Abstract: Aspects of the technology described herein provide a mechanism for controlling access to secure computing resources based on inferred user authentication. A current user may be authenticated and access to secure computing resources permitted based on a determined probability that the current user is a legitimate user associated with the secure computing resource. Legitimacy of the current user may be inferred based on a comparison of user-related activity of the current user to a persona model, which may comprise behavior patterns, rules, or other information for identifying a legitimate user. If it is determined that the current user is likely legitimate, then access to secure information may be permitted. However, if it is determined that the current user is likely illegitimate, than a verification procedure may be provided to the current user, such as a temporal, dynamic security challenge based on recent activity conducted by the legitimate user.

Abstract: Techniques are presented that identify malware network communications between a computing device and a server based on a cumulative feature vector generated from a group of network traffic records associated with communications between computing devices and servers. Feature vectors are generated, each vector including features extracted from the network traffic records in the group. A self-similarity matrix is computed for each feature which is a representation of the feature that is invariant to an increase or a decrease of feature values across all feature vectors in the group. Each self-similarity matrix is transformed into corresponding histograms to be invariant to a number of network traffic records in the group. The cumulative feature vector is a cumulative representation of the predefined set of features of all network traffic records included in the at least one group of network traffic records and is generated based on the corresponding histograms.

Abstract: A computerized method that encrypts each of a plurality of segments of a binary value using a selected block cipher of a plurality of block ciphers and a unique symmetric key of a first plurality of unique, symmetric keys to produce a first ciphertext. The method further encrypts each of a plurality of segments of the first ciphertext using a selected block cipher of the plurality of block ciphers and a unique symmetric key of a second plurality of unique, symmetric keys to produce a second ciphertext. The selected block cipher used to encrypt a first segment of the binary value to produce a first segment of the plurality of segments of the first ciphertext is different than the selected block cipher used to encrypt the first segment of the ciphertext to produce a first encrypted segment of the second ciphertext.

Abstract: Provided are a method, system, and apparatus for verifying the validity of a beacon signal. More particularly, the user terminal determines whether authentication information received from a beacon service server and authentication information received from a verification beacon server are the same to allow the received beacon signal to provide only user-desired information to a user, thus allowing the user to focus on purchasing activity in a member shop to increase shopping time and efficiency and promote consumption.

Abstract: A device and method for online activation of a mobile terminal token related to cloud authentication management is disclosed. The method generally includes: a first activation request sent by the cloud authentication management platform, the cloud authentication server generates a first activation response and sends same to the cloud authentication management platform; the cloud authentication management platform sends the first activation response to the terminal; when the mobile terminal token obtains the first activation response, the token accesses the cloud authentication server and establishes a network data link; the mobile terminal token and the cloud authentication server send data and carry out activation.

Abstract: A system includes determination, at a first computing system, of the creation of a first user account, the first user account associated with a first username, a first identity store and a first person, determination, at the first computing system, of a first identifier uniquely identifying the first person, storage, at the first computing system, of a first association between the first username, the first identity store and the first identifier, reception, at a second computing system, of an indication of activity, the indication including the first username and the first identity store, determination, at the second computing system, the first identifier based on the first username, the first identity store and the stored first association, and creation, at the second computing system, of a log entry associating the activity with the first identifier.

Abstract: An authentication server 2 stores, for each of one or more objects to be registered, unique pattern information of a surface of the object to be registered and a personal identification number into a database in association with each other, acquires unique pattern information of a surface of an object to be authenticated which is related to an authentication request, and a personal identification number, extracts, from the database, unique pattern information stored in association with the personal identification number related to the authentication request, and determines whether the extracted unique pattern information includes unique pattern information corresponding to the unique pattern information related to the authentication request.

Abstract: A system and methods are provided for establishing an authenticated and encrypted communication connection between two devices with at most two round-trip communications. During establishment of an initial authenticated, encrypted communication connection (or afterward), a first device (e.g., a server) provides the second device (e.g., a client) with a token (e.g., a challenge) that lives or persists beyond the current connection. After that connection is terminated and the second device initiates a new connection, it uses the token as part of the handshaking process to reduce the necessary round-trip communications to one.

Abstract: Computationally implemented methods and systems include acquiring a block of encrypted data that corresponds to an image that has been encrypted through use of a unique device code associated with an image capture device configured to capture the image that includes a representation of a feature of an entity, obtaining a privacy metadata that corresponds to a detection of a privacy beacon in the image, said at least one image captured by the image capture device, said privacy beacon associated with the entity, and determining, at least partly based on the obtained privacy metadata, and partly based on a calculation related to the block of encrypted data that corresponds to the whether to allow one or more processes related to the encrypted data block. In addition to the foregoing, other aspects are described in the claims, drawings, and text.

Abstract: A portable communication device may include a mobile application executing in an application execution environment and a secure application executing in a trusted execution environment. The secure application may receive, from the mobile application, a storage request to store sensitive data. The storage request may include an encrypted data type identifier and an encrypted sensitive data. The secure application may decrypt the encrypted data type identifier and the encrypted sensitive data using a transport key, and re-encrypt the sensitive data using a storage key. The re-encrypted sensitive data can then be stored in a memory of the portable communication device which is outside the trusted execution environment.

Abstract: A method and system for automatic signalling an alert when a possible intrusion occurs in an industrial automation and control system, based on security events which occur in the industrial automation and control system or are externally fed into the system. The method includes the steps of: (a) determining a correlation of a first and second security event and storing the correlation in an event database, wherein the correlation includes a probability that the first security event is followed by the second security event within a normalized time period, (b) identifying a candidate event as the first security event, based on event information of the candidate event, upon occurrence of the candidate event, (c) classifying the candidate event as anomalous when the probability exceeds a predetermined threshold and no second security event follows the candidate event within the normalized time period, and (d) signalling the alert indicating the candidate event.

Abstract: A system, method, and media for dynamically controlling rankings and privacy settings for a social network is presented. Upon receipt of an electronic communication from a second user of the social network directed to a first user of the social network, determining whether the first and second users of the social network are connected and determining whether the second user has been blocked from electronically communicating with the first user. in response to determining that the second user is not blocked, executing a ranking process on the second user, based on privacy level settings criteria pre-specified by the first user. The privacy level settings criteria includes preferred attributes of communicating users and a threshold ranking score and the ranking process compares the attributes of the second user to the privacy level settings criteria.

Abstract: A custom browser can be setup or configured by end user to scan, monitor, filter out or eliminate any element of HTTP or HTTPS or Java script code or cookie downloading from the Internet in real time. The browser with custom security protects and eliminates unnecessary data or hacker attempts from the Internet by transcoding the downloading HTML/HTML5 code without requiring any plug-in, security app or changed system security level of devices. The application is particularly useful in IPTV and Remote UI HTML5 implementations.

Abstract: A system and methods are provided for verifying proof of transit of network traffic through a plurality of network nodes in a network. In one embodiment, each network node reads a first value and a second value from in-band metadata of packet, and generates, using a cryptographic key that is unique to each respective network node, an encryption result based on the first value. An updated second value is generated based on the second value read from the packet and the encryption result. Each network node writes the updated second value to the in-band metadata of the packet, and forwards the packet in the network. In another embodiment, a secret sharing scheme is employed by each network node computes a portion of verification information using a unique share of a secret and based on the packet specific information.

Abstract: A request is received to reestablish a connection to an end device in a network. At least one datum is identified indicating an error condition, the at least one datum including one or more of a bit error rate (BER), a received signal strength indicator (RSSI) value, and a foreign packet. Based on the one or more data values, user input is requested to deny the reestablish connection request. In response to the user input, the end device is prevented from reestablishing a link on the network.

Abstract: Embodiments of the present invention provide systems and methods for monitoring action records in virtual space. The systems and methods for monitoring action records in virtual space display recorded activity on an avatar within the virtual space by communicating in a virtual space with a user account. The recorded activity is analyzed and processed in order to compile information on the avatar and display an avatar (which is a reflection of the compiled information).

Abstract: In one embodiment, a device in a network analyzes data indicative of a behavior of a network using a supervised anomaly detection model. The device determines whether the supervised anomaly detection model detected an anomaly in the network from the analyzed data. The device trains an unsupervised anomaly detection model, based on a determination that no anomalies were detected by the supervised anomaly detection model.

Abstract: Disclosed herein are methods, systems, and computer-readable media for blocking attempts at runtime redirection and attempts to change memory permissions during runtime. The present disclosure describes features that enable runtime detection of an attempt to redirect routines or change memory permissions, and determining whether to allow or deny the attempt. Such features may include changing memory write permissions on memory segments, such as those segments used by dynamic loaders after call associations have been saved or otherwise created. Other features may include swapping the addresses of system routines (e.g., open, read, write, close, etc.) to new routines that perform the same function as well as additional functionality configured to detect attempts to redirect or change memory permissions. Once detected by the new routine during runtime, a determination may be made to deny or allow the call based on a policy.

Abstract: A flexible policy system allows compliant apps on a mobile device to interact with a secure container memory space to ensure that data leak prevention policies are being enforced. Third-party applications can include an SDK or application wrapper that provide policy enforcement via agent functionality. An administrator can define policies via a web-based portal, allowing a server to identify appropriate users and devices and to distribute policies to those devices to be enforced within the secure container on each device. Policies can identify the datatypes and security levels, and the related applications and users that have authority to access that data. The agent or application wrapper enforces these policies on the mobile device before applications can access data in the secure memory space.

Abstract: One of n?2 servers, connectable via a network, implements a cryptographic protocol using a secret key K which is shared between the n servers, and includes first and second server compartments. The first is connectable to the network, adapted to implement the cryptographic protocol, and stores a current key share of the secret key K. The second is inaccessible from the network in the operation of the server, stores a set of master keys, and is adapted, for each of successive time periods, to unilaterally generate a new key share of the secret key K and to supply it to the first as the current key share for that time period. The new key share includes a random share of a predetermined value p which is shared between the n servers, and the random share includes a function of the set of master keys.