Abstract: A technique for the secure exchange and verification of data between multiple entities that use compatible business management systems utilizes serializable data transfer objects to transfer business data over a secure communication path. A conversion algorithm transforms a subset of the business data contained within the transfer objects, and the resulting data string is compared to data strings from other objects that are related to the transaction and which were transformed by the same conversion algorithm. If the data strings are not identical, a discrepancy exists. Serializable objects link all data objects relating to a given business transaction. An interface allows users to view and manage data contained in data objects, including discrepancies between compared objects.

Abstract: A computing device has first and second operating systems with access to first and second memories, respectively. The second memory is provided for secure computing resources and is not accessible by applications in the first operating system. A software module executable within the first operating system receives requests for secure computing resources, adds access credentials and passes the requests to a software module in the second operating system.

Abstract: A system and method provide efficient, secure, and highly reliable authentication for transaction processing and/or access control applications. A personal digital key (PDK) is programmed using a trusted programming device to initialize and/or register the PDK for use. In one embodiment, the initialization and registration processes are administered by a specialized trusted Notary to ensure the processes follow defined security procedures. In a biometric initialization, the programming device acquires a biometric input from a user and writes the biometric data to a tamperproof memory in the PDK. In registration, the Programmer communicates to one or more remote registries to create or update entries associated with the user PDK. Once initialized and registered, the PDK can be used for various levels of secure authentication processes.

Abstract: System and methods are provided for implementing an intrusion prevention system in which data collected at one or more remote computing assets is analyzed against a plurality of workflow templates. Each template corresponding to a different threat vector and comprises: (i) a trigger definition, (ii) an authorization token, and (iii) an enumerated countermeasure responsive to the corresponding threat vector. When a match between the data collected at the one or more remote computing assets and a trigger definition of a corresponding workflow template is identified, an active threat is deemed to be identified. When this occurs the authorization token of the corresponding workflow template is enacted by obtaining authorization from at least two authorization contacts across established trust channels for the at least two authorization contacts. Responsive to obtaining this authorization, the enumerated countermeasure of the corresponding workflow template is executed.

Abstract: Provided is a method of processing content based on bio-signals, the method includes: acquiring bio-signals of a user; determining a parameter for altering the characteristics of content or determining a type of content to be output, based on the acquired bio-signals; processing the content or determining the type of content to be output, based on the determined parameter; and outputting the processed content or the determined type of content.

Abstract: Embodiments of the present invention provide a system for authenticating records belonging to an individual or entity and providing authorized access of the records to service providers. Embodiments of the invention utilize a private blockchain to store various types of records to be conveyed to the service providers. In this way, the individual or entity may securely store on the blockchain all records relevant to service providers, then provide the service providers with secured access to the records such that the providers may access only the specific records for which they are authorized, e.g. a healthcare provider may access only the healthcare records on the blockchain.

Abstract: A system for detecting computer security threats includes a machine learning model that has been trained using sequence codes generated from malware process chains that describe malware behavior. An endpoint computer monitors the behavior of a process and constructs a target process chain that describes the monitored behavior. The target process chain includes objects that are linked by computer operations of the monitored behavior. The target process chain is converted to a sequence code that is input to the machine learning model for classification. A response action is performed against one or more objects identified in the target process chain when the machine learning model deems the target process chain as describing malware behavior.

Abstract: Communication in industrial control is restricted (42). Virtual private network functionality is integrated (32) within a programmable logic controller (20) of an industrial control network so that physical access to network interface (16) is insufficient to access information. The programmable logic controller (20) only accepts commands or messages provided through the virtual private network interface (21, 23, 25, 27, 29, 31) and does not accept (42) messages routed directly to the programmable logic controller (20) itself, preventing security breaches in communications.

Abstract: Usage patterns of an authentic user of a mobile device are generated from data collected representing usage by the authentic user. These usage patterns may then be compared to monitored usage of the mobile device. If usage of the mobile device exceeds a threshold based on one or more of the usage patterns, access to data on the mobile device can be prevented.

Abstract: A terminal apparatus and a control method are disclosed. The terminal apparatus comprises: an input part for receiving a fingerprint; a control part for performing an authentication procedure with respect to the input fingerprint; and a display part for outputting a notification message if fingerprint authentication with respect to the input fingerprint is completed, wherein the control part sets a fingerprint authentication cancellation mode if contact of the fingerprint lasts for a first predetermined time or more after the fingerprint authentication was completed and can cancel authentication of the fingerprint if a predetermined condition is met.

Abstract: The disclosed computer-implemented method for categorizing security incidents may include (i) generating, within a training dataset, a feature vector for each of a group of security incidents, the feature vector including features that describe the security incidents and the features including categories that were previously assigned to the security incidents as labels to describe the security incidents, (ii) training a supervised machine learning function on the training dataset such that the supervised machine learning function learns how to predict an assignment of future categories to future security incidents, (iii) assigning a category to a new security incident by applying the supervised machine learning function to a new feature vector that describes the new security incident, and (iv) notifying a client of the new security incident and the category assigned to the new security incident. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for DRAM protection comprises allocating address spaces respectively for a first and second common region, a first and second secure region; detecting whether common data has an address within the address spaces for the first secure region; outputting a digital signal remapping an address of the common data to the address space for the second common region if yes; detecting whether secure data has an address within the address spaces for the first common region; outputting a digital signal indicating remapping an address of the secure data to the address space for the second secure region if yes. Alternatively, the method further comprises generating a random key; an updated written data by permuting orders of bits of an original DRAM written data; generating an encrypted data by performing a function on the updated written data with the generated random key; and dynamically updating the generated random key.

Abstract: A device may receive a request for an authorization code, associated with providing content to a second device, from the second device. The device may provide the authorization code to the second device. The device may receive, from a third device, a request for a unique device identifier corresponding to the authorization code. The request for the unique device identifier may include the authorization code. The unique identifier may be associated with a subscriber of a network. The subscriber may be associated with the second device. The device may provide the unique device identifier to the third device. The third device may be associated with providing the content to the second device. The content may be targeted to the subscriber based on the unique device identifier.

Abstract: Customers of a computing resource service provider may operate one or more computing resources, provided by the computing resource service provider, within a virtual network. The customers may request network scans of the computing resources with the virtual network. Scanning packets may be generated and encapsulated to ensure delivery to an appropriate destination within the virtual network. The information in the scanning packet may appear to be generated by a source within the virtual network.

Abstract: A method and apparatus for facilitating WLAN access, both trusted and un-trusted, to a mobile core network. A device identity attribute is created and incorporated into the authentication and response messaging to enable the device identity to be promulgated in the communication network.

Abstract: A domain-specific hardwired symbolic communications machine is described that processes information via the hardwired mapping of symbols from one or more domains onto other such domains, computing and communicating with improved security and reduced power consumption because it has no CPU, no Random Access Memory (RAM), no instruction registers, no Instruction Set Architecture (ISA), no operating system (OS) and no applications programming. The machine provides web services by recognizing valid requests based on the processing of symbols and the validating of those symbols according to various domains. In some embodiments the requests may conform or be related to, for example, Long Term Evolution (LTE), Hypertext Transfer Protocol (HTTP), or fourth generation (4G) wireless technology. Further, in some embodiments, the machine has no unconstrained RAM into which malware may insert itself and needs no anti-virus software.

Abstract: An access control device for controlling an access by a communication terminal to an application includes an authentication method management means configured to manage each of the application in association with authentication information, which indicates an effective authentication method effective for authenticating an access request source of an access request to access the application, an authenticating means configured to authenticate the access request source using a usable authentication method, which can be used in the communication terminal, based on the access request, an access request receiving means configured to receive the access request to access an intended application from the communication terminal, and an access control means configured to control the communication terminal so that the communication terminal does not access the intended application in a case where the authentication method management means does not manage the authentication information, which indicates the authentication

Abstract: The invention relates to a method for securing an electronic device (SC) against attacks via covert channels when the electronic device (SC) implements a Montgomery ladder for calculating the element A?A?. . . ?A where A appears k times. A designates an element of an Abelian group with a law ?, and k is a natural number. The method comprises a modified implementation of the Montgomery ladder. The invention also relates to a device (SC), a computer program and a storage medium arranged so as to implement such a method.

Abstract: A user authentication tool continuously authenticates the user of a computing device during an electronic communication session. A trusted user profile includes keypad pressure applied by the trusted user when depressing characters on a virtual keypad displayed on the computing device touch screen. Keypad pressure applied by the current user of the computing device is continually monitored during the current electronic communication session. The monitored keypad pressure applied by the current user is compared to the keypad pressure in the trusted user profile. A confidence score is generated based upon the compared keypad pressures of the current user and the trusted user, the confidence score being indicative of the likelihood that the current user is the trusted user of the computing device. The computing device is automatically required to re-authenticate the current user as the trusted user if the generated confidence score is below a predefined minimum confidence threshold.

Abstract: A request including a user identifier is received from a third party to authenticate an access attempt by a person. The input of the user identifier is not accompanied by a password. A listing of associated mobile devices is transmitted to the third party. The person selects a mobile device to which an authentication notification should be sent. The notification is pushed to the mobile device. A user of the device views the notification and verifies whether the access should be allowed or denied. If access should be allowed, a first one-time password (OTP) is generated and transmitted to an authentication server. The server generates a second OTP. If the second OTP matches the first OTP, the server notifies the third party that access should be permitted. If the second OTP does not match the first OTP, the server notifies the third party that access should be blocked.