Abstract: Described herein are various aspects pertaining to generating web tickets for use with authenticating computing devices to a computing system. Symmetric keys are used when generating the web tickets, wherein a symmetric key is valid for use when generating web tickets for a first period of time, and a web ticket generated based upon the symmetric key is valid for use when authenticating a computing device for a second period of time that is longer than the first period of time. Thus, the symmetric key is used for authenticating computing devices after it has ceased being used to generate web tickets.

Abstract: A method of operating a first device in group of devices in a network is disclosed. The method comprises encrypting and decrypting, with a processor of the first device, communications with other devices in the group of devices using a shared key that is stored in a memory of each device in the group of devices; receiving, with a transceiver of the first device, a first message from a second device in the group of devices, the first message indicating that the first device is authorized to share the shared key; and transmitting, with the first device, the shared key to a third device in the network that is not in the first group of devices only after receiving the first message indicating that the first device is authorized to share the shared key.

Abstract: Various embodiments are directed to techniques for controlling access to data in a decentralized manner. An apparatus includes an apportioning component to divide an item of data into multiple portions based on an organizational structure of the item of data; a tree component to generate a PRN tree including a multitude of nodes and a branching structure based on the organizational structure, the multitude including at least one branching node and multiple leaf nodes that correspond to the multiple portions; a PRN component to generate a PRN for each node of the multitude, the PRN component to use a PRN of a branching node of the PRN tree to generate a PRN for a leaf node that depends therefrom; and a communications component to transmit the multiple portions and multiple addresses based on PRNs of leaf nodes of the PRN tree to a server. Other embodiments are described and claimed.

Abstract: Disclosed is a system and method for distributing software updates to terminal nodes in a network. The system includes a network administration server configured to: receive from security applications installed on a plurality of terminal nodes in the network criteria characterizing the terminal nodes and identifiers of other terminal nodes in broadcast domains of the terminal nodes; based on the criteria, select terminal nodes to be used as active and passive update agents for each broadcast domain; and transmit to the security applications of the selected active update agents for each broadcast domain, one or more software updates for further distribution of the software updates by the active update agents to one or more passive update agents and the plurality of terminal nodes in the same broadcast domain.

Abstract: Generally discussed herein are systems, devices, and methods for entwined encryption and error correction and/or error detection. An entwined cryptographic encode device can include a memory including data indicating a set of relatively prime, irreducible polynomials stored and indexed thereon, entwined encryption encoding circuitry to receive data, transform the data to a set of data integers modulo respective polynomial integers representative of respective polynomials of the polynomials stored on the memory, and perform a Da Yen weave on the transformed data based on received cipher data, and provide the weaved transformed data to a medium.

Abstract: A method for secret sharing utilizing multiple features of an input includes: receiving a registration input; obtaining features from the registration input; generating a secret key and a plurality of shared keys according to a shared secret scheme; associating each of the plurality of shared keys with a respective feature of the registration input; generating a plurality of additional features associated with additional keys having a similar format as a shared key associated with a respective feature; storing the plurality of shared keys associated with respective features together with the plurality of additional keys associated with additional features; and encrypting an element to be protected by the secret key using the secret key.

Abstract: Systems and methods for privacy breach notification and protection enabled by the Internet of Things (IoT) are provided. Some embodiments establish a passive early warning privacy-breach detection from laser beam scan capability on a mobile device and IoT device when a particular owned object (or set of owned objects) has been laser scanned. Sensor information (e.g., laser beam sensing transparent adhesive tape, automotive cameras and proximity sensors) can be used to create notifications that allow a user to take action or to have peace of mind relating to particular activities such as to avoid fees and fines, to recover lost objects, to confirm known events, and to trigger activity.

Abstract: In one embodiment, a filtering technique is provided for ensuring data quality of network address observations. A network address observation is obtained of a network address associated with a source device, the network address observation associating the network address with one or more directly observed attributes. The network address observation is filtered based on a comparison of a selected one of the one or more directly observed attributes to a predetermined criteria, and using a result of the comparison as indicative of whether the network address observation should be used for association of the network address with one or more directly observed attributes. The filtering either associates one or more indicators with the network address observation, or removes the network address observation. A network address to attribute association system executed on one or more electronic devices stores a record that maintains any network address observation that has not been removed and any indicator.

Abstract: Embodiments of the present disclosure include a platform for a resource provisioning system. The platform can execute big data analysis techniques to access-right data to generate statistics that characterize a set of users. For example, characteristics of users who access resources events can be analyzed with varying levels of detail. The access-right data can include access right assignments, and data identifying the users to which access rights are assigned. In some implementations, spatial management systems can access the platform to generate statistics for the resources.

Abstract: A computer-implemented method is provided for encrypting a message using a plurality of keys and a plurality of encryption algorithms. The method includes mapping, by the computing device, each of the plurality of keys to an encryption algorithm randomly selected from the plurality of encryption algorithms, and storing, by the computing device, in an index table the plurality of keys correlated to their respective encryption algorithms. The method also includes decomposing, by the computing device, the message into one or more message segments and encrypting, by the computing device, each of the one or more message segments using the index table. The method further includes transmitting, by the computing device, at least one of the index table or the one or more encrypted message segments to a receiving computing device over the electronic network.

Abstract: A method and system to verify identity while protecting private data. To locally verify identity without requiring communication with an external database or passing personal/identity information over network connections. To create a database and/or statistical model for later use to verify identify, private information from a first media is input to a device. Private information subsequently presented via a second media is then verified locally by comparing to the private information previously captured from the first media. If the resultant correlation score is sufficiently high the private information from the first media and from the second media are determined to belong to the same individual, and the user is authenticated or a desired action is approved. In case of a low correlation score, a notification may be sent to one or more entities alerting authorities of a security breach or identity theft.

Abstract: Embodiments disclosed herein generally relate to a system and method for detecting fraudulent computer activity. A computing system generates a plurality of synthetic identities. Each of the plurality of synthetic identities mimics information associated with a verified identity. The computing system receives, from a user, an input attempt. The input attempt includes a synthetic identity of the plurality of synthetic identities. The computing system compares input information in the input attempt to the plurality of synthetic identities. The computing system determines that the input information in the input attempt includes information from the plurality of synthetic identities, if it does, the computing system rejects the input attempt.

Abstract: A storage system includes a host configured to provide a request for setting or clearing secure write protection; and a storage device including a register, the register including fields that store information for controlling write protection attributes and a secure mode of the storage device, the storage device being configured to authenticate a request of the host when the secure mode is enabled, wherein the storage device is configured set or clear the secure write protection based on the request of the host when the storage device authenticates the request of the host, wherein after the secure mode is set, the storage device restricts an access of an unauthenticated host for setting and clearing write protection, and wherein the register comprises a secure write protection (WP) configuration masking field for controlling register fields of the register that are associated with write protection.

Abstract: A centralized policy management may allow for one set of credentials to various applications and services offered by a computing resource service provider or other third-party servers. An entity responsible for the administration of a directory made available through a managed directory service may specify one or more policies for users and/or groups of users that utilize the directory. For example, the managed directory service may include a policy management subsystem that manages a set of policies for users and/or groups of users that controls a level of access to applications and services. Administrators can assign one or more policies to a user or a group of users and users can select one or more policies provided to the user by the administrator when attempting to access an application or service.

Abstract: MITM attacks are detected by intercepting network configuration traffic (name resolution, DHCP, ARP, ICMP, etc.) in order to obtain a description of network components. A computer system generates artificial requests for network configuration information and monitors responses. Multiple responses indicate a MITM attack. Responses that are different from previously-recorded responses also indicate a MITM attack. MITM attacks may be confirmed by transmitting fake credentials to a source of a response to a request for network configuration information. If the fake credentials are accepted or are subsequently used in an access attempt, then a MITM attack may be confirmed.

Abstract: Disclosed can improve rights list management as well as performance of systems utilizing an access control list. A database server having a transitive closure management module may receive an identification of an entity defined in a database storing a cached transitive closure. The transitive closure management module may incrementally update the cached transitive closure stored in the database by generating a new transitive closure for the entity and determining a delete transitive closure record. The delete transitive closure record may be determined by analyzing the cached transitive closure and the new transitive closure, determining a first transitive closure path for the entity that is not specified in the new transitive closure and that is specified in the cached transitive closure, and selecting as the delete transitive closure record a record specifying the first transitive closure path. The delete transitive closure record can then be deleted from the cached transitive disclosure.

Abstract: The disclosed computer-implemented method for determining whether malicious files are targeted may include (i) applying, to a malware detection structure, a plurality of sample data points, each sample data point corresponding to at least one of a malicious file known to be targeted and a malicious file known to be non-targeted, (ii) identifying one or more boundaries of the sample data points within the malware detection structure, (iii) determining, after identifying the sample boundaries, that a new data point falls outside of the boundaries, and (iv) classifying a malicious file associated with the new data point as non-targeted in response to determining that the new data point falls outside of the sample boundaries. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Embodiments provide methods and systems for providing labels to prevent counterfeiting of products. In an embodiment, the method includes accessing, by a processor, one or more biometric data associated with a manufacturer. The one or more biometric data include fingerprint data, iris pattern, facial pattern, heart rate, electrical activity of skeletal muscles and deoxyribonucleic acid (DNA) data that are encrypted using a first encryption method for generating a first encrypted data. From the first encrypted data, a biometric pattern is extracted. The biometric pattern is appended with one or more product identification codes for generating a product encoded data. The product encoded data is encrypted using a second encryption method. An error checksum data is appended to the second encrypted data and a unique identifier is prefixed to the second encrypted data. The second encrypted data is added to product labels of the products for securing the products from counterfeiting.

Abstract: Some embodiments provide non-transitory machine-readable medium that stores a program which when executed by at least one processing unit of a device synchronizes a set of keychains stored on the device with a set of other devices. The device and the set of other devices are communicatively coupled to one another through a peer-to-peer (P2P) network. The program receives a modification to a keychain in the set of keychains stored on the device. The program generates an update request for each device in the set of other devices in order to synchronize the set of keychains stored on device with the set of other devices. The program transmits through the P2P network the set of update requests to the set of other devices over a set of separate, secure communication channels.

Abstract: A system and method are described to automatically assess description-to-permission fidelity of applications. The system and method can employ techniques in natural language processing and a learning-based algorithm to relate description with permissions.