Abstract: In some examples of a virtual computing environment, multiple virtual machines may execute on a physical computing device while sharing the hardware components corresponding to the physical computing device. A hypervisor corresponding to the physical computing device may be configured to designate a portion of a cache to one of the virtual machines for storing data. The hypervisor may be further configured to identify hostile activities executed in the designated portion of cache and, further still, to implement security measures on those virtual machines on which the identified hostile activities are executed.

Abstract: A method, system and apparatus for enhancing the security of a beacon device are herein disclosed. A service device includes a service communication unit and a service control unit. The service communication unit communicates with at least one terminal and a beacon device, and transmits and receives data required to enhance the security of the beacon device. The service control unit performs control so as to receive pieces of identification information from the terminal and the beacon device, to check the received pieces of identification information and then perform validation based on the times at which the pieces of identification information have been generated and whether authentication keys match each other, to extract service information in response to the result of the validation, and to transmit the extracted service information to the terminal.

Abstract: A method and/or computer program product receives computer inputs from a toroidal flexible input device. Physical contact between a toroidal flexible input device and a display on a computer is detected. The toroidal flexible input device is authenticated, and a communication session between the toroidal flexible input device and the computer is established. The computer then receives inputs from the toroidal flexible input device while the toroidal flexible input device is in physical contact with the display on the computer.

Abstract: One embodiment provides an apparatus. The apparatus includes a lightweight cryptographic engine (LCE), the LCE is optimized and has an associated throughput greater than or equal to a target throughput.

Abstract: A method and system for sharing an application among a plurality of electronic devices includes registering the plurality of electronic devices with a first electronic device. The method includes storing information regarding device capabilities of the plurality of electronic devices in a device information database. The method includes storing information regarding requirements of the application in the device information database. The plurality of electronic devices is selected by the first electronic device. The method includes executing the application in the first electronic device as a request initiated by second electronic device. Execution is performed by utilizing processor resources in the first electronic device. The method includes maintaining synchronization of the first electronic device and the plurality of electronic devices. The method includes rendering output data of the application in at least one of the plurality of electronic devices.

Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.

Abstract: Techniques are disclosed for efficient computation of consecutive values of one-way chains and other one-way graphs in cryptographic applications. The one-way chain or graph may be a chain of length shaving positions i=1, 2, . . . s each having a corresponding value vi associated therewith, wherein the value vi is given by vi=h (vi+1), for a given hash function or other one-way function h. An initial distribution of helper values may be stored for the one-way chain of length s, e.g., at positions given by i=2j for 0?j?log2 s. A given one of the output values vi at a current position in the one-way chain may be computed utilizing a first helper value previously stored for another position in the one-way chain between the current position and an endpoint of the chain. After computation of the given output value, the positions of the helper values are adjusted so as to facilitate computation of subsequent output values.

Abstract: Verifiable, secure communications between a sender and a receiver on at least one shared communication channel is provided. A manicoded key encoder produces an argument of knowledge for a secret key to the at least one shared communication channel, and a manicoded message encoder provides an implication argument indicating that knowledge of the secret key enables access to message content of the manicoded message. The argument of knowledge is included in a key manifest for the secret key within a manicoded key, and the implication argument is included in a message manifest of a manicoded message. In this way, the sender may provide message content within the manicoded message, and the receiver may operate a decoder to access the message content. A verifier may use the manicoded key and the manicoded message to verify that the receiver has access to the message content.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for selectively performing man in the middle decryption. One of the methods includes receiving a first request to access a first resource hosted by a server outside the network, determining whether requests from the client device to access the first resource outside the network should be redirected to a second resource hosted by a proxy within the network, providing a redirect response to the client device, the redirect response including the second universal resource identifier, establishing a first encrypted connected between the client device and the proxy hosting the second resource, and a second encrypted connection between the proxy hosting the second domain and the server hosting the first resource, and decrypting and inspecting the encrypted communication traffic passing between the client device and the server hosting the first resource.

Abstract: A mechanism is provided for sending a password to a terminal. A password send request is received. The status of each of a plurality of terminals coupled to the information processing device via a network is acquired. On the basis of the acquired statuses, at least one item is selected from a group comprising the terminal serving as a destination for the password, the communication method with the terminal, or the method for inputting the password in the terminal. The password is then sent to the selected terminal via a network.

Abstract: Method and device for supplying of a data set stored in a database to supply of a data set, e.g. the content of a copy protected audio CD, which is stored in a database, e.g. to a user PC on which said content of a copy protected audio CD cannot be accessed, the following steps are performed: receiving a serial code of a set of serial codes assigned to said data set, verifying of said received serial code, in case of a positive verification, accessing said data set correspond to said received and positively verified serial code from said database and outputting of at least parts of said accessed data.

Abstract: A system and method for providing authentication of a user is disclosed. The use of a non-confidential and unique user identification number and a temporary access code separates authentication of the user from transmission of any user passwords or user-identifiable data, as well as provides a ubiquitous means to authenticate the user with unrelated organizations, without any information passing between those organizations.

Abstract: A vendor usage assessment system analyzes network traffic from an enterprise data network and generates vendor usage analytics for the enterprise. In some embodiments, the vendor analytics may include vendor usage risk assessment. The vendor usage assessment system is advantageous applied to assess network security in view of an enterprise's network interactions with third party vendors or suppliers.

Abstract: A method of configuring a network device for key sharing and a method for a first network device to determine a shared key are provided. The method of configuring uses a private modulus (p1) a public modulus (N), and a bivariate polynomial (f1) having integer coefficients, the binary representation of the public modulus and the binary representation of the private modulus are the same in at least key length (b) consecutive bits. Local key material for a network device is generated by substituting an identity number into the bivariate polynomial and reducing modulo the private modulus the result of the substitution to obtain a univariate polynomial. Security may be increased by adding (440) one or more obfuscating numbers to coefficients of the univariate polynomial to obtain an obfuscated univariate polynomial.

Abstract: Some embodiments provide an electronic device with a novel content redaction engine. The content redaction engine of some embodiments determines whether to redact content for output based on whether a user is biometrically verified. When the content redaction engine receives verification data indicating that the user is biometrically verified, the device displays content without any portion redacted. On the other hand, when the content redaction engine does not receive such verification data, the device displays the content with at least a portion redacted. The electronic device of some embodiments additionally includes a biometric reader and a biometric verification engine. The biometric reader reads a person's uniquely identifying biometric data (e.g., thumbprint/fingerprint, iris scan, voice, etc.). This biometric information is then read by the biometric verification engine for comparison to a stored set of verified user biometric data.

Abstract: A method, system, and computer program product comprising intercepting communication between a virtual machine and encrypted replication data stored on a storage medium and redirecting the communication to a remote replication appliance; and using a key stored on the remote replication appliance to enable the virtual machine to facilitate communication with the encrypted replication data stored on the storage medium; wherein facilitating communication enables the virtual machine to interact with the encrypted replication data as unencrypted data.

Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.

Abstract: A cyber-attack scenario simulation system and method may include an aircraft simulator operable to generate an aircraft simulation, a cyber-attack generator operable to generate a cyber-attack simulation, a cyber defense generator operable to generate a cyber defense simulation, a scenario generator operable to generate a cyber-attack scenario including the cyber attack simulation and the cyber defense simulation and launch the cyber-attack scenario against the aircraft simulation, and a cyber-attack scenario analysis tool operable to assess an impact of the cyber-attack scenario on the aircraft simulation.

Abstract: Embodiments of the disclosure are directed towards a system and method for enabling an identity based connected service employing a “bound to identity” application usage model. The identity based connected service supports network access for the computing devices based on network connectivity associated with a device application. The system and method use the network access associated with the device application to communicate application state changes in a manner such that any instance of the device application executing on any of the computing devices associated with the same end-user identity remain coherent and consistent. The system and method authenticates an instance of the device application with a single authentication of the device application to an associated resource server.

Abstract: Embodiments of the present invention provide methods and systems for numeric keypad encryption using an augmented reality device. The method may include establishing a secure connection to an augmented reality device. A random keypad layout is generated and sent to the augmented reality device. The random keypad layout is displayed in the augmented reality view over a real-world numeric keypad.