Abstract: Approaches are described for securely sending, receiving, or otherwise processing communications between electronic devices. A communication can be received at a computing device (such as a mobile phone). The communication can include information captured about a person initiating the communication such as an image of the user, voice data of the user, typing pattern information of the user, or any other information that can be used to identify the user generating the communication. The information can be compared against profile data (e.g., contact information such as a phone number or name of the sender) associated with or otherwise stored for an indicated sender of the communication to generate a confidence value, where the confidence value can be used to indicate that the person initiating the communication is the indicated sender.

Abstract: In one embodiment, an encryption device may retrieve authentic genetic information from a genetic information database, generate false genetic information based on the authentic genetic information, encrypt the false genetic information to produce encrypted genetic information, assign identifiers to respective segments of the encrypted genetic information, transmit the encrypted genetic information to be genetically analyzed to a gene analyzer, receive, from the gene analyzer, an analysis of the encrypted genetic information, and decrypt the analysis of the encrypted genetic information to parse the analysis of the authentic genetic information.

Abstract: Methods and systems are disclosed for generating a public-private key pair. A programmed processor displays a plurality of questions and inputs two or more answers to two or more of the plurality of questions in response to user input. The processor computes the public-private key pair as a function of the two or more answers to the two or more questions and stores the public-private key pair in memory coupled to the processor.

Abstract: A computer system enables a business to reduce risks from phishing electronic messages. One or more original web links embedded in the electronic message may be replaced with a replacement web link. If the determined risk score for the original webpage is large enough webpage and the user clicks on the embedded web link, a user is directed to an intermediate webpage rather than to the original webpage. The intermediate webpage may provide details about the original webpage so that the user can make an informed choice whether to proceed to the original website. For example, the intermediate webpage may provide pertinent information to a user such as the actual domain of the remote site, the country the site is hosted in, how long the site has been online, and a rendered screen capture of the remote website, and/or a confidence score.

Abstract: A security aware email server and a method of managing incoming email are described. The server includes a memory device configured to store rules, instructions, and user preferences. The processor makes a determination of whether a sender of an incoming email used a secure or unsecure sending network to send the email and determines an action to take with the email based on the determination and the user preferences.

Abstract: A computer-implemented method for securing data and computer systems is described. In one embodiment, a request to connect to a server is received at an intermediary network device. It is detected, at the intermediary network device, that the server uses a one-time password (OTP) protocol. Based at least in part on the detecting that the server uses an OTP protocol, an action is performed by the intermediary network device. The action may include blocking, at the intermediary network device, a connection other than the connection to the server that uses the OTP protocol.

Abstract: A system of resource-based action attribution provides a mechanism for tracking actions performed on a resource shared among multiple users of a resource sharing system, whether the users are authenticated within the resource sharing system or not. The tracking mechanism may allow users to track identifying information of other users who perform actions (e.g., editing actions) on the shared resource. A user can access a resource by providing a resource identifier and/or an access credential associated with the resource. The user's actions on the resource can be associated with an invitee identifier (e.g., an email address) that is associated in memory with the resource identifier and/or the access credential.

Abstract: An apparatus and method for transferring network access information of smart household appliances are provided. The apparatus includes a detection unit for detecting whether a public IP address of an external interface of an indoor IP sharer has changed. An extraction unit is configured to, if the public IP address of the external interface has changed, extract network access information of a smart household appliance connected to an internal interface of the indoor IP sharer, the network access information being updated together with change in the public IP address. An encryption and generation unit encrypts the network access information using a pre-stored encryption key, and generates data to be transmitted to a smart grid service provider server using the encrypted information and an ID of a customer user. A transmission unit transmits the data generated by the encryption and generation unit to the smart grid service provider server.

Abstract: In accordance with an embodiment, described herein is a system and method for providing security in a multitenant application server environment. In accordance with an embodiment, per-partition security configuration includes: per-partition security realm (including configuration for authentication, authorization, credential mapping, auditing, password validation, certificate validation, and user lockout); SSL configuration, including keys, certificates, and other configuration attributes; and access control for partition and global resources. An administrator can designate one or more partition users as partition administrators, via grant of roles.

Abstract: Within a secure messaging environment, a determination is made that a request to send a message has been generated by a message sender. A message protection policy configured to process the message within the secure messaging environment is identified. The message protection policy specifies that, within the secure messaging environment, a secured digital certificate, other than a digital certificate of the message sender, is configured with an associated private key to digitally sign the message on behalf of the message sender. Based upon the message protection policy, a determination is made to digitally sign the message using the private key of the secured digital certificate. The message is signed on behalf of the message sender using the private key of the secured digital certificate.

Abstract: Within a secure messaging environment, a determination is made that a request to send a message has been generated by a message sender. A message protection policy configured to process the message within the secure messaging environment is identified. The message protection policy specifies that, within the secure messaging environment, a secured digital certificate, other than a digital certificate of the message sender, is configured with an associated private key to digitally sign the message on behalf of the message sender. Based upon the message protection policy, a determination is made to digitally sign the message using the private key of the secured digital certificate. The message is signed on behalf of the message sender using the private key of the secured digital certificate.

Abstract: A computer-implemented method for assessing Internet addresses may include (1) identifying an Internet Protocol address, (2) identifying a plurality of files downloaded from the Internet Protocol address, (3) generating an aggregation of security assessments that relates to the Internet Protocol address and that may be based at least in part on a security assessment of each of the plurality of files, (4) determining a trustworthiness of the Internet Protocol address based at least in part on the aggregation of security assessments and (5) facilitating a security action based at least in part on the trustworthiness of the Internet Protocol address. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for preventing false positive malware identification may include (1) identifying a set of variants of a trusted software program, (2) characterizing, for each variant in the set of variants of the trusted software program, at least one common property of the variants, (3) clustering the set of variants of the trusted software program based on the common property of the variants, and (4) creating a signature capable of recognizing variants of the trusted software program. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: IoT devices are secured on multiple local area networks. Each local network contains a router which monitors activities of IoT devices, and transmits corresponding information to a backend server. The backend amalgamates this information, calculates dynamic reputation scores, and determines expected authorized activities for specific IoT devices. Based thereon, the backend creates a constraint profile for each IoT device, and transits the constraint profiles to the routers for enforcement. Enforcing a constraint profile can include creating multiples VLANs with varying levels of restricted privileges on a given local area network, and isolating various IoT devices in specific VLANs based on their reputation scores. Constraint profiles can specify to enforce specific firewall rules, and/or to limit an IoT device's communication to specific domains and ports, and/or to specific content.

Abstract: A system, machine readable medium and method for utilizing protocol conversions in policy changing enforcement is disclosed. A message, in a first protocol, is received from a network gateway device including identifying information unique to a client attempting to access a resource from a server. The message is processed using one or more portions of the client identifying information as a unique key identifier. A policy access request is generated, in a second protocol, and includes at least the unique key identifier. The policy access request is sent to a policy server, wherein the policy server is configured to provide policy enforcement information of the client associated with the policy access request. The policy enforcement information is received and one or more policies from the policy enforcement information are enforced to network traffic between the client and the server.

Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.

Abstract: Disclosed is a method and system for enabling multi-party and multi level authorizations for accessing confidential information. A first set of access privilege levels, a first set of credentials, a second set of access privilege levels and a second set of credentials are configured corresponding to a plurality of services. A service consumer may be identified using an identifier and thereafter authorized to issue a request for a service based upon authentication of the service consumer using an access privilege level of the first set of access privilege levels and a credential of the first set of credentials. After the authentication, an OTAT is generated. A service provider may be authenticated using the OTAT, an access privilege level of the second set of access privilege levels and a credential of the second set of credentials. The service provider is then authorized to access the confidential information of the service consumer.

Abstract: A sever receives data from a sender to be dispatched to a recipient. Before dispatching the data to the recipient the server sends a message to the sender's email address requesting a response which will confirm the sender's authorship of the data. Upon receiving the confirmation about sender's authorship of the data, the server transmits the data together with an identification of the sender to the recipient.

Abstract: The present invention is a computer security system and method in which the various algorithms not only do not search for or detect the presence of a steganographic or other hidden image in a data file or across data files, but also includes at least one or more combined approaches for altering and neutralizing any hidden messages without significantly detracting from the underlying integrity of the data file or files thus treated.

Abstract: A document having a non-volatile memory area for storing a secret identifier that has a first n-digit character sequence from a predefined character set; a random generator for selecting at least one character from the predefined character set for replacement of at least one character of the first character sequence, such that a second n-digit character sequence is defined as a result of this replacement; a volatile memory area for storing the at least one selected character; a display device for displaying the at least one selected character; an interface for inputting a third character sequence; and a processor element for authenticating the user to the document, wherein the processor element is configured to access the non-volatile memory area and the volatile memory area in order to read the second character sequence and check for a match between the second and third character sequences in order to authenticate the user.