Abstract: An authentication system includes one or more portable terminals and an electronic device. The electronic device includes a storage section, a terminal location acquiring section, a determining section, an authentication section, and a right granting section. The storage section stores authentication information of each of one or more users, usage right information of each user, and location information of the electronic device. The terminal location acquiring section acquires location information of each portable terminal. The determining section determines a first portable terminal that is located within a specific authentication distance from the electronic device, based on the location information. The authentication section performs authentication of a first user associated with the first portable terminal, based on the authentication information of the first user. The right granting section permits the first user to use the electronic device within a scope of usage right granted to the first user.

Abstract: Context-based application firewall functionality. A user session is initiated with a client device. The user session allows access a remote resource on a server device coupled with the client device over a network. The connection between the client device and the remote resource is through an application firewall. An application firewall context setup is performed with the application firewall in response to the user session. The application firewall context comprises firewall context information to be used during the user session to perform network and application security operations with the application firewall. A response is created to provide information from the remote resource to the client device. The response includes metadata to be used to update the firewall context information. The firewall context information is updated with the application firewall based on the metadata. The response is transmitted to the client device.

Abstract: A system for equality testing, the system comprising a first client device including a first private data unit, a second client device including a second private data unit, and a server. The server receives a first obfuscated data unit corresponding to the first private data unit from the first client device, and a second obfuscated data unit corresponding to the second private data unit from the second client device. The server performs a vector calculation based on the first and second obfuscated data units to generate a combination of the first and second obfuscated data units. The server sends the combination to the first client device. The first client device is configured to determine whether the first private data unit is equal to the second private data unit based on the combination.

Abstract: An authentication method is provided between a device (e.g., a client device or access terminal) and a network entity. A removable storage device may be coupled to the device and stores a subscriber-specific key that may be used for subscriber authentication. A secure storage device may be coupled to the device and stores a device-specific key used for device authentication. Subscriber authentication may be performed between the device and a network entity. Device authentication may also be performed of the device with the network entity. A security key may then be generated that binds the subscriber authentication and the device authentication. The security key may be used to secure communications between the device and a serving network.

Abstract: The present invention is directed towards systems and methods for improved access to an attraction via a computing device of a user. A first computing device of a user records an identification code associated with an attraction. The first computing device transmits, to a second computing device, a request for access to the attraction, the request comprising the identification code. The first computing device receives, from the second computing device, an access authorization comprising an access code. The first computing device presents the access code to an attraction operator for access to the attraction.

Abstract: One embodiment relates to an apparatus for creating and managing security policies for data leakage prevention. The apparatus includes a database which stores three layers of objects comprising digital assets, content templates, and security policies, and a user interface configured to access said database so as to provide for input and editing of said three layers of objects. The security policies may include at least a target element, an action element, and a condition element. A content template may be used to form the condition element. Content templates may include compliance templates which are configured to satisfy specific regulatory requirements and other templates to protect specified types of information. Other embodiments, aspects and features are also disclosed.

Abstract: A method for preventing the acquisition of data by a screen capturing malware, comprises preventing an unidentified process that does not open a window from performing screen capture.

Abstract: A system/method for preventing a computer virus from accessing message addresses is described. The system comprises an interception component or client plug-in that communicates with a messaging client and a messaging server. The interception component alters messages from the server and destined for the client. The interception component replaces message addresses in incoming messages with a unique identifier. The interception component also alters messages from the client destined for the server. The interception component replaces a unique identifier with a message addresses. A system/method for preventing keyboard sniffer programs from intercepting input, a system for preventing a computer virus from activating a send confirmation of a messaging client and a method for altering displayed objects to show encrypted data in decrypted form are also described and claimed. A system/method for reducing the impact of keyboard sniffer programs by altering keyboard input.

Abstract: Identity protection and management for electronic communication is described, including receiving a request to provide data from a first address to a second address, the request including an attribute associated with the second address, determining a risk value of the second address based on the attribute associated with the second address and a risk score, based on the risk value of the second address generating a third address that is associated with the first address, and providing the data and the third address to the second address without providing the first address to the second address.

Abstract: A computer-implemented method may include tracking a child's usage of a computing system. The computer-implemented method may also include generating an event history based on the child's usage of the computing system and identifying a restricted event that violated a parental-control policy. The computer-implemented method may further include creating an event trail by identifying at least one event in the event history that led to the restricted event. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A network computer system is protected from malicious attacks by its own system administrators by a large number of addressable and assignable smart-agents that are individually allocated to independently follow and represent those system administrators, the jobs those system administrated are assigned to work on, and the system resource tasks that such system administrators can employ in furtherance of the completion of a particular job.

Abstract: A method for invoking an application in a Screen Lock screen is disclosed herein. The method for invoking an application in a user equipment includes the steps of selecting at least one unlock application that is to be displayed on a Screen Lock screen among multiple applications, and displaying an unlock application icon respective to each of the select at least one unlock application on the Screen Lock screen.

Abstract: A key server for controlling access of a client device to a subset of different quality copies of media content to be delivered over a network to the client device. In one embodiment, a key server receives a request for playback permission of media content by a client device, and applies a set of one or more business rules to determine which copies of the media content, if any, can be played by the client device, and allows access to a subset of the copies that can be played back by the client device and restricts access to the copies that are not part of the subset.

Abstract: A method, non-transitory computer readable medium and apparatus for securing user input and/or output on a mobile endpoint device. For example, the method receives an input on the mobile endpoint device, encrypts and authenticates the input in a trusted domain of the mobile endpoint device executing an application and sends the input that is encrypted and authenticated to an untrusted domain of the mobile endpoint device over a secure channel.

Abstract: A method for handling security in an SRVCC handover for a mobile device in a wireless communication device is disclosed. The method includes having an active Circuit-Switched (CS) service or a Radio Resource Control (RRC) connection in a CS domain when the mobile device is served by a first network, wherein the first network supports the CS domain and a Packet-Switched (PS) domain; receiving a handover command to handover from the first network to a second network, wherein the second network supports the PS domain; deriving a plurality of security keys used in the second network from a plurality of CS domain keys used in the first network; and applying the plurality of security keys for transmission and reception in the second network.

Abstract: Context-based application firewall functionality. A user session is initiated with a client device. The user session allows access a remote resource on a server device coupled with the client device over a network. The connection between the client device and the remote resource is through an application firewall. An application firewall context setup is performed with the application firewall in response to the user session. The application firewall context comprises firewall context information to be used during the user session to perform network and application security operations with the application firewall. A response is created to provide information from the remote resource to the client device. The response includes metadata to be used to update the firewall context information. The firewall context information is updated with the application firewall based on the metadata. The response is transmitted to the client device.

Abstract: A method, apparatus, and computer program product for providing security and network isolation for service instances comprising data processing resources provided as a service by a provider of data processing resources. Individual service instances may be associated as members of one or more security zones. The security zones comprise security policies that define access of each service instance that is a member of a security zone.

Abstract: A method is provided in one example embodiment that includes generating a fingerprint based on properties extracted from data packets received over a network connection and requesting a reputation value based on the fingerprint. A policy action may be taken on the network connection if the reputation value received indicates the fingerprint is associated with malicious activity. The method may additionally include displaying information about protocols based on protocol fingerprints, and more particularly, based on fingerprints of unrecognized protocols. In yet other embodiments, the reputation value may also be based on network addresses associated with the network connection.

Abstract: A method for pre-accessing a conference telephone is disclosed in the present invention. The method includes that: a network side detects a received call whose target is a main control party after the main control party initiates an encryption conference telephone; the call is not accessed if the call is a non-encryption conversation; the call is allowed to be accessed if the call is an encryption conversation. A system for pre-accessing a conference telephone is also disclosed in the present invention, wherein, the system includes a pre-accessing processing unit and a call type detection unit of the network side. A network side device is also disclosed in the present invention. The present invention realizes the pre-accessing of the encryption conference telephone, thereby improving security of the encryption conversation as well as avoiding the problem that a user is frequently affected when performing the encryption conference telephone.

Abstract: A system and method for enabling the sharing of content between secure applications and unsecure applications are described herein. Content requests can be received from secure applications and unsecure applications. In response to the content requests, listings of options can be returned that have the ability to satisfy the content requests from the requesting secure applications or the requesting unsecure applications. In addition, selections of the options of the listings of options can be received through the requesting secure applications or the requesting unsecure applications. Content locations that are to be returned to the secure applications can be selectively modified such that subsequent content requests that involve the modified content locations are identified as being associated with an unsecure option.