Abstract: Systems, methods and apparatus are disclosed for remote management of payment terminals. Public keys, or other security elements can be received from a certification authority and distributed to the payment terminals. A merchant, or other entity affiliated with the payment terminals, can monitor the status of the software and security elements of the payment terminals.

Abstract: A computer implemented method for analyzing and verifying software for safety and security. A software program comprising a sequence of program statements to be executed is provided. A compact representation of the program is computed, and the subset of program statements that are relevant to a property of the software to be verified is identified. A homomorphism that maps non-relevant program statements to an identity is computed, and the property is verified using the homomorphism.

Abstract: An integrated circuit device that includes a secure or protected memory component is herein disclosed and enabled. The integrated circuit device may be a wireless communication device, a smart phone, or a smart card. Additionally, the integrated circuit device may be part of, or included in, a computing device or a mobile device. The integrated circuit device includes a protected memory section for storing protected data that is not accessible by a user at the protected memory section, but is accessible by a memory controller included in the integrated circuit device. The access and transfer of the protected data is protected using combination security operations that may include encryption, cryptography, and user authentication. The integrated circuit device may further include a wireless component for establishing a wireless connection with wireless computing devices or readers for wirelessly transmitting the protected data accessed by the memory controller.

Abstract: A method performed by one or more network node(s) of a wireless telecommunications network to dynamically manage encryption keys for multiple narrowband Internet of Things (NB-IoT) devices of the network. The network node(s) can maintain a database that stores a device profile for each of the NB-IoT devices and obtain multiple encryption keys for the multiple NB-IoT devices. The encryption keys are associated with different encryption strengths ranging from high to ultra-low encryption strengths. The network node(s) can allocate the encryption keys to the NB-IoT devices, detect a change in the condition of the network, capability or communications service of NB-IoT devices, and refresh the encryption keys accordingly to ensure that the network nodes properly balance encryption while providing efficient network performance.

Abstract: According to one embodiment, a storage system includes a processor, a storage device, and a first memory. The storage device includes a nonvolatile memory, a control circuit, and a second memory. The processor retrieves, based on a retrieval key and retrieval information stored in the first memory, location information of data including the retrieval key and a value, and transmits the location information and the retrieval key to the control circuit. The control circuit reads the data from the nonvolatile memory based on the location information and the retrieval key, stores the data in the second memory, retrieves the value corresponding to the retrieval key from the data, and transmits the value to the processor.

Abstract: One embodiment provides a method, including: identifying a biometric pattern present in a wireless signal associated with an information handling device; determining, using a processor, whether the biometric pattern corresponds to an authorized biometric pattern; and authenticating, responsive to determining that the biometric pattern corresponds to the authorized biometric pattern, a user of the information handling device. Other aspects are described and claimed.

Abstract: A method for detecting a false positive outcome in classification of files includes, analyzing a file to determine whether or not the file is to be recognized as being malicious, analyzing a file to determine whether a digital signature certificate is present for the file, in response to recognizing the file as being malicious; comparing the digital certificate of the file with one or more digital certificates stored in a database of trusted files, in response to determining that the digital signature certificate is present for the file; and detecting a false positive outcome if the digital certificate of the file is found in the database of trusted files, when the false positive outcome is detected, excluding the file from further determination of whether the file is malicious and calculating a flexible hash value of the file.

Abstract: Using an image analysis model within an image intended for distribution online, an image portion depicting personally identifiable information is identified, the personally identifiable information comprising image data usable to identify a specific individual. Using an online profile, a person depicted in the image portion is identified. A transaction is posted in a publicly-accessible distributed encrypted ledger, the transaction comprising an encrypted request to allow the image to be distributed online. According to a response to the request, the image portion is obfuscated, the obfuscating comprising altering data of the image portion, the altering making the image portion unusable to identify the person.

Abstract: According to examples, an apparatus may include machine-readable instructions that may cause the processor to determine that a first malware was detected on a first computing device and to determine whether a second malware was detected on a second computing device within a predefined period of time of when the first malware was detected on the first computing device, in which the first computing device and the second computing device are associated with a shared data storage that is remote from the first and second computing devices. The instructions may also cause the processor to, based on a determination that the second malware was detected within the predefined period of time, output a notification that the first malware was likely spread to the first computing device and/or that the second malware was likely spread to the second computing device through the shared data storage.

Abstract: System and methods for the processing of data in a secure and safe manner are disclosed. Embodiments of such system and methods may ensure the operation of policies in a manner that is dependent on the inherent properties of the data being operated on as well as the operations that are performed on that data.

Abstract: In an authentication method, a first controller generates a first group key, executes first mutual authentication with devices within a group, and shares the first group key with devices that have succeeded in the first mutual authentication. When a second controller joins the group, the first controller decides which coordinator manages a group key used in common. The first controller executes second mutual authentication with the coordinator, and shares the first group key with the coordinator when the second mutual authentication is successful. The coordinator performs encrypted communication within the group using the first group key, generates a second group key when the first group key valid time runs out and before updating the first group key, executes third mutual authentication with the devices and a third controller, and updates the first group key of the devices and the third controller that have succeeded in the third authentication.

Abstract: A technique includes an operating system agent of a computer system monitoring a process to detect whether an integrity of the process has been compromised. The monitoring includes the operating system agent scanning a data structure. The process executes in a user space, and the data structure is part of an operating system kernel space. The technique includes a hardware controller of the computer system listening for a heartbeat that is generated by the operating system agent. The hardware controller takes a corrective action in response to at least one of the hardware controller detecting an interruption of the heartbeat, or the operating system agent communicating to the hardware controller a security alert for the process.

Abstract: A multi-tier machine learning engine receives signal data characterizing a monitored signal of the computing platform. The machine learning engine can include a plurality of tiers that employ frequency domain analysis on the signal data to identify an application executing on the computing platform and a module and/or loop of the identified application and employ time domain analysis on the signal data to identify timing of events within the identified module and/or loop of the identified application.

Abstract: A method in a peer-to-peer network for recording maintenance data is provided. The method comprises receiving troubleshooting summary secured data (TSSD) from a plurality of sources; entering the TSSD from the plurality of sources using a Blockchain framework, wherein TSSD from a source is entered as a unique transaction in the Blockchain framework when a set of smart maintenance keys possessed by the source authorizes the entry of the TSSD; providing a first level of controlled access to a first subset of entered TSSD to an entity possessing a first level controlled access set of keys; providing a second level of controlled access to a second subset of the entered TSSD to an entity possessing a second level controlled access set of keys; and providing a third level of controlled access to all of the entered TSSD to an entity possessing a third level controlled access set of keys.

Abstract: A testing computer system communicates with a client computer system coupled to one or more target computer systems. The testing computer system sends test payloads to the client computer system, which are forwarded to the target computer systems. Based on the test results generated by the target computer system, the testing computer system generates a runtime payload that is executable to perform a response to a security breach identified using the test results and sends the runtime payload to the client computer platform for execution. The testing computer system receives from the client computer platform an indication of the execution of the runtime payload.

Abstract: Systems and methods are disclosed that predict whether a configuration item of a service provider cloud infrastructure client instance has a vulnerability, prior to scanning for the client instance for the vulnerability. In particular, operating system and/or application information of the vulnerability may be compared to that of the configuration item, operating system and/or application information of past vulnerabilities may be compared to that of the vulnerability, additional vulnerabilities that are solved by solutions that remedy the vulnerability may be compared to the configuration, and/or a machine-learning model may be trained to determine how similar past vulnerabilities of the configuration item are to the vulnerability. Based on one or more of these comparisons, a predicted vulnerable item may be generated that indicates that the configuration item is subject to the vulnerability.

Abstract: A management system detects a change at the target device. The management system transmits a request message to authorization devices of the authorization users of the multi-user authorization pool to from the authorization users an indication of whether the detected change is approved. The management system receives a plurality of response messages from authorization devices of the multi-user authorization pool indicating whether the detected change is approved by the corresponding authorization user, and based on at least three of the plurality of response messages indicating a disapproval, that the detected change is disapproved. In response to the determination that the change is disapproved, an instruction message is sent to a target managed device to instruct the target managed device to rollback to an earlier state.

Abstract: Methods and devices for determining whether a mobile device has been compromised. The mobile device has a managed portion of memory and an unmanaged portion of memory, a managed profile and an unmanaged profile, and the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes files stored in the unmanaged portion of memory. The managed profile is governed by a device policy set by a remote administrator. File tree structure information for the unmanaged profile of the mobile device is obtained that details at least a portion of a tree-based structure of folders and files in the unmanaged portion of memory. It is determined from the file tree structure information that the mobile device has been compromised and, based on that determination, an action is taken.

Abstract: A communication node relays data between equipment communicating with each other via a multi-hop network based on a multi-hop manner, records a predetermined kind(s) of data among the relayed data, checks validity of the equipment by matching the predetermined kind(s) of data against past data recorded by the recording part, and outputs a check result of the validity of the equipment to a predetermined output destination(s).

Abstract: An automated system tracks digital service providers (DSP) data management agreements, DSP behavior, and user behavior, individually and in aggregate, to determine recommended alternatives for content/service sites/providers than those used by a user. The alternatives are selected based on their scoring and congruency or compliance with a user's target privacy data treatment parameters.