Abstract: Users desire a system that provides for the setting of custom, content-agnostic, permissions at a message, document, and/or sub-document-level through a communications network. Such a system may also allow the user to apply customized privacy settings and encryption keys differently to particular parts of a document. Customized encryption keys may be applied to particular parties (or groups of parties) to enhance the security of the permissions settings. In the case of structured document file types, dynamically-rendered content can present a challenge to accurately display to viewers, because one or more of the document's values referred to by the dynamically-rendered content may be encrypted or otherwise unavailable to the recipient—even though the dynamically-rendered content itself is viewable by the recipient.

Abstract: A method includes transmitting, by a user device, an encrypted user profile to a locking device, the encrypted user profile including a user key and encrypted by a server using a lock key; decrypting, by the locking device, the encrypted user profile using the lock key to generate a decrypted user profile and obtain the user key from the decrypted user profile; generating, by the user device, an encrypted firmware update command, the encrypted firmware update command encrypted using the user key of the user profile; transmitting, by the user device, the encrypted firmware update command to the locking device; decrypting, by the locking device, the encrypted firmware update command using the user key to generate a decrypted firmware update command; and installing, by the locking device, a firmware update in accordance with the decrypted firmware update command in response to successfully decrypting the encrypted firmware update command.

Abstract: In one embodiment, an apparatus comprises a multiplier circuit to: identify a plurality of partial products associated with a multiply operation; partition the plurality of partial products into a first set of partial products, a second set of partial products, and a third set of partial products; determine whether the multiply operation is associated with a square operation; upon a determination that the multiply operation is associated with the square operation, compute a result based on the first set of partial products and the third set of partial products; and upon a determination that the multiply operation is not associated with the square operation, compute the result based on the first set of partial products, the second set of partial products, and the third set of partial products.

Abstract: A system and method for providing secure authorization to an electronic device by combining two or more security features of authentication processed at substantially the same time where at least one of the factors is a “tolerant” factor. By combining two or more factors such as a biometric factor and a second factor defined by user input, these are analyzed at substantially the same time where the tolerance factors can be reduced to allow access to the electronic device and/or an application running on the device without compromising security of the authentication.

Abstract: In one respect, there is provided a system a data processor and a memory. The system can be configured to receive, from a first user associated with a first tenant, a request to access a resource associated with a second tenant. The first tenant and the second tenant can be tenants of a multi-tenant cloud-computing platform. The resource can be accessible via the multi-tenant cloud-computing platform. The first user can be authorized to access the resource associated with the second tenant based on a sharing relationship that allows the first user to access the resource. In response to determining that the first user is authorized to access the resource associated with the second tenant, access to the resource can be provided to the first user. Related methods and articles of manufacture, including computer program products, are also provided.

Abstract: A system and method for controlling manufacturing of one or more items may include providing a first 3D design representation, the first 3D design representation usable by a manufacturing device for manufacturing the item; encrypting the first 3D design representation to produce an encrypted 3D design representation; associating a set of tokens with the encrypted 3D design representation and providing the encrypted 3D design representation. A method or system may include obtaining a token and including the token in a request to manufacture the item; using the token to determine whether or not to provide a decryption key; and, if determining to provide the decryption key, using the decryption key to produce a second 3D design representation, the second 3D design representation usable by a manufacturing device for manufacturing the item.

Abstract: For each respective virtual machine (VM) of a plurality of VMs, a distributed computing system generates a unique Application Binary Interface (ABI) for an operating system for the respective VM, compiles a software application to use the unique ABI, and installs the operating system and the compiled software application on the respective VM. A dispatcher node dispatches, to one or more VMs of the plurality of VMs that provide a service and are in the active mode, request messages for the service. Furthermore, a first host device may determine, in response to software in the first VM invoking a system call in a manner inconsistent with the unique ABI for the operating system of the first VM, that a failover event has occurred. Responsive to the failover event, the distributed computing system fails over from the first VM to a second VM.

Abstract: An analysis system that is able to obtain correct encryption key is provided. The analysis system includes a processing circuitry configured to function as a cryptanalysis processing unit. The cryptanalysis processing unit includes: a key candidate extraction unit that is configured to extract, from second data, one or more candidates of key data that include an encryption key that enables to decrypt first data encrypted by a specific encryption scheme, based on data indicating a feature of the key data; and a decryption unit that is configured to extract, from the extracted candidates of key data, correct key data that enables to correctly decrypt the encrypted first data, based on a result of decrypting the first data by use of the extracted candidates of key data.

Abstract: Representative embodiments described herein set forth techniques for optimizing large-scale deliveries of electronic Subscriber Identity Modules (eSIMs) to mobile devices. Specifically, instead of generating and assigning eSIMs when mobile devices are being activated—which can require significant processing overhead—eSIMs are pre-generated with a basic set of information, and are later-assigned to the mobile devices when they are activated. This can provide considerable benefits over conventional approaches that involve generating and assigning eSIMs during mobile device activation, especially when new mobile devices (e.g., smartphones, tablets, etc.) are being launched and a large number of eSIM assignment requests are to be fulfilled in an efficient manner.

Abstract: In some embodiments, an encryption system secures data using a homomorphic encryption. The encryption system encrypts a number by encrypting a number identifier of the number and combining the number and the encrypted number identifier using a mathematical operation to generate an encrypted number. The encrypted numbers may be stored at a server system along with their number identifiers. The server system can then generate an aggregation (e.g., sum) of the encrypted numbers and provide the aggregation, the encrypted numbers, and the number identifiers. The encryption system can then separate the aggregation of the numbers from the aggregation of the encrypted numbers using an inverse of the mathematical operation used in the encryption to effect removal of an aggregation of the encrypted number identifiers of the numbers from the aggregation of the encrypted numbers. The separated aggregation of the numbers is an aggregation of the plurality of the numbers.

Abstract: The disclosed computer-implemented method for detecting malware using static analysis may include (i) identifying an executable file to subject to analysis for malware, (ii) retrieving an association between a known malicious behavior and an exploitable method being invoked, wherein the association specifies that a contextual method precedes the exploitable method in an invocation path and that the exploitable method is invoked with a set of predetermined parameters, (iii) detecting, within the executable file, an invocation of the exploitable method, (iv) determining that the invocation of the exploitable method within the executable file occurs in a detected invocation path in which the contextual method precedes the exploitable method and that the invocation of the exploitable method includes a set of invoking parameters that matches the set of predetermined parameters, and (v) classifying the executable file as containing malware.

Abstract: Methods, systems, and computer program products for providing anonymized account security services are disclosed. For example, a computer-implemented method may include an anonymous account security exchange for receiving anonymized user account information for a first user account identified as a security risk from a first organization associated with the first user account, receiving anonymized user account information for a second user account from a second organization associated with the second user account, determining that the anonymized account identifier associated with the first user account matches the anonymized account identifier associated with the second user account, and providing a notification to the second organization indicating that the second user account is associated with a different user account identified as a security risk by another organization.

Abstract: A method for emergency data destruction includes: identifying, by a data identification module, one or more data files for emergency destruction stored in one or more data storage devices; identifying, by the data identification module, at least one file system utilized by the one or more data storage devices; overwriting, by a data generation module, a header of each of the one or more data files, wherein the header of each of the one or more data files is identified based on the at least one file system; truncating, by a data modification module, a file size of each of the one or more data files; and deleting, by a data destruction module, each of the one or more data files, wherein the overwriting and truncating steps are performed prior to deletion of each of the one or more data files.

Abstract: Described is a system for the implementation of biometric scanning in a user-privacy preserving fashion with respect to identification, authentication, and online credential systems. At enrollment, the user enrolls or initially registers at a physical location, where the user is provided a Fuzzy Extractor (FE) encrypted output (Enc(R)). The user is then registered with an online server, which creates an ID-Wallet for the user and stores the ID-Waller. During operation, the user sends an authentication request to the online server, which provides a corresponding authentication response. The user or user's client then extracts secret (R) for user authentication. The user can then be authenticated with the online server to retrieve credentials from the ID-Wallet, which can be used for a variety of online services.

Abstract: An adaptive standalone secure software that is going to be distributed/sold to users potentially all over the world. By placing in a secure server some of the features of the secure software, the security of such software is increased. The software will adapt to the current user and conditions of usage by moving the appropriate software features to and from the secure server. A public key cryptography (or asymmetric key) algorithm technique is used for the communication between the protected software and the secure server. This patent also includes an analysis of intruders and describes possible responses to detected threats including covert actions. This patent is Cyber-Ecologically aware.

Abstract: An information discriminating device includes an information acquiring unit, an information discriminating unit, and an information superimposing unit. The information acquiring unit acquires private information to be privately used by a user of the information discriminating device. The information discriminating unit discriminates a public information portion that is also usable as public information accessible by a special majority in the private information acquired by the information acquiring unit from a private information portion unusable as the public information. The information superimposing unit superimposes the private information portion on the public information.

Abstract: The embodiments herein provide a secure computing resource set identification, evaluation, and management arrangement, employing in various embodiments some or all of the following highly reliable identity related means to establish, register, publish and securely employ user computing arrangement resources in satisfaction of user set target contextual purposes.

Abstract: Systems and methods are provided for supporting sharing the same table for protected and non-protected data columns. Different data object can be defined on the same database table. A discriminate flag can be defined to identify the data object to which a particular row belongs. The discriminate flag can be built into the data object so that rows belong to the data object are picked up during a query. Data protection can then be configured at the data object level so that rows that belong to the data object are subject to protection such as encryption or tokenization.

Abstract: A computing device computes a risk score for a user using a device based on a peer group identifier. Network activity measures characterize use of the device by the user. For each unique peer group identifier included in netflow records, a mean value is computed of each network activity measure. For each unique IP address and user identifier combination included in the netflow records, the mean value of each network activity measure is selected for a peer group identifier of the user; a risk score is computed by comparing each network activity measure for the unique IP address and user identifier combination to the selected mean value for the respective network activity measure; and when the risk score exceeds a predefined alert threshold, a high risk alert indicator is set indicating that the device is being used in an anomalous manner relative to other devices monitored by the computing device.

Abstract: Apparatus and methods for balancing public and personal security needs in a computing device (1). In an apparatus embodiment, the device (1) has two partitions: a first partition (310) in which only applications (312) authorized by a protected application approval entity can execute; and a second partition (205, 210) in which applications that execute are accessible by an authorized external access entity (500). Coupled to the partitions (310, 205, 210) are protection modules (215, 250, 290) configured to protect data used by applications (312) authorized to execute in the first partition (310), and to prevent even authorized external access entities (500) from accessing protected data used by applications (312) authorized to execute in the first partition (310).