Abstract: Systems and methods for performing web authentication using a client platform root of trust are disclosed herein. Website and user validity and integrity may be authenticated based on the user device's attempt to access the website. A user device may securely access the website once the user device is successfully authenticated with a server. In an embodiment, the user device may perform an authentication of the website to ensure the website is a valid entity.

Abstract: Processor system with a general purpose processor and a cryptographic processor dedicated to performing cryptographic operations and enforcing the security of critical security parameters. The cryptographic processor prevents exposure of critical security parameters outside the cryptographic processor itself, and instead implements a limited scripting engine, which can be used by the general purpose processor to execute operations that require the critical security parameters.

Abstract: According to one embodiment, a method for binding an application bundle. The method includes receiving a download request for an application bundle. The method also includes retrieving the application bundle from a master data store within an application store. The method further includes encrypting the retrieved application bundle based on a device specific encryption key associated with a device. The method also includes transmitting the encrypted application bundle to the device. The method further includes receiving an execution request for the transmitted application bundle. The method also includes decrypting the transmitted application bundle based on a device specific decryption key associated with the device. The method further includes sending the decrypted application bundle to an execution interface.

Abstract: A method for verifying the integrity of platform software of an electronic device is provided, the method comprising accessing a module of said platform software, obtaining a signature (S), obtaining a verification key (VK), said verification key (VK) corresponding to a signing key (SK), verifying if said signature (S) was derived by signing said platform software module with said signing key (SK), by using said verification key (VK), and establishing a positive verification of said platform software module if said verification is successful. The invention also provides a method for providing a platform software module to perform the aforementioned method, and a device on which the aforementioned method can be performed.

Abstract: A method is provided for securely transmitting a digital message that is transmitted by means of an electronic letter service. A user of the service has a computer with a functioning browser and an Internet connection, and the electronic letter service makes use of a TrustCenter. The user creates a password using his/her browser. A user password verifier is cryptographically derived from the password. The user password verifier is transmitted to the electronic letter service and stored on a storage medium. A user secret is generated from the password by means of a cryptographic derivation. The user secret constitutes the symmetrical key for the encryption of a user-specific user master secret. The user secret is encrypted using the public key of the TrustCenter and the encrypted user secret is transmitted to the electronic letter service, from where it is then forwarded to the TrustCenter.

Abstract: Disclosed is a safe log-in system and method for allowing log-in of a user in association with a plurality of devices, and an apparatus for the same. The safe log-in method for allowing a safe log-in of a communication device which accesses a web site includes: by an authentication data providing device, receiving a request for authentication-related data, which is required for log-in to the web site, from the communication device; by the authentication data providing device, extracting authentication-related data required for log-in to the web site; by the authentication data providing device, transmitting the extracted authentication-related data to the communication device; and by the communication device, attempting log-in authentication to the web site by using the authentication-related data.

Abstract: A social networking system maintains a limited user profile associated with a user of the social networking system who does not satisfy one or more criteria for the social networking system to maintain a user profile. The limited user profile includes information describing the user and allows the user to be associated with limited types of interactions with the social networking system. An administrator is associated with the limited user profile and may modify information associated with the limited user profile as well as authorize or deny interactions involving the limited user profile. When the user satisfies criteria for the social networking system maintaining a user profile, the social networking system generates a user profile based on information in the limited user profile and prior interactions involving the limited user profile.

Abstract: The present disclosure is directed towards a system and method for handling rogue data packets. The method may include receiving, using one or more processors, a first data packet having header information associated therewith. The method may further include obtaining, from the header information, sequence number, timestamp and synchronization source identifier information. The method may also include detecting one or more rogue data packets, based upon, at least in part, at least one of the sequence number, timestamp and synchronization source identifier information.

Abstract: A method and system for protecting and repairing a current virtual asset from damage by potential security threats, according to one embodiment. The method and system include monitoring a current a current virtual asset for potential security threats, with a virtual asset agent, according to one embodiment. The method and system include determining a severity of the potential security threats that are identified by the virtual asset agent, according to one embodiment. The method and system include creating a new virtual asset with the virtual asset agent and decommissioning the current virtual asset, according to one embodiment. The system and method receiving, with the new virtual asset, secrets that are associated with the current virtual asset to enable the new virtual asset to continue operations of the current virtual asset, according to one embodiment.

Abstract: A method for permissions based communication in an example includes receiving an electronic communication from a sender to a recipient at a domain server. The electronic communication may include a permission request for permission to send subsequent electronic communications to the recipient. The electronic communication may be analyzed at the domain server to determine whether to deliver the subsequent electronic communications from the sender to the recipient.

Abstract: A non-transitory machine-readable media embodying instructions executable by one or more processors to perform a method is provided. In one aspect, the method includes receiving, from a first computing device associated with a first account, a request for interaction with a second computing device associated with a second account, wherein the first account is assigned a quota for interacting with one or more accounts. The method includes determining a cost associated with the interaction. The method includes, when the quota exceeds the cost, determining that the interaction is allowed and deducting the cost from the quota. Systems and methods are also provided.

Abstract: Obtaining and/or validating user credentials at client devices is described. This disclosure describes methods of generating representations of credentials for groups of users or for individuals. Representations for these credentials can be managed by a server or collection of servers, and distributed to appropriate users' client devices. These representations can then be outputted for evaluation by a credential authority, who confirms that the credential possessed by a given user is valid. A credential authority may be a person and/or a device that validates a credential.

Abstract: Methods and systems for Data Leak Prevention (DLP) in an enterprise network are provided. According to one embodiment, a network security device maintains a filter database containing multiple filtering rules. Each filtering rule specifies a watermark hash value, a set of network services for which the filtering rule is active and an action to be taken. Network traffic directed to a destination residing outside of an enterprise network, associated with a particular network service and containing a file is received. A watermark hash value embedded within the file is identified. When there exists a filtering rule specifying a matching watermark hash value and for which the filtering rule is active for the particular network service, the action specified by the filtering rule is performed.

Abstract: A method for disabling counterfeit cartridge operation is provided. The method includes detecting a cartridge in a blade enclosure. The method includes checking authentication credentials of the cartridge. The method includes determining the cartridge to be counterfeit. The method includes disabling the cartridge in response to determining the cartridge to be counterfeit.

Abstract: Provided are a method, apparatus and system for realizing security detection in a heterogeneous network. UE establishes cross-Evolved NodeB (eNB) double/multiple connections with a MeNB and a LPN in an access network which is a kind of heterogeneous network, the LPN is responsible for data distribution, and the distribution is layered by RB; the MeNB receives a report message from the LPN through a backhaul interface between the MeNB and the LPN, and the report message contains the data count sent/received between the LPN and the UE; and the MeNB transmits CP information with the UE to compare the data counts actually sent/received between the access network and the UE to detect whether there is insertion of an attacker or not.

Abstract: Described herein is a combination of mixed-signal hardware and software that is capable or realizing hybrid chaotic oscillators that can be tuned digitally. This includes the type/class of chaotic oscillator, initial conditions, nonlinear elements, thresholds, nonlinear event surfaces, delays, etc. At the same time, tunable methods of how to use the chaotic oscillator information to encrypt and decrypt both analog and digital information is presented. This will make the secure information not vulnerable by digital information compromises or hardware breach.

Abstract: Technologies are disclosed herein for epoch-based expiration of temporary security credentials. A temporary security credential is issued that identifies one or more epochs and that specifies one or more versions of the identified epochs during which the temporary security credential is valid. The temporary security credential may then be utilized to request access to another system, service or component. In order to determine whether such a request may be granted, current epoch versions for the epochs identified in the temporary security credential are obtained. The current epoch versions for the identified epochs are then compared to epoch versions specified in the temporary security credential to determine if the request can be granted. The current epoch versions may be periodically modified in order to expire previously issued temporary security credentials. A temporary security credential might also specify an expiration time after which the temporary security credential is no longer valid.

Abstract: An electronic device includes a housing. One or more processors are operable with a plurality of proximity sensor components that can be disposed behind a grille defining a plurality of reception beams having a cumulative beam reception angle. The cumulative beam reception angle of any one proximity sensor component overlaps the cumulative beam reception angle of at least one other proximity sensor component. The one or more processors can detect whether a single person or a plurality of people are within a thermal reception radius of the electronic device. Where the single person is within the thermal reception radius, the one or more processors can operate the electronic device in a first mode of operation, and where the plurality of people are within the thermal reception radius, operate the electronic device in a second mode of operation.

Abstract: A device and method are provided for establishing a session key between two entities of a communication network that may be highly heterogeneous in terms of resources. The method, based on the Diffie-Hellman (DH) algorithm, provides for the delegation to assistant nodes of the network of the cryptographic operations required for the computations of the DH public value and of the DH session key for the node which is constrained in terms of resources.

Abstract: To prevent legitimate message recipients from forging new messages and to encrypt messages for a specific set of recipients (channel), a root key is encrypted and combined with a base session management key to render a combined root key, which in turn is encrypted with a public key of at least one recipient device to render a session management key. The public key of each of “N” intended recipient device encrypts the combined root key to render “N” session management keys. The session management keys are then combined with the combined root key to render a multicast root key, which is signed with a private key of a sending device. The signed multicast root key is combined with the session management keys to render an encrypted, signed multicast root key that is used to encrypt digital information prior to transmitting the digital information.