Abstract: A controller and an accessory controllable by the controller can communicate using secure read and write procedures. The procedures can include encrypting identifiers of accessory characteristics targeted by a read or write operation as well as any data being read or written. The procedures can also include the accessory returning a cryptographically signed response verifying receipt and execution of the read or write instruction. In some instances, a write procedure can be implemented as a timed write in which a first instruction containing the write data is sent separately from a second instruction to execute the write operation; the accessory can disregard the write data if the second instruction is not received within a timeout period after receiving the first instruction.

Abstract: In an aspect, a wireless communication between a transmitter and a receiver involves determining updated keys according to a key management process for MAC layer encryption. Such key is propagated to a transmitter MAC and though a receiver key management process to a receiver MAC. After a delay, transmitter MAC device begins using the updated key, instead of a prior key, for payload encryption. Receiver MAC continues to use the prior key until a packet that was accurately received fails a message integrity/authentication check. Then, the receiver MAC swaps in the updated key and continues to process received packets. The packet data that failed the message integrity check is discarded. Transmitter MAC retries the failed packet at a later time, and if the packet was accurately received and was encrypted by the transmitter MAC using the updated key, then the receiver will determine that the message is authentic and will receive it and acknowledge it.

Abstract: An apparatus and a method for managing user identity, the method comprising: establishing a connection secured with Transport Layer Security (TLS) from a client device to an IRP server; authenticating, at the IRP server, user login via the client device, with Strong Client Authentication (SCA) or Username/Password Authentication (UPA); upon request from the client device, registering or retrieving at the IRP server user identity information comprising user information, and an Internet Protocol (IP) address of the client device; upon request from the client device, registering or retrieving at the IRP server one or more digital certificate; sending from the client device to the IRP server a Certificate Signing Request (CSR) via the secured connection; upon request from the client device, returning a signed digital certificate from the IRP server to the client device; sending a PKCS #12 package from the client device to the IRP server; and upon request from the client device, returning a PKCS #12 package from t

Abstract: Described technologies automatically detect candidate networks having external nodes which communicate with nodes of a local network; a candidate external network can be identified even when the external nodes are owned by a different entity than the local network's owner. A list of network addresses which communicated with local network nodes is culled to obtain addresses likely to communicate in the future. A graph of local and external nodes is built, and connection strengths are assessed. A candidate network is identified, based on criteria such as connection frequency and duration, domain membership, address stability, address proximity, and others, using cutoff values that are set by default or by user action. The candidate network identification is then utilized as a basis for improved security though virtual private network establishment, improved bandwidth allocation, improved traffic anomaly detection, or network consolidation, for example.

Abstract: Systems and methods are described to facilitate generation of access policies for a network-accessible service. An authorization service may use access policies to control whether requests to access a network-accessible service are authorized. A user may submit to the authorization service a request to programmatically generate an access policy based on requests received at the network-accessible service during a training period, such that the access policy, if applied to the requests received during the training period, would result in an authorization result specified by the user. The authorization service may gather information regarding requests received during the training period, and thereafter programmatically generate an access policy based on parameter values, such as source identifiers, called functions, or authorization tokens, present within requests received during the training period.

Abstract: Methods, systems, and computer readable media for monitoring, adjusting, and utilizing latency associated with accessing distributed computing resources are disclosed. One method includes measuring a first latency associated with accessing a first computing resource located at a first site. The method further includes the measuring a second latency associated with accessing a second computing resource located at a second site different from the first site. The method further includes selectively impairing transmission of packets to or processing of packets by at least one of the first and second computing resources in accordance with a performance, network security, or diagnostic goal.

Abstract: A malicious code analysis method and system, a data processing apparatus, and an electronic apparatus are provided. A behavior characteristic data corresponding to a suspicious file is received from the electronic apparatus via the data processing apparatus to analyze the behavior characteristic data. The behavior characteristic data corresponding to the suspicious file is compared with a malware characteristic data of each of a plurality of malicious codes to obtain a comparison result. And based on the comparison result, a representative attack code corresponding to the suspicious file is obtained and a precaution corresponding to the representative attack code is transmitted to the electronic apparatus.

Abstract: A certification management system helps an organization develop and maintain a repository of current certification status of employees. The system may integrate multiple learning management systems and other enterprise level systems across the organization. The system facilitates identifying and enrolling targeted employees for any number and type of certification programs. The system may also implement and support reconfiguring certification programs, for example, during training, and enforcing recertification requirements according to maturing business needs. The system provides automated workflows that facilitate a formal, structured approach to the development and recognition of specific specialized skills at scale by infusing more consistency, rigor, and objectivity.

Abstract: Systems, methods, and computer-readable media for managing credentials of multiple users on an electronic device are provided.

Abstract: The disclosed computer-implemented method for connecting Internet-connected devices to wireless access points may include (1) receiving, over the Internet from a client device at a server, a request to connect the client device to an access point that is secured by a passcode, (2) transmitting a verification-request message from the server to the access point and/or the client device that instructs the access point and/or the client device to perform an action that enables the physical proximity of a user of the client device to the access point to be verified, (3) receiving a verification-response message that indicates that the user of the client device has physical access to the access point, and (4) enabling the client device to connect to the access point by transmitting, from the server to the client device, the passcode. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for introducing a replacement code segment over-the-air through a wireless mobile communication network to an existing code resident on a mobile terminal: identifying the mobile terminal from among terminals served through the wireless mobile communication network; sending a push notification through the network to the mobile terminal, the push notification indicative of the replacement code segment ready for downloading; activating a dynamic update module resident in the mobile terminal, in response to the push notification; sending a request for the replacement code segment; downloading the replacement code segment to the mobile terminal; and transferring the downloaded replacement code segment to the dynamic update module for dynamic replacement of a corresponding old code segment within the mobile terminal with the replacement code segment, obviating a need to recompile the existing code.

Abstract: Disclosed are methods, systems and one or more computer readable mediums for storing data securely in a database. In one aspect, transaction data received from a user completing a form is encrypted using a transaction key provided by a record key management server which is administered by a customer of a form hosting entity. An encrypted transaction key is also generated by the record key management server, wherein a record indicative of the encrypted transaction data and the encrypted transaction key is stored in a database administered by the form hosting entity. Data at rest stored in the database, including the record, is encrypted by a database key management server using a database key.

Abstract: The invention relates to a method for storing data, wherein the method, in order to store a file (101), comprises: —automatic generation (602) of a distribution schedule (416); —performance (604) of an error correction method, which is specified in the distribution schedule, for generating file fragments from the file by a user computer system; —sending (606) of an authorisation enquiry (420) for storing the file fragments in the memory services (SD2, SD4-SD6) identified in the distribution schedule from the user computer system to a file management server via a network; —in response to reception of the authorisation enquiry by the file management server, requesting (608, 424) of an authorisation token by the file management server from each of the memory services identified in the distribution schedule and forwarding (610) of the authorisation token (428) obtained in response to the request to the user computer system by the file management server; and —storage (612) of the generated file fragments in the st

Abstract: At least one method, apparatus and system disclosed involves providing a restricted access protocol for accessing a memory device. A first memory portion of a memory device is selected for providing an access confirmation. At least one of setting or resetting of memory cells of the first memory portion is performed. A first voltage is provided for switching the memory cells. The first voltage is associated with a predetermined switching probability. A first input signal comprising at least one address associated with the memory cells is provided. A first responsive signal is received in response to the input signal. The first responsive signal comprises data relating to the state of the memory cells. An access key is provided for the access confirmation based upon a relationship between the first input signal and the first responsive signals for providing an access key.

Abstract: The disclosed computer-implemented method for detecting preparatory-stages of rowhammer attacks may include (i) receiving, at a computing device, signatures of preparatory behaviors that are known to be exhibited by malicious virtual machines during preparatory stages of rowhammer attacks, (ii) monitoring, at the computing device, behaviors of a virtual machine that is hosted by the computing device, (iii) detecting, at the computing device while monitoring behaviors of the virtual machine, a behavior that matches one of the signatures of preparatory behaviors, and (iv) performing, in response to detecting the behavior that matches one of the signatures of preparatory behaviors, a security action to prevent the virtual machine from perpetrating a successful rowhammer attack. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method includes generating an index representation of characters of code of a given file and mapping the index representation to a vector space providing contextual representation of the characters utilizing an embedding layer of a recurrent neural network (RNN). The method also includes identifying one or more code features in the mapped index representation utilizing at least one hidden layer of the RNN, detecting sequences of the identified code features in the mapped index representation utilizing a plurality of memory units of a recurrent layer of the RNN, and generating a classification result for the given file based on the detected sequences of code features utilizing one or more classification layers of the RNN. The method further comprises utilizing the classification result to determine if the given file contains code of a designated code type, and modifying access by a given client device to the given file responsive to the determination.

Abstract: A method for use in a source device includes: acquiring a random number; transmitting the random number to a sink device through a High Definition Multimedia Interface-Consumer Electronics Control (HDMI-CEC) bus; receiving first signature information and capability information from the sink device through the HDMI-CEC bus, the first signature information being information in which the random number is encrypted with a first secret key of the sink device, the capability information being information about a display capability of the sink device; acquiring a result of a first determination whether first decrypted information is compatible with the transmitted random number, the first decrypted information being obtained by decrypting the first signature information with a first public key paired with the first secret key; determining that the received capability information is correct information when the result of the first determination is that the first decrypted information is compatible with the transmitte

Abstract: A process for accessing a data storage device of a cloud computer system CCS through a gateway computer system GCS which is connected with the CCS over a network, the process includes setting up a protected connection between a first piece of terminal equipment of the user and the GCS; transferring a file over the protected connection from the terminal equipment to the GCS; setting up a session over the network between the GCS and the CCS; authenticating the user with respect to the CCS by the GCS accessing, through the session, the authentication data of the user stored in the GCS, for authentication of the user; encrypting the file by the GCS using the cryptographic key; transferring the encrypted file through the session from the GCS to the CCS; and storing the encrypted file in the data storage device of the CCS.

Abstract: Methods and systems are provided for efficient and secure “Machine-to-Machine” (M2M) between modules and servers. A module can communicate with a server by accessing the Internet, and the module can include a sensor and/or actuator. The module and server can utilize public key infrastructure (PKI) such as public keys to encrypt messages. The module and server can use private keys to generate digital signatures for datagrams sent and decrypt messages received. The module can internally derive pairs of private/public keys using cryptographic algorithms and a set of parameters. A server can use a shared secret key to authenticate the submission of derived public keys with an associated module identity. For the very first submission of a public key derived the module, the shared secret key can comprise a pre-shared secret key which can be loaded into the module using a pre-shared secret key code.

Abstract: A security information update system includes a service providing server and information processing devices, the service providing server including: an authentication information memory that stores a pair of security information and identification information; and a service providing unit that provides a service to the information processing device, and the information processing devices including: a policy acquisition unit that acquires a security policy; a security information memory that stores security information; a process executing unit that transmits a pair of the same identification information and security information to the service providing server and receives a service; an authentication information acquisition unit that acquires security information after update; an update unit that updates security information with the acquired security information after the update date and time; and a prohibition unit that prohibits execution of a process of receiving a service after the update date and time u