Abstract: Methods and systems are disclosed for implementing one or more isolated computing environment via one or more memory spaces. The isolated computing environment may be configured to execute one or more sandboxed applications and/or processes associated with the isolated computing environment. One or more firewalls may be associated with the one or more sandboxed containers. One or more firewalls may be configured to apply a set of criteria (e.g., policies) to each of the applications and/or processes. In examples, the one or more sandbox firewalls may exist for each of the applications and/or processes and may prevent unauthorized communications between the applications and/or processes. In examples, a sandbox firewall may be configured to apply a set of criteria to one or more applications and/or processes associated with the one or more isolated computing environments. The sandbox firewall may be configured to allow authorized communications between the applications and/or processes.

Abstract: An exemplary method comprises generating receiving an authentication request from a graphical user interface on a first computing device; generating a first encrypted media element; displaying the encrypted media element on the GUI; receiving a second encrypted media element from a second computing device; upon determining that the first and second encrypted media elements have a positive match, querying an identification value associated with the second computing device; receiving the identification value associated with the second computing device; upon the identification value matching a data record within a database, determining an account associated with the data record within the database; and authenticating the first computing device by granting the first computing device access to the account associated with the second computing device.

Abstract: Sensitive data is protected in a software product. A source file of the software product is compiled to generate an object file, in which the source file includes at least one piece of sensitive data marked with a specific identifier. The object file has a secure data section for saving storage information of the at least one piece of sensitive data at compile-time and run-time. The object file is linked to generate an executable file. The executable file updates the secure data section at run-time. Sensitive data is also protected when a core dump is generated.

Abstract: A computer-implemented method is provided for secure data sharing. The method comprises: storing, by a data owner or an entity authorized by the data owner, via a data management user interface, in a decentralized data storage, data in an encrypted format; storing, via the data management user interface, in a blockchain, information indicating the data owner and a reference to the data stored in the decentralized data storage; and storing, by the data owner, via the data management user interface, in the blockchain, information indicating consent given to one or more authorized users for using the data.

Abstract: Challenge-response authentication process of a secure element (SE) in a micro controller unit (MCU) devoid of a random number generator. The process includes the following steps conducted by the micro controller unit (MCU): receipt of at least one random datum (T, IDX) generated randomly by the secure element (SE), generation of a challenge datum (Z) specific to the micro controller unit (MCU) from the received random datum (T, IDX), sending of the generated challenge datum (Z) to the secure element (SE), receipt of a response datum (R) generated by the secure element (SE) as a function of the challenge datum (Z), and determination of an authentication result as a function of the received response datum.

Abstract: Systems and methods for performing authentication may include encrypting, by a server computing system, a question based on a first password associated with a user and based on successful verification of user identification to generate an encrypted question; transmitting, by the server computing system, the encrypted question to a user computing system; receiving, by the server computing system, an encrypted response from the user computing system, the encrypted response associated with the encrypted question; decrypting, by the server computing system, the encrypted response based on the first password to generate a response; and establishing, by the server computing system, a login session with the user computing system based on successful verification of the response.

Abstract: An online system determines the likelihood of an interaction between a user and a content item being an invalid interaction. The online system receives an indication of an interaction of a client device with a content item. The online system identifies a device ID for the client device and determines whether the device ID is associated with one or more browser IDs. If the device ID is not associated with any browser ID, the received interaction is likely an invalid interaction. The online system may further determine the likelihood of an online publisher manufacturing interactions. The online system determines a number of invalid interactions and a number of valid interactions associated with the online publisher. The online system determines a ratio between the number of invalid and valid interactions. If the ratio is larger than a threshold value, the online system determines that the online publisher is likely manufacturing interactions.

Abstract: A method for providing a message hidden service in a chatting window, including: A) confirming whether a received message is a message set as a hidden message from a transmitter when the message is received from a chatting server; (B) confirming whether the received message is set in a hidden setting mode from the receiver when the confirmed result is confirmed as the hidden message; (C) displaying the received hidden message on an independent position separately from a region of the display unit of the device by instructing the received message to be processed by a hidden message processing unit when the received message is the hidden message set by the transmitter and set in the hidden mode state set by the receiver, and (D) hiding the hidden message displayed on the display unit after a predetermined constant time.

Abstract: Systems and methods for encrypting and decrypting a data encryption key are provided. A data encryption key used to encrypt data is encrypted using a first asymmetric key and a policy. The policy includes rules that correspond to attributes. A second asymmetric key is associated with the attributes. To decrypt the encrypted data encryption key, the attributes are used to identify the second asymmetric key. The attributes are also used to pass the rules in the policy included in the encrypted data encryption key. If the attributes pass the rules in the policy, the encrypted data encryption key is decrypted. The decrypted data encryption key can then decrypt the encrypted data.

Abstract: Example methods and systems disclosed herein facilitate the introduction and use of client-specified object encryption within a computing environment using remote third-party storage systems, where data objects stored on the remote third-party storage systems were previously either stored in unencrypted form or encrypted with a single key tied to an account that owns the data. In some embodiments, the encryption is introduced into the system in gradual stages, so as to minimize or entirely eliminate data availability downtime. In some embodiments, the introduction of client-specified object encryption involves registration of a user function on the third-party storage system, where the user function handles object decryption in response to requests of content consumers for data objects stored by the third-party storage system.

Abstract: Disclosed is a method of facilitating electronic signing of a document. The method may include receiving a first confirmation from a witness electronic device associated with a witness. Furthermore, the method may include making a document available to a signor electronic device based on the first confirmation. Further, the signor electronic device may be configured to present the document to the signor and receive an electronic signature from the signor. Additionally, the method may include receiving a second confirmation from the witness electronic device. Further, the method may include receiving a signed document from the signor electronic device. Furthermore, the signed document may include the electronic signature of the signor. Additionally, the electronic signature may be validated based on receipt of each of the first confirmation and the second confirmation.

Abstract: A wireless network environment includes a plurality of access points, a wireless local area network (WLAN) controller, and a plurality of client devices. The client devices attempt to authenticate with the WLAN controller to gain access to wireless services provided by the WLAN controller and/or the access points. To authenticate with the WLAN controller, the WLAN controller obtains a request to establish a wireless network connection from one or more of the client devices. The WLAN controller then provides a response to the request. The response indicates whether the WLAN controller supports performing password-mapped simultaneous authentication of equals (SAE). The WLAN controller then obtains a message including a password-mapped identifier from the client device. The WLAN controller then establishes a connection with the client device based on the password obtained with password-mapped identifier mapping at WLC.

Abstract: A first network element, such as a router, in a computer network may have established a communication link with a second network element in the computer network. A secure session associated with the communication link between the first and second network elements may then be established. The secure session may use a secure communication function on each of the first network element and the second network element. The first network element may then detect that the first network element cannot communicate with the second network element over the communication link. When the first network element cannot communicate with the second network element, the first network element may terminate the communication link and the secure session associated with the communication link.

Abstract: Computer code embedded in an electronic component (e.g., a processor, a sensor, etc.) of a medical device, such as a dialysis machine, can be authenticated by comparing a metadata signature derived from the computer code of the electronic component to a key derived from a pre-authenticated code associated with the electronic component. The metadata signature can be derived by running an error-check/error-correct algorithm (e.g., SHA256) on the computer code of the electronic component. A use of the metadata signature enables detection of any unauthorized changes to the computer code as compared to the pre-authenticated code.

Abstract: Generation of a cryptographic key using one of multiple possible entropy generation components that may provide input entropy. A key generation component provides an interface that exposes one or more characteristics for input entropy to be used to generate a cryptographic key. For applications that are more sensitive to improper key discovery, higher degrees of input entropy may be used to guard against key discovery. During key generation, the key generation component connects with an appropriate entropy generation component via the interface. For instance, the entropy generation component may be selected or adjusted so that it does indeed provide the input entropy meeting the characteristics described by the interface. The key generation component receives the input entropy via the interface, and then uses the input entropy to generate the cryptographic key.

Abstract: Systems, methods, and devices are disclosed for authenticating a product. An internal component of a product is identified by identifying an intrinsic attribute of the internal component, where the intrinsic attribute is received at a time subsequent to independently storing the intrinsic attribute in a database. A match is determined between the intrinsic attribute and the stored intrinsic attribute. The product is confirmed to be authentic when the match is verified.

Abstract: Fisher's exact test is efficiently computed through secure computation. A computation range determination part determines i0, i1, x0, x1. A preliminary computation part computes f(x0), . . . , f(x1), and generates an array M=(f(x0), . . . , f(x1)). A securing part secures the array M, and generates a secure text array <M>=(<f(x0)>, . . . , <f(x1)>). A batch-reading part generates a function value secure text (<f(ai)>, <f(bi)>, <f(ci)>, <f(di)>) (i0?i?i1).

Abstract: Wireless network specific (WN-specific) key can be used to provide access protection over the radio access link. A WN-specific key may be associated with (or assigned to) a wireless network, and distributed to access points of the wireless network, as well as to user equipments (UEs) following UE authentication. The WN-specific key is then used to encrypt/decrypt data transported over the radio access link. The WN-specific key can be used in conjunction with the UE-specific keys to provide multi-level access protection. In some embodiments, WN-specific kays are shared between neighboring wireless networks to reduce the frequency of key exchanges during handovers. Service-specific keys may be used to provide access protection to machine to machine (M2M) services. Group-specific keys may be used to provide access protection to traffic communicated between members of a private social network.

Abstract: A device, system and method for installing encrypted data are provided. A device includes a processor comprising: immutable memory storing preconfigured trust anchor data; and a module storing preconfigured non-exportable data.

Abstract: A firmware update procedure for an accessory component may use a process that stages the firmware update in a separate component from the target accessory component being updated to reduce the memory requirements in the accessory component. Security measures can be used to prevent malicious users from accessing the firmware update while stored in the staging device prior to overwrite of firmware memory in the accessory component. These security measures can include public-private key signing and cryptographic hash calculations.