Abstract: A computer-implemented method includes retrieving, by one or more processing devices and from one or more data repositories, user information; generating, based on the retrieved user information, a digital personal profile that is a composite of a set of pre-defined attributes; determining an aggregate strength of values of the set of pre-defined attributes in the digital personal profile; and generating, based on the determined aggregate strength, a digital security score that measures a level of online security of accessing resources over a computer network.

Abstract: A mapping engine may be used to determine an attack model enumerating software attacks, the software attacks being represented by linked attack components, and may be used to determine a software architecture to be tested, the software architecture being represented by linked architectural components in an architecture diagram. The mapping engine may then associate each attack component and each architectural component with at least one attack tag characterizing attack requirements. A global test plan generator may be used to determine an attack test model, including associating attack components with corresponding architectural components, based on associated attack tags, and may thus generate attack test workflows from the attack test model, to thereby test the software architecture.

Abstract: A system and method for managing a user access to a device can include detecting a first language and a second language the user uses on the device, based on information from other applications running on the device or a user profile on the device; prompting the user to setup multiple security questions using multiple languages; receiving a first question in a third language from the user, wherein the user decides the first question and the third language; receiving, a first answer to the first question from the user, wherein the first answer is provided in a fourth language chosen by the user and different from the third language; receiving a second question in a fifth language from the user, wherein the user decides the second question and the fifth language; receiving a second answer to the second question from the user, wherein the second answer is provided in a sixth language chosen by the user and different from the fifth language; and storing the first question, the second question, the first answer, a

Abstract: Technologies for monitoring system API calls include a computing device with hardware virtualization support. The computing device establishes a default memory view and a security memory view to define physical memory maps and permissions. The computing device executes an application in the default memory view and executes a default inline hook in response to a call to an API function. The default inline hook switches to the security memory view using hardware support without causing a virtual machine exit. The security inline hook calls a security callback function to validate the API function call in the security memory view. Hook-skipping attacks may be prevented by padding the default inline hook with no-operation instructions, by designating memory pages of the API function as non-executable in the default memory view, or by designating memory pages of the application as non-executable in the security memory view. Other embodiments are described and claimed.

Abstract: According to one embodiment, a transparent security gateway is coupled between a client end station (CES) and a web application server (WAS). The security gateway monitors an encryption protocol handshake between the CES and the WAS to capture, using a provided private key of the WAS, a generated symmetric key to be used for an encryption layer connection. Using the captured symmetric key, the security gateway receives an encrypted connection record of the encryption layer connection, decrypts the encrypted connection record to yield a plaintext connection record, modifies the plaintext connection record, encrypts the modified plaintext connection record using the symmetric key, and transmits one or more packets carrying the encrypted modification plaintext connection record instead of the received encrypted connection record such that neither the CES or WAS is aware of the modification of the encrypted data.

Abstract: A method implements searchable encryption of cloud stored data by appending tokenized keywords to an encrypted file destined for a cloud storage service. In some embodiments, the tokenized keywords are appended to the header of the encrypted file. Searching of cloud-stored encrypted files using the native search capability of the cloud storage service is then possible by performing the search using the tokenized keywords. In alternate embodiments of the present invention, a method enables searching of cloud stored encrypted file using a cloud search appliance.

Abstract: The monetization of downloadable files associated with a custodial host site based on resolving custodianship to a referrer publisher with subsequent presentation of monetized content within a modal overlay is disclosed. A request from a client device has a resource identifier and a referrer publisher identifier. The request for the downloadable file is evaluated against one or more publisher and custodianship policy rules, which relate to a file extension of the downloadable file, a format of the resource identifier, a custodial domain on which the downloadable file is stored, and a referral domain as specified in the referrer publisher identifier. When custodianship is resolved, a modal overlay on which monetized content is incorporated is presented on the client device. The modal overlay is concurrently displayed with the transfer of the downloadable file to the client device.

Abstract: Techniques provided herein may facilitate set-up of an audio system with audio content services that have been previously registered on a second system. An example technique involves a computing device maintaining data representing a list of audio services from which an audio system can receive streaming music and data indicating that a first audio service is registered with the audio system. The device receives data indicating a second audio service added to the list of audio services. An application on the computing device may be configured to receive streaming music from the second audio service using particular authentication information. The device causes display of a graphical representation of the second service indicating that the particular authentication information is available from the application. The device may detect a selection of the second service and cause the audio system to receive streaming music from the second service using the particular authentication information.

Abstract: Authentication data may be generated and included in a Constrained Application Protocol (CoAP) message communicated from a first computer system for delivery to a second computer system. The authentication data may allow the second computer system to perform message validation for verifying the authenticity of the first computer system and/or the integrity of the CoAP message. And in one embodiment, where the CoAP message includes a nonce, security can be improved by allowing the second computer system to advantageously detect and/or act on a replay attack.

Abstract: Authentication data may be generated and included in a Constrained Application Protocol (CoAP) message communicated from a first computer system for delivery to a second computer system. The authentication data may allow the second computer system to perform message validation for verifying the authenticity of the first computer system and/or the integrity of the CoAP message. And in one embodiment, where the CoAP message includes a nonce, security can be improved by allowing the second computer system to advantageously detect and/or act on a replay attack.

Abstract: Controlling access to customer data. A customer service agent is provided with indirect access to customer data through an intermediate computer such that it is not necessary for the customer service agent to ask questions about the received customer data or receive such data from the customer directly. Secure data access can be used to validate customers and streamline customer interaction and discussions with customer service agents since many questions a customer service agent may ask a customer directly during a discussion are already answered and known to the customer service agent before the customer speaks with the customer service agent. The customer can select which merchants receive customer data, and customer data can be entered manually or acquired by processing images of customer documents or cards such as personal identification or account cards containing information to be used during customer service discussions.

Abstract: An encryption key management system and method implements enterprise managed encryption key for an enterprise using encryption for cloud-based services. In some embodiments, the enterprise deploys a key agent on the enterprise data network to distribute encryption key material to the network intermediary on a periodic basis. The network intermediary receives the encryption key material from the enterprise and stores the encryption key material in temporary storage and uses the received encryption key material to derive a data encryption key to perform the encryption of the enterprise's data. In this manner, the enterprise can be provided with the added security assurance of maintaining and managing its own encryption key while using cloud-based data storage services. The encryption key management system and method can be applied to ensure that the enterprise's one or more encryption keys do not leave the enterprise's premises.

Abstract: Devices and methods for authenticating a user of a mobile computing device to a content server include establishing a communication session between a target computing device and the content server that is identified by a session ID. The target computing device generates a pairing token using the session ID, which pairing token may be a two-dimensional bar code such as a quick response (“QR”) code, and presents the pairing token to the mobile computing device. The mobile computing device captures the pairing token and authenticates the user of the mobile computing device to an authentication server. The target computing device receives an authentication token from the authentication server in response to the mobile computing device successfully authenticating the user to the authentication server. The target computing device accesses content on the content server using the authentication token. Other embodiments are described and claimed.

Abstract: Concepts and technologies disclosed herein are for monitoring operational activities in networks and detecting potential network intrusions and misuses. According to one aspect disclosed herein, an intrusion detection system can collect logs from an authentication, authorization, and accounting system. The intrusion detection system can extract information from the logs, update intrusion detection information utilized by an intrusion detection rule based upon the information extracted from the logs, update a profile utilized by the intrusion detection rule, compare the profile and the intrusion detection rule against a running state of an on-going session, tag corresponding log entries with a threat score, calculate the threat scores from the corresponding log entries to create an aggregated threat score, and present the aggregated threat score. The intrusion detection system can also present an alarm if the aggregated threat score triggers an alarm condition.

Abstract: A method begins by a dispersed storage (DS) processing module sending a plurality of undecodeable portions of a plurality of data files via a public wireless communication network to one or more targeted devices of a private wireless communication network. The method continues with the DS processing module sending data content indicators regarding the plurality of data files and in response to a selection of a data file of the plurality of data files based on a corresponding one of the data content indicators, sending, via the private wireless communication network, one or more encoded data slices of each of one or more sets of encoded data slices of the data file such that, for each of the one or more sets of encoded data slices, the one or more targeted devices obtains at least a decode threshold number of encoded data slices to decode the data file.

Abstract: Embodiments of the present invention provide a method and device for data confidentiality protection based on an embedded universal integrated circuit card. An embodiment method includes determining that a terminal device is not held by an authorized user; setting an eUICC in the terminal device to an unavailable state; and instructing the eUICC to perform confidentiality protection processing on data in the eUICC.

Abstract: Embodiments of the present application relate to a method for data communication, a system for data communication, and a computer program product for data communication. A method for data communication is provided. The method includes identifying one or more first users located within a present range of a location of a second user, comparing an authorization code with one or more exchange codes pre-allocated to the one or more first users, and verifying validity of the authorization code, and in the event that, among the one or more exchange codes of the one or more first users within a definite range of the second user location, an exchange code matching the authorization code of the second user exists, and the authorization code of the second user is determined to be valid, performing a data exchange between the second user and the first user.

Abstract: Embodiments include apparatuses, methods, and systems for generation of an encryption key. In various embodiments, an authentication circuit may include a first bank of spin-torque nano-oscillators (STNOs) including a plurality of STNOs to generate respective oscillation signals and a second bank of STNOs including a plurality of STNOs to generate respective oscillation signals. The authentication circuit may further include a key generation circuit to select a first oscillation signal from the plurality of oscillation signals associated with the first bank of STNOs and a second oscillation signal from the plurality of oscillation signals associated with the second bank of STNOs. The key generation circuit may generate an encryption key based on a frequency of the first oscillation signal and a frequency of the second oscillation signal.

Abstract: In response to a request for launching an application within an operating system of a data processing system, one or more extended entitlements are extracted from the application, where the one or more extended entitlements specify one or more resources the application is entitled to access. One or more security profile extensions corresponding to the one or more extended entitlements are dynamically generated. A security profile specifically for the application is created based on the one or more security profile extensions and a base security profile that has been previously compiled, where the base security profile specifies a list of a plurality of base resources. The application is then launched in a sandboxed operating environment that is configured based on the security profile specifically generated for the application.

Abstract: A source of the particular security event is identified that is associated with at least one second computing device, at least one of a geographic location, and a grouping of assets included in the plurality of asset groupings. A graphical representation of the particular security event is presented on a display device that includes: a first graphical element representing the particular grouping of network assets in which the particular computing device is included, and a second graphical element representing the source associated with one of a geographic location and a particular grouping of assets. Graphic elements representing an association with a respective graphical location are to be presented in conjunction with a view of a geographic map and graphic elements representing an association with a respective grouping of assets are presented outside the view of the geographic map.