Abstract: Presented herein are techniques for classifying devices as being infected with malware based on learned indicators of compromise. A method includes receiving, at a security analysis device, a set of feature vectors extracted from one or more flows of traffic to domains for a given user in a network during a period of time. The security analysis device analyzes the feature vectors included in the set of feature vectors with a set of operators to generate a set of per-flow vectors for the given user. Based on the set of per-flow vectors for the user, the security analysis device generates a single behavioral vector representative of the given user. The security analysis device classifies a computing device associated with the given user based on the single behavioral vector and at least one of known information or other behavioral vectors for other users.

Abstract: A technique for establishing connectivity between electronic devices is described. In particular, when an electronic device is first connected to a network, the electronic device may use a predefined location of a registrar device to request location information for a controller for the electronic device. The electronic device may provide a manufacturer certificate to the registrar device to confirm its identity. After receiving from the registrar device the location information and a registrar certificate that confirms its identity, the electronic device may use the location information to request the security information from a controller that allows the electronic device to establish connectivity with another electronic device. The electronic device may receive the security from the controller along with a controller certificate that confirms the identity of the controller. Moreover, the electronic device may establish a connection with the other electronic device based on the security information.

Abstract: A method for real-time processing of data retrieval requests is disclosed. The method includes: receiving, from a client device, a first login request to log in to a service; authenticating the user for login to the service; in response to authenticating the user, generating a first data string representing at least a unique device identifier for the client device and a validity period; storing the device identifier; sending, to the client device, the first data string; receiving, from the client device, a data retrieval request to retrieve a data set from a remote server, the data retrieval request including the first data string; determining whether the first data string is valid based on checking the validity period; in response to determining that the first data string is valid: obtaining the data set from the remote server; and sending, to the client device, first data based on the obtained data set.

Abstract: User bioelectrical authentication is provided. A bioelectrical configuration signature of a user in physical contact with a hardware token is received, via a token reader, during a low range radio frequency user authentication process to permit a secure transaction by the user. The bioelectrical configuration signature of the user is utilized as part of the low range radio frequency user authentication process to authenticate the user to perform the secure transaction.

Abstract: A method is provided for obfuscating program code to prevent unauthorized users from accessing video. The method includes receiving an original program code that provides functionality. The original program code is transformed into obfuscated program code defining a randomized branch encoded version of the original program code. The obfuscated program code is then stored, and a processor receiving input video data flow uses the obfuscated program code to generate an output data flow.

Abstract: Data in a portable electronic device is protected by using external and internal status detection means to determine if the device is misplaced, lost, or stolen. The device then takes, singly or in combination, one of several actions to protect the data on the device, including declaring its location to an owner or service provider, locking the device or specific functions of the device to disable all data retrieval functionality, erasing or overwriting all the stored data in the device or, where the data has been stored in the device in an encrypted format, destroying an internally-stored encryption key, thereby preventing unauthorized access to the encrypted data in the device.

Abstract: The invention relates to a method for ensuring the authenticity of at least one value of a device property wherein the device property is a characteristic of a device (6). According to the invention, at least one operating value (14, 16) of at least one dynamic device property is signed using a digital key (20), wherein an operating-dependent digital signature (2) is generated.

Abstract: Methods, systems and computer programs for verifying permissioning rights to one or more data resources associated with a data processing platform (DPP) are disclosed. An exemplary method comprises receiving an assertion statement identifying a user, a data resource and an operation performable with respect to the data resource; in response to receiving the assertion statement, generating a hierarchical representation of an access control list for the data resource identified in the statement and evaluating the hierarchical representation against a current state of permissions to determine if the received assertion statement is true or false in relation to said data resource identified in the assertion statement; in response to determining that the assertion is false, generating an error message for output.

Abstract: A method for requesting proof of delegation for delivery of content to a client terminal via an encrypted connection. The content is referenced on a content server, to which the client terminal emitted a request to obtain the content. The content server has delegated the delivery of the content to a primary delivery server. The method is implemented by a secondary delivery server, to which the primary delivery server has delegated the delivery of the content. The method includes: receiving a request to establish an encrypted connection, from the client terminal, including an identifier of the content server; emitting a request for proof of delegation of delivery, addressed to the content server; receiving of a message from the content server, including an encryption key; emitting a response for establishing an encrypted connection, addressed to the client terminal; and establishing the encrypted connection with the client terminal using the encryption key.

Abstract: Embodiments of the present invention provide a system for tracking and mapping flow of resources. The system is configured for receiving data from an external computing system, categorizing the data received from the external computing system, transferring the data to a first internal computing system, identifying transfer of the data from the first internal computing system to at least one other internal computing system, creating an interactive map associated with the transfer of the data from the external computing system to the at least one internal computing system, wherein the interactive map comprises one or more hop levels associated with the transfer of the data, receiving a query from one or more internal computing systems, wherein the query is associated with lineage of the data, and transmitting control signals to cause the one or more internal computing systems to display the interactive map associated with the data.

Abstract: A method for content delivery network (CDN) inter-node encryption by a CDN node includes receiving a symmetric key set and a key index from a key center, determining a key from the symmetric key set according to the key index, and performing encryption and decryption processing using the key when performing Hyper Text Transfer Protocol (HTTP) data transmission with another CDN node.

Abstract: A method for securely processing data includes: acquiring, by a first processor, security data from a second processor of a security server; and performing, by a secure element (SE) application run on the first processor, security processing on a trusted application (TA) of a trusted execution environment (TEE) using the security data. The method is simple to implement, and when combined with device network capabilities, may provide a solution that conforms to the SE while overcoming difficulty in integration and high costs of the hardware SE, thereby reducing costs of an IoT device.

Abstract: Methods, systems and apparatus, including computer programs encoded on computer storage media, for managing account private keys of a blockchain account registered by a user. In one example, the method includes obtaining identification information provided by the user; obtaining a private key set provided by the user, wherein the private key set comprises at least one account private key of a blockchain account registered by the user; establishing and storing an association relationship between the identification information and the private key set; obtaining an encryption key provided by the user; encrypting the private key set by using the encryption key to obtain an encrypted private key set; and storing the encrypted private key set on the user device.

Abstract: A method for execution by a dispersed storage and task (DST) processing unit includes obtaining audit records for an audit object and determining when the audit object is complete. When the audit object is complete, aggregating the audit records of the audit object within the audit object by generating the audit object to include the audit records; generating identifier (ID) information and generating integrity information. Fields of the audit object are populated with the audit records, the ID information, and the integrity information and a name of the audit object is determined for storage of the audit object and the name of the audit object in a dispersed storage network (DSN).

Abstract: Techniques described herein enhance information security in contexts that utilize key management systems and cryptographic keys. A cryptographic structure is utilized to maintain cryptographic keys with associated expiration times such that after an expiration time associated with a cryptographic key has passed, the cryptographic key is no longer accessible.

Abstract: Existing approaches to security within network, for instance oneM2M networks, are limited. For example, content might only be protected while the content is in transit between entities that trust each other. Here, the integrity and the confidentiality of content in an M2M network are protected. Such content may be “at rest,” such that the content is stored at a hosting node. Only authorized entities may store and retrieve the data that is stored at the hosting node, and the data may be protected from a confidentiality perspective and an integrity perspective.

Abstract: In an access management system for managing access to data handled on a shared server, the data in a registered folder on the shared server is kept in secret through transform using an access key. A database in the system is configured to store identification information of n shares generated by splitting the access key using threshold secret sharing scheme in association with a data path of a folder assigned to a first user. Some of the shares are retained in the system as system shares and at least one remaining share is provided to the first user as a user share. When an access request is received along with a first user share from the first user, target data recovered using the access key recovered based on a number of shares that satisfies the quorum is deployed to the registered folder.

Abstract: There is provided an encrypted message search technique making it difficult to, at the time of searching for a message in a state of being encrypted, guess content of the search and a result of the search.

Abstract: There are disclosed devices, system and methods for detecting malicious scripts received from malicious client side vectors. First, a script received from a client side injection vector and being displayed to a user in a published webpage is detected. The script may have malicious code configured to cause a browser unwanted action without user action. The script is wrapped in a java script (JS) closure and/or stripped of hyper-text markup language (HTML). The script is then executed in a browser sandbox that is capable of activating the unwanted action, displaying execution of the script, and stopping execution of the unwanted action if a security error resulting from the unwanted action is detected. When a security error results from this execution in the sandbox, executing the malicious code is discontinued, displaying the malicious code is discontinued, and execution of the unwanted action is stopped.

Abstract: Systems and methods are provided to allow a smart phone or any terminal to activate a door lock using a web site or server computer system. An access control system is provided that includes a server and an access device. The access device includes a processor and a communication module. The process has control of a door lock and is able to receive a reservation certificate presented by a portable terminal through the communication module. The processor activates the door lock when a current reservation certificate has been presented.