Abstract: Concepts and technologies are described herein for a mechanism by which participants who have been invited to attend a conference event can provide authentication credentials to join the conference event via a console application. When an individual attempts to join a conference event via a console application, the individual is prompted to provide his or her authentication credentials to join the conference event. The console application may inherit the individual's permissions during the conference event.

Abstract: Communications by a device in a private network to a site operating outside of the network can be programmatically inspected. Unstructured data, including messages and application content, originating from outside of the network may be dynamically converted to structured data that can be tagged. Interactions and activities can be monitored and processed differently according to internal policies and/or business rules. For example, at least a portion of the structured data can be modified prior to forwarding to the device, access by the device to at least a portion of the structured data can be blocked or limited, access by the device to one or more features associated with the structured data can be blocked or limited, etc.

Abstract: A non-hierarchical infrastructure for managing twin-security keys of physical persons or of elements includes a public key and a private key with a public key certificate. The structure does not include any certification authority distinct from the physical persons or elements, but does include at least one registering authority and its electronic notary server. There is provided at least one registering authority and its electronic notary server for a circle of trust. The registering authority includes local registering agencies. The local registering agency establishes, after face-to-face verification of the identity of the physical person or of the identification of the element, a public key certificate, and a “public key ownership certificate”, which does not contain the public key of the person or of the element but the print thereof, and which is transmitted in a secure manner to the associated electronic notary server for storing in a secure manner.

Abstract: Optimized testing of vulnerabilities in an application implemented by a method includes generating a first probe directed to determine whether an application is vulnerable to a first type of attack; analyzing one or more responses from the application based on the application responding to the first probe; in response to determining that the one or more responses from the application validate a first hypothesis about one or more vulnerabilities associated with the application, and generating at least a second probe to further verify the first hypothesis. The second probe focuses on discovering additional details about the application's vulnerabilities to the first type of attack or a second type of attack.

Abstract: Optimized testing of vulnerabilities in an application implemented by a method includes generating a first probe directed to determine whether an application is vulnerable to a first type of attack; analyzing one or more responses from the application based on the application responding to the first probe; in response to determining that the one or more responses from the application validate a first hypothesis about one or more vulnerabilities associated with the application, and generating at least a second probe to further verify the first hypothesis. The second probe focuses on discovering additional details about the application's vulnerabilities to the first type of attack or a second type of attack.

Abstract: This communication system ensures the security of a communication message with a low computational load. Communication units are capable of exchanging a communication message containing a check bit. The check bit is used to determine the reliability of the communication message. Communication unit, which transmits the communication message, is equipped with a storage position determination part. The storage position determination part determines one of multiple positions within the communication message where the check bit can be stored as a storage position. The communication unit generates a communication message with the check bit stored at the storage position and transmits the communication message. Communication unit, which receives the communication message, is equipped with a storage position determination part. The storage position determination part determines the storage position of the check bit in the communication message in accordance with the manner the storage position was determined.

Abstract: A method is provided for a dynamic trust score for evaluating ongoing online relationships. By considering a plurality of user data variables and using validation data from internal and external database sources, a trust score with a high degree of confidence may be provided for establishing and verifying online relationships. Since the trust score may be dynamically recalculated periodically or on demand, the trust score may also validate over continuing periods of time, as opposed to conventional verification systems that only validate at a single point in time. Thus, a higher degree of safety, reliability, and control is provided for online services directed towards children or other user classes that may require greater protection.

Abstract: A method is provided for supervising security of an architecture having a plurality of interconnected clouds. A cloud includes a plurality of resources and a security supervisor. The plurality of resources forms in the cloud a plurality of groups of resources associated respectively with a security domain. A security controller supervises the resources of the domain, and a plurality of physical machines contains the resources of the plurality of clouds. The method includes: receiving a security event by a security controller of a first cloud, originating from a first resource associated with a first security domain; dispatching said security event to the security supervisor of the first cloud; and dispatching by the security supervisor of the first cloud a security order in reaction to the security event to at least one second security controller of the first cloud and dispatching the security order by the second security controller to a second resource supervised by the second controller.

Abstract: A bootstrap authentication framework may automatically provide stored authentication credentials to an application server on behalf of an application. The bootstrap authentication framework may receive an access request from a protocol handler to access the authentication credentials stored in a subscriber identity module (SIM) of the electronic device. The access request may be initiated by an application that uses the authentication credentials to access a network service on an application server. In turn, the bootstrap authentication framework may provide the authentication credentials to the protocol handler when a digital signature associated with the protocol handler indicates that the protocol handler is allowed to access the authentication credentials.

Abstract: A user credential comprising a user password and a one-time password (OTP) may be provided to access a computing system. The user password is authenticated and the network connection status of the computing system is determined. If the computing system is offline, the user password and the OTP are stored in memory and the user is granted a first level of access to the computing system. Upon detecting that the network connection status of the computing system has changed to online, the user password and the OTP are provided to an authentication server for authentication. If the authentication of the user password and the OTP is successful, the user is granted a second level of access to the computing system, the second level of access being higher than the first level of access.

Abstract: Techniques described herein can be implemented as one or a combination of methods, systems or processor executed code to form embodiments capable of improved protection of data or other computing resources based at least in part upon limiting access to a select number of delegates. Limited access to cloud data based on customer selected or other criterion, reducing the possibility of security exposures and/or improving privacy is provided for.

Abstract: A method and system for enhanced security for A5/1 encoding, the method including choosing, at a transmitter, bits within a layer 1 header of a slow associated control channel (‘SACCH’) message for randomization; and setting, at the transmitter, the chosen bits randomly prior to channel coding and encryption of the slow associated control channel message. Further the method may include choosing, at a transmitter, a number of bits to toggle after convolution coding of a message containing a slow associated control channel message, the number of toggled bits being sufficiently low to allow correction at a receiver; and toggling, at the transmitter, said bits based on the channel conditions of the message.

Abstract: A method and system are described for detecting unauthorized access to one or more of a plurality of networked victim computers in a victim cloud. The networked victim computers connect to one or more DNS servers. The system includes one or more decoy bot computers, which are operated as victim computers in the victim cloud. The system also includes one or more decoy control computers, which are operated as control computers that communicate with victim computers in the victim cloud. Threats are identified by analyzing data traffic communicated with the decoy bot computers and decoy control computers for information suspected of having being sent from a victim's computer without proper authorization, and by monitoring whether behavior of a DNS server deviates from expected behaviors.

Abstract: A user credential comprising a user password and a one-time password (OTP) may be provided to access a computing system. The user password is authenticated and the network connection status of the computing system is determined. If the computing system is offline, the user password and the OTP are stored in memory and the user is granted a first level of access to the computing system. Upon detecting that the network connection status of the computing system has changed to online, the user password and the OTP are provided to an authentication server for authentication. If the authentication of the user password and the OTP is successful, the user is granted a second level of access to the computing system, the second level of access being higher than the first level of access.

Abstract: A system and method for threat detection and management. The method includes: comparing the observed activity with a threat profile; generating a threat detection signal including threat information when the observed activity matches the threat profile; altering an operating characteristic of a client device in response to a threat response signal; receiving the threat information; evaluating the threat information; automatically determining an appropriate response to the threat detection signal based on an evaluation of the threat information; comparing the threat detection signal to known threat patterns; distributing new threat information if the threat detection signal does not match a known threat pattern; storing threat information; and providing a user interface information and controls for delivering control information over a control protocol.

Abstract: The systems, methods and apparatuses described herein provide a computing environment that includes secure time management. An apparatus according to the present disclosure may comprise a non-volatile storage to store a synchronization time and a processor. The processor may be configured to generate a request for a current time, transmit the request to a trusted timekeeper, receive a digitally signed response containing a current, real-world time from the trusted timekeeper, verify the digital signature of the response, verify that the response is received within a predefined time, compare a nonce in the request to a nonce in the response, determine that the current, real-world time received from the trusted timekeeper is within a range of a current time calculated at the apparatus and update the synchronization time with the current, real-world time in the response.

Abstract: A device includes a first bus, a second bus, a processor configured to communicate with a storage circuit through the first bus and to communicate with a debug host through the second bus and a control circuit configured to inhibit transfer of data from the second bus to the debug host while receiving authentication information from the debug host and to enable transfer of data from the second bus to the debug host responsive to authentication of the received authentication information. The control circuit may be configured to inhibit data transfer from the second bus to the debug host by causing dummy data to be transmitted to the debug host over a transmit channel between the device and the debug host.

Abstract: A system, method, and computer-readable medium are disclosed for using an entryless One-Time Password (OTP) in an active tag environment. Authentication credentials associated with a user and an active tag device are submitted with an access request to an authentication server, where they are processed to generate an OTP credential, which is then stored in a directory service. Encryption operations are then performed on the OTP credential to generate an encrypted OTP credential, which is then provided to the active tag device, which in turn provides it to an active tag terminal. The active tag terminal then submits a request to the authentication server to verify the validity of the encrypted OTP credential. In response, the authentication server verifies its validity and then destroys the OTP credential stored in the directory service. The OTP credential is then decrypted by the active tag terminal and subsequently used to login the user.

Abstract: An intermediate gateway is positioned between a client device and a mobile application service provider. The intermediate gateway can assist in securing and managing accesses from a mobile application on the client device to the mobile application service provider. The intermediate gateway can store a client device identification associated with the client device, which can be used to authenticate the client device. Other parameters can also be used in device authentication.

Abstract: The technology includes a method for generating a secret key. The method includes receiving initialization data, the initialization data includes an initialization packet and a transmission path channel response; generating sample data based on the transmission path channel response; and generating a secret key based on the sample data utilizing a chaotic map.