Abstract: An information processing apparatus usable via a plurality of user interfaces, and a method of controlling the same, having a plurality of authentication processing modules configured to perform a user authentication for each of the plurality of user interfaces respectively. Setting information of authentication processing for each of the plurality of authentication processing modules and setting information of authentication processing by a common authentication processing module for performing a user authentication common to the plurality of user interfaces are held. If the user authentication by the common authentication processing module succeeds using the held setting information, based on user information input via an authentication screen of any one of the plurality of user interfaces, the user authentication is performed based on the held setting information of the user interface.

Abstract: The present invention discloses a user login monitoring device and method. The method comprises: acquiring a latest user login record list of a user, wherein each of the user login records comprises information associated with the login location of the user; determining a frequently-used login location of the user according to the user login record list, and when the number of the user login records with a same login location is not less than a first threshold, determining the login location as the frequently-used login location of the user; and marking a user login record with a different login location from the frequently-used login location as abnormal. The frequently-used login location of the user can be automatically determined without the participation of the user, and the abnormal login record can be determined and marked by using the present invention so as to facilitate the user to check or remind the user, thus the security of the user account is improved.

Abstract: Systems and methods are presented for receiving, at a server computer, a plurality of request messages to analyze potentially fraudulent electronic communications, each request message of the plurality of request messages comprising an electronic communication.

Abstract: Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay (“overlay”) are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member.

Abstract: Approaches for using a physically unclonable function (PUF) are described. A selector map is used to indicate stable and unstable bits in a PUF value that is generated by a PUF circuit. The stable bits of the PUF value generated by the PUF circuit may be selected for use by an application, and the unstable bits ignored.

Abstract: Among other disclosed subject matter, a computer-implemented method includes changing access permission level associated with a descriptor table responsive to request to update the descriptor table. In some implementation, before receiving the request to update, the descriptor table is maintained in a read-only state; and changing the access permission level comprises: allowing write access to the descriptor table responsive to determining that the update request is authorized.

Abstract: A security application for a computing device, e.g., a mobile phone, allows generation of a secret according to a unique user input (e.g., user credentials). The secret is stored in a directory such that it is retrievable when the unique user input is received via a user interface of a device on which the security application executes or is coupled with. Responsive to receiving an identifier associated with the secret, the security application prompts, e.g., via a user interface of the mobile phone, entry of the unique user input; and, subsequently, verifies the unique user input. Following such verification, the security application provides the secret for use in encoding a communication with a remote computer-based station. Entry of the user credentials may be required prior to the security application generating the secret, and may be responsive to receipt of an invitation (e.g., from the remote computer-based station) to generate it.

Abstract: Computers and networks are configured to operate according to alternative protocols for using software applications, depending on geographic location. In one approach each computer incorporates a GPS receiver using GPS satellite signals to generate the computer's current location. The location is compared with permitted use region information stored in the computer or network, e.g. based on a boundary defining a permitted use region. In another approach, E-911 compliant transceivers use signals from E-911 towers in the same manner. In a further approach, each computer incorporates a WiFi adaptor, RFID reader or RFID tag, and the territory is defined by the distance from a center point. In all cases, the computer either operates under a relatively open protocol relative to using a given software application, or operates under a relatively restricted protocol, depending on whether it is inside or outside of the permitted use region.

Abstract: A biometric identifier is received, from a first credential granting authority, is associated with a user and was collected by the first credential granting authority. The biometric identifier is stored in association with the user and the first credential granting authority. Trust data is accessed and enables determination of whether a second credential granting authority trusts biometric identifiers collected by the first credential granting authority. It is determined that the second credential granting authority trusts biometric identifiers collected by the first credential granting authority based on the accessed trust data. Based on the determination that the second credential granting authority trusts biometric identifiers collected by the first credential granting authority, biometric identification of the user using the biometric identifier collected by the first credential granting authority is performed for the second credential granting authority.

Abstract: An apparatus prevents communication by a client device to a domain that cannot be uniquely identified by relocating the DNS mapping of the domain to a destination IP Address that is uniquely identifiable and that represents a location of an apparatus that provides a data path to the domain.

Abstract: A technique of the present invention includes a storage section for storing contents data and an encryption flag indicating that any one of an encryption recording mode and a non-encryption recording mode is set, an encrypting engine for encrypting contents data using an encryption key when the encryption recording mode is set, and a control section for controlling a storage section so that the encryption key and the encrypted contents data are stored when the encryption recording mode is set. Further, when the setting is changed from the encryption recording mode into the non-encryption recording mode, the control section controls the storage section so that the encryption flag is changed to indicate the setting of the non-encryption recording mode with the continuous storage of the encryption key.

Abstract: A data storage device in a distributed computing system has physical block addresses that are each allocated to multiple namespaces. To access the data storage device, a host system issues a command to the data storage device that includes an access key and a virtual block address to be accessed. The data storage device converts the virtual block address to a physical block address of the data storage device using a mapping associated with the access key. Access to a physical data block associated with a particular namespace is granted only if an access key for that namespace is provided to the data storage device.

Abstract: Methods and systems for centralizedly controlling server user rights are provided herein. In an exemplary method, a first verification server can receive an instruction sent by a control server. The instruction can include a user-right-processing instruction or a user-right-adding instruction. The first verification server can process stored information of user rights in response to the user-right-processing instruction sent by the control server to generate processed information of the user rights, or the first verification server can store newly added information of the user rights in response to the user-right-adding instruction sent by the control server. The first verification server can then synchronize the processed information of the user rights or the newly added information of the user rights with a second verification server. The second verification server can be in a communication connection with the first verification server.

Abstract: A security system and method for authenticating a user's access to a target system is disclosed. The security system receives an authentication request from the user and generates a security matrix which comprises a mapping between each symbol within a symbol set and a code value randomly selected from a distinct code set. The number of elements in the symbol set and in the code set are selected to provide a predetermined level of security against capture of a user-defined keyword by an unauthorized observer. The security system sends the security matrix to the user and awaits a one-time code in response. The user forms the one-time code based on the user keyword and the security matrix. The security system validates the one-time code against the security matrix and the keyword to determine an authentication result, permitting or denying the user access to the target system.

Abstract: Disclosed is an authentication method of a wireless mesh network capable of reducing overload and communication delay during authentication procedure by performing authentication between nodes without accessing an authentication server. The authentication method of a wireless mesh network according to an exemplary embodiment of the present disclosure includes: selecting, by a new node, a first neighbor node among one or more adjacent nodes; transmitting, by the new node, an authentication request message including a public key of the new node; authenticating, by the first neighbor node, the public key of the new node; transmitting, by the first neighbor node, an authentication response message including a public key of the first neighbor node to the new node; and authenticating, by the new node, the public key of the first neighbor node; transmitting, by the new node, an authentication identification message to the first neighbor node.

Abstract: A computer system may be employed to verify program execution integrity by receiving a request to launch a program that has been instrumented to include at least one integrity marker, instantiating the program with an integrity marker value, and verifying the execution integrity of the program based on the integrity marker value and information received from the program during execution. A computer system may also be employed for program instrumentation by modifying the program to include at least one instruction for passing an integrity marker value to an operating system kernel during execution of the instruction.

Abstract: According to an embodiment, a communication device is connected to a plurality of external devices which share key information with each other. The communication device includes a detector and an instructing unit. The detector is configured to, from among the external devices, detect an external device that has been subject to attack. The instructing unit is configured to issue an instruction to stop using key information which is shared with the detected external device.

Abstract: Multi-user use of single-user applications is disclosed. A request to access application data associated with an object identifier may be received in a context of a single-user application. Access may be provided to one or more application data objects associated with the object identifier. The objects may be included in a data set corresponding to user information associated with the context of the application.

Abstract: In a method for enabling support for backwards compatibility in a User Domain, in one of a Rights Issuer (RI) and a Local Rights Manager (LRM), a Rights Object Encryption Key (REK) and encrypted REK are received from an entity that generated a User Domain Authorization for the one of the RI and the LRM and the REK is used to generate a User Domain Rights Object (RO) that includes the User Domain Authorization and the encrypted REK.

Abstract: An example process includes identifying, by one or more processing devices, a location in computer code that is subject to vulnerability, where the location corresponds to a memory access that is repeatable and that operates on a particular type of variable; and performing processes, by one or more processing devices, to heal the vulnerability. The memory access may be part of a system-to-system or a user-to-system interaction that is repeatable.