Abstract: Systems and methods for generating and using ephemeral identifiers are provided. One example method includes determining, by one or more computing devices, a current time-count. The method includes determining, by the one or more computing devices, a time-modified identifier based at least in part on a static identifier and the current time-count. The method includes determining, by the one or more computing devices, an ephemeral identifier based at least in part on the time-modified identifier and a rotation key. One example system includes a plurality of beacon devices, at least one observing entity, and at least one verifying entity.

Abstract: An electronic system includes: a control unit configured to: calculating a risk score based on a permission requested by an application, generating a summary presentation based on the risk score for presenting a risk visualization of a privacy risk posed by an application, generating a subcategory presentation based on the risk score for presenting the risk visualization of the privacy risk posed to a device feature by the application, and a user interface, coupled to the control unit, configure to present a risk presentation including the summary presentation, the subcategory presentation, or a combination thereof for displaying on a device.

Abstract: In some example implementations, a method may include receiving, at a broker, authorization to access at least one cloud service provider; receiving, at the broker, a message representative of at least one of a submission of data to or a request for data from the at least one cloud service provider; determining, by the broker based on a classification of the data, whether to authorize the at least one of the submission of data to or the request for data from the at least one cloud service provider; and forwarding, by the broker based on the determining, the at least one of the submission of data to or the request for data from the at least one cloud service provider, wherein the receiving authorization, the receiving the message, the determining, and the forwarding are implemented by at least one processor. Related systems, methods, and articles of manufacture are also provided.

Abstract: Methods and apparatus for optimizing security configurations of a set of computers are disclosed. A set of local servers, each functioning as a deep-security manager supporting a respective subset of the computers, maintains protection software containing filters and rules for deploying each filter. A local server receives updated protection software from a central server. Each local server interrogates each computer of its subset of computers to acquire computer-characterizing data and applies relevant rules to determine an optimal set of filters for each computer. Each rule adaptively determines required characterizing data elements from each computer for determining an optimal security configuration. A local server updates the security configuration of a computer to suit changes in the operational environment of the computer.

Abstract: Systems and methods for testing to tell computers and humans apart and generating said tests are described. To generate a test, a selection of a range of characters at least including the 8-bit ASCII character range is received. Each character in the selected range of characters is tested to determine if the character has a glyph in the selected font, if the character is a whitespace character, and if the character leaves a visible impression. From all the characters in the selected range of characters that pass the tests, a plurality of characters is selected for a challenge, and a larger set of characters (that includes the plurality of characters from the challenge) is selected for a response. An image is generated that includes the challenge and the response, and a solution threshold is calculated based on the location of the challenge characters within the generated response.

Abstract: The present invention is a procedure for a self configuring eNB/E-UTRAN. The eNB/E-UTRAN interacts with the Enhanced Packet Core (EPC) of the LTE network in order to complete the mutual authentication task between the eNB and the EPC and other operating procedures in the eNB self configuration phase.

Abstract: A mobile device capable of performing a plurality of functions. The mobile device includes a memory for storing a plurality of different security policies; an input device for invoking a function from the plurality of functions by a user; a processor for assigning a first security policy from the stored plurality of security policies to the invoked function; and a security module for requiring the user to satisfy the assigned first security policy, before the invoked function is performed by the mobile device.

Abstract: The disclosed embodiments provide a method, a server, and a terminal device for establishing a communication session. The method includes: receiving a communication session request sent from a first user via a terminal device; obtaining a communication session target for the first user, a second user, by matching for the first user; and sending an identifier of the second user to the terminal device to establish a communication session between the first user and the second user, wherein the identifier is used for the terminal device to distinguish the communication session target of the first user, and is hidden from the first user.

Abstract: Methods of configuring a different authority for a plurality of users to use at least one application in an electronic device. User inputs are received to set passwords for respective user levels, where each user level is associated with a different authority to access applications. The passwords are registered for the respective user levels. At least one application is associated with one of the user levels.

Abstract: Described herein is technology for restoring access to a user account. In particular, systems and methods for account recovery using a platform attestation credential are described. In some embodiments, the platform attestation credential is generated by an authentication device in a pre boot environment. A first copy of the platform attestation credential may be bound by an account management system to a user account. Access to the user account may subsequently be restored using a second copy of the platform attestation credential.

Abstract: A method of an electronic device is provided. The method includes generating a key code by receiving a selection on at least one area from among areas of an image displayed, decrypting an encrypted message included in the image by using the generated key code, and determining whether to output the encrypted message by determining whether a hash code for the decrypted message is identical to a hash code for inputted text information.

Abstract: A central controller and a method for separation of traffic processing in a software defined network (SDN). The method comprises: identifying, based on at least one zoning trigger parameter, a potential cyber-attack; triggering a zoning mode for mitigating the potential cyber-attack; dynamically allocating, based on a load profile, a first group of computing resources of a computing farm to a trusted zone and a second group of computing resources to an un-trusted zone; assigning the computing resources in the first group with a first address and the computing resources in the second group with a second address, wherein only the second address is advertised; and causing at least one network element in the SDN to divert incoming traffic to the first group and to the second group of computing resources based on a plurality of zoning rules implemented by the at least one network element.

Abstract: A processor ascertains that a user is authorized to access a federated computing environment that includes at least two servers, which includes determining that input authentication information previously received from the user by a first server of the at least two conforms to at least one rule of an authentication policy of a second server having a highest relative priority among servers of the at least two servers whose authentication policy's at least one rule, in an authentication policy table within the first server, is conformed to by the received input authentication information. The authentication policy table within the first server includes (i) an authentication policy of each server of the at least two servers and (ii) a relative priority of each server in order of decreasing number of users registered in an authentication system of each server.

Abstract: A method, device, and system for secure end-to-end audio recognition is disclosed. A client device launches an application that connects with a server. The client device and server exchange cryptographic keys and establish a secure connection and a shared cryptographic key. The server transmits an encrypted audio prompt to the client device. The client device decrypts the encrypted audio prompt and stores the decrypted audio prompt in secure memory inaccessible to the operating system using an audio engine of the client device. The audio engine then retrieves the audio and renders it for the user through the speakers of the client device. The client device captures the user's audio response with a microphone and stores the audio response in the secure memory. The stored audio response is encrypted and transmitted to the server.

Abstract: A trusted computing device (TCD) includes an isolated environment, host interface, secure interface, and program instructions. The environment includes an isolated environment processor (IEP), memory (secure and non-secure partition), and an auxiliary processor (AP). Memory and AP are connected for data communication with the IEP, and communicate with a host only through the IEP. The host interface and each secure interface are connected for data communication with the IEP.

Abstract: Storage providers can securely store data and avoid data duplication with secure derivative data and offload the responsibility of generating the secure derivative data to the data owners. Initially, a data source will provide an encrypted version of data and the secure derivative data to a remote storage provider. The secure derivative data can include a hash of the data, a hash of the encrypted version of the data, a hash tree generated from the data, and an encrypted version of the key used to encrypt the data. When the remote storage provider later receives a request to store the same data, the remote storage provider uses the secure derivative data for secure proofs of storage and for proof of data possession.

Abstract: A method performed by a first application in a client apparatus to authenticate a second application in the client apparatus is provided. The method includes, when the first application receives an execution request from the second application, requesting authentication information of the second application from an authentication server, obtaining the authentication information of the second application from the authentication server, and authenticating the second application using the authentication information, wherein the authentication information of the second application is signed with a private key of the authentication server.

Abstract: Techniques are disclosed for sending, from an application executing on a device associated with a user, through a Representational State Transfer (REST)-based interface, to an authorization computer system, a request for permission to access a scope of information associated with the user. The techniques can further include, based on authentication of the user, receiving, at the device associated with the user, through the REST-based interface, a request for consent by the user to allow the application to access information that is within the scope of information associated with the user. Furthermore, the techniques can include, responsive to the device receiving consent from the user, sending, from the device associated with the user, through the REST-based interface, to the authorization computer system, the consent to allow the application to access the information for the authorization computer system to store a mapping between the application and the scope.

Abstract: Disclosed is a two-factor method for protecting access to content, device functionality accounts and the like through portable devices. A master device may facilitate a subordinate device's access to the on-line account by situating the master device in close proximity to the unauthorized user's portable device. Once within close proximity of one another, the devices may exchange information that may eventually allow the subordinate device to access an account, an application or the like.

Abstract: A protected querying technique involves creating shingles from a query and then fingerprinting the shingles. The documents to be queried are also shingled and then fingerprinted. The overlap between adjacent shingles for the query and the documents to be queried is different, there being less, or no overlap for the document shingles. The query fingerprint is compared to the fingerprints of the documents to be queried to determine whether there are any matches.