Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to receive a query statement. The query statement is one of many distributed storage and distributed processing query statements with unique data access methods. Token components are formed from the query statement. The token components are categorized as data components or logic components. Modified token components are formed from the token components in accordance with a policy. The query statement is reconstructed with the modified token components and original computational logic and control logic associated with the query statement.

Abstract: A method of distributing data over multiple Internet connections is provided. The method includes the steps of: (a) providing a client computer with access to a plurality of Internet connections; and (b) providing a host computer for determining the allocation of data to be sent to the client computer over each of the plurality of Internet connections using at least one of (i) predetermined criteria and (ii) dynamically changing criteria.

Abstract: A method in the embodiments of the present invention includes: when the wearable device receives an instruction of a user or an electronic device, obtaining, by the wearable device, an image that includes access information of a Wi-Fi network; and analyzing, by the wearable device, the image, obtaining the access information of the Wi-Fi network, and sending the access information of the Wi-Fi network to the electronic device, so that the electronic device accesses the corresponding Wi-Fi network according to the access information of the Wi-Fi network; or sending, by the wearable device, the image to the electronic device, so that the electronic device accesses the corresponding Wi-Fi network according to the image. The present invention is applied to a procedure of accessing a wireless network.

Abstract: Disclosed are an apparatus and method of verifying an application installation procedure. One example method of operation may include receiving an application at a computer device and initiating the installation of the application on the computer device. The method may also provide executing the application during the installation procedure and creating a hash value corresponding to the executed application data. The method may further provide storing the hash value in memory and comparing the hash value to a pre-stored hash value to determine whether to continue the installation of the application.

Abstract: A pseudonymous Diffie-Hellman protocol is provided by means of a combination of the CA protocol with the RI protocol. According to the invention the determining of the pseudonym from the RI protocol and the forming of the secure communication channel from the CA protocol occur substantially in parallel. According to the invention there is likewise employed a group key for the CA part of the protocol according to the invention. Due to the configuration of the protocol according to the invention it is not possible, in contrast to the known protocols, for an attacker who should succeed in establishing the group key of a portable data carrier according to the invention, to generate the pseudonym of another user.

Abstract: A technique for enabling nominal flow of an executable file on a client is described. The executable file comprises executable code lacking at least one nominal constant, wherein only the nominal constant enables the nominal flow of the executable file and wherein a server has access to the at least one nominal constant. In a method aspect performed by the client, the method comprises retrieving hardware information of the client, wherein the hardware information is at least substantially unique. The method further comprises transmitting one of the hardware information and information derived therefrom to a server and, in turn, receiving at least one constant that has been transformed based on one of the hardware information and the information derived therefrom. The client then performs, using one of the hardware information and the information derived therefrom, an inverse transformation on the at least one transformed constant to recover the nominal constant.

Abstract: A processor in a computer system, the processor including a mechanism supporting a Secure Object that comprises information that is protected so that other software on said computer system cannot access or undetectably tamper with said information, thereby protecting both a confidentiality and an integrity of the Secure Object information while making the Secure Object information available to the Secure Object itself during execution of the Secure Object. The mechanism includes a crypto mechanism that decrypts and integrity-checks Secure Object information as said Secure Object information moves into the computer system from an external storage system, and encrypts and updates an integrity value for Secure Object information as said Secure Object information moves out of the computer system to the external storage system, and a memory protection mechanism that protects the confidentiality and integrity of Secure Object information when that information is in the memory of the computer system.

Abstract: In an approach to securing data using visual hashing, one or more computer processors receive a user access request for hashed image. The one or more computer processors identify one or more access request parameters for the hashed image. The one or more computer processors determine whether the user access request for the hashed image meets the one or more access request parameters. Responsive to determining that the user access request for the hashed image meets the one or more access request parameters, the one or more computer processors identify one or more user access permissions. The one or more computer processors prepare a modified image of the hashed image corresponding to the identified one or more user access permissions. The one or more computer processors send the modified image of the hashed image corresponding to the one or more user access permissions to a requesting user.

Abstract: In one embodiment, a device in a network receives a notification of a particular anomaly detected by a distributed learning agent in the network that executes a machine learning-based anomaly detector to analyze traffic in the network. The device computes one or more distance scores between the particular anomaly and one or more previously detected anomalies. The device also computes one or more relevance scores for the one or more previously detected anomalies. The device determines a reporting score for the particular anomaly based on the one or more distance scores and on the one or more relevance scores. The device reports the particular anomaly to a user interface based on the determined reporting score.

Abstract: One or more processors mark a set of data fields associated with a first trigger in a first trigger-action pair with a taint, where a trigger event triggers an action event in a trigger-action pair. One or more processors mark a first action associated with the first trigger-action pair with the taint, and detect a second trigger associated with a second trigger-action pair. One or more processors then propagate the taint from the first trigger-action pair to the second trigger, and prevent a second action associated with the second trigger-action pair in response to detecting the taint in the second trigger.

Abstract: An image forming apparatus capable of suppressing occurrence of a problem in encryption processing. The image forming apparatus includes a plurality of encryption modules for executing encryption processing associated therewith, respectively, including a predetermined encryption module that executes a predetermined encryption processing when mode setting information is set to make the image forming apparatus compliant with a specific standard, for encryption processing. Encryption providers are registered, which are executed in a program environment different from that for the plurality of encryption modules, and are associated with the encryption modules, respectively. Encryption processing is executed via an encryption provider selected from the registered encryption providers by using an encryption module associated with the selected encryption provider.

Abstract: A semiconductor device includes a plurality of transistors on a substrate, each transistor of the plurality of transistors including a doped nanowire channel region, where the plurality of transistors are grouped into a plurality of transistor groups each including two transistors of the plurality of transistors, and where each transistor group is assigned a state based on an electrical characteristic of each transistor in each transistor group. The semiconductor device also includes a security code for the plurality of transistors generated by grouping together the states corresponding to each transistor group.

Abstract: Method includes determining that a personal communication device is within a designated range of a medical system. The personal communication device is configured to transmit and receive data through a telecommunication network. The method also includes receiving an identifying signal from the personal communication device while within the designated range of the medical system for identifying a user associated with the personal communication device. The method also includes determining that the user associated with the personal communication device is permitted to use the medical system. The method also includes opening a session for the user to use the medical system. The method also includes establishing a dedicated link between the personal communication device and the medical system such that other users are unable to use the medical system during the session. The method also includes closing the session, thereby permitting the other users to use the medical system.

Abstract: Techniques for providing multi-access distributed edge security in mobile networks (e.g., service provider networks for mobile subscribers, such as for 5G networks) are disclosed. In some embodiments, a system/process/computer program product for multi-access distributed edge security in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network; extracting subscription and/or equipment identifier information for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the subscription and/or equipment identifier information.

Abstract: A non-transitory storage medium having stored thereon logic, the logic being executable by one or more processors to perform operations including comparing a current privilege of a first process with an initial privilege of the first process recorded in a privilege list, and responsive to determining a change exists between the current privilege of the first process and the initial privilege of the first process that is greater than a predetermined threshold, determining the first process is operating with the current privilege due to an exploit of privilege attack is shown.

Abstract: Various embodiments are generally directed to an apparatus, method, and other techniques to provide direct-memory access, memory-mapped input-output, and/or other memory transactions between devices designated for use by an enclave and the enclave itself. A secure device address map may be configured to map addresses for the enslave device and the enclave, and a register filter component may grant access to the enclave device to the enclave.

Abstract: Methods and systems provide mechanisms for inspection devices, such as firewalls and servers and computers associated therewith, to selectively manipulate files, for which a download has been requested. The manipulation is performed in a manner which is transparent to the requesting user.

Abstract: A method for using digital signatures for signing blockchain transactions includes: generating a domain key pair comprising a domain private key and a domain public key, wherein the domain public key is signed after generation; receiving a plurality of member public keys, wherein each member public key is received from an associated member of a blockchain network and is a public key in a key pair comprising the member public key and a member private key corresponding to the associated member; signing each member public key using the domain private key; receiving a transaction block from a specific member of the blockchain network, wherein the transaction block includes a plurality of blockchain transaction values and a hash signed using the member private key corresponding to the specific member; signing the received transaction block using the domain private key; and transmitting the signed transaction block.

Abstract: An authentication method for use in a device and comprises monitoring a program behavior stream comprising a plurality of program observables that comprises a program observable. The method records the program observable and matches the recorded first program observable to a program model selected from a plurality of program models stored within a program store. A user model is selected from a plurality of user models stored within a user store corresponding to the program model. A user behavior stream corresponding to the program observable is monitored and a user observable contained in the user behavior stream is recorded. The user observable is correlated to the user model and an authentication state associated with the device is determined based on the correlating.

Abstract: An example computer-implemented method of preventing exploitation of software vulnerabilities includes determining that a software container is susceptible to a vulnerability, determining one or more soft spots required to exploit the vulnerability, and analyzing runtime behavior of the software container to determine if the software container uses the one or more soft spots. The method includes automatically applying a security policy that prevents the software container from using the one or more soft spots based on the analyzing indicating that the software container does not use the one or more soft spots at runtime.