Abstract: Techniques are provided for assisting owners to recover missing devices. The missing device automatically performs certain actions proactively in response to detecting conditions that indicate that the device has been lost or stolen. Conditions that indicate the device has been lost or stolen (“triggering conditions”) may include that a password failure has occurred more than a predetermined number of times. Any number and type of recovery-assisting actions may be taken, in response to triggering conditions, to assist owners in recovering a missing device. For example, a device may generate a record that indicates the current location of the device, and synchronize the record with an online service or some other device. The generation and synchronization of such records may be repeated on a periodic basis until either (a) the device becomes disabled, or (b) a user enters an appropriate password.

Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.

Abstract: Mobile device data encryption is disclosed. A file is divided into a plurality of data blocks. The data blocks are encrypted. An authentication value is generated for each encrypted data block. The encrypted data blocks are stored in a tree data structure including the encrypted data blocks and a header block. The header block includes a set of authentication values and an aggregate authentication value. Each authentication value in the set of authentication values is derived from one or more of the encrypted data blocks. The aggregate authentication value is generated based at least in part on the set of authentication values. In various embodiments, the tree data structure may include one or more levels of internal nodes including authentication blocks.

Abstract: Disclosed are systems, apparatus, and methods for integrating an information feed. In various implementations, an identity of a user may be determined based on authentication information, where the authentication information identifies a user profile. In some implementations, profile information is identified based on the determined identity, where the profile information identifies one or more entities tracked using one or more information feeds associated with the user profile, and where the one or more information feeds comprises one or more feed items stored in a database system. In various implementations, the identified profile information is associated with a user account provided by a network communications application.

Abstract: A method for connecting to a trust broker system is disclosed. The electronic device stores encrypted identifying information for a plurality of client systems authorized to interact with the server system, wherein the encrypted identifying information is changed per client system per session. The electronic device creates a plurality of virtual domains; each virtual domain representing a set of services and information distinct from the other virtual domains. The electronic device stores permissions associated with each respective client system in the plurality of client system. The electronic device receives a request from a first client system, including encrypted identifying information associated with the first client system, for information associated with a first virtual domain and then retrieves stored permissions of the first client system based on the encrypted identifying information.

Abstract: This disclosure provides an architecture for sharing information between network security administrators. Events converted to a normalized data format (CCF) are stored in a manner that can be queried by a third party (e.g., an administrator of another, trusted network). Optionally made available as a service, stored event records can be sanitized for third party queries (e.g., by clients of a service maintaining such a repository). In one embodiment, each contributing network encrypts or signs its (sanitized) records using a symmetric key architecture, the key being unique to the contributing network. This key is used (e.g., by the repository) to index a set of permissions or conditions of the contributing network in servicing any query, e.g., by matching a stored hash of the event record or by decrypting the record. The information sharing service can optionally be provided by a hosted information security service or on a peer-to-peer basis.

Abstract: Exemplary methods, apparatuses, and systems receive a first plurality of actions from a first entity with respect to a first plurality of objects. A global object related to each of the first plurality of objects is determined and a representation of the global object is displayed in association with a representation of the first entity. Additionally, in response to receiving user feedback on the representation of the global object displayed in association with the representation of the first entity, an instance of the global object that is unique to the first entity is created. The displayed representation of the global object is converted into a representation of the instance of the global object that is unique to the first entity.

Abstract: A system receives a request to filter access by a client device to content over a network and causes access to network content by said client device to be filtered.

Abstract: An authentication token configured to generate authentication information comprises an attestation module. The attestation module of the authentication token is configured to receive an attestation generated by an attestation module of a client, to perform a check on the received attestation, and to release the authentication information to a designated entity if the check indicates that the attestation is valid. The designated entity may comprise the client itself or another entity that participates in an authentication process involving at least one of the authentication token and the client. The authentication token in performing the check on the attestation received from the client may determine if the received attestation conforms to a predetermined policy. The attestation may comprise a platform attestation generated by the client for a given instantiated software stack of the client.

Abstract: The invention relates to information processing field, and discloses a method for protecting sensitive information, comprising: receiving first information transmitted by an untrusted device, where the first information enables the sensitive information to be transmitted from a trusted device to a server; receiving the sensitive information input by a user; generating second information based on the first information and the sensitive information; encrypting at least the sensitive information in the second information with a first secret key, wherein the first secret key meets one of the following: the untrusted device does not know the first secret key; and the untrusted device knows the first secret key but is unable use the first secret key to decrypt the encrypted sensitive information; and transmitting the second information containing the encrypted sensitive information to the untrusted device for forwarding to the server indicated by the first information.

Abstract: A method for securing communication over a network is disclosed. A trust broker system receives a request to connect to applications and resources from a client system. The trust broker system determines whether the client system is authorized to connect to the requested applications and resources. In response to determining the client system has authorization to connect to the requested applications and resources, the trust broker system determines, from a plurality of potential proxy servers, a proxy server associated with the requested server system and transmits an identification value for the client system to the requested server system. The trust broker system then transmits the identification value to the client system and transmits contact information for the determined proxy server to the client system, wherein all communication between the client system and the requested server system passes through the proxy server.

Abstract: In one example, a method includes receiving, by a controller device from a master device operably connected to the controller device, a memory access request configured to request access to computer-readable memory of the controller device. The method further includes sampling, by the controller device, time-varying data received from a controlled device operably connected to the controller device, and generating, by the controller device in response to receiving the memory access request, an access key using the sampled time-varying data received from the controlled device. The method further includes transmitting, by the controller device, the generated access key to the master device, and enabling, by the controller device, access to the computer-readable memory of the controller device in response to data write commands received from the master device that include an access code based on the access key.

Abstract: A method for identifying an imposter account in a social network includes a monitoring engine to monitor user accounts of a social network, an identifying engine to identify attributes associated with each of the user accounts of the social network, a matching engine to match the attributes associated with each of the user accounts of the social network, a determining engine to determine when one of the user accounts is an imposter account associated with identity theft of a victim account, a calculating engine to calculate a threshold, and an executing engine to execute an action against the identity theft of the victim account by the imposter account.

Abstract: A system for identifying an imposter account in a social network includes a monitoring engine to monitor user accounts of a social network, an identifying engine to identify attributes associated with each of the user accounts of the social network, a matching engine to match the attributes associated with each of the user accounts of the social network, a determining engine to determine when one of the user accounts is an imposter account associated with identity theft of a victim account, a calculating engine to calculate a threshold, and an executing engine to execute an action against the identity theft of the victim account by the imposter account.

Abstract: A method and apparatus is provided for the virtualization of cryptographic resources which enables memory speed encryption and decryption that is not bound by the speed at which processor resources can compute the result of a symmetric-key algorithm. This is achieved through a time-memory tradeoff via empty space at provisioning time. When implementing the apparatus, un-initialized memory is filled with the output of a symmetric-key algorithm uniquely keyed for the specific set of data that is going to be written to the provisioned area. Since the provisioning operation stores cryptographically structured data, rather than redundant data, plaintext that is xor'ed into memory is automatically encrypted and ciphertext that xor'ed into memory is automatically decrypted without the need for additional cryptographic computation. This reduced computation requirement enables cryptographic function to be implemented at the ends of communication, rather than the middle, and treated as a virtualized resource.

Abstract: A computer network security management system is provided, in which a corporate computer network can be substantially separated from an external network because the external exposure of the corporate computer network is minimized, and a possibility that a hacker may get into a relay server or a central server can be fundamentally cut off. The computer network security management system is expected to further enhance the security level of a corporate computer network.

Abstract: A method and apparatus for detecting cyber attacks on remotely-operable elements of an alternating current distribution grid. Two state estimates of the distribution grid are prepared, one of which uses micro-synchrophasors. A difference between the two state estimates indicates a possible cyber attack.

Abstract: A system and method for analyzing mobile cyber incidents that checks whether codes attacking the weaknesses of mobile users are inserted into collected URLs and whether applications are downloaded and automatically executed, without the agreement of users, so that if the mobile cyber incidents are analyzed through the manual analysis of a manager, the applications to be analyzed manually can be reduced.

Abstract: A system and method for authenticating user requests issued from embedded applets running on web-accessible user devices. The server system generates authentication tokens associated with user credentials, in response to user requests for HTML pages that include the embedded applets. The server system stores the authentication tokens on the server system, and includes the authentication tokens in URLs within applet tags in the HTML pages returned to the user devices. When the applets download and request content from the server system, the applets supply the previously included authentication tokens in the URLs that identify the requested content. Upon finding a match between the applet-supplied authentication tokens and the stored authentication tokens, the server identifies the user as a trusted user, and responds with the requested content. This can be used to eliminate HTTP-based authentication challenges for subsequent user access.

Abstract: A cryptographic accelerator performs various modular arithmetic operations producing unreduced results bounded by the double of the modulus (i.e.: 2*M). In doing so, various processing elements of an ALU of the cryptographic accelerator can begin to process respective data word portions of a modular arithmetic operations before the entirety of one or more operands are loaded. Similarly, various processing elements may begin to store their respective data word portions of a modular arithmetic result before the entirety of the result is calculated.