Abstract: Provided is a business card management server that makes it possible to efficiently input information on business cards while protecting personal security, including: a business card information storage unit 101 in which business card information having a business card image and a business card identifier is stored; a piece storage unit 102 in which two or more pieces, each of which is an image in which only part of a business card image is recognizable, are stored for each business card image; a piece transmitting unit 104 that transmits two or more piece information each of which has one of two or more pieces corresponding to one business card image and further has a business card identifier, to one or more input terminals 20; a partial business card information receiving unit 105 that receives partial business card information having a business card identifier and a business card partial character string corresponding to a piece, from the input terminals 20; and a business card partial character string acc

Abstract: Embodiments of the invention provide a method, system and computer program product for phishing attack management through Web site content rotation. In an embodiment of the invention, a method for phishing attack management through Web site content rotation is provided. The method includes receiving a request for a variation of a component to be incorporated into a Web page from a requesting Web page rendering engine from over a computer communications network. The method also includes comparing the requested variation of the component to a currently configured variation of the component. Finally, the method includes returning both the requested variation of the component and an alert indicating a possible phishing attack in response to the request if the requested variation of the component differs from the currently configured variation of the component.

Abstract: A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client device in accordance with an authentication protocol, and authenticate the client device based on a comparison of the first form to a value derived from a second form of the password stored in a password database, where the comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client device over the secure connection, authenticate the client device by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client device when the authentication server receives the first form.

Abstract: Included are embodiments for tokenizing sensitive data. Some embodiments of systems and/or methods are configured to receive sensitive data from a vendor, determine a token key for the vendor, and utilize a proprietary algorithm, based on the token key to generate a vendor-specific token that is associated with the sensitive data. Some embodiments include creating a token identifier that comprises data related to the token key sending the vendor-specific token and the token identifier to the vendor.

Abstract: Devices, systems, and methods for determining a strength of a created credential are provided. The device includes one or more processors configured to decompose a created credential into credential components, parse the credential components using a limited dictionary, determine a probability of the credential components using a limited ruleset, and calculate a score of the created credential based on the determined probability. The device also includes a memory, the memory storing the limited dictionary and the limited ruleset, and a network interface component coupled to a network, the network interface component configured to transmit the created credential to a remote server over the network for a secondary credential strength determination if the calculated score is above a threshold.

Abstract: An apparatus is provided for protecting a basic input/output system (BIOS) in a computing system. The apparatus includes a BIOS read only memory (ROM), an event detector, and a tamper detector. The BIOS ROM has BIOS contents that are stored as plaintext, and an encrypted message digest, where the encrypted message digest comprises an encrypted version of a first message digest that corresponds to the BIOS contents, and where and the encrypted version is generated via a symmetric key algorithm and a key. The event detector is configured to generate a BIOS check interrupt that interrupts normal operation of the computing system upon the occurrence of an event, where the event includes one or more occurrences of a fuse array access.

Abstract: Methods and systems are disclosed for dynamic detection of fraudulent client connections to a server, in which, for example, the connection is made using an internet protocol (IP) tunneling technology such as networking on a virtual private network (VPN) and making the connection via a VPN tunnel in order to obfuscate the client IP address, in which a user of a client device may employ spoofing of IP-geo location mechanisms and IP classification on the server side. Such a user may have various motivations for obfuscating the client device's geo-location by using an IP tunnel when connecting to a server such as gaining access to services that are not allowed in certain locations (e.g., certain movie and television content providers); browsing server data while maintaining a higher level of anonymity; and performing fraudulent actions on the server.

Abstract: In a system and method of completing a transaction over a network, a personal electronic device (PED) receives transaction information; captures biometric information from the PED user; and uses such information to identify if the user is an authorized user of the PED. If the captured biometric information identifies an authorized user of the PED, the PED: enables a first one of a pair of cryptographic keys stored on the PED corresponding to the identified authorized user; generates a digital signature for the transaction using the enabled first key; generates an authenticated transaction request using the received transaction information; and transmits the authenticated transaction request to a transaction approval center via the network. The transaction approval center uses the authenticated transaction request to complete the transaction; and the PED receives confirmation regarding the transaction from the transaction approval center.

Abstract: A mobile device enabled tiered data exchange via a vehicle is disclosed. A mobile device can access profile information related to a tiered-data sharing profile. The tiered-data sharing profile can associate data with a sharing tier designating security, privacy, or authorization constraints on sharing the associated data. A sharing tier can further designate obfuscation of the data as a constraint on sharing the data. The mobile device can enable access to the data subject to the constraints of the tiered-data sharing profile. In an embodiment, tiered data can be shared from the mobile device to an external service device via vehicle device. In another embodiment, tiered data can be shared from the mobile device to a service device of the vehicle.

Abstract: A method, system, and processor-executable software for processing images or video captured by a smartphone or other digital image capture device for subsequent validation and authentication captures not only the image, but also metadata relevant to the authenticity of validity of the image, such as position, time, camera movement and orientation, image parameters, and so forth. The image is watermarked and both the watermarked image and the metadata, as well as a symmetric key used in the watermarking, are digitally signed and transmitted or uploaded to a web server or authentication centric entity for authentication and storage. When a third party submits an image to the web server or authentication centric entity, the submitted image is compared with the stored watermarked image for authentication and validation of the submitted image, and the metadata is then retrieved to enable analysis of the contents of authenticated and validated image.

Abstract: A method and apparatus provides first or second factor authentication by providing selectability of a plurality of second factor authentication policies associated with a second factor authentication article. The first or second factor authentication article includes authentication information, such as a plurality of data elements in different cells or locations on the authentication article, which can be located by using corresponding location information. The method and apparatus provides second factor authentication based on the first or second factor authentication article by enforcing at least one of the plurality of selected authentication policies.

Abstract: Access to a linked resource may be protected using a time-based transformation of links to the resource. A linked resource may be transmitted to a browser in a markup language page. Information indicative of a time-based transformation of a link may be transmitted to the browser in the markup language page, or separately from the markup language page. The time-based transformation may be applied to the transmitted link. The transformed link may be requested, and compared to a version of the link that has been transformed, using the time-based transformation with respect to the time the request is received.

Abstract: Technologies are generally described for a data synchronization scheme. In some examples, a method performed under control of a client device may include connecting to a server based at least in part on user account login information; receiving, from the server, a data file stored in connection with the user account; storing the received data file in a local data storage; receiving a request to logout the client device; determining that the client device is disconnected from the server and/or that the data file stored on the local data storage is not synchronized with the data file stored in connection with the user account; and encrypting the data file stored on the local data storage.

Abstract: A system and method for operating multiple security domains on one circuit card assembly, using a field-programmable gate array (FPGA) with an embedded security domain separation gate providing the MAC between multiple soft-core CPUs also embedded in the FPGA. In one embodiment, the FPGA is segregated into two or more security domains with no data paths between soft-core CPUs in each security domain except through the security domain separation gate. The security domain separation gate applies rules to any information to be transmitted between the security domains to avoid transmission of malicious content and to avoid transmission of information of a certain classification level or type to a security domain at a lower classification level or type.

Abstract: Disclosed are a method, device and system for processing notification bar message, the method comprising: triggering an interception program pre-injected in a notification bar message process; and the interception program, when capturing a notification bar message satisfying a preset rule, intercepting the notification bar message satisfying the preset rule, and sending a prompt message. The disclosure can timely recognize and block a notification bar advertisement.

Abstract: A micro-virtualization architecture deploys a threat-aware microvisor as a module of a virtualization system configured to facilitate real-time security analysis, including exploit detection and threat intelligence, of operating system processes executing in a memory of a node in a network environment. The micro-virtualization architecture organizes the memory as a user space and kernel space, wherein the microvisor executes in the kernel space of the architecture, while the operating system processes, an operating system kernel, a virtual machine monitor (VMM) and its spawned virtual machines (VMs) execute in the user space. Notably, the microvisor executes at the highest privilege level of a central processing unit of the node to virtualize access to kernel resources. The operating system kernel executes under control of the microvisor at a privilege level lower than a highest privilege level of the microvisor. The VMM and its spawned VMs execute at the highest privilege level of the microvisor.

Abstract: Provided are a method and device for authenticating a static user terminal. The method comprises: an identity request message used for acquiring a user identity of the static user terminal is sent to the static user terminal; a response message is received from the static user terminal, wherein the response message carries the user identity of the static user terminal; and, an Extensible Authentication Protocol (EAP) authentication is performed on the static user terminal according to the user identity of the static user terminal. The present disclosure solves the problem in the related art of low security in the authentication on the static user terminal access the network, thus achieving the effects of increasing the security and reliability in the authentication on the static user terminal accessing the network and improving the WLAN service using experience of the static user.

Abstract: A secure communication system or method are disclosed that may employ a constant level of trust between participants and a security management entity. As part of the constant level of trust, a communication policy may cause participants to request key validation every time the participant wishes to take an action that requires use of a key. In this manner, the participant may regularly communicate with the security management, and this regular communication can be further used to implement key renewal and/or rollover procedures.

Abstract: A system and method for recording, uploading, and archiving video recordings, including a front-end and a back-end application. The preferred embodiment of the present invention includes a front-end application wherein video is recorded using a mobile device. The recorded video is embedded with date, time and GPS location data. The video is stored on an online back-end database which catalogs the video according to the embedded data elements. The video may be selectively reviewed by relevant experts or emergency personnel for immediate response to the uploaded video and/or distribution to the proper parties. The video may also be archived for later review and use by any number of end-users.

Abstract: In one embodiment a controller comprises logic configured to define, for display on a region of a display device coupled to the controller, a dialog box, lock the dialog box such that input/output operations conducted in the dialog box are visible to the secure controller and are not visible to an untrusted execution complex communicatively coupled to the secure controller, receive one or more authentication credentials based on a user input to the dialog box, and use the one or more authentication credentials to establish a secure communication session with a remote service. Other embodiments may be described.