Abstract: Example embodiments of the present invention provide a method, an apparatus, and a computer program product for correlating privacy-related portions of a data stream with information indicative of a privacy policy. The method includes receiving privacy-related portions of a data stream transmitted from a source intended for a destination and receiving information indicative of a privacy policy associated with the destination. The privacy-related portions of the data stream then may be correlated with the information indicative of the privacy policy. According to this correlation, the privacy-related portions of the data stream may be forwarded to the destination.

Abstract: An apparatus is provided including at least one platform; an intrusion prevention system configured to communicative couple with the at least one platform; a firewall configured to communicative couple with the at least one platform; at least one first data storage configured to communicative couple with the at least one platform; and at least one second data storage configured to communicative couple with the at least one platform. The at least one platform is configured to perform a plurality of operations that collective protect one or more networked devices.

Abstract: A system and method for automatic password recovery for one or more web services comprising: obtaining user registration data and a request password restoration, determining a first security question associated with a first complexity factor, causing the first security question to be asked to the user, obtaining the first user's answer and assigning a first weighting factor thereto, the first weighting factor depending on the first complexity factor determining a second security question associated with a second complexity factor, causing the second security question to be asked to the user, obtaining the second user's answer and assigning a second weighting factor thereto, the second assigned weighting factor depending on the second complexity factor, adding up the first weighting factor and the second weighting factor, if the sum exceeds a given threshold, automatically restoring the password and if the sum is below the given threshold, denying automatic password restoration.

Abstract: A system may provide hardware acceleration for blockchain-based record entry. Client circuitry may provide record entry information to node circuitry. The node circuitry may compile the record entry information into a record entry for submission to blockchain management circuitry (BMC). The BMC may access a consensus operating procedure. The BMC may apply the consensus operating procedure to the record entry to gain append permissions for a blockchain. After completing the consensus operating procedure, the BMC may append a block generated based on the record entry to the blockchain. Accordingly, the system may ensure that blocks added to the blockchain were generated in compliance with the consensus operating procedure.

Abstract: A dispersed storage (DS) processing module sends a plurality of undecodeable portions of a plurality of data files via a public wireless communication network to one or more targeted devices of a private wireless communication network. The DS processing module continues processing by sending data content indicators regarding the plurality of data files and in response to a selection of a data file of the plurality of data files based on a corresponding one of the data content indicators, sending, via the private wireless communication network, one or more encoded data slices of each of one or more sets of encoded data slices of the data file such that, for each of the one or more sets of encoded data slices, the one or more targeted devices obtains at least a decode threshold number of encoded data slices to decode the data file.

Abstract: Systems and methods for performing intra-zone and inter-zone security management in a network are provided. According to one embodiment, an association is formed by a network security device between a first zone including a first set of devices and a first set of security policies defining a first type of security scanning to be performed on packets originated within the first zone and between a second zone including a second set of devices and a second set of security policies defining a second type of security scanning to be performed on packets originated within the second zone. A first zone packet is received by the network security device. It is determined whether the destination is within the first zone. If so, then the first type of security scanning is performed. A second zone packet is received by the network security device. It is determined whether the destination is within the second zone. If so, then the second type of security scanning is performed.

Abstract: Disclosed is a system for escalating security protocol requirements. The system typically includes a processor, a memory, and a security protocol module stored in the memory.

Abstract: In one general aspect, a method can include receiving, by an application running on a computing device, an indication that a user of the computing device has been authenticated, and receiving a selection of a settings page, the settings page associated with the application and the user. The method can further include requesting the settings page for display on a display device included in the computing device, and receiving the settings page including a value for a preference for a setting included on the settings page, the value for the preference being signed by a private key associated with the user. The method can further include validating, by the application, the value for the preference using a public key associated with the application, and based on the validation, displaying, by the display device, the settings page including an indication of the value of the preference for the setting.

Abstract: Provided is a method for managing a software defined network using a software control layer to regulate a geo-fenced volume. The software control layer can use a Global Positioning System (GPS) including a range of latitudes, a range of longitudes and a range of altitudes. A resource within the geo-fenced volume can be assigned a location using the GPS coordinates. The resource can be managed by external applications that are operating through the software control layer. To determine an access of a device to the geo-fenced volume, the GPS coordinates, are gathered as a geographical location of the device. A user profile can be accessed to determine an access path of the user. Depending on the geographical location of the device a first condition can be generated based on the device being within the geo-fenced volume. A network permission can be granted to the device based on the first condition.

Abstract: An apparatus, method, and system for curtailing and investigating software piracy is provided. The method includes spawning user applications on a computer without use of a file on the file system. A protected application data source is retrieved by an operating system of the computer from a server and placed into a portion of memory not accessible by at least one application. The operating system also prevents the protected application data source from being written to the file system. In this manner there is no file subject to unauthorized distribution. The protected application data may also be watermarked by ordering at least one of executable functions, function call parameters, and program data according to a license identifier so that any two versions execute the same, but carry an identifier which can be used to trace piracy to the source.

Abstract: Techniques provided herein may facilitate registering audio content services with an audio system. An example technique involves a computing device receiving via a control interface for controlling an audio system, an input to register an audio content service with the audio system, where an audio content service application corresponding to the audio content service is installed on the computing device. The computing device identifies authentication information used by the audio content service application to access the audio content service and registers the audio system with the audio content service based at least in part on authentication information used by the audio content service application to access the audio content service. After registering the audio system with the audio content service, the computing device causes at least one playback device of the audio system to stream music from the audio content service.

Abstract: A computer generates a third encrypted polynomial that corresponds to a result of encrypting a third polynomial by use of a result of multiplying a first encrypted polynomial by a second encrypted polynomial, and outputs cryptographic information that represents the third encrypted polynomial. The first encrypted polynomial is a polynomial obtained by encrypting a first polynomial that corresponds to a first vector, and the second encrypted polynomial is a polynomial obtained by encrypting a second polynomial that corresponds to a second vector. The third polynomial includes a first term that has a coefficient based on an inner product of the first vector and the second vector and a second term other than the first term, in which a coefficient of the second term is masked.

Abstract: Provided is a method for managing a software defined network using a software control layer to regulate a geo-fenced volume. The software control layer can use a Global Positioning System (GPS) including a range of latitudes, a range of longitudes and a range of altitudes. A resource within the geo-fenced volume can be assigned a location using the GPS coordinates. The resource can be managed by external applications that are operating through the software control layer. To determine an access of a device to the geo-fenced volume, the GPS coordinates, are gathered as a geographical location of the device. A user profile can be accessed to determine an access path of the user. Depending on the geographical location of the device a first condition can be generated based on the device being within the geo-fenced volume. A network permission can be granted to the device based on the first condition.

Abstract: A virtual computing environment service may receive a request from a customer to provision a virtual computing environment and join the virtual computing environment to a managed directory. The virtual computing environment service may provision the virtual computing environment and uses a set of administrator credentials from the customer and a set of credentials corresponding to the environment to access the managed directory and request joining of the environment to the managed directory. In response, the managed directory may create a computer account corresponding to the environment and which enables the environment to be used to access the managed directory. The virtual computing environment service may then enable the customer to specify one or more users that may utilize the virtual computing environment to access the managed directory.

Abstract: Systems and methods for authenticating the identity of a user prior to giving access to confidential data at a user interface via a network are described. In an exemplary implementation in an Internet environment, a server hosts an application providing selective access by the user to confidential data related to the user. The user provides initial data to the application as part of a request to access the confidential data. At least one database having the confidential data stored therein is accessed by the server to retrieve confidential data relating to the user located in the database based on the initial data received from the client interface. An exam creation function causes the server to create an exam comprising at least one question based at least in part on a portion of the confidential data relating to the user. This function creates the exam based on at least one exam definition.

Abstract: A method and system for authenticating of the pairing of computing devices is described. In an example, a passphrase is established on computing devices. The pairing between two devices is initiated by a first device by communicating independently generated data, wherein the generated data is used along with the passphrase on each of the devices to derive a common pairing key. The pairing is authenticated by using at least a first portion of the common pairing key through a key exchange protocol. Further, a shared secret code is derived using a second portion of the common pairing key and stored to be used indirectly to secure future communication between the paired devices.

Abstract: A computing device executes one or more trusted execution environment (TEE) processes in a TEE of a processor. The one or more TEE processes cryptographically protect a secret and a policy. The policy specifies a plurality of conditions on usage of the secret. A particular non-TEE process generates a request whose fulfillment involves an action requiring use of the secret. Responsive to the request, one or more non-TEE processes determine whether a first subset of the plurality of conditions is satisfied. Responsive to the first subset of the plurality of conditions being satisfied, the one or more TEE processes determine that a second, different subset of the plurality of conditions is satisfied. Responsive to determining the second subset of the plurality of conditions is satisfied, the one or more TEE processes use the secret to perform the action.

Abstract: A cloud service usage assessment system analyzes network traffic from an enterprise data network and generates cloud service usage analytics for the enterprise. In some embodiments, the cloud service usage analytics may include cloud service usage risk assessment. The cloud service usage assessment system is advantageous applied to assess network security in view of an enterprise's adoption of multiple cloud based services.

Abstract: A privileged account management system can maintain a database that defines a normal amount of time that it takes to perform a task associated with a reason code. When an administrator requests admin credentials for accessing a server, the administrator can provide a reason code which defines a task that the administrator intends to accomplish. A PAM system can maintain a database that defines, for each reason code, a normal amount of time that is required to accomplish the task associated with the reason code. The PAM system can then monitor an elapsed time over which the admin credentials are checked out to an administrator to determine whether the elapsed time exceeds the corresponding normal amount of time. If the elapsed time exceeds the normal amount, the PAM system can take appropriate action to mitigate any potential harm to the server.

Abstract: Techniques from the proposed invention relate to providing enhanced security. For example, techniques described herein allow a computer system, such as a mobile device, to support a wide variety of security functions and security sensitive applications on a mobile device by providing enhanced security via secure input and output data transmission and verification through a secure module. The secure module may cause user interfaces to be provided to users by providing obfuscated user interface data to the operating system that do not reveal elements that are part of the user interfaces. The secure module may receive obfuscated user input values representing user input values, and de-obfuscate these user input values, whereby the actual input values are not exposed to the underlying operating system. The secure module may track the flow of user input/output data through the computing device to ensure the integrity and authenticity of this data.