Abstract: A user authenticating method is performed by a user authenticating server connectable to at least one mobile terminal and a user terminal. The user authenticating method includes: receiving access information of a network including an access identification code and an access location code from the user terminal; estimating an access location of a network based on the access location code; determining at least one mobile terminal associated with the access identification code; transmitting the estimated access location of a network to the at least one mobile terminal; and receiving a location-based access approval or access rejection determined based on the access location of a network and a location of a particular mobile terminal belonging to the at least one mobile terminal from the particular mobile terminal.

Abstract: Embodiments are directed towards generating a unified user account trustworthiness system through user account trustworthiness scores. A trusted group of user accounts may be identified for a given action by grouping a plurality of user accounts into tiers based on a trustworthiness score of each user account for the given action. The tiers and/or trustworthiness scores may be employed to classify an item, such as a message as spam or non-spam, based on input from the user accounts. The trustworthiness scores may also be employed to determine if a user account is a robot account or a human account. The trusted group for a given action may dynamically evolve over time by regrouping the user accounts based on modified trustworthiness scores. A trustworthiness score of an individual user account may be modified based on input received from the individual user account and input from other user accounts.

Abstract: Systems, methods, computer-readable media, and apparatuses for identifying a source of an unauthorized disclosure of information are provided. For instance, a document may be generated and transmitted to a plurality of users. The document transmitted may be the same document (e.g., no additional documents are created for different users). Upon accessing the document, users in different groups of users may view different data items in a data item field in the document. If a disclosure is made, the data item disclosed may aid in identifying the group of users who viewed that data item and may be the source of the disclosure. That identified group may then be further sorted or divided into two or more subgroups and another document may be transmitted to the plurality of users. The process may continue in this manner until a source of the disclosure is identified.

Abstract: A method is provided for producing a secured data object by means of a data processing device. The method includes: generating a data representation value in each case at the end of an interval having a first interval length which is assigned to the data sets of the respective interval of first length, receiving a first time stamp assigned to the respective data representation value, storing the respective data representation value together with the assigned first time stamp, generating an interval representation value in each case at the end of an interval having a second interval length which is greater than the first interval length which is assigned to the data representation values of the respective interval of second length, receiving a second time stamp assigned to the respective interval representation value and storing the respective interval representation value together with the associated second time stamp.

Abstract: Aspects of various embodiments are directed to the communication of wireless data. In a particular embodiment, an apparatus includes a master/wireless communication circuit and a slave circuit that carries out a secure function. The master generates session initiation commands, and the slave is responsive to these commands by generating and storing a session ID. In response to the receipt and validation of user-input data, the slave accesses and locally stores the session ID. Upon the initiation of and/or during a wireless communication process, the slave again accesses the session ID and compares the accessed session ID with the locally stored session ID, and facilitates communication based on the comparison (e.g., communication is not permitted if the comparison does not indicate a match).

Abstract: In certain embodiments, a method for transferring session state information between web applications comprises receiving control of a first session from a first web application via a second session with the first web application. The first session comprises interaction between a browser and a first web application and is associated with session state information for the first session. The method further comprises receiving from the first web application via the second session at least a portion of the session state information for the first session. The method further comprises storing, in a first message queue using a first message service, at least a portion of the session state information for the first session received from the first application, a first message key being generated for the stored session state information for the first session and stored in association with the stored session state information for the first session.

Abstract: Devices, methods and products are described that provide removable storage device data protection. One aspect provides a method comprising: ascertaining a protected removable storage device connected to an information handling device, said protected removable storage device having a first partition for storing data according to a first file system type, and a second partition for storing user data according to a second file system type; and responsive to said information handling device recognizing said second file system type, querying for user credentials to decrypt a data encryption key used to encrypt said user data of said second partition. Other embodiments are described.

Abstract: A device for accessing web services uses a service interface and a conversion and interpretation unit to implement a method which simplifies the access interface of wave services. The service interface includes an upload element, a download element and a command element. With the conversion and interpretation unit, the data and the command of web pages are converted and interpreted as the contents of the three elements. The contents are converted into web page documents and forwarded to a network platform for further processing associated tasks. The presentation on the service interface may replace the browsers and achieve the function of supporting the participation-typed service. It simplifies the complexity on the network access interface, and can access different services provided by different servers.

Abstract: A method and apparatus for authenticating a first node's identity in a communication network. An authentication node receives from a second node an authentication request. The authentication request includes a first certificate that has previously been presented to the second node by a node purporting to be the first node. The authentication node retrieves a second certificate belonging to the first node from the first node, and compares the first certificate with the second certificate. If the certificates match, then the first node's identity can be authenticated but if the certificates do not match, then the first node's identity cannot be authenticated. The results of the comparison are then sent to the second node for use by the second node to authenticate the first node.

Abstract: Various embodiments described herein each provide one or more of systems, methods, software, and data structures that facilitate document-authorized access to a shared workspace. Some of these embodiments provide access to a shared workspace, such as a document review comment repository, through data embedded within a document. Mere possession of a document with a key, or other data element, allows a possessor of the document to participate in a workflow process.

Abstract: In one illustrative scenario, a mobile device receives configuration information which includes information for use in constructing a request message for obtaining a digital certificate from a certificate authority (CA). After receipt of the configuration information, the mobile device constructs the request message for the digital certificate and causes it to be sent to a host server of a communication network. In response, the host server requests and obtains the digital certificate from the CA on behalf of the mobile device, and thereafter “pushes” the received digital certificate to the mobile device. The mobile device receives the digital certificate and stores it for use in subsequent communications. The host server may be part of a local area network (LAN) which includes a wireless LAN (WLAN) adapted to authenticate the mobile device based on the digital certificate, so that the mobile device may obtain access to the WLAN.

Abstract: A method for dumping a confidential image on a trusted computer system. A trusted computer system loads an encrypted client dumper image key. The trusted computer system decrypts, with a private host key, the encrypted client dumper image key to generate a client dumper image key. The trusted computer system loads an encrypted dumper including a client dump key, in response to determining that the client dumper image key matches a client image key which encrypts a boot image of a current operating system. The trusted computer system decrypts, with the client dumper image key, the encrypted dumper to generate a dumper including the client dump key. The trusted computer system starts the dumper. The dumper generates an encrypted dump by encrypting, with the client dump key, an image to be dumped in the secure logical partition, and the dumper writes the encrypted dump on a client dump device.

Abstract: Methods and nodes for securing execution of a web application by determining that a call dependency from a first to a second function needs to be protected, adding a Partial Execution Stub (PES) function comprising code to establish a communication connection with a trusted module. Methods and nodes for secured execution of a web application by invoking a function of the web application, invoking a Partial Execution Stub (PES) function during execution of the function of the web application, sending, from the PES function, a message call with current execution information to a trusted module and receiving, a verification result from the trusted module.

Abstract: A method and system for protecting a computing system, the method comprising allocating simulator nodes, the simulator nodes emulating operations of devices in a target system, simulating malicious action utilizing the simulator nodes, and determining that the malicious action was successfully.

Abstract: An approach for regional firewall clustering for optimal state-sharing of different sites in a virtualized/networked (e.g., cloud) computing environment is provided. In a typical embodiment, each firewall in a given region is informed of its peer firewalls via a registration process with a centralized server. Each firewall opens up an Internet protocol (IP)-based communication channel to each of its peers in the region to share state table information. This allows for asymmetrical firewall flows through the network and allows routing protocols to ascertain the best path to a given destination without having to take firewall placement into consideration.

Abstract: Systems and methods are provided for a device to engage in a zero-knowledge proof with an entity requiring authentication either of secret material or of the device itself. The device may provide protection of the secret material or its private key for device authentication using a hardware security module (HSM) of the device, which may include, for example, a read-only memory (ROM) accessible or programmable only by the device manufacturer. In the case of authenticating the device itself a zero-knowledge proof of knowledge may be used. The zero-knowledge proof or zero-knowledge proof of knowledge may be conducted via a communication channel on which an end-to-end (e.g.

Abstract: Embodiments provide IP address partitioning features that can be used to source outbound email communications, but the embodiments are not so limited. In an embodiment, a computer-based method operates to identify and/or isolate one or more customers that may be misusing one or more IP addresses of a partition. A system of an embodiment is configured in part to divide a partition that includes one or more potentially misused IP addresses into one or more levels of sub-partitions as part of identifying offending or potentially offending customers. Other embodiments are included.

Abstract: A data processing method pertains to a step (E308) including in verifying a criterion indicative of the normal running of the method and a step (E320) including in processing performed in case of negative verification. The processing step (E230) is separated from the verifying step (E308) by an intermediate step (E312, E314) of non-null duration. The intermediate step (E312, E314) and/or the processing step (E320) includes at least one action (E314) performed in case of positive verification. The invention also concerns a corresponding device.

Abstract: A license consumption system includes an information device on which application software operates based on a given license; and a function providing server which grants the license to the information device. The function providing server stores the license and an operating condition for granting the license, when attempting to start the application software, the information device transmits to the function providing server a licensing request of the application software and an operating environment of the information device, and the function providing server compares an operating condition of the application software corresponding to the requested license with the operating environment of the information device, and grants the license to the information device when the operating environment satisfies the operating condition.

Abstract: The disclosure relates to a method, apparatus and server for identity authentication, related to communication technique to solve system overload problem caused by invalid access ID attack. The method may include: a server receiving an API calling request from third party developer, the API calling request carrying access ID generated in advance by server and assigned to the third party developer; searching for a version character carried in the access ID; based on a version character generation rule, verifying whether the version number marked by the version character being the same as a version number of the check character generation rule used by the server; when the version character being verified successfully, searching for at least a check character carried in the access ID; and based on the check character generation rule, verifying respectively on the at least a check character. The disclosure is applied to API calling request process.