Abstract: Utilizing error correction (ECC) for secure secret sharing includes computing an encrypted key using a key and a number of random values, computing, based on a first ECC scheme, a key ECC for the encrypted key and the random values, and storing a number of key fragments on a number of storage servers, the number of key fragments includes the encrypted key, the random values, and the key ECC.

Abstract: Runtime computer software product management system including a computer database, an access control system and a composite model including an integrated entitlement-service state model with first state data specifying access to a subscription of a computer software product of a host and second state data specifying permissible actions involving the subscription based at least in part upon the first state data. The access control system is in communication with the computer database and generates grants for an accountant and client based on the entitlement-service state model and receives a request from the computer software product for the client to access the product. The access control system determines a grant status based at least in part upon the first grant status and the second grant status and responds to the request with the determined grant status which governs client access to the computer software product.

Abstract: Certain embodiments may generally relate to controlling access to data held in the cloud. A method for controlling access to data held in the cloud may include determining, at a cloud server, the validity of user credentials received from a user device. The method may also include receiving context data related to the user device based on the validity of the user credentials. The method may further include synchronizing the context data with the cloud server. In addition, the method may include enforcing context-sensitive security checks on requests made by the user for resources based on the sensor data collected by the user device.

Abstract: A validation-ready preprocessing block in a current consensus round is obtained by a blockchain node and in a service consensus stage. The validation-ready preprocessing block is validated. If it is determined that the validation-ready preprocessing block is validated, validation is started on a next validation-ready preprocessing block and parallel data processing is performed on service data stored in the validated validation-ready preprocessing block.

Abstract: A method, apparatus and product performing feature vector aggregation for malware detection. Two sets of measurements produced by a two dynamic analyses of an examined program are obtained, wherein the two dynamic analyses are performed with respect to the examined program executing two different execution paths. An aggregated feature vector representing the examined program is generated. The aggregated feature vector comprises a set of aggregated features, wherein a value of each aggregated feature is based on an aggregation of corresponding measurements in the first set of measurements and in the second set of measurements. A predictive model is applied on the aggregated feature vector to classify the examined program as malicious or benign.

Abstract: A method and an apparatus for detecting botnet domains is described. In one embodiment, the method includes monitoring network traffic associated with a plurality of clients in a network. Based on the monitoring, information related to a plurality of domains that are queried is stored. The method includes identifying one or more suspect clients in the network based on the stored information and determining a subset of suspect domains based on the stored information related to the domains queried by the suspect clients. The method can include determining client activity information and using the client activity information to determine a polytope region for a client. The method includes comparing each suspect domain to the polytope region and associating a domain with a group of blocked domains if the domain falls within the polytope region.

Abstract: Techniques are provided for providing multi-factor authentication with Uniform Resource Locator (URL) validation (MFAUV). One of the multiple authentication factors used may include a unique, user-specific URL that is sent to the user within a message. In this way, the user may simply click on, or otherwise execute or select, the provided URL, directly from within the message in which the URL is provided.

Abstract: A device may include one or more processors to establish a media access control security (MACsec) key agreement (MKA) session between a first network device and a second network device via a MACsec link; establish a fast heartbeat session via the MACsec communication link, between a first packet processing engine of the first network device and a second packet processing engine of the second network device, to permit the first packet processing engine and the second packet processing engine to exchange fast heartbeat messages via the fast heartbeat session and the MACsec communication link; determine, based on the fast heartbeat session, that the MKA session has ended; and/or perform an action based on the MKA session ending.

Abstract: Systems and methods for confirming a cryptographic key. The system includes an electronic controller configured to generate an electronic message in response to an installation of a secret key on the electronic controller, the electronic message comprising information about the installation of the secret key, digitally sign the electronic message using a manufacturer private key, encrypt the electronic message, store the electronic message in a memory, access the stored electronic message in response to a request by a user, decrypt the electronic message, confirm a digital signature of the electronic message using a manufacturer public key, generate a confirmation message, and send the confirmation message to a user.

Abstract: Provided is adaptive authentication that utilizes relational analysis, sentiment analysis, or both relational analysis and sentiment analysis to facilitate an authentication procedure. The relational analysis evaluates a transactional profile and a behavioral profile of the user. The sentiment analysis evaluates available user information that is obtained from various forms of Internet activity related to the user. A level of authentication is selectively modified based on a result of the relational analysis and/or the sentiment analysis.

Abstract: A system and method for with an inmate in a privileged communication are disclosed. a communication system includes a portal subsystem that determines whether a communication should be monitored, or not, based on received information, including access information, from a first communication device. Based on the determination, the communication system bypasses a monitoring subsystem and stores and/or transmits the communication to a second communication device by way of a non-monitoring subsystem.

Abstract: In one embodiment, a server instructs one or more networking devices in a local area network (LAN) to form a virtual network overlay in the LAN that redirects traffic associated with a particular node in the LAN to the server. The server receives the redirected traffic associated with the particular node. The server trains a machine learning-based behavioral model for the particular node based on the redirected traffic. The server controls whether a particular redirected traffic flow associated with the node in the LAN is sent to a destination of the traffic flow using the trained behavioral model.

Abstract: Described herein are methods and systems for updating digital certificates on a computer and testing to confirm that the update was performed correctly. The testing may involve confirming that a server's common name (CN) and/or a server's subject alternative name (SAN) matches the domain name server (DNS) name utilized to access the server, confirming that, for all the certificates sent in chain, each certificate's expiration date is less than or equal to the expiration date of that certificate's parent certificate, confirming that the certificates' authority key identifier (AKI), subject key identifier (SKI), and/or authority information access (AIA) are in compliance, and comparing available cipher suites to a list of pre-approved cipher suites.

Abstract: Apparatus and methods are disclosed for identifying differences in objects of a computing device using definitions expressed in vulnerability assessment languages such as Open Vulnerability and Assessment Language (OVAL). In one example of the disclosed technology, a method includes receiving criteria for evaluating the computing device using an agent. The criteria specify object tests used to generate associated state values based on states or status of the tested objects. The criteria are evaluated and first state values generated by performing the object tests are stored as expected values for object tests. The criteria are then evaluated by re-performing the object tests, and second state values thereby generated are compared to the first state values. One or more differences between the first and second state values can be identified and reported to, for example, a monitor server.

Abstract: In one embodiment, an apparatus includes: at least one core to execute instructions, the at least one core formed on a semiconductor die; a first memory formed on the semiconductor die, the first memory comprising a non-volatile random access memory, the first memory to store a first entry to be a monotonic counter, the first entry including a value field and a status field; and a control circuit, wherein the control circuit is to enable access to the first entry if the apparatus is in a secure mode and otherwise prevent the access to the first entry. Other embodiments are described and claimed.

Abstract: A content management system and a collaborative content system implement interoperability features that allow a user to perform certain interactions with a collaborative content item via the interface of the content management system. For instance, the collaborative content system can outsource access permissions for the collaborative content item to the content management system. When the collaborative content system receives a user's request to access the collaborative content item, the collaborative content system requests permissions data for the collaborative content item from the content management system and then determines based on the permissions data whether to grant access to the user. The content management system can also outsource the account storage capacity for the collaborative content item to the collaborative content system.

Abstract: Provided are methods and systems for network access control. A method for network access control may commence with determining whether a client device is a trusted source or an untrusted source. The determination may be performed using a SYN packet received from the client device. The SYN packet may include identifying information for the client device. When it is determined that the client device is neither the trusted source nor the untrusted source, the method may continue with transmitting a SYN/ACK packet to the client device. The SYN/ACK packet may include a SYN cookie and identifying information for a network device. The method may further include receiving an ACK packet from the client device that may include the identifying information for the client device, identifying information for the network device, and the SYN cookie. The method may continue with establishing a connection with a network for the client device.

Abstract: A method and system of providing verification of information of a user relating to an attestation transaction is provided, and includes sending a request for information of the user, wherein the information has been previously attested to in an attestation transaction stored within a centralized or distributed ledger at an attestation address; receiving at a processor associated with a verifier the information of the user; sending a cryptographic challenge nonce; receiving at the processor associated with the verifier the cryptographic challenge nonce signed by the user's private key; verifying user identity with the cryptographic challenge nonce signed by the user's private key; deriving a public attest key by using the information of the user; deriving an attestation address using the public attest key; and verifying the existence of the attestation transaction at the attestation address in the centralized or distributed ledger.

Abstract: In one embodiment, a server instructs one or more networking devices in a local area network (LAN) to form a virtual network overlay in the LAN that redirects traffic associated with a particular node in the LAN to the server. The server identifies a configuration for the particular node based on a node profile for the particular node. The server accesses a configuration interface of the particular node and instructs the particular node to use the identified configuration via the accessed configuration interface.

Abstract: Methods and apparatus for a secure framework for storing and analyzing genomic data. Embodiments of the present invention apply persistent governance to sensitive information and to the analytics that operate upon it, managing the interaction between the two.