Abstract: For a network including multiple computers acting as tunnel endpoints in a network, some embodiments provide a method for processing data messages in parallel using multiple processors (e.g., cores) of each computer. Each computer in some embodiments has a set of interfaces configured as tunnel endpoints connecting to multiple tunnels. In some embodiments, the multiple processors encrypt data messages according to a set of encryption parameters or multiple sets of encryption parameters that specify an encryption policy for data messages requiring encryption, an encryption algorithm, an encryption key, a destination network address, and an encryption-parameter-set identifier.

Abstract: A trusted device responsible for evaluating trustworthiness of unknown devices is provided. Trust evaluation rules usable to determine whether to authorize unknown devices to access a resource are received. A request to access the resource and device evaluation attributes are received from an unknown device. The trustworthiness of the unknown device is evaluated based upon the device evaluation attributes using the trust evaluation rules. In response to determining that the unknown device is trustworthy, a credential for accessing the resource is provided to the unknown device, and the device evaluation attributes of the unknown device and an identification of the unknown device are sent to a registrar for the resource.

Abstract: A method and arrangement for providing warnings based upon potential security compromising actions is discussed. Monitoring of system changes, temperature, humidity, power levels and reconfiguration of system components is performed and compared to threshold levels, with warning generated when monitored conditions fall outside of expected bounds.

Abstract: Example techniques locate or identify malware based on events from or at monitored computing devices. A control unit can detect a sequence of events of various types. The control unit can locate a loop within the sequence of events based at least in part on relative frequencies of the event types. The control unit can determine a distribution of event types of the events within the loop, and determining that software running the sequence is associated with malware based at least in part on the distribution of event types within the loop. In some examples, the control unit can locate a point of commonality among a plurality of stack traces associated with respective events within the loop. The control unit can determine a malware module comprising the point of commonality.

Abstract: The present disclosure provides a system and a method for communication service verification and a verification server thereof. The method includes: obtaining a light code from a light code transmission device through a user device; demodulating the light code by the user device to generate a cipher; receiving a service request sent from the user device by a service system server; receiving a verification request sent from the user device or the service system server by a verification server; and retrieving a decryption key by the verification server based on the verification request, so as to decode the cipher in the verification request using the decryption key and obtain a decoding result.

Abstract: Securely performing file operations. A method includes determining a licensing characteristic assigned to a file. When the licensing characteristic assigned to the file meets or exceeds a predetermined licensing condition, then the method includes performing a file operation on the file in a host operating system while preventing the file operation from being performed in the guest operating system. When the licensing characteristic assigned to the file does not meet or exceed the predetermined licensing condition, then the method includes performing the file operation on the file in the guest operating system while preventing the file operation from being performed directly in the host operating system.

Abstract: A method, computer program product, and a system where a processor(s), obtains pre-recorded visual data from a given location, captured by an image capture device at a visual input location at the given location. The processor(s) determines a position of the image capture device utilized to capture the visual data. The processor(s) obtains known landmarks from data related to the given location. The processor(s) analyzes the visual data to identify a portion of the known landmarks in the visual data, where the analyzing generates matched landmarks. The processor(s) determines a spatial orientation and positioning of the visual input location with respect to the matched landmarks, at the given location. The processor(s) generates an encryption key, utilizing the spatial orientation and the positioning of the visual input location with respect to the matched landmarks. The processor(s) encrypts a message with the encryption key, generating an encrypted message.

Abstract: Systems, methods, and computer-readable media for communications between applications in a mobile operating system. A first application may receive a request for data from a second application. The first application may generate a first URL to the second application, a parameter of the first URL comprising an identifier of the first application. A mobile operating system may access the first URL to open the second application. The second application may validate credentials for an account and initiate a server on a port. The second application may generate a second URL to the first application, a parameter of the second URL comprising the port. The operating system may access the second URL to open the first application. The first application may establish a connection with the server using the port specified in the second URL and receive data from the second application via the connection with the server.

Abstract: Techniques for generating dynamic challenge questions for use in an authentication process are provided herein. An example computer-implemented method can include outputting a first prompt to a user via a user device interface, wherein the first prompt comprises a first set of information-gathering questions; generating dynamic challenge questions for use in an authentication process, wherein the dynamic challenge questions are generated based on user responses to the first set of information-gathering questions; generating a second prompt in connection with an authentication request, wherein the second prompt is based at least in part on at least one of the dynamic challenge questions; processing a user response to the at least one dynamic challenge question, wherein said processing comprises determining a likelihood that the user response matches an automatically estimated response; and resolving the authentication request based on the processing.

Abstract: An entanglement and recall system includes an antifuse-type PUF cell array and a processing circuit. The antifuse-type PUF cell array generates at least one key. The processing circuit is connected with the antifuse-type PUF cell array to receive the at least one key. While an entanglement action is performed, the processing circuit receives a plain text and the at least one key and generates a cipher text according to the plain text and the at least one key. While a recall action is performed, the processing circuit receives the cipher text and the at least one key and generates the plain text according to the cipher text and the at least one key.

Abstract: Multi-factor authentication is started by a software component on a first computing system identifying request information for an access code to allow access to a network resource. The request information is transmitted from the first computing system to a second computing system. Access to the network resource is confirmed at the second computing system in response to the request information. The access code is automatically provided to the software component on the first computing system in response to the confirming access to the network resource at the second computing system. The software component then provides the access code to allow access to the network resource.

Abstract: In a general aspect, a test method can include: acquiring a plurality of value sets, each comprising values of a physical quantity or of logic signals, linked to the activity of a circuit to be tested when executing distinct cryptographic operations applied to a same secret data, for each value set, counting occurrence numbers of the values of the set, for each operation and each of the possible values of a part of the secret data, computing a partial result of operation, computing sums of occurrence numbers, each sum being obtained by adding the occurrence numbers corresponding to the operations which when applied to a same possible value of the part of the secret data, provide a partial operation result having a same value, and analyzing the sums of occurrence numbers to determine the part of the secret data.

Abstract: Sharing data in a data exchange across multiple cloud computing platforms and/or cloud computing platform regions is described. An example computer-implemented method can include receiving listing information to create a listing in a data exchange, wherein the listing information includes a data set identifier for a data set hosted by a first cloud computing entity and a set of cloud computing entities for the listing. The method may also further include creating, by a processing device, the listing in the data exchange, wherein the data set can be shared from the first cloud computing entity with the set of second cloud computing entities using at least a provider corresponding account of that second cloud computing entity.

Abstract: An electronic device and method are disclosed herein. The electronic device includes a biometric sensor and at least one processor. The processor implements the method, including receiving biometric information through a biometric sensor electrically coupled with the electronic device, when the received biometric information is authenticated, detecting by a processor at least one content that correlates with the received biometric information, and outputting the detected at least one content that correlates with the biometric information.

Abstract: Data items such as files or database records associated with particular applications (such as messaging applications and other applications) can be stored in one or more remote locations, such as a cloud storage system, and synchronized with other devices. The remote storage can be configured such that each application executing on a client device can only view data items stored at the remote location to which the application has permission to access. An access manager on each client device enforces application specific access policies. Storage at the remote location can be secured for each application associated with a user or user account, for example, using isolated containers. The cloud storage of data can be anonymized and anonymous group data can be stored in the cloud storage.

Abstract: The techniques described herein enable a user that sends an email message that includes encrypted content to define a time period during which a recipient of the encrypted content has decrypted access rights. To effectively define the time period, the user can set a time at which the decrypted access rights for the recipient expire. The time occurs after a time at which the email message is sent to the recipient. Upon expiration of the time period, the decrypted access rights to the encrypted content is revoked for the recipient of the email message, thereby providing a proactive element of security for confidential and/or sensitive information. Further, the techniques enable a user to revoke decrypted access rights to the encrypted content for a recipients at any given time after the email message has already been sent, thereby adding a reactive element of security for confidential and/or sensitive information.

Abstract: A method, apparatus, and computer program product for processing a data record including encrypted and decrypted data is described. Various embodiments include receiving a data record including ciphertext and plaintext blocks and determining whether each block in the data record is a ciphertext block or a plaintext block. If a block is a ciphertext block, the ciphertext block is stored into a ciphertext record, decrypted into a plaintext block utilizing a decryption algorithm, and stored in a plaintext record. If the block is a plaintext block, the plaintext block is stored into the plaintext record, encrypted into a ciphertext block utilizing an encryption algorithm, and stored in the ciphertext record. Embodiments described also include authenticating the data record by passing each block of the ciphertext record to an authentication scheme and outputting the plaintext record to a destination application.

Abstract: Disclosed are some implementations of systems, apparatus, methods and computer program products for facilitating the authentication of computing system requests across tenants of at least one multi-tenant database system. Authentication is facilitated using a central registry that is accessible by and independent from the tenants of the multi-tenant database system.

Abstract: A method of operating at least one node in a communication network that uses a shared communication medium has been developed. The method includes adjusting, with a controller in a first node, a resistance of a first potentiometer in the first node to a first resistance level that the controller in the first node determines randomly, the first potentiometer in the first node being connected to an output of a transceiver in the first node and to a shared communication medium, and transmitting, with the transceiver in the first node, a first data bit through the output that is connected to the shared communication medium with the first potentiometer producing the first resistance level.

Abstract: A communication system includes a first electronic control unit configured to determine whether a reception message received from a communication bus corresponds to a communication message determined in advance to be transmitted to the communication bus by the first electronic control unit, determine whether the communication message is transmitted from the first electronic control unit to the communication bus, and output a notification signal that is a signal for causing the communication message that a second electronic control unit acquires from the communication bus to be deleted from the second electronic control unit when the first electronic control unit determines that the reception message corresponds to the communication message and determines that the communication message is not transmitted from the first electronic control unit to the communication bus.