Abstract: A system for controlling access to cloud applications includes a cloud security server that receives network traffic stream from cloud application clients of a private computer network. The cloud security server examines the network traffic stream to identify a cloud application that is associated with the network traffic stream and directs the network traffic stream to one of several application handlers that is configured to process network traffic stream for the cloud application. The application handler enforces on the network traffic stream an application policy that is applicable to the cloud application.

Abstract: A system (100) for detecting and preventing cyber-threats is disclosed. The system (100) can include an online-analytical-processing (OLAP) resource (102) coupled to a data mining engine (104), a reporting resource (106) and a processor (108). The processor (108) can run instructions stored within an extract-transform-load (ETL) module (112). The ETL module (112) can enable the processor (108) to extract one or more data tuples various data sources (110). The ETL module (112) can enable the processor to transform the extracted tuple(s).

Abstract: Embodiments of the present invention disclose a method, system, and computer program product for bluesalt security. A computer receives a confidential data configuration wherein specific sensor are assigned to specific confidential information. The assigned sensors are measured for values as a system administrator enters a password corresponding to the confidential information. The measured values are converted into a salt and concatenated with the password to generate a primary key. The primary key is used to encrypt the confidential information, then the primary key is encrypted using a secondary key comprised of a second password with a second set of sensor information as the salt. The encrypted key is saved securely while the secondary key is destroyed. In order to decrypt the confidential information, a user must replicate the password and sensor values to generate the primary or secondary key.

Abstract: A technique is provided for continuous user authentication through real-time fusion and correlation of multiple factors. Monitored data is continuously obtained from a computer. The monitored data is related to user actions on the computer of a user. A server analyzes the monitored data of the computer to execute a windowing system event sequences modality, a network footprint modality, an application specific user actions modality, and/or a forensic linguistic analysis modality for the user. The user is authenticated on the computer based on a combination of the windowing system event sequences modality, the network footprint modality, the application specific user actions modality, and/or the forensic linguistic analysis modality.

Abstract: A scanning system, method and computer program product are provided. In use, portions of data are scanned. Further, access to a scanned portion of the data is allowed during scanning of another portion of the data.

Abstract: A system for transmitting a data signal is provided, comprising a plurality of network devices; a network connecting the plurality of network devices based on at least a first communication carrier, wherein the first communication carrier is a wired communication carrier; a network key generator configured to generate a network key; a mobile transmitting device configured to transmit the network key to at least one of the plurality of network devices on a second communication carrier, wherein the second communication carrier is a wireless carrier, and wherein the network devices are configured to communicate with the other network devices based on a link encryption key based on the network key. A corresponding method, a mobile transmitting device and a network device are provided as well.

Abstract: In accordance with these and other embodiments of the present disclosure, an information handling system may include a processor and a basic input/output system (BIOS) comprising a program of instructions executable by the processor and configured to cause the processor to initialize one or more information handling resources of the information handling system. The BIOS may be further configured to authenticate a signature of a BIOS driver associated with an information handling resource of the information handling system, and, in response to authenticating the signature of the BIOS driver, extracting a vendor public key from the BIOS driver and storing the vendor public key to a key database of the BIOS, wherein the vendor public key may be used by an operating system to authenticate one or more signed operating system drivers signed with a private key corresponding to the vendor public key.

Abstract: In one embodiment, a social-networking system authenticates a user of a mobile device, receives a request from the mobile device to install a software application, transmits data to the mobile device comprising the software application and an installation identifier (ID), receives another request including the installation ID from the mobile device to authorize the software application, evaluates the installation ID for validity, and transmits yet another response to the mobile device in accordance with the evaluation.

Abstract: A data storage device includes: a controller; an engine for performing at least one of encryption and decryption; and a logic circuit. In response to receiving a memory access command, the controller controls the logic circuit to generate an initialization vector based on initialization information in a first portion of the received command, selects a key from a plurality of keys based on key information in a second portion of the command, and controls the engine to perform at least one of encrypting and decrypting plain text data specified by the received command using the initialization vector and the selected key.

Abstract: Protecting master encryption keys by splitting the master encryption key into multiple key shares using a polynomial secret sharing scheme, and storing one share in a remote management server and the other shares in managed devices located on one or more secure networks. To reconstruct the master encryption key, a managed device obtains the remote management server share and combines it with its local share. Master encryption keys may be obtained without an administrator's password, thus supporting unattended startup of appliances. The remote management server may alert a system administrator upon release of the remote management key share, or request approval prior to releasing the remote management key share.

Abstract: A method of creating a password for a user account may include receiving, by a computing device, one or more authentication rules that each correspond to a password. Each authentication rule may describe a feature a password is to possess. The method may include receiving, by the computing device, a content and a corresponding action rule for the password, where the action rule specifies an action that is be performed if the password includes the received content, associating the authentication rules, the content, and the action rule with one or more credentials of the user for the user account, and storing the password type, the authentication rules, the content, and the action rule in a database.

Abstract: A group key is computed based on unique identifications of each member device of a group of machine type communication devices, wherein communication with a network application function is performed by using a session identification of the group, and/or by using a session identification of a member device of the group, generated based on the session identification of the group and the unique identification of the member device.

Abstract: A first electronic device, a second electronic device and methods for operating the same are provided. The method of the first electronic device includes obtaining wearing status information of a second electronic device which is wearable, and determining a security environment of the first electronic device based on the wearing status information. The method of the second electronic device includes detecting a wearing status of the second electronic device, confirming at least once of a security level and a user profile corresponding to the wearing status, and sending information of the security level or the user profile to a first electronic device.

Abstract: A method comprising encrypting a segment in response to receiving a segment request to generate an encrypted segment, and sending the encrypted segment, wherein encrypting the segment comprises encrypting a data content segment and a non-media segment in accordance with information provided in a dynamic adaptive streaming over hypertext transfer protocol (HTTP) (DASH) media presentation description (MPD), and wherein encrypting the segment generates an encrypted data content segment and an encrypted non-media segment. A method comprising sending a segment request, receiving an encrypted segment, wherein the encrypted segment comprises an encrypted data content segment and an encrypted non-media segment, and decrypting the encrypted segment in accordance with information provided in a DASH MPD to generate a data content segment and a non-media segment, wherein the non-media segment comprises a non-playable media.

Abstract: Provided is an operation limiting device which makes it possible to achieve more robust security and safety in processing of a workpiece by a processing apparatus. The operation limiting device limits operations relating to processing of a workpiece by a processing apparatus, and is provided with: an authentication unit for authenticating each of a plurality of users; a receiving unit for receiving an operation request or permission for said operation, from a plurality of authenticated users; an operation enabling unit for enabling an operation if an operation request or permission has been received from the plurality of authenticated users; and a releasing unit for releasing the operation enabled state set by the operation enabling unit if processing relating to the operation has terminated or if a predetermined period of time corresponding to the operation has elapsed.

Abstract: A certificateless multi-proxy signature method and apparatus, where the method may include computing, by a proxy signature device, a public key and a private key of the proxy signature device according to a public parameter, where the public key is corresponding to the private key, acquiring a verification result of a standard signature and determining, according to the verification result, whether the standard signature is valid, computing a partial proxy signature of the proxy signature device according to the private key if the verification result is used to represent that the standard signature is valid, and sending the partial proxy signature to a proxy signature device administrator, so that after the proxy signature device administrator obtains a multi-proxy signature through computation according to the partial proxy signature, a multi-proxy signature verification device verifies the multi-proxy signature.

Abstract: A system and method for processing the copyright notice of a media file stored in digital format in an electronic device are provided. The copyright notice of the media file is checked prior and/or during transmission between two devices and if the copyright notice is not found, action is taken to insert the copyright notice. The copyright notice is presented when the media file is presented.

Abstract: In one embodiment, a client computing device receives information regarding a Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA). The CAPTCHA includes an image file, a challenge, and code that is executable by a web browser to unscramble the received image file. The code includes instructions to divide the received image file into image sections, each image section having a unique identifier and grouped into either a first set or a second set. The code further contains instructions to transpose each image section in the first set into a new position, creating a new image. A web browser of the client computing device executes the code to create a second image from the received image file. The second image and the challenge are presented to a user of the client computing device.

Abstract: A data processing system supporting a secure domain and a non-secure domain comprises a hardware component, and a processor device having operating modes in the secure domain and non-secure domain, the processor device to execute a secure application in the secure domain. The hardware component has a property having a secure state. The property of the hardware component in the secure state may only be reconfigured responsive to instructions received from the secure domain. The secure application is operative to implement a configuration service to configure the property of the hardware component in the secure state, responsive to a request received from the non-secure domain according to an application programming interface associated with the secure application.

Abstract: According to one embodiment of the present invention, a system masks data objects across a plurality of different data resources. The system comprises a processor configured to include a plurality of service providers to mask the data objects, wherein each service provider corresponds to a different type of data masking for the data objects. An interface provides access to the plurality of service providers from different data-consumers to mask the data objects according to the corresponding types of data masking, wherein resulting masked data maintains relational integrity across the different data resources. Embodiments of the present invention further include a method and computer program product for masking data objects across a plurality of different data resources in substantially the same manners described above.