Abstract: A standard metadata model for analyzing events with fraud, attack or other malicious background is disclosed. Log data for two or more computing systems is stored, and mapped to standardized attributes based on metadata entities defined for each computing system. A standard metadata model is defined for the computing systems, in which one or more standardized attributes of a first set of computing systems is associated with one or more standardized attributes of a second set of computing systems to define connected metadata that connects attributes of the associated metadata entities.

Abstract: A system and method for detecting sensitive user input leakages in software applications, such as applications created for smartphone platforms. The system and method are configured to parse user interface layout files of the software application to identify input fields and obtain information concerning the input fields. Input fields that contain sensitive information are identified and a list of sensitive input fields, such as contextual IDs, is generated. The sensitive information fields are identified by reviewing the attributes, hints and/or text labels of the user interface layout file. A taint analysis is performed using the list of sensitive input fields and a sink dataset in order to detect information leaks in the sensitive input fields.

Abstract: A method for encoding computer processes for malicious program detection.

Abstract: An approach for managing photograph metadata anonymization is provided. The approach receives, by one or more processors, a photograph file, wherein the photograph file comprises a digital photograph and a first metadata. The approach receives, by one or more processors, a rule set for modifying the first metadata. The approach determines, by one or more processors, whether at least one rule of the rule set corresponds to a datum of the first metadata. Responsive to determining at least one rule corresponds to at least one datum of the first metadata, the approach modifies, by one or more processors, the first metadata based on the rule set to create a second metadata. The approach stores, by one or more processors, the first metadata in a database.

Abstract: Some embodiments provide, for a particular device in a set of related devices, a method for backing up data synchronized between the devices. The method receives a command to create a backup for a subset of data synchronized between a subset of the devices, which is a subset of all data synchronized between the devices. The method identifies the subset of synchronization data from the set of all synchronization data. The subset of synchronization data is tagged as pertaining to a particular set of criteria for synchronization between only the subset of devices. The method stores a backup of the subset of synchronization data in a backup storage encrypted in such a way that requires a recovery key associated with any one of the devices in the subset of devices to access the backup while preventing access to the backup with recovery keys of any of the other devices.

Abstract: A method for removing credentials from a smart grid device includes: receiving, by a receiving device, a removal request, wherein the removal request includes a device identifier associated with a smart grid device and is signed by an entity associated with a set of security credentials stored in a memory of the smart grid device, the set of security credentials restricting access to one or more components or operations of the smart grid device; extracting, by a processing device, the device identifier included in the received removal request; generating, by the processing device, a permit configured to remove the set of credentials from the smart grid device, wherein the generated permit includes the extracted device identifier; and transmitting, by a transmitting device, the generated permit to the smart grid device for removal of the set of credentials from the memory of the smart grid device.

Abstract: When individual persons or vehicles move through a transportation network, they are likely to be both actively and passively creating information that reflects their location and current behavior. In this patent, we propose a system that makes complete use of this information. First, through a broad web of sensors, our system collects and stores the full range of information generated by travelers. Next, through the use of previously-stored data and active computational analysis, our system deduces the identity of individual travelers. Finally; using advanced data-mining technology, our system selects useful information and transmits it back to the individual, as well as to third-party users; in short, it forms the backbone for a variety of useful location-related end-user applications.

Abstract: A processing device comprises a processor coupled to a memory and is configured to predict or otherwise determine that a user will utilize a target application on a user device in involvement with a particular set of smart objects, to request cryptographic material for activating the smart objects of the set, to receive the cryptographic material responsive to the request, and to utilize the cryptographic material to activate the smart objects. Each of the activated smart objects provides a verifier with a proof of involvement with the user device. The verifier controls user access to the target application based at least in part on the proofs provided by the activated smart objects. The determining, requesting, receiving and utilizing operations in some embodiments are performed by a learning agent running on the processing device. The learning agent illustratively includes functionality for learning target application access behavior of the user over time.

Abstract: The present disclosure relates to secure storage of a detailed set of elements relating to fingerprint features for a finger and to a method for authenticating a candidate fingerprint of a finger using said detailed set of elements, allowing for improved security and user convenience.

Abstract: New and improved techniques for a behavior analysis based DNS tunneling detection and classification framework for network security are disclosed. In some embodiments, a platform implementing an analytics framework for DNS security is provided for facilitating DNS tunneling detection. For example, an online platform can implement an analytics framework for DNS security based on passive DNS traffic analysis.

Abstract: Improved techniques involve comparing paronymous addresses received in transaction data with trusted sets of paronymous data stored in a database by both a trusted client computer and a trusted server computer. Along these lines, the trusted client computer sends data packets to the trusted server computer that contain network addresses and a secure identifier. In response, the trusted server computer sends acknowledgment data packets containing encrypted network addresses and the secure identifier. Upon sending the acknowledgement data packets, the server computer communicates the network addresses to an aggregator. When the client computer receives the acknowledgement data packets, the client computer communicates the network addresses to the aggregator. Once the aggregator receives transaction data containing paronymous addresses, the aggregator compares the paronymous addresses to those communicated to it by the trusted server and client computers.

Abstract: A processor-based method for secret sharing in a computing system is provided. The method includes encrypting shares of a new secret, using a previous secret and distributing unencrypted shares of the new secret and the encrypted shares of the new secret, to members of the computing system. The method includes decrypting at least a subset of the encrypted shares of the new secret, using the previous secret and regenerating the new secret from at least a subset of a combination of the unencrypted shares of the new secret and the decrypted shares of the new secret.

Abstract: A method includes forming, during access to a site, an association between a user and a first device. Contact information for a second device associated with the user is obtained. During a subsequent access to the site the first device is recognized. The user is prompted to authenticate without inputting identifying information. The user is authenticated at the site relying upon the association and a positively acknowledged message from the second device.

Abstract: Authorization decisions can be made in a resource environment using authorization functions which can be provided by customers, third parties, or other such entities. The functions can be implemented using virtual machine instances with one or more transient compute containers. This compute capacity can be preconfigured with certain software and provided using existing compute capacity assigned to a customer, or capacity invoked from a warming pool, to execute the appropriate authorization function. The authorization function can be a lambda function that takes in context and generates the appropriate security functionality inline. The utilization of ephemeral compute capacity enables the functionality to be provided on demand, without requiring explicit naming or identification, and can enable cause state information to be maintained for a customer.

Abstract: A data processing method and system, providing a data transmitting interface to a parallel computing system, are provided. The parallel computing system includes a mapper, a reducer, and an operation device. The data transmitting interface intercepts a parallel computing input command transmitted from the mapper and an output result transmitted from the operation device. The data transmitting interface transmits the parallel computing input command to the operation device after receiving the parallel computing input command and when the parallel computing input command is not abnormal based on a security policy is determined. The data transmitting interface transmits the output result to the reducer after receiving the output result and when the output result is not abnormal based on the security policy is determined.

Abstract: Securing encryption keys in a data storage system using three layer key wrapping that encrypts a data encryption key using a key encryption key, encrypts the key encryption key using a controller encryption key, and encrypts the controller encryption key using a public key of an asymmetric key pair. The private key is stored on a removable storage device. A separate encryption accelerator component decrypts the encryption keys in order to encrypt and/or decrypt host data from a memory of a storage processor. The removable storage drive must be inserted into a receptacle of the encryption accelerator for encryption and/or decryption to be performed, since the encryption accelerator accesses the private key from the removable storage device in order to decrypt the encrypted controller key. The encryption accelerator generates key handles for the storage processor to use when requesting encryption and/or decryption operations.

Abstract: An inspection and recovery method and apparatus for handling virtual machine vulnerability, which inspect the security status of a virtual machine in a hypervisor domain, and recover a main system file or limit the use of a virtual machine suspected of being damaged due to hacking depending on the results of inspection, thus providing a secure virtual machine use environment for cloud computing. In the presented method, collection target information and inspection criteria including vulnerability inspection criteria, recovery criteria, and hacking damage criteria are updated. Then, the collection target information is collected from the virtual disk and virtual memory of each virtual machine. Vulnerability is inspected in conformity with the inspection criteria, based on the collected information. A damaged main system file depending on inspection results is recovered based on recovery criteria.

Abstract: A method includes receiving, by a computing system of a first wireless network from a first device, a request to access a second wireless network secured with a network encryption key. The method includes determining that a user account associated with the first device permits access to the second wireless network. The method includes sending, to a registration device, a token that is usable by a second device to access the network encryption key. The method includes sending, via the first wireless network, the token to the first device for transmission of the token to the second device. The transmission of the token from the first device to the second device enables the second device to send a hash value based on the token to the registration device. The hash value enables the registration device to provide access to the network encryption key to the second device.

Abstract: A database access system may protect a field by storing the field as one or more underlying fields within a database. The database engine may not have access to keys used to protect the underlying fields within the database, such as by encryption, while the database access system may have access to the keys. Underlying fields may be used to store protected data and aid in the querying of protected data. The database access system may modify queries to use the underlying fields, which may include encrypting query terms and/or modifying query terms to fit the use of the underlying fields. The database access system may modify query results to match the format of the original query, which may include decrypting protected results and/or removing underlying fields.

Abstract: Disclosed is a method for unlocking an electronic equipment, and the method includes: the electronic equipment detects periodically whether there is an unlocking key in its surrounding environment, and when there is an unlocking key in the surrounding environment, transmits an unlocking request to the unlocking key; the unlocking key receives the unlocking request, determines in accordance with the unlocking request whether the electronic equipment matches the unlocking key, and when it is determined that the electronic equipment matches the unlocking key, transmits an unlocking signal to the electronic equipment so as to unlock the electronic equipment. Further disclosed are a device for unlocking an electronic equipment and an unlocking key for unlocking an electronic equipment. By means of the present disclosure, the unlocking key is enabled to automatically unlock an electronic equipment when it is disposed near the electronic equipment.