Abstract: A system includes a memory, a survey engine, and a reporting engine. The memory stores identifying information of a plurality of users. The survey engine determines a question to present to each user of the plurality of users and determines an interval for each user of the plurality of users. The determined interval for a first user of the plurality of users is different from the determined interval for a second user of the plurality of users. For each user, the survey engine communicates to that user, based on the stored identifying information, the determined question for that user according to the determined interval for that user and receives a response from each user of the plurality of users. The reporting engine generates a report based on the received response from the plurality of users.

Abstract: Disclosed are a terminal verification method, an AP device, a terminal and a system, wherein the AP device is an encrypted AP device. The method comprises: receiving a connection request sent by a first terminal, wherein the connection request comprises identification information of the first terminal; querying an authorization list according to the identification information of the first terminal, wherein the authorization list includes identification information of terminals located within a preset password-free range; and returning an authorization response to the first terminal when the authorization list includes the identification information of the first terminal, wherein the authorization response is used for instructing the first terminal to establish a network connection with the AP device.

Abstract: A message-hold decision maker system used with an electronic mail processing system that processes electronic messages for a protected computer network improves the electronic mail processing system's performance by increasing the throughput performance of the system. The improvements are achieved by providing an electronic mail processing gateway with additional logic that makes fast and intelligent decisions on whether to hold, block, allow, or sandbox electronic messages in view of potential threats such as viruses or URL-based threats. A message hold decision maker uses current and stored information from a plurality of specialized classification engines to quickly make the decisions. In some examples, the message hold decision maker will instruct an email gateway to hold an electronic mail message while the classification engines perform further analysis.

Abstract: Disclosed herein are systems and method for preventing malware reoccurrence when restoring a computing device using a backup image. In one exemplary aspect, a method may identify, from a plurality of backup images for a computing device, a backup image that was created most recently before the computing device was compromised. The method may mount the backup image as a disk and scanning the disk for malicious software. The method may disable all ports and services on the computing device to prevent unauthorized network connections and service launches. The method may restore data to the computing device from the mounted disk. The method may update software on the computing device and applying latest patches, and reopen the ports and restart the services on the computing device subsequent to updating the software and applying the latest patches.

Abstract: In order to improve security upon distributing a group key, there is provided a gateway (20) to a core network for a group of MTC devices (10_1-10_n) communicating with the core network. The gateway (20) protects confidentiality and integrity of a group key, and distributes the protected group key to each of the MTC devices (10_1-10_n). The protection is performed by using: a key (Kgr) that is preliminarily shared between the gateway (20) and each of the MTC devices (10_1-10_n), and that is used for the gateway (20) to authenticate each of the MTC devices (10_1-10_n) as a member of the group; or a key (K_iwf) that is shared between an MTC-IWF (50) and each of the MTC devices (10_1-10_n), and that is used to derive temporary keys for securely conducting individual communication between the MTC-IWF (50) and each of the MTC devices (10_1-10_n).

Abstract: Disclosed herein are a method for secure booting using a route switchover function for a boot memory bus and an apparatus using the same. The method includes maintaining a reset state in order to prevent a processor from being booted, interrupting the connection between the processor and boot memory, verifying the integrity of first boot firmware stored in the boot memory, determining whether hardware damage is detected, and releasing the reset state of the processor and the interrupted state of the connection between the processor and the boot memory in consideration of whether hardware damage is detected and verification of the integrity in order to allow the processor to be booted.

Abstract: In some embodiments, an electronic device presents a weak password warning in a password management user interface that includes information about the user account with which the password is associated. In some embodiments, an electronic device presents a weak password warning in a login user interface.

Abstract: System, device, and method of providing authenticity and rights verification mechanism for media content and for its derived versions. A media authenticity server is configured to receive a content item, and to generate for it a record having a unique content identifier and indications of permitted modifications, and optionally also copyright information usage restrictions. The media authenticity server authorizes or blocks modifications requests regarding the content item. The media authenticity server tracks and logs the permitted modifications performed on the content item, and makes this log available for inspection to end-user devices via a web browser or via a content consumption application. Optionally, playback or consumption of a modified version of the content item is blocked, or is accompanied by a warning message, if the modified version is not associated with an authenticated log of permitted modifications.

Abstract: A record of authorization including user information is received and appended to a blockchain. The record of authorization authorizes access by a third-party application to the user information for an access duration. The user information is encrypted by a group key and access duration is based on a change to the group key. The group key comprises a public/private key pair, and the access duration is implemented by an authorization group of nodes having the group key. The group key corresponds to either a valid group key at or near the start of the access duration, that enables decryption of a message in the record of authorization that includes the user information, or an incompatible group key at or after the end of the access duration, that does not enable decryption of the message in the record of authorization that includes the user information.

Abstract: Methods include establishing a transport layer security connection between the client and a server that provides the web service, identifying at least one cryptographic key for communication with the web service in the connection, closing the connection and communicating between the client and the web service using a web service token that is signed and encrypted according to the identified at least one cryptographic key. Communicating between the client and the web service using a web service token may not require creation of a new transport layer security connection. Further embodiments provide a computer configured to perform operations as described above and computer-readable medium storing instructions that, when executed by a computer, perform operations as described above.

Abstract: The disclosed computer-implemented method for improving application installation may include (i) receiving, in response to initiating an installation procedure for an application published by a security application publisher, a signed web token that is formatted according to an Internet standard that defines a structure of the signed web token such that a private section of a payload of the signed web token asserts at least one private claim, and (ii) applying the private claim to customize the installation procedure of the application according to a configuration of a technology partner that partners with the security application publisher. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method for facilitating establishing a secure connection between a client application and a content provider. An example method includes employing a security gateway to authenticate a client for communications therewith; maintaining, for the client, security credentials for a data provider via a security configuration module, wherein the security credentials are associated with a description of data, which is associated with a data provider; using the gateway to determine which of the security credentials to use to fulfill the request message received by the security gateway from the client based on the request; and employing the selected security credentials to selectively retrieve data from and deliver the data to the client application. The example method may further include generating the request message when a User Interface (UI) control displayed in a UI display screen of a browser client is selected or activated.

Abstract: An information handling system may include a processor and a basic input/output system communicatively coupled to the processor and embodied by executable instructions embodied in non-transitory computer readable media, the instructions configured to, when executed by the processor: identify, for a firmware image, a secure boot certificate; identify, for the secure boot certificate, a certificate use policy; determine whether the certificate use policy permits verification of the firmware image using the secure boot certificate; and allow the firmware image to be verified with the secure boot certificate if the certificate use policy permits verification of the firmware image using the secure boot certificate.

Abstract: A method may include, in an information handling system comprising a basic input/output system (BIOS) embodied in non-transitory computer-readable media and configured to be the first code executed by a processor when the information handling system is booted and configured to initialize components of the information handling system into a known state: receiving an indication of installation of a protocol by a producer driver of a plurality of protocol drivers integral to the BIOS, storing metadata regarding the protocol in a protocol database of the BIOS, receiving a request to consume the protocol by a consumer driver of the plurality of protocol drivers, and obfuscating the metadata stored in the protocol database from the consumer driver to prevent the consumer driver from uninstalling the protocol.

Abstract: A system and method for collecting, processing, storing, or transmitting traffic data. A localized data collection module may retrieve, receive, or intercept traffic data through or from hardware installed in a traffic control cabinet adjacent an intersection or other roadway feature of interest. Data which may have previously been confined to a closed loop traffic control system may be remotely accessible for traffic operations control or monitoring via a network connected server and/or cloud architecture.

Abstract: Embodiments disclosed herein generally relate to a system and method for detecting fraudulent computer activity. A computing system generates a plurality of synthetic identities. Each of the plurality of synthetic identities mimics information associated with a verified identity. The computing system receives, from a user, an input attempt. The input attempt includes a synthetic identity of the plurality of synthetic identities. The computing system compares input information in the input attempt to the plurality of synthetic identities. The computing system determines that the input information in the input attempt includes information from the plurality of synthetic identities, if it does, the computing system rejects the input attempt.

Abstract: A computing system is configured to access a plurality of remote databases in order to identify data inconsistencies between the remote databases and provide user interfaces to a user in order to initiate communication via one or more APIs to certain remote databases indicating updates that reconcile said data inconsistencies.

Abstract: Methods and systems are configured to store user data and control access to the user data, wherein the data is stored remotely from the user (such as external to a user's computing device) and the user's data is maintained anonymously. Content is stored in association with a user identifier and access by third parties is controlled by linked third party identifiers.

Abstract: A trusted node, for quantum key distribution, has a quantum key engine, a quantum key controller and a trusted node controller. The quantum key engine exchanges quantum keys. The quantum key controller directs encryption and decryption. The trusted node controller directs the quantum key controller and the quantum key engine, and has no direct access to keys and data protected by the system, including unencrypted quantum keys.

Abstract: A medical treatment machine, such as a dialysis machine (e.g., a home dialysis machine, such as a home hemodialysis machine or a home peritoneal dialysis machine) can receive a digital prescription file that defines parameters of a medical treatment to be administered to a patient. The digital prescription file can be prepared and delivered in such a way that the medical treatment machine can confirm that the issuer (e.g., provider) of the digital prescription file is an authorized issuer without having any a priori knowledge of the particular issuer. The digital prescription file can be delivered irrespective of the inherent security (or lack thereof) of the transmission medium in a tamper-evident format using minimal resources necessary to verify the validity of the digital prescription file and its issuer. The digital prescription file may be delivered to the dialysis machine using a network cloud-based connected health system.