Abstract: A computer-implemented method for file classification may include (1) identifying, by a computer security system, a cluster of files that co-occur with each other according to a statistical analysis, (2) identifying ground truth files to which the computer security system has previously assigned a security score, (3) determining that a file in the cluster of files shares an item of file metadata with another file in the ground truth files, (4) assigning a security score to the file in the cluster of files based on a security score of the other file in the ground truth files that shares the item of file metadata, and (5) assigning an overall security score to the entire cluster of files based on the security score assigned to the file in the cluster. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An industrial automation gateway providing an extended web of trust is provided. The industrial automation gateway includes a cloud communication interface coupled with a cloud automation facility, a hardware memory, and a processor coupled with the cloud communication interface and the hardware memory. The cloud automation facility includes a cloud hardware memory storing a cloud root certificate from a first root certificate authority and a subordinate certificate. The hardware memory stores a gateway root certificate from a second root certificate authority and the subordinate certificate. The processor is configured to determine if the subordinate certificate has been certified by the first root certificate authority and the second root certificate authority.

Abstract: Embodiments relate to the authentication of a semiconductor. An identification circuit disposed within a package of an integrated circuit, and the identification circuit includes carbon-nanotube transistors configured to generate an encryption key.

Abstract: A processor-based system and method comprising a private tunnel connector operable to receive a network connection request, test the connection request for private network information, generate network connection information in response to the test, and respond to the network connection request with the network connection information. The testing may include accessing a DNS server for private network information, and receiving private domain information from a private domain server. The private tunnel connector is further operable to connect to a private domain server that is coupled to the private network connector through the Internet. The private domain server may include private cloud information such that users may create and access one or more private clouds using tunneling technologies. Domain servers and host machines may employ various encryption schemes to facilitate adding public Internet resources to the private cloud.

Abstract: A touchscreen unlocking method and apparatus are disclosed. The method includes receiving an unlocking instruction triggered by a user by sliding a control on a touchscreen; reading a corresponding user-defined screen locking configuration file according to the unlocking instruction; and performing an unlocking operation on the touchscreen according to the corresponding user-defined screen locking configuration file. In the present disclosure, when a user triggers unlocking, an unlocking operation is performed on a touchscreen according to a user-defined screen locking configuration file; and an unlocking control on the touchscreen can be self-defined and randomly set by the user, and different effects such as animation, sound, and vibration may be displayed in different states, thereby greatly improving unlocking convenience and fun, and meeting the requirement that the user hopes to self-define an unlocking manner according to the preference of the user.

Abstract: Embodiments relate to the authentication of a semiconductor. An identification circuit disposed within a package of an integrated circuit, and the identification circuit includes carbon-nanotube transistors configured to generate an encryption key.

Abstract: A method and an apparatus for improving network security are provided. The method includes obtaining, by a control node, alarm information, where the alarm information includes address information of an attack source that attacks a subnet of at least two subnets and identification information of the attacked subnet of the at least two subnets, using, by the control node, the alarm information to sort the attack sources in descending order of threat levels, and using a sorting result as a blacklist, and sending, by the control node, the obtained blacklist to at least one subnet that is not attacked yet in the network system. The method and apparatus are applicable to collaborative defense among multiple subnets.

Abstract: A system for providing access to the internet, comprises a network of routers (R) hereinafter designated “new routers”) wherein each new router (R) has a CPU (112) that has, or is associated with, a public area (142) that allows simultaneous access to the new router's CPU by more than one user account. The system is so arranged that a pre-registered user with a user account identified by an identifier, typically a user name and/or password, can access the internet from any new router (R) in the network by connecting to the public area (142) of the new router's CPU (112) and entering the account identifier of the pre-registered user account.

Abstract: A processor-based system and method comprising a private tunnel connector operable to receive a network connection request, test the connection request for private network information, generate network connection information in response to the test, and respond to the network connection request with the network connection information. The testing may include accessing a DNS server for private network information, and receiving private domain information from a private domain server. The private tunnel connector is further operable to connect to a private domain server that is coupled to the private network connector through the Internet. The private domain server may include private cloud information such that users may create and access one or more private clouds using tunneling technologies. Domain servers and host machines may employ various encryption schemes to facilitate adding public Internet resources to the private cloud.

Abstract: Packet telephony devices with encryption keys are configured to enable authentication systems and methods for increasing the security of online account access and transactions. The instant disclosure leverages the security in customer equipment hardware such as a terminal adaptor (TA) or router to authenticate a web transaction. A packet telephony device has an encoded encryption key. The encryption key may be used with a display, a user actuable trigger or in a secure connection with a web-enabled device to authenticate a user or a website.

Abstract: The present invention relates to a method to build a non-alterable structure and to such a non-alterable structure including data relative to a set of cryptographic material generated randomly or derived from a secret key linked to a business use, the non-alterable structure being intended to be transferred from a first entity to a second entity, the entities sharing at least an encryption/decryption key and a signature key, the structure comprising at least business data relative to the intended use of cryptographic material, an encrypted protection key encrypted with the encryption key, an encrypted set of cryptographic material encrypted with the protection key, a signature of the set of cryptographic material, the protection key and the data relative to the intended use of cryptographic material signed with the signature key.

Abstract: A method/system for removing redundancy in packets is disclosed. In one embodiment, for each of the sets of one or more consecutive bytes within the packet, the method divides the one or more consecutive bytes into a plurality of non-overlapping, consecutive segments; generates a segment feature for each of the plurality of non-overlapping, consecutive segments through application of a plurality of cryptographic hash functions with different random seeds; generates a single duplication feature based on a combination of the segment features for the plurality of non-overlapping, consecutive segments; and generates a single compressed string when a predetermined condition is met, based on a comparison of the single duplication feature and a set of stored duplication features. The method continues with sending the resulting strings in place of the packet toward the packet's destination.

Abstract: A method for more efficiently scanning files for viruses includes determining a vulnerability date associated with a virus, wherein the vulnerability date is related to a release date of the virus. In certain embodiments, the vulnerability date is a user-tunable amount of time before or after the release date. The method further determines, on a storage system, which files that have been updated since the vulnerability date. These files are scanned for the virus in a first batch. The method further determines which files have not been updated since the vulnerability date. These files are scanned for the virus in a second batch. Because files in the first batch have been updated since the vulnerability date, scanning the first batch may be given priority over scanning the second batch. A corresponding system and computer program product are also disclosed.

Abstract: A method for modular software protection includes steps for receiving, at a server, a license key registered for a software executable installed on a client device and machine fingerprint data generated at the client device, accessing, using the server, stored usage rights data indicated by the license key, the usage rights data specifying a number of client devices on which the software executable is licensed to operate and which features of the software executable are enabled, determining, using the machine fingerprint data received by the server, whether operation of the software executable on the client device would cause the number of client devices on which the software executable is licensed to operate to be exceeded, and creating, in response to the determining step, an encrypted license file for transmission to the client device that defines separate features of the software executable to be enabled on the client device.

Abstract: In a method (300) for applying differential policies on at least one digital document (120a-120n) having a plurality of atomic units (122a-122n) among a plurality of workflow participants (110a-110n), in which the atomic units are assigned with at least one of a plurality of the differential policies, the at least one digital document is tessellated (304) to identify the atomic units and the at least one of the differential policies assigned to the atomic units. In addition, the atomic units are aggregated (306) according to the at least one of the differential policies assigned to the atomic units and respective sets of keys are associated (308) to the aggregated atomic units, in which common sets of keys are associated with the aggregated atomic units assigned with the same policies.

Abstract: A context-aware adaptive authentication method may comprise: determining a context for a user; adjusting automatically an authentication configuration for the user based at least in part on the context, wherein different matching accuracies of an authentication algorithm for the same authentication input data are associated with respective authentication configurations; and performing an authentication of the user with the authentication configuration, wherein for the user under a safe context, the authentication is performed by decreasing a matching accuracy of the authentication algorithm.

Abstract: The described embodiments include a message server that is configured to send, to multiple receiving electronic devices, corresponding messages that each include a payload acquired from a single request message received from a client electronic device. In these embodiments, the request message received from the client electronic device includes a push token for each of the receiving electronic devices and the payload. Upon receiving the request message, the message server generates, for a receiving electronic device associated with each push token, a message that includes the payload. The message server then sends each message to the corresponding receiving electronic device. In this way, the message server “fans out,” to the multiple receiving electronic devices, corresponding messages that each include the payload from the single request message.

Abstract: A method and a device are provided in the field of network technology. In the method, a first server receives an operation request including a second server identifier and second account information. According to the second server identifier and the second account information, the first server determines whether associated account information is available in a predetermined three-party associating relationship. Upon determining that the associated account information is available, the first server obtains the associated account information for use as first account information. Based on the first account information, the first server responds to the operation request. During the process of providing services for a terminal by the second server, the first server obtains the first account information according to the second server identifier, the second account information, and the predetermined three-party associating relationship.

Abstract: A client device captures biometric data from a user and stores the biometric data to identify the user. To simplify access to content from a content source, the user identifies the content source to the client device, which identifies authentication information associated with the user by the content source. For example, the user specifies a username and password associated with the content source to the client device. The authentication information is stored in the client device using the user's biometric data. For example, the client device stores the authentication information so it is not accessible unless the client device receives the user's biometric data. When the user subsequently requests access to the content source, the user provides biometric data to the client device, which retrieves and communicates the authentication information to the content source.

Abstract: To provide for a physical security mechanism that forms a complete envelope of protection around the cryptographic module to detect and respond to an unauthorized attempt at physical access, a tamper sensing encapsulant generally encapsulates the cryptographic module. The tamper sensing encapsulant includes a first shape actuation layer associated with an electrically conductive first trace element and a second shape actuation layer associated with an electrically conductive second trace element. The first shape actuation layer is positioned against the second shape actuation layer such that the first trace element and the second trace element do not physically touch at an operating temperature of the cryptographic module and do physically touch when the first shape actuation layer and the second shape actuation layer are thermally loaded. Upon first trace element and the second trace element touching, a circuit is formed that disables the cryptographic module.