Abstract: A method for protecting an electronic device executing a program against fault injection and type confusion attacks likely to affect a variable (Z) intended to be used by the program. The method includes calculating integrity check data (X, Y) of variable (Z), dependent on a type (T) of the variable (Z), and a value (V) of the variable (Z) stored in an execution stack (P1) and/or of a first addressing datum (A) stored in a first index register (ind1). The first addressing datum (A) adapted to locate the value (V) stored in the execution stack (storing the integrity check data (X, Y) on the variable (Z) in at least one control stack (P2, P3) different to the execution stack (P1). Storing in a second index register (ind2), a unique second addressing datum (A2) adapted to locate the integrity check data (X, Y) in the or each control stack (P2, P3).

Abstract: The present disclosure describes use of two security processors for a mobile device. In some aspects, a first security processor device embodied in a security component of an apparatus receives a user input via an input device and transmits a security condition signal to a second security processor device embodied in a System on Chip (SoC) component of the apparatus, causing the SoC component to perform a security operation. In other aspects, the first security processor receives a signal via a sensor device sensing environmental conditions surrounding the apparatus and, in response, transmits a security condition signal to the second security processor, causing the SoC component to perform a security operation. The security operation is directly controlled, maintained, and implemented by the second security processor embodied in the SoC component.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive registration data for a local network device, receive registration data for an electronic device, receive a request to pair the local network device and the electronic device, where the request to pair the devices includes a pairing code, and allow the pairing if the registration data for the local network device, the registration data for the electronic device, and the pairing code satisfies predetermined conditions. In an example, the pairing code was to the local network device and the electronic device requested and received the pairing code from the local network device.

Abstract: A verification request is received. In response to receiving the verification request, a first character string is obtained. The first character string comprises one or more variable characters. At least one of the one or more variable characters in the first character string is replaced with at least one backup character to generate a second character string based on multiple pre-established corresponding relationships. A verification code is generated based on the second character string. A user corresponding to the verification request is verified based on a user input corresponding to the verification code.

Abstract: Methods and apparatuses are described for time-series database user authentication and access control. A server computing device receives a request from a remote computing device to access a time-series database coupled to the server computing device, wherein the request includes one or more authentication credentials associated with the remote computing device. The server computing device validates the one or more authentication credentials associated with the remote computing device. The server computing device connects to an access control layer associated with the time-series database. The access control layer authorizes the remote computing device to access data in the time-series database based upon an access profile associated with the validated authentication credentials. The server computing device retrieves data from the time-series database in response to the request.

Abstract: Customer online data is collected via script on customer computers and is communicated to a server hosted by an organization, such as a card issuer. The customer online data communicated to the server is non-personally identifiable information (non-PII). In turn, the server aggregates the non-PII customer online data from the set of participating merchants. The server associates the received non-PII customer online data with non-PII demographic data. Other non-PII transaction data, such as previous transactions processed at a card issuer, also can be associated with the non-PII customer online data and non-PII demographic data. These associations are, in turn, used to create reports and to provide services to help merchants or other requesting organizations develop online strategies to drive click thru and conversion rates.

Abstract: A method for secret sharing utilizing multiple features of an input includes: receiving a registration input; obtaining features from the registration input; generating a secret key and a plurality of shared keys according to a shared secret scheme; associating each of the plurality of shared keys with a respective feature of the registration input; generating a plurality of additional features associated with additional keys having a similar format as a shared key associated with a respective feature; storing the plurality of shared keys associated with respective features together with the plurality of additional keys associated with additional features; and encrypting an element to be protected by the secret key using the secret key.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to monitor access to data in a secured area of memory at a hypervisor level, receive a request from a process to the data in the secured area, and deny the request if the process is not a trusted process. In an example, the electronic device is a point of sale device.

Abstract: The present invention relates to the field of networking and API/application security. In particular, the invention is directed towards methods, systems and computer program products for deep learning based API traffic analysis and network security. The invention provides an automated approach to threat and/or attack detection by machine learning based accumulation and/or interpretation of various API/application traffic patterns, identifying and mapping characteristics of normal traffic for each API, and thereafter identifying any deviations from the normal traffic parameter baselines, which deviations may be classified as anomalies or attacks.

Abstract: A verification request is received. In response to receiving the verification request, a first character string is obtained. The first character string comprises one or more variable characters. At least one of the one or more variable characters in the first character string is replaced with at least one backup character to generate a second character string based on multiple pre-established corresponding relationships. A verification code is generated based on the second character string. A user corresponding to the verification request is verified based on a user input corresponding to the verification code.

Abstract: Targeted email attacks are detected using feature combinations of known abnormal emails, interflow shapes formed by an email with other emails, or both. An email received in an endpoint computer system is scanned to identify abnormal features indicative of a targeted email attack and the abnormal features of the email are checked against abnormal feature combinations. The email can also be scanned to identify an interflow shape formed by the email with other emails and the interflow shape is checked against interflow shapes of known targeted email attacks.

Abstract: A data encryption method performed at a computing device includes: receiving a data encryption request, the data encryption request indicating original data that needs to be encrypted and at least two target storage devices that are communicatively connected to the computing device; in response to the data encryption request: separately obtaining unique device information of the at least two target storage devices; generating, based on the unique device information, a public key according to a preset policy; encrypting the original data by using the public key to obtain ciphertext; and destructing relevant data of the public key from the computing device, and storing the ciphertext into the at least two target storage devices.

Abstract: A centralized policy management may allow for one set of credentials to various applications and services offered by a computing resource service provider or other third-party servers. An entity responsible for the administration of a directory made available through a managed directory service may specify one or more policies for users and/or groups of users that utilize the directory. For example, the managed directory service may include a policy management subsystem that manages a set of policies for users and/or groups of users that controls a level of access to applications and services. Administrators can assign one or more policies to a user or a group of users and users can select one or more policies provided to the user by the administrator when attempting to access an application or service.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to analyze data related to a digital certificate and assign a reputation to the digital certificate, where the reputation includes an indication if the data is proper. The analysis of the data can include determining if code signing for the digital certificate matches binary code for the digital certificate, if the digital certificate has been grafted to the data by modifying a portable executable file header, or the digital certificate is the same as another trusted digital certificate associated with different data.

Abstract: A method includes sending, to a compute device and via a private channel, a public key for asymmetric encryption. The method also includes concurrently authenticating the compute device and generating a traffic key for symmetric encryption, based at least in part on the public key. The method further includes sending a message to the compute device, the message being encrypted using the traffic key via the symmetric encryption.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, to provide digital identification. One of these methods includes receiving a request for a digital document from a digital wallet executing on a mobile device. The method includes identifying a digital document provider capable of providing the requested document. The method includes sending the request for the digital document to the identified digital document provider. The method includes receiving, from the digital document provider, information that enables the mobile device to view the digital document and does not enable the computer system to view the digital document.

Abstract: A computing system is configured to access a plurality of remote databases in order to identify data inconsistencies between the remote databases and provide user interfaces to a user in order to initiate communication via one or more APIs to certain remote databases indicating updates that reconcile said data inconsistencies.

Abstract: Disclosed is an embedded device configured to process network communication data received over a communication network. The embedded device may include a communication interface configured to receive the network communication data from at least one external device connected to the communication network. Further, the embedded device may be configured to transmit a benign format of the network communication data to at least one designated network device connected to the communication network. Additionally, the embedded device may include a memory configured to store the network communication data. Further, the embedded device may include a processor configured to analyze the network communication data. Furthermore, the processor may be configured to detect malicious activity associated with the network communication data based on the analyzing. Moreover, the processor may be configured to convert the network communication data into the benign format of the network communication data.

Abstract: A medical treatment machine, such as a dialysis machine (e.g., a home dialysis machine, such as a home hemodialysis machine or a home peritoneal dialysis machine) can receive a digital prescription file that defines parameters of a medical treatment to be administered to a patient. The digital prescription file can be prepared and delivered in such a way that the medical treatment machine can confirm that the issuer (e.g., provider) of the digital prescription file is an authorized issuer without having any a priori knowledge of the particular issuer. The digital prescription file can be delivered irrespective of the inherent security (or lack thereof) of the transmission medium in a tamper-evident format using minimal resources necessary to verify the validity of the digital prescription file and its issuer. The digital prescription file may be delivered to the dialysis machine using a network cloud-based connected health system.

Abstract: A network can operate a WiFi access point with credentials. An unconfigured device can (i) support a Device Provisioning Protocol (DPP), (ii) record responder bootstrap public and private keys, and (iii) be marked with a tag. The network can record initiator bootstrap public and private keys, as well as derived initiator ephemeral public and private keys. An initiator can (i) operate a DPP application, (ii) read the tag, (iii) establish a secure and mutually authenticated connection with the network, and (iv) send the network data within the tag. The network can record the responder bootstrap public key and derive an encryption key with the (i) recorded responder bootstrap public key and (ii) derived initiator ephemeral private key. The network can encrypt credentials using the derived encryption key and send the encrypted credentials to the initiator, which can forward the encrypted credentials to the device, thereby supporting a device configuration.