Abstract: Examples herein disclose erasing data from a target device based upon an authentication of an erase command. The examples receive an erase command during execution to boot strap information and authenticate the erase command. Upon the authentication of the erase command, the examples erase data from the target device prior to completion of execution of boot strap information.

Abstract: A system, method, and computer-readable medium for detecting malicious computer code are provided. A dataset may be accessed and converted to a binary dataset according to a predefined conversion algorithm. One or more cycles in the binary dataset may be identified. Statistical analysis may be performed on the identified one or more cycles. A determination that the set of dataset includes malicious software code may be made based on the performed statistical analysis.

Abstract: Methods and systems for performing security functions in a service-oriented computer system are provided. The method includes acts of receiving, from one or more entities, a service request for a service provided by one or more server computers adapted to process the service request; providing a copy of the service request to a processor adapted to analyze the copy of the service request; storing the service request in a memory; determining, by the processor, if the service request should be processed by performing one or more analyzes of the copy of the service request to determine if the service request would be harmful to the one or more server computers; and if it is determined that the service request should be processed by the one or more server computers, forwarding the service request to the one or more server computers.

Abstract: Systems and methods can comprise receiving an authentication request according to a first security protocol from a user device. Responsive to a determination that the authentication request is trustworthy according to the first security protocol, a device identifier and information related to a shared key are transmitted to the user device. A content request to access content secured according to a second security protocol is received from the user device. The content request can comprise the device identifier and can be encrypted using a shared key derived from the information related to the shared key. The content request can be decrypted using the shared key, and authenticated based on the device identifier.

Abstract: The instant disclosure is directed to an attack/unwanted activity detecting firewall for use in protecting authentication-based network resources. The instant system is adapted for installation inline or in sniffer mode. In various embodiments, defined rules are applied to network traffic to determine whether certain types of attacks are occurring on the network resources. If one such attack is detected, the system provides for several potential responses, including for example disconnecting the attacking remote machine, requiring the user at that machine to re-authenticate, and/or requiring a second factor of authentication from the user at that machine. In some example embodiments, regardless of any activity required of a user at the remote machine suspected of malicious behavior, the disclosed system generates an alarm or other alert for presentation as appropriate, such as via a graphical user interface or a third-party system using an API.

Abstract: A device management apparatus includes a setting information acquisition unit that acquires setting information of one or more security setting items from a device; a policy information acquisition unit that acquires policy information defining a single piece of compliant information, a plurality of pieces of compliant information, or a compliant range, for each security setting item; a determination unit that determines whether each of the setting information of the one or more security setting items conforms, based on the policy information; a change unit that changes, when the setting information of any security setting item does not conform, the setting information so as to conform; and a distribution unit that distributes the changed setting information of the security setting item to the device.

Abstract: Provide is a device and a method for registering the device supporting home networking, by a server. The method includes receiving a registration request for the device from a user and determining whether the device was registered by the user. If the device has been registered, a re-registration authentication code is obtained based on an initial authentication code of the device, and registration of the device is mapped to the re-registration authentication code.

Abstract: [PROBLEMS] To appropriately authenticate a user, a biometric device, and an authentication timing of a client side and prevent leak or tampering of the biometric information. [MEANS FOR SOLVING PROBLEMS] A server device includes: a unit for encrypting information for requesting biometric authentication and identifying the request by using a public key of the biometric authentication device and transmitting the information; and a unit for authenticating the user according to the authentication information containing the result of the biometric authentication.

Abstract: A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a ROM (read only memory) of the portable device based on a public key certification process. A certified code image may be assigned a hash signature to be stored in a storage of the portable device. An operating environment of the portable device may be established after executing the certified code.

Abstract: The present invention relates to a method, system and apparatus for authentication using an application. Particularly, this invention can use an integrated ID by acquiring a reliable relationship between applications installed in a single terminal, or can perform the authentication of other applications by sharing authentication information through a representative application among applications. According to this invention, the account registration is performed by referring to the representative application, and thus the SSO authentication scheme may be implemented even in a mobile environment.

Abstract: Provided are an identity confirmation method and an identity confirmation system in which it is not necessary to keep a password in memory and in which a credential used for authentication is changed automatically without requiring a user operation. Life log data for the user is received, life log data history is accumulated and managed, the life log data history is referenced to generate a question relating to history that the user is likely to know, the question is transmitted over the Internet to a mobile communication device, an answer to the question relating to history produced by the user and transmitted from the mobile communication device is received over the Internet, the answer from the user is evaluated to determine whether or not the answer is correct, and the success or failure of identification is determined on the basis of the evaluation result.

Abstract: A security method that includes assigning a sensitivity value for a communication with a sensitivity determining module including at least one hardware processor. Following assignment of the sensitivity value to the communication, the communication is formatted for display. When sensitivity value exceeds a security threshold, the communication is parsed into a sequence of fragments. The communication is transmitted as the sequence of fragments when said sensitivity value exceeds the security threshold.

Abstract: Protecting data files is disclosed, including: in response to an indication that a data file has been generated by a client device, determining a security classification associated with the data file; determining that the security classification associated with the data file comprises a classified file; storing the data file in a designated virtual storage area; and generating a stub file at an original storage location of the data file, wherein the stub file includes a viewing permission associated with the data file and a storage location of the data file in the designated virtual storage area.

Abstract: The disclosed computer-implemented method for logging processes within containers may include (i) detecting creation of a new container that comprises a lightweight platform-independent filesystem capable of executing at least one process that is isolated from a host computing device that hosts the container, (ii) launching, within the new container, a monitoring process that maintains a log of events associated with a process that will be executing within the new container, (iii) recording to the log, by the monitoring process, data about at least one event associated with the process executing within the container, and (iv) exporting, by the monitoring process, the log to the host computing device that hosts the new container. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Determination of a quantified identity using a multi-dimensional, probabilistic identity profiles is contemplated. The quantified identity may be used to authenticate a user entity provided to a point-of-sale device or other interface associated with identity requester in order to verify the corresponding users as who they say they are. The user identity may be determined initially as a function of user inputs made to the identity requester and/or as a function of wireless signaling exchange with devices associated with the user.

Abstract: Maintaining synchronization of encryption processes at devices during transmission of encrypted data over a communication link is provided. Cipher link maintenance characters are sent from a source device to a sink device. A local cipher link maintenance character generated at the sink device for decrypting the encrypted data can be adjusted according to the cipher link maintenance character. After authentication, cipher link maintenance characters corresponding to units (e.g., frames) of the encrypted data are sent along with the units of the encrypted data. When a transmission error occurs during transmission of the encrypted data, cipher link maintenance characters can be used to correct the error in a local cipher link maintenance character generated at the sink device. Hence, even if the transmission error occurs in the communication link, the sink device can resolve the transmission error and maintain the synchronization of encryption processes at the source and sink devices.

Abstract: A method and system for mitigating of cyber-attacks in a software defined network (SDN) are presented. The method comprises operating a central controller and the SDN in a peace mode; monitoring traffic addressed to at least one destination server to detect at least an attack performed against the at least one destination server; switching an operation of the central controller to an attack mode, upon detection of an attack against the at least one destination server; and instructing, by the central controller, network elements of the SDN to divert all suspicious incoming traffic addressed to the at least one destination server to a security server, thereby mitigating the detected attack.

Abstract: A location information acquisition unit (25) acquires location information for pointing a current location. A first transmission unit (21) sends, via a network to a management device (100), access request information used for requesting access to information acquisition units (23), (24), attached with the location information acquired by the location information acquisition unit (25). A first reception unit (22) receives, from the management device (100) via the network, access permission information or access prohibition information in response to the access request information. A control unit (20) leaves the information acquisition units (23), (24) prohibited to operate, if the access permission information has not been received yet by the first reception unit (22), and controls the information acquisition units (23), (24) to operate only for a predetermined duration to acquire information, upon reception of the access permission information by the first reception unit (22).

Abstract: A processor of an aspect includes a decode unit to decode a modular exponentiation with obfuscated input information instruction. The modular exponentiation with obfuscated input information instruction is to indicate a plurality of source operands that are to store input information for a modular exponentiation operation. At least some of the input information that is to be stored in the plurality of source operands is to be obfuscated. An execution unit is coupled with the decode unit. The execution unit, in response to the modular exponentiation with obfuscated input information instruction, is to store a modular exponentiation result in a destination storage location that is to be indicated by the modular exponentiation with obfuscated input information instruction. Other processors, methods, systems, and instructions are disclosed.

Abstract: A user authentication method and a terminal. The method includes determining first-type authentication information and second-type authentication information that are of a terminal, wherein the first-type authentication information includes specific attribute information that is in specific attribute information of an interaction object corresponding to a specific interaction behavior of the terminal and whose occurrence frequency within a preset time falls in a preset range, and wherein the second-type authentication information is used to interfere with selection, by the user of the terminal, of the first-type authentication information; presenting an authentication challenge set to the user of the terminal; receiving an identification result; and determining an authentication result. According to the user authentication method, authentication information is dynamically generated using information about an interaction object to perform authentication on a user.