Abstract: An analytics module may be embedded into an application developed, published, or used by an entity in addition to the owner of the data under analysis. An access token may be submitted by the analytics module to a provider of hosted services. The access token may correspond to an n-dimensional cube containing data at a level of granularity permitted to the application. The access token may incorporate additional policies controlling access to the corresponding n-dimensional cube.

Abstract: An approach is provided for providing real-time controlled location privacy as the location evolves, and providing a user with alternate routes and applications depending on the level of desired location privacy. A location privacy platform determines at least one location associated with at least one device. The location privacy platform also processes and/or facilitates a processing of contextual information associated with the at least one location, the at least one device, one or more applications associated with the at least one device, or a combination thereof to determine one or more privacy metrics for the one or more applications with respect to the at least one location; wherein the one or more privacy metrics relate, at least in part, to an exposure of user data by the one or more applications at the at least one location.

Abstract: The present disclosure relates to a method of preventing drive-by hacking, and an apparatus and a system therefor. A method of preventing drive-by hacking in a vehicle system linked with a vehicle head unit through a communication network in a vehicle may include receiving a predetermined external terminal access notification message reporting access by an external terminal from the vehicle head unit, verifying whether fixed data recorded in an application memory is consistent with fixed data recorded in a backup memory, and transmitting a predetermined hacking detection message to the vehicle head unit based on a result of verification. Therefore, the present disclosure has an advantage of strengthening security of a vehicle when an external terminal is linked with a vehicle head unit.

Abstract: A method (M) for controlling access to a production system (SIP) of a computer system not connected to an information system (SIC), includes: A) an initial phase of enrolling a user via a terminal (1) in the production system (SIP), which includes: a) providing a private encrypted key (Cph) associated with each account of the user in the production system (SIP); b) the terminal transmitting the encrypted private key (Cph) to the information system and the system (SIC) registering the encrypted private key; B) for each request to access the production system, a phase of authentication by the production system, which includes: the terminal of the user recovering a challenge (QRCb) generated by the production system, that only the encrypted key stored in the information system makes it possible to solve, the key only being capable of being obtained after the terminal has been authenticated by the information system.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive script data, determine a checksum tree for the script data, compare each checksum of the checksum tree to one or more subtree checksums, and assign one or more classifications to the script data. In one example, the checksum tree is an abstract syntax tree.

Abstract: Determination of a quantified identity using a multi-dimensional, probabilistic identity profiles is contemplated. The quantified identity may be used to authenticate a user entity provided to a point-of-sale device or other interface associated with identity requester in order to verify the corresponding users as who they say they are. The user identity may be determined initially as a function of user inputs made to the identity requester and/or as a function of wireless signaling exchange with devices associated with the user.

Abstract: Systems and methods are described for delegating permissions to enable account access. The systems utilize a delegation profile that can be created within a secured account of at least one user. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile.

Abstract: A method and system for mitigating of cyber-attacks in a software defined network (SDN) are presented. The method comprises operating a central controller and the SDN in a peace mode; monitoring traffic addressed to at least one destination server to detect at least an attack performed against the at least one destination server; switching an operation of the central controller to an attack mode, upon detection of an attack against the at least one destination server; and instructing, by the central controller, network elements of the SDN to divert all suspicious incoming traffic addressed to the at least one destination server to a security server, thereby mitigating the detected attack.

Abstract: In order to provide secure user access to a device or service on a remote network, upon receipt of a request to access the device or service on a portal on a central server, a request is sent to a probe application installed on the remote network to establish a secure link to the central server. A message is then sent to the user directing the user to initiate a specific session request to the central server. The session request is cross connected to the probe application installed on the remote network over the secure link to establish a secure tunnel to the probe application. A secure user session is set up through the secure tunnel to the device or service via the probe application.

Abstract: The invention relates to a method for actuating a mode selection switching element of an installation by means of a safe control operation, wherein the installation has a functional controller and communication connections, and wherein the functional controller has a storage unit, a (sequence) control apparatus, a display and a user interface.

Abstract: The present disclosure relates to communication sessions between a first node and a plurality of other nodes. Two cryptographic keys are generated. A first cryptographic key is generated (113A) in a first node (10), e.g. Node A. A second cryptographic key is generated (113B) by a second node (22), which is a virtual and temporary node which is executed on a server (20). The second cryptographic key is transmitted to several other nodes (30). The first and second cryptographic keys, which are the same, may then be applied in communication sessions between the first node (10) and the several other nodes (30). Hereby it is made possible to allow for node-to-multinode communication sessions that offer the same, or substantially the same, security as conventional node-to-node communication sessions.

Abstract: Methods and systems for managing authorized data flows using software defined networking include receiving flow criteria sent from a firewall and extracted from a first data packet, determining whether flow criteria of the first data packet matches an entry in a master data flow list, inserting the flow criteria from the first data packet into the master data flow list on a software defined networking controller, and sending the flow criteria of the first data packet to the router. The router may forward a second data packet associated with the data flow toward a destination based on the validation of the first data packet by the firewall. The flow criteria may not match an entry in a router data flow list on the router and may include at least two of: a source IP address, a destination IP address, a destination port, and a protocol of transmission.

Abstract: According to embodiments of the present invention are systems and methods for using scan chains for the creation of unique physically uncloneable function (PUF). In particular, the present invention uses existing circuitry on an integrated circuit and the internal-scan or boundary-scan register to create a unique identifier for each integrated chip. The unique nature of the scan chains results from the inherent variability of the manufacturing process.

Abstract: A system for secure login, and a method and an apparatus for the same are disclosed. The system for secure login comprises: an authentication unit; a first device for transmitting, to the authentication unit, login information inputted via an inputting unit and input timing information indicating input timing of characters corresponding to at least a part of the inputted login information; and a second device for obtaining a typing sound generated when a user types the characters using the inputting unit and transmitting, to the authentication unit, audio information comprising the typing sound. The authentication unit authenticates the login information on the basis of the input timing information received from the first device and the audio information received from the second device. Accordingly, an illegal access of a user is fundamentally blocked and thereby, credibility of login security can be increased.

Abstract: A method includes receiving, from a certificate requestor: a request for a public key certificate and a list of a plurality of distribution addresses. The request may include a public key for the certificate requestor. The plurality of distribution addresses may belong to a plurality of third parties. The method further includes verifying an identity of the certificate requestor, and, in response to verifying the identity of the certificate requestor, retrieving a public key from the request for the public key certificate. The method may also include, in response to verifying the identity of the certificate requestor, generating the public key certificate and signing the public key certificate. The public key certificate may include the public key. The method may also include transmitting the signed public key certificate to the certificate requestor and the plurality of distribution addresses.

Abstract: Technologies for mutual application isolation include a computing device having a processor with secure enclave support. The computing device loads an application image to a memory range within a predefined virtual address range and creates a secure enclave with the predefined virtual address range assigned to the secure enclave. The computing device validates control flow integrity of the secure enclave. To validate control flow integrity the computing device may validate that the memory pages of the secure enclave synchronously exit only to an allowed address. Additionally, to validate control flow integrity the computing device may validate an asynchronous exit point associated with an enclave entry instruction. After validating the control flow integrity, the computing device executes the secure enclave, which includes enforcing mutual isolation of the application image and the secure enclave using the secure enclave support of the processor. Other embodiments are described and claimed.

Abstract: A method for connecting an external apparatus and a multimedia replaying apparatus using the same. The method includes determining whether a command for displaying menus is input while multimedia content is replayed, determining a multimedia content replay state indicating whether a part or the whole of the multimedia contents is being replayed at an external apparatus if it is determined that the command for displaying menus is input, and displaying the menus comprising the multimedia content replay state on an area displaying a video of the multimedia contents. Therefore, a part or entire of replayed multimedia contents is readily transmitted to an external apparatus for wireless communication.

Abstract: There is disclosed in an example a computing apparatus configured to operate as an enterprise threat intelligence server, and including: a network interface configured to communicatively couple to a network; and one or more logic elements providing a reputation engine, operable for: receiving a first uniform resource locator (URL) identifier; determining that a first URL identified by the first URL identifier has an unknown enterprise reputation; and establishing a baseline reputation for the URL. There is further disclosed a method of providing the reputation engine, and one or more computer-readable mediums having stored thereon executable instructions for providing the reputation engine.

Abstract: A second set including a plurality of elements a5(1), . . . , a5(N) or a concealed text of the second set is obtained, where the second set is obtained by setting a replication source element a(f(h)) included in a first set to an element a(f(h))?a(f(h?1)) and setting elements other than the replication source in the first set to zero with respect to h=2, . . . , M. An additive inverse of a replication source element a(f(h?1)) of which the order is before the replication source element a(f(h)) and is the closest to the replication source element a(f(h)) is ?a(f(h?1)). The second set or the concealed text of the second set is used to obtain a third set or a concealed text of the third set. The third set is a set including a first element b(1)=a5(1) and i=2, . . . , Nth element b(i)=b(i?1)+a5(i).

Abstract: Devices, systems, and methods of user authentication. A system includes a spatial challenge unit to distinguish between a human user and a non-human user. The spatial challenge unit requires the user to perform one or more spatial operations that modify the spatial properties of an electronic device operated by the user. Correct performance of the required spatial operations, indicates that the user is human. The system also includes a spatial password unit, which tracks a manner in which a human user handles the electronic device while the user enters a password; and then utilizes this user-specific manner for user authentication, by checking whether a manner in which the user enters his password matches a reference manner of password entry or a historical manner of password entry. The system also utilizes sequence of spatial operations or spatial gestures, as a pure spatial password or purely-spatial user-authentication factor.