Abstract: Technical solutions are described for extending shrouding capability of a virtual server hosting system. An example method includes receiving a request to deploy a shrouded virtual server using a predetermined set of hardware components, and using a shrouded mode. The method also includes adding a guest server to the hosting system, the guest server including the predetermined set of hardware components. The method also includes deploying a preconfigured hypervisor on the guest server, where the preconfigured hypervisor is deployed in an immutable mode that disables changes to security settings of the preconfigured hypervisor. The method also includes deploying, by the preconfigured hypervisor, a preconfigured boot image as an instance of the virtual server on the preconfigured hypervisor. The method also includes sending an identifier of the virtual server for receipt by the client device.

Abstract: Detection of abnormalities in multi-dimensional data is performed by processing the multi-dimensional data to obtain a reduced dimension embedding matrix, using the reduced dimension embedding matrix to form a lower dimension (of at least 2D) embedded space, applying an out-of-sample extension procedure in the embedded space to compute coordinates of a newly arrived data point and using the computed coordinates of the newly arrived data point and Euclidean distances to determine whether the newly arrived data point is normal or abnormal.

Abstract: The disclosure provides a secure message transmission apparatus and a processing method thereof. A method for processing a secure message may include receiving a message transmitted by a transmission-side terminal and determining whether the message is an encrypted message, by a non-secure message service unit; delivering the encrypted message to a secure message service unit by the non-secure message service unit when the message is the encrypted message; and decrypting the encrypted message, and re-encrypting the decrypted message and transmitting the re-encrypted message to a reception-side terminal, by the secure message service unit.

Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations.

Abstract: An authentication system according to an embodiment is provided with a service providing apparatus, an IDaaS corporation apparatus, and an authentication providing apparatus. Based on the user ID and SSO request transmitted from the user terminal, the authentication providing apparatus executes authentication processing for the user. If the result of the authentication processing indicates success, the IDaaS corporation apparatus having SSO account information including the SSO account identifier identical to the user ID, permits SSO authentication to be executed for the service identified by the service account identifier included in the service account information associated with the SSO account information. The service providing apparatus transmits information related to the service to the user terminal.

Abstract: A system for discovering programming variants. The system analyzes system calls from executing a program to generate programming code or executable for a particular OS and/or CPU that would perform the same or similar actions as the program. The code that is generated is then mutated, augmented, and/or changed to create variations of the program which still functions and/or obtains the same objectives as the original code.

Abstract: This disclosure relates to remote control of home dialysis machines, for example, using a network connected system including a network device. In an aspect, a dialysis system includes a network device, a dialysis machine configured to connect to the network device over a network, and a mobile device configured to connect to the network device over the network. The network device is configured for receiving, from the mobile device, through the network, a request to access the dialysis machine, receiving an authorization for the mobile device to access the dialysis machine, and after receiving the authorization, transferring, through the network, between the dialysis machine and the mobile device, information pertaining to one or more of an operation of the dialysis machine or the mobile device.

Abstract: The subject matter describes devices, networks, systems, media, and methods to create secure communications between wireless devices and cellular networks, where the wireless devices communicate with the cellular networks via multi-hopping methods in non-cellular networks.

Abstract: An electronic circuit (200) includes one or more programmable control-plane engines (410, 460) operable to process packet header information and form at least one command, one or more programmable data-plane engines (310, 320, 370) selectively operable for at least one of a plurality of cryptographic processes selectable in response to the at least one command, and a programmable host processor (100) coupled to such a data-plane engine (310) and such a control-plane engine (410). Other processors, circuits, devices and systems and processes for their operation and manufacture are disclosed.

Abstract: A method, product and computer program product for building a malware detector, the method including the steps of: receiving at least one characteristic for each of a plurality of malware variants; categorizing each of the characteristics as a malicious characteristic or a non-malicious characteristic; generating a detector; training the detector to distinguish between the malicious characteristic and the non-malicious characteristic; and rating the detector based on an accuracy of detection of an amount of malicious characteristics for each malware variant.

Abstract: A method for detection and use of device identifiers to enhance the security of data transfers between electronic devices. A first electronic device can transmit access data to a second electronic device. The access data can be associated with a first access code that can be generated based at least in part on data representing a device identifier of the first electronic device. A device identifier can uniquely identify the first electronic device from a plurality of electronic devices. Transferring the access data can involve transforming the first access code into a second access code that can include data representing a device identifier associated with the second electronic device. Transforming the first access code into the second access code can facilitate access to a resource associated with the access data for a second user, but not for a first user.

Abstract: A system comprising a processor adapted to activate multiple security levels for the system and a monitoring device coupled to the processor and employing security rules pertaining to the multiple security levels. The monitoring device restricts usage of the system if the processor activates the security levels in a sequence contrary to the security rules.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing, and enforcing policies on data security. A policy appliance includes a policy administration point, a policy decision point, a policy enforcement point and, optionally, an auditing module. The policy appliance can execute in a self-contained environment, e.g., a single virtual machine, a single physical machine, or a cluster of virtual machines or physical machines identically configured. The self-contained policy appliance can receive, manage, enforce and audit multiple policies that specify access privileges of multiple users on multiple databases. The databases can include heterogeneous databases that are configured separately and differently from one another. A single configuration of the policy appliance centralizes and unifies policy management of the heterogeneous database in the self-contained environment.

Abstract: Methods and systems for protecting a secured network are presented. For example, one or more packet security gateways may be associated with a security policy management server. At each packet security gateway, a dynamic security policy may be received from the security policy management server, packets associated with a network protected by the packet security gateway may be received, and at least one of multiple packet transformation functions specified by the dynamic security policy may be performed on the packets. Performing the at least one of multiple packet transformation functions specified by the dynamic security policy on the packets may include performing at least one packet transformation function other than forwarding or dropping the packets.

Abstract: A method of accessing a physically secured rack includes assigning a task identification by a key computer system, which specifies a task for an administrator of an administration user group for access to the rack, transmitting the task identification from the key computer system to the administrator and an access control unit for the rack, prompting an input of the task identification by the access control unit, verifying the input task identification by the access control unit, prompting input of a personal access identification of the administrators by the access control unit, verifying the input personal access identification of the administrator by the access control unit, and releasing a physical access security system for the access to the administrator to the rack if both preceding verification steps are successful.

Abstract: Systems and methods for authenticating an avatar are provided. This system is useful with an avatar having an identifier, virtual environments, and a user who uses the avatar in the virtual environments. Transoms are generated, each with a unique identifier configured to exist in a specific location, and registered with an identity provider. The transom initiates a request. An offer is conveyed that includes the transom identifier, the location and the avatar identifier. The avatar is then authenticated by a shared secret. The identity provider then responds to the offer with avatar identification information, including reputation information. Reputation information is for the avatar and the user, and is compiled from external avatar data sources by using a trust matrix. An avatar gallery is generated by linking each avatar owned by each user to the account and compiling avatar profiles from the account, and the reputation information. The avatar profiles are searchable, and include micro formats.

Abstract: A scramble unit subjects data to be written into twin cells in a first storage unit to scramble processing with the use of scramble data. A write unit writes write data subjected to the scramble processing into the twin cells in the first storage unit. A write unit writes scramble data into a memory cell in a second storage unit. A descramble unit subjects the data read from the first storage unit to descramble processing with the use of scramble data read from the second storage unit.

Abstract: The present disclosure provides a method, system, device, and terminal for network initialization of a multimedia playback device. The method includes: screening, by a terminal, a wireless access point of the multimedia playback device; connecting the terminal to a first wireless network of the wireless access point of the multimedia playback device; and sending, by the terminal, parameter information of a second wireless network, to which the terminal connects, to the multimedia playback device through the first wireless network, which allows the multimedia playback device to be connected to the second wireless network according to the parameter information of the second wireless network, so as to complete initialization. The method for network initialization of a multimedia playback device does not need to download a specific application to perform multistep network initialization nor to input a series of IP addresses through a network browser and make complicated settings to perform network initialization.

Abstract: Establishing secure connections from a computing device to secure servers when the computing device starts with an incorrect system clock time that would ordinarily prohibit connection to the secure servers. A method includes attempting to access a plurality of secure servers. The method further includes, from each of the servers in the plurality of secure servers, receiving one or more certificates from the secure servers and metadata which includes a specification of time. The method further includes preventing secure applications from sending sensitive data to the plurality of secure servers until a system time has been approximated. The method further includes, from the secure specifications of time, approximating a current system time. The method further includes accessing another secure server using the approximated current system time and using the approximated current system time to validate a certificate from the other server.

Abstract: Systems and methods are disclosed for providing secure information processing. In one exemplary implementation, there is provided a method of secure domain isolation. Moreover, the method may include configuring a computing component with data/programming associated with address swapping and/or establishing isolation between domains or virtual machines, processing information such as instructions from an input device while keeping the domains or virtual machines separate, and/or performing navigating and/or other processing among the domains or virtual machines as a function of the data/programming and/or information, wherein secure isolation between the domains or virtual machines is maintained.