Abstract: The present disclosure relates to a countermeasure method in an integrated circuit comprising at least one first logic circuit and at least one first input register supplying the first logic circuit with a datum, the method comprising steps of introducing a random datum into each first input register of the first logic circuit and of the first logic circuit reading the random datum in each first input register, then of introducing a datum to be processed into each first input register, and of the first logic circuit processing the datum in each first input register.

Abstract: A device management method, is disclosed in which available features on a slave mobile device are managed (monitored or controlled) by a slave manager module commanded by a master device through secure messages exchanged between the two devices using respective electronic messaging capabilities on the two devices. Selection of the features of the slave mobile device to be controlled or monitored is facilitated on the master device through a master manager module resident thereon. The features that are controlled or monitored may comprise any user-accessible feature incorporated or installed on the slave mobile device and user access to the feature may be prevented according to at least one criterion, such as date of use, time of day of use, number of times of use, originator and recipient. User access to the feature may be prevented access to the user-accessible feature when usage limitations for the feature have been reached.

Abstract: A service providing method of a server is provided. The method includes registering a service hub according to a service request; setting a service hub program corresponding to the service hub; receiving a request for the service hub program from a user terminal device belonging to an organization associated with the service hub; providing the service hub program to the user terminal device; and providing an application program corresponding to the user terminal device and the service hub program to the user terminal device.

Abstract: A first computing device receives over a telecommunications network from a second computing device a verification message encrypted using a public key. The verification message is generated by the second computing device when initiating a call to the first computing device. The first computing device transmits to a wireless router via a wireless local area network (WLAN) created by the wireless router, the encrypted verification message. The first computing device receives from the wireless router over the WLAN, a decrypted verification message decrypted from the encrypted message by the wireless device using a private key associated with the public key. The first computing device transmits over the telecommunications network to the second computing device, the decrypted verification message. If the second computing device determines that the decrypted verification message corresponds to the encrypted verification message, the second computing device allows the call to the first computing device to proceed.

Abstract: Systems, methods, and software for processing received network traffic in view of content detection data and configuration data that defines policies to either block, permit, or to further evaluate network traffic content on the policies when network traffic is entering a network.

Abstract: Disclosed is a novel system, computer program product, and method for allowing access to an application on a handheld device. This is also known as logging on or password entry. The method begins with detecting a change in at least one of orientation and position of a handheld device relative to a given plane. At least one of a keyboard, a touch screen, a gesture, and voice recognition engine input is received. Based on a combination of the at least one of orientation and position of the handheld and the user input received matching a previously stored value, unlocking access to an application running on the handheld device. The detecting of the change in orientation or position or both can occur simultaneously with the user input or previous to the user input or after the user input.

Abstract: Methods and apparatus for facilitating access to public wireless access points in a fixed-mobile convergence system. A mobile terminal is pre-provisioned with one or more security parameters corresponding to one or more WLAN access points that the mobile terminal might need to access should a current WLAN access point fail or otherwise become unreachable. The WLAN access points are similarly pre-provisioned with a security parameter corresponding to the mobile terminal. With these pro-provisioned security parameters, the mobile terminal and any one of the potential target WLAN access points conduct an abbreviated authentication process in the event that a switch-over becomes necessary.

Abstract: Packets are routed from at least one internet protocol (IP) address in accordance with border gateway protocol (BGP); while carrying out the routing in accordance with the border gateway protocol (BGP), at least one border gateway protocol (BGP) attribute associated with the at least one internet protocol (IP) address is noted. A firewall policy is applied to the packets from the at least one internet protocol (IP) address based on the at least one border gateway protocol (BGP) attribute associated with the at least one internet protocol (IP) address. Techniques may be implemented, for example, on a router or on a separate firewall device coupled to a router.

Abstract: Performing security analysis on a computer program under test (CPUT). The CPUT can be analyzed to identify data pertinent to potential security vulnerabilities of the CPUT. At least a first unit test configured to test a particular unit of program code within the CPUT can be automatically synthesized. The first unit test can be configured to initialize at least one parameter used by the particular unit of program code within the CPUT, and can be provided at least a first test payload configured to exploit at least one potential security vulnerability of the CPUT. The first unit test can be dynamically processed to communicate the first test payload to the particular unit of program code within the CPUT. Whether the first test payload exploits an actual security vulnerability of the CPUT can be determined, and a security analysis report can be output.

Abstract: Various arrangements for providing authentication information to a user are presented. A single-point authentication manager executed by a computer system may receive a request to access a resource from a remote client computer system. The single-point authentication manager may manage access to a plurality of resources including the resource. The single-point authentication manager may communicate with an authentication plug-in application that performs a type of authentication. Authentication of the user may be performed. In response to performing authentication of the user, the authentication plug-in application may generate a message to be transmitted to the remote client computer system. The message may include an indication that the message is to be passed to the remote client computer system and information regarding the authentication of the user. In response to receiving the message from the authentication plug-in application, the message may be transmitted to the remote client computer system.

Abstract: A security device may be utilized to provide security measures to an electronic device that may incorporate the security device or be coupled to it. The security measures may comprise authentication (e.g., authentication of devices, users, or activities), and/or encryption measures (e.g., encrypting or decrypting exchanged data). A transaction or access via the security device may be authenticated by communicating an authentication request by the security device to an authentication server, which may generate, in response, a sequence of information requests that are sent to the security device. The security device may then generate, in response, a sequence of responses that are sent to the authentication server, with the sequence of responses comprising a sequence of reported values each of which are unique. The authentication server may then authenticate the security device based on comparing of the sequence of reported values with a sequence of expected values that identifies the security device.

Abstract: A request handler may receive an access request for access to application server resources of an application server and determine that the access request is unauthorized. A response manager may provide a false positive response including apparent access to the application server resources.

Abstract: A system and method for controlling use of content in accordance with usage rights associated with the content and determined in accordance with the environment of a user device. A request is received for secure content from a user device and the integrity of the environment of the user device is verified. Appropriate usage rights are retrieved based upon the results of the verification of integrity and the content is rendered on the user device in accordance with the appropriate usage rights.

Abstract: A set of security claims for a communication channel are obtained, the set of security claims including one or more security claims each identifying a security characteristic of the communication channel. The security claims are stored, as is a digital signature generated over the set of security claims by an entity. The security claims and digital signature are subsequently accessed when a computing device is to transfer data to and/or from the communication channel. The set of security claims is compared to a security policy of the computing device, and the entity that digitally signed the set of security claims is identified. One or more security precautions that the computing device is to use in transferring data to and/or from the communication channel are determined based at least in part on the comparing and the entity that has digitally signed the set of security claims.

Abstract: A wireless communication apparatus may include a first module that stores a first key used to encrypt and decrypt communication contents, a second module that stores a second key used to encrypt and decrypt the first key, the first key being encrypted in accordance with a public key encryption scheme, and a connection bus that connects the first module and the second module to each other Each of the first module and the second module may include an encryption processing unit that encrypts and decrypts information, which is transmitted and received via the connection bus, by using a third key that is different from the first key and the second key.

Abstract: Certain aspects of the present disclosure relate to user access to an application service that references user account information and previous user action information. One example method may include receiving, via a receiver device, user input information to access an application, the user input information including at least one action request and authorizing the user to access the application. The method may also include storing the user input information as part of a contextual history information record in a database memory, generating a response message to the selected at least one action request based on the contextual history information, and forwarding the response message to the user via a transmitter device.

Abstract: Methods and systems for managing access to stored data resources assign one or more wrapped (encrypted) encryption keys to each data resource. The resources are encrypted, and the keys may be stored in an access control list (ACL) in association with the encrypted data resources. The keys may be wrapped with metadata that indicates who or what is authorized to use the resource and what role the user or users may have with respect to the resource. The keys may be unwrapped upon receipt of access requests from authorized users, and may be used to decrypt the data resources.

Abstract: Methods and systems for increasing the security or trust associated with an untrusted device are provided. For example, a trusted hardware component may send a request to the untrusted device. The request may indicate one or more challenges to be performed by a secure application executing on the untrusted device. The trusted hardware component may determine an expected response to the one or more challenges. The expected response may be determined at the secure hardware component based on an expected configuration of the untrusted device. The trusted hardware component may receive a response to the request from the untrusted device. The trusted hardware component may determine a security status of the untrusted device based on the expected response and the received response.

Abstract: A user transaction request is received at a client device. A web browser plug-in communicates the user transaction request to a server that determines whether the user transaction request is a secure transaction. Transaction data is received from the server via the web browser plug-in. If the received transaction data indicates a secure transaction, the user is prompted to provide biometric data, which is received from the user. The web browser plug-in then communicates a transaction confirmation to the server.

Abstract: Extracting data from a source system includes generating an authorization model of the data protection controls applied to the extracted data by the source system. The authorization model is used to map the data protection control applied to the extracted data to generate corresponding data protection controls provided in target system. The extracted data is imported to the target system including implementing the corresponding data protection controls.