Abstract: There is described a method of obfuscating access to a data store by a software application. The method comprises accessing the data store using access operations. The access operations comprise real access operations and dummy access operations. Each real access operation is operable to access the data store as part of the execution of the software application. There is also described a computer program which, when executed by a processor, causes the processor to carry out the above method. There is also described a computer readable medium storing the above computer program. There is also described a system configured to carry out the above method.

Abstract: A method of making a “zero knowledge” connection between a computer (2) and an electronic unit (5). At the start of the method, the configuration unit (1) is connected with the computer (2), and a web server is initiated in the configuration unit (1) via the trusted execution environment. A secure network connection is made to a server (3) by the configuration unit (1) and, via the network connection, the items of information required for connection with the electronic units, to which a connection can be made, are synchronized with the trusted execution environment. After synchronization occurs, an electronic unit (5) is selected by the web server via an input of the computer (2), to which electronic unit (5) a connection is made via the trusted execution environment using the stored, synchronized items of information, and via the web server prescribed menu-driven maintenance or configuration steps can be executed.

Abstract: The disclosed computer-implemented method for detecting exploit-kit landing pages may include detecting an attempt to access a web page via a computing device. The web page may be an unknown landing page of an exploit kit that includes a script that may be used by the exploit kit to access attributes of the computing device that may be used by the exploit kit to select suitable exploit code for compromising the computing device. The disclosed computer-implemented method may further include (1) monitoring one or more behaviors of the script, (2) detecting an attempt by the script to access an attribute of the computing device, (3) determining, based on the attempt to access the attribute, that the web page is likely a landing page of the exploit kit, and (4) performing a security action in response to the determination. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods for enabling multi-factor authentication for a web-based account. A first computing device and a second computing device are accessible to a first user. A backend system is accessible to a second user. The backend system communicates with the second computing device via a secure communication network. The first user creates a web-based account and receives a MFA initiation screen including secret information and a field for entering at least one TOTP token. The backend system has a TOTP token generator. The second computing device captures the secret information and transmits it to the backend system. The second user generates at least one TOTP token using the backend system and transmits the at least one TOTP token to the second computing device. The first user enters the at least one TOTP token into the first computing device. The account can then be validated and MFA enabled.

Abstract: In an embodiment, a computing system, such as a monitoring computer, receives a request from a user to monitor an account of the user with an online service provider. The request may include personal information and user preferences for one or more protective actions. The system periodically monitors external data sources for indications of changes to personal information associated with the account, and detects changes or attempted changes to personal information associated with the account. The system may determine risk levels associated with detected changes or attempted changes, and transmit a notification to the user via a communication channel selected based on the determined risk level and/or the user preferences. The system may also initiate protective actions, so that further unauthorized access to the account may be prevented.

Abstract: A method of authenticating a user on a mobile device includes gathering samples of behavioral data of the user from multiple sensors of the mobile device, each sensor generating a different number of samples. The method also includes normalizing the samples to have a same number of samples for each sensor. The method further includes extracting, with a convolutional neural network, features from the normalized samples and authenticating the user based on the extracted features.

Abstract: Techniques disclosed herein decouple a document's structure from its general content wherein the structure is retained in plaintext (both at a client device and in a server system) and the data is retained in cyphertext, and where the cloud-based server system is not tasked with the saving or management of the relevant cryptographic keys. Because the network- or cloud-based server system has “zero-knowledge” about the document's data content or the relevant cryptographic keys, an attack on the server system does not put the security of the document's data at risk. In addition, the network- or cloud-based server system may be used to perform the computationally intensive tasks of converting the document between a first format (often associated with a full-function document processing application not supported by the client device) and a second format (easily displayed and manipulated by a client device).

Abstract: A method includes generating a data matrix from the data, wherein the data matrix includes a plurality of columns and a plurality of rows. The method further includes generating a chunkset data matrix from one or more rows of the data matrix. The method further includes matrix multiplying the chunkset data matrix by an encoding matrix to produce a chunkset slice matrix, wherein a row of the chunkset slice matrix corresponds to an encoded data slice and wherein the plurality of rows of the chunkset slice matrix corresponds to a set of encoded data slices, wherein a decode threshold number of encoded data slices of the set of encoded data slices is needed to recover the data grouping associated with the one or more rows of the data matrix.

Abstract: In an example embodiment, a method for protecting against incorrect confidential data values in a computer system is provided. A machine learning algorithm is used to train a confidential data value quality score based on metrics extracted from member profile and member usage information in a social networking service. The confidential data value quality score model is then used to output an estimated quality score for submitted confidential data values.

Abstract: In an example embodiment, a submission of confidential data is received from a user. Then, the confidential data is encrypted using a first public key generated as part of a first public key-first private key pair. The encrypted confidential data is stored in a first column of a first submission table in a confidential information database. An identification of the user is encrypted using a second public key different than the first public key, the second public key generated as part of a first public key-first private key pair. Then, the encrypted identification of the user is stored in a second submission table in the confidential information database. The first private key is provided to a first component to decrypt the confidential information, without providing the second private key to the first component.

Abstract: A mobile device may include at least one memory and a processor cooperating with the at least one memory to store a plurality of managed enterprise applications in the at least one memory, and receive and store a digital certificate in a secure shared location within the at least one memory. The processor may further cooperate with the at least one memory to run the plurality of managed enterprise applications to access the digital certificate from the secure shared location and generate and send encrypted data to another mobile device based upon the digital certificate.

Abstract: A method, system, and computer program product for securing access to stored messages using identity-base encryption are disclosed. The method includes generating a master private key and generating a corresponding master public key. The master private key and the master public key are both generated at a messaging client. The method also includes transmitting the master private key from the messaging client to a messaging server. The transmittal of the master private key to the messaging server is performed without transmitting the master private key.

Abstract: A method for detecting application leaks is described. In one embodiment, the method may include the method may include identifying a first application as a known application, assigning a first identifier to the first application, appending the first identifier to data generated by the first application, identifying a second application as an unknown application, assigning a second identifier to the second application, identifying a data usage by the second application, appending the second identifier to data associated with the data usage by the second application, and determining whether the data usage by the second application is associated with the data generated by the first application based at least in part on the first identifier and the second identifier. In some cases, the data usage includes at least one of generating data, modifying data, and transmitting data.

Abstract: Methods and systems for authenticating a user are described. In some embodiments, an authentication request including biometric information collected from a user is received. The user may be authenticated using a first authentication system by comparing characteristics generated from the biometric information with characteristics of previously collected biometric information. The biometric information collected from the user during the authentication request may be used to automatically enroll the user into a second authentication system.

Abstract: Devices described herein are configured to propagate tags among data objects representing system components. Such devices may detect an event associated with a plurality of system components. Based at least in part on detecting the event and on a configurable policy, the devices may propagate a tag that is assigned to a data object representing one of the plurality of system components to another data object representing another of the plurality of system components. One example of such a tag may be associated with a tree object that represents an execution chain of at least the system component represented by the data object and the other system component represented by the other data object. Another example of such a tag may be a user-specified tag of another entity that the entity associated with the devices subscribes to.

Abstract: A method for managing data, comprising: receiving data about information collected by a sensor, in which at least a part of the data is encrypted; and performing an analysis in a state where both non-encrypted section and encrypted section of the data are not decrypted. Also, a method for managing data encryption, comprising: allowing a sensor or an intermediate network device to encrypt at least a part of data about collected information; allowing the sensor or the intermediate network device to transmit the at least partially encrypted data; allowing a data management apparatus to receive the at least partially encrypted transmitted data; allowing the data management apparatus to store the at least partially encrypted received data; and allowing the data management apparatus to perform an analysis in a state where both non-encrypted section and encrypted section of the at least partially encrypted data are not decrypted.

Abstract: A request is received to change a first, current encryption root key used to encrypt and decrypt a set of data in a database. A new, second encryption root key is generated. The second encryption root key is stored in a secured area in disk storage as a new current encryption root key. The first encryption root key is maintained in the secured area as a historical encryption root key. New root key version information that identifies the new, second encryption root key is generated and stored as current root key version information. A request is received to encrypt the set of data. The second encryption root key is identified as the current encryption root key based on the current root key version information. The second encryption root key is used to encrypt the set of data to create an encrypted set of data.

Abstract: An efficient and robust system 100 of privacy protection to provide security of a computing device by identifying and detecting unauthorized intrusion/peek problems related to computing device's environment/surrounding is disclosed. The system 100 includes a detector unit 102 for detecting data related to environment/surrounding of the computing device; a processing unit 104 for processing the detected data and a recommendation unit 106 to notify the user about the threat posed by environment/surrounding. The present disclosure enables device owner to access his device more freely in vulnerable surroundings.

Abstract: A method for routing IP packets with IPSec AH authentication is disclosed. The method includes locating overlay edge routers between private domains and their associated NAT routers. Outbound packets from a source private domain are modified by its overlay edge router to include IPSec AH authorization data computed using IP source and destination addresses that match a packet's final source and destination IP address upon final NAT translation immediately prior to delivery to a host of a destination private domain.

Abstract: Wireless pairing is automatically performed based on purchase. By providing a unique identifier and/or account number (such as a credit card number), a wireless device is automatically paired to a wireless network. For example, when a smartphone or other mobile device is used to purchase an electronic door lock, the smartphone may be used to identify security credentials for accessing the wireless network. A cellular telephone number, for example, may reveal an SSID and/or a network password that is required to access a residential or business WI-FI network. As another example, a credit card number may also be used to identify the security credentials for the wireless network.