Abstract: In one embodiment, a request may be received from a first cloud network of a hybrid cloud environment to transmit data to a second cloud network of the hybrid cloud environment, wherein the request can include a security profile related to the data. The security profile may be automatically analyzed to determine access permissions related to the data. Based at least in part on the access permissions, data can be allowed to access to the second cloud network.

Abstract: A trusted device, such as a wristwatch, is provided with authentication circuitry, used to perform an authentication operation to switch the trusted device into an authenticated state. Retention monitoring circuitry monitors the physical possession of the trusted device by the user following the authentication operation and switches the trusted device out of an authenticated state if the trusted device does not remain in the physical possession of the user. While the trusted device remains in the physical possession of the user, communication triggering circuitry is used to detect a request to establish communication with a target device that is one of a plurality of different target devices and communication circuitry is used to communicate with that target device using an authenticated identity of the user.

Abstract: A method for proving retrievability (POR) of information is performed in a memory available to one or more computation devices, wherein credentials between a user device, a storing device and an auditing device between each pair of said devices are exchanged and used for communication between them. The method includes encoding information to be stored on the storing device by the user device or the auditing device, storing the encoded information on the storing device, verifying the correctness of the stored information by the auditing device using unpredictable random information, transmitting correctness information to the user device, the correctness information being secure and being generated based on the result of the verification by the auditing device, and validating the correctness information by the user device for proving retrievability of the stored information and the unpredictable random information.

Abstract: Implementations of the disclosure provide for secret keys management in a virtualized data-center. In one implementation, a system is provided. The system comprising a memory to store secret key data and a processing device coupled to the memory. The processing device is to detect activation of a hypervisor on a host system. A request is received from a virtual machine (VM) associated with the hypervisor to access a data storage domain. A secret key providing authenticated access to a data storage device domain is registered to the hypervisor. The secret key includes a universally unique identifier (UUID). To register the secret key, the processing device is to store a data structure indicating an association between the UUID of the secret key and the hypervisor in a volatile memory associated with the processing device. Thereupon, the UUID of the secret key is transmitted to the hypervisor associated with the VM.

Abstract: Embodiments of the invention are directed to a system, method, or computer program product for a transaction apparatus for secure data storage and consolidation of medication adherence, health and wellness data for easy implementation and utilization during a transaction. The transaction apparatus may be configured, in various embodiments, for receiving, storing, encrypting, decrypting, encoding, decoding, accessing, transferring, writing, and/or presenting transaction data including, but not limited to, health care data, medication adherence data, wellness data, location data, authentication data, identification data, access data, personal data, and/or other data associated with a user. As such, the transaction apparatus may receive data from a user and store the data. The user may then provide authorization to access the data. The user may then select the data to be copied to an output device associated with the apparatus.

Abstract: A computer-implemented method includes identifying a set of electronic commands for operation of an electronic device, identifying a guest user, and designating permissions for the guest user, command-by-command, in the set of electronic commands for operating the electronic device. A designated permission for an electronic command in the set of electronic commands includes either granting the guest user access to the electronic device with a privilege of using the electronic command to operate the electronic device, or denying the guest user access to the electronic device and the privilege of using the electronic command to operate the electronic device.

Abstract: Techniques are disclosed relating to securely storing data in a computing device. In one embodiment, a computing device includes a secure circuit configured to maintain key bags for a plurality of users, each associated with a respective one of the plurality of users and including a first set of keys usable to decrypt a second set of encrypted keys for decrypting data associated with the respective user. The secure circuit is configured to receive an indication that an encrypted file of a first of the plurality of users is to be accessed and use a key in a key bag associated with the first user to decrypt an encrypted key of the second set of encrypted keys. The secure circuit is further configured to convey the decrypted key to a memory controller configured to decrypt the encrypted file upon retrieval from a memory.

Abstract: Network activity data is received, for example, from a set of agents reporting collectively information about a set of hosts. The received network activity data is used to identify a user login activity. A logical graph that links the user login activity to at least one user and at least one process is generated.

Abstract: The present principles are directed to identifying and classifying web traffic inside encrypted network tunnels. A method includes analyzing network traffic of unencrypted data packets to detect packet traffic, timing, and size patterns. The detected packet, timing, and size traffic patterns are correlated to at least a packet destination and a packet source of the unencrypted data packets to create at least one of a training corpus and a model built from the training corpus. The at least one of the corpus and model is stored in a memory device. Packet traffic, timing, and size patterns of encrypted data packets are observed. The observed packet traffic, timing, and size patterns of the encrypted data packets are compared to at least one of the training corpus and the model to classify the encrypted data packets with respect to at least one of a predicted network host and predicted path information.

Abstract: Methods and systems for verifying asset identity. The system includes a rules engine executing a corpus of rules to analyze received fingerprint data regarding one or more assets in a network. The rules engine may execute the rules to create a synthetic fingerprint to provide more accurate and helpful information regarding a network asset.

Abstract: Authentication methods and apparatuses are provided. The authentication method comprises: acquiring, from a server, first server authentication information of a user, the first server authentication information being encrypted by using at least one first key obtained from a first number of characters in a user password of the user; acquiring the first number of characters input by the user in a password input area; decrypting the first server authentication information by using at least one second key obtained from the first number of characters input; feeding back at least one first authentication response to the user at least according to the decrypted first server authentication information; and sending an authentication request to the server based on a server authentication pass instruction of the user, the authentication request being used to request the server to authenticate the user.

Abstract: The subject matter discloses a computerized system for authenticating a person requesting access to a physical entity. The system comprises a controller configured to control access to the physical entity, said controller is connected to a biometric acquisition device configured to acquire biometric data of the person. The controller comprises a communication module configured to communicate wirelessly with an electronic device used by the person. The system also comprises a computerized server communicating with the controller or the person's electronic device, said server is configured to provide validation indication of the person using the biometric data and an MPC process performed between at least two of the controller, server and the person's device.

Abstract: User events of a platform are processed to extract aggregate information about users of the platform at an event processing system. A query relating to the user events is received at the system and at least one query parameter is determined from the query. Various privacy controls are disclosed for ensuring that any information released in response to the query cannot be used to identify users individually or to infer information about individual users.

Abstract: A cellular terminal transmits a request that requires authentication procedure triggering to a cellular network and responsively receives from the cellular network an authentication request message with an indication of a selected cryptographic algorithm from a group of a plurality of cryptographic algorithms. The cellular terminal attempts to decode the authentication request message to a decoded authentication request according to the selected cryptographic algorithm and based on a shared secret known by the cellular terminal and a network operator of the cellular terminal.

Abstract: A method for operation of a deception management server, for detecting and hindering attackers who target containerized clusters of a network, including learning the network environment, including finding existing container instances, finding existing services and relationships, extracting naming conventions in the environment, and classifying the most important assets in the environment, creating deceptions based on the learning phase, the deceptions including one or more of (i) secrets, (ii) environment variables pointing to deceptive databases, web servers or active directories, (iii) mounts, (iv) additional container instances comprising one or more of file server, database, web applications and SSH, (v) URLs to external services, and (vi) namespaces to fictional environments, planting the created deceptions via a container orchestrator, via an SSH directly to the containers, or via the container registry, and issuing an alert when an attacker attempts to connect to a deceptive entity.

Abstract: In one embodiment, an apparatus includes a wireless controller, which may include a byte stream parser to receive a stream of data from one or more wireless devices and parse the stream of data to identify a first data packet associated with a first channel identifier associated with a trusted application, and a cryptographic engine coupled to the byte stream parser to encrypt a payload portion of the first data packet in response to the identification of the first data packet associated with the first channel identifier. Other embodiments are described and claimed.

Abstract: An instruction and logic for a Simon-based hashing for validation are described. In one embodiment, a processor comprises: a memory the memory to store a plurality of values; and a hash circuit comprising a Simon cipher circuit operable to receive the plurality of values from the memory, to apply a Simon cipher, and to generate an output for each of the plurality of values; and circuitry coupled to the Simon cipher circuit to combine outputs from the Simon cipher circuit for each value of the plurality of values into a hash digest that is indicative of whether the values in the memory are valid.

Abstract: An example user terminal device includes a display unit, including a display, configured to display a lock screen. The lock screen includes content representative information representing content included in a message that is provided by an acquaintance of a user of the user terminal device, and a first user interface element. A control unit, including a processor, is configured to, when a user input signal is received via the first user interface element, execute an application capable of reproducing the content and to reproduce the content.

Abstract: Example embodiments disclosed herein relate to perform a security action, (e.g., filtering) based on reputation and a signature match. A reputation is determined of a devices associated with a network packet or network packet stream. It is determined whether a signature matches the network packet or an associated flow of the network packet. The security action is determined based on the reputation and the match.

Abstract: A system and method for concealing searches for information stored on public networks, includes intercepting a sensitive query to a search engine prior to transmission of the sensitive query over a public network, transforming the sensitive query into one or more related queries, submitting the related queries over the public network to the search engine, aggregating search results from the search engine, and performing a search on the original query with a search engine privately against said search results.