Abstract: A data segment is encrypted to produce an encrypted data segment. The encrypted data segment is dispersed storage error encoded to produce a set of encoded data slices. Auxiliary data is dispersed storage error encoded to produce a set of encoded auxiliary data slices. A sequence of output slices is generated to obscure the set of encoded data slices by interspersing the set of encoded auxiliary data slices within the set of encoded data slices.

Abstract: A method and system for activating malicious actions within electronic documents is described. In one embodiment, the method may include receiving, by a processor of a computing device, the electronic document; identifying, by the processor, an object embedded within the electronic document; identifying, by the processor, an action associated with execution of the object; executing, by the processor, the action within a context of rules associated with the object; identifying, by the processor, at least one behavior that results from execution of the action; and determining, by the processor, an existence of at least one malicious element from the identified behavior.

Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to determine a valid target address for a branch instruction from information stored in a relocation table, a linkage table, or both, the relocation table and the linkage table associated with a binary file and store the valid target address in a table in memory, the valid target address to validate a target address for a translated portion of a routine of the binary file.

Abstract: A cryptographic ASIC and method for autonomously storing a unique internal identifier into a one-time programmable memory in isolation by a foundry. The identifier may be determined by calculating a transformed hash of a predetermined input, and may serve as a cryptographically defined and verifiable CpuID for a particular ASIC instance. The CpuID may be derived from an input based on a manufacture date, a wafer lot number, a wafer number, row and column coordinates for a die on a wafer, or other foundry-defined data. The CpuID enables a given ASIC instance to be securely and remotely identified across an untrusted network, and to serve as a specified processor that originates an information stream or a message. The ASIC need not always perform high-speed calculations and so may be relatively simple and inexpensive, and in one embodiment serves as a secure data administrator that manages subscriptions and software updates.

Abstract: A system and method for sharing electronic content. A sending user can specify one or more criteria that a recipient memory device must have to store the content. The sending user can also specify a digital rights management control that can be associated with the content. The content can be transferred to the recipient if the recipient memory device has the specified properties. Software at the recipient can ensure that the content is handled in accordance with the digital rights management controls specified by the sender.

Abstract: Techniques are disclosed to modify the authentication level of a session providing access to resources. In some embodiments, an access management system is configurable to enable voluntary (e.g., request by a user) or involuntary (e.g., by the access management system) reduce, or “step-down” the authentication level for a session if a lower authentication level exists. For example, an access management system may be configured to enable a user to request a step-down of the authentication level of a session to prevent access to resources at a higher authentication level. By reducing the authentication level to a lower authentication level, a user may be prompted to provide credentials for authentication according to the authentication schemes defined for higher authentication levels. These techniques can reduce, if not prevent, unauthorized access to protected resources by challenging a user for credentials to authenticate to higher authentication levels.

Abstract: An information processing apparatus manages a plurality of content items, keywords associated with the plurality of content items respectively, and authorities set to associations between the keywords and the content items, obtains a keyword and identification information of a user, input by an operation of the user, searches for a content item associated with the input keyword among the managed plurality of content items, and decides whether the searched content item should be provided to the user or whether provision should be restricted, based on identification information of the user and an authority set for an association between the input keyword and the searched content item.

Abstract: For storing data in a data-storage structure of a server computer, an infrastructure is deployed to a server computer. The infrastructure has a forwarder module to receive data from an application and to identify a data portion, a crypto module to encrypt the data portion with a key and key control module adapted to generate and to store the key. The infrastructure is also able to process data in the opposite direction. The key is provided into the key control module upon receiving a key trigger from the client computer.

Abstract: Examples are provided for device access control. In one example, a computing device to which access is controlled includes a display device for presenting a user interface, a processor, and a storage device storing instructions executable by the processor to, for each of a threshold number of rounds, display a plurality of candidate regions, each candidate region including a plurality of candidate authentication objects, and receive input indicating a device access control response. After performing the threshold number of rounds, the device may selectively allow access based on a number of rounds that included a successful input (e.g., selecting a candidate region that includes an object from an access code).

Abstract: Techniques are described for metadata processing that can be used to encode an arbitrary number of security policies for code running on a processor. Metadata may be added to every word in the system and a metadata processing unit may be used that works in parallel with data flow to enforce an arbitrary set of policies. In one aspect, the metadata may be characterized as unbounded and software programmable to be applicable to a wide range of metadata processing policies. Techniques and policies have a wide range of uses including, for example, safety, security, and synchronization. Additionally, described are aspects and techniques in connection with metadata processing in an embodiment based on the RISC-V architecture.

Abstract: Apparatuses, systems, methods, and program products are disclosed for transaction based networks security. A data module determines a set of data that is common between a first device and a second device. A key module generates, on a first device, a communication key based on a set of data. A message module secures a message sent to a second device from a first device with a communication key. A second device accepts a message in response to a communication key matching a corresponding communication key generated on the second device.

Abstract: A system and a method for communicating over a Bluetooth Low Energy (BLE) connection in a vehicle. The method includes the steps of: establishing a Bluetooth Low Energy (BLE) connection between a mobile device and a BLE system in the vehicle, wherein the establishing step includes receiving first credentials of the mobile device at the BLE system; providing second credentials to the mobile device from the vehicle, wherein the second credentials are different than the first credentials; and receiving a message from the mobile device that is encrypted using the first and second credentials.

Abstract: An electronic device is provided. The electronic device includes a memory configured to store at least one application, a communication module configured to establish a connection between the electronic device and an external electronic device, and a processor configured to drive the at least one application, divide data executable by the at least one application into a first file and a second file, store the first file in the memory, and transmit the second file to the external electronic device through the communication module for storing the second file in the external electronic device.

Abstract: A method includes: receiving a request regarding access by a first computing device (e.g., a mobile device of a user) to a service; in response to the request, performing, by a second computing device (e.g., a device risk evaluation server, or a server of an identity provider), an evaluation of the first computing device; and performing, by the second computing device, an action (e.g., authorizing access to the service) based on the evaluation.

Abstract: One or more processors receive information regarding a program module that includes a description of a function, license terms, and non-functional properties of the program module. The license terms, the description of function, and the non-functional properties of the program module are identified, based on an analysis of the information. An object of interest of each license term of the license terms is determined, such that the object of interest is directed to a condition influencing license term compliance. Rules corresponding to compliance of the one or more license terms of the program module are determined, and the analyzed information of the program module is stored in a meta-model format organized into categories including the description of function, the one or more license terms, and the non-functional properties of the program module, utilizing standardized syntax and semantics.

Abstract: Attributes of a session, between a source device and a verification device, for sending first verification data, such as a password and an account identifier, are determined. The verification device generates user device data based on an identifier, such as a mobile device number (MDN), for a user device associated with the account identifier. An identifier, such as an MDN, associated with the source device and an encryption key associated with the verification device are determined based on session attributes. Second verification data is generated based on the identifier associated with the source device. The second verification data is encrypted using the encryption key and forwarded to the verification device. The verification device decrypts the second verification data and compares the identifier for the user device to the identifier for the source device to determine whether the first verification data was sent from the user device.

Abstract: Systems and methods for conducting convenient and secure mobile transactions between a payment terminal and a mobile device, e.g., in a fueling environment, are disclosed herein. In some embodiments, the payment terminal and the mobile device conduct a mutual authentication process that, if successful, produces a session key which can be used to encrypt sensitive data to be exchanged between the payment terminal and the mobile device. Payment and loyalty information can be securely communicated from the mobile device to the payment terminal using the session key. This can be done automatically, without waiting for the user to initiate a transaction, to shorten the overall transaction time. The transaction can also be completed without any user interaction with the mobile device, increasing the user's convenience since the mobile device can be left in the user's pocket, purse, vehicle, etc.

Abstract: An authentication system may receive a request signature corresponding to a user request to view secure user information on a user device and generate a server-side signature matching the request signature to authenticate the user device to receive the secure user information without authenticating the user. The request signature may include a device identifier corresponding to the device, a token code generated by the authentication system and stored by the user device, a timestamp corresponding to the transmission time of the request signature, and a version of the device identifier, the token code, and the timestamp encrypted using a signature key provided to the user device by the authentication system. The authentication system may generate the server-side signature using the timestamp and stored copies of the device identifier, the token code, and the signature key.

Abstract: Systems and methods are described that use cryptographic techniques to improve the security of applications executing in a potentially untrusted environment associated with a software application. Embodiments of the disclosed systems and methods may, among other things, facilitate cryptographic operations within an execution environment associated with browser software of a client system while maintaining security of cryptographic keys imported into the environment. As the security of keys is maintained in an execution environment implementing embodiments of the disclosed systems and methods, users and/or systems may be more willing to consign their keys for use in connection with cryptographic operations performed in such environments.

Abstract: Temporal key generation devices and methods are described. One such device of a first domain receives a “seed” to generate a private key associated with a public key for use in a second domain. The device uses the private key in cryptographic operations with the second domain. When the device loses power or is no longer connected to the second domain, the private key may be erased or no longer stored on the device.