Abstract: Disclosed are various embodiments for recovery and other management functions relating to security credentials which may be centrally managed. Account data, which includes multiple security credentials for multiple network sites for a user, is stored by a service in an encrypted form. A request for the account data is obtained from a client. The request specifies a security credential for accessing the account data. The account data is sent to the client in response to determining that the client corresponds to a preauthorized client and in response to determining that the security credential for accessing the account data is valid.

Abstract: According to one embodiment, a memory system includes a host interface, a first storage unit which stores data in a nonvolatile manner, and a memory controller. The memory controller includes a management information generating unit which generates command information for every command received from a host through the host interface and a digital signature calculating unit which generates a digital signature from the command information using a secret key. The management information generating unit generates management information which contains the command information and the digital signature for the every command.

Abstract: A service provisioning method includes providing a differentiated set of information exchange services to a user. In some embodiments, differentiation between or among the provided services may include differentiated access networks, differentiated physical network layers, and/or differentiated service providers. An integrated service identity may be generated and/or maintained by the service provider(s) or by a third party. The integrated services identity may enable the user to define preference settings applicable to the information exchange services, to process billable events and activity and to issue integrated statements encompassing all of the information exchange services provided to the user, and enabling the user to access customer support services for any of the information exchange services and further enabling the logging of all customer support activities to the integrated service identity.

Abstract: According to an embodiment, a smart card includes a communication section, a generation part, a first record section and an erasure section. The communication section transmits and receives data with the external device. The generation section generates a session key according to the command which is received by the communication section and requires generation of a session key. The first record section stores the session key generated by the generation section. The erasure section erases the session key when a holding period of the session key stored in the first record section exceeds a threshold.

Abstract: Methods and systems for using and providing trustworthy DNS resolutions are provided. A method for using trustworthy DNS resolutions may include obtaining a DNS resolution listing for a domain name and validating the listing's plausibility using a plausible range list. The method may also include selecting a DNS resolution from the DNS resolution listing based on a requested host associated with the domain name. The method may further include initiating a connection to the host using the selected DNS resolution. A method for providing trustworthy DNS resolutions may include obtaining a plurality of potential DNS resolutions for a domain name. The method may also include generating a DNS resolution listing for a domain name and providing the DNS resolution listing. A system may include a DNS resolution selection module and a connection module. Another system may include a DNS resolution inquiry module and a DNS resolution listing provision module.

Abstract: A method of dynamically generating a security question for accessing a resource. The method comprises monitoring a behavior of said user during a monitoring period to identify automatically a deviation from a behavioral pattern indicative of repetitive behavior of a user, automatically generating a security question responded to by an indication of said deviation, receiving a user input inputted by a user in response to a presentation of said security question and said deviation, and authenticating, after said monitoring period, an access to a resource according to a match between said user input and said deviation.

Abstract: A secure tag generation service is associated with a cloud infrastructure. This service establishes a security context for a particular cloud tenant based on a tenant's security requirements, one or more cloud resource attributes, and the like. The security content is encoded into a data structure, such as a tag that uniquely identifies that security context. The tag is then encrypted. The encrypted tag is then propagated to one or more cloud management services, such as a logging service. When one or more cloud resources are then used, such use is associated with the encrypted security context tag. In this manner, the encrypted tag is used to monitor activities that are required to meet the security context. When it comes time to perform a security or compliance management task, any cloud system logs that reference the encrypted security context tag are correlated to generate a report for the security context.

Abstract: A secure tag generation service is associated with a cloud infrastructure. This service establishes a security context for a particular cloud tenant based on a tenant's security requirements, one or more cloud resource attributes, and the like. The security content is encoded into a data structure, such as a tag that uniquely identifies that security context. The tag is then encrypted. The encrypted tag is then propagated to one or more cloud management services, such as a logging service. When one or more cloud resources are then used, such use is associated with the encrypted security context tag. In this manner, the encrypted tag is used to monitor activities that are required to meet the security context. When it comes time to perform a security or compliance management task, any cloud system logs that reference the encrypted security context tag are correlated to generate a report for the security context.

Abstract: Improving the integrity of a computer system including a plurality of user accounts by, for each user account, monitoring events on the computer system that are related to the user account, assigning an importance score to the monitored user account that is indicative of the importance of the monitored user account to the integrity of the computer system, the importance score being calculated from the monitored events, and providing the importance score to a system administrator upon the administrator attempting to alter the monitored user account.

Abstract: Customers can utilize resources of a multi-tenant environment to provide one or more services available to various users. In order to simplify the process for these customers, the multi-tenant environment can include an infrastructure wherein a portion of the resources provide an authentication and/or authorization service that can be leveraged by the customer services. These resources can logically sit in front of the resources used to provide the customer services, such that a user request must pass through the authorization and authentication service before being directed to the customer service. Such resources can provide other functionality as well, such as load balancing and metering.

Abstract: A system and method that includes receiving a first device profile and associating the first device profile with a first application instance that is assigned as an authentication device of a first account; receiving a second device profile for a second application instance, wherein the second application instance is making a request on behalf of the first account; comparing the second device profile to the first device profile; and completing the request of the second application instance according to results of comparing the second device profile and the first device profile.

Abstract: A block management unification system and method for communicating a data file that includes a source component, a first rearrangement criterion, a first block encryption key, a second rearrangement criterion, a second block encryption key, a compression module, and an encryption module. The source component accesses the data file that is divided into a plurality of blocks. The first rearrangement criterion organize the blocks according to the first rearrangement criterion. The first block encryption key is inserted into the blocks. The second rearrangement criterion organize the blocks according to the second rearrangement criterion. The second block encryption key is inserted into the blocks. A compression module compresses the rearranged blocks. An encryption module encrypts the rearranged blocks with the first block encryption key and the second block encryption key.

Abstract: In one embodiment, a computer-implemented method for security testing of web applications with specialized payloads includes submitting a test to a web application, where the test includes a payload with a set of constraints. A response is received from the web application. One or more constraints are derived from the response. The set of constraints of the payload are updated with the derived one or more constraints. The payload is synthesized, by a computer processor, for the updated set of constraints. The test having the synthesized payload is iterated with the updated set of constraints.

Abstract: A device for carrying out a cryptographic method has an input interface for receiving input data, an output interface for outputting output data, and a cryptographic unit for carrying out the cryptographic method. A first functional unit is provided which is designed to convert at least a portion of the input data into transformed input data using a first deterministic method, and to supply the transformed input data to the cryptographic unit, and/or a second functional unit is provided which is designed to convert at least a portion of output data of the cryptographic unit into transformed output data using a second deterministic method, and to supply the transformed output data to the output interface.

Abstract: A method for generating product authentication codes comprises allocating a lot identification value and a total lot size for an order of a plurality of product authentication codes, generating the plurality of product authentication codes based upon the lot identification value and the total lot size, and updating a counter table on an authentication server with the total lot size for the order of the authentication codes. A method for authenticating product codes comprises receiving a product code from a user of a product, decrypting the product code to obtain a sequence counter number unique to the product code and comparing the decrypted sequence counter number to a table of valid sequence counter number values to determine its authenticity. If the decrypted sequence counter number is authentic, it is added to an authentication table for future reference when operating to confirm a previous authentication of the sequence counter number.

Abstract: A method of operating data security and an electronic device supporting the same are provided. The method includes executing a general Application (App) based on a non-trusted execution module; executing a first trusted App related to the execution of the general App based on a trusted execution module; generating a message by encrypting data generated in the first trusted App; transmitting the encrypted message to the general App; and transmitting the encrypted message to a second trusted App related to the execution of the general App and executed based on the trusted execution module.

Abstract: The security and convenience of a mobile communication device is enhanced based on a separate key device. If the key device is near the mobile communication device, the mobile communication device may be automatically unlocked without the user having to input an unlock code. The mobile communication device may be automatically unlocked into a first mode having a first level of functionality. If the user inputs a correct unlock code, the mobile communication device may be unlocked into a second mode having a second level of functionality, greater than the first level of functionality.

Abstract: A system and method for authenticating a candidate user accessing a host computing device as an authentic user is provided. The host computing device is in communication with an authenticating computing device. The method includes receiving, by the authenticating computing device, a request to authenticate the candidate user as an authentic user. The authentication request includes a user identifier. The method also includes retrieving, by the authenticating computing device, transaction data including payment transactions performed by the authentic user based on the user identifier. The method also includes generating, by the authenticating computing device, a challenge question and a correct answer based on the transaction data associated with the authentic user, and transmitting the challenge question for display on a candidate user computing device used by the candidate user.

Abstract: A public encryption method based on user ID includes: setting, by a key generation server, at least one public parameter and master key used for generating a private key; receiving, by the key generation server, an inherent ID of a user from a receiving terminal, generating a private key based on the public parameter, the master key and the ID, and transmitting the generated private key to the receiving terminal; receiving, by a transmitting terminal, the public parameter and the ID from the key generation server, encrypting a message to generate a ciphertext, and transmitting the generated ciphertext to the receiving terminal; and receiving, by the receiving terminal, the ciphertext and the private key, and decrypting the ciphertext based on the received private key to obtain a message.

Abstract: Techniques for detecting advanced security threats are disclosed. In one particular embodiment, the techniques may be realized as a method for detecting a security threat including generating a resource at a client, implementing the resource on the client, monitoring system behavior of the client having the resource implemented thereon, determining whether a security event involving the implemented resource has occurred based on the monitored system behavior, and generating a report when it has been determined that the security event has occurred.