Abstract: Secure communication in accessing a network is described herein. An example apparatus can include a memory and a processor coupled to the memory. The processor can be configured to receive an identity public key from the identity device. The identity public key can be received in response to providing, to the identity device, a request to modify content of the identity device. The processor can be further configured to encrypt data corresponding to subscriber information using the identity public key, provide (to the identity device) the encrypted data to store the subscriber information in the identity device, and access a network operated by a network operator via the data stored in the identity device.

Abstract: A system, method, and computer-readable medium are disclosed for performing a platform security operation, comprising: presenting a platform security user interface, the platform security user interface including a plurality of security blocks, each of the plurality of security blocks corresponding to a particular security policy function configuring a security policy via the platform security user interface, the configuring comprising combining a set of the security blocks according to a desired security function; converting the set of security blocks to information representing the security policy; and, deploying the security policy to an information handling system.

Abstract: A fingerprint image acquisition method for user authentication is provided. The method comprises determining whether a sensed pressure, which is applied to a fingerprint input window by a finger of a user touching the fingerprint input window, exceeds a predetermined startup pressure, acquiring a comparison image by imaging a fingerprint of the finger when the sensed pressure exceeds the startup pressure, measuring a quality of the comparison image, determining a value of a threshold pressure based on the quality of the comparison image and acquiring an authentication image for the user by capturing an image of the fingerprint of the finger when the sensed pressure exceeds the threshold pressure.

Abstract: Computer code is received that is written using a dynamic Domain Specific Language (DSL) running in a General Purpose Language (GPL) computing environment. A compiler performs static compiler analysis on the computer code. The static compiler analysis includes referencing a security policy defining one or more unacceptable program behaviors. During compile time at the compiler, runtime security checking functionality is performed leveraging compiler extensions, type information, and environment specific compile context. Results of the static compiler analysis are used to indicate when execution of the computer code would result in performance of the one or more unacceptable program behaviors. The one or more unacceptable program behaviors include modifying preexisting computer code to incorporate the computer code written using the DSL.

Abstract: An endpoint computer system can harvest data relating to a plurality of events occurring within an operating environment of the endpoint computer system and can add the harvested data to a local data store maintained on the endpoint computer system. A query response can be generated, for example by identifying and retrieving responsive data from the local data store. The responsive data are related to an artifact on the endpoint computer system and/or to an event of the plurality of events. In some examples, the local data store can be an audit log and/or can include one or more tamper resistant features. Systems, methods, and computer program products are described.

Abstract: An endpoint computer system can harvest data relating to a plurality of events occurring within an operating environment of the endpoint computer system and can add the harvested data to a local data store maintained on the endpoint computer system. In some examples, the local data store can be an audit log and/or can include one or more tamper resistant features. Systems, methods, and computer program products are described.

Abstract: Examples of the present disclosure describe systems and methods for evaluating malicious web content for associated threats using specialized web crawling techniques. In aspects, a first set of malicious and/or potentially malicious resource identifiers is identified. The first set of resource identifiers is evaluated to determine at least a second set of resource identifiers associated with the first set of resource identifiers. The second set of resource identifiers are provide to a web crawling component, which scans the second set of resource identifiers using a threat detection component. If any resource identifiers in the second set of resource identifiers are identified as malicious (or potentially malicious), those resource identifiers may be classified and recorded, provided to the web crawling component, and/or added to the first set of resource identifiers in subsequent threat detection analyses.

Abstract: Media content is provided using metric-apportioning. In accordance with one or more embodiments, remote-user interface circuits are authenticated and remote access is provided to different sets of media content via the interface. For each authenticated interface and a time-based period during which the interface accesses the media content, time-stamped usage data that characterizes use of the media content at the interface is communicated therewith. A usage metric characterizing usage of the media content is apportioned based upon the time-stamped usage data and stored weighting factor data for the media content.

Abstract: Systems, methods, and computer-readable media for securely pairing a secure element and a processor of an electronic device are provided. In one example embodiment, a method, at an electronic device, includes, inter alia, deriving a key using a processor of the electronic device, sharing the derived key with a commercial entity subsystem, and receiving the shared key from the commercial entity subsystem at a secure element of the electronic device, where the received key may be leveraged for enabling a secure communication channel between the processor and the secure element. Additional embodiments are also provided.

Abstract: An apparatus and method are described for sharing WiFi credentials.

Abstract: Some embodiments described herein include a method to validate supply chains for electronic devices using side-channel information in a signature analysis. The method includes sending, to a target device, a first signal associated with a set of codes to be executed by the target device, and then receiving first side-channel information associated with the target device in response to the target device executing the set of codes. The method also includes determining second side-channel information associated with a simulated device in response to the set of codes. The method further includes comparing a discriminatory feature of the first side-channel information with a discriminatory feature of the second side-channel information to determine a characteristic of the target device based on a pre-determined characteristic of the simulated device. Finally, the method includes sending, to a user interface, a second signal associated with the characteristic of the target device.

Abstract: Techniques are provided for security code for integration with an application. A first request associated with a request by an application to an application server is received. The application includes security code that performs a set of one or more operations on one or more input parameters. The application is provided one or more parameter values, wherein the security code generates a secret cryptographic key based on the one or more parameter values. A security key is received that includes encrypted client data collected at the client device that is encrypted using the secret cryptographic key. The secret cryptographic key is generated based on the one or more parameter values and knowledge of the set of one or more operations. It is determined that the decrypted client data matches a pattern of data associated with malware. The application server is prevented from processing a second request.

Abstract: A method and apparatus for distributing cryptographic material are disclosed. In the method and apparatus, cryptographic material is obtained and it is determined that the cryptographic material is to be made available for use by one or more computing resources. The cryptographic material is then sent to one or more secure modules, whereby a secure module of the one or more secure modules is programmatically accessible to a computing resource of the one or more computing resources and programmatic access enables the computing resource to request performance of one or more cryptographic operations using the cryptographic material while exporting the cryptographic material to the computing resource is denied.

Abstract: According to some embodiments, a plurality of monitoring nodes each generate a series of current monitoring node values over time that represent a current operation of a wind turbine. An abnormality detection computer platform may receive the series of current monitoring node values and generate a set of current feature vectors. The abnormality detection computer platform may also access an abnormality detection model having a plurality of decision boundaries created using wind information (e.g., wind speed and/or acceleration) along with at least one of a set of normal feature vectors and a set of abnormal feature vectors. The abnormality detection computer platform may then select one of the decision boundaries based on current wind information associated with the wind turbine and execute the abnormality detection model and transmit an abnormality alert signal based on the set of current feature vectors and the selected decision boundary.

Abstract: A method for digital signing of a document using a predetermined secret key. An initial internal state is determined by application to a condensate of the document of a first white box implementation of generation of a main nonce; then a modular sum of the main nonce and of a predetermined constant. The method also determines a first internal state by application to the initial internal state of a first modular arithmetic operation, then of a modular product with exponentiation of the predetermined constant. The method then determines a second internal state by application to said condensate of a second white box implementation of generation of the main nonce; and a second modular arithmetic operation function of the first internal state, of the main signature nonce and of the secret key. It then generates a digital signature of the document from the first internal state and the second internal state.

Abstract: Systems and methods are provided for authenticating an account via a hands-free gesture, such as a tap, pattern of taps, or other physical gesture not requiring a user to hold a computing device. A user can initiate a transaction to purchase an item by interacting with a first computing device (e.g., electronic kiosk, point-of-sale terminal, automated checkout device, etc.). The first computing device can receive a request from the user to purchase the item. In response, the first computing device can broadcast an authentication request. The user can perform the hands-free gesture for detection by a second computing device (e.g., the user's mobile device). The second computing device can transmit information associated with the hands-free gesture in response to the authentication request. The first computing device can authenticate the user based on the information associated with the hands-free gesture.

Abstract: In an embodiment, a method comprises intercepting, from a server computer, a first set of instructions that define one or more objects and one or more operations that are based, at least in part, on the one or more objects; generating, in memory, one or more data structures that correspond to the one or more objects; performing the one or more operations on the one or more data structures; updating the one or more data structures, in response to performing the one or more operations, to produce one or more updated data structures; rendering a second set of instructions, which when executed by a remote client computer cause the remote client computer to generate the updated data structures in memory on the remote client computer, wherein the second set of instructions are different than the first set of instructions; sending the second set of instructions to the remote client computer.

Abstract: A method at a network element for attestation of applications, the method including sending a challenge to an application at an electronic device; receiving a response from the electronic device; processing the response; and upon determining that the response is invalid based on the processing, taking an enforcement action against the application.

Abstract: The present invention provides a network access control method. The network access control method includes: configuring network access permission of a first application, where the network access permission includes allowing the first application to access a network resource by using a first type of network access point, and the first type of network access point includes at least one first network access point; accessing a second network access point, where the second network access point belongs to the first type of network access point; when the first application is running, allowing the first application to access the network resource by using the second network access point; and when a third network access point is accessed, if the third network access point does not belong to the first type of network access point, prohibiting the first application from accessing the network resource by using the third network access point.

Abstract: A method, system, and non-transitory computer readable medium are described for providing a sender a plurality of ephemeral keys such that a sender and receiver can exchange encrypted communications. Accordingly, a sender may retrieve information, such as a public key and a key identifier, for the first receiver from a local storage. The retrieved information may be used to generate a key-encrypting key that is used to generate a random communication encryption key. The random communication encryption key is used to encrypt a communication, while the key-encrypting key encrypts the random communication key. The encrypted communication and the encrypted random communication key are transmitted to the first receiver.