality of data packets reflecting a time that each data packet is transmitted. A second device may receive the plurality of data packets from the first device via a data network. The second device may also receive the high-precision time signal and may use the signal to associate a second time stamp with each of the plurality of data packets reflecting a time that each data packet is received. A time of flight may be determined based on the first time stamp and the second time stamp. The second device may determine whether the time of flight for each of the first plurality of data packets is consistent with a valid time of flight.

Abstract: A non-transitory machine-readable storage medium stores instructions that upon execution cause a processor to, in response to a receipt of a query, communicate, via a first encrypted channel using a first key, first encrypted data between a plurality of nodes of a distributed database system, the first encrypted data comprising query metadata and a second key; communicate, via a second encrypted channel, second encrypted data between the plurality of nodes of the distributed database system, the second encrypted channel using the second key included in the first encrypted data, the second encrypted data comprising query data; and generate, by the plurality of nodes of the distributed database system, results for the query based on the query data in the second encrypted data.

Abstract: A request is received at a server and from a first software client to obtain at least one electronic credential, and the first software client is associated with a first user, and the server stores multiple electronic credentials that are used to extract a service object; at least one electronic credential is transmitted from the server to the first software client based on a predetermined rule; an allocation request is received at the server to extract the service object, and the allocation request includes electronic credentials selected from electronic credentials obtained by the first software client; a number of categories of the selected electronic credentials that included in the allocation request is determined to be is greater than or equal to a predetermined number; and the service object that selected from a service object set is allocated to the first software client based on a predetermined allocation rule.

Abstract: This disclosure relates to blockchain-type data storage. In one aspect, a method includes receiving, by a database server, multiple second data records. Each second data record includes a first data record having a user identifier and a digital signature of the first data record. Hash values of the second data records are determined. In response to a blockchain-type block generation condition being satisfied, the database server determines two or more second data records to be written in a data block. An Nth data block that includes a hash value and a block height is generated. N is a sequence number of the Nth data block in a sequence of data blocks. When N>1, generating the Nth data block includes determining the hash value for the Nth data block based on the hash values of the two or more second data records and a hash value of a (N?1)th data block.

Abstract: Data items such as files or database records associated with particular applications (such as messaging applications and other applications) can be stored in one or more remote locations, such as a cloud storage system, and synchronized with other devices. The remote storage can be configured such that each application executing on a client device can only view data items stored at the remote location to which the application has permission to access. An access manager on each client device enforces application specific access policies. Storage at the remote location can be secured for each application associated with a user or user account, for example, using isolated containers. The cloud storage of data can be anonymized and anonymous group data can be stored in the cloud storage.

Abstract: A request is received at a server and from a first software client to obtain at least one electronic credential, and the first software client is associated with a first user, and the server stores multiple electronic credentials that are used to extract a service object; at least one electronic credential is transmitted from the server to the first software client based on a predetermined rule; an allocation request is received at the server to extract the service object, and the allocation request includes electronic credentials selected from electronic credentials obtained by the first software client; a number of categories of the selected electronic credentials that included in the allocation request is determined to be is greater than or equal to a predetermined number; and the service object that selected from a service object set is allocated to the first software client based on a predetermined allocation rule.

Abstract: Disclosed aspects relate to information presentation management by an electronic presentation device. With respect to a set of information for presentation, a set of information profile data is detected. Using a set of sensors linked to the electronic presentation device, a set of device sensor data of the electronic presentation device is collected. Based on both the set of device sensor data and the set of information profile data, a determination of a security configuration for presentation of the set of information on the electronic presentation device is made. Based on the security configuration, the set of information is presented by the electronic presentation device.

Abstract: Embodiments of the present invention provide an approach for policy-driven (e.g., price-sensitive) scaling of computing resources in a networked computing environment (e.g., a cloud computing environment). In a typical embodiment, a workload request for a customer will be received and a set of computing resources available to process the workload request will be identified. It will then be determined whether the set of computing resources are sufficient to process the workload request. If the set of computing resources are under-allocated (or are over-allocated), a resource scaling policy may be accessed. The set of computing resources may then be scaled based on the resource scaling policy, so that the workload request can be efficiently processed while maintaining compliance with the resource scaling policy.

Abstract: There is disclosed a device and method in a wireless communication system and a wireless communication system, the device including: a secure channel establishing unit configured to establish a secure communication channel between a first apparatus and a second apparatus using a location-based service; a data security key generating unit configured to generate a data security key for protecting service data based on at least a channel key extracted from the secure communication channel; and a controlling unit configured to control the service data protected using the data security key to be transmitted on the secure communication channel. According to the embodiments of the disclosure, it is possible to improve security of data transmission.

Abstract: A communication device includes a memory to store a contact list, a communication, and tagged contacts and tagged communication form of the tagged contacts; a processor to receive an incoming communication transmitted to the communication device determine identification information from the incoming communication; and determine if the incoming communication meets a criterion for a third party user of the communication device to view the incoming communication. To determine if the incoming communication meets the criterion, the processor compares the determined identification information from the incoming communication to the tagged communication form of the tagged contacts. If the incoming communication meets the criterion, then the processor displays the incoming communication, and if the incoming communication does not meet the criterion, then the processor does not display the incoming communication.

Abstract: A system includes a processor and a memory accessible to the processor. The memory stores instructions that, when executed by the processor, cause the processor to determine a privacy policy score for one of an application and a website and provide the privacy policy score to a device.

Abstract: The subject matter described herein includes methods, systems, and computer readable medium for scrambled communication of data to, from, or over a medium. According to one aspect, the subject matter described herein includes a method for communicating data in scrambled form to or over a medium. The method includes receiving analog or digital data to be transmitted to or over a medium. The method further includes modulating samples representing at least signal using the analog or digital data to produce data modulated signal samples. The method further includes scrambling the data modulated signal samples using a predetermined scrambling algorithm. The method further includes transmitting the scrambled data modulated signal samples to or over the medium. The method further includes descrambling samples received from the medium using the inverse of the predetermined scrambling algorithm to obtain the unscrambled modulated signal samples, which can then be demodulated to retrieve original data.

Abstract: Techniques for assessing risk associated with firewall rules are provided. In one implementation, a method includes receiving a request for the network to apply a firewall policy rule to control traffic to a machine associated with the network, wherein the firewall policy rule comprises information that identifies a remote address from which the traffic can originate and a type of the traffic. The method further includes determining a remote address risk value representative of a first degree of security risk associated with allowing the traffic to access the machine in response to the traffic being determined to originate from the remote address; determining a traffic type risk value representative of a second degree of security risk associated with allowing the type of traffic to access the machine; and determining a total risk value based on a combination of the remote address risk value and the traffic type risk value.

Abstract: Techniques for malware detection using clustering with malware source information are disclosed. In some embodiments, malware detection using clustering with malware source information includes generating a first cluster of source information associated with a first malware sample, in which the first malware sample was determined to be malware, and the first malware sample was determined to be downloaded from a first source; and determining that a second source is associated with malware based on the first cluster.

Abstract: An example computing device includes a shares generation unit configured to generate secret shares of biometric information of a user; a storage interface configured to interface with storage nodes for storing each of the secret shares to a corresponding one of the storage nodes; and a computation engine configured to perform re-enrollment by outputting a plurality of messages to instruct each of the storage nodes to generate a respective share of a new helper data in accordance with the secret shares of the biometric information and a secure computation protocol, receive the respective share of the new helper data from two or more storage nodes, and determine the new helper data based on the respective share of the new helper data from each of the two or more storage nodes for subsequent authentication of the user, wherein the re-enrollment occurs without receiving additional/repeat biometric information, thereby resulting in faster re-enrollment.

Abstract: An electronic device for preemptively removing biometric information from a display is provided. The electronic device includes a display, at least one sensor disposed under a region of the display and at least one processor. The at least one processor may be configured to detect, using the at least one sensor, a touch input on the region of the display and display, using the display, a user interface which guides to remove a mark caused by the touch input, wherein the mark includes biometric information acquired based on the touch input.

Abstract: An air-gapped computing system includes at least network card interface; a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to: initialize a hypervisor for execution over a primitive OS; create a plurality of isolated security zones by instantiating a plurality of corresponding virtual machines using the hypervisor, wherein each of the plurality of security zones includes a plurality of applications executed over a guest OS; instantiate a networking virtual machine using the hypervisor; control, by the networking virtual machine, access of each application in each of the plurality of security zones to an external network resource; and monitor execution of the guest OS and each application in at least one activated security zone of the plurality of security zones, wherein the monitoring is performed to maintain compliance with a security policy corresponding to each activated security zone being monitored.

Abstract: A method of enhancing security of at least one of a host computing device and a peripheral device coupled to the host computing device through a communication interface. Data is transparently received from the peripheral device or the host computing device, and the received data is stored. The stored data is analyzed to detect a circumstance associated with a security risk. If such a circumstance is not detected, then the data is transparently forwarded to the other of the peripheral device or the host. However, if a circumstance associated with a security risk is detected, then a security process, defined by a rule, is performed. Related apparatus are provided, as well as other methods and apparatus.