Abstract: Methods and systems for scanning an endpoint terminal across an open computer network are disclosed. An exemplary method includes providing a scanner engine in a computer server in communication with an open computer network, and establishing a secure connection across the open computer network between the scanner engine and a scanner agent installed on the endpoint terminal in communication with the open computer network. Commands for collecting data regarding the endpoint terminal are sent from the scanner engine across the secure connection to the scanner agent. The scanner engine then receives the collected data from the scanner agent across the secure connection, analyzes the data to assess a current posture of the endpoint terminal, and determines any updates for the endpoint terminal from the analysis. Updates are sent across the secure connection to the scanner agent for installation on the endpoint terminal, and the secure connection may then be terminated.

Abstract: The present disclosure relates to a method and system for securely transferring master keying material between a master dongle (10) and a slave dongle (12). Each dongle (10,12) is connected to a data transfer system. The slave dongle (12) contains a public key and a private key and the master dongle (10) contains master keying material that is to be transferred securely to the slave dongle (12). The data transfer system reads the slave dongle's public key and sends it to the master dongle (10). The master dongle (10) encrypts the master keying material with the slave dongle's public key to produce an encrypted master keying material. The encrypted master keying material is sent via the data transfer system to the slave dongle (12) and the slave dongle (12) decrypts the encrypted master keying material with the slave dongle's private key.

Abstract: Various embodiments of the present application are directed towards systems and methods for hybrid blockchain control. According to some embodiments a method for hybrid blockchain control, an update to a distributed blockchain is received from a blockchain system. The blockchain system includes multiple nodes individually storing copies of the distributed blockchain and individually updating the copies by a consensus process. A determination is made as to whether the distributed blockchain has been fraudulently modified based on the received update. In response to determining the distributed blockchain has been fraudulently modified: 1) a corrective block is disseminated to the blockchain system to trigger the consensus process on the nodes; and 2) a predefined override in the consensus process is invoked to update the copies of the distributed blockchain in a manner that bypasses an illegitimate block. Further, the predefined override is invoked while the consensus process processes the corrective block.

Abstract: Disclosed is a system for delegating authentication of an untrusted application executing on a client device. For delegated authentication, an untrusted application relies on a trusted application executing in the same environment for authentication purposes. The delegated authentication process avoids requiring the user of the untrusted application to provide authentication credentials. The disclosed system for delegating authentication enables any trusted application executing in the same computing environment to authenticate the untrusted application.

Abstract: In some examples, a system comprises a memory device for storing instructions and a processor which executes instructions causing the system to perform operations comprising receiving an instruction to transfer a state of a first device to a second device, and packaging information relating to the state of the first device in a file. The packaging of the information relating to the state of the first device includes recording each application executing on the first device in a list maintained in the file, and transferring the file containing information relating to the state of the first device to the second device, either directly or indirectly based on an availability of connections between the first device and the second device. The file, when processed by the second device, causes the second device to reproduce the state of the first device. In some example, reproducing the state of the first device includes the second device downloading, from one or more of the locations, one or more of the applications.

Abstract: Data security across data residency restriction boundaries is provided by profiling a dataset on which a desired analysis is to be performed, with some results of the desired analysis to be transferred from one location to another, the dataset subject to data residency restrictions that restrict transfer of the dataset across a boundary to the another location, and the profiling identifying a profile level for the dataset, automatically generating, based on the profile level and the data residency restrictions that restrict the transfer of the dataset across the boundary, a container for processing the dataset into a reformatted dataset not restricted by the data residency restrictions for transfer across the boundary, instantiating the generated container on a data processing system at the one location, and processing the dataset into the reformatted dataset using the instantiated generated container, and transferring the reformatted dataset to the another location.

Abstract: Methods and systems are provided for detecting privacy leakage risks in text. One example method generally includes receiving, at a computing device from a client device, a keyword and generating, by the computing device, a combined query comprising the keyword and a sensitive topic query associated with a sensitive topic. The method further includes transmitting the keyword from the computing device to a search engine and transmitting the combined query from the computing device to the search engine. The method further includes receiving, at the computing device from the search engine, a number of search results for the keyword and receiving, at the computing device from the search engine, a number of search results for the combined query. The method further includes determining, by the computing device, a confidence score and transmitting the confidence score from the computing device to the client device.

Abstract: Disclosed is a system for recommending content of a predefined category to an account holder, detecting spam applications, or account holders based on the account holder application graphs. The system receives information corresponding to applications executing on the client device of the account holders and generates an application graph for each account holder that includes a list of predefined application categories that are preferred by the account holder. For each predefined category, a list of account holders preferring content relevant to that category is predicted based on the set of generated application graphs. Some application graphs may be detected as spam application graphs by comparing the generated application graphs with a set of predefined spam application graphs. Alternatively, if the generated application graph does not match the predefined spam application graphs, they are compared to a set of application graphs from a database to find similar application graphs.

Abstract: In example implementations, a method is provided that is executed by a processor. A multiplexed data stream is received over a single transmission control protocol (TCP) connection that uses a SPDY protocol. The multiplexed data stream contains data packets associated with a plurality of different data streams. A plurality of sub-contexts are generated. Each one of the sub-contexts is associated with a different one of the plurality of different data streams. The data packets are demultiplexed from the multiplexed data stream into a respective one of the plurality of sub-contexts. The plurality of different data streams in the respective one of the plurality of sub-contexts are examined to detect a malware.

Abstract: A method for providing an administration policy to a user device comprising a plurality of applications, the method comprising centrally generating the administration policy to be implemented in the user device, the administration policy comprising at least one of an application administration policy to be used by at least one of the plurality of applications and a client administration policy for the user device; and providing the generated policy to the user device.

Abstract: A remote attestation system for a computer network includes an attestation operations subsystem configured to manage attestation procedures for the remote attestation system, and an attestation server pool including a plurality of attestation servers. The plurality of attestation servers is configured to perform attestation of at least one host in a data center. The system further includes an attestation state database configured to store a state of attestation of the at least one host, an attestation policy database configured to store at least one operator policy of the computer network, and an end-user service portal configured to provide access to the remote attestation system by users of the computer network.

Abstract: A system includes a network adapter operable to interface with one or more computer networks. The system also includes a processing system operably coupled to the network adapter and configured to perform a plurality of operations. The operations include monitoring for a request to transfer data from a file including a self-destruction indicator, determining a targeted destination of the data based on detecting the request to transfer the data from the file including the self-destruction indicator, and determining whether the targeted destination is within an allowed network list associated with the file. The system prevents the transfer of data from the file to the targeted destination through the network adapter based on determining that the allowed network list excludes the targeted destination.

Abstract: A data processing device is disclosed, which selectively grants devices access to an online session if the devices satisfy a discovery range requirement. The online session is associated with the discovery range requirement by which the online session is selectively discoverable by the devices. The data processing device determines an access metric representing interactions related to the online session, and adjusts the discovery range requirement based on the determined access metric such that the online session is discoverable by more or fewer devices. The data processing device then selectively grants the devices access to the online session based on the adjusted discovery range requirement.

Abstract: Presented is a television and methods for decrypting digital data, which is encrypted using one of a plurality of different encryption techniques. A television can receive a digital content stream from a service provider. The digital stream includes the digital content, a decryption module, and metadata. A television can further extract the decryption module as instructed by the metadata from the digital content stream. A television can further decrypt the digital content with the extracted decryption module and a decryption key.

Abstract: Systems and methods for ensuring data security. A MAC is computed sequentially for each selected message from a data log that contains at least two messages. To build a data block, a preset encryption key is used for a first message and an encryption key for the previous message is used for subsequent messages. A determination that the data log is compromised can be made based on MAC data block data and an independent calculation of a MAC.

Abstract: Example techniques are described for image-based user authentication. An example method includes receiving, by a host system, a passphrase comprising a plurality of words, the passphrase being provided for authentication of a user. The method further includes generating, by the host system, an image selection grid comprising a plurality of images, each word from the passphrase corresponding to one or more images from the image selection grid. The method further includes receiving, by the host system, a plurality of selected images from the image selection grid. The method further includes storing, by the host system, the selected images as a login challenge for the user.

Abstract: One or more embodiments of techniques or systems for intelligent data presentation are provided herein. Data can be presented on similar devices having different characteristics in different manners. For example, data may be rendered in a first manner on a first device having one monitor, the same data may be rendered in a second manner on a second device having two displays or a different display size. Financial information, sales data, banking information, etc. may be presented in a variety of ways based on capabilities or properties of a device accessing the information or data. Similarly, renderings may be selected based on interaction capabilities or interaction options a user may have with different renderings or presentations. In other embodiments, user interaction with an automated teller machine (ATM), call center, vehicle, or other interface can be based on device properties or device capabilities.

Abstract: Embodiments of the present disclosure include systems and methods for securely entering, receiving, and storing sensitive data. A server system may determine if a request received from a user computing device communicatively coupled to the server triggers a requirement to receive sensitive data from the user computing device, generate a data structure for the sensitive data, designate a plurality of contact methods, determine a communication protocol for each of the designated plurality of contact methods, transmit a request for data unit information to the corresponding designated contact methods via the determined communication protocol for each data unit of the data structure, receive from each of the designated contact methods, the data unit information corresponding to the respective single data unit, and generate sensitive data by aggregating the received data unit information received from each of the designated contact methods.

Abstract: In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.

Abstract: The disclosed technology includes techniques for secure access to data associated with an organization and includes providing a user device access to a user interface that is configurable by a user of the user device to execute function requests. Upon receipt of a function request, a router can randomly select an available computer from a computer cluster to execute the function. The computer can access a predetermined portion of the organization's data, generate an output by executing the requested function based on the predetermined portion of the organization's data, and transmit the output to the user device.