Abstract: Methods and systems are provided for a security adaptive (SA) voltage converter that receives input power from a power source and provides power to a cryptographic system. The SA voltage converter triggers countermeasures against leakage power analysis (LPA) attacks that slow down an operating frequency of the cryptographic circuit. When an LPA attack is detected, a discharging resistor sinks redundant current to alter the signature of load power dissipation of at the input to the SA voltage converter system. The SA voltage converter includes a converter reshuffling converter. The power dissipation induced by the discharging resistor, as measured at the input received from the power source, is scrambled by the SA voltage converter to increase noise inserted into the input power and to alter the power profile that is measured for the cryptographic circuit.

Abstract: Techniques to provide mobile access to content are disclosed. A request from a mobile application running on a mobile device to access content is received at a connector node. A user credential associated with the request is used to identify at the connector node a policy associated with the request. A policy metadata associated with the policy is provided from the connector node to the mobile application running on the mobile device. The mobile application may include application code that is responsive to the policy metadata to perform, with respect to the request to access content, an action indicated by the policy.

Abstract: An application permissions processing system and method for processing application permission requests is provided. The method includes the steps of detecting that an application has been downloaded to a computing system, receiving one or more permission requests from the application for resources located on the computing system, determining that at least one of the one or more permission requests is a required permission of the application, prompting the user to decide the one or more permission requests, receiving a denial of the required permission from the user, in response to the prompting, and responding to the application by providing spoofed resources to the application to satisfy the required permission of the application.

Abstract: A method at a network element for monitoring user plane traffic for a user equipment, the method including configuring a set of characteristics and a range of values for each of the set of characteristics for user plane traffic between the user equipment and the network element; monitoring user plane traffic for the user equipment at the network element, the monitoring determining whether at least one characteristic of the user plane traffic falls outside of the configured range of a values, resulting in a characteristic violation; and if the at least one characteristic of the user plane traffic falls outside the configured range of a values, performing an action resulting from the characteristic violation.

Abstract: An apparatus and associated methods are disclosed for managing access to digital assets. In at least one embodiment, a digital asset is encrypted and received operably by a computer. An encrypted self-validating string is external to the digital asset and received operably by the computer, the encrypted self-validating string being comprised of encrypted control logic and one or more control parameters selected by a developer of the digital asset. A tool cooperates with the digital asset for selection by the developer of a component that comprises at least a portion of the digital asset, the tool encrypting the component by multi-pass compilation of the component with optimization and obfuscation by converting the component from an interpreted language into a compiled language.

Abstract: A method and system for providing unencrypted access to encrypted data that may be stored on a device, sent as a message, or sent as a real-time communications stream. The method may include using public key cryptography to securely enable accessing the encrypted data stored on a device or communicated by a device. For instance, the method may include using a device vendor's public key to securely enable that vendor to enable only authorized parties to themselves decrypt previously-encrypted device storage, messages, or real-time communications streams.

Abstract: An allocation system that tracks allocation of computer resources is provided. The allocation system allocates a number of user-periods to an organization for accessing a computer resource. The allocation system determines a depletion date based on the number of user-periods and number of users. When a new user is added, the allocation system re-determines the depletion date based on an additional user. When a user is removed, the allocation system re-determines the depletion date based on one less user. When an additional number of user-periods are allocated to the organization, the allocation system re-determines the depletion date based on the additional number of user-periods.

Abstract: Provided are a method and a system capable of efficiently detecting security vulnerability of program. The method includes: generating binary information including route information indicating an execution route of a program on a first test case; acquiring first crash information including the first test case and the route information when a crash of the first test case occurs; restoring a control flow graph based on the binary information; calculating complexity of the restored control flow graph; determining whether the complexity is less than a threshold value; only when a result of the determination indicates that the complexity is less than a threshold value, performing: executing a route detection on the route information; generating a second test case by executing the route detection; and acquiring a second crash information including the second test case and the route information.

Abstract: An approach for detecting anomalous flows in a network using header field entropy. This can be useful in detecting anomalous or malicious traffic that may attempt to “hide” or inject itself into legitimate flows. A malicious endpoint might attempt to send a control message in underutilized header fields or might try to inject illegitimate data into a legitimate flow. These illegitimate flows will likely demonstrate header field entropy that is higher than legitimate flows. Detecting anomalous flows using header field entropy can help detect malicious endpoints.

Abstract: A method for a predictive detection of cyber-attacks are provided. In an embodiment, the method includes receiving security events; matching each received security event to a plurality of previously generated event sequences to result in at least one matched event sequence; comparing each of the at least one matched event sequence to a plurality of previously identified attack patterns to result in at least one matched attack pattern; for each matched attack pattern, computing a risk score potentially indicating a cyber-attack; and causing execution of a mitigation action based on the risk score.

Abstract: A plurality of system nodes coupled via a dedicated private network is described herein. The nodes offer an end-to-end solution for protecting against network-based attacks. For example, a single node can receive and store user data via a data flow that passes through various components of the node. The node can be designed such that communications internal to the node, such as the transmission of encryption keys, are partitioned or walled off from the components of the node that handle the publicly accessible data flow. The node also includes a key management subsystem to facilitate the use of encryption keys to encrypt user data.

Abstract: Embodiments of an observation system are disclosed herein. The observation system includes at least one observation device having at least one observation unit configured to observe at least one observation object in accordance with at least one first instruction data set. The observation system also includes at least one access control arrangement configured to control access to the observation device by at least one access entity. The access control arrangement includes at least one first peer-to-peer module assigned to the observation device and configured to forward at least one first instruction data set to the observation unit. Also included is at least one peer-to-peer application of at least one peer-to-peer network. The peer-to-peer application is configured to control the access to the observation device by allowing the access entity to cause the provision of at least one first instruction data set to the first peer-to-peer module.

Abstract: Systems and methods for providing access to a remote network via an external endpoint are provided. A client establishes a secure connection between an external endpoint and a remote network. Transmissions from clients to the external endpoint are supplemented with additional information regarding handling within the remote network, and then transmitted to an internal endpoint within the remote network. The internal endpoint processes the transmission based on the supplemental information and returns a response to the external endpoint. A response is then returned to the client. Access policies may be created by authorized users to establish processing of client transmissions. These policies may be stored and enforced by the internal endpoint or the external endpoint.

Abstract: There is described a validation and authentication system and method for authenticating and validating messages. The system comprises a data store storing one or more digital fingerprints associated with user imaging devices. There is also a communication module configured to: receive a message M; receive a request for validation and authentication and receive an image PM of the message M captured using a user imaging device. The system comprises an image validation module for analysing the received image PM using one or more image processing techniques to determine if the image is valid and authentic. If the received image PM is determined to be authentic and valid, the image validation module generates a response to the request.

Abstract: This disclosure describes embodiments of an improvement to the static group solution because all the administrator needs to do is specify the criteria they care about. Unlike static groups, where the administrator needs to keep track of the status of individual users and move them between static groups as their status changes, smart groups allows for automatic identification of the relevant users at the moment that action needs to be taken. This feature automates user management for the purposes of enrollment in either phishing and training campaigns. Because the smart group membership is determined as the group is about to be used for something, the smart group membership is always accurate and never outdated. The query that determines the smart group membership gets run at the time when you are about to do a campaign or perform some other action that needs to know the membership of the smart group.

Abstract: Disclosed are various examples of providing analog security for digital data. A first framelet is decrypted. The first framelet includes a first set of subpixels for each pixel of content requested from a network service. A second framelet is also decrypted. The second framelet includes a second set of subpixels for the respective pixel of the content. The first framelet and the second framelet are rendered separately. The first framelet is visually aligned with the second framelet to reproduce the content. A shade of each pixel is reproduced based on the first plurality of subpixels being visually aligned with the second plurality of subpixels.

Abstract: Embodiments of the invention are directed to systems and methods of user authentication for data services. The data services may include accessing a tax return at the IRS, accessing or completing a student loan application, accessing a credit report, etc. User authentication data is collected by a data provider and provided to a server computer, and user device data is collected by the server computer after the user device accesses a resource identifier (e.g., URL) associated with the server computer. The user authentication data and/or user device data is analyzed and a risk score is generated.

Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.

Abstract: Methods and systems for protecting sensitive data on a mobile device. In an embodiment, a mobile device processor of a mobile device downloads, from a provider computer, an application including a white box software development kit (SDK). The mobile device processor utilizes a code protection process of the application to obfuscate sensitive user data, stores the obfuscated user data in a regular memory, runs the white box SDK to monitor and protect sensitive applications which execute when conducting transactions, and receives instructions from a trusted application manager computer to at least one of re-obfuscate the sensitive user data and reset a user root key.

Abstract: A multi-engine malicious code scanning method for scanning data sets from a storage device is provided. The method includes, among other steps obtaining at least one data set from a storage device and generating a single forensic image of the data set and also applying a recover data application to the data set to generate a single recovered data set. A scanning is initiated of the single forensic image and the single recovered data set using the selected plurality of malware engines, where each of the malware engines, installed on the indepenent operating systems of the virtual operating system may be run concurrently on the single forensic image and the single recovered data set. A report is generated combining each of the malware engines reporting the results of the scans.