Abstract: A cloud security method implement web security at the application level by monitoring network traffic and detecting cloud activities related to web applications, and then classifying the detected cloud activities to map certain security-related cloud activities into activity categories to enable security policy to be applied. The application-level cloud security method enables policy enforcement rules to be established for cloud activity categories. The security policies are then applied based on activity categories.

Abstract: A computerize method for voice authentication of a customer in a self-service system is provided. A request for authentication of the customer is received and the customer is enrolled in the self-service system with a text-independent voice print. A passphrase from a plurality of passphrases to transmit to the customer is determined based on comparing each of the plurality of passphrases to a text-dependent or text-independent voice biometric model. The passphrase is transmitted to the customer, and when the customer responds, an audio stream of the passphrase is received. The customer is authenticated by comparing the audio stream of the passphrase against the text-independent voice print. If the customer is authenticated, then storing the audio stream of the passphrase and the topic of the passphrase.

Abstract: This disclosure relates generally to the use of distributed system for computation, and more particularly, relates to a method and system for optimizing computation and communication resource while preserving security in the distributed device for computation. In one embodiment, a system and method of utilizing plurality of constrained edge devices for distributed computation is disclosed. The system enables integration of the edge devices like residential gateways and smart phone into a grid of distributed computation. The edged devices with constrained bandwidth, energy, computation capabilities and combination thereof are optimized dynamically based on condition of communication network. The system further enables scheduling and segregation of data, to be analyzed, between the edge devices. The system may further be configured to preserve privacy associated with the data while sharing the data between the plurality of devices during computation.

Abstract: An authentication system having a communications bus, a transmitter connected to the bus, and a receiver connected to the bus. A physical layer signal may be applied by the transmitter to a message on the bus for authenticating the transmitter. The physical layer signal may incorporate an identifier (ID) of the transmitter. The receiver may receive the message and decode the physical layer signal on the message. Decoding the physical layer signal on the message may reveal the ID of the transmitter sending the message. The receiver may look up the ID on a list of IDs corresponding to transmitters approved to send the message, to determine whether the ID of the transmitter sending the message matches an ID on the list. Only if the ID of the transmitter matches an ID on the list, then the transmitter may be authenticated and authorized to send the message.

Abstract: Receiving a first username of a first user account (FAU) and a biometric signature (BS) of a user; in response to determining that BS matches a stored signature of FAU, presenting indications of a group of available services (GAS); receiving a selection of a service of GAS; transmitting an identifier of the selected service (SS); receiving an encrypted username (EU) and an encrypted password (EP) of a second user account (SAU) of SS; decrypting EU and EP; opening a first page that corresponds to a login page (LP) of SS; launching a script that identifies a username entry field (UEF) and a password entry field (PEF) on LP; entering the decrypted username (DU) in UEF and the decrypted password (DP) in PEF; and selecting a submit button (SB) within LP, wherein selecting SB to be selected causes SAU to be authenticated using DU and DP.

Abstract: A method includes establishing an application layer transport layer security (ATLS) connection between a network device and a cloud server by sending, from the network device, TLS records in transport protocol (e.g., HTTP) message bodies to the cloud server, the ATLS connection transiting at least one transport layer security (TLS) proxy device, receiving, from the cloud server via the ATLS connection, an identifier for a certificate authority, establishing a connection with the certificate authority associated with the identifier and, in turn, receiving from the certificate authority credentials to access an application service different from the cloud server and the certificate authority, and connecting to the application service using the credentials received from the certificate authority.

Abstract: Systems and methods for privacy breach notification and protection enabled by the Internet of Things (IoT) are provided. Some embodiments establish a passive early warning privacy-breach detection from laser beam scan capability on a mobile device and IoT device when a particular owned object (or set of owned objects) has been laser scanned. Sensor information (e.g., laser beam sensing transparent adhesive tape, automotive cameras and proximity sensors) can be used to create notifications that allow a user to take action or to have peace of mind relating to particular activities such as to avoid fees and fines, to recover lost objects, to confirm known events, and to trigger activity.

Abstract: Novel methods of virtualization with unique virtual architectures on field-programmable gate arrays (FPGAs) are provided. A hardware security method can include providing one or more field-programmable gate arrays (FPGAs), and creating an application specialized virtual architecture (or overlay) over the one or more FPGAs (for example, by providing an overlay generator). Unique bitfiles that configure the overlays implemented on the FPGAs can be provided for each deployed FPGA. The application specialized virtual architecture can be constructed using application code, or functions from a domain, to create an overlay represented by one or more hardware description languages (e.g., VHDL).

Abstract: A system includes a memory, a survey engine, and a reporting engine. The memory stores identifying information of a plurality of users. The survey engine determines a question to present to each user of the plurality of users and determines an interval for each user of the plurality of users. The determined interval for a first user of the plurality of users is different from the determined interval for a second user of the plurality of users. For each user, the survey engine communicates to that user, based on the stored identifying information, the determined question for that user according to the determined interval for that user and receives a response from each user of the plurality of users. The reporting engine generates a report based on the received response from the plurality of users.

Abstract: A method and system to verify identity while protecting private data. To locally verify identity without requiring communication with an external database or passing personal/identity information over network connections. To create a database and/or statistical model for later use to verify identify, private information from a first media is input to a device. Private information subsequently presented via a second media is then verified locally by comparing to the private information previously captured from the first media. If the resultant correlation score is sufficiently high the private information from the first media and from the second media are determined to belong to the same individual, and the user is authenticated or a desired action is approved. In case of a low correlation score, a notification may be sent to one or more entities alerting authorities of a security breach or identity theft.

Abstract: A method for a computer or microchip with one or more inner hardware-based access barriers or firewalls that establish one or more private units disconnected from a public unit or units having connection to the public Internet and one or more of the private units have a connection to one or more non-Internet-connected private networks for private network control of the configuration of the computer or microchip using active hardware configuration, including field programmable gate arrays (FPGA). The hardware-based access barriers include a single out-only bus and/or another in-only bus with a single on/off switch.

Abstract: A method to replace profile related data is suggested. A history database including recorded profile related data may be provided. Upon receiving actual profile related data, a processor may retrieve, from the history database, at least one recorded profile related data, matching to the actual profile related data. Then, a command may be received, from a user, to replace at least one part of the actual profile related data.

Abstract: Disclosed is a system and method of updating active and passive agents in a network. The system includes a hardware processor configured to designate a unique identifier for each of a plurality of terminal node in a network of computing devices, broadcast the identifiers, collect criteria from the nodes, the criteria characterizing each node and a set of unique identifiers for other nodes in a same broadcast domain as the terminal node, generate a list of nodes that are active update agents and a list of nodes that are passive update agents based on the collected criteria, transmit one or more updates of a security application installed on the each terminal node to each terminal node that is an active update agent, and transmit from each terminal node that is an active update agent, the one or more updates to each terminal node that is a passive update agent.

Abstract: A processing unit is configured to carry out at least one program function of a computer program, ascertain the execution time of the program function, and compare the ascertained execution time to a setpoint value to identify a software attack.

Abstract: Ordered access to resources is controlled by restricting access to additional resources that are accessible when a client device provides an authentication provided when accessing an initial resource. When the client device accesses the initial resources, a set of access parameters are identified describing the request and the client device providing the request, and included with an expiration time in generating a token. The token and expiration date are provided in an authorization for the additional resources. When requesting the additional resources, the authorization is provided and verified by comparing the token in the authorization with a test token generated with reference to access parameters of the request for additional resources. When the tokens match, the additional resource is provided to the client device.

Abstract: Embodiments of the disclosure provide a method of establishing a user profile using multiple channels. Embodiments allow compatibility of the user profile across several authentication systems. The user profile is created upon registration and is updated with attributes after authenticating and authorizing the user according to a pre-defined assurance level. The user profile contains attributes pertaining to the user and user device. The attributes can be analyzed by authentication systems to optimize data security.

Abstract: A method of encryption key management in a storage system having a plurality of nodes and more than one key manager, performed by the storage system, is provided. The method includes setting, in a first atomic operation to a distributed store of the plurality of nodes, a version identifier to a new value, and writing shards of a key encryption key, to node-specific memory of the plurality of nodes. The method includes committing the shards of the key encryption key by updating, in a second atomic operation, a set of version identifiers in the distributed store including a current version identifier, responsive to finding no change to the new value of the version identifier.

Abstract: A system and method detects malware by processing notifications from an intrusion detection system and baseline snapshots from an image capture utility. The image capture utility constructs an image of the suspected malware intrusion and links the suspected malware intrusion to the baseline snapshots. The system and method propagates the image of the suspected malware intrusion across multiple networks before it distinguishes malicious code, device state, and files from benign code, device state, and files. Some systems and methods include a malware recovery system that executes machine learning instructions and heuristics to revert a client and/or a remote server to one or more baseline snapshots.

Abstract: Embodiments of the disclosure provide a method of establishing a user profile using multiple channels. Embodiments allow compatibility of the user profile across several authentication systems. The user profile is created upon registration and is updated with attributes after authenticating and authorizing the user according to a pre-defined assurance level. The user profile contains attributes pertaining to the user and user device. The attributes can be analyzed by authentication systems to optimize data security.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for hiding copyright information in a display screen. One of the methods includes generating, by a computing device, a unique identifier (ID) based on copyright information associated with a digital content, wherein the copyright information and the digital content are recorded on a blockchain of a blockchain network; determining one or more attributes associated with the display screen; and converting the unique ID to a digital watermark based on the one or more attributes, the digital watermark not being apparent to an unaided human eye when displayed in the display screen and enables retrieval of the copyright information from the blockchain based on the unique ID.