Abstract: Techniques for electronic signature process management are described. Some embodiments provide an electronic signature service (“ESS”) configured to manage electronic identity cards. In some embodiments, the ESS generates and manages an electronic identity card for a user, based on personal information of the user, activity information related to the user's actions with respect to the ESS, and/or social networking information related to the user. The electronic identity card of a signer may be associated with an electronic document signed via the ESS, so that users may obtain information about the signer of the document. The ESS may also generate a trust score for the user based on activity information related to the user's actions with respect to the ESS and/or other factors. The trust score may be used to recommend authentication mechanisms to use with respect to electronic signature transactions.

Abstract: A mechanism is described to facilitate gesture matching according to one embodiment. A method of embodiments, as described herein, includes selecting a gesture from a database during an authentication phase, translating the selected gesture into an animated avatar, displaying the avatar, prompting a user to perform the selected gesture, capturing a real-time image of the user and comparing the gesture performed by the user in the captured image to the selected gesture to determine whether there is a match.

Abstract: In one aspect, a device includes a processor and storage accessible to the processor. The storage bears instructions executable by the processor to receive at least one output of a gas chromatograph (GC), compare the at least one output to at least one template, and determine whether to authenticate a user responsive to the comparison. The GC output also may used to generate at least one advertisement targeted to the user, and may further be used to output at least one indication of at least one therapy for the user.

Abstract: Techniques for implementing voice-based liveness verification are provided. In one embodiment, a computing device can present a series of challenge prompts to a user being authenticated, where each challenge prompt corresponds to a request to utter a liveness passphrase that is randomly selected from a set of liveness passphrases that have been previously enrolled by an enrolled user of the computing device. The computing device can then receive utterances from the user in response to the series of challenge prompts and, if each utterance matches its corresponding enrolled liveness passphrase, can conclude that the user is a live subject.

Abstract: In one aspect, a device includes a processor and storage accessible to the processor. The storage bears instructions executable by the processor to compare an infrared (IR) image of a breath of a person and authenticating the person responsive to the image satisfying a match criteria with a prestored image.

Abstract: A computing platform is described to match a palm print digital representation to a palm print template. The platform includes logic causing an illumination source to illuminate a field of view of a camera with an emission spectrum predominately in a wavelength range less than 485 nm; capturing a set of images using the camera of a palm during the illumination; processing the set of images to determine a set of identifying features of the palm according to intensity gradients in the wavelength range of the illumination source; and comparing the set of identified features with enrolled palm prints to identify the palm.

Abstract: A system, method and one or more wireless earpieces for authenticating utilization of one or more wireless earpieces. A request is received through the one or more wireless earpieces. Biometric readings are performed for a user utilizing sensors of the one or more wireless earpieces. The biometric readings are analyzed to determine whether a biometric profile authorizes the one or more wireless earpieces to fulfill the request. The request is authenticated in response to determining the biometric profile authorizes fulfillment of the request.

Abstract: An authentication method executed by a processor included in a mobile device having a camera, the authentication method includes displaying an image captured by the camera and including irises of a user on a screen of the mobile device based on a position of a displayed guide image specifying positions of eyes; calculating, based on positional relationships between light spots and the regions of the irises, when the light spots included in the image overlap regions of the irises, shift vectors of the light spots when the light spots are shifted until the light spots do not overlap the regions of the irises; and moving the displayed guide image in a movement direction determined based on the shift vectors and executing authentication on the user using the irises displayed based on the position of the displayed guide image after the movement of the guide image.

Abstract: An apparatus comprising at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following: based on at least one utterance of a pass-phrase and predetermined scoring information comprising predetermined linguistic-element-scores attributable to one or more linguistic elements that form at least part of each of the at least one utterance, provide for spoken pass-phrase suitability determination wherein the at least one utterance is assigned a pass-phrase-score based on linguistic analysis in which one or more linguistic elements identified in said utterances are assigned their corresponding linguistic-element-score from the predetermined scoring information, the pass-phrase score based on the one or more linguistic-element scores of the, identified, linguistic elements, wherein the spoken pass-phrase suitability is determined to be defic

Abstract: A method of authenticating a user at a security device includes providing a first pattern on an authentication device capable of wireless data transmission; searching for authentication devices by the security device via a wireless data connection; loading the first patterns of all found authentication devices in a memory of the security device via the wireless data connection; detecting a second pattern by a detection device of the security device; comparing the detected second pattern to the loaded first patterns; and positively authenticating the user when the detected second pattern matches one of the loaded first patterns.

Abstract: Systems and methods are described for evaluating disposition of an SSO request. In one example, the method includes receiving the SSO request, the SSO request for accessing a secure service, the request having been denied authorization to access a first service, determining, based upon one or more criteria, where to direct the SSO request, and routing the SSO request to a second service, the routing based on the determining where to direct the SSO request.

Abstract: In one aspect, a first device includes a processor and storage accessible to the processor.

Abstract: The invention discloses a method of authenticating data stored in an integrated circuit. The method includes storing randomized data in the integrated circuit such that the randomized data occupies each address space of the memory circuit that is not occupied by the stored data. The method also includes generating a first digital signature using the integrated circuit in response to authenticating a concatenation of the stored data and the first copy of randomized data. The method further includes generating a second digital signature in response to authenticating concatenation of a manufacturer-provided copy of the stored data and the second copy of randomized data using a computer-implemented authentication application and authenticating the data stored in the integrated circuit according to whether the first signature matches the second signature.

Abstract: In one aspect, a device includes a processor and storage accessible to the processor. The storage bears instructions executable by the processor to identify at least a first mode of authentication associated with a first predetermined weight, identify at least a second mode of authentication associated with a second predetermined weight, identify a threshold, and permit access at least in part based on the weights meeting the threshold.

Abstract: Even when specific information (first information, second information) about individual sensors is inadequate to identify each of the individual sensors, whether all the sensors coupled to a semiconductor device are authentic can be determined. The semiconductor device can be electrically coupled with plural sensors and is configured as follows. Registration information is generated based on first combined information composed of plural combined pieces of first specific information respectively about plural sensors coupled to the semiconductor device when making registration. The semiconductor device generates determination target information based on second combined information composed of plural pieces of second specific information respectively about plural sensors coupled to the semiconductor device when making determination and compares the determination target information with the registration information.

Abstract: An example system includes a processor to receive personal data including passwords and personal information associated with a user. The processor is to also compute patterns for the passwords based on the personal data. The processor is to further receive a plurality of characters for a proposed password. The processor is to also detect that the proposed password is unsecure based on the personal data and the computed patterns. The processor is to generate a secure password in real-time based on the personal data and the proposed password.

Abstract: An Operating System (OS) command launcher or loader is newly obfuscated each time a command is successfully processed by the OS command launcher. Moreover, a binary for the OS command launcher is validated each time a command is attempted to be processed for execution by the OS command launcher.

Abstract: A method of protecting a modular calculation on a first number and a second number, executed by an electronic circuit, including the steps of: combining the second number with a third number to obtain a fourth number; executing the modular calculation on the first and fourth numbers, the result being contained in a first register or memory location; initializing a second register or memory location to the value of the first register or to one; and successively, for each bit at state 1 of the third number: if the corresponding bit of the fourth number is at state 1, multiplying the content of the second register or memory location by the inverse of the first number and placing the result in the first register or memory location, if the corresponding bit of the fourth number is at state 0, multiplying the content of the second register or memory location by the first number and placing the result in the first register or memory location.

Abstract: Limiting access to native device capabilities. A method includes, at a container application installed at the computing device, the container application configured to execute hosted script based applications, identifying a hosted application to execute. The method further includes, at the container application, obtaining information identifying a limited set of capabilities from among the native device capabilities indicating which of the native device capabilities the hosted application has been granted access to. The method further includes, at the container application, executing the hosted application and enforcing limits on the hosted application such that the hosted application is only able to access the native device capabilities identified in the limited set of capabilities.

Abstract: Various embodiments enhance protections against stack buffer overflow attacks in a computing device by dynamically updating stack canaries. Canary values on the stack of a child process may be replaced with new canary values in response to determining that a condition for generating new canary values is satisfied. Canary values on the stack of a child process may be replaced with new canary values when a child process is forked following a crash of a previous child process of the parent process. Canary values on the stack of a child process may be replaced with new canary values in response to expiration of a canary timeout time. The locations of the canaries to replace may be determined by walking the stack to locate entries in each stack frame that match a previous value of the canary or by walking the stack according to a predefined stack frame format.

Abstract: Methods, systems, and devices detect and block execution of malicious shell commands requested by a software application. Various embodiments may include receiving a request from a software application to execute a shell command and simulating execution of the shell command to produce execution behavior information. The computing device may analyze system activities to produce execution context information and generate an execution behavior vector based, at least in part, on the execution behavior information and the execution context information. The computing device may use a behavior classifier model to determine whether the shell command is malicious. In response to determining that the shell command is malicious, the computing device may block execution of the shell command.

Abstract: A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.

Abstract: A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.

Abstract: Methods, systems, and computer-readable media for tracking and managing virtual desktops using signed tokens are presented. In some embodiments, a server computing device may receive a first registration message from a first virtual machine. The server computing device may determine a state of the first virtual machine based on token information associated with the first registration message received from the first virtual machine. Subsequently, the server computing device may update virtual machine state information records maintained by the server computing device based on the state of the first virtual machine determined by the server computing device. The virtual machine state information records maintained by the server computing device may identify one or more tainted virtual machines and one or more untainted virtual machines.

Abstract: A processing device having a skew controller configured to measure skew values between a plurality of signal lines coupled to the processing device; and a security module configured to store the skew values, and to compare new skew values with the stored skew values, wherein when the new skew values do not equal the stored skew values, the processing device is configured to perform an alarm action.

Abstract: A technique allows for a hybrid hypervisor-assisted security model that monitors and protects an operating system from rootkits or other malware through use of monitoring policies for the operating system (OS). The OS monitoring policies may be separated into rules that can be enforced using an in-guest agent running in a monitored guest OS domain and an out-of-guest agent running in a privileged/monitoring guest OS domain. Embodiments may use virtualization technologies including permissions and policies in one or more page tables (and virtualization exceptions (#VE) to avoid virtual machine (VM) exits during runtime events and thereby, avoid context switching into a hypervisor. An embodiment includes configuring the in-guest agent in a monitored OS such that hardware events can be switched to lightweight events and can be dynamically switched to complex processing in the privileged OS domain only when requested.

Abstract: A computer implemented method to mitigate a security attack against a target virtual machine (VM) in a virtualized computing environment, the target VM having a target VM configuration including configuration parameters, and the security attack exhibiting a particular attack characteristic, is disclosed.

Abstract: A training data set for training a machine learning module is prepared by dividing normal files and malicious files into sections. Each section of a normal file is labeled as normal. Each section of a malicious file is labeled as malicious regardless of whether or not the section is malicious. The sections of the normal files and malicious files are used to train the machine learning module. The trained machine learning module is packaged as a machine learning model, which is provided to an endpoint computer. In the endpoint computer, an unknown file is divided into sections, which are input to the machine learning model to identify a malicious section of the unknown file, if any is present in the unknown file.

Abstract: A method and system to verify active content at a server system include receiving, at the server system a communication (e.g., an e-mail message or e-commerce listing) that includes active content that is to be made accessible via the server system. At the server system, the active content is rendered to generate rendered active content. The rendered active content presents a representation of information and processes to which an end user will be subject. At the server system, the rendered active content is verified as not being malicious.

Abstract: A magnetic stripe (MS) card anti-hacking device provided in a financial service apparatus including an MS card reader includes a sensor detecting whether an abnormal attachment is attached to a card insertion portion of the MS card reader, a sensor controller determining whether the abnormal attachment is attached to the card insertion portion by processing a signal received from the sensor, an anti-skimming (jamming) driver generating a jamming signal to interfere with replication of an MS card when the abnormal attachment is attached to the card insertion portion, and a jamming signal output portion radiating the jamming signal toward the abnormal attachment.

Abstract: Described herein are various technologies pertaining detecting malware by monitoring execution of an instrumented process. An anti-malware engine can observe code obfuscation, suspicious patterns and/or behavior upon scanning a computer file. Based upon this observation, evidence can be submitted to a service (e.g., cloud-based service) and, in response, configuration setting(s) for restraining, containing and/or instrumenting a process for executing the file and/or instrumenting a process into which the file is loaded can be received. The configured process can be monitored. Based upon this monitoring, an action can be taken including determining the file to comprise malware and terminating the process. Upon detecting malware, a detection report, and a copy of the computer file, can be sent to a service (e.g., cloud-based). The service can independently verify that the reported file is malicious, and can protect other machines from executing or loading the same malicious file.

Abstract: In one respect, there is provided a system for training a machine learning model to detect malicious container files. The system may include at least one processor and at least one memory. The at least one memory may include program code that provides operations when executed by the at least one processor. The operations may include: training, based on a training data, a machine learning model to enable the machine learning model to determine whether at least one container file includes at least one file rendering the at least one container file malicious; and providing the trained machine learning model to enable the determination of whether the at least one container file includes at least one file rendering the at least one container file malicious. Related methods and articles of manufacture, including computer program products, are also disclosed.

Abstract: A computer implemented method to mitigate a security attack against a target virtual machine (VM) in a virtualized computing environment, the target VM having a target VM configuration including configuration parameters, and the security attack exhibiting a particular attack characteristic, is disclosed.

Abstract: A computer implemented method to determine a configuration of a target virtual machine (VM) in a virtualized computing environment to protect against a security attack exhibiting a particular attack characteristic.

Abstract: Described herein are various technologies pertaining to providing information to a user regarding behavior of a potentially unwanted application. In response to this information, the user can determine action(s) to take regarding the potentially unwanted application. Further, optionally, based upon action(s) taken by the user, an adaptive component can modify information collected by a collector component.

Abstract: Systems and methods for restricting code execution to a subset of language, runtime and instruction set capabilities. The subset of capabilities is preselected or inferred to ensure safety and stability. Furthermore, code execution can be monitored to guarantee the execution runs within the expected boundaries. By restricting execution to a safe subset of operations in a monitored or constrained execution environment, untrusted programs can be executed without the risk of adverse effects on the computing device or its software or network environment. Embodiments of the claimed subject matter can target various languages, runtime systems, platforms, and hardware.

Abstract: A method and system for protecting a device against return oriented programming attacks by encrypting a central processing unit (CPU) program counter value when storing that value in a software accessible memory and decrypting that value when loading it back into the program counter; whereby alterations to the value will prevent proper decryption and interoperation with the CPU.

Abstract: Automated security systems and methods include a set monitored systems, each having one or more corresponding monitors configured to record system state information. A progressive software behavioral query language (PROBEQL) database is configured to store the system state information from the monitored systems. A query optimizing module is configured to optimize a database query for parallel execution using spatial and temporal information relating to elements in the PROBEQL database. The optimized database query is split into sub-queries with sub-queries being divided spatially according to host and temporally according to time window. A parallel execution module is configured to execute the sub-queries on the PROBEQL database in parallel. A results module is configured to output progressive results of the database query. A security control system is configured to perform a security control action in accordance with the progressive results.

Abstract: Methods, systems, and computer-readable storage media for risk identification of service data using operations of determining, by a client-side computing device, a first service data corresponding to a first operation behavior associated with a user input on the client-side computing device, determining, by the client-side computing device, a first variable corresponding to the first service data, the first variable including a first eigenvalue, retrieving, by the client-side computing device, a second eigenvalue corresponding to a second operation behavior that was performed at a second time before the first operation behavior, generating, by the client-side computing device, a decay value by processing the first time and the second time a decay function, generating, by the client-side computing device, an aggregated data by processing the first variable, the second eigenvalue, and the decay value using an aggregation function, and determining, by the one or more processors, a risk associated with the first

Abstract: Among other things, a guest operating system is refreshed from a master image of the guest operating system repeatedly in connection with use of one or more electronic devices on which the guest operating system is hosted. A guest operating system is executed on a virtual machine, and, from time to time, while the virtual machine is running, the guest operating system is reloaded from a master image of the guest operating system.

Abstract: An apparatus comprising: a firmware authentication element configured to, based on received firmware and predetermined cryptographic authentication information, provide for cryptographic based authentication of the received firmware to control execution of the received firmware by any one of a plurality of processors.

Abstract: Systems and methods are provided for validating a vehicle component. The system includes a vehicle electronic control unit (ECU) in electronic communication with a power unit via a communications bus. The vehicle ECU is configured to detect an electronic connection between the vehicle ECU and the power unit and transmit a power start up signal to the power unit when the power unit is authenticated to start up. The power unit is authenticated to start up when a power unit start-up program passcode stored in a memory of the vehicle ECU matches a predetermined ECU passcode. The vehicle ECU is configured to erase the power unit start-up program passcode from the memory when the power unit is disconnected from the communications bus. The vehicle ECU is configured to re-authenticate the power unit to start up when a new power unit start-up program passcode is stored in the memory that matches another predetermined ECU passcode.

Abstract: A computing device communicates a request to a risk determination system to determine whether particular content is malware. The content is oftentimes a file containing a program to be run, but can alternatively take other forms, and an indication of the content is provided to the risk determination system. Additional information describing attributes of the computing device is also provided to the risk determination system. These attributes can include for the computing device hardware specifications, operating system specifications, anonymized information, information describing anti-virus or other anti-malware program settings, information describing programs running on the computing device, and so forth. The risk determination system analyzes the information describing attributes and/or activity of the computing device to determine a risk factor of the content, and from the risk factor determines whether the content is malware for the computing device.

Abstract: Automatic parameter value generation is disclosed. It is determined that a parameter value generation trigger associated with a parameter has occurred. A parameter value in accordance with a format of the parameter value is obtained. At least one location associated with a first component to which the parameter value is to be communicated is determined. The parameter value is communicated to the at least one location, and a parameter value refresh policy associated with the first component is determined.

Abstract: A method includes extracting from a computer-based system, (e.g., a role-based access control system) information identifying users and information identifying one or more profiles for each of the users, creating one computer-based user bloom filter for each one of the users, creating one computer-based profile bloom filter for each one of the profiles and creating one action bloom filter for each of a plurality of possible end user queries. Each profile corresponds to one or more assigned authorizations, each user bloom filter correlates an associated one of the users to one or more of the assigned profiles, each profile bloom filter correlates an associated one of the profiles to one or more of the assigned authorizations, and each action bloom filter correlates an associated one of the possible end user queries to a set of users that are authorized to perform the action associated with the corresponding end user query.

Abstract: A data processing system is provided with a data verification system that is configured to perform a validation check upon receipt of a request from a field device to transfer data to the data processing system. The data verification system is also configured to verify a permission of the field device to exchange data and to validate the data integrity. A data landing zone is provided for temporary storage of the data in the event that a validation check fails, so that data errors may be corrected.

Abstract: A system and method for granting a user access to one or more resources managed by one or more resource servers may include authenticating a user of an application. An application scope associated with the application may represent resource server(s) and respective resources that the application is configured to access or otherwise consume. A management role associated with the user may represent resource server(s) and respective resources that the user is authorized to access or otherwise consume. An access token may be determined using the application scope and the management role. The access token may represent resource server(s) and respective resources that the user is authorized to access or otherwise consume via the application.

Abstract: A system for secure storage audit verification includes a transaction pool and a processor. The processor is configured to verify a transaction stored in the transaction pool and sign a proposed block. The proposed block is based at least in part on the transaction. The processor is further configured to receive a counter signed proposed block and add the counter signed proposed block to a blockchain.

Abstract: Systems and methods for zero-knowledge enterprise collaboration are provided herein. In some embodiments, the method may comprise receiving, at a host server, a request to store a file, wherein the file is encrypted with a data key prior to being received at the host server; receiving a request to perform a first service; determining whether the first service is authorized to access the file, wherein determining comprises unwrapping the data key with the private key of the first service; providing access to the first service when the private key of the first service successfully unwraps the data key for the file; and storing the encrypted file.

Abstract: Digital rights management using geographic and temporal traits is described. In one or more implementations, a digital medium environment is configured to control access to at least on item of content by digital rights management functionality embedded as part of the content. Data is collected describing geographical traits of a location or temporal traits associated with a request received from the user to access the content. A determination is made from the data using a digital rights management module embedded as part of the content as to whether the geographical or temporal traits meet specified traits of a geographical behavior of a digital rights management policy enforced by the digital rights management module for the at least one item of the content. Responsive to a determination that the specified traits are met, access is permitted to the least one item of the content by the embedded digital rights management module.