Abstract: Techniques for detecting a network crawler may be described. In particular, a request for information may be received from a computing system. Based on this request, a network-based document may be provided to the computing system. The network-based document may include a portion of the information, code, and an identifier of another network-based document. The code may be configured to, upon execution, determine whether the other network-based document was accessed prior to providing the network-based document to the computing system. An indication whether the other network-based document was accessed may be received from the computing system. The indication may be received based on an execution of the code at the computing system. Based on the indication, the request for the information may be determined as being associated with a network crawler hosted on the computing system.

Abstract: Briefly, embodiments disclosed herein relate to managing transactions in a distributed content transaction system.

Abstract: A device that incorporates the subject disclosure may perform, for example, generating a security domain root structure for a universal integrated circuit card of an end user device, where the security domain root structure includes a hierarchy of a link provider operator security domain above a mobile network operator trusted security domain, where the link provider operator security domain enables transport management by a link provider operator, and where the mobile network operator trusted security domain enables card content management and subscription eligibility verification by a mobile network operator trusted service manager. Other embodiments are disclosed.

Abstract: Within a secure messaging environment, a determination is made that a request to send a message has been generated by a message sender. A message protection policy configured to process the message within the secure messaging environment is identified. The message protection policy specifies that, within the secure messaging environment, a secured digital certificate, other than a digital certificate of the message sender, is configured with an associated private key to digitally sign the message on behalf of the message sender. Based upon the message protection policy, a determination is made to digitally sign the message using the private key of the secured digital certificate. The message is signed on behalf of the message sender using the private key of the secured digital certificate.

Abstract: Within a secure messaging environment, a determination is made that a request to send a message has been generated by a message sender. A message protection policy configured to process the message within the secure messaging environment is identified. The message protection policy specifies that, within the secure messaging environment, a secured digital certificate, other than a digital certificate of the message sender, is configured with an associated private key to digitally sign the message on behalf of the message sender. Based upon the message protection policy, a determination is made to digitally sign the message using the private key of the secured digital certificate. The message is signed on behalf of the message sender using the private key of the secured digital certificate.

Abstract: A method, system, and apparatus for providing a client access to third-party resources by utilizing third-party access tokens via a network gateway. The method can prevent the third-party access tokens from being exposed directly to the client environment. The client receives a gateway security credential, which encapsulates the third-party access token in an encrypted form. The client provides the gateway access token to the network gateway where the third-party access token is decrypted and then used to access the third-party resource. Client requests to the network gateway are executed using a custom API. The gateway relays the client requests to the appropriate third-party resources using the third-party-specific API with the decrypted third-party access token. Gateway access tokens are short-lived and can be renewed according to the client-environment life cycle.

Abstract: A method for using digital signatures for signing blockchain transactions includes: generating a domain key pair comprising a domain private key and a domain public key, wherein the domain public key is signed after generation; receiving a plurality of member public keys, wherein each member public key is received from an associated member of a blockchain network and is a public key in a key pair comprising the member public key and a member private key corresponding to the associated member; signing each member public key using the domain private key; receiving a transaction block from a specific member of the blockchain network, wherein the transaction block includes a plurality of blockchain transaction values and a hash signed using the member private key corresponding to the specific member; signing the received transaction block using the domain private key; and transmitting the signed transaction block.

Abstract: A method for enforcing access control to a web application. The method includes generating a computationally-secure pseudo-random password, associating the generated computationally-secure pseudo-random password with an application username of at least one web client, and storing, in a user account credential store module, the generated computationally-secure pseudo-random password and the associated application username. The method also includes requesting, via a web proxy connected to the at least one web client, access to a protected page offered by the web application, intercepting, by the web proxy, a login page from the web application, and inserting, by the web proxy on behalf of the at least one web client, the stored generated computationally-secure pseudo-random password and the associated application username into the login page.

Abstract: A method for isolating a computer platform includes receiving a service request from an external requestor via a network at processing circuitry associated with a hardware barrier between the computer platform and the network, causing the service request to be loaded into a first buffer having a dual port connection to a corresponding second buffer of the computer platform, providing an indication to the computer platform to indicate the service request is loaded into the first buffer to be pulled into the second buffer of the computer platform, responsive to processing of the service request by the computer platform, receiving a message indicating a response loaded in the second buffer has been pushed to the first buffer, and communicating the response to the external requestor. The buffers form the only access point to the computer platform. The indication is the only communication initiated from the external requestor that crosses the hardware barrier without control by the computer platform.

Abstract: Computing devices are disclosed that include functionality for providing a trustworthy indication of software integrity. The computing devices include a hardware trust evaluation device capable of determining the trustworthiness of computer programs executing on the device. At least one trust indicator is also connected to the hardware trust evaluation device for providing an external indication of the trustworthiness of a computer program. If the hardware trust evaluation device determines that a program is trustworthy, the trust evaluation device causes the trust indicator to provide a positive indication of the trustworthiness of the computer program to a user of the computing device. If the hardware trust evaluation device determines that a program is not trustworthy, the trust evaluation device causes the trust indicator to provide a negative indication of the trustworthiness of the computer program.

Abstract: The present teaching relates to generating an identifier for a person. In one example, an actual name of the person is received. The identity of the person that is associated with the actual name of the person is proved at a pre-determined level of assurance (LOA) required by an identity management system. When the identity of the person has been proved, a peripheral name is solicited from the person. An identifier that includes the actual name and the peripheral name of the person is created. Whether the identifier is unique is determined. The steps of soliciting, creating, and determining are repeated until the identifier is unique. The peripheral name is associated with the person. The identifier is associated with the person.

Abstract: Systems, methods, and apparatuses for installing a software product using timestamp validation and system identification validation are disclosed. An example method to lock a software product in a software wrapper includes determining a unique hard drive serial number of a user device to which the software product is to be installed and generating a hash number of the unique hard drive serial number. The example method also includes determining a campaign identifier of the software product from a secure variable within the software product and generating a date-time code based on a current date and time. The method further includes assembling the date-time code and the campaign identifier into an unlock code, encrypting the unlock code using the hash number as a passphrase key to create an encrypted unlock code, and applying the encrypted unlock code to an end of a filename of an installer using a command line parameter.

Abstract: Protecting a runtime Web service application. A web service application is instrumented to log its operation and allow recreation of its execution trace. Trace point vulnerabilities are identified using one or more data payloads. Candidate trace point operations associated with the trace point vulnerabilities are identified. Supplementary candidate operations are computed based on the existing trace point operations and the one or more data payloads. The Web service application is further instrumented with the one or more supplementary candidate operations.

Abstract: According to one embodiment, a system includes a memory comprising instructions, an interface, and a processor communicatively coupled to the memory and the interface. The interface is configured to receive, from a first user associated with an online account, a first request to allow access, by a second user not associated with the online account, to the online account, send, in response to the first request, a second request to the second user for credentials, and receive, in response to the second request, credentials from the second user. The process is configured, when executing the instructions, to generate, for the online account based on the first and the credentials received from the second user, an access profile associated with the second user.

Abstract: A computerized method of preemptive event handling, The method comprises monitoring, in run time at kernel level, a plurality of events of a plurality of processes executed by an operating system (OS) running on a computing device, detecting, in run time, a first event of the plurality of events, the first event being performed by a first process of the plurality of processes on the computing device, classifying, in run time, the first process as a malware in response to the detection of the first event, and preventing, in run time, the first process from running on the computing device before the first event is processed by the OS.

Abstract: According to one embodiment, a system comprises a memory comprising instructions, an interface, and a processor communicatively coupled to the memory and the interface. The processor is configured, when executing the instructions, to determine one or more characteristics of a user device, determine, based on the one or more characteristics of the user device, a risk level associated with the user device, and apply, to the user device, one or more access restrictions for an online account based on the determined risk level.

Abstract: A method of providing service information using an electronic device is provided. The method includes receiving a service information packet, determining whether a service IDentification (ID) included in the received service information packet is a registered service ID, determining whether a service condition corresponding to the service ID and a registered condition are matched, and in response to determining that the service condition corresponding to the service ID and the registered condition are matched, displaying information corresponding to the matched condition.

Abstract: A system for web application security includes an interface and a processor. The interface of a web server is to receive a pending request made to the web server using an in-line request process. The processor of the web server is to provide information regarding the pending request to an agent process; and in the event that an instruction to block the pending request is received from the agent process at the in-line request process within a time constraint, block the pending request using the in-line request process.

Abstract: Method for authenticating and automatic transmission of user information between a mobile device and a wireless router, establishing communication to the mobile device for authentication, transmitting the device identifier and pre-stored user information of an application to the wireless router, determining the match between the received information and an encrypted database of the wireless router, establishing a link between the user's information and the mobile device's information, logging in the application with received user information, and triggering the service provided by the application.

Abstract: A system for authenticating data acquired by multiple sensors prior to storing the data in a database is described. The system also authenticates users requesting data access and intelligence agents that provide analyses of data stored in the database. As a result, any data or data analysis obtained from the system is traceable and reliable.