Abstract: In one embodiment, an apparatus captures a memory dump of a device in a sandbox environment executing a malware sample. The apparatus identifies a cryptographic key based on a particular data structure in the captured memory dump. The apparatus uses the identified cryptographic key to decrypt encrypted traffic sent by the device. The apparatus labels at least a portion of the decrypted traffic sent by the device as benign. The apparatus trains a machine learning-based traffic classifier based on the at least a portion of the decrypted traffic sent by the device and labeled as benign.

Abstract: An electronic device is provided. The electronic device includes a user interface, a location sensor configured to sense a location of the electronic device, a processor electrically connected with the user interface and the location sensor, and a memory electrically connected with the processor and configured to store a first application program and a second application program. The memory is further configured to store instructions that, when executed, enable the processor to receive first location data with a first degree of accuracy regarding the location of the electronic device from the location sensor, process at least part of the first location data to generate second location data with a second degree of accuracy lower than the first degree of accuracy regarding the location of the electronic device, provide the at least part of the first location data to execute the first application program, and provide at least part of the second location data to execute the second application program.

Abstract: Adaptive security filtering on a client device. A method may include applying a data filter to a client device to obtain a first set of data associated with the client device, determining a risk level of a datum of the first set of data, determining a resource level associated with obtaining the first set of data, adjusting the data filter to an adjusted filter based on the determined risk level of the datum and the determined resource level, and applying the adjusted filter to the client device.

Abstract: Disclosed is a dynamic-PKI social Certificate Authority (CA) system and method. The present system and method generates and issues certificates at deployment time instead of manufacture time. In an embodiment, the system and method utilizes an interface to initiate a Certificate Signing Request (CSR) and generates and signs the CSR with a public key. The signed CSR is then securely transmitted to a Certificate Signing Request Processor (CSRP), which undergoes an optional verification process and is then processed to return a signed cert. The signed cert is then directly or indirectly provided to the device for provisioning into the network.

Abstract: A computer system is monitored by firmware for a non-conforming state. Upon detecting the non-conforming state, firmware of the computer system outputs a keyboard code that causes an operating system to enter a predetermined state, such as a lock screen or other quiescent display state. A human-perceptible message is displayed at a display device after outputting the keyboard code.

Abstract: A decoy filesystem that curtails data theft and ensures file integrity protection through deception is described. To protect a base filesystem, the approach herein involves transparently creating multiple levels of stacking to enable various protection features, namely, monitoring file accesses, hiding and redacting sensitive files with baits, and injecting decoys onto fake system views that are purveyed to untrusted subjects, all while maintaining a pristine state to legitimate processes. In one implementation, a kernel hot-patch is used to seamlessly integrate the new filesystem module into live and existing environments.

Abstract: Provided are methods and systems for biometric verification of a human Internet user. A method for biometric verification of a human Internet user comprises receiving, from a client machine, a web request for a service and environmental parameters associated with the client machine. The method further comprises determining whether the environmental parameters are indicative of the human Internet user. Based on the determination, the service is selectively provided to the client machine in response to the web request.

Abstract: Methods and systems are presented for defining criteria that indicate when authentication for an identified client device should be revoked based on rules associated with interested parties. Authentication information is stored that indicates that an identified client device is authenticated. Rules that are associated with a plurality of interested parties and include rules of different rule types may also be stored. Criteria may be defined based on the rules and the authentication information, the criteria indicating when authentication of the identified client device should be revoked. Authentication of the identified client device may be revoked based on the criteria.

Abstract: An Omni-channel security manager is provided. The Omni-channel security manager is configured to: receive selections for domain/channel specific security applications and deploy security agents to end-point devices. The security agents interact with the Omni-channel security manager to install, initiate, manage, and monitor the domain/channel specific security applications on the end-point devices.

Abstract: An information distribution device configured to distribute an encrypted update program to a control device connected through a wide-area communication network includes: a physically unclonable function (PUF) information acquiring unit configured to acquire PUF information of the control device recorded in advance; an additional information acquiring unit configured to specify and acquire any of a plurality of pieces of additional information recorded in advance; an encryption processing unit configured to encrypt protection target information based on the PUF information and the additional information that are acquired; and a transmission processing unit configured to transmit the encrypted update program to the control device, wherein the additional information acquiring unit is configured to change the additional information to be specified in accordance with a time.

Abstract: The present disclosure relates to setup of IoT network devices, and specifically to setup of multiple similar IoT devices at substantially the same time using joint authentication.

Abstract: Security system for protecting a vehicle electronic system by selectively intervening in the communications path in order to prevent the arrival of malicious messages at ECUs, in particular at the safety critical ECUs. The security system includes a filter which prevents illegal messages sent by any system or device communicating over a vehicle communications bus from reaching their destination. The filter may, at its discretion according to preconfigured rules, send messages as is, block messages, change the content of the messages, request authentication or limit the rate such messages can be delivered, by buffering the messages and sending them only in preconfigured intervals.

Abstract: A system for fast secured searching may include a user interface, a web layer configured for executing application logic and configured for interacting with a user via the user interface and configured to perform user authentication, and a database layer in communication with and accessible by the web layer and comprising a database configured for storing data, and a search engine configured for searching the database, wherein, communication to and from the database layer from and to the web layer is controlled by secure socket layer certificate authorization. The database layer may also include an inverted index in communication with the database and the search engine and configured for maintaining updated snapshots relating to the data in the database and an encryption/decryption layer for selective encryption of the data and configurable for field level, document level, and/or chunk level encryption.

Abstract: A screen content management system and method for determining viewable screen content is provided. The method may include receiving a registration indication to register content as a private resource. The method may further include registering the content as the private resource. The method may also include assigning a unique identification code to the private resource. The method may additionally include receiving a viewing requirement for the private resource. The method may moreover include modifying a viewing definition for the private resource based on the viewing requirement. The method may further include receiving a request to display the private resource, the request being associated with user information. The method may also include determining whether the private resource is displayable based on the viewing definition of the private resource and the user information.

Abstract: A parent cryptographic key associated with a blockchain object is obtained. A number of parties (N) to share control over the blockchain object is obtained. N child cryptographic keys are generated based on the parent cryptographic key by applying a predetermined algorithm to the parent cryptographic key, wherein N is an integer greater than or equal to 2, and wherein the N child cryptographic keys are collectively configured to enable reconstruction of the parent cryptographic key.

Abstract: A system for enforcing restrictive access control with respect to a set of digital objects includes a first device. The first device is configured to: determine, based at least in part on a first access control rule, to block access to at least a first digital object included in the set of digital objects; determine, based at least in part on a second access control rule, to block access to at least a second digital object included in the set of digital objects; and provide, to a user of the first device, at least a third digital object included in the set of digital objects but not the first digital object and the second digital object.

Abstract: A cloud security method implement web security at the application level by monitoring network traffic and detecting cloud activities related to web applications, and then classifying the detected cloud activities to map certain security-related cloud activities into activity categories to enable security policy to be applied. The application-level cloud security method enables policy enforcement rules to be established for cloud activity categories. The security policies are then applied based on activity categories.

Abstract: A computerize method for voice authentication of a customer in a self-service system is provided. A request for authentication of the customer is received and the customer is enrolled in the self-service system with a text-independent voice print. A passphrase from a plurality of passphrases to transmit to the customer is determined based on comparing each of the plurality of passphrases to a text-dependent or text-independent voice biometric model. The passphrase is transmitted to the customer, and when the customer responds, an audio stream of the passphrase is received. The customer is authenticated by comparing the audio stream of the passphrase against the text-independent voice print. If the customer is authenticated, then storing the audio stream of the passphrase and the topic of the passphrase.

Abstract: This disclosure relates generally to the use of distributed system for computation, and more particularly, relates to a method and system for optimizing computation and communication resource while preserving security in the distributed device for computation. In one embodiment, a system and method of utilizing plurality of constrained edge devices for distributed computation is disclosed. The system enables integration of the edge devices like residential gateways and smart phone into a grid of distributed computation. The edged devices with constrained bandwidth, energy, computation capabilities and combination thereof are optimized dynamically based on condition of communication network. The system further enables scheduling and segregation of data, to be analyzed, between the edge devices. The system may further be configured to preserve privacy associated with the data while sharing the data between the plurality of devices during computation.

Abstract: An authentication system having a communications bus, a transmitter connected to the bus, and a receiver connected to the bus. A physical layer signal may be applied by the transmitter to a message on the bus for authenticating the transmitter. The physical layer signal may incorporate an identifier (ID) of the transmitter. The receiver may receive the message and decode the physical layer signal on the message. Decoding the physical layer signal on the message may reveal the ID of the transmitter sending the message. The receiver may look up the ID on a list of IDs corresponding to transmitters approved to send the message, to determine whether the ID of the transmitter sending the message matches an ID on the list. Only if the ID of the transmitter matches an ID on the list, then the transmitter may be authenticated and authorized to send the message.