Abstract: A method performed by one or more processors, and an apparatus is disclosed. The method may comprise identifying a request from a custom computer program within a sandbox to perform an operation not permitted within the sandbox, and receiving a first indication of security privileges associated with a provider of the custom computer program. The method may also comprise selectively causing the operation to be performed based on the first indication of security privileges.

Abstract: A process control system software security architecture, that is more effective at preventing zero-day or other types of malware attacks, implements the use of “least privileges” when executing the applications and services run within a computer device. The least privileges based architecture separates “service” processes from desktop applications that run on behalf of a logged-on user by partitioning the global namespace of the software system into service namespaces and logged-on user namespaces, and by strictly controlling communications between the applications and services in these different namespaces using interprocess communications. Moreover, the security architecture uses custom accounts to assure that each service process has the least set of privileges that are needed for implementing its function regardless of the privileges associated with the calling application or user.

Abstract: An electronic apparatus and an unlocking method thereof are provided. The electronic apparatus receives an input password. When the input password matches a valid password, the electronic apparatus is unlocked. When the input password does not match the valid password, a protection system is activated. The protection system collects usage information and posts a warning message to a social networking site based on the usage information.

Abstract: Methods, computer-readable media, software, and apparatuses may calculate and inform a consumer of company privacy scores corresponding to companies with which the consumer has a corresponding account, or for a company associated with a website that a consumer may visit. A consumer privacy score may also be determined, based on the company privacy scores. The company privacy scores may be based on a calculation including elements of a privacy practice of the corresponding company and elements of a privacy policy of the corresponding company.

Abstract: Disclosed is a column value-based separate authorization method for statistical list operations, said method comprising a step of authorizing a statistical list operation and a step of selecting a grantee, said step of authorizing a statistical list operation comprising the following steps: S1: selecting a statistical list needing authorization; S2: selecting a column needing authorization in the statistical list, the selected column being a column determined by selection or determined automatically; S3: authorizing the operation for statistical data corresponding to all the column values in the selected column. The present invention enables separate authorization of the operation permissions for the statistical data in the statistical list according to the column values; one statistical list can meet different actual usage requirements after the authorization of different statistical data operation permissions.

Abstract: A method of protecting a computer from malicious software includes receiving a computer file, and scanning, via anti-malware, the computer file for known malicious software. The method include, when the anti-malware fails to detect known malicious software in the computer file, performing a dynamic operating-system-level containerization to access content of the computer file, including creating and launching an isolated container on the computer. The method includes accessing the content of the computer file in the isolated container on the computer, and monitoring execution of computer-readable program code in the isolated container as the content of the computer file is accessed. And the method includes performing a remedial action when as the execution of computer-readable program code in the isolated container is monitored, a pattern in the execution is detected that indicates the computer file contains malicious software that is otherwise unknown.

Abstract: Apparatuses, methods, systems, and program products are disclosed for authenticating use of an application. An apparatus includes a processor and a memory that stores code executable by the processor. The memory stores code executable by the processor to receive a location identifier for a first device that provides an application that requires authentication for use. The memory stores code executable by the processor to receive a location identifier for a second device that is used to authenticate a user who intends to use the application that the first device provides. The memory stores code executable by the processor to provide access to the application that the first device provides in response to the location identifier for the first device matching the location identifier for the second device.

Abstract: Systems and methods for monetizing the reproduction of digital media content for the rights-holders of the digital media content. Embodiments of the present disclosure relate to determining whether a user of a media content item has a license to reproduce the media content item. In one embodiment, the media content item may be reproduced when the user is licensed. The user is prompted to select to acquire a license to reproduce the media content item or to decline the license to reproduce the media content item when the user is not licensed. Further embodiments determine whether a user may receive a license when the user wishes to acquire a license. In an embodiment, the user is declined a license when not approved for the license.

Abstract: Systems and methods for monetizing the reproduction of digital media content for the rights-holders of the digital media content. Embodiments of the present disclosure relate to determining whether a user of a media content item has a license to reproduce the media content item. In one embodiment, the media content item may be reproduced when the user is licensed. The user is prompted to select to acquire a license to reproduce the media content item or to decline the license to reproduce the media content item when the user is not licensed. Further embodiments determine whether a user may receive a license when the user wishes to acquire a license. In an embodiment, the user is declined a license when not approved for the license.

Abstract: Embodiments of the invention are directed to systems, methods and computer program products for selective authorization of resource usage based on geographic positioning and usage category information associated with a resource interaction system. The invention receives historic positional information and category of usage information related to a resource interaction system, where the historic positional and category of usage information defines a base positional location and category of usage for the resource interaction system. The system also receives current positional information associated with the resource interaction system and accesses authorized usage parameters associated with the current positional information associated with the resource interaction system. Based on this information, the invention controls usage of the resource interaction system based on authorized usage parameters associated with the current positional information and based on the category of usage information.

Abstract: Embodiments of the present invention are directed to identifying phishing websites by rendering and analyzing document object model (DOM) objects associated with a website for features that indicate phishing behavior. Embodiments analyze the full scope and functionality associated with a website by executing functions embedded in a DOM object before analyzing the website for phishing activity. Accordingly, embodiments render and analyze a fully executed DOM object for phishing behavior. Embodiments may then perform steps to mediate a website that is classified as performing phishing. Thus, embodiments are configured to (1) collect website information from a variety of websites and web servers connected to the internet, (2) analyze the collected data to determine whether the website information is performing phishing, and (3) mediate websites and other actors that are determined to be performing phishing based on the results of the phishing analysis.

Abstract: An erasing device includes: a first connector that is detachably connected to a storage device; a second connector that is detachably connected to an information processing device; a data eraser that erases information stored in the storage device after the storage device and the information processing device are connected to one another; and an access controller that, after the information stored in the storage device is erased by the data eraser, brings the information processing device from a state where the information processing device cannot access the storage device into a state where the information processing device can access the storage device.

Abstract: A target authentication device includes an electrode to detect an electrical signal associated with a user of the device. The electrical signal represents an authentication code for the device. An authentication receiver module is coupled to the electrode. The module receives the electrical signal from the electrode and determines whether the electrical signal matches a predetermined criterion to authenticate the identity of the user based on the electrical signal. An authentication module is also disclosed. The authentication module includes one electrode to couple an electrical signal associated with a user to a user of a target authentication device, the electrical signal represents an authentication code for the device. An authentication transmission module is coupled to the electrode. The authentication transmission module transmits the electrical signal from the electrode. A method of authenticating the identity of a user of a target authentication device also is disclosed.

Abstract: Various embodiments include methods and devices for implementing secure peripheral interface disablement on a computing device. Various embodiments may include receiving a trigger to disable a peripheral interface associated with a peripheral device of the computing device, identifying a physical address of the peripheral interface, and securely removing a mapping of an intermediate physical address of the peripheral interface to the physical address of the peripheral interface.

Abstract: Described are techniques for collaboration-based authentication including a method comprising storing a user profile comprising information related to a user account, a plurality of user devices, and a user calendar. The method further comprises detecting an authentication attempt associated with the user account and retrieving device information associated with a first device initiating the authentication attempt, a first location of the first device, a second location of a second device of the plurality of user devices, and a scheduled location based on the user calendar. The method further comprises determining that the authentication attempt comprises a security risk based on the device information associated with the first device, the first location of the first device, the second location of the second device, and the scheduled location. The method further comprises performing a mitigation action in response to determining that the authentication attempt comprises the security risk.

Abstract: Composite biometric authentication is provided to multiple users that share a financial account. The users can enroll the account for composite biometric authentication. The enrollment can include recording multiple biometrics of each user and storing them as a composite to use in authenticating user requests to authorize transactions involving the shared financial account. A unique combination of biometrics can be generated including a biometric of the multiple biometrics of each of the users and stored such that the unique combination must be provided to authenticate a future user request. To proceed with a transaction, a user of the multiple users initiates the transaction and provides their part of the unique combination. The other users provide their part of the unique combination by providing the specific biometric of the multiple biometrics they have previously provided. The transaction proceeds when all shares of the unique combination are provided and authenticated.

Abstract: Maintaining system security by receiving metadata associated with at least a part of one data file from a metadata storage unit, generating a priority for the at least a part of one data file according to the metadata, and conducting a scan of the part of the data file. The metadata includes one or more virus indicators.

Abstract: Apparatus and methods securely limiting access to a document segment. The apparatus may include a use-zone definition engine. The use-zone may include a zone in which authorized individuals may engage in activity regarding a document segment that is designated for use in the zone. The zone may be defined based on zone parameters such as geographic coordinates or network domains. The apparatus may include a use-zone instancing engine. The instancing engine may be configured to attach to the segment an executable program corresponding to the use-zone. The executable program may be configured to verify that the segment is inside the zone and that the user is authorized to be in the zone. The executable program may be configured to destroy a copy of the segment residing on a device registered to the user.

Abstract: A cybersecurity server receives an executable file. The executable file is disassembled to generate assembly code of the executable file. High-entropy blocks and blocks of printable American Standard Code for Information Interchange (ASCII) characters are removed from the assembly code. Instructions of the assembly code are normalized, chunked, and merged into a data stream. The digest of the data stream is calculated using a fuzzy hashing algorithm. The similarity of the digest to a malicious digest is determined to evaluate the executable file for malware.

Abstract: A first similarity is calculated between a first feature amount of first biological information acquired from a first person among multiple persons to be subjected to authentication and a second feature amount of second biological information acquired from a second person among the multiple persons to be subjected to authentication, and multiple second similarities between the first feature amount and multiple registered feature amounts of biological information acquired from multiple registered persons are calculated. When authentication of the first person is successful, first registered feature amounts to be subjected to similarity calculation are selected from among the multiple registered feature amounts, based on the first similarity and the multiple second similarities. Third similarities are calculated between the second feature amount and the first registered feature amounts, and authentication on the second person to be subjected to authentication is executed based on the third similarities.