Abstract: The present invention provides a method and a device for switching a subscription manager-secure routing device. The method includes: acquiring, by a second SM-SR from a first SM-SR, a PIC corresponding to an eUICC; acquiring, by the second SM-SR from a second SM-DP, a second PP that is encrypted by using the PIC; generating, by the second SM-SR, a key pair including a public key and a private key; sending, by the second SM-SR, the second PP and the public key to the eUICC through the first SM-SR, so that the eUICC accesses the second SM-SR after deactivating a first PP and activating the second PP; and encrypting, by the second SM-SR, a second PMC by using the private key, and sending an encrypted second PMC to the eUICC, so that the eUICC accesses the mobile network through the second SM-SR.

Abstract: A method for allowing a computer to boot from a user trusted device is provided. The computer includes a long-term data storage device storing operating system (OS) services. The user trusted device is connectable to the computer and stores a boot loader detectable and executable by a firmware of the computer, an OS loader designed to load an OS of the computer, and one or more crypto drivers designed for allowing access to the OS and data stored encrypted on the data storage device. The method comprises letting the boot loader be executed to cause to transfer the OS loader from the user trusted device to the computer and executing the transferred OS loader to cause to execute the one or more crypto drivers for the OS and the data stored encrypted on the data storage device to start the OS services and complete booting of the computer.

Abstract: From the least significant bit of the current secret key, k bits are retrieved, obtaining a binary window sequence. A binary bit string of concatenation of the random number to the more significant bits of the window sequence is obtained if the most significant bit of the window sequence is 0, subtracting a bit string from the current secret key to obtain a new secret key, or the bit string of a complement of the base number for the window sequence in binary system is calculated if the most significant bit of the window sequence is 1, obtaining a bit string by adding a minus sign to a bit string obtained by concatenating the random number to the more significant bits of the bit string, subtracting the bit string from the current secret key to obtain a new secret key.

Abstract: Method and system for personalizing a chip, intended to be integrated into a smart card, comprising a tester associated to an FPGA device connected to the chip, the chip being part of a wafer comprising a plurality of chips and a disposable hardware module for verifying presence of the chip on the wafer. The tester sends a first secret code to the FPGA device, which commands the chip to initiate a test mode activation. The FPGA device encrypts a second secret code by using a secret encryption algorithm parameterized with a random number received from the chip and the first secret code to obtain a first cryptogram which is sent to the chip. The chip determines a second cryptogram by carrying out a Boolean function over a result obtained by decryption of the first cryptogram using the inverse algorithm parameterized with the random number and the first secret code.

Abstract: An approach is provided for securely authenticating an identity of a user participating in an electronic transaction. A request for a biometric identifier/security question is converted to a first Quick Response (QR) code. Based on user attributes and a request from the user's mobile device to a computer to initiate the transaction, the first QR code is disassembled into first and second portions. The first portion, but not the second portion, is sent to the mobile device. Responsive to the mobile device reassembling the first QR code, receiving and converting the biometric identifier/answer to the security question to a second QR code, disassembling the second QR code into first and second portions, and transmitting the first portion of the second QR code to the computer, the second QR code is reassembled. The transaction is authorized based on whether the biometric identifier/answer matches a data repository record.

Abstract: Systems and methods are disclosed for detecting malicious lateral activity within a computer network. In an embodiment, an agent, implemented on one or more computing devices, subscribes to a plurality of privileged authentication events on a network node within the computer network, provides an alert to a network administrator in response to detection of one of the subscribed privileged authentication events, and initiates live collection of network metadata in response to the detection of the subscribed privileged authentication event. A security monitoring device, implemented on the one or more computing devices, includes an analyzer configured to detect when the network node has connected to the computer network and deploy the agent to the network node in response to the node connecting to the network. The agent may provide the collected network metadata to the analyzer.

Abstract: An authentication method can include, a random expression prompt, recording of the user's expression actions, and an authentication result. This is completed using a terminal device configured to display authentication information, record the user's inputted information, and send an authentication result. The terminal device may be further configured to package an authentication result, and send it to an authentication server. Subsequent actions of the user are allowed or denied based on the authentication result.

Abstract: A method for implementing cross-domain jump includes: a second domain name server obtaining a cross-domain jump request of jumping from a first domain name to a second domain name sent by a browser, the request including a cross-domain user identifier corresponding to a first identifier of a user in the first domain name; the second domain name server obtaining a second identifier of the user in the second domain name corresponding to the user identifier, and generating a login state of the user in the second domain name according to the second identifier. The second domain name server recognizes identity of the user according to the second identifier, so that user does not need to log in while still maintaining the login state. Therefore, operation convenience of the user is improved. Further, a browser, a first domain name server and a second domain name server are provided.

Abstract: A method for rapidly generating coordinate points in an embedded system, comprising: according to a preset segment number of segmentation and a preset step size, segmenting a numerical value to be calculated and then grouping each data segment, and calculating an initial point value corresponding to each digit in a group of data of each data segment; detecting the value of each digit in the current data group of all data segments, subjecting the initial point value corresponding to the digit with a value of 1 and an intermediate point value to point addition operation, and updating the intermediate point value using the point addition operation result; judging whether a next data group of each data segment exists, if it does not exist, taking the intermediate point value as a resulting coordinate point value and storing same, and ending; and if it exists, subjecting the intermediate point value to a point doubling operation for a preset step size frequency, and updating the intermediate point value using the

Abstract: Systems and methods are presented for receiving a plurality of request messages to analyze electronic communications. For each request message of the plurality of request messages, the systems and methods further provide for analyzing header information associated with the electronic communication, generating analysis data including the header information associated with the electronic communication, sending the analysis data to a plurality of third party security information systems for analysis, receiving at least one report from each of the plurality of third party security information systems, analyzing the analysis data and the at least one report from each of the plurality of third party security information systems to generate a risk rating of the electronic communication, determining that the risk rating meets a predetermined risk rating threshold, and causing a notification to be provided indicating that the electronic communication has been analyzed.

Abstract: According to one embodiment, a method for setting a trap to detect that an intruder has compromised a client end station (CES) in an attempt to gain unauthorized access to enterprise data provided by a server is described. The method includes causing a honey token to be placed on the CES secluded within a configuration repository, wherein the honey token is metadata and/or instructions indicating how applications can seemingly access the enterprise data but that is actually invalid, and the honey token is placed on the CES and not on the server. The method also includes causing attribute values to be installed on a security gateway for a security rule causing the security gateway to monitor network traffic for attempted use of the honey token, and to generate an alert when a set of one or more packets that include the honey token are received.

Abstract: A secure access method for an application (app) program is to be implemented by a secure access device, which includes first authentication data and a first control regulation. The secure access method includes the steps of making a determination as to whether a to-be-authenticated app program, which is executed in an operating system, is provided with the first authentication data and the first control regulation; and, when a result of the determination is negative, identifying the to-be-authenticated app program as an unauthenticated illegitimate app program, and disallowing the illegitimate app program to access a to-be-accessed device.

Abstract: A method for generating one or more secrets for use by members. The method includes sending a first request for connection with a second member, and sending a second request to connection with a third member. The method further includes receiving, by the first member from the second member, a second input after the first request is sent and after communication is initiated between the first member and the second member and receiving, by the first member from the third member, a third input after the second request is sent and after communication is initiated between the first member and the third member. The method further includes generating, using an n-bit generator executing on the first member, a message digest using a first input, the second input, and the third input, extracting a secret from the message digest, and storing the secret in a secrets repository on the first member.

Abstract: Techniques for detecting security vulnerabilities are disclosed. In one particular embodiment, the techniques may be realized as a method for detecting security vulnerabilities including assigning a reputation to an application, distributing the reputation to a client, receiving monitored system behavior from the client related to the client executing the application, determining whether to change the reputation of the application based on the monitored system behavior, distributing the changed reputation to the client, receiving further monitored system behavior from the client, and determining whether to generate a rule for the application based on the monitored system behavior received from the client.

Abstract: The present invention provides a method of operating a mobile unit in a wireless communication system. Embodiments of the method may include providing access request message(s) including information indicative of a first counter and a message authentication code formed using a first key. The first key is derived from a second key and the first counter. The second key is derived from a third key established for a security session between the mobile unit and an authenticator. The first counter is incremented in response to each access request provided by the mobile unit.

Abstract: Disclosed is a method which comprises receiving a user input which includes a password component and a non-password component that is defined by a user, the non-password component is arranged relative to the password component in a random manner determined by the user; verifying a presence of a pre-assigned password within the user input, wherein the pre-assigned password is associated with the user and stored in a first database; and based on the verified presence of the pre-assigned password within the received user input, identifying the non-password component. This way, even if a third party has full view of the user input entry, the visitor would be unable to discover the password and additional information individually.

Abstract: Techniques for managing network identities include generating, with a local computing system, a tree structure representing a network comprising a plurality of entities, the tree structure comprising a plurality of nodes, each node of the plurality of nodes representing an entity of the plurality of entities, at least one entity of the plurality of entities is represented by more than one node of the plurality of nodes; assigning a unique identifier to each node; identifying each node of the plurality of nodes as being a protected node or an unprotected node; and transmitting, to a remote computing system, the tree structure, the unique identifiers for the protected nodes, and identity information of the entities for the unprotected nodes.

Abstract: The subject matter described in this specification includes a computer-readable medium storing instructions that cause one or more processors to perform various operations including receiving, from a first client device associated with a user account of a first user, a request for sharing a key. The key is associated with the user account of the first user, and permits access to a resource. The operations include generating, at a server, one or more representations of the key, transmitting the representations of the key to the first client device, and receiving, from a second client device associated with a user account of a second user, a request to access the key. The request to access the key is derived from one of the one or more representations of the key. The operations further include communicating, to the second client device, a message indicating whether access to the key has been granted.

Abstract: A system for providing an application associated with a portable communication device the ability to communicate via a secure element. The system has a digital identifier and digital token operably associated with the application; a card services module that provides an application programming interface to the secure element; and a secure data table associated with the card services module. The secure data table includes a list of trusted applications each identifiable by paired digital identifier and token. The card services module [includes] compares the identifier and the token with each of the identifier-token pairs in the table until a match indicates the application is trusted. The card services module issues commands to the secure element based on an action requested by a trusted application in conjunction with the presentation of the digital token. A method of providing an application with the ability to communicate via secure element is also disclosed.

Abstract: An approach is provided for securely authenticating an identity of a user participating in an electronic transaction. A request for a biometric identifier/security question is converted to a first Quick Response (QR) code. Based on user attributes and a request from the user's mobile device to a computer to initiate the transaction, the first QR code is disassembled into first and second portions. The first portion, but not the second portion, is sent to the mobile device. Responsive to the mobile device reassembling the first QR code, receiving and converting the biometric identifier/answer to the security question to a second QR code, disassembling the second QR code into first and second portions, and transmitting the first portion of the second QR code to the computer, the second QR code is reassembled. The transaction is authorized based on whether the biometric identifier/answer matches a data repository record.