Abstract: A computing device includes a network interface, a storage controller, a sharing tool and a protection service. The network interface communicatively couples the computing device to one or more computing devices. The storage controller is configured to access a plurality of digital payloads. Each of the digital payloads is associated with a plurality of access tags including content tags and context tags. The sharing tool is configured to share, with a recipient computing device via the network interface, a selected digital payload. The protection service configured to automatically control sharing of the selected digital payload with the recipient computing device based on determining that a prospective recipient associated with the recipient computing device has a work designation or a personal designation that is inconsistent with one or both of a context indicated by the context tags and a content indicated by the content tags.

Abstract: Computer and communications systems and methods are provided in which a first computing system sends a second computing system a message and an associated deep-string and the second computing system applies a key of a cryptographic system or a one-way function to the deep-string to determine the deep-string's deep-string-depth. The second computing device then uses the determined deep-string-depth in determining subsequent behavior regarding the message. In some environments, a third computing device may generate and provide deep-strings of various deep-string-depths to the first computing device to ensure more favorable behavior of the second computing device.

Abstract: A customer initiated password reset system resets user passwords on a variety of network entities, such as internal systems, allowing simultaneous reset with a minimum number of user specified passwords that nonetheless satisfy the password specifications of these internal systems. Thereby, the user avoids the tedium of logging into each of these systems, changing their password, logging out, etc., for each system with the likelihood of creating unique passwords for each system that have to be remembered. By further incorporating a score metric based upon how many character sets are touched, a required degree of complexity can be measured and enforced against the password specifications. Advantageously, a table-based approach to enforcing password reset against the multiple password specifications facilitates making and fielding updates.

Abstract: One or more processors receive, from one or more social-network sources, social-network data that identifies at least one potentially malicious source accessing a plurality of social-network profiles for a group of users. The one or more processors receive, from one or more e-mail servers, e-mail data associated with a plurality of e-mail messages received by the group of users. The one or more processors determine, based on the social-network data and the e-mail data, that an e-mail message of the plurality of e-mail messages is from the at least one potentially malicious source. The one or more processors output information identifying the e-mail message as being from the potentially malicious source.

Abstract: Security devices for protecting ICs from backside security attacks. A security device includes an N? well formed in a substrate, a P+ center disposed in the central region of the N? well, and a P+ ring surrounding the N? well. To prevent latchup, a pair of inner and outer N+ rings is formed in the N? well. When a current source is applied to the P+ center, the current flows through a portion of the substrate and is picked up by the P+ ring. When an attacker mills the substrate or makes a trench in the substrate, the resistance of the substrate changes. By monitoring the voltage difference between the P+ center and P+ ring, the attempt to attack the die can be detected.

Abstract: In some embodiments, the present invention provides for an exemplary computer system which includes at least the following components: a network of externally owned presence (EOP) member nodes, including a supervisory EOP member node is configured to generate at least one personalized cryptographic private key for each peer EOP member node; a distributed database, storing a plurality of persistent data objects; and a plurality of self-contained self-executing software containers (SESCs); where each SESC includes an independently executable software code which is at least configured to: generate a state hash representative of a current state of a persistent data object, perform a data action with the persistent data object; and determine that a particular EOP member node has a permission to cause the SESC to perform the data action with the persistent data object based.

Abstract: Systems and methods are provided that, in response to obtaining an email to a recipient from a sender, and in accordance with a determination that an indirect relationship exists between the sender and the recipient, determine a spam probability of the email by evaluating statistical information regarding the historical electronic interactions associated with the sender. In this way, the email is classified according to the identified spam probability.

Abstract: A method enables prefix search of cloud stored encrypted files that are encrypted using an order preserving encryption (OPE) algorithm. The encrypted text prefix search method generates a minimum possible plaintext string and a maximum possible plaintext string of the same character length including the search term as the prefix. The minimum and maximum possible plaintext strings are encrypted using the same order preserving encryption algorithm for the encrypted text. The method determines from the minimum ciphertext and the maximum ciphertext a set of common leading digits. The set of common leading digits is used as an OPE encrypted prefix search term and provided to a cloud storage service to search in the cloud stored encrypted files for encrypted text matching the OPE encrypted prefix search term.

Abstract: Systems and methods are provided for managed file transfer. A managed file transfer server may receive a request from a sender to send a file (bulk data) to a recipient and may determine a location server that is closest to the location of the recipient. A server-to-server transfer can be automatically initiated to move the file to the location server that is closest to the location of the recipient.

Abstract: Method for processing data, in which a Petri net is encoded, written into a memory and read and executed by at least one instance, wherein transitions of the Petri net read from at least one tape and/or write on at least one tape symbols or symbol strings, with the aid of at least one head. [FIG. 1]. In an alternative, data-processing, co-operating nets are composed, the composition result is encoded, written into a memory and read and executed from the memory by at least one instance. In doing this, components can have cryptological functions. The data-processing nets can receive and process second data from a cryptological function which is executed in a protected manner. The invention enables processing of data which prevents semantic analysis of laid-open, possibly few processing steps and which can produce a linkage of the processing steps with a hardware which is difficult to isolate.

Abstract: Systems, methods, and computer readable medium for virtualized computing environments. A method for providing a connection between a guest virtual machine and a service virtual machine uses driver code functions to establish a listening port on the service virtual machine without providing a listening port on the guest virtual machine. The guest virtual machine initiates a remote procedure call socket between itself and the service virtual machine over a secure, hardened port. The service virtual machine presents an authority certificate by encoding into the authority certificate identifying information received from the guest virtual machine. The service virtual machine makes available (e.g., as an ISO image) the authority certificate, which is used to establish new secure connections.

Abstract: A sandbox system includes a mixed analysis engine that allows for dynamic and static analysis of a sample process for malware. The sample process is executed in a virtual machine and interrupted to allow the mixed analysis engine to identify functions that are called by malware to perform a malicious behavior. The functions are correlated to identify a behavior node that is indicative of the malicious behavior, and behavior nodes are correlated to identify a behavior net. The behavior net is scored to determine if the sample process is malware.

Abstract: A method is provided for implementing a mandatory access control model in operating systems which natively use a discretionary access control scheme. A method for implementing mandatory access control in a system comprising a plurality of computers, the system comprising a plurality of information assets, stored as files on the plurality of computers, and a network communicatively connecting the plurality of computers, wherein each of the plurality of computers includes an operating system that uses a discretionary access control policy, and wherein each of a subset of the plurality of computers includes a software agent component operable to perform the steps of intercepting a request for a file operation on a file from a user of one of the plurality of computers including the software agent, determining whether the file is protected, if the file is protected, altering ownership of the file from the user to another owner, and providing access to the file based on a mandatory access control policy.

Abstract: The present invention is directed to a system and method for restricting data, or portions thereof, to specific display devices when accessed by a user. Furthermore, the system and method of the invention are directed, in part, to evaluating in real time, the access level of a device and restricting the availability of sensitive information on the device according to the access level as determined by device location and hardware configuration.

Abstract: Techniques for secure message offloading are presented. An intermediary is transparently situated between a user's local messaging client and an external and remote messaging client. The user authenticates to the local client for access and the intermediary authenticates the user for access to the remote client using different credentials unknown to the user. Messages sent from the local client are transparently encrypted by the intermediary before being passed to the remote client and messages received from the remote client are transparently decrypted before being delivered to the local client.

Abstract: A computer-based locking system using changing passcodes includes an application server and an application in electronic communication with the application server. The application runs on a computing device. The application may request an input passcode from the application server based on a lock ID. The application server retrieves an algorithm from a database using the lock ID and generates the input passcode using the algorithm with a time as the input. A lock includes a passcode interface and a locking mechanism with the passcode interface being capable of capturing the input passcode. The lock executes the algorithm locally to generate a local passcode based on current time. The lock releases the locking mechanism in response to the input passcode matching the local passcode.

Abstract: Embodiments of the present disclosure provide systems and methods for implementing a secure processing system having a first processor that is certified as a secure processor. The first processor only executes certified and/or secure code. An isolated second processor executes non-secure (e.g., non-certified) code within a sandbox. The boundaries of the sandbox are enforced (e.g., using a hardware boundary and/or encryption techniques) such that code executing within the sandbox cannot access secure elements of the secure processing system located outside the sandbox. The first processor manages the memory space and the applications that are permitted to run on the second processor.

Abstract: A secure messaging system provides a secure messaging exchange service to identified users.

Abstract: Embodiments of a mobile device and methods automatically connecting to a Wi-Fi Hotspot 2.0 are generally described herein. In some embodiments, subscription information for one or more service providers (SP) that operate Wi-Fi networks is stored in a subscription data object of the mobile device. The subscription information includes home service provider information, policy information and pre-provisioned credentials. The mobile device may be configured to determine, without user interaction, if the subscription information is applicable to an available Wi-Fi network and perform without user interaction, an extensible authentication protocol (EAP) based authentication using the pre-provisioned credentials with the available Wi-Fi network to establish a Wi-Fi connection with the available Wi-Fi network. This automatic connectivity may allow a mobile device to roam across Wi-Fi hotspots of Wi-Fi networks and offload traffic to Wi-Fi networks.

Abstract: A memory system includes a controller configured to write data to a nonvolatile memory. The controller includes a buffer unit configured to hold write data including a plurality of pieces of unit data, a sequencer configured to receive the write data from the buffer unit and individually output the plurality of pieces of unit data sequentially, and a plurality of cores, each being configured to encrypt at least one of the pieces of unit data output from the sequencer. The buffer is further configured to output the plurality of pieces of unit data sequentially to the sequencer, such that a last piece of unit data is output consecutively after a preceding piece of unit data is output.