Abstract: Various aspects of the disclosed technology relate to techniques of using control test points to enhance hardware security. The design-for-security circuitry reuses control test points, a part of design-for-test circuitry. The design-for-security circuitry comprises: identity verification circuitry; scrambler circuitry coupled; and test point circuitry. The test point circuitry comprises scan cells and logic gates The identify verification circuitry outputs an identity verification result to the scrambler circuitry to enable/disable control test points of the test point circuitry through the logic gates, and the scrambler circuitry outputs logic bits for loading the scan cells to activate/inactivate the control test points through the logic gates.

Abstract: A social networking system maintains a limited user profile associated with a user of the social networking system who does not satisfy one or more criteria for the social networking system to maintain a user profile. The limited user profile includes information describing the user and allows the user to be associated with limited types of interactions with the social networking system. An administrator is associated with the limited user profile and may modify information associated with the limited user profile as well as authorize or deny interactions involving the limited user profile. When the user satisfies criteria for the social networking system maintaining a user profile, the social networking system generates a user profile based on information in the limited user profile and prior interactions involving the limited user profile.

Abstract: A media distribution system provides controlled distribution of media owned by various parties hosted on a local media access device. A media image communication system provides a secure method of communications between the media host and the client receiving and viewing the media. The media image communication system converts a typical text message into an image file format to prevent unauthorized access to the message, and to prevent any changes and/or manipulation of the message content.

Abstract: According to one embodiment, an anonymization apparatus according to an embodiment is configured to execute a determination process, a division process, and a process of recursively executing at least the determination process and the division process, and to thereafter execute anonymization. A number-of-kinds calculation circuit calculates a number of kinds of different attribute values for each of a plurality of attributes, before the determination process is executed. A determination circuit determines the attribute to be noticed, based on also the calculated number of kinds. A sort circuit sorts a plurality of personal data items, based on the calculated number of kinds, before the division process is executed.

Abstract: In an example embodiment, a system analyzes a set of computer routines. The system may perform an analysis including a determination of a likelihood of vulnerability to unexpected behavior for one or more computer routines of the set. Based upon the analysis, the system may identify one or more computer routines of the set having the likelihood of vulnerability. The system may asynchronously and dynamically manipulate at least one of the one or more computer routines through a testing technique. The system may determine unexpected behavior of at least one of the one or more computer routines.

Abstract: A system for anonymizing and aggregating protected information (PI) from a plurality of data sources includes a master index server coupled to a data repository. The master index server receives an anonymized records associated with an individual from a plurality of data hashing appliances. The system includes a cluster matching engine that applies a plurality of rules to hashed data elements of the received record for comparing hashed data elements of the record with hashed data elements of a plurality of clusters of anonymized records associated with different individuals stored in the data repository to determine whether the individual associated with the received record corresponds to an individual associated with one of the clusters of anonymized records. When a match is found, the cluster matching engine adds the received record to the cluster of anonymized records associated with that individual.

Abstract: Aspects of the subject matter described herein relate to a simplified login for mobile devices. In aspects, on a first logon, a mobile device asks a user to enter credentials and a PIN. The credentials and PIN are sent to a server which validates user credentials. If the user credentials are valid, the server encrypts data that includes at least the user credentials and the PIN and sends the encrypted data to the mobile device. In subsequent logons, the user may logon using only the PIN. During login, the mobile device sends the PIN in conjunction with the encrypted data. The server can then decrypt the data and compare the received PIN with the decrypted PIN. If the PINs are equal, the server may grant access to a resource according to the credentials.

Abstract: Systems and methods for device-agnostic, multi-factor network authentication are disclosed. In some embodiments, a wireless network connection can authenticate a device over secure authentication means with a certificate that confirms a device identity. After authenticating the device, a user can be prompted to provide credentials in a captive portal. The captive portal can be inaccessible to devices that have not already authenticated using a certificate. After providing approved credentials to the captive portal, the user can access the network. This embodiment and additional embodiments are readily integrated into private wireless networks and others.

Abstract: A system and method for securing a hypervisor and operating systems that execute on a computing device. An encrypted hypervisor is uploaded to a hardware chip. Prior to being executed, the hypervisor is decrypted using a secure security processor and stored in an on-chip memory. When a processor on the hardware chip executes the hypervisor, at least one on-chip component continuously authenticates the hypervisor during execution. A hypervisor configures a processor with access rights associated with an operating system, where the access rights determine access of the operating system to an at least one resource. A transaction filter then uses the access rights associated with the operating system to monitor the access of the operating system to the at least one resource in real-time as the operating system executes on a processor.

Abstract: A network connected secure system for validating electronic certificate codes. The network connected secure computing system is coupled to a network for access by a plurality of users at a plurality of user devices. The system includes a database to store information including at least user accounts, electronic certificates associated with the user accounts, and electronic certificate codes associated with the electronic certificates. The system also includes a downloadable mobile software application. The system is configured to validate the downloaded mobile software application, provide one or more electronic certificates and one or more electronic certificate codes for display at the user devices.

Abstract: In one aspect, a device includes a processor and a memory accessible to the processor. The memory bears instructions executable by the processor to receive at least a first Bluetooth low energy (BLE) signal from a BLE beacon and enable a first function of the first device at least in part in based on receipt of the first BLE signal.

Abstract: In an embodiment, a computer system is configured to improve security of server computers interacting with client computers through an intermediary computer, and comprising: a memory comprising processor logic; one or more processors coupled to the memory, wherein the one or more processors execute the processor logic, which causes the one or more processors to: intercept, from a server computer, one or more original instructions to be sent to a browser being executed on a client computer; inject, into the one or more original instructions, one or more browser detection instructions, which when executed cause one or more operations to be performed by an execution environment on the client computer and send a result that represents an internal state of the execution environment after performing the one or more operations to the intermediary computer; send the one or more original instructions with the one or more browser detection instructions to the browser; receive the result and determine whether the browse

Abstract: The present disclosure provides a method, an apparatus, and a system for cooperative defense on a network. Alarm information sent by a security device of a first subnet that is being attacked is received by a controller; the controller generates flow table information according to the alarm information, and forwards the flow table information to a switching device of the first subnet and a switching device of at least one second subnet, which is equivalent to that, after detecting an attack, a security device of a subnet generates alarm information, and shares, by using the controller, the alarm information with a switching device of the subnet and a switching device of another subnet that is not being attacked, to form networkwide cooperative defense, thereby enhancing network security.

Abstract: A security code input may be obfuscated from a thermal imaging device by randomly heating a random set of inputs of an input device. The security code is inputted on an input device, which communicates with a security system to grant or deny access to a user based on an entry of the security code. The input device includes a plurality of hearing elements. The input device may receive an input from the user. A random set of heating elements including one or more heating elements, are generated from the plurality of heating elements. A temperature is determined for the one or more heating elements of the random set of heating elements. The temperature is then applied to the one or more heating elements of the random set of heating elements of the input device.

Abstract: Techniques described herein relate to analyzing executions of content resources within networks of execution client devices, and selecting sets of interactive content resources for execution on particular execution devices based on such analyses. Content resource execution data may be received from various execution client devices on which content resources have been executed and provided to end users. Such data may be analyzed to determine correlations between a first content executor and additional content executors based on the their respective content resource execution data, and the content resource execution data of correlated content executors may be aggregated and analyzed to select particular interactive content resources for the first content executor. Such selections may be provided to first content executor during a content execution session following an authenticated login by the first content executor.

Abstract: A communication apparatus includes a holding unit, an updating unit, an authentication unit, a mode controller, and a mode acquisition unit. The holding unit holds configuration information used to control the communication apparatus. The updating unit updates the configuration information held in the holding unit with occasional configuration information. The authentication unit performs user authentication in communication with the external apparatus. The mode controller controls the mode of the communication apparatus. The mode acquisition unit acquires the mode of the communication apparatus controlled by the mode controller. The configuration information includes an account configuration used for the authentication unit. Depending on a result of acquisition performed by the mode acquisition unit, the updating unit does not update, with the occasional configuration information, at least part of the account configuration included in the configuration information held in the holding unit.

Abstract: An automobile device transmits data to a server in a communication network. The automobile device records the data received from one or more transmitters located in an automobile. The automobile device transmits a random access preamble on an uplink carrier to a base station when a pre-defined condition is met. The automobile device encrypts the data and transmits the encrypted data to a server via a base station.

Abstract: Systems and methods are described for delegating permissions to enable account access to entities not directly associated with the account. The systems determine a delegation profile associated with a secured account of at least one customer. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile.

Abstract: A system for performing distributed computing. The system comprises a plurality of compute node resources for performing computations for the distributed computing, a management resource for managing each of the compute node resources in the plurality, and a virtual cloud network. The management resource and the plurality of compute node resources are interconnected via the virtual cloud network.

Abstract: According to an embodiment, a code processing apparatus includes a determining unit, a concealing unit, an instructing unit, and an unconcealing unit. The determining unit is configured to determine, based on relocation information included in first code data that includes a code body and relocation information representing a portion of the code body to be relocated by a linker, a first portion including at least a part of the code body that is other than the portion. The concealing unit is configured to conceal the first portion. The instructing unit is configured to instruct the linker to process the first code data having the first portion concealed. The unconcealing unit is configured to unconceal the concealed portion of second code data that is generated from the first code data by the linker.