Abstract: Disclosed is a MAC tag list generating apparatus capable of efficiently performing message authentication through which information pertaining to a falsified position as well as existence of falsification can be obtained. This MAC tag list generating apparatus is provided with: a group test matrix generating means for generating a group test matrix W, which is a parameter of a combined group test, on the basis of a plurality of items obtained by dividing an obtained message M; and a MAC tag list generating means that, while sharing results obtained by applying a pseudo random function to the items forming each row of the generated group test matrix W, sums the results, and then applies the summed results to pseudo random permutation to generate a MAC tag list T, which is a MAC tag list pertaining to the message M.

Abstract: A method performed by a processor of an aspect includes accessing an encrypted copy of a protected container page stored in a regular memory. A determination is made whether the protected container page was live stored out, while able to remain useable in, protected container memory. The method also includes either performing a given security check, before determining to store the protected container page to a destination page in a first protected container memory, if it was determined that the protected container page was live stored out, or not performing the given security check, if it was determined that the protected container page was not live stored out. Other methods, as well as processors, computer systems, and machine-readable medium providing instructions are also disclosed.

Abstract: Detecting anomalous user behavior is provided. User activity is logged for a set of users. The user activity is divided into distinct time intervals. For each distinct time interval, logged user activity is converted to a numerical representation of each user's activities for that distinct time interval. A clustering process is used on the numerical representations of user activities to determine which users have similar activity patterns in each distinct time interval. A plurality of peer groups of users is generated based on determining the similar activity patterns in each distinct time interval. Anomalous user behavior is detected based on a user activity change in a respective peer group of users within a distinct time interval.

Abstract: Some embodiments of the invention introduce cloud template awareness in the service policy framework. Some embodiments provide one or more service rule processing engines that natively support (1) template-specific dynamic groups and template-specific rules, and (2) dynamic security tag concepts. A service rule processing engine of some embodiments natively supports template-specific dynamic groups and rules as it can directly process service rules that are defined in terms of dynamic component groups, template identifiers, template instance identifiers, and/or template match criteria. Examples of such services can include any kind of middlebox services, such as firewalls, load balancers, network address translators, intrusion detection systems, intrusion prevention systems, etc.

Abstract: A secure migration enclave is provided to identify a launch of a particular virtual machine on a host computing system, where the particular virtual machine is launched to include a secure quoting enclave to perform an attestation of one or more aspects of the virtual machine. A root key for the particular virtual machine is generated using the secure migration enclave hosted on the host computing system for use in association with provisioning the secure quoting enclave with an attestation key to be used in the attestation. The migration enclave registers the root key with a virtual machine registration service.

Abstract: Various embodiments are generally directed to techniques for converting between different cipher systems, such as, for instance, between a cipher system used for a first encryption environment and a different cipher system used for a second encryption environment, for instance. Some embodiments are particularly directed to an encryption engine that supports memory operations between two or more encryption environments. Each encryption environment can use different cipher systems while the encryption engine can translate ciphertext between the different cipher systems. In various embodiments, for instance, the first encryption environment may include a main memory that uses a position dependent cipher system and the second encrypted environment may include a secondary memory that uses a position independent cipher system.

Abstract: Identification of an entity performing a deletion or modification action on locally stored files and notification to mitigate risks to cloud stored files is provided. A local or remote file watcher may monitor locally stored files and detect a deletion or modification action. The file watcher may also identify an entity performing the deletion or modification action. The entity may be an application, a process, a user other than the user that is the owner of the files, or the user himself/herself. The file watcher may further determine one or more alert conditions or rules associated with the affected file(s) and/or the entity, that is under which circumstances an alert is to be issued. The alert notification(s) may be issued to the user, an administrator, a cloud storage service, and/or a data protection service such that protective measures can be taken if necessary.

Abstract: Method, media, and system for authentication of a claimant as a claimed identity. Embodiments break the authentication process into two steps. In the first step, a registrant establishes an identity profile by presenting identity documents and authentication points that can later be used to verify that they are the person who established the identity profile. Subsequently, when a claimant claims the identity in the identity profile, an identity score and an authentication score can be calculated based on the identity profile and the information provided by the claimant. The authentication score measures how likely it is that the claimant is the same person who established the identity profile. The identity score measures how likely it is that the registrant is who they are claiming to be. The identity score and the authentication score can then be combined to determine the likelihood that the claimant actually corresponds to the claimed identity.

Abstract: An encryption module encrypts starting data using a random key to produce encrypted data. A hash module performs a secure hash function on the encrypted data using a secret key to produce a hash value. Processing circuitry masks the random key using the hash value to produce a masked random key, and combines the encrypted data and the masked random key to produce a secure package. A distributed storage and task module encodes the secure package to produce a set of encoded data slices. The secret key and a decode threshold number of the encoded data slices included in the set of encoded data slices are sufficient to recover the secure package and the starting data. The set of encoded data slices is stored in a set of storage units.

Abstract: One embodiment provides a system that facilitates mutating and caching content in a CCN. During operation, the system receives, by an intermediate node, a content object that indicates an encrypted payload, a signature, and a parameter for a group to which the content object belongs, wherein the content object includes a name that is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level. The system re-encrypts the content object based on the encrypted payload and the parameter to obtain a new encrypted payload and a new signature, wherein re-encrypting is not based on a private key or a public key associated with the encrypted payload. The system transmits the re-encrypted content object to a client computing device, thereby allowing the client computing device to decrypt the re-encrypted content object and verify the new signature.

Abstract: At a mobile device, a password is used to create a proof of knowledge (POK). The POK is stored in a controller accessible via a communication network. The POK ensures that the controller can detect an incorrect password from the mobile device, and that the mobile device cannot be subject to a brute force attack to determine the DC stored in the mobile device. After a predetermined number of unsuccessful attempts to enter the password, the controller blocks further attempts, thereby restoring protection against a brute force attack that was lost going from a standalone smart card to mobile-device-based derived credentials. A portion of Derived Credentials, needed to authenticate the user of a mobile device, is stored in the controller, further increasing the difficulty of unauthorized use.

Abstract: The invention relates to a method for storing data in a relational database, comprising a plurality of tables, wherein the data is stored in these tables, wherein each row of each table is provided with an original primary key for identification, and wherein foreign keys are provided for cross-referencing different tables of the relational database, wherein the primary keys are encrypted, wherein the foreign keys are encrypted based on the encrypted primary keys and wherein for each table where a primary key is referenced as a foreign key an encrypted pointer is stored to link the corresponding encrypted foreign key to the encrypted primary key. The present invention further relates to a relational database server.

Abstract: The present disclosure relates to a method, a device and a storage medium for determining a health state of an information system. At first, a baseline configuration document corresponding to the information system is received, and data records under inspection of the information system are acquired. The baseline configuration document defines baselines. Then, each of the data records under inspection is compared with at least one baseline defined in the baseline configuration document to obtain a comparing result between each of the data records under inspection and the at least one baseline. At last, the health state of the information system is determined according to the comparing result between each of the data records under inspection and the at least one baseline. A health-determining apparatus relative to the above-mentioned method is also provided.

Abstract: Some embodiments of the invention introduce cloud template awareness in the service policy framework. Some embodiments provide one or more service rule processing engines that natively support (1) template-specific dynamic groups and template-specific rules, and (2) dynamic security tag concepts. A service rule processing engine of some embodiments natively supports template-specific dynamic groups and rules as it can directly process service rules that are defined in terms of dynamic component groups, template identifiers, template instance identifiers, and/or template match criteria. Examples of such services can include any kind of middlebox services, such as firewalls, load balancers, network address translators, intrusion detection systems, intrusion prevention systems, etc.

Abstract: This invention comes up with a kind of Android malicious code detection method on the base of community structure analysis. During the reverse analysis process of target program, firstly, it obtains critical static feature information automatically, such as permission, function, class, system API, etc.; secondly, it uses the call relation between functions to create function call graph, and undertakes pretreatment on function call graph; make cycle division and analysis for the weighted function call graph so as to get the correction division of community structure; finally, it extract features from community structures for machine learning and get the final maliciousness determination result. This invention method is able to undertake program internal structure analysis and malicious code detection rapidly when facing a large number of Android application program samples generated by “repackaging” technology.

Abstract: Aspects of security schemes (e.g., integrity protection, encryption, or both) are described. A measure of access stratum security can be realized without overhead associated with establishing and/or maintaining the per-cellular-device access stratum security context at a Cellular Internet of Things (CIoT) base station (C-BS). A gateway (e.g., a CIoT Serving Gateway Node (C-SGN)) may derive a first key. The first key may be only known to the C-SGN. The C-SGN may derive a second key from the first key and a parameter unique to the C-BS. The C-SGN may also derive a third key from the second key and an identity of a cellular device. The C-SGN may send the second and third keys to the C-BS and cellular device, respectively. Small data messages encrypted and/or integrity protected by the cellular device may be decrypted and/or verified by the C-BS.

Abstract: Computationally implemented methods and systems include acquiring a block of encrypted data that corresponds to an image that has been encrypted through use of a unique device code associated with an image capture device configured to capture the image that includes a representation of a feature of an entity, obtaining a privacy metadata that corresponds to a detection of a privacy beacon in the image, said at least one image captured by the image capture device, said privacy beacon associated with the entity, and determining, at least partly based on the obtained privacy metadata, and partly based on a calculation related to the block of encrypted data that corresponds to the whether to allow one or more processes related to the encrypted data block. In addition to the foregoing, other aspects are described in the claims, drawings, and text.

Abstract: Described herein are various technologies pertaining an extensible, cloud-based service for creating and executing applications (e.g., business or industry-specific workflows). A user knowledgeable about a particular field can utilize a client-hosted design studio or a web-based portal to create an application (“app”) (e.g., data transform) relevant to the particular field. The system thus enables users to build mobile applications across platforms without having to write computer code to communicate with backend services such as data sources and/or workflow management systems.

Abstract: Disclosed are a method and an apparatus for determining a phishing website. The method comprises: a server determining whether a target website accessed by a client is a gray website, the gray website being a website neither in a preset blacklist nor in a whitelist; the client acquiring the browsing information of the gray website in the local client, and determining whether the browsing information meets a preset condition; if yes, determining that the gray website is a non-phishing website; if not, the client acquiring the domain name feature information of the gray website, and when the domain name feature information conforms to a pre-configured rule, determining that the gray website is a phishing website.

Abstract: Techniques described and suggested herein include the use of transformation parameters, such as mathematical and/or cryptographic operations, to permute various aspects of executables so as to control executable code authorized to run on one or more hosts. For example, a set of transformation parameters, such as a mathematical operation and a specified value upon which the mathematical operation may operate, are associated with a host or group of hosts. The set of transformation parameters may be applied to one or more runtime-related numerical locations associated with an executable that is intended to run on the specified hosts. At runtime, appropriately encoded executables are decoded by the specified hosts and operate normally, while differently encoded or unencoded executables are inoperable by the specified hosts.