Abstract: Obtaining and/or validating user credentials at client devices is described. This disclosure describes methods of generating representations of credentials for groups of users or for individuals. Representations for these credentials can be managed by a server or collection of servers, and distributed to appropriate users' client devices. These representations can then be outputted for evaluation by a credential authority, who confirms that the credential possessed by a given user is valid. A credential authority may be a person and/or a device that validates a credential.

Abstract: Embodiments of the present disclosure disclose a security mode prompt method and apparatus. The method includes when it is determined that a terminal is currently in a first security mode, acquiring prestored first security information; receiving first verification information entered by a user, and establishing a first correspondence between the first security information and the first verification information; displaying confusion information, the first security information, and the first verification information on a screen for the user to select; receiving a selection result of the user, and determining, according to the first correspondence, whether the selection result of the user meets a preset rule; and when the selection result of the user meets the preset rule, prompting the user that the terminal is in a second security mode. By using the present disclosure, security of a terminal can be improved.

Abstract: A portable media system for a host computer system, and method of operation thereof, that includes: a controller in the portable media system for communicating clear information between the portable media system and the host computer system; and an encryption system in the portable media system for providing an encryption algorithm for the controller to decrypt cipher information for the host computer system.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for detecting security exposures of Voice over Internet Protocol (VOIP) devices. One of the methods includes obtaining data identifying a source Internet Protocol (IP) address associated with a communication device that has been provisioned with configuration files for VOIP services; determining that a VOIP phone configuration interface is exposed over an untrusted network at the source IP address; and determining that the communication device associated with the source IP address has a security exposure based at least in part on determining that the VOIP phone configuration interface is exposed over the untrusted network at the source IP address.

Abstract: An apparatus for managing a passcode comprises: one or more processors; a memory; and one or more programs stored in the memory and configured to be executed by said one or more processors. The program comprises: a storage module for storing passcode management data; an input window module for displaying the input window on which multiple key buttons are arranged; a combination code generating module for checking the code corresponding to each inputted key button in the code table included in the passcode management data, when the key button is inputted via the input window, and generating a combination code by combining each checked code; and a passcode acquiring module for receiving the passcode with a set storage address from a passcode storage server based on the generated combination code.

Abstract: Techniques of performing queries involve adapting a query to whether query data is encrypted. Along these lines, a data sensitivity policy defines which types of data is encrypted prior to storage in a data analytics database and which other types of data remain unencrypted. When a client formulates a query, the client encrypts a query input and then conceals the encrypted query input and query function to form concealed query logic. When the concealed query logic is received by a data analytics server, the data analytics server determines whether the query data to be input into the concealed query logic is encrypted or unencrypted. If the query data is unencrypted, then the concealed query logic is unconcealed and the query input unencrypted so that the data analytics server may evaluate the query function without concealment to produce a query result.

Abstract: In a computing device a domain name system (DNS) query is generated and sent, and a check is made as to whether a verified DNS response to the DNS query is received. The computing device is determined to be inside a particular network if a verified DNS response is received, and is determined to be outside that particular network if a verified DNS response is not received. A DNS response can be determined to be verified if both the DNS response has an expected value and the DNS response is digitally signed by a trusted authority, and otherwise can be determined to be not verified.

Abstract: A system and method of extending a recording time of a recording event within a receiving device is set forth. The receiving device includes a memory and a controller. The controller generates a recording event request for content having a start time and a first end time and begins to store content in a memory of the first receiving unit starting at the start time. The controller reviews a program associated characteristic of the content when the end time is reached and when the program associated characteristic corresponds to the content, changes the first end time to second end time later than the first end time.

Abstract: Embodiments of the present invention disclose a method, an apparatus, and a system for increasing network security. The method for increasing network security includes: receiving, by a network management system, a certificate message reported by a network element; generating, by the network management system, a first list; when determining that a certificate corresponding to certificate information in the first list needs to be revoked, generating, by the network management system, a certificate revocation request file according to the certificate information, and removing the certificate information in the first list from the first list; and sending, by the network management system, the certificate revocation request file to a public key infrastructure (PKI) system.

Abstract: Licenses to software services are assigned automatically to users as a function of one or more user attributes. An attribute can include membership in a group such as a license group or a security group, among other things such as location. License assignments can also be retracted automatically upon changes in one or more user attributes.

Abstract: The invention provides an apparatus used for security information interaction comprising a first system management device for providing an operational environment for routine applications and a second system management device for providing an operational environment in a safe mode for security applications so as to perform a security information interaction process. The apparatus used for security information interaction disclosed by the invention has a high safety and a wide applicability and is low in cost.

Abstract: The present disclosure discloses a sensitive operation verification method, a terminal device, a server, and a verification system. The method includes: scanning, by a first terminal device, a two-dimensional code for initiating a sensitive operation, and obtaining information in the two-dimensional code, the information in the two-dimensional code being at least used to uniquely determine the sensitive operation; and sending, by the first terminal device, a first verification request to a verification server, the first verification request carrying verification information of the first terminal device and the information in the two-dimensional code.

Abstract: Information corresponding to a set of signatures is maintained, and for each signature in the set, an associated group policy of a network is maintained. A message from a device on the network is intercepted, and the message includes a header. At least a portion of the header matches a signature in the set of signatures. Responsive to determining that the portion of the header matches the signature, the matched signature's associated group policy of the network is applied to the device on the network.

Abstract: One embodiment of the present invention provides a system for retrieving a content collection over a network. During operation, the system determines additional information associated with the piece of content that is needed for consumption of the content collection; generates a plurality of Interests, which includes at least one Interest for a catalog of the content collection and at least one Interest for the additional information; and forwards, concurrently, the plurality of Interests, thereby facilitating parallel retrieval of the content collection and the additional information.

Abstract: Methods and devices for NFC-tap file encryption, decryption and access via Near Field Communication (NFC) are disclosed. A user can select an unencrypted file stored in a computing device for encryption. Upon encryption, the file name of the selected file and the encryption key used to encrypt the selected file are transmitted to an NFC-enabled wireless device for storage. The user can select an encrypted file stored in the computing device for access. As the user taps the computing device with the wireless device, the file name of the selected file is transmitted to the wireless device, which in turn transmits a decryption key for decrypting the selected file to the computing device. The computing device decrypts the selected file with the decryption key. The user can now access the decrypted file.

Abstract: A data processing device, that includes: a first storage device; and a processor configured to execute a procedure. The procedure includes: receiving write data to be written to a second storage device provided at a computer, outputting the write data to the second storage device, and duplicating and outputting the write data; executing control that writes the duplicated write data to the first storage device that is separate from the second storage device; executing virus countermeasure processing related to virus infection, on the write data stored in the first storage device; and in a case where the write data is output while executing the virus countermeasure processing, suspending the virus countermeasure processing and prioritizing execution of the control that writes the duplicated write data to the first storage device.

Abstract: The present invention consists of methods whereby local/mobile computing devices are registered by collecting a set of hardware and/or software distinctive identifiers to be saved in a validation database residing on a validation database server/Web server, such that the local/mobile computing device can be used as a digital hardware key for right of access and authorization of electronic transactions. This is done by comparing a regenerated set of hardware and/or software distinctive identifiers with those previously registered in the validation database in order to validate the identity of the local/mobile computing device. The invention consists of a first software program executing on a local/mobile computing device that generates the set of hashed and/or encrypted hardware and/or software distinctive identifiers and a second software program resident residing on a validation database server/Web server that manages the validation database.

Abstract: A provider computer announces content to the provider computer and establishes a secure connection to a VPN server. Requests for the content are received in one protocol (HTTPS) from the consumer computer and forwarded to the VPN server in a less secure protocol (HTTP) by a protocol conversion proxy, which then forwards the request to the provider computer. A public URL and secure URL may be associated with the same content. The public URL is announced to a consumer computer. A public server receives the public URL and returns the secure URL, which consumer computer uses to establish a secure connection to the provider computer. Upon the secure URL being compromised, a new secure URL is associated with the public URL. The source IP addresses of requests for the public and secure URLs may be compared to determine whether the secure URL is compromised.

Abstract: Systems and methods are described for delegating permissions to enable account access. The systems utilize a delegation profile that can be created within a secured account of at least one user. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile.

Abstract: A device may receive network traffic. The device may identify candidate text included in a protocol field associated with the network traffic. The device may identify a set of candidate strings included in the candidate text. The device may identify a set of characters that precedes or follows a candidate string, of the set of candidate strings, in the candidate text. The device may determine, using a data structure, a frequency with which the set of characters precedes or follows the candidate string. The device may determine whether the candidate text includes random text based on the frequency. The device may perform an action on the network traffic based on determining whether the candidate text includes random text.