Abstract: A method for implementing a communication between at least two control units, and a control unit interconnection for implementing the method are provided. An electronic hardware security module is provided in each control unit, the communication taking place via an additional communications link.

Abstract: A first set of posts associated with a verified entity can be identified. A second set of posts associated with the verified entity and with one or more particular topics can be identified. At least a first subset of the first set of posts and at least a second subset of the second set of posts can be ranked to produce a ranked set of posts that are associated, at least in part, with the verified entity. The verified entity can be provided with access to at least some posts in the ranked set of posts. Moreover, a canonical post authored by a verified entity can be identified. It can be determined that one or more subsequent posts have at least a specified threshold level of relevance with respect to the canonical post. The verified entity can be provided with access to the one or more subsequent posts.

Abstract: A method for dynamically creating network access control lists includes, by a processor receiving a request for an access control list (ACL). The method further includes, in response to receiving the request for the ACL: receiving a plurality of resource description from a first data source, receiving a policy enforcement point (PEP) graph for a network from a second data source, and using the plurality of resource descriptions and the PEP graph to generate the ACL, wherein the ACL comprises at least one policy for controlling network traffic through a PEP of the network. Each of the plurality of resource descriptions is associated with a plurality of computing devices in the network, and includes one or more of the following: information corresponding to an Internet Protocol definition of a computing device, information corresponding to desired access of the computing device, and information corresponding to permitted access of the computing device.

Abstract: A first set of posts associated with a verified entity can be identified. A second set of posts associated with the verified entity and with one or more particular topics can be identified. At least a first subset of the first set of posts and at least a second subset of the second set of posts can be ranked to produce a ranked set of posts that are associated, at least in part, with the verified entity. The verified entity can be provided with access to at least some posts in the ranked set of posts. Moreover, a canonical post authored by a verified entity can be identified. It can be determined that one or more subsequent posts have at least a specified threshold level of relevance with respect to the canonical post. The verified entity can be provided with access to the one or more subsequent posts.

Abstract: A transmitting side communication apparatus reads an image from an original, adds, in a case where an IFAX mode is selected, signature information related to a user and signature information related to the apparatus to an electronic mail, and adds, in a case where an electronic mail mode is selected, signature information related to the user to the electronic mail.

Abstract: Aspects may relate to performing an Internet Key Exchange (IKE) to create an IPsec security association (SA) between a first device and a second device based upon both an authentication header (AH) and an encapsulating security payload (ESP), free of creating a child security association. Information exchange may then be allowed between the first device and the second device based upon the IPsec SA.

Abstract: Secure information flow may include a service receiving a request for data from a caller. The service may respond to the request with the requested data via a secure flow container. The secure flow container may then send the information to the caller component. Before the secure flow container receives or sends the information, a monitoring environment may permit the secure flow container to receive or send the information, respectively.

Abstract: A data transcoding device includes a memory device for storing clear data containing private information and a processor configured as a data transcoder. The processor is configured to create packets of the clear data, prepare the packets for transcoding the clear data into an indecipherable multimedia data file appearing as noise, by determining properties of the indecipherable multimedia file based on parameters of the clear data. The processor is configured to generate the indecipherable multimedia file by transcoding the clear data based on the determined properties.

Abstract: A method and system for deploying applications. The method includes deploying an application image of an application to a computing device, where the application is accessible using a first uniform resource locator (URL). The method also includes sending an application creation message to an authoritative domain name system (DNS) server to create a record mapping the first URL to a second URL. The first URL is in a first domain and the second URL is in a second domain. The method further includes providing, to the computing device, a digital certificate associated with the application. The method further includes generating certificate data using the digital certificate and sending, to a remote application server, the second URL and certificate data. A client software module may establish a connection to the application on the computing device using the second URL and the certificate data.

Abstract: Methods and systems according to the present disclosure improve upon known biometric security systems by not permanently storing (e.g., for later comparison as in known systems) the actual image of the biometric characteristic. Instead, an image of a biometric identifier (e.g., retina, fingerprint, etc.) may be used to form a key which may be used to secure and provide access to data. The key may be formed, in embodiments, using a neural network and/or a random input (e.g., a vector of random characters), for example. The image of the biometric identifier may be discarded, and thus may not be vulnerable to theft. In an embodiment, the key may be used in a key-based encryption system.

Abstract: Techniques are provided for assisting owners to recover missing devices. The missing device automatically performs certain actions proactively in response to detecting conditions that indicate that the device has been lost or stolen. Conditions that indicate the device has been lost or stolen (“triggering conditions”) may include that a password failure has occurred more than a predetermined number of times. Any number and type of recovery-assisting actions may be taken, in response to triggering conditions, to assist owners in recovering a missing device. For example, a device may generate a record that indicates the current location of the device, and synchronize the record with an online service or some other device. The generation and synchronization of such records may be repeated on a periodic basis until either (a) the device becomes disabled, or (b) a user enters an appropriate password.

Abstract: A new approach is proposed that contemplates systems and methods to support file synchronization between a local host and a cloud storage via one or more local content appliances (CAs), wherein each content appliance is a storage device/host configured to locally maintain documents and files previously downloaded from the cloud storage. First, a client agent at the local host discovers and connects to the CA that manage its files locally. To access a file/document that is not cached on its local host, the client agent requests and receives the file from the CA instead of downloading it directly from the cloud storage. When parts of the file are updated locally by the client, the client agent is configured to transmit the updated file to the CA, wherein the updated file is considered as having been fully committed from the client's perspective. The CA then synchronizes with and uploads the revised file to the cloud storage and/or other CAs in the background.

Abstract: A system for identifying an imposter account in a social network includes a monitoring engine to monitor user accounts of a social network, an identifying engine to identify attributes associated with each of the user accounts of the social network, a matching engine to match the attributes associated with each of the user accounts of the social network, a determining engine to determine when one of the user accounts is an imposter account associated with identity theft of a victim account, a calculating engine to calculate a threshold, and an executing engine to execute an action against the identity theft of the victim account by the imposter account.

Abstract: A method for identifying an imposter account in a social network includes a monitoring engine to monitor user accounts of a social network, an identifying engine to identify attributes associated with each of the user accounts of the social network, a matching engine to match the attributes associated with each of the user accounts of the social network, a determining engine to determine when one of the user accounts is an imposter account associated with identity theft of a victim account, a calculating engine to calculate a threshold, and an executing engine to execute an action against the identity theft of the victim account by the imposter account.

Abstract: A computing device determines a unique identifier associated with a device comprising an embedded system. The computing device sends the unique identifier to a wide area network (WAN) accessible service and receives an encrypted digital image comprising a firmware update for the device comprising the embedded system from the WAN accessible service. The computing device stores the encrypted digital image in a storage area of the computing device and initiates an over the air update of firmware of the device comprising the embedded system using the encrypted digital image.

Abstract: A method may include receiving, by a hardware token from a client device, a chain of certificates including a server certificate and a first root certificate authority (CA) certificate. The method may further include determining, by the hardware token, to offload validation of one or more certificates in the chain of certificates to the client device, and verifying, by a cryptography application running in a memory of the hardware token, using a trusted root CA certificate stored in the hardware token, each certificate in the chain of certificates. The method may further include authenticating, by the hardware token and based on the verification, a public key of a server certificate, encrypting, by the cryptography application, a secret message using the authenticated public key of the server certificate to obtain an encrypted secret message, and sending, by the hardware token, the encrypted secret message to the client device.

Abstract: The disclosed computer-implemented method for encrypting files may include (i) detecting an event within a network that triggers an encryption of a file on the network, (ii) performing, in response to detecting the event, both encrypting the file to a file encryption key and encrypting the file encryption key to a public key of a source of the file, (iii) receiving, from a client, a file access request that includes the encrypted file encryption key, and (iv) transmitting, in response to determining that the client is authorized to access the file, a re-encrypted file encryption key to the client to enable the client to access the file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An access management system is disclosed that can employ multi-factor authentication (MFA) using multiple types of authentication. In at least one embodiment, techniques may include implementing multi-factor authentication (MFA) including knowledge-based authentication (KBA). MFA may be based on multiple factors, such as “what you know” (e.g., a password or an answer to a question known by a user) and “what you have” (e.g., a trusted device registered for a user). In at least one embodiment, multiple devices (e.g., a desktop computer and a mobile device) may be utilized to provide for stronger authentication using a combination of what a user has. The combination of MFA based on what you know (e.g., KBA) and what you have (e.g., a trusted device) may further ensure authentication is not compromised. The techniques disclosed herein may provide for a stronger form of authentication to reduce, if not eliminate, possible vulnerabilities for access management.

Abstract: A cloud access control server and method provides a cloud service access control database to implement cloud services access control policy. The cloud service access control database stores thereon cloud service identifiers associated with cloud service providers having high risk scores. In some embodiments, the cloud service identifiers form a block list of cloud services which is provided to network device of the enterprise data network to implement cloud service access control. In other embodiments, a cloud access control server and method implements cloud services access control policy for an enterprise. The cloud access control server and method receives network traffic data from the installed firewall or proxy at the enterprise and process the network traffic data with respect to cloud service access. The cloud access control server provides instructions to the firewall or proxy to allow or deny the network access at the enterprise.

Abstract: Systems and methods for detecting anomalies in network traffic and providing notification to the users of the computers that generated the network traffic for confirmation of the activities that resulted in the network traffic are described herein. According to particular embodiments, the system is configured to collect data regarding network activity (e.g., via sensors), generate inquiries to users regarding that activity, receive the user's response to those inquiries, and provide the user's response along with the network activity to a security analyst.