Abstract: A communication device and method for authentication of a message being transmitted from the communication device. The method includes receiving, by a messaging utility, content of a message provided for transmission from the communication device. Based on a determination that the message requires user authentication before the message is transmitted to a recipient, the method further includes selecting, based on contextual data, one or more biometric capturing components of the communication device; triggering at least one selected biometric capturing component to capture a corresponding biometric input from a user of the communication device; and transmitting the message when the biometric input as belonging to an authorized user of the communication device. In one embodiment, a clearinghouse service authenticates a biometric input from a user of the communication device in order to certify the user and/or the message.

Abstract: A method and an apparatus for trusted measurement, where the method includes: obtaining a first processing result by performing a first-manner processing on a code segment, and using a result obtained by performing a second-manner processing on the first processing result as a reference value; obtaining, at a first moment when the system is running, a second processing result by performing the first-manner processing on the code segment, and obtaining a first measurement value by performing the second-manner processing on the second processing result; and determining whether the first measurement value and the reference value are equal, and when the first measurement value and the reference value are equal, the system is trusted, where the code segment in the memory is a code segment that does not change with normal running of the system during one start-up and a running process of the system.

Abstract: In one embodiment, a device in a network receives sensor data from one or more nodes in the network. The device selects a processing mode from among a plurality of processing modes based on a plurality of attributes of the sensor data. The plurality of processing modes comprises a fast data path mode and a slow data path mode. The device encrypts the sensor data using a first encryption mechanism that controls access to the plurality of attributes of the sensor data. The device sends the encrypted sensor data to a cloud-based intermediary based on the selected processing mode for sharing with one or more other devices in one or more other networks.

Abstract: A server system for distributing information securely includes a network interface for receiving, over a network, an information object accompanied by metadata. A repository stores the information object. Metadata is mapped to electronic addresses of trusted recipients. A processor is configured to generate a link for accessing the information object in the repository, acquire an electronic address of a trusted recipient based on the metadata accompanying the information object, insert the link into an electronic message addressed to the electronic address of the trusted recipient, and send the electronic message with the link to the trusted recipient. The processor is further configured to receive, over a second network, a request for the information object sent from a user device in response to an activation of the link, retrieve the information object from the repository, and transmit the information object to a browser of the user device over the second network.

Abstract: Systems, devices, and methods for encrypting genetic information are provided herein. Also provided herein are systems, devices, and methods for encrypting compressed genetic data, transmitting encrypted compressed genetic data, and receiving, storing, accessing encrypted compressed genetic data. In some cases, a user interface is in communication with a system or device provided herein.

Abstract: Providing verification of the identity of a digital entity may include including receiving information and a public key of the digital entity, the information having been previously attested to in an attestation transaction stored within a centralized or distributed ledger at an attestation address, the centralized or distributed ledger providing a record of transactions. The system may derive an attestation address using the information and the public key of the digital entity. The system may verify the existence of the attestation transaction at the attestation address in the centralized or distributed ledger and verify that the attestation transaction has not been revoked. The processor associated with the user may receive a cryptographic challenge nonce signed by the digital entity's private key; and may verify the digital entity's identity with the cryptographic challenge nonce signed by the digital entity's key.

Abstract: A method of performing operations by a processor of a computer terminal, includes determining an operation system (OS) speed scaling gain used by the OS to transform mouse movement data, which is received from a mouse device via a device interface circuit, into mouse speed data that controls positioning of a mouse pointer relative to pixel locations on a display device. A computer terminal identifier is generated based on the OS speed scaling gain. A computer identification message containing the computer terminal identifier is communicated through a network interface circuit. Related computer terminals and computer authentication nodes are disclosed.

Abstract: A device and method for authenticating a user of a wearable biometric device. The method involves performing an initial biometric authentication of the user, the authentication being based on biometric features extracted from one or more image frames corresponding to a first portion of the user's hand and/or wrist, captured with a camera of a wearable device. A second part of the authentication method involves either re-confirming the initial biometric authentication of the user or verifying the liveness of the user or both re-confirming the authentication and verifying the liveness. The second step of the method is based on at least a measure of a second portion of the user's hand or wrist taken when the wearable device is worn against the user's hand or wrist. A notable part of the method is that the initial biometric authentication is performed by temporarily moving the camera away from the first portion of the user's hand and/or wrist.

Abstract: The inventive systems and methods aggregate network information to accompany file information in an indicator and warning environment. This system also provides a user interface to search for files using network attributes or file attributes, such as message digest. The system can include threat scoring functionality that can be configured to calculate a threat score based on a combination of the result of file analysis on one or more files and associated network data capture information.

Abstract: In some aspects, a message and an implicit certificate are accessed. The implicit certificate is associated with an entity. A modified message is generated by combining the message with a value based on the implicit certificate. A digital signature can be generated based on the modified message and transmitted to a recipient. In some aspects, a digital signature from an entity and a message to be verified based on the digital signature are accessed. An implicit certificate associated with the entity is accessed. A modified message is generated by combining the message with a value based on the implicit certificate. The message is verified based on the digital signature and the modified message.

Abstract: A network communication method comprises connecting, by a server and client, through networks and sharing a symmetric key, generating, by the server, a credential by which the client can be identified, through random number generation, and sharing the credential with the client, generating, by the client, transmission data containing a serial number indicating the sequence of the transmission data, and transmitting a message to the server, and generating, by the server, transmission data containing a serial number indicating the sequence of the transmission data, and transmitting a message to the client.

Abstract: A computing device identifies a torrent identifier for a torrent file, where the torrent file is associated with content to be processed at the computing device. The computing device uses the torrent identifier to search a data store containing data indicating characteristics of the content associated with the torrent file. Where the search locates data indicating characteristics of the content associated with the torrent file in the data store, the computing device controls whether to process the content associated with the torrent file at the computing device based on the located data.

Abstract: Various embodiments are described that relate to data set communication. Security information, such as a key list, can be generated and transmitted from a first node to a second node by way of a secure high throughput communication channel with high latency. The key list can be used to encrypt the data set and the encrypted data set can be sent to the second node by way of low latency signaling. The second node can decrypt the encrypted data set with the key list and perform a function that is indicated by the data set.

Abstract: Systems and methods for detecting replay attacks may use one or more sensors to collect data about a state of a device. The device may be used to perform a transaction. The device may be used to authenticate or identify a user. The state of the device may pertain to a characteristic of the device position, movement, component, or may pertain to one or more environmental conditions around the device. The state of the device may be expected to change over time, and certain states are unlikely to be repeated. The detected repetition of a state of the device may be a cause for increasing the likelihood that a replay attack is taking place.

Abstract: One or more terminals that are coupled to a packet-based network are installed with a first instance and/or a second instance of a communication client application of a first user. At times, the communication client application can be configured to enable the first user to communicate with other users using a first communication system implemented over the packet-based network. In some cases, a controller coupled to the packet-based network can be used to maintain separate privacy settings for each of the first and second instances, and thereby control the privacy of the first user in relation to the other users within the first communication system in dependence on which of the first and second instances is active.

Abstract: System and computer readable media embodiments of enhanced and flexible login and profile management tools as well as brand owner communication tools are provided which provide more flexibility in regards to information sharing that benefit both users and brand owners and ease the integration of user information into brand owner databases. System and computer readable media embodiments are also provided for an end user to control both how and who uses her personal data. Specifically, these embodiments permit her to authorize which pieces of personal data may be used by particular actors to perform particular tasks. In addition, these embodiments allow the tasks to be performed while simultaneously limiting the number of actor(s)/servers/devices in possession of her personal data.

Abstract: Controlling device security includes obtaining a set of device activity data indicating current device activity on a device and a set of user activity data indicating a current activity state of one or more legitimate users of the device. It is determined whether the indicated current activity state of the users indicates that a legitimate user is in an active state on the device, or that none of the legitimate users is in an active state on the device. A statistical fit of the indicated current device activity on the device, with the indicated current activity state of the one or more legitimate users, is determined, by a comparison with at least one of the models that are generated via supervised learning. A security alert action may be initiated, based on a result of the determination of the statistical fit indicating a compromised state of the device.

Abstract: A computer-implemented method for assessing cyber risks using incident-origin information may include (1) receiving a request for a cyber-risk assessment of an entity of interest, (2) using an Internet-address data source that maps identifiers of entities to public Internet addresses of the entities to translate an identifier of the entity into a set of Internet addresses of the entity, (3) using an incident-origin data source that maps externally-detected security incidents to public Internet addresses from which the security incidents originated to translate the set of Internet addresses into a set of security incidents that originated from the entity, and (4) using the set of security incidents to generate the cyber-risk assessment of the entity. Various other methods, systems, and computer-readable media may have similar features.

Abstract: A communication method is securely performed by a communication device having a predefined URL. The communication method includes transmitting a first request, prior to receiving a response for the first request, receiving a second request transmitted to the predefined URL, determining whether the second request is for verifying whether the first request is transmitted by the communication device, transmitting a response for the second request according to a result of the determination, and receiving the response for the first request.

Abstract: A vehicle system includes a master ECU and a general ECU. The general ECU attaches a digital signature to transmission data including data (for example, a digest value of a program) and transmits the transmission data to the master ECU. The master ECU verifies the digital signature and the data and, when both the digital signature and the data are valid, determines that the general ECU is valid. The master ECU attaches a digital signature to transmission data including data of the master ECU and a session key and transmits the transmission data to the general ECU. The general ECU verifies the digital signature and the data and, when both the digital signature and the data are valid, the general ECU uses the session key included in the transmission data as a common key when performing subsequent communications.