Abstract: A method and a corresponding device for authenticating a user for access to protected information, the method comprising generating a behavioral user profile associated with a first user known to be a legitimate user of the protected information, obtaining from a second user, using a behavioral input device associated with a second computing device, a behavioral user sample, storing the behavioral user sample, associated with the second user, in a temporary user profile, comparing the behavioral user sample of the second user to the behavioral user profile, and if the behavioral user sample does not match the behavioral user profile contacting the legitimate first user and receiving from the legitimate first user information regarding the legitimacy of the second user and based on the information received from the first user, providing a response to the second user and updating the user profile.

Abstract: A first device implements an application platform that is shared with a second device. The application platform can be implemented so that the first device and the second device operate to have a same identity to at least the network service. The first device provides a user interface in order to receive input for accessing or using the network service. Additionally, the first device communicates input received in response to providing the user interface to the network service. The first device can receive a token from the network service in response to communicating the input. Additionally, the first device can communicate a set of data items to the second device. The set of data items includes the token and one or more identifiers that enable the second device to access and use the network service while appearing as the first device to the network service.

Abstract: Various embodiments relate to a method of generating tokens for use in modular exponentiation and a related device and non-transitory machine readable storage medium, including: generating a public token, ?, based on an identifier associated with another device; generating a private token, L, as a modular exponentiation of the public token, ?, using a private exponent, d, and modulus, N, from a cryptographic key; and communicating the private token, L, to the other device.

Abstract: An approach is provided for determining a likelihood of an attack on a first computer system of a first business. Characteristics are determined for target businesses having target computer systems currently or recently under attack by an entity whose Internet Protocol (IP) address was selected from a list of suspicious IP addresses. Percentages associated with the characteristics are determined. Each percentage indicates a percentage of the target businesses whose associated characteristic matches a corresponding characteristic of the first business. A score is incremented by an amount for each of the percentages that exceeds an associated threshold. The score is incremented by twice the amount if the IP address matches an address of a source or destination of traffic through a security device in the first computer system. A recommendation to change a security policy for the first computer system is generated if the score exceeds twice the predetermined amount.

Abstract: Aspects of the present disclosure pertain to system and method of securing mobile devices using virtual certificates at a computer processor. A method may include receiving a request for access to a computer network associated with a computing device to an application associated with a network connected server processor; electronically receiving, at the server processor, a first security key fragment from the computing device; the first security key fragment being paired with a verifier key fragment unknown to the computing device; generating a conditional seed key fragment at the server processor associated with the verifier key fragment; comparing a first hash parameter to a second hash parameter at the server processor; transmitting, at the server processor, a session security key for enabling network access to the application associated with the server processor.

Abstract: An approach is provided for determining a likelihood of an attack on a first computer system of a first business. Characteristics of the first business and a second business are determined. The second business has a second computer system currently or recently under attack. The characteristics include respective industries, sizes, geographical locations, types of sensitive data, and security vulnerabilities associated with the first and second businesses or first and second computer systems, an address of traffic through a device in the first computer system, and an address of an entity responsible for the attack on the second computer system. Based on a similarity between the characteristics of the first and second businesses, a likelihood that the entity responsible for the attack on the second computer system will attack the first computer system of the first business is determined.

Abstract: A system for securely sharing data and conducting transactions in an electronic environment. The system may include a personal information device having a processor, memory and biometric sensor. Personal data is stored in the memory of the personal information device. The personal information device may be registered with a centralized system. Data stored on the personal information device may be uploaded to an access device upon verification of a user's identity using a biometric recognition technique.

Abstract: The subject disclosure is directed towards encryption and deduplication integration between computing devices and a network resource. Files are partitioned into data blocks and deduplicated via removal of duplicate data blocks. Using multiple cryptographic keys, each data block is encrypted and stored at the network resource but can only be decrypted by an authorized user, such as domain entity having an appropriate deduplication domain-based cryptographic key. Another cryptographic key referred to as a content-derived cryptographic key ensures that duplicate data blocks encrypt to substantially equivalent encrypted data.

Abstract: A software sample is identified that includes code and a control flow graph is generated for each of a plurality of functions included in the sample. Features are identified in each of the functions that correspond to instances of a set of control flow fragment types. A feature set is generated for the sample from the identified features.

Abstract: A computer network security management system is provided, in which a corporate computer network can be substantially separated from an external network because the external exposure of the corporate computer network is minimized, and a possibility that a hacker may get into a relay server or a central server can be fundamentally cut off. The computer network security management system is expected to further enhance the security level of a corporate computer network.

Abstract: Techniques for determining which resource access requests are handled locally at a remote computer, and which resource access requests are routed or “redirected” through a virtual private network. One or more routing or “redirection” rules are downloaded from a redirection rule server to a remote computer. When the node of the virtual private network running on the remote computer receives a resource access request, it compares the identified resource with the rules. Based upon how the identified resource matches one or more rules, the node will determine whether the resource access request is redirected through the virtual private network or handled locally (e.g., retrieved locally from another network). A single set of redirection rules can be distributed to and employed by a variety of different virtual private network communication techniques.

Abstract: The present disclosure relates to a method and system for securing a performance state change of one or more processors. A disclosed method includes intercepting a request for a change of a performance state of the processor and determining whether to execute the request based on a security condition of the processor. The performance state of the processor includes at least one of an operating voltage and an operating frequency. A disclosed system includes an operating system module operative to transmit a request for a performance state change of at least one processing core. The system includes performance state control logic in communication with the operating system module and operative to receive the request and to change the performance state of the at least one processing core based on the request.

Abstract: Techniques for sharing of items from online storage (e.g., cloud storage) are described herein. In at least some embodiments, sharing links can be configured as one-time sharing links that provide recipients with limited, one-time access to a shared item for the purpose of selecting or registering an account to use for subsequent access to the item. Recipients are able to select accounts they find most convenient for accessing a shared item without the owner/sharer of the item necessarily having contact information for those accounts or sending a link to the accounts. Selection of a one-time link initiates an authentication sequence that selectively provides an option to select a particular account. Once the one-time sharing link is redeemed, the one-time sharing link is invalidated for subsequent access to the item.

Abstract: There is provided an inter-bus communication interface device capable of efficiently performing transfer of data between a plurality of devices connected to different buses, respectively. When communication data is transmitted, a first device writes the communication data into a buffer, whereas when communication control information is transmitted, the first device writes the communication control information into a register. A control circuit passes the communication data stored in the buffer to a second device, and passes the communication control information stored in the register to a second device.

Abstract: A system and a method for single-sign-on (SSO) in a virtual desktop infrastructure (VDI) environment are disclosed. The system includes a VDI service server configured to provide a virtual desktop environment to a user terminal according to a request from the user terminal, and a VDI authentication interworking gateway configured to receive VDI environment information of the user terminal from the VDI service server and carry out delegated user authentication for a target system in the virtual desktop environment using the VDI environment information.

Abstract: Disclosed is an apparatus and method to determine usage rules for video content by buffer tracking. A computing device may include a secure processor configured to: store digital rights management (DRM) rules associated with a DRM key and usage rules for a session; command a cryptoprocessor to decrypt video content with the DRM key and to log an output buffer designation of the command to decrypt the video content. The secure processor may command a buffer tracking table to store the output buffer designation of the cryptoprocessor of the command to decrypt and the associated usage rules and a plurality of input and output buffer designations from a plurality of video content drivers, such that, based upon a buffer designation from an output driver to display video content received by the secure processor, the secure processor may determine usage rules to be applied to the decrypted video content for display.

Abstract: A method performed at an electronic device with one or more processors and memory includes obtaining a public record including a plurality of commit nodes, where a respective commit node of the plurality of commit nodes includes: (i) a set of blobs corresponding to a collection of data; (ii) at least one cryptographic hash of one of the set of blobs; and (iii) at least one additional cryptographic hash of a parent node. The method includes: caching the public record; and obtaining, at a time after the obtaining, information corresponding to a new commit node, where the new commit node: includes a cryptographic hash of a parent node; and is associated with an updated collection of data. The method includes validating the new commit node; and in accordance with a determination that the new commit node is valid, updates the cached public record to include the new commit node.

Abstract: Exemplary methods, apparatuses, and systems receive a first plurality of actions from a first entity with respect to a first plurality of objects. A global object related to each of the first plurality of objects is determined and a representation of the global object is displayed in association with a representation of the first entity. Additionally, in response to receiving user feedback on the representation of the global object displayed in association with the representation of the first entity, an instance of the global object that is unique to the first entity is created. The displayed representation of the global object is converted into a representation of the instance of the global object that is unique to the first entity.

Abstract: Methods, systems, and computer-readable storage media for selecting columns for selecting encryption to perform an operator during execution of a database query. Implementations include actions of determining a current encryption type of a column that is to be acted on during execution of the database query, the column storing encrypted data, determining a minimum encryption type for performance of the operator on the column, selecting a selected encryption type based on the current encryption type, the minimum encryption type, and a budget associated with the column, and performing the operator based on the selected encryption type.

Abstract: A method for implementing a privacy policy includes receiving code for an application which includes definitions for a set of classes of records and for each of the record classes in the set, a definition of at least one field. A user selects one or more of the record classes and fields of the application as sensitive. A records manager is generated for identifying an associated minimization service for generating a minimized value of data in the sensitive field. A mapping aspect identifies joins in the application code where the minimization service is to be called. When the records manager and mapping aspect are deployed with the application, the minimization service generates a minimized value of data in the respective sensitive field.