Abstract: Systems and methods are described herein for graphically representing an information management system based on the characteristics of within the system. The systems and methods interface with various components of the system (e.g., administrative components, index components, and so on) to identify data having certain characteristics (e.g., personal data), and generate or render information (e.g., a heat map or other visual display) that represents areas or locations within the system storing the data. Thus, the systems and methods, in some embodiments, generate or create a data-specific view into the information management system.

Abstract: A drone unit operatively connected to a server may identify an attack, launched by a botnet, on a resource. A drone unit may continuously and iteratively, while the attack is in progress, determine and report to a server a first set of values of a respective set of operational parameters related to the resource. A drone unit may determine, and report to the server, a second set of values of the set of operational parameters after the attack is terminated. A server may determine an impact of an attack by relating the first set values to the second set of values.

Abstract: Embodiments define a secure code hint generator that determine an occurrence of security word text content within electronic message body text that is descriptive of a security token required to open a secured file referenced by the message. The embodiments distinguish a security phrase subset words of the body text content from a remainder of an entirety of the body text content that include the security word content as a function of determining that the security phrase is more related to describing the security token; generate hint text content that differs from the security phrase and is chosen to reveal the security phrase text content to a user as a function of knowledge of user profile data; and associate the hint to the secured file for display to the user in response to a request for access to the secured file.

Abstract: A method at a computing device for provisioning a network-connected device within a security platform, the method including receiving a first connection request, the first connection request being from an electronic apparatus and including a network-connected device identifier; authenticating the first connection request, thereby creating a first connection; receiving a second connection request, the second connection request being from the network-connected device and including the network-connected device identifier and a shared platform credential; receiving a request from the network-connected device to add the network-connected device to the security platform; and adding the network-connected device to the security platform based on a concurrent first connection and the request from the network-connected device to add the network-connected device to the security platform.

Abstract: The invention provides a file storage method, a file search method and a file storage system based on public-key encryption with keyword search. The method comprises: receiving a user file storage request sent from a data possessor, acquiring access control attribute information for access to a user file, security level parameters and a keyword set of the user file, generating a file attribute vector of the user file by means of the access control attribute information and the keyword set, acquiring a public-secret key pair used for encrypting the file attribute vector from a pre-generated key space, encrypting the file attribute vector by means of a public key in the public-secret key pair to obtain a ciphertext corresponding to the file attribute vector, and transmitting the ciphertext corresponding to the file attribute vector and a ciphertext of the user file to a preset storage server.

Abstract: Systems and methods are described for delivering messages from one or more service hosts to clients via a network. A first request identifying the client is received at the message server, and a connection is established and maintained between the message server and the client in response to the first request. When a subsequent request that identifies the client is received from the service host, a message is transmitted from the message server to the client over the previously-established connection. The methods and techniques may be used, for example, to provide messages from various services to placeshifting devices or other clients communicating via the network.

Abstract: A routing system for use in an IoT apparatus is proposed to include a router device. A control module of the router device determines whether to execute a routing process relating to an input message based on environment information, status information and a conflict management mechanism that relate to the router device. In the routing process, the control module executes channel operations when the input message includes a channel management instruction, and executes, when the input message relates to authentication or an application program, a relevant verification procedure or the application program.

Abstract: Methods of short-distance network electronic authentication are described.

Abstract: Method and devices are provided for controlling access of a device to a remote desktop or a remote application running on a remote desktop or application server using a remoting protocol. The method includes the following steps: setting up a connection between the device and the remote desktop or application server to establish or to an existing user session, using the remoting protocol; setting up a virtual channel within the connection using the remoting protocol; monitoring the device to determine a device state; sending the device state over the virtual channel to the application server; and determining based on the received device state if an access to the remote desktop or remote application running in the user session is allowed, and blocking the access if the access is due to the received state not allowed.

Abstract: An elliptic curve random number generator avoids escrow keys by choosing a point on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point , wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.

Abstract: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host.

Abstract: In one embodiment, a distributed denial of service attack on a network is identified. In response to the distributed denial of service attack, a script to request a short term certificate is executed. The short term certificate is generated by a certificate server and received either directly or indirectly from the certificate server. An instruction to redirect traffic using the short term certificate and private key is sent to a distributed denial of service attack protection service that is operable to filter or otherwise mitigate malicious traffic involved in the distributed denial of service attack.

Abstract: A humanness validation method, system, and computer program product, include generating a sequence of actions including gaze actions and emotional state actions, instructing an access requestor to perform the actions in the sequence one-by-one, and granting access to the access requestor if a total error rate of each of the performed one-by-one actions in the sequence of actions is less than a predefined threshold value.

Abstract: A system and method for communication between a building management system control panel and a monitoring station are disclosed. Examples of building management systems include fire alarm systems and security systems. The monitoring station and the control panel establish an encrypted channel between each other. The monitoring station and the control panel then transmit status information over the encrypted channel. In examples, the status information includes alarm information sent from fire control panels, intrusion information sent from security panels, and operational information of the panels and/or monitoring station, in examples.

Abstract: A method of assessing the possibility of an iris print-attack includes measurement of the eye movement of a person. One or more values (e.g., a feature vector) are determined based on the measured eye movements. Based on the determined values, an assessment is made of whether or not the person is engaging in an iris print-attack.

Abstract: The present disclosure involves systems, software, and computer implemented methods for principal propagation. One example method includes deploying a token service to a first cloud platform. A first token request is received from an integration component for a token to be included in a message sent from the first cloud platform to a second cloud platform. A user information request is generated and sent to an identity provider associated with the first cloud platform. User information is received from the identity provider in response to the user information request. A second token request is generated and sent to a token service provider associated with the second cloud platform. The second token request includes the received user information. The requested token is received from the token service provider. The received token is sent to the integration component to enable the integration component to send the message to the second cloud platform.

Abstract: According to one general aspect, a method of using a first probing device may include monitoring one or more encrypted communications sessions between a first computing device and a second computing device. In some implementations of the method, each encrypted communications session includes transmitting a plurality of encrypted data objects between the first and second computing devices. The method may include deriving, by the first probing device, timing information regarding an encrypted communications session. The method may also include transmitting, from the first probing device to a second probing device, the derived timing information.

Abstract: Encryption of data across an environment, such as a shared resource environment, can be updated using keys generated using one or more revocable stream cipher algorithms. Data stored in the environment can be encrypted under a first key, or other such secret. When it is desired to update the encryption, a second key can be generated under which the data is to be re-encrypted. Instead of distributing the second key, a revocable stream cipher generator can generate an intermediate key based on the first and second keys, that when processed with the first key will produce the second key. Such an approach enables data to be re-encrypted under the second key without distributing the second key. Further, the unencrypted data will not be exposed in the process. In some embodiments, the re-encryption can be performed on an as-needed basis in order to reduce processing requirements.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-generation (5G) communication system for supporting higher data rates beyond a 4th-generation (4G) system with a technology for internet of things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method of a terminal according to the present disclosure includes: transmitting connection request messages for network slices, which are networks constructed for each service, to a network; receiving response messages including identifiers of the network slices from a base station; and generating security contexts for each network slice based on at least one of the identifiers of the network slices and tokens generated during an authentication process with a third party.

Abstract: Provided is a method for assigning a time-to-live (“TTL”) value for a domain name system (“DNS”) record at a recursive DNS server. The method comprises obtaining, from a client, the TTL value for the DNS record; and storing, in a memory of the recursive DNS server, the TTL value, an identifier of the client, and the DNS record.