Abstract: Mechanisms to protect the integrity of memory of a virtual machine are provided. The mechanisms involve utilizing certain capabilities of the hypervisor underlying the virtual machine to monitor writes to memory pages of the virtual machine. A guest integrity driver communicates with the hypervisor to request such functionality. Additional protections are provided for protecting the guest integrity driver and associated data, as well as for preventing use of these mechanisms by malicious software. These additional protections include an elevated execution mode, termed “integrity mode,” which can only be entered from a specified entry point, as well as protections on the memory pages that store the guest integrity driver and associated data.

Abstract: In an implementation of identifying related computing devices for automatic user account login, a login request to a user account that includes a unique identification (ID) of a user computing device and an internet protocol (IP) address of the user computing device are received. One or more user computing devices that have logged in to the user account using a same IP address as the user computing device are identified based on a user ID of the user account and the unique ID of the user computing device. Whether one or more unique IDs corresponding to the one or more user computing devices that have logged in to the user account are correlated with the unique ID of the user computing device is determined. If yes, data corresponding to login information used by the one or more user computing devices to log in to the user account to the user computing device for automatic account login are sent.

Abstract: There is provided a method for determining a security context for communication between a wireless device and a target network node at handover. The method comprises obtaining (S1) information representative of the type of Radio Access Technology, also referred to as RAT type, of the target network node, and deriving and/or determining (S2) the security context at least partly based on the information representative of the RAT type.

Abstract: An ingress server is operable to perform, through a multi-list evaluator, two different validations: one utilizes a sender network address of a sender's server to determine whether to trust, accept, or reject a connection and one utilizes a domain of a sender email address from an envelope to determine whether to accept or reject a message. The multi-list evaluator may perform the validations in two phases. If a connection can be trusted, the connection is accepted and any message over the connection (in a single session) is accepted and no further validation is necessary. Further, in both phases, the multi-list evaluator can utilize a whitelist maintained by the ingress server to override a blacklist provided by a blacklist supplier. This override can reduce false-positives and drastically reduce delays usually associated with correcting false-positives and improve system throughput.

Abstract: Embodiments extend protocols for secure communication between two parties to allow a party to securely communicate with multiple parties using a single message. For example, the sending party can determine a unique shared secret for each recipient and encrypt data for a recipient using a session key generated from the corresponding shared secret. The encrypted data can be combined into a single message, and each recipient can decrypt only the subset of the message that it is authorized to.

Abstract: A computer-implemented method, computer program product and computing system for: obtaining system-defined consolidated platform information for a computing platform from an independent information source; obtaining client-defined consolidated platform information for the computing platform from a client information source; and comparing the system-defined consolidated platform information to the client-defined consolidated platform information to define differential consolidated platform information for the computing platform.

Abstract: A broadcast-controlling method in an operating system and a mobile terminal are provided. The broadcast-controlling method includes obtaining a number of broadcast types registered by a first application, wherein the first application receives broadcast messages according to the registered broadcast types; determining whether the number of broadcast types is greater than a first threshold; determining the first application as an illegal broadcast-registering application when the number of broadcast types is greater than the first threshold; obtaining a receiver queue of a target broadcast; and optimizing the receiver queue according to determined illegal broadcast-registering applications.

Abstract: A packet-spreading data transmission system with anonymized endpoints facilitates enhanced fortified private communications between a plurality of arbitrary devices via a plurality of communication channels or networks. The data transmission system receives at a source endpoint device a message of arbitrary length. The message includes a destination address associated with a destination endpoint device. Both source endpoint device and the destination endpoint device are selected from a plurality of arbitrary devices. The received message are fragmented and agilely transmitted, via a plurality of communication channels, from the source endpoint device to the destination endpoint device.

Abstract: An end-to-end security communication method includes, when receiving a security key generation request packet from a first host, generating, by a communication controller, a security key for end-to-end security communication between the first host and a second host, transmitting the generated security key to each of the first host and the second host, and setting a forwarding rule for transmission of a packet destined for a Media Access Control (MAC) address of the first host or a MAC address of the second host to a first switch and a second switch connected respectively to the first host and the second host. According to the end-to-end security communication method, the communication controller performs the process of generating a security key that will be shared between hosts using Software Defined-Networking (SDN), so that MAC security communication technology can be applied to communication between hosts belonging to different networks.

Abstract: According to one embodiment, a system for detecting an email campaign includes feature extraction logic, pre-processing logic, campaign analysis logic and a reporting engine. The feature extraction logic obtains features from each of a plurality of malicious email messages received for analysis while the pre-processing logic generates a plurality of email representations that are arranged in an ordered sequence and correspond to the plurality of malicious email message. The campaign analysis logic determines the presence of an email campaign in response to a prescribed number of successive email representations being correlated to each other, where the results of the email campaign detection are provided to a security administrator via the reporting engine.

Abstract: Encrypted web traffic exchanged between a client device and a web server during a communication session and captured using a passive capture technique can be received. The encrypted web traffic can be encrypted using a shared secret generated for the communication session in accordance with an anonymous key agreement protocol. A TCP connection table, which includes a session identifier for the communication session, can be created for the communication session. At least one TCP connection can be built for the received encrypted web traffic using the TCP connection table. Using the session identifier, the shared secret can be accessed from a cache in which the shared secret is stored, at least temporarily, by the web server. Data from the encrypted web traffic can be extracted by using the shared secret to decrypt the encrypted web traffic. The extracted data can be stored to a data store.

Abstract: An online authentication system allows a user to define their own logic for multistage authentication, which is provided to an online authentication center and stored as encrypted bytecode based on each user's password. Implementation logic can use third party information sources to provide additional authentication options.

Abstract: Disclosed herein are systems and methods that allow for secure access to websites and web-based applications and other resources available through the browser. Also described are systems and methods for invocation of a secure web container which may display data representative of a requesting party's application at a user's machine. The secure web container is invoked upon receipt of an API call from the requesting party. Thus, described in the present specification are systems and methods for constructing and destroying private, secure, browsing environments (a secure disposable web container), insulating the user and requesting parties from the threats associated with being online for the purposes of providing secure, policy-based interaction with a requesting party's online services.

Abstract: A temperature sensing security token may include a first resistor having a first side connected to a voltage source, a second resistor having a first side connected to the voltage source, an analog comparator having a first input connected to a second side of the first resistor and a second input connected to a second side of the second resistor and an output that represents at least one bit of a key, and an analog to digital converter having an input connected to the second side of the first resistor wherein an output of said analog to digital converter is related to temperature by a temperature coefficient of resistivity of the first resistor. The first resistor and the second resistor may have the same nominal resistance. The first resistor, the second resistor and the analog to digital comparator may be encased in the same package. The package may be configured to inhibit inspection and discovery of components contained in said package.

Abstract: Implementations of the present specification provide a blockchain-based transaction method and apparatus, and a remitter device. The method includes: calculating a transaction amount commitment, a first commitment random number ciphertext, a first transaction amount ciphertext, a second commitment random number ciphertext, and a second transaction amount ciphertext; and submitting transaction data to the blockchain, the transaction data including the transaction amount commitment, the first commitment random number ciphertext, the first transaction amount ciphertext, the second commitment random number ciphertext, and the second transaction amount ciphertext, for the transaction amount commitment, the first commitment random number ciphertext, and the first transaction amount ciphertext to be recorded into a remitter account, and the transaction amount commitment, the second commitment random number ciphertext, and the second transaction amount ciphertext to be recorded into a remittee account.

Abstract: In an implementation of identifying related computing devices for automatic user account login, a login request to a user account that includes a unique identification (ID) of a user computing device and an internet protocol (IP) address of the user computing device are received. One or more user computing devices that have logged in to the user account using a same IP address as the user computing device are identified based on a user ID of the user account and the unique ID of the user computing device. Whether one or more unique IDs corresponding to the one or more user computing devices that have logged in to the user account are correlated with the unique ID of the user computing device is determined. If yes, data corresponding to login information used by the one or more user computing devices to log in to the user account to the user computing device for automatic account login are sent.

Abstract: Embodiments of the present disclosure disclose a method for obtaining a virus library performed at a computing system. The computing system obtains a sample set, each sample being a malicious installation package. The computing system extracts a group of sample features from each sample as a sample feature set. The computing system performs feature selection on the sample feature set, to obtain at least one group of target features, each target feature meeting a first preset condition. The computing system then updates the at least one group of target features to a virus library. An antivirus platform determines whether the feature of a to-be-detected installation package comprises any group of target features in the virus library and determines that the to-be-detected installation package is a malicious installation package when the feature of the to-be-detected installation package comprises any group of target features in the virus library.

Abstract: Disclosed embodiments relate to systems and methods for securely generating verifiable machine-readable visual codes. Techniques include identifying a data element to be made available to a computing device, generating a machine-readable visual code including the data element, making available the generated machine-readable visual code to a display medium, such that the generated machine-readable visual code can be decoded from the display medium to yield the data element and can be validated. The computing device's ability to interact with the data element may be conditioned on the validation of the data element being successful.

Abstract: Techniques for seasonality-based anomaly detection and forecast are described. For example, a method of receiving a request to generate forecast for received time series data; performing a seasonality-based anomaly detection and forecast for the received time series data based upon the received request, the seasonality-based anomaly detection and forecasting to utilize a second data structure that reflect anomalies found in a first data structure on the input from the received time series data; and providing a result of the performed seasonality-based anomaly detection and forecast is described.

Abstract: One embodiment provides a method, including: detecting, from a user and using a sensor operatively coupled to an information handling device, for facial features associated with an authorized user; requesting, using a prompt provided by an output device operatively coupled to an information handling device, the user to mimic at least one emotion; detecting, responsive to the requesting, at least one facial expression provided by the user; and authenticating the user responsive to determining that: the at least one facial expression corresponds to at least one accepted facial expression associated with the at least one emotion and the at least one facial expression comprises the facial features. Other aspects are described and claimed.