Abstract: The present disclosure discloses an encryption method and an encryption apparatus. The encryption method comprises: generating an AES initial key by using an SAES encryption algorithm, and expanding the AES initial key to obtain an AES encryption key; and encrypting information to be encrypted by using the AES encryption key according to an AES encryption algorithm to generate encrypted data. As such, the AES encryption key is encrypted by introducing the SAES algorithm, which increases the difficulty in cracking the AES encryption key. An attacker may crack the AES by firstly cracking the AES encryption key, which increases the overall difficulty in cracking the AES encrypted data. Further, the SAES encryption algorithm and the AES encryption algorithm are implemented by means of an ASIC integrated in an encryption chip.

Abstract: A computer implemented method for use of encrypted identity on a QR code encoded onto a permanent medium. The system includes mechanism to generate the encrypted identity into a QR code. Also, at patient authentication, the encrypted identity in QR code is read through a custom application. The custom application decrypts the double encrypted global ID using the application encryption key. The server decrypts the application decrypted ID using the server key and date of the encryption. The decrypted global ID is then used to match with the patient information.

Abstract: Systems, methods, and other embodiments associated with placing a workload on one of a plurality of hosts are described. In one embodiment, a method includes analyzing hosts to identify a first host and a second host determined to meet resource requirements of the workload. The example method may also include analyzing the first host to calculate a first threat score, and analyzing the second host to calculate a second threat score. The example method may also include selecting a host with a lowest threat score and placing the workload on the selected host. The example method may also include reanalyzing the selected host to calculate an updated threat score. The example method may also include in response to determining that the updated threat score exceeds a threshold threat score, moving the workload to a third host.

Abstract: Systems and methods may provide for identifying a runtime behavioral pattern of an application and detecting an anomaly in the runtime behavioral pattern. In addition, a security event may be triggered in response to the anomaly. In one example, the anomaly is detected with regard to one or more of a library call count, a library call type, a library call argument configuration or a library call timing associated with a runtime operation of the application.

Abstract: Example embodiments relate to instantiating containers. For example, in an embodiment, integrity of a container image may be verified by executing a verification program using verification information associated with the container image. Provenance of the container image may be verified by checking a log associated with the container image. A container may be instantiated from the container image by loading a file system associated with the container image. The file system associated with the container image may be isolated from the verification information and the log.

Abstract: A self-authenticating chip includes first and second memory regions storing, respectively, first and second authentication codes. The second memory region is adapted to be unreadable and unmodifiable by the chip or a chip reader. The chip also includes a comparator for providing an indicator of whether given input matches the second authentication code. The chip also includes an authentication circuit that is operable to read the first authentication code from the first memory region, present the first authentication code to the comparator, and in response to receiving an indicator from the comparator indicating that the first and second authentication codes match, unlock at least one of (i) a communication interface of the chip to allow data to be transmitted therethrough to a chip reader and (ii) a third memory region of the chip to allow data to be read therefrom.

Abstract: The disclosed computer-implemented method for detecting malware may include (1) identifying a plurality of programs represented in machine code, (2) deriving a plurality of opcode n-grams from opcode sequences within the plurality of programs, (3) training an autoencoder by using the plurality of opcode n-grams as input, (4) discovering a set of features within the autoencoder after training the autoencoder, each feature within the set of features comprising a linear combination of opcode n-grams from the plurality of opcode n-grams, and (5) classifying a potentially malicious program as malicious by using the set of features discovered within the autoencoder to analyze the potentially malicious program. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to monitor activities of objects in a system, compare the monitored activities to metadata for the system, and identify low prevalence outliers to detect potentially malicious activity. The monitored activities can include an analysis of metadata of the objects in the system to identify polymorphic threats, an object reuse analysis of the system to detect an object reusing metadata from another object, and a filename analysis of the system.

Abstract: Systems and methods are provided for protecting identity in an authenticated data transmission. For example, a contactless transaction between a portable user device and an access device may be conducted without exposing the portable user device's public key in cleartext. In one embodiment, an access device may send an access device public key to a portable user device. The user device may return a blinded user device public key and encrypted user device data. The access device may determine a shared secret using the blinded user device public key and an access device private key. The access device may then decrypt the encrypted user device data using the shared secret.

Abstract: In a system for configuring a web application firewall, one or more parameters of the firewall are adjusted such that a test configured for exposing a vulnerability of an application protected by the application firewall is blocked by the firewall and another test configured to invoke functionality of the application but that does not expose or exploit any security vulnerability is not blocked by the firewall. A notification is provided to a user if such a firewall configuration is not found after a specified number of attempts.

Abstract: A device is provided to perform secure operations in a network that includes multiple devices. The device comprises multiple processor cores; multiple physical ports to receive packets; a system interconnect and a network security engine. The network security engine is operative to: extract a key from a packet received from a physical port among the physical ports; in response to a first determination that the key does not match a stored key in the device, block the packet from entering the system interconnect through the physical port; and in response to the first determination that the key matches the stored key and in response to a second determination that one or more identifiers extracted from the packet do not match stored information in the device, block the packet from entering an identified processor core among the processor cores that is to be accessed by the packet.

Abstract: An information processing system includes a storage unit that stores, with respect to each application, application identification information identifying the application for executing a series of processes in cooperation with an external service and information relating to the series of processes; a receiving unit that receives from a device connected to the information processing system, a request including first authentication information acquired by the device from an authentication infrastructure, the application identification information, and information relating to electronic data designated by a user at the device; an acquisition unit that acquires second authentication information for using the external service based on the first authentication information included in the received request; and an execution unit that executes a process on the electronic data based on the information relating to the series of processes associated with the application identification information included in the received

Abstract: A mobile-based equipment service system includes a remote server, a mobile device, and at least one equipment controller. The mobile device includes a user interface, and is configured to send a user authentication message, initiated by a user via the user interface, to the remote server. The remote server is configured to verify the user via the user authentication message and once verified, send an encrypted blob to the mobile device in response to the user authentication message. At least one equipment controller is configured to receive and decrypt the encrypted blob from the mobile device.

Abstract: Embodiments may be configured to receive a protected version of content that includes multiple encrypted content samples. In various embodiments, each encrypted content sample includes multiple encrypted blocks. For a given encrypted content sample, different sets of encrypted blocks in that sample may form different encryption chains. The protected version of the content may further include decryption information for decrypting the encrypted content samples. The decryption information may include at least some initialization vectors generated dependent upon non-content information that is not included in the protected version of the content. The non-content information may be from a different protected version of the content. Embodiments may be configured to use the decryption information to decrypt one or more of the encrypted content samples.

Abstract: A method may include identifying a candidate user based on a connection to an established user of a business management application (BMA). The candidate user may have an associated user identifier. The method may further include collecting, using the user identifier, social network data of the candidate user from an online social network, identifying, using the social network data of the candidate user, application programming interfaces (APIs) for collecting public data about the candidate user, retrieving, using the user identifier and an API, public data corresponding to the candidate user, generating, using the public data corresponding to the candidate user, an account creation request including the user identifier, and transmitting the account creation request to the BMA.

Abstract: The present disclosure relates to transmitting a request for a set of data records, the request indicating encrypted data items associated with first and second interval boundaries, and selectively traversing a partially ordered set to determine an encrypted data item of the partially ordered set that is associated with an interval boundary of the first and second interval boundaries, based on no cache entries being associated with any encrypted data item associated with the interval boundary. The selectively traversing may include decrypting one or more portions of the partially ordered set, determining the encrypted data item of the partially ordered set, and transmitting a request to retrieve a data element of a linear order annotated to the encrypted data item of the partially ordered set associated with the interval boundary, to cause generation of a new cache entry including the encrypted data item and the data element.

Abstract: The present invention is a method of and a system for enabling an initiating party to capture, store, and retrieve an image of at least one acknowledging party performing an acknowledgement requested by the initiating party where the acknowledging party(s) may be remotely located from the initiating party.

Abstract: Data processing systems and methods for: (1) receiving from a first set of users, respective answers for question/answer pairings regarding a product's proposed design; (2) using the question/answer pairings to prepare an initial privacy impact assessment for the product; (3) displaying the plurality of question/answer pairings to a second set of users; (4) receiving recommended steps to be implemented, before the product's implementation date, as part of the design of the product to address any privacy-related concerns identified in the initial privacy impact assessment; and (5) after the tasks have been completed, generating a report documenting that: (a) the initial privacy assessment has been conducted for the product; (b) one or more revisions have been made to the product to facilitate the compliance of the product with the one or more privacy standards; and (c) an updated privacy assessment has been conducted for the product.

Abstract: A new paradigm for security analysis is provided by transitioning code analysis reporting from the problem space (the warnings themselves), to a solution space (potential solutions to the identified problems). Thus, instead of reporting raw findings to the user, the automated system as described here outputs proposed solutions to eliminate the defects identified in the security analysis. A consequence of this approach is that the report generated by the analysis tool is much more consumable, and thus much more actionable. Preferably, the report provides the user with one or more candidate location(s) at which to apply a fix to an identified security problem. These locations preferably are identified by processing overlapping nodes to identify one or more solution groupings that represent an API for a sanitization fix. The report also includes one or more recommendations for the fix, and preferably the report is generated on a per-vulnerability type basis.

Abstract: An integrated security system which seamlessly assimilates with current generation logical security systems. The integrated security system incorporates a security controller having standard network interface capabilities including IEEE 802.x and takes advantage of the convenience and security offered by smart cards and related devices for both physical and logical security purposes. The invention is based on standard remote authentication dial-in service (RADIUS) protocols or TCP/IP using SSL, TLS, PCT or IPsec and stores a shared secret required by the secure communication protocols in a secure access module coupled to the security controller. The security controller is intended to be a networked client or embedded intelligent device controlled remotely by to an authentication server. In another embodiment of the invention one or more life cycle management transactions are performed with the secure access module.