Abstract: Some embodiments include a method of providing security and privacy for a message sender. The method can include a messaging application determining that a messaging interface of the computing device is active and is revealing or about to reveal the electronic message. The messaging application can identify a recipient account of a messaging server system that is associated with the electronic message according to the electronic message or the messaging server system. The messaging application can then monitor a data feed from a sensor of the computing device to detect a biometric pattern that matches against a biometric profile model associated with the recipient account utilizing a biometric recognition process. In response to determining that the detected biometric pattern does not match the biometric profile model associated with the recipient account, the messaging application can activate a privacy shield to prevent content of the electronic message from being revealed.

Abstract: Technologies are generally described for methods and systems effective to authenticate an invited device. In some examples, a method for authenticating an invited device may include receiving, by an evaluating device, a first message from the invited device. The evaluating device may receive the first message at a first receiving time. The method may also include receiving, by the evaluating device, a second message from the inviting device. The evaluating device may receive the second message at a second receiving time. A first sending time, of the first message, and a second sending time, of the second message, may be mutually synchronized. The method may also include determining a receiving time difference between the first receiving time and the second receiving time. The method may also include, by the evaluating device, authenticating the invited device based on the receiving time difference, the first message and the second message.

Abstract: An input handler receives an exploit test request specifying at least one exploit to be tested against at least one application in at least one execution environment. A deployment engine deploys the at least one execution environment including instantiating a container providing a virtual machine image and configured based on the exploit test request, the instantiated container including the at least one application. A scheduler schedules execution of the at least one execution environment within at least one execution engine, including scheduling an injection of the at least one exploit as specified in the exploit test request. A report generator generates an exploit test report characterizing a result of the at least one exploit being injected into the at least one execution environment of the at least one execution engine.

Abstract: Embodiments of the present application relate to a method and system for managing user accounts. The method includes receiving a registration request from a current user, wherein the registration request comprises a login name main part, determining, in a database, whether a conflicting old user exists, wherein a conflicting old user corresponds to another user that has a conflicting login name main part that is the same as the login name main part received in connection with the registration request, in the event that a conflicting old user exists, executing a login password differentiation process that requires a user to register a different login password that is different from a login password associated with the conflicting old user, and storing the different login password to the database in connection with a registration of the current user.

Abstract: In one embodiment, a method includes receiving client-server connection data for clients and servers, the data including IP addresses corresponding to the servers, for each one of a plurality of IP address pairs performing a statistical test to determine whether the IP addresses in the one IP address pair are related by common clients based on the number of the clients connecting to each of the IP addresses in the one IP address pair, generating a graph including a plurality of vertices and edges, each of the vertices corresponding to a different IP address, each edge corresponding to a different IP address pair determined to be related by common clients in the statistical test, and clustering the vertices yielding clusters, a subset of the IP addresses in one of the clusters providing an indication of the IP addresses of the servers serving a same application.

Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage media for receiving, by a SSCA module of a server, source code data based on one or more web pages of a website, analyzing, by the SSCA module, the source code data using static analysis to provide initial results, the initial results including identifiers respectively assigned to one or more variables provided in the source code data, transmitting, by the SSCA module, a request to the website through a proxy server, the request being based on the initial results, the proxy server receiving a response and transmitting a rewritten response to a DSCA module executed on a client, receiving, by the SSCA module, updated source code data from the DSCA module, the updated source code data being provided based on the rewritten response, and updating, by the SSCA module, the initial results based on the updated source code data.

Abstract: One feature pertains to a method for generating a prime number by repeatedly generating a random number seed S having k bits, generating a random number R having n bits based on the seed S, where k is less than n, and determining whether the random number R is prime. The steps are repeated until it is determined that the random number R generated is prime, upon which the random number seed S used to generate the random number R is stored in a memory circuit. Later, the stored random number seed S may be retrieved from the memory circuit, and the prime number is regenerated based on the random number seed S. In one example, the random number R generated is further based on a secret key kS that may be stored in a secure memory circuit.

Abstract: The disclosure relates to a method of authenticating a digital credential of a bearer by a validating device, the method including capturing the bearer credential by the validating device and transmitting to a validation service the bearer credential with a validator credential bound to the validating device. The method also includes at the validation service, validating the bearer credential and the validation credential, and if the validator credential is valid, using the bearer credential to access a data item of a digital profile and creating an electronic message for transmission to the validating device, the electronic message indicating the data item and comprising a fresh validator credential generated by the validation service. The method further includes issuing a fresh bearer credential and creating an electronic message to transmit the fresh bearer credential to an address associated with the bearer.

Abstract: Various embodiments enable meeting room devices to be produced such that, after purchase, the devices can be automatically provisioned by a meeting service. Automatic provisioning takes place over a communication network through a trust relationship that is established between the meeting room device and the meeting service.

Abstract: A method in an example embodiment includes creating an initial information package for a device attempting to join a network domain of a network environment; communicating the initial information package to a signing authority; sending an authorization token generated by the signing authority to the device, wherein the device validates the authorization token based on a credential in the device; and receiving an audit history report of the device, wherein the audit history report comprises information regarding previous attempts by the device to join the network environment.

Abstract: Methods and systems are disclosed a digital investigation tool capable of recovering and decrypting content. The tool combines digital techniques with decryption capability for a wide range of encryption algorithms. In one implementation, the tool identifies the type and/or vendor of the encryption algorithm used to protect the content. The tool then automatically obtains the decryption information needed to decrypt the content. Depending on the encryption algorithm used, the information may include a master key, user-specific keys, user IDs, passwords, and the like. The decryption information may be accumulated in a local or remote storage location accessible by the tool, or it may be acquired in real time on an as-needed basis from a third-party encryption vendor, a key server, and the like. Such an arrangement allows law enforcement agencies as well as corporate security personnel to quickly recover and decrypt content stored on a computer system.

Abstract: Disclosed herein are system, method, and computer program product embodiments for authentication of users of electronic devices by voice biometrics. An embodiment operates by comparing a power spectrum and/or an amplitude spectrum within a frequency range of an audio signal to a criterion, and determining that the audio signal is one of a live audio signal or a playback audio signal based on the comparison.

Abstract: A data leak protection system and methods thereof are described that identify and analyze a digital fingerprint for a data package, the digital fingerprint characterizing the data package based on a corpus of data within the data package. In one embodiment, an asset descriptor is configured to identify one or more assets within the corpus of data while a contextual analyzer frames the one or more assets into the prevailing contextual environment. Then, a domain identifier further identifies a data perimeter based on the assets identified for the prevailing contextual environment. A comparison of the digital fingerprint to a collection of domain specific identifiers allows further actions responsive to a digital fingerprint falling outside of the data perimeter for an identified contextual environment. In one example, a data leak triggers quarantining of the data package for further manual processing.

Abstract: A system for viewing at a client device a series of three-dimensional virtual views over the Internet of a volume visualization dataset contained on centralized databases employs a transmitter for securely sending volume visualization dataset from a remote location to the centralized database, more than one central data storage medium containing the volume visualization dataset, and a plurality of servers in communication with the centralized databases to create virtual views based on client requests. A resource manager load balances the servers, a security device controls communications between the client device and server and the resource manager and central storage medium. Physically secured sites house the components. A web application accepts at the remote location user requests for a virtual view of the volume visualization dataset, transmits the request to the servers, receives the resulting virtual view from the servers, and displays the resulting virtual view to the remote user.

Abstract: A method for registering a computing device to a user account using at least one user-selected fingerprintable device externally accessible to the computing device including transmitting a registration information request to the computing device, receiving at least one device fingerprint of the at least one user-selected fingerprintable device accessible by the computing device, and primary identification data of the computing device, generating a skeleton key, recording the primary identification data, and associating the skeleton key and the primary identification data with the user account.

Abstract: A distributed technique for implementing a cryptographic process performs operations in parallel on both valid and irrelevant data to prevent differentiation of the operations based on an encryption key content. A control entity switches or points valid data to appropriate CPU(s) that are responsible for operations such as squaring or multiplying. Irrelevant data is also switched or pointed to appropriate CPU(s) that execute operations in parallel with the CPU(s) operating on the valid data. The distributed technique contributes to obscuring side channel analysis phenomena from observation, such that cryptographic operations cannot easily be tied to the content of the encryption key.

Abstract: An apparatus and method for secure communication. An IoT service establishes communication with an IoT device through an IoT hub or a mobile user device. The IoT service and IoT device each generate public/private keys and exchange the public keys. The IoT service and device use their own private key and the public key received from the IoT device and service, respectively to independently generate a secret. The secret or a data structure derived from the secret is then used to encrypt and decrypt data packets transmitted between the IoT service and the IoT device.

Abstract: A mobile device comprises a pupil information collecting module and a master control module, such that the pupil information collecting module may be used for collecting pupil characteristic information of a user. The master control module may receive the pupil characteristic information of the user when the user accesses a controlled unit, and may determine, on the basis of the pupil characteristic in formation of the user, if the user is allowed to access the controlled unit. The mobile device may use the pupil characteristic information of the user to perform identity verification.

Abstract: An operation at a mobile device is authenticated by using a random visual presentation displayed at the device for the authentication. The mobile device generates and displays the random visual presentation which is optically captured (e.g., by a camera) at a capturing device. The capturing device uses the captured random visual presentation to generate an authentication value (e.g., a hash) based on a defined security protocol. The authentication value is compared to an expected value and if the values match the mobile device executes the operation.

Abstract: The connectivity and security of wireless handheld devices (HDs) can be leveraged to provide a presentation appliance (PA) such as a laptop with an ability to securely communicate with an enterprise's private network. A split-proxy server, with part of it executing on the HD and a part executing on the PA, implements a full HTTP 1.1 compliant Internet/Web Proxy to couple the PA for communication through the HD. Specifically, the split proxy provides support for the pragmatic keep-alive header, the CONNECT method, socket connection sharing, and thread pooling, to enable a fully functional browsing environment. Such an environment enables access to commercial web-based applications that are built on standard Internet technologies without the need for re-rendering or re-writing the user interfaces to suit the HD. In addition, Intranet web-based applications are made securely accessible without the need for additional VPN and remote access technologies.