Abstract: Embodiments relate to controlling configuration of a computer system comprising one or more exchangeable components. The exchangeable components comprising identification means to store an identifier. A pair of a private key and a public key are generated for each accepted manufacturer of the exchangeable components and a pair of a private key and a public key for the computer system; assigning an identifier for each exchangeable component available for attachment to the system; receiving configuration data comprising a list of encrypted identity records comprising identifiers of the components together with signatures over the data generated with the private key of the respective component manufacturer for each component expected to be attached to the system; and receiving a configuration record. The configuration data of the expected components from the received configuration record is compared with the configuration data of the components attached to the system.

Abstract: Techniques are described for delivering one or more first resources of a page using a first security level, and delivering one or more second resources of a page using a second, different security level. A page is generated to include elements identifying resources to be presented in the page, and the elements may include security level identifiers indicating a security level to be employed in communicating the corresponding resource. Each security level may be associated with a set of security measures that ensure the integrity or confidentiality of the resource while it is communicated. The use of multiple security levels to communicate multiple resources may provide appropriate security for each resource, reducing latency and overhead in page generation, communication, and rendering.

Abstract: For enabling improvement in throughput for generating a hash value, a hash value generation apparatus comprises: a ? operation unit configured to execute a ? operation included in a round process of a SHA-3 algorithm; a ? operation unit configured to execute a ? operation included in the round process; a ? operation unit configured to execute a ? operation included in the round process; a ? operation unit configured to execute a ? operation included in the round process; and an ? operation unit configured to execute an ? operation included in the round process, wherein the ? operation unit receives data for each sheet structure, and starts to execute the ? operation upon receiving data of three sheet structures.

Abstract: A method of authenticating the legitimacy of a request for a resource from a resource provider by a user, including providing an authentication process in which a resource provider message is received and de-assembled, the integrity of the user request message is confirmed, a result indicator as to the legitimacy of the resource provider message is created by performing two or more authenticity checks, and an authentication result is sent.

Abstract: Sensitive data is protected in a software product. A source file of the software product is compiled to generate an object file, in which the source file includes at least one piece of sensitive data marked with a specific identifier. The object file has a secure data section for saving storage information of the at least one piece of sensitive data at compile-time and run-time. The object file is linked to generate an executable file. The executable file updates the secure data section at run-time. Sensitive data is also protected when a core dump is generated.

Abstract: The present invention relates to systems and methods for detecting anomalies in computer network traffic with fewer false positives and without the need for time-consuming and unreliable historical baselines. Upon detection, traffic anomalies can be processed to determine valuable network insights, including health of interfaces, devices and network services, as well as to provide timely alerts in the event of attack.

Abstract: A computer-implemented biometric identity verification method including the steps of storing a database of registered users, including data identifying profile attributes of each registered user and a respective plurality of stored biometric signatures, each stored biometric signature associated with a corresponding one or more of the profile attributes. A predicted biometric signature is derived for a requesting user when it is determined that a period of time has elapsed since the requesting user's stored biometric signature was last updated, by adapting the stored biometric signature based on biometric variances derived from a biometric peer group of registered users with at least one profile attribute in common with the requesting user. The predicted biometric signature is used to verify the identity of the requesting user.

Abstract: A method and apparatus for enabling a cloud server to provide screen information data indicating a screen to be displayed on a client device are provided. The method of enabling a cloud server to provide screen information data relating to a screen to be displayed on a client device includes: generating the screen information data; determining whether or not to protect the generated screen information data based on characteristics of an object configuring the screen; encrypting the provided screen information data based on the determining; and transmitting the encrypted the screen information data to the client device.

Abstract: In a method for securely connecting a controller for a machine or plant to a higher-level IT system, an integration layer is provided between the controller and the IT system, a controller image of the controller is generated in the integration layer, and the controller image is accessed from the IT system. The IT system thus always accesses the controller image rather than directly the controller. This prevents malware from gaining access to the controller e.g. via a network.

Abstract: The invention is about an identification process of an individual or object, in a system comprising a control server and a management server of a database comprising N indexed data of N stored individuals, in which, to identify the individual or object, its datum is compared to each of the N data of the base.

Abstract: In response to reception of a request, an authorization server system identifies authorization based on first authorization information received by a reception unit along with the request. The authorization server system gives at least some of the identified authorization to an application, and issues second authorization information for identifying the given authorization.

Abstract: The present invention relates to a method of managing switching from a first mode of operation to a second mode of operation a first processor in a processing device which comprises at least one other processor and a controller processor. The method comprises receiving a message which comprises a request to switch the first processor from a first to a second mode of operation; deciding whether the switching is appropriate; and upon decision of switching, switching the first processor from a first mode of operation to a second mode of operation according to the selected type of switching.

Abstract: A system and method for writing, updating and reading the static and dynamic identification data for an aeronautical appliance, which is secure, of low weight and simple to implement. The system for writing, updating and reading the static and dynamic identification data includes a data collection device for collecting and storing static and dynamic identification data for an aeronautical appliance, the collection device integrated into the aeronautical appliance and coupled to a computing unit of the aeronautical appliance according to a master-slave communication model, the computing unit always being master of the communication with the collection device, and a reading device for remotely reading at least part of the identification data stored on the collection device.

Abstract: The present application is directed to establishing ownership of a secure workspace (SW). A client device may provide a SW data structure (SWDS) to a SW configurator. A SWDS may comprise a hash of an original SW and a public key, and may be signed by a private key corresponding to the public key. The SW configurator may cause an execution container (EC) to be generated including a SW initiated using the SWDS. The client device may claim SW ownership using a request (signed by the private key) transmitted along with a copy of the public key. SW ownership may be determined by an ownership determination module that verifies the signature of the request using the public key received with the request, determines a hash of the received public key and compares the hash of the received public key to a hash of the public key in the SWDS.

Abstract: A computer system monitors a set of inactive addresses. The computer system identifies a suspicious activity associated with at least one inactive address of the set of inactive addresses. The computer system determines a suspicion score for the at least one inactive address based on the suspicious activity associated with the at least one inactive address. The computer system categorizes the at least one inactive address as a potentially hijacked address if the suspicion score exceeds a threshold.

Abstract: A trojan detection method and device, used to solve the problem in the prior art of being unable to effectively detect a trojan in a network, the method comprising: when a trojan heartbeat is detected in a session, according to whether the trojan heartbeat detection frequency is fixed, increasing the recorded session weight by a corresponding weight and recording the increased weight, and checking whether each packet transmitted from a controlling end to a controlled end complies with the characteristics of a trojan control command packet; if yes, then increasing by a third weight onto the recorded session weight and recording the same, and when the session weight reaches an alarm threshold, generating an alarm to notify that the session is initiated by a trojan. An embodiment of the present invention achieves trojan detection by detecting the packet in the session, thereby the trojan in a network can be detected.

Abstract: A method for performing a memory safety check of a program coded in an unmanaged programming language includes receiving an intermediate representation (IR) of the program and performing a static analysis pass of the IR to generate annotations including a safe pointer and an unsafe pointer. The method further includes removing, during a static analysis pass of the IR, the safe pointer from the annotations, inserting, into the IR using the annotations, a sandbox function call at the unsafe pointer to generate a modified IR, compiling the modified IR to generate an executable version of the program, executing, inside a sandbox framework, the executable version of the program, generating, during runtime and upon reaching the sandbox function call, a metadata entry and an enhanced pointer for atomicity, and comparing, during runtime and upon reaching a use of the unsafe pointer, the metadata entry with the enhanced pointer.

Abstract: Embodiments of a method are disclosed for computing trust index among multiple entities associated with a resource marketplace. The method includes receiving multiple inputs including interaction attributes, attribute importance factors, references to databases, and multiple entities associated with the resource marketplace. The method also includes creating a weighted-interaction graph based on the received inputs. The weighted-interaction graph includes multiple vertices representing the entities. The method further includes performing a topology-specific analysis of the weighted-interaction graph. The method furthermore includes computing Euclidean distances for each pair of vertices in the weighted-interaction graph based on the performed analysis. The method also includes determining a trust index for a first entity in the received multiple entities based on the computed Euclidean distances. The trust index includes ranking of at least one of the multiple entities with respect to the first entity.

Abstract: An audio processing method for an electronic device includes a first audio file, a second audio file, and a first digital watermark to perform an audio processing method. The first digital watermark has ownership information regarding the first audio file. A first discrete audio array of the first audio file and a second discrete audio array of the second audio file are generated. A cipher code is generated using the first discrete audio array and the first digital watermark, and a second digital watermark is generated using the cipher code and the second discrete audio array. The first and second digital watermarks are compared, to confirm common ownership or otherwise of the second and first audio files.

Abstract: A method and system for generating and authorizing a dynamic password, which relate to the field of identity authentication. The method comprises: a token receiving a command for generating a dynamic password, and generating a first dynamic factor according to a first timer; acquiring current data from a first data set according to a first offset pointer, and generating a first dynamic password according to the first dynamic factor and the current data; a server receiving a second dynamic password input by a user, and obtaining a second dynamic factor according to a second timer; obtaining an authentication window according to the second dynamic factor and an authentication window value; and according to the dynamic factor in the authentication window and the data in a second data set, calculating to generate a group of dynamic passwords, and verifying whether there is a dynamic password consistent with the second dynamic password in the group of dynamic passwords or not.