Abstract: In one embodiment, functionality is disclosed for commissioning a target device based, at least in part, on providing identifying information that identifies a target device, where that identifying information is configured to be included in a request for authorization to commission the target device, and that request for authorization to commission the target device comprises one or more requested commissioning actions; receiving a commissioning authorization, where the commissioning authorization comprises information regarding one or more authorized commissioning actions for which a license is available, where the one or more authorized commissioning actions were selected from among the one or more requested commissioning actions; and performing the one or more authorized commissioning actions.

Abstract: The present application discloses methods and devices for information registration and authentication. The registration method may comprise: sending a request for registering standard information to an authentication server; receiving first authentication information fed back by the authentication server; generating a standard information acquisition request, sending the standard information acquisition request and the first authentication information to a first application, and acquiring signed standard information and an identity identifier of the standard information that are returned by the first application after the first application approves authentication of the first authentication information, wherein the signed standard information is signed by the first application using second authentication information; and sending the signed standard information, the identity identifier of the standard information, and the first authentication information to the authentication server.

Abstract: A system for reliable data processing is provided, wherein the system is implemented in a sealed infrastructure, wherein the sealed infrastructure comprises at least one processing area and a storage area, wherein the network area, the processing area, and the storage area are separated from each other physically, wherein the processing area is adapted to receive data from the storage area and/or from the network area in encrypted form, to decrypt to process the received data, and to transmit the processed data in encrypted form to the storage area and/or to the network area. Further, a method for reliable processing of data in a system according to the invention is provided.

Abstract: A first encoded data slice is received for storage by a DST execution unit from a first vault. A first encryption key corresponding to the first encoded data slice is generated, and a first encrypted data slice is generated by utilizing the first encryption key. A second encoded data slice for second storage by the DST execution unit from a second vault, a second encryption key corresponding the second encoded data slice is generated, and a second encrypted data slice is generated by utilizing the second encryption key. The first encrypted data slice and the second encrypted data slice are stored in a file of a memory of the DST execution unit, where the file and the memory are common to the first encrypted data slice and the second encrypted data slice.

Abstract: A communication system provides secure communication between two nodes in a self-organizing network without the need for a centralized security or control device. A first node of the two nodes is provisioned with one or more security profiles, auto-discovers a second node of the two nodes, authenticates the second node based on a security profile of the one or more security profiles, selects a security profile of the one or more security profiles to encrypt a communication session between the two nodes, and encrypts the communication session between the two nodes based on the selected security profile. The second node also is provisioned with the same one or more security profiles, authenticates the first node based on a same security profile as is used to authenticate the second node, and encrypts the communication session based on the same security profile as is used for encryption by the first node.

Abstract: Networks comprising multiple non-overlapping communication topologies are presented. The networks can include a fabric of interconnected network nodes capable of providing multiple communication paths among edge devices. A topology manager constructs communication topologies according to restriction criteria based on required security levels (e.g., top secret, secret, unclassified, etc.). Established topologies do not have overlapping networking infrastructure to within the bounds of the restriction criteria as allowed by the security levels.

Abstract: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host.

Abstract: Disclosed are an application security protection method, a terminal, and a storage medium. The method includes the steps of: monitoring whether an application software protection triggering condition is satisfied (S301); if yes, judging whether current application software is malicious software (S302); if yes, providing prompt information indicating that the current application software is malicious software (S303); and when an opening continuing instruction for continuing to open the current application software is received (S304), starting the current application software (S305). The application security protection method, the terminal and the storage medium greatly improve the security when an application program runs at the terminal.

Abstract: A producer communicates over a network with a user application in an infrastructure-as-a-service (IaaS) and an IaaS node. The producer encrypts content with first encryption using a first key and second encryption using a second key, to produce twice encrypted content. The producer encrypts the second key with attribute-based encryption and symmetric encryption using an IaaS key, to produce a twice encrypted second key. The producer provides to the user application the twice encrypted content, the twice encrypted second key, and key information configured to remove the first encryption from the twice encrypted content. The producer provides to the IaaS node the IaaS key to enable the IaaS node to remove the symmetric encryption from the twice encrypted second key, such that the user application and the IaaS node are constrained to exchange with each other key-related information and intermediate decryption results in order to recover the content.

Abstract: Aspects of the subject disclosure may include, for example, detecting a request for access to a wireless network via an access point. Responsive to a first determination that the identifier corresponds to an entry in the list, access is facilitated to the wireless network via the access point without the equipment of the requesting user providing credentials to the wireless network. The list includes a first set of entries corresponding to a first set of users having unrestricted access and a second set of entries corresponding to a second set of users having restricted access. Responsive to a second determination that the identifier does not correspond to any of the entries, a message is transmitted to equipment of the host regarding the request, and responsive to receiving approval, the list is updated to include the identifier. Other embodiments are disclosed.

Abstract: A method and apparatus that ensures that an aircraft system network controls access by multiple users (403a, 403b, 403c) of electronic devices (402a, 402b, 402c) equipped with a related hardware device (404a, 404b, 404c), by a combination of authentication, integrity, and encryption, using hardware security such as HSE/HSM or equivalent to establish the credentials for each component that is allowed on the network.

Abstract: After a heuristic event counter in a processor has triggered a performance monitoring interrupt (PMI) when the processor was executing a target program in user mode, and after the processor has switched to kernel mode in response to the PMI, a heuristic event handler automatically performs preliminary analysis in kernel mode, without switching back to user mode, to determine whether heavyweight code analysis is warranted. The preliminary analysis comprises (a) obtaining an instruction pointer (IP) for the target program from a last branch record (LBR) buffer in the processor, (b) using transaction hardware in the processor to determine whether the IP from LBR buffer points to a readable page in memory, and (c) determining that heavyweight code analysis is not warranted in response to a determination that the page pointed to by the IP from LBR buffer is not readable. Other embodiments are described and claimed.

Abstract: Concepts and technologies are disclosed herein for providing an electronic document processing system, an electronic document generation mechanism, an encrypted digital certificate generator, a tool for coordinating the processing of electronic documents, a packaging mechanism for finalizing and authenticating electronic documents, a tracking log for recording relevant electronic document information, and a transferring protocol for transferring the ownership of electronic documents. The present disclosure also is directed to an electronic authentication system including an electronic document authentication watermark seal or signature line for confirming a document's signing within the view.

Abstract: Embodiments of the present invention may provide the capability to identify security breaches in computer systems from clustering properties of clusters generated based on monitored behavior of users of the computer systems by using techniques that provide improved performance and reduced resource requirements. For example, behavior of users or resources may be monitored and analyzed to generate clusters and train clustering models. Labeling information relating to some user or resource may be received. When users or resources are clustered and when a cluster contains some labeled users/resources then an anomaly score can be determined for a user/resource belonging to the cluster. A user or resource may be detected to be an outlier of at least one cluster to which the user or resource has been assigned, and an alert indicating detection of the outlier may be generated.

Abstract: A network management method, system, and non-transitory computer readable medium, include a data center gateway including a set of rules for moving target defense and communicates with a service provider and a cloud gateway including the set of rules to communicate with the data center gateway by satisfying the moving target defense such that a client receives a service from the service provider when the cloud gateway requests the service from the data center gateway.

Abstract: Detecting an attempted theft of information stored in an RFID-enabled card, including: receiving, by a theft detection module, a transaction request, the transaction request including RFID-enabled card information; determining, by the theft detection module, that the RFID-enabled card information is mock card information, wherein mock card information is provided to an RFID reader by an RFID tag exterior to an RFID shield of an RFID-enabled card security enclosure responsive to an RFID request directed at the security enclosure; and responsive to determining that the RFID-enabled card information is mock card information, initiating, by the theft detection module, one or more security actions.

Abstract: Approaches for securely authenticating untrusted operating environments. A software module intercepts a message which requires a first operating environment to authenticate itself to a service or resource provider. The software module executes outside of the first operating environment. The first operating environment lacks access to an authentication mechanism necessary to successfully authenticate to the service or resource provider. The software module notifies a second operating environment of the message. The second operating environment determines that the first operating environment should be permitted to authenticate to the service or resource provider. The second operating environment obtains authentication data generated using the authentication mechanism. The second operating environment provides the authentication data to the first operating environment to allow the first operating environment to authenticate itself to the service or resource provider.

Abstract: Various implementations disclosed herein provide a method for anonymizing data in a distributed hierarchical network. In various implementations, the method includes determining a first set of attribute hierarchy counts that indicate a number of occurrences of corresponding attributes that are stored at the first network node and have not been transmitted upstream towards the hub. In various implementations, the method includes receiving, from a second network node, a second set of attribute hierarchy counts that indicate a number of occurrences of corresponding attributes at the second network node. In various implementations, the method includes determining whether a sum based on the first and second set of attribute hierarchy counts satisfies an anonymization criterion. In some implementations, the sum indicates a total number of occurrences for a corresponding attribute that are stored at the first and second network nodes and have not been transmitted upstream towards the hub.

Abstract: Disclosed embodiments provide a temporary privacy mode for an electronic device. The user selects one or more regions of allowable content and/or unallowable content. The user then invokes a temporary privacy mode of the device. While the device is in the temporary privacy mode, only the allowable content is viewable on the display of the electronic device. The unallowable content is obfuscated or hidden from view. The third party therefore cannot see the content deemed private by the user. When the third party has completed review of the content, the user can exit the temporary privacy mode to return to normal operation.

Abstract: The present invention relates to a method and an apparatus for controlling connection between a first device and a second device by a control device using Bluetooth LE (Low Energy). According to the present invention, there are provided a method and an apparatus for obtaining pairing information from the first device and the second device to generate information for establishing connection between the first device and the second device and transmitting the generated information to the first device and the second device to control the first device and the second device to establish connection of a predetermined security level or higher.