Abstract: A storage device contains a smart-card device and a memory device, which is connected to a controller. The storage device may be used in the same manner as a conventional smart-card device, or it may be used to store a relatively large amount of data. The memory device may also be used to store data or instructions for use by the smart-card device. The controller includes a security engine that uses critical security parameters stored in, and received from, the smart-card device. The critical security parameters may be sent to the controller in a manner that protects them from being discovered. The critical security parameters may be encryption and/or decryption keys that may encrypt data written to the memory device and/or decrypt data read from the memory device, respectively. Data and instructions used by the smart-card device may therefore stored in the memory device in encrypted form.

Abstract: A user may utilize a set of credentials to access, through a managed directory service, one or more services provided by a computing resource service provider. The managed directory service may be configured to identify one or more policies applicable to the user. These policies may define the level of access to the one or more services provided by the computing resource service provider. Based at least in part on these policies, the managed directory service may transmit a request to an identity management system to obtain a set of temporary credentials that may be used to enable the user to access the one or more services. Accordingly, the managed directory service may be configured to enable the user, based at least in part on the policies and the set of temporary credentials, to access an interface, which can be used to access the one or more services.

Abstract: A method, an apparatus, and a system for solving and managing security problems, which may occur during a handover of a User Equipment (UE) between PLMNs in a mobile communication network, by using a Non-Access Stratum (NAS) protocol are provided. By the method, a UE can perform a security mode command and an authentication with a network. Further, the method can prevent interruption of communication due to authentication or security during a handover of a UE between Public Land Mobile Networks (PLMNs).

Abstract: Methods, apparatus and articles of manufacture for defending against a cyber attack via asset overlay mapping are provided herein. A method includes determining which of multiple systems within an organization stores each of multiple assets; determining a set of relationships present between the multiple assets across the multiple systems; identifying, upon an attack of a first of the multiple systems, one or more additional systems of the multiple systems vulnerable to the attack based on at least one relationship, from the determined set of relationships, between one or more of the multiple assets stored on the first system and one or more of the multiple assets stored on the additional systems; and automatically prohibiting access to the one or more additional systems storing the one or more of the multiple assets identified based on the at least one relationship with the assets stored on the first system.

Abstract: A method, an apparatus, and a system for solving and managing security problems, which may occur during a handover of a User Equipment (UE) between PLMNs in a mobile communication network, by using a Non-Access Stratum (NAS) protocol are provided. By the method, a UE can perform a security mode command and an authentication with a network. Further, the method can prevent interruption of communication due to authentication or security during a handover of a UE between Public Land Mobile Networks (PLMNs).

Abstract: Systems and methods securely provide media content from a media server to a media client via a network. The media content is segmented to create multiple media segments that are each identified in a playlist, and at least one of the media segments is encrypted using a cryptographic key. The cryptographic key is also identified in the playlist, and the playlist is provided from the media server to the media client via the network. The various media segments and cryptographic keys may then be requested from and provided by the media server using hypertext transport protocol (HTTP) or similar constructs to allow the media client to receive and decrypt the various segments of the media content.

Abstract: Methods and systems for DVB-C2 are disclosed and may include receiving data encoded utilizing variable encoding, variable modulation and outer codes via a physical layer matched to a desired quality of service. An error probability may be determined for said received data and retransmission of portions of said data with error probability above an error threshold may be requested. The variable modulation may include single carrier modulation, orthogonal frequency division modulation, synchronous code division multiple access, and/or from 256 QAM to 2048 QAM or greater. The variable encoding may include forward error correction code, which may include low density parity check code.

Abstract: Media content is provided using metric-apportioning. In accordance with one or more embodiments, remote-user interface circuits are authenticated and remote access is provided to different sets of media content via the interface. For each authenticated interface and a time-based period during which the interface accesses the media content, time-stamped usage data that characterizes use of the media content at the interface is communicated therewith. A usage metric characterizing usage of the media content is apportioned based upon the time-stamped usage data and stored weighting factor data for the media content.

Abstract: Disclosed are various embodiments for identifying a table of non-decoy data matching a set of criteria. Decoy data is inserted into the table of non-decoy data. The decoy data is detected in a result comprising the decoy data, the result generated in response to an access of the data store. An alarm is generated based at least upon the result.

Abstract: A method and system for encrypting a first piece of information M to be sent by a sender [100] to a receiver [110] allows both sender and receiver to compute a secret message key using identity-based information and a bilinear map. The sender uses a bilinear map to encrypt a message M, producing ciphertext V to be sent from the sender [100] to the receiver [110]. The receiver [110] uses the bilinear map to decrypt V and recover the original message M. According to one embodiment, the bilinear map is based on a Weil pairing or a Tate pairing defined on a subgroup of an elliptic curve. Also described are several applications of the techniques, including key revocation, credential management, and return receipt notification.

Abstract: A method, an apparatus, and a system for solving and managing security problems, which may occur during a handover of a User Equipment (UE) between PLMNs in a mobile communication network, by using a Non-Access Stratum (NAS) protocol are provided. By the method, a UE can perform a security mode command and an authentication with a network. Further, the method can prevent interruption of communication due to authentication or security during a handover of a UE between Public Land Mobile Networks (PLMNs).

Abstract: A method, an apparatus, and a system for solving and managing security problems, which may occur during a handover of a User Equipment (UE) between PLMNs in a mobile communication network, by using a Non-Access Stratum (NAS) protocol are provided. By the method, a UE can perform a security mode command and an authentication with a network. Further, the method can prevent interruption of communication due to authentication or security during a handover of a UE between Public Land Mobile Networks (PLMNs).

Abstract: An approach is provided for enabling a web browser to decrypt and to display encrypted information based on entropy calculations of the information. The decryption manager determines at least one entropy value for at least one element of at least one webpage. The decryption manager causes, at least in part, a decryption of the at least one element to generate at least one decrypted element based, at least in part, on a comparison of the at least one entropy value against one or more entropy threshold values.

Abstract: Apparatuses and methods for supervisor mode execution protection are disclosed. In one embodiment, a processor includes an interface to access a memory, execution hardware, and control logic. A region in the memory is user memory. The execution hardware is to execute an instruction. The control logic is to prevent the execution hardware from executing the instruction when the instruction is stored in user memory and the processor is in supervisor mode.

Abstract: Disclosed is a new system and method for the “Content-level Reactive Presence Authorization”, wherein the Presentity would be able to reactively authorize the Watcher requested contents of the Presentity's Presence Information. According to the system and method for the Content-level Reactive Presence Authorization, it is possible for the Presence Server to convey the identity of the Watchers and the protected contents to the Presentity on the states of the Watcher's requested contents of the Presence Information. According to the systems and methods, it is also possible for Presentity to specify the conditions when the Presence Server triggers such Content-level Reactive Presence Authorization.

Abstract: The invention relates to a secure portable object of the smart card type comprising (a) an object body and (b) a micro-module comprising a processor and at least one memory in which a first application executed by a first execution engine in a first execution space is stored. The invention is characterized in that a second application is further stored in the said at least one memory, where the said second application is executed by a second execution engine distinct from the first execution engine, in a second execution space distinct from the first execution space. The invention particularly applies to smart cards.

Abstract: A social networking system contains information describing users of the social network and various connections among the users. A user can access multiple external systems that communicate with the social networking system to access information about the users of the social networking system. Login status of the user account on the social networking system is maintained. If the login status of the user account on the social networking system indicates that the user is not logged in, the user is required to provide authentication information. If the login status of the user account indicates that the user is logged in, social network information is provided to the user via an external system, subject to the privacy settings of users of the social networking system. If the user logs out from an external system, the user is also logged out from the social networking system.

Abstract: A user device is associated with a dynamic trust score that may be updated as needed, where the trust score and the updates are based on various activities and information associated with the mobile device. The trust score is based on both parameters of the device, such as device type, registered device location, device phone number, device ID, the last time the device has been accessed, etc. and activities the device engages in, such as amount of transactions, dollar amount of transactions, amount of denied requests, amount of approved requests, location of requests, etc. Based on a transaction request from the user device, the trust score and a network reputation score is used to determine an overall trust/fraud score associated with the transaction request.

Abstract: A method for a motor vehicle in which a communication connection between the vehicle and a server outside the vehicle is provided. In addition, user authentication information for a user of the vehicle is transmitted to the server, and an application is executed on the server as a function of the user authentication information. Output information that is generated by the server is transmitted to the vehicle from the application.

Abstract: The present invention provides a method and system for configuring constraints for a resource in an electronic device. The method includes identifying context of use/access of a resource and implementing permissions/constraints as per the identified context. The method includes identifying an existing work environment of a resource by capturing information through an application program interface (API), identifying constraints for the resource with respect to the identified work environment from a constraint specification file for the resource which contains constraint details for all work environments, and either configuring the identified constraints for the resource, or modifying the identified work environment for the resource and configuring corresponding constraints for the resource.