Abstract: A rotating magnetic physical unclonable function (PUF) is disclosed. Rotating the PUF enables robust low cost PUF readers. PUF may be incorporated into a user-replaceable supply item for an imaging device. A PUF reader may be incorporated into an imaging device to read the PUF. Other systems and methods are disclosed.

Abstract: Providing access to a restricted resource via a persistent authenticated device network, including: authenticating a user; joining a persistent authenticated device network; iteratively, upon the expiration of a predetermined period of time, determining whether the user remains authenticated; responsive to determining that the user remains authenticated, determining whether a downstream computing device in the persistent authenticated device network is attempting to access a restricted resource; and responsive to determining that the downstream computing device in the persistent authenticated device network is attempting to access a restricted resource, providing user authentication information to the downstream computing device.

Abstract: Tamper-respondent assemblies and methods of fabrication are provided which include a tamper-respondent electronic circuit structure. The tamper-respondent electronic circuit structure includes a tamper-respondent sensor. The tamper-respondent sensor includes, for instance, at least one flexible layer having opposite first and second sides, and circuit lines forming at least one resistive network. The circuit lines are disposed on at least one of the first or second side of the at least one flexible layer, and have a line width Wl?200 ?m, as well as a line-to-line spacing width Ws?200 ?m. In certain enhanced embodiments, the tamper-respondent sensor includes multiple flexible layers, with a first flexible layer having first circuit lines, and a second flexible layer having second circuit lines, where the first and second circuit lines may have different line widths, different line-to-line spacings, and/or be formed of different materials.

Abstract: Malware detection techniques that detect malware by identifying the C&C communication between the malware and the remote host, and distinguish between communication transactions that carry C&C communication and transactions of innocent traffic. The system distinguishes between malware transactions and innocent transactions using malware identification models, which it adapts using machine learning algorithms. However, the number and variety of malicious transactions that can be obtained from the protected network are often too limited for effectively training the machine learning algorithms. Therefore, the system obtains additional malicious transactions from another computer network that is known to be relatively rich in malicious activity. The system is thus able to adapt the malware identification models based on a large number of positive examples—The malicious transactions obtained from both the protected network and the infected network.

Abstract: The present invention relates to an active defense method based on cloud security comprising: a client collecting and sending a program behavior launched by a program thereon and/or a program feature of the program launching the program behavior to a server; with respect to the program feature and/or the program behavior sent by the client, the server performing an analysis and comparison in its database, making a determination on the program based on the comparison result, and feeding back to the client; based on the feedback determination result, the client deciding whether to intercept the program behavior, terminate execution of the program and/or clean up the program, and restore the system environment. The invention introduces a cloud security architecture, and employs a behavior feature based on active defense to search and kill a malicious program, thereby ensuring network security.

Abstract: A computing apparatus configured to verify a digital signature applied on a set of data received from a user device, including an user ID assigned by a partner system to uniquely identify a user of the user device among customers of the partner system, and a user device identifier identifying the user device. The digital signature is generated via applying a cryptographic one-way hash function on a combination of the set of data and a secret, shared between the computing apparatus and the partner system via a secure communication channel separate from a channel used to receive the set of data.

Abstract: Providing synchronous processing of the designated computing events using hardware-assisted virtualization technology by performing at least the following: detecting a designated computing event using a high priority, low capability routine, creating a copy code in an alternate memory space of a first code located in a first memory space, modifying the copy code to call for analysis of at least a portion of the copy code that corresponds to the first code, switching execution of the first code with the modified copy code using an address translation data structure that translates a guest memory address to a host memory address after a return of the high priority, low capability routine; and analyzing synchronously the at least a portion of the code within the copy code that corresponds to the first code based on the replacement of the first code with the modified copy code.

Abstract: An authentication device may be provided. The authentication device may include a memory configured to store: a first public key; and first data signed using a first private key corresponding to the first public key, the signed data including a second public key. The authentication device may further include a first verification circuit configured to verify the first data using the first public key; and a second verification circuit configured to verify second data using the second public key, the second data signed using a second private key corresponding to the second public key.

Abstract: An information processing apparatus comprises: storage unit that stores a first converted value converted by a one-way function in association with user identification information; input unit that receives, from a user, input of the user identification information and authentication information; holding unit that holds the authentication information input by the user; authentication unit that executes user authentication by converting, by the one-way function, the authentication information input by the user into a second converted value and checking the second converted value against the first converted value stored in the storage unit in association with the user identification information input by the user; and control unit that, based on success of the user authentication, causes the storage unit to store the authentication information held by the holding unit in place of the first converted value stored in the storage unit.

Abstract: A multithreaded system includes a processor core having a plurality of hardware threads. One or more of the hardware threads is dedicated to execute only trusted code and the remaining hardware threads are configured to execute untrusted code. The multithreaded system further includes a DLNA (Digital Living Network Alliance) server configured to communicate secure requests to one or more of the hardware threads dedicated to execute only trusted code and communicate other requests to one or more of the remaining hardware threads configured to execute untrusted code.

Abstract: A method for encoding high dynamic range (HDR) images involves providing a lower dynamic range (LDR) image, generating a prediction function for estimating the values for pixels in the HDR image based on the values of corresponding pixels in the LDR image, and obtaining a residual frame based on differences between the pixel values of the HDR image and estimated pixel values. The LDR image, prediction function and residual frame can all be encoded in data from which either the LDR image of HDR image can be recreated.

Abstract: A controller for user authentication and access control, configured to: store data representing a graph having: nodes representing data elements associated with accesses made using an access token; and links among the nodes representing connections between the data elements identified in details of the accesses. In response to receiving details of an access made using the access token, the controller updates the graph according to the details and identifies a new connection in the graph resulting from update. The controller communicates with an identity service to verify the association of data elements corresponding to the new connection in the graph. Based on a result of the verification, the controller authenticates the user of the access and/or controls the access.

Abstract: A method includes receiving a first secured registration request message from user equipment at a registration server in an Internet Protocol multimedia subsystem network, the first secured registration request message being secured using a first security protocol, determining at the registration server that the first secured registration request message cannot be decoded using the first security protocol, sending a message from the registration server to the user equipment proposing a second security protocol, and receiving a second secured registration request message from the user equipment at the registration server, the second secured registration request message being secured using the second security protocol.

Abstract: In one embodiment, note is received from a first user, comprising a message and a first location. The first location may be specified by the first user. A number of second users are identified based on a respective second location of each identified second user being within a threshold distance of the first location. The message of the note is sent to the identified second users. When the message is sent, it is determined whether a current location of the first user is within a predetermined distance from the first location. If the current location is within the predetermined distance, a notification is sent to the first user informing the first user that the message has been sent to the identified second users.

Abstract: Disclosed are systems and methods for protecting transmission of audio data from microphone to application process. An exemplary method includes receiving a request from a software process to obtain an audio stream from an audio endpoint device; allocating a data buffer for the software process; processing and encrypting audio data received from the audio endpoint device by audio processing objects; storing the encrypted audio data in the allocated data buffer; installing an interceptor of a API function call for the software process; and decrypting the encrypted audio data from the allocated data buffer by the software process using the interceptor of the API function call.

Abstract: A data storage management process is directed to aspects of managing encrypted data via data storage volumes in conjunction with a service provider computer network that hosts virtual machine instances. A volume can be created and configured for managing encrypted data with an encrypted version of a volume key. The volume can be attached to a virtual machine instance such that the virtual machine instance accesses the volume in a transparent fashion based on the volume key. Encrypted data specific to the volume can be copied across multiple regions of data storage each associated with distinct encrypted versions of a volume key corresponding to the volume.

Abstract: Embodiments of a wireless device and methods for rekeying with reduced packet loss in a wireless network are generally described herein. In some embodiments, during rekeying operations a new key for reception may be installed early (i.e., prior to receipt of a rekeying confirmation message). The use of the new key for transmission may be delayed until after receipt of the rekeying confirmation message. The early installation of the new key for reception may allow both the new key and old key to be active at the same time for use decrypting received packets to reduce packet loss during rekeying operations. The rekeying confirmation message may be the fourth message of a four-way handshake for rekeying. In some embodiments, two key identifiers may be alternated between four-way handshakes to prevent deletion of the old key.

Abstract: Systems, devices and methods are disclosed to assist in configuring devices and policies to protect a regional network (e.g., home network) and its users. Users on the network are monitored to determine appropriate configuration settings and preferences by utilizing a combination of internally configured information and externally gathered information for each user. For example, externally gathered information may include information obtained about a user from one or more social media Internet sites. Automatically obtained information may be used to provide or augment policy information such that a user's preference relative to internet content (e.g., content blocking software configuration) may be achieved without requiring an administrator to individually prepare each users security profile and configuration.

Abstract: Methods, systems, and computer program products are provided for recovering from false positives of malware detection. Malware signatures that are defective may be causing false positives during software scanning for malware. Such defective malware signatures may be detected (e.g., by user feedback, etc.) and revoked. Computers that are using the malware signatures to detect malware may be notified of the revoked signatures, and may be enabled to re-scan content identified as containing malware using malware signatures that do not include the revoked malware signatures. As such, if the content is determined during the re-scan to not be infected, the content may be re-enabled for usage on the computer (e.g., may be restored from quarantine storage).

Abstract: A display apparatus transmits a picture acquisition request for getting picture information to an external image apparatus connected through a predetermined interface to the display apparatus from the external image apparatus at predetermined intervals and gets a plurality of pieces of picture information from the external image apparatus to be displayed. The plurality of pictures may be switched at predetermined intervals, for example, to be displayed, so that the plurality of pictures may be displayed in a so-called slide show manner. A plurality of pictures for thumbnail may be produced from the plurality of pieces of picture information and be arranged together to be displayed in one picture screen of a display device.