Abstract: The presenting invention relates to techniques for implementing a secure operating environment for the execution of applications on a computing devices (e.g., a mobile phone). In The secure operating environment may provide a trusted environment with dedicated computing resources to manage security and integrity of processing and data for the applications. The applications may be provided with a variety of security services and/or functions to meet different levels of security demanded by an application. The secure operating environment may include a security engine that enumerates and/or determines the security capabilities of the secure operating environment and the computing device, e.g., the hardware, the software, and/or the firmware of the computing device. The security engine may provide security services desired by applications by choosing from the security capabilities that are supported by the secure operating environment and the computing device.

Abstract: Techniques for automated application analysis are disclosed. In one embodiment, the techniques may be realized as a method comprising detecting a code creation activity; detecting the presence of a previously-unknown application; associating the detected application with the code creation activity; and permitting the application to run based on associating the detected application with the code creation activity.

Abstract: A server-side biometric authentication system is disclosed that can split data knowledge and processes, so that extensive collusion would be required in order for a fraudster to compromise the system. Biometric data provided by a user during authentication can be matched with a combination of pieces of a biometric template stored across two or more server(s), rather than on a consumer device as is typically done. More specifically, at the time of enrollment, a biometric template can be split into two or more fragments. Each of the fragments can be encrypted and stored on a template storage server. At a later point in time, during authentication, biometric data provided by a user (e.g., from a fingerprint) can be compared against a reconstructed version of the biometric template where each fragment of the template is retrieved from a matcher computer and combined together.

Abstract: Embodiments of the invention introduce efficient methods for securely generating a cryptogram by a user device, and validating the cryptogram by a server computer. In some embodiments, a secure communication can be conducted whereby a user device provides a cryptogram without requiring the user device to persistently store an encryption key or other sensitive data used to generate the cryptogram. For example, the user device and server computer can mutually authenticate and establish a shared secret. Using the shared secret, the server computer can derive a session key and transmit key derivation parameters encrypted using the session key to the user device. The user device can also derive the session key using the shared secret, decrypt the encrypted key derivation parameters, and store the key derivation parameters. Key derivation parameters and the shared secret can be used to generate a single use cryptogram key. The cryptogram key can be used to generate a cryptogram for conducting secure communications.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for implementing a response to one or more security incidents in a computing network. One of the methods includes identifying a security incident based on detecting one or more indicators of compromise associated with the security incident, comparing the security incident with a predefined ontology that maps the security incident to one or more courses of action, selecting a response strategy that includes one or more of the courses of action, and implementing the response strategy as an automated response.

Abstract: Generating a behavior profile is provided. A newness score is calculated for a data point corresponding to a context of an access request to a resource made by a user of a client device. Newness scores for a plurality of data points corresponding to contexts of a plurality of access requests are aggregated to form an aggregated newness score. In response to determining that the aggregated newness score is greater than or equal to a pre-defined newness score threshold, data points stored in a data point cache and a long-term storage are used to generate a new behavior profile for the user or update an existing behavior profile for the user.

Abstract: A computer-implemented method and related system controls access to protected content with certificate-based access authorization. Protected content stored in a memory of a computer is enciphered using a content key to produce a quantity of enciphered, protected content, wherein the content key is derived from a content encryption algorithm. A user key is derived from user credentials using a credential encryption algorithm. The content key is enciphered with the user key using a content key encryption algorithm to produce a certificate, wherein the certificate contains the enciphered content key. Access to the protected content is controlled by the user credentials and the certificate containing a second enciphered content key. A decryption user key is generated and access authorization to the protected content is determined based on the decryption user key in response to a match of the decryption user key with the user key.

Abstract: The present invention generally relates to systems and methods for encrypting data. The disclosed techniques can include tracking a plurality of flight parameter values for a plurality of flight parameters of an aircraft, generating a first cryptographic key from the plurality of flight parameter values, encrypting plaintext using the first cryptographic key to generate a first ciphertext, and sending, from a sender to a receiver, a message comprising the first ciphertext.

Abstract: A computer-implemented method is described. A first portion and a second portion of a message are received from a user via a user interface of a computer device. Each portion includes one or more letters. The first portion includes initials of a person. The method includes generating a virtual cryptic note. The virtual cryptic note includes the first portion arranged in a first orientation, and the second portion arranged in a second orientation that is rotated relative to the first orientation with the one or more letters of the second portion overlapping the initials of the first portion. The virtual cryptic note can be modified by changing an order of the first portion relative to the second portion or changing the orientation of at least one of the first portion and the second portion. The first portion and the second portion can be encrypted.

Abstract: A system and method for detecting encoding errors in a template used to generate a Web page. The template is analyzed using static analysis in a source code format, without rendering the Web page. A report can be generated including details on the detected errors and provide options on how to address the errors.

Abstract: In an embodiment, a method and system for responding to receipt of an identifier of a first member having an account in an online social network is disclosed herein. One or more members connected to the first member are determined based on a same web browser identifier associated with each of the first member and the one or more members. There is caused to be displayed one or more graphical elements, such as a first graphical element visually depicting a connection between the first member to each of the respective one or more members and a second graphical element visually depicting account information and account access information of the first member and the one or more members.

Abstract: In an example, a system and method are provided for validating the sender of a message, such as an e-mail, text message, voice mail, network message, internet posting, or other electronic message. An authenticity server engine may first prescreen the message with anti-spam, anti-malware, and other filters. The screened message is then provided to the end user. If the end user deems the message suspicious, he may request additional validation. The authenticity server engine may then apply an example four-phase validation scheme, including analyzing header data for consistency with the message body, analyzing public data sources, analyzing private data sources, and receiving a result of an off-channel challenge to the sender. The server may then assign the message a sender validity confidence score.

Abstract: Methods and apparatus are disclosed to correct hash keys. An example method involves accessing a first metered hash key and first reference metadata associated with the first metered hash key. Accessing second reference metadata associated with a second hash key adjacent to the first metered hash key. Determining if the first metered hash key is unexpected. When the first metered hash key is unexpected, generating an error level using a first bitwise comparison of the first metered hash key and the second hash key. Determining if the error level satisfies a threshold. When the error level satisfies the threshold, storing the second hash key as the first metered hash key.

Abstract: A content delivery platform is provided that includes generating a first content package of content that is encrypted with a unique symmetric key, and a second content package including a link encrypted with the key to the first content package. The first content package is stored in a repository, and a request including the key is transmitted to a first computing device associated with a mail exchange for an encryption key file. An encryption key file is generated using the unique symmetric key and together with a authorizing token is received. A third content package is generated that is encrypted using the encryption key file and includes the encrypted link. The third content package is transmitted to a distributor gateway and the encrypted link is accessible in response to the consumer decrypting the third content package. The link is available to provide to access to the content for the consumer.

Abstract: Systems and methods for secure password entry are provided. A request to authenticate a user is received from a user device. A sequence of characters is generated. The sequence has a first subset of the characters selected from a password associated with the user. At least one of the characters appears a different number of times in the sequence than in the password. The sequence of characters is displayed on the user device in response to the request. A user selection of a second subset of the characters in the sequence is received through the user device. The user is authenticated in response to a determination that the first subset of the characters matches the second subset of the characters.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for correlating domain activity data. First domain activity data from a first network domain and second domain activity data from a second network domain is received. The first domain activity data and the second domain activity data is filtered to remove irrelevant activity data, based on a first set of profile data for devices in the first network domain and a second set of profile data for devices in the second network domain. Unfiltered first and second domain activity data is aggregated. Aggregated unfiltered first and second domain activity data is correlated to determine an attack path for an attack that occurs across the first network domain and the second network domain, based on attack signatures and profiles associated with previously identified attacks. A visualization of the attack path is generated.

Abstract: A memory controller encrypts contents of a page frame based at least in part on a frame key associated with the page frame. The memory controller generates a first encrypted version of the frame key based at least in part on a first process key associated with a first process, wherein the first encrypted version of the frame key is stored in a first memory table associated with the first process. The memory controller generates a second encrypted version of the frame key based at least in part on a second process key associated with a second process, wherein the second encrypted version of the frame key is stored in a second memory table associated with the second process, the first process and the second process sharing access to the page frame using the first encrypted version of the frame key and the second encrypted version of the frame key, respectively.

Abstract: Devices, methods, systems, and computer-readable media for auto-commissioning of devices in a communication network are described herein. One or more embodiments include a method for auto-commissioning of a device added to a communication network, comprising: determining properties of signal transitions of the communication network via a device added to the network while the signal transitions of the communication network are passing unchanged, and processing the signal transitions of the communication network, via the device, based on the properties of the signal transitions.

Abstract: Some embodiments include a method for processing a scan chain in an integrated circuit, the method comprising receiving, in the integrated circuit, the scan chain, wherein the scan chain includes a secret key pattern; separating the secret key pattern from the scan chain; storing the scan chain in a first plurality of latches; storing the secret key pattern in a second plurality of latches; comparing the secret key pattern to a reference key pattern, the reference key pattern stored in a third plurality of latches; determining, based on the comparing the secret key pattern to the reference key pattern, that the secret key pattern does not match the reference key pattern; and generating a signal indicating that the secret key pattern does not match the reference key pattern.

Abstract: Embodiments of the present invention provide methods, program products and systems to reduce mistakes in production and management of digital identification cards. Embodiments of the present invention can create a digital card template design using graphical icons in a user interface display and publish the created digital card template design to a server. Embodiments of the present invention can access the server to test the published digital card template design using sample data and deploy the published digital card template design to an issuing service. Embodiments of the present invention can, responsive to receiving an acquisition URL from the issuing service, build an instance of a digital identification card from information included in the acquisition URL.