Abstract: The disclosed computer-implemented method for replicating computing system environments may include (1) identifying each application installed on a plurality of computing systems, (2) creating, within a virtual machine image, virtual containers that store each application installed on the plurality of computing systems, (3) determining that a potentially malicious file is directed to a target computing system within the plurality of computing systems, (4) identifying each application installed on the target computing system, (5) in response to determining that the file is directed to the target computing system, replicating a configuration of the target computing system within the virtual machine image by, for each application installed on the target computing system, activating a virtual container that stores the application, and (6) determining how the file would affect the target computing system by sending the file to the virtual machine image and analyzing how the file impacts the virtual machine image.

Abstract: According to one embodiment, an apparatus comprises a processor and memory. Communicatively coupled to the processor, the memory comprises one or more detection modules each being software that is configurable to enable, disable or modify capabilities for that corresponding detection module. A first detection module the detection modules, when executed by the processor, conducts a first capability including an analysis of a received object to determine if the received object is associated with a malicious attack. The analysis may be altered upon receipt of a configuration file that is substantially lesser in size than the software forming the first detection module and includes information to alter one or more rules controlling the first capability.

Abstract: According to a method of generating a key of the present invention, a first device and a second device are first brought into contact with one vibrator. In this state, the vibrator generates vibration. A first acceleration sensor provided in the first device and a second acceleration sensor provided in the second device detect the vibration. Subsequently, the first device notifies the second device of a first feature value based upon the detection result of the first acceleration sensor. The second device notifies the first device of a second feature value based upon the detection result of the second acceleration sensor. Then the first device compares the notified second feature value with the first feature value and generates a key based upon the comparison result. The second device compares the notified first feature value with the second feature value and generates a key based upon the comparison result.

Abstract: Generally, this disclosure provides systems, devices, methods and computer readable media for secure user authentication with improved OTP verification. The device may include an attribute collection module configured to collect attributes associated with the device; a client trust module configured to identify a user of the device, associate a user ID with the user and transmit the user ID and the collected attributes to a trust broker system; the client trust module further configured to receive a device ID from the trust broker system, the device ID associated with a pairing of the user ID and the attributes; and a client OTP generation module configured to generate an OTP and further configured to transmit the OTP and the device ID to an authentication server.

Abstract: A platform including an always-available theft protection system is described. In one embodiment, the system comprises a power management logic to selectively power elements of the system, a disarming logic to disarm the platform from an armed mode when a disarming command is received via an interface, the interface powered when the platform is in the armed and suspecting modes to detect the disarming command. The system further comprises, in one embodiment, a risk behavior logic to detect a potential problem via a interface, the interface powered when the platform is in the armed mode to detect the potential problem, and a core logic component to provide logic to analyze the potential problem, and to move the platform to a suspecting mode, when the potential problem indicates a theft suspicion, the core logic powered when the risk behavior logic detects the potential problem.

Abstract: A technique authenticates a user. The technique involves receiving, by processing circuitry, a handwritten code. The technique further involves performing, by the processing circuitry, a set of assessment operations which includes (i) a handwriting evaluation to analyze a set of biometric handwriting aspects of the handwritten code and (ii) a code evaluation to analyze code accuracy of the handwritten code. The technique further involves providing, by the processing circuitry, an authentication result based on the set of assessment operations. Such a technique strengthens security by including a “who you are” factor (i.e., handwriting biometrics uniquely identify the genuine user).

Abstract: Device information for each of multiple devices associated with a user account is maintained by a cloud service. The device information can include credential information allowing the device to be accessed by other ones of the multiple devices, remote access information indicating how the device can be accessed by other ones of the multiple devices on other networks, and property information including settings and/or device drivers for the device. The device information for each of the multiple devices is made available to other ones of the multiple devices, and can be used by the multiple devices to access one another and provide a consistent user experience across the multiple devices.

Abstract: A security method in an electronic device is provided. The method includes pairing the electronic device with an Access Point (AP), obtaining at least one item of information about the AP, and setting a security level of the electronic device according to the at least one item of information.

Abstract: Systems and methods for secure password entry are provided. When a user wishes to log in or otherwise authenticate as an authorized user of a system using a password, the system can provide an apparently random sequence of characters to the user. The user can select all of the characters in the sequence of characters that also appear in the user's password. The system can determine whether all of the selected characters are in the password and that all of the characters in the sequence of characters that are also in the password were selected. The user can select the characters in any order and the selected characters can include less than all of the characters in the password. In this way, the system can authenticate the user without the user entering their entire password, thereby increasing both the efficiency and the security of the password entry operation.

Abstract: Methods and systems for use in in analyzing cyber-security threats for an aircraft are described herein. One example method includes generating an interconnection graph for a plurality of interconnected aircraft systems. The interconnection graph includes a plurality of nodes and a plurality of links. The method also includes defining a cost function for a cyber-security threat to traverse each link and defining a requirements function for a cyber-security threat to exploit each node. The method further includes generating a set of threat traversal graphs for each cyber-security threat of a plurality of cyber-security threats.

Abstract: Disclosed is a data processing apparatus providing a predetermined function by executing a program for the data processing apparatus, including a first storage unit that stores encoded execution starting data for starting execution of the program; a first decode key storage unit that stores a first decode key capable of decoding the encoded execution starting data; a start up unit that obtains the first decode key from the first decode key storage unit when turning on the power is accepted and decodes the encoded execution starting data by the first decode key to start executing the program; and an authentication confirmation unit that sends a request for authentication to an external apparatus after the start up unit starts executing the program and starts providing the predetermined function when obtaining an authentication result indicating the apparatus is authenticated from the external apparatus.

Abstract: A communication module of a communication terminal is configured not to output to a control module, service information provided from a second server whose server ID is not registered in a first server. The communication module is configured to receive an authentication code from the first server, and to transmit ID information and terminal identification information to the second server. When the terminal identification information received from the communication module matches the terminal identification information received from the first server, the second server is configured to reply the authentication code and the service information to the communication module. When the authentication code received from the first server matches the authentication code received from the second server, the communication module is configured to output the service information to the control module.

Abstract: According to a method of generating a key of the present invention, a first device and a second device are first brought into contact with one vibrator. In this state, the vibrator generates vibration. A first acceleration sensor provided in the first device and a second acceleration sensor provided in the second device detect the vibration. Subsequently, the first device notifies the second device of a first feature value based upon the detection result of the first acceleration sensor. The second device notifies the first device of a second feature value based upon the detection result of the second acceleration sensor. Then the first device compares the notified second feature value with the first feature value and generates a key based upon the comparison result. The second device compares the notified first feature value with the second feature value and generates a key based upon the comparison result.

Abstract: Reliable and efficient storage and reconstruction of secure data files is provided. Encrypted fragments are generated by exclusive-OR (XOR) based erasure-encoding and XOR encryption of data files. At least some of the encrypted fragments, and preferably at least two copies of such encrypted fragments, are stored at two or more locations, such as but not limited to two or more servers in two or more regional storage systems. Fragments are retrieved from one or more of the multiple locations and the original data file is reconstructed, even if different encryption techniques have been used. If not enough valid fragments from that original data file can be identified then hash values, checksums, seeds, and other techniques may be used to distinguish files and to identify related or identical files which may be used to reconstruct the data file.

Abstract: An embodiment may include a storage processor that may be comprised, at least in part, in a host. The host may include at least one host central processing unit (CPU) to execute at least one host operating system (OS). The storage processor may execute at least one operation in isolation from interference from and control by the at least one host CPU and the at least one host OS. The at least one operation may facilitate, at least in part: (1) prevention, at least in part, of unauthorized access to storage, (2) prevention, at least in part, of execution by the at least one host CPU of at least one unauthorized instruction, (3) detection, at least in part, of the at least one unauthorized instruction, and/or (4) remediation, at least in part, of at least one condition associated, at least in part, with the at least unauthorized instruction.

Abstract: Computer-readable storage medium, apparatus and method associated with management of data elements in a cloud computing environment are disclosed herein. In embodiments, one or more computer-readable storage medium may contain instructions which when executed by a computing apparatus may facilitate a user in managing the user's data elements in a cloud computing environment. In embodiments, this may be accomplished through the use of management metadata associated with the user's data elements. Other embodiments may be described and/or claimed.

Abstract: In one embodiment a controller comprises logic configured to receive a document copy, wherein the document copy comprises an identifier which uniquely identifies an electronic device and an authentication algorithm logic, generate, with the authentication algorithm logic, a security key for the document copy based on at least one input from the user, transmit the security key to a remote device, and store the document copy and a computer-readable code which uniquely associates the document with the electronic device in a memory. Other embodiments may be described.

Abstract: A method and a fingerprinting device for countering fingerprint forgery in a communication system. The fingerprinting device obtains and stores a reference fingerprint for a client device, generates and transmits decoy traffic that appears to originate from the client device, the decoy traffic having different fingerprinting properties than real traffic from the client device, generates a fingerprint for non-decoy traffic purportedly from the client device, and compares the generated fingerprint with a reference fingerprint. A forged fingerprint is detected if there is a mismatch. The decoy traffic preferably comprises frames to which no response is needed. The invention is particularly suited for 802.11 using fingerprints based on duration fields of received frames and the decoy traffic is then preferably probe request frames and null data frames.

Abstract: An infusion system to administer fluid is disclosed. The infusion system to administer fluid includes an infusion pump having a pump processor, a pump memory and a pump radio to enable bi-directional communication. The pump radio further includes a configurable attenuator and the pump memory stores a plurality of security modes that configure the attenuator to receive signals of a predetermined strength. The infusion system further includes a controller with a controller processor, a controller memory, and a controller radio to transmit and receive communication from the pump radio. The controller further having a graphical user interface shown on a display, and controls to manipulate the graphical user interface. The controller further being paired with the infusion pump based on pairing data, wherein a security check is performed when the infusion pump receives a suspect signal, the suspect signal not matching the predetermined strength associated with a selected security mode.

Abstract: A message is divided into multiple message segments, and a network interface is selected from among a plurality of different types of network interfaces included within a communication device for transmitting each message segment. Each network interface is dedicated to a different type of communication protocol using a different encryption technique, and a network interface is selected for transmitting each message segment according to a pattern of the network interfaces. Secure transmission of the multiple message segments is initiated via the network interfaces according to the pattern.