Abstract: In various exemplary embodiments, a system and associated method for providing a hybrid cloud computing environment are disclosed. For example, a system may authorize an enterprise user based on an enterprise identity. Once authenticated, embodiments may use mapping data and a cloud role to determine an identity to use when the enterprise user accesses a cloud.

Abstract: Methods and systems for scanning an endpoint terminal across an open computer network are disclosed. An exemplary method includes providing a scanner engine in a computer server in communication with an open computer network, and establishing a secure connection across the open computer network between the scanner engine and a scanner agent installed on the endpoint terminal in communication with the open computer network. Commands for collecting data regarding the endpoint terminal are sent from the scanner engine across the secure connection to the scanner agent. The scanner engine then receives the collected data from the scanner agent across the secure connection, analyzes the data to assess a current posture of the endpoint terminal, and determines any updates for the endpoint terminal from the analysis. Updates are sent across the secure connection to the scanner agent for installation on the endpoint terminal, and the secure connection may then be terminated.

Abstract: A method for requesting a credential associated with token in a multiple token layer environment is disclosed. A tokenization certificate serves to validate the identity of a credential requestor and provide information about the requestor's authorization for de-tokenizing a token. Also, a public key in the tokenization certificate is used to encrypt the credential for secure transmission to the requestor.

Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.

Abstract: Presented is a system and methods for receiving metadata, a decryption module and encrypted content from a cable headend, decrypting the encrypted content with the decryption module and presenting the decrypted content to a user. The client device can receive, load and execute any decryption module compatible with the system framework allowing flexibility in the choice or changing of client device manufacturer and/or Digital Rights Management system vendor.

Abstract: In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.

Abstract: Systems for dynamic watermarking within a cloud-based collaboration environment. Storage facilities are managed by servers to provide cloud-based storage services to two or more client entities as a service across a network. The servers maintain versions of editable documents or photo images or video clips using a version indication. Dynamic watermarking applies a first watermark image to a first version of the editable document and grants edit access to a first client entity of the two or more client entities. While the first client entity has edit access to the first version of the editable document the system generates a second version of the editable document and applies a second watermark image to the second version of the editable document before delivering the second version to a second client entity. A security watermark is based on a user credential, and a leak source can be determined based the user credential.

Abstract: An endpoint security agent facilitates a security policy on an endpoint computing device. The endpoint agent comprises an engine and one or more plugins that each provide a particular security feature. The endpoint agent receives a policy from a cloud server specifying one or more plug-ins used by the policy and configuration of those plug-ins. The endpoint agent retrieves, installs, and configures the one or more plugins. The endpoint agent updates a communication table with command subscription information obtained from each installed plugin indicating command types subscribed to by each plug-in. When a command is received, a lookup of the command type is performed in the table, and the command is sent to the subscribing plugin.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for replication-related protocols for decentralized networks. One method includes: receiving, at a prover, a file to be stored; encoding the file to be stored using an encoding function to produce an encoded stored file wherein the time to encode using the encoding function takes at least a minimum encoding time; receiving a challenge at the prover; producing a proof at the prover in response to the challenge within a verify time period, wherein the proof is determined in part by decoding the encoded stored file and wherein the verify time period is less than the minimum encoding time; and taking an action (e.g., rewarding a storage miner/prover) in response to the proof.

Abstract: A computer and method for managing a shared key in a cluster of computers utilizes a node key to decrypt an encrypted shared key to obtain the shared key. A computer in the cluster can receive the node key from another computer in the cluster by transmitting an encrypted node key that has been encrypted using a master key to the other computer in the cluster, which is then decrypted using the master key at the other computer. The received node key can then be used by the requesting computer to decrypt the encrypted shared key to obtain the shared key.

Abstract: Disclosed embodiments relate to systems and methods for automatically detecting and addressing security risks in code segments. Techniques include accessing a plurality of code segments developed for execution in a network environment, automatically identifying a first code segment from the plurality of code segments for analysis, automatically performing a first code-level security risk assessment for the first code segment, and determining a first security risk level for the first code segment based on the application programming interface risk level. The first code-level security risk assessment may be performed based on at least one of an application programming interface risk level, an embedded credentials risk level, and a target resource risk level. Further techniques may include determining a second security risk level for a modified version of the first code segment; and enabling a comparison between the first security risk level and the second security risk level.

Abstract: Methods and systems provide network security by associating login credentials with a specific end-point. By doing so, valid user login credentials are not recognized when not used on a device authorized to use those credentials. By creating that association in a secure manner, the protection of confidential information becomes more complete and the leakage or theft of data such as usernames and passwords becomes less critical. Additionally, creating this hard association makes hacking tools such as password crackers and rainbow tables significantly less effective since the possession of a valid username/password is no longer sufficient for bad actors to access assets using this two-factor authentication model.

Abstract: Methods, devices and systems are disclosed for inter-app communications between software applications on a mobile communications device. In one aspect, a computer-readable medium on a mobile computing device comprising an inter-application communication data structure to facilitate transitioning and distributing data between software applications in a shared app group for an operating system of the mobile computing device includes a scheme field of the data structure providing a scheme id associated with a target software app to transition to from a source software app, wherein the scheme id is listed on a scheme list stored with the source software app; and a payload field of the data structure providing data and/or an identification where to access data in a shared file system accessible to the software applications in the shared app group, wherein the payload field is encrypted.

Abstract: Instructions and logic provide SIMD SM3 cryptographic hashing functionality. Some embodiments include a processor comprising: a decoder to decode instructions for a SIMD SM3 message expansion, specifying first and second source data operand sets, and an expansion extent. Processor execution units, responsive to the instruction, perform a number of SM3 message expansions, from the first and second source data operand sets, determined by the specified expansion extent and store the result into a SIMD destination register. Some embodiments also execute instructions for a SIMD SM3 hash round-slice portion of the hashing algorithm, from an intermediate hash value input, a source data set, and a round constant set. Processor execution units perform a set of SM3 hashing round iterations upon the source data set, applying the intermediate hash value input and the round constant set, and store a new hash value result in a SIMD destination register.

Abstract: An information handling system performs a method for analyzing attacks against a networked system of information handling systems. The method includes detecting a threat indicator, representing the threat indicator in part by numerical parameters, normalizing the numerical parameters, calculating one or more measures of association between the threat indicator and other threat indicators, finding an association of the threat indicator with another threat indicator based upon the normalized numerical parameters, and assigning to the threat indicator a probability that a threat actor group caused the attack, wherein the threat actor group was assigned to the other threat indicator. In some embodiments, the normalizing may include transforming a distribution of the numerical parameters to a distribution with a standard deviation of 1 and a mean of 0. In some embodiments, the normalizing may include applying an empirical cumulative distribution function.

Abstract: Embodiments of systems and methods for data access control and account management are described. In an embodiment, a server can apply flags to user accounts identified as requiring the user to perform an action or, in the case of potentially compromised access credentials, to offer the user the opportunity to authenticate and create new credentials. A user account database and an access report database can store access credentials, flags, and other relevant information for use by the server to perform various administrative, authentication, and protective actions on user accounts.

Abstract: An MMT transmission system includes first and second material output devices, first and second multiplexing devices, first and second encryption processing device, and a switching device. The first encryption processing device encrypts a first payload, except for a first MPU sequence number, of a first MMTP packet included in first multiplexed data output from the first multiplexing device. The second encryption processing device encrypts a second payload, except for a second MPU sequence number, of a second MMTP packet included in second multiplexed data output from the second multiplexing device. The switching device acquires a first MPU boarder from the first MPU sequence number, a second MPU boarder from the second MPU sequence number, and switches transmissions of the multiplexed data at these boarders.

Abstract: A method includes storing first authentication information and second authentication information, the first authentication information being information for a user to access a first information processing device, the second authentication information including third authentication information and forth authentication information, the third authentication information being information for the user to access a second information processing device, and the fourth authentication information being information for the user to access a third information processing device; acquiring first index information from the second information processing device based on the third authentication information; acquiring second index information from the third information processing device based on the fourth authentication information; and generating a list including the first index information with a first indication, and the second index information with a second indication different from the first indication.

Abstract: Systems and methods are described that support information security and sub-system operational conformance with protocols. In some embodiments, agent access to resources can be controlled via generation of credentials and/or tokens and/or conditioned external authentication. In some embodiments, workflows used to assess protocol conformance can be conditionally triggered at sub-systems.

Abstract: Embodiments include apparatuses, methods, and systems including a wireless display system with a secure back channel to transmit an input from an input device coupled to a display receiver device to a display transmitter device. An input from an input device may be captured by a display receiver device in a secure execution environment. Furthermore, the captured input may be transmitted through a back channel to a display transmitter device in a secured form based on one or more secure parameters negotiated with the display transmitter device. The display transmitter device may receive the input in the secured form, decrypt the input in the secured form based on the one or more secure parameters to obtain the input, and further supply the input to an operating system or an application to operate on the display transmitter device. Other embodiments may also be described and claimed.