Abstract: For storing data in a data-storage structure of a server computer, an infrastructure is deployed to a server computer. The infrastructure has a forwarder module to receive data from an application and to identify a data portion, a crypto module to encrypt the data portion with a key and key control module adapted to generate and to store the key. The infrastructure is also able to process data in the opposite direction. The key is provided into the key control module upon receiving a key trigger from the client computer.
Abstract: An MFP sets an access condition for an external device with respect to a cloud box. The access condition is transmitted from the MFP to a relay device, and is registered in a memory of the relay device. When the relay device receives an access request made by the external device with respect to the MFP serving as an internal device, the relay device determines whether to permit or deny access to the MFP by comparing the access request with the access condition. When the access is permitted, the access request is transferred from the relay device to the MFP, whereas when the access is denied, the relay device notifies the external device of it.
Abstract: A method for controlling access security at a vehicle gateway of a vehicle including at least one control unit in communication with the vehicle gateway includes: receiving a certificate from a diagnosis device; recognizing a rating of the certificate; and performing at least one of an integrity checking process and a security key authorization process according to the rating of the certificate to determine whether the diagnosis device is allowed to access to the vehicle.
Abstract: A security application manages security and reliability of networked applications executing collection of interacting computing elements within a distributed computing architecture. The security application monitors various classes of resources utilized by the collection of nodes within the distributed computing architecture and determine whether utilization of a class of resources is approaching a pre-determined maximum limit. The security application performs a vulnerability scan of a networked application to determine whether the networked application is prone to a risk of intentional or inadvertent breach by an external application. The security application scans a distributed computing architecture for the existence of access control lists (ACLs), and stores ACL configurations and configuration changes in a database.
Type:
Grant
Filed:
May 4, 2015
Date of Patent:
April 24, 2018
Assignee:
NETFLIX, INC.
Inventors:
Ariel Tseitlin, Roy Rapoport, Jason Chan
Abstract: In an example, a DHN (DHN) is provided for enabling grantees to access digitally-controlled assets of a principal. The principal (level 0) establishes a digital testament (DT), identifying one or more grantees on levels 1-n. Each grantee receives a digital heritage certificate (DHC), which may be based on the PKI certificate definition. The DHC includes a “PREDECESSORS” field, identifying one or more predecessor certificates that must be revoked before the DHC is valid. All grantee DHCs have the principal's level 0, DHC as a predecessor certificate. Level n certificates may also be valid only if all certificates at level n?1, have been revoked. In practice, a DHC may be revoked when a user of the certificate passes away, so that nth generation grantees inherit only when generation n?1, has passed away.
Type:
Grant
Filed:
December 23, 2014
Date of Patent:
April 17, 2018
Assignee:
McAfee, LLC
Inventors:
Alex Nayshtut, Oleg Pogorelik, Avishay Sharaga, Ned M. Smith, Igor Muttik
Abstract: In a system for facilitating distributed security and vulnerability testing of a software application, each development sandbox in a set of sandboxes receives a portion of the entire application, and the received portion may be tested based on an application-level security policy to obtain a pass/fail result. The portion of the application corresponding to a certain sandbox may be modified and rescanned (i.e., retested) until the modifications, i.e., development achieves functional and quality requirements, and a pass result is obtained. Thereafter, the scan results are promoted to a policy sandbox, where a compliance result for the entire software application can be obtained based on, at least in part, the promoted results. Other sandboxes may also perform their respective pass/fail testing using the promoted results, thus minimizing the need for synchronizing the code changes in different sandboxes before testing for security policy in any sandbox and/or during application-level scanning.
Abstract: An identity selector manages the identity requirements of an online interaction between a user and a service provider environment. The identity selector is adapted for interoperable use with a user-portable computing device. The user device enables a user to carry identification information and to generate security tokens for use in authenticating the user to a service provider. The identity selector includes an agent module that facilitates communication with the user device. The identity selector imports the user identities from the user device and determines which user identities satisfy a security policy of a relying party. After the user selects one of the eligible user identities, the identity selector generates a token request based on the selected identity and forwards it to the user device, which in response issues a security token. The security token is returned to the identity selector and used to facilitate the authentication process.
Abstract: A system and method adjusts the viewing angle of a display based on user input and/or automatically based on content and/or detected viewers. The viewing angle changes may be limited to certain portions of the display or the whole display. The system and method may change viewing angles in different direction separately and independently.
Abstract: A mobile terminal including a display unit; a fingerprint sensing unit; a memory configured to store fingerprint information; and a controller configured to receive a first fingerprint input via the fingerprint sensing unit for displaying content requiring user authentication, compare the first fingerprint input with the stored fingerprint information, output fingerprint authentication feedback indicating the first fingerprint input is insufficient for displaying the content requiring user authentication, in response to the first fingerprint input matching with the stored fingerprint information within a first predetermined range but less than a second predetermined range greater than the first predetermined range, receive a second fingerprint input via the fingerprint sensing unit, compare the second fingerprint input with the stored fingerprint information, and display the content requiring the user authentication in response to the second fingerprint input matching with the stored fingerprint information w
Abstract: Techniques are presented that identify malware network communications between a computing device and a server utilizing a detector process. Network traffic records are classified as either malware or legitimate network traffic records and divided into groups of classified network traffic records associated with network communications between the computing device and the server for a predetermined period of time. A group of classified network traffic records is labeled as malicious when at least one of the classified network traffic records in the group is malicious and as legitimate when none of the classified network traffic records in the group is malicious to obtain a labeled group of classified network traffic records. A detector process is trained on individual classified network traffic records in the labeled group of classified network traffic records and network communication between the computing device and the server is identified as malware network communication utilizing the detector process.
Type:
Grant
Filed:
December 4, 2015
Date of Patent:
March 20, 2018
Assignee:
Cisco Technology, Inc.
Inventors:
Vojtech Franc, Michal Sofka, Karel Bartos
Abstract: Maintaining cryptoprocessor types in a multinode system includes receiving a selection of a cryptoprocessor type; identifying, within a multinode system, a node having a cryptoprocessor of the selected cryptoprocessor type; and designating the node having the cryptoprocessor of the selected cryptoprocessor type as a primary node for the multimode system.
Abstract: The present embodiments describe methods and systems for intercepting unauthorized communications in a controlled-environment facility. Unauthorized communications may originate from contraband cell phones, for example. In an embodiment, attempted communications from the contraband communication device are intercepted by the facility communication systems. The attempted communication may or may not be connected or completed, depending upon facility rules, policies, and regulations.
Abstract: Memory encryption engine (MEE) integration technologies are described. A MEE system may include a MEE interface and a MEE core. The MEE interface may receive a data from an arbiter, where the data is selected by the arbiter from data at memory link queues. The MEE interface may adjust a timing rate to send the data to match a timing of a MEE core. The MEE core may be coupled to the MEE interface and may receive the data from the MEE interface.
Type:
Grant
Filed:
November 22, 2016
Date of Patent:
March 6, 2018
Assignee:
Intel Corporation
Inventors:
Siddhartha Chhabra, Uday R. Savagaonkar, Men Long, Edgar Borrayo, Alpa T. Narendra Trivedi, Carlos Ornelas
Abstract: A configurable load balancer can be utilized in a multi-tenant environment, where the load balancer can incorporate, or utilize, an account management service operable to perform security tasks such as authentication, authorization, and session management. Customers can utilize the load balancer to control access that users have to resources associated with those customers, without having to build and maintain a dedicated user management system. By implementing security functionality at the load balancer level, traffic can be managed before reaching the resources, which can help to reduce traffic and load on the resources, and can also help to prevent attacks and secure sensitive information. Visibility into the traffic through the load balancer also allows for behavior and usage monitoring, which is helpful for tasks such as billing and usage limit enforcement.
Abstract: A method of improving the efficiency of an encryption/decryption process implementing the NIST FIPS 197 standard which includes a substitution box (S-box) and an inverse substitution (inverse S-box), comprises concatenating the S-box and inverse S-box to form a combined lookup table, and folding the concatenated table to generate a folded lookup table. The folded lookup table may be indexed for an encryption operation and for a decryption operation using a signal indicative of whether encryption or decryption is used.
Abstract: An information processing apparatus includes a storage device configured to store data, an encryption chip configured to store an encryption key therein, a nonvolatile memory configured to store a backup encryption key, and a control unit configured to confirm whether the data stored in the storage device has been correctly decrypted by using the encryption key, and when the data has not been correctly decrypted, restore the backup encryption key to the encryption chip, and when the data has been correctly decrypted, back up the backup encryption key, which is a backup of the encryption key, stored in the encryption chip into the nonvolatile memory.
Abstract: An video receiving apparatus which reduces waiting time till image is displayed on a monitor include: a plurality of authentication executing units which perform respectively an authentication process to the external devices connected to each of the plurality of input terminals; a terminal selecting unit which selects one of the plurality of input terminals as a video input terminal based on an operation input from outside; an video receiving unit which receives the video information through one of the authentication executing units corresponding to the selected input terminal from the external devices connected through the selected input terminal; and a display control unit which outputs the received video information to a monitor.
Abstract: A processing device is to determine that a module, executed from a memory by the processing device, is an initialized module in view of the module previously opening a first database. The processing device is to create a slot to open a second database using the initialized module.
Abstract: Generally discussed herein are systems, devices, and methods for malware analysis lab isolation. A system can include a malware analysis zone LAN in which malware analysis is performed, a separation zone LAN communicatively connected to the malware analysis zone LAN, the separation zone LAN providing access control to manage communication of data between other LANs of the plurality of LANs, an analyst zone LAN communicatively connected to the separation zone LAN, and a remote access zone LAN communicatively connected to the separation zone LAN, the remote access zone LAN providing a user LAN with results from the malware analysis zone LAN and the analyst zone LAN and providing an item for malware analysis by the malware analysis zone LAN.
Type:
Grant
Filed:
December 4, 2015
Date of Patent:
January 23, 2018
Assignee:
Raytheon Company
Inventors:
Monty D. McDougal, Eric G. Dodge, Julian A. Zottl
Abstract: A communication method of hiding privacy information and a system thereof are provided. The method comprises following steps: performing an identification unit generating program to generate a master identification unit and a slave identification unit; storing a first identification code and a second identification code to a communication server; adding the first identification code into a first communication program of a first mobile device by detecting the master identification unit; adding the second identification code into a second communication program of a second mobile device by detecting the slave identification unit; executing the second communication program to transmit a communication request to the communication server; and the first identification code and the second identification code are utilized by the communication server to establish a communication link from the second communication program to the first communication program.