Abstract: Suspicious connection requests can be detected by analyzing connection parameters at multiple levels of a network framework. For Internet-based requests, unexpected combinations and/or ordering of Layer 6 (TLS) and Layer 7 (HTTP) parameters, for example, can be indicative of suspicious activity with respect to the connection. The connection parameters for a request can be compared against a set of determined signatures and/or analyzed using a trained probability model to determine a probability that the connection is improper. A probability value can be calculated and compared against at least one probability threshold to determine whether the connection is suspicious enough to cause a specified action to occur. The signatures can be updated through an offline or dynamic online process, and the thresholds can vary among the various embodiments.

Abstract: A method, system and computer program product for privacy control. A unique identifier for each data element of a group of data elements (e.g., driver's license contains a group of data elements, such as name, driver's license number) is created. These identifiers may be stored along with documentation (e.g., label) of the associated data elements in a manifest file. Alternatively, the identifiers may be stored in a file outside of the manifest file. In this manner, by utilizing a data element identifier which corresponds to a random number, security of privacy information is improved as one would only be able to obtain such sensitive information by obtaining such an identifier. Furthermore, the user only needs to send the requested data elements, as opposed to all the data elements of the group of data elements, to the challenger. In this manner, the user is preserving the security of other privacy information.

Abstract: There is provided a terminal device including a mobile communication unit configured to perform mobile communication of a mobile communication network, an acquisition unit configured to acquire state information indicating a state of each of one or more wireless networks for wireless communication that is different from the mobile communication, a selection unit configured to select one wireless network among the one or more wireless networks based on the state information, and a providing unit configured to provide information regarding the one selected wireless network to another terminal device that performs the wireless communication.

Abstract: Apparatus and methods are provided for enabling a plurality of applications running on a user device or in communication therewith to share data. In one exemplary embodiment, a single user device is configured to run a plurality of heath-monitoring applications which collect data from a respective plurality of health-monitoring devices and/or via user entry. According to the present disclosure, once the applications are linked, the user accesses, views, and analyzes the plurality of health-related data from the plurality of applications at a single application. Moreover, once the applications are linked, the user may sign-in to one application and be automatically signed into the other applications. In this manner, the user's activity and updated information entered, sensed, or otherwise collected into or by one application may be accessible at the other applications for analysis and display therein as well.

Abstract: In an example embodiment, an attribute interference model is trained by a machine learning algorithm to output missing attribute values from a member profile of a social networking service. In an attribute inference phase, an identification of a member of a social networking service is obtained. A member profile corresponding to the member of the social networking service is retrieved using the identification. The member profile is then passed to the attribute inference model to generate one or more missing attribute values for the member profile. A collection flow, defined in a user interface of a computing device, is modified based on the generated one or more missing attribute values, the collection flow defining a sequence of screens for collecting confidential data. The modified collection flow is then presented to the member in the user interface to collect confidential data from the member.

Abstract: Instructions and logic provide for a Single Instruction Multiple Data (SIMD) SM4 round slice operation. Embodiments of an instruction specify a first and a second source data operand set, and substitution function indicators, e.g. in an immediate operand. Embodiments of a processor may include encryption units, responsive to the first instruction, to: perform a slice of SM4-round exchanges on a portion of the first source data operand set with a corresponding keys from the second source data operand set in response to a substitution function indicator that indicates a first substitution function, perform a slice of SM4 key generations using another portion of the first source data operand set with corresponding constants from the second source data operand set in response to a substitution function indicator that indicates a second substitution function, and store a set of result elements of the first instruction in a SIMD destination register.

Abstract: Systems and methods are provided for generating and managing dynamic customized electronic tokens for electronic device interactions. A system for transferring data between a user device associated with a user and a remote device may include a memory storing instructions and a processor configured to execute the stored instructions. The stored instructions may configure the processor to receive, via a network, transaction information from the remote device, access information associated with an electronic token, and provide the electronic token to the remote device. The electronic token may be associated with at least one of the user or the user device, and a token server may generate the electronic token based on the received transaction information, and determine one or more expiration parameters for the electronic token.

Abstract: Systems, methods, and apparatus, including computer programs encoded on computer storage media, for obtaining, processing, and presenting data related to security events, and for implementing courses of action to protect assets in response to the security events. An event management module identifies malicious activity present on a first network domain and/or a second network domain based on received network domain activity. A threat intelligence module receives data identifying the malicious activity in first data constructs of a predefined data structure. The threat intelligence module obtains additional data related to the identified malicious activity and generates second data constructs that include enriched data regarding the malicious activity. The enriched data includes data describing a campaign in which at least a portion of the malicious activity is involved and one or more courses of action. A course of action module receives the second data constructs and implements a given course of action.

Abstract: A method for ensuring secure access by a debugger to a privileged debug service for trouble shooting a product of a customer during a debug session is disclosed. Secure access is provided via an intermediate SID server. The method includes invoking a secure login process for accessing the privileged debug service, resulting in generation of a challenge string to be provided to the SID server upon determining that the customer has authenticated and has the rights for granting access to the privileged debug service. The method also includes receiving from the debugger a response string indicating that the debugger has successfully authenticated with the SID server, validating the response string, and providing the debugger with access to the privileged debug service by receiving input from the debugger indicating one or more commands/actions to be executed on the privileged debug service and executing the indicated commands/actions on the privileged debug service.

Abstract: A signature authority generates a master seed value that is used to generate a seed tree of subordinate nodes. Each subordinate node of the seed tree is generated from the value of its parent node using a cryptographic hash or one-way function. The signature authority selects subordinate seed values from the seed tree which are distributed to one or more subordinates, each of which generates a set of one-time-use cryptographic keys from the provided seed. Each subordinate generates a hash tree from its set of one-time-use cryptographic keys, and returns the root of its hash tree to the signature authority. The signature authority integrates the hashes provided by the key generators into a comprehensive hash tree, and the root of the hash tree acts as a public key for the signature authority.

Abstract: A novel security framework that is part of an operating system of a device is provided. The framework includes a security assessor that performs security policy assessments for different operations that need to be performed with respect to an application executing on the device. Examples of such operations include the installation of the application, execution of the application, and the opening of content files (e.g., opening of documents) by the application.

Abstract: A computing platform may receive, from a web server, entity identification information in different formats, and normalize the entity identification information. After normalizing the information, the computing platform may receive a plurality of interaction records each associated with an interaction between a system and a client of the system. The computing platform may compare the normalized entity identification information with the interaction records of the interactions between the system and the clients of the system. After determining that the entity identification information matches client information for one of the interaction records, the computing platform may send an alert to a control server. The alert may cause the control server to take one or more actions with respect to the client. For example, future attempts by the client to access one or more services offered by the system may be blocked for access by the client.

Abstract: An apparatus has a processor and a memory connected to the processor. The memory stores instructions executed by the processor to store a semi-structured document database including a collection of documents having semi-structured data formats. Data redaction rules are defined. Each data redaction rule includes a redaction type and a path expression to a redaction location within a semi-structured data format of a document within the collection of documents. The data redaction rules are applied to form redacted documents. The redacted documents are supplied.

Abstract: Systems and methods are provided for generating and managing dynamic customized electronic tokens for electronic device interactions. A system for transferring data between a user device associated with a user and a remote device may include a memory storing instructions and a processor configured to execute the stored instructions. The stored instructions may configure the processor to receive, via a network, transaction information from the remote device, access information associated with an electronic token, and provide the electronic token to the remote device. The electronic token may be associated with at least one of the user or the user device, and a token server may generate the electronic token based on the received transaction information, and determine one or more expiration parameters for the electronic token.

Abstract: An apparatus has a processor and a memory connected to the processor. The memory stores instructions executed by the processor to store a semi-structured document database including a collection of documents having semi-structured data formats. Data redaction rules are defined. Each data redaction rule includes a redaction type and a path expression to a redaction location within a semi-structured data format of a document within the collection of documents. At least one data redaction rule includes a configurable range of redaction values and a configurable format for the redaction values. The data redaction rules are applied to form redacted documents. The redacted documents are supplied.

Abstract: A method, system and computer program product for privacy control. A unique identifier for each data element of a group of data elements (e.g., driver's license contains a group of data elements, such as name, driver's license number) is created. These identifiers may be stored along with documentation (e.g., label) of the associated data elements in a manifest file. Alternatively, the identifiers may be stored in a file outside of the manifest file. In this manner, by utilizing a data element identifier which corresponds to a random number, security of privacy information is improved as one would only be able to obtain such sensitive information by obtaining such an identifier. Furthermore, the user only needs to send the requested data elements, as opposed to all the data elements of the group of data elements, to the challenger. In this manner, the user is preserving the security of other privacy information.

Abstract: A method of operating a hub which authenticates a plurality of IoT devices between a server and the IoT devices in place of the server includes authenticating a first IoT device using one of a plurality of predetermined pairing authentication techniques upon receiving a pairing request from the first IoT device, sending a request for an access right of the first IoT device to the server based on pairing information of the first IoT device and transmitting data of the first IoT device to the server upon receiving approval of the access of right of the first IoT device.

Abstract: An apparatus and method for securing sensitive data on a mobile device are provided. The method includes receiving an encryption or decryption request for the sensitive data on the mobile device, forwarding a file access request for the sensitive data to a secure environment, instantiating a trusted user interface (TUI), collecting user input via the TUI, generating a key using the collected user input, and encrypting or decrypting the sensitive data on the mobile device.

Abstract: A method for controlling access to a user's personal information includes obtaining, from an application executing on a device of a user of the application, personal information about the user of an application; determining a required permission from the user for at least one proposed use of the personal information; presenting, to the user, a first offer to provide access to at least one enhanced function of the application in exchange for the required permission; and responsive to the user providing the required permission, providing the user with access to the at least one enhanced function of the application.

Abstract: In authentication in global attestation, a server receives a request for access to a location based service. The server establishes a connection with a first device and with a second device, wherein the devices are connected by a location bounded network. The server sends a key order information to the first device and a first plurality of keys to the second device. The server receives a second plurality of keys from the first device, wherein the second plurality of keys is an ordered set of keys compiled using the key order information and the first plurality of keys. The server determines that the second plurality of keys received from the first device matches an expected plurality of keys. The server outputs, to the location based service, a notification indicating a result of the determining that the second plurality of keys matches the expected plurality of keys.