Abstract: A computer data security system, useful in protecting audit logs, includes symmetric key based techniques, requires only a small-constant number of cryptographic hash operations at the signer side sending a prospective audit log or other computer record data to a primary repository to achieve forward-secure and append-only authentication. The verification is performed by independent parties sharing parts of the symmetric key, wherein the presence of single honest party among all verifier parties ensures a conditional non-repudiation. It also ensures that an active adversary cannot generate authentication tags on behalf of the signer, unless it compromises all verification parties.

Abstract: When a security authentication request sent by a terminal is received, an identity authentication solution includes acquiring network environment information and user behavior data according to the security authentication request, then determining, according to the network environment information and the user behavior data, whether a current operation is a machine attack, and acquiring a CAPTCHA of a predetermined type according to a predetermined policy and delivering the CAPTCHA to the terminal if the current operation is a machine attack, to perform identity authentication, or determining that security authentication succeeds if the current operation is not a machine attack.

Abstract: A Timed Attestation Process (TAP) utilizes a CPU bus cycle counter/timer to accurately measure the time needed to calculate a specific function value for an attestation query in an embedded system. The attestation query takes into account embedded software and the hardware data path. An attestation value database stores the unique timing and function data associated with each hardware design element in the embedded device, which each have unique timing characteristics. By utilizing the CPU bus cycle counter/timer of the client device, the TAP increases the time accuracy to the smallest tolerance possible relative to a particular CPU (typically +/?one instruction cycle). The integrity of the embedded software contained in the permanent storage elements and the hardware timing to access each component is verifiable against the unique timing characteristics stored in the database. With this timing characteristic, each hardware element is linked to a specific software configuration.

Abstract: A method includes, with a computing system, exiting a context of a virtual machine, the exiting in response to a request from a guest operating system of the virtual machine to switch from a first encryption key identifier for the virtual machine to a second encryption key identifier for the virtual machine. The method further includes, with the computing system, loading the second encryption key identifier into a virtual machine control module of a virtual processor of the virtual machine and after loading the second encryption key identifier, entering the context of the virtual machine.

Abstract: The present disclosure relates generally to threat detection, and more particularly, to techniques for analyzing security events using dynamic policies and displaying a consolidated view of active threats and user activity including the dynamic policies being triggered by the active threats and user activity. Some aspects are directed to the concept of a policy bus for injecting and communicating the dynamic policies to multiple enforcement entities and the ability of the entities to respond to the policies dynamically. Other aspects are directed providing a consolidated view of active threat categories, a count of policies being triggered for each threat category, and associated trends. Yet other aspects are directed to providing a consolidated view of users, applications being accessed by users, and the access policies, if any, implicated by the such accesses.

Abstract: The present invention relates to a portable electronic device and corresponding method allowing control of a remotely positioned electronic arrangement, allowing for improved user convenience and security improvements when combining gesture identification with fingerprint authentication.

Abstract: A secure element (SE) with a notion of time useful for checking secure items is disclosed herein. Use of Public Key Infrastructure (PKI) with secure elements is improved by verifying secure items used by an SE. Methods of obtaining time information by the SE include push, pull, opportunistic, and local interface methods. The SE uses the time information to evaluate arriving and stored public key certificates and to discard those which fail the evaluation. The SE, in some embodiments, uses the time information in cooperation with certificate revocation lists (CRLs) and/or online certificate status protocol (OCSP) stapling procedures.

Abstract: A method for distributing encrypted cryptographic data includes receiving, by a key service, from a first client device, a request for a first public key. The method includes transmitting, by the key service, to the first client device, the first public key. The method includes receiving, by the key service, from an access control management system, an encryption key encrypted with the first public key and a request from a second client device for access to the encryption key. The method includes decrypting, by the key service, the encrypted encryption key, with a private key corresponding to the first public key. The method includes encrypting, by the key service, the decrypted encryption key, with a second public key received from the second computing device. The method includes transmitting, by the key service, to the second client device, the encryption key encrypted with the second public key.

Abstract: Client devices detect malware based on a ruleset received from a security server. To evaluate a current ruleset, an administrative client device initiates a ruleset evaluation of the malware detection ruleset. A security server partitions stored malware samples into a group of evaluation lists based on an evaluation policy. The security server then creates scanning nodes on an evaluation server according to the evaluation policy. The scanning nodes scan the malware samples of the evaluation lists using the rulesets and associate each malware sample with a rule of the ruleset based on the detections, if any. The security server analyzes the associations and optimizes the ruleset and stored malware samples. The security server sends the optimized ruleset to client devices such that they more efficiently detect malware samples.

Abstract: Described herein are various technologies pertaining to providing information to a user regarding behavior of a potentially unwanted application. In response to this information, the user can determine action(s) to take regarding the potentially unwanted application. Further, optionally, based upon action(s) taken by the user, an adaptive component can modify information collected by a collector component.

Abstract: Detecting illegitimate typosquatting with Internet Protocol (IP) information includes, at a computing device having connectivity to a network, obtaining a list of domains and filtering the list to generate a list of monitored domain strings. IP information is passively determined for domains associated with each of the monitored domain strings. A domain requested in network traffic for the network is identified as a candidate typosquatting domain and the candidate typosquatting domain is determined to be an illegitimate typosquatting domain based at least on the IP information. An action is initiated related to the illegitimate typosquatting domain.

Abstract: Systems and methods are discussed herein for reusing hardware for encryption and authentication, where the hardware has a fixed input bandwidth, and where the hardware has the same bandwidth for a different input bandwidth. In order to accomplish this mechanism, systems and methods are provided herein for processing invalid data that appears within streams of valid data. Systems and methods are also provided herein for authentication mechanisms that require more than one data cycle to complete.

Abstract: Systems and methods are provided for generating and managing dynamic customized electronic tokens for electronic device interactions. A system for transferring data between a user device associated with a user and a remote device may include a memory storing instructions and a processor configured to execute the stored instructions. The stored instructions may configure the processor to receive, via a network, transaction information from the remote device, access information associated with an electronic token, and provide the electronic token to the remote device. The electronic token may be associated with at least one of the user or the user device, and a token server may generate the electronic token based on the received transaction information, and determine one or more expiration parameters for the electronic token.

Abstract: A hearing instrument includes: a radio for reception of a broadcasted signal having a message, at least a part of the message has been encrypted with a first key, wherein the first key has been encrypted with a second key; an authenticator configured for authentication of the message by decrypting the first key with a third key, and decrypting the at least a part of the message with the first key; and a processing unit for converting the message into an acoustic signal for transmission towards an eardrum of a user of the hearing instrument.

Abstract: A method for controlling access to a user's personal information includes obtaining, from an application executing on a device of a user of the application, personal information about the user of an application; determining a required permission from the user for at least one proposed use of the personal information; presenting, to the user, a first offer to provide access to at least one enhanced function of the application in exchange for the required permission; and responsive to the user providing the required permission, providing the user with access to the at least one enhanced function of the application.

Abstract: In an example embodiment, an attribute interference model is trained by a machine learning algorithm to output missing attribute values from a member profile of a social networking service. In an attribute inference phase, an identification of a member of a social networking service is obtained. A member profile corresponding to the member of the social networking service is retrieved using the identification. The member profile is then passed to the attribute inference model to generate one or more missing attribute values for the member profile. A collection flow, defined in a user interface of a computing device, is modified based on the generated one or more missing attribute values, the collection flow defining a sequence of screens for collecting confidential data. The modified collection flow is then presented to the member in the user interface to collect confidential data from the member.

Abstract: An integrated circuit may implement a masked substitution box that includes a counter that generates counter values. An input mask component may generate unmasked input values based on a combination of respective counter values and an input mask value. Furthermore, a substitution function component may receive the unmasked input values and may generate output values based on respective unmasked input values and a substitution function. An output mask component may generate masked output values based on a combination of respective output values and an output mask value. The masked output values may be stored at memory elements.

Abstract: A method is implemented by a network device communicatively coupled to a datacenter to detect a presence of unauthorized software and hardware in the datacenter. The method includes initiating deployment of a virtual agent on a node in the datacenter, where the virtual agent is to perform a security scan of the node and store results of the security scan in a memory allocated to the virtual agent at the node, and where the results of the security scan are to be encrypted using a data encryption key. The method further includes initiating migration of the virtual agent to a preconfigured location, where the results of the security scan are to be extracted from the virtual agent and decrypted at the preconfigured location.

Abstract: Systems, methods, and non-transitory computer-readable storage media for a non-replayable communication system are disclosed. A first device associated with a first user may have a public identity key and a corresponding private identity. The first device may register the first user with an authenticator by posting the public identity key to the authenticator. The first device may perform a key exchange with a second device associated with a second user, whereby the public identity key and a public session key are transmitted to the second device. During a communication session, the second device may transmit to the first device messages encrypted with the public identity key and/or the public session key. The first device can decrypt the messages with the private identity key and the private session key. The session keys may expire during or upon completion of the communication session.

Abstract: To establish a sign on session among single sign on (SSO)-enabled applications, a user can be prompted by an application for an access code. An access interval key can be generated using a key derivative function based on the access code. The access interval key can be considered a session key, and it can be used during a valid SSO session to decrypt a master key stored in a shared memory. In turn, the master key can be used to encrypt and decrypt the contents of the shared memory. To securely distribute the access interval key among the SSO-enabled applications during a current session, individual SSO-enabled applications can each store a public key in the shared memory. The access interval key can then be encrypted, respectively, by the public keys of the SSO-enabled applications and stored in the shared memory to be retrieved securely by the SSO-enabled applications.