Abstract: A device comprising a hardware processor and memory storing an application of an application package comprising a first version and a second version of the application, the first version being intended to be executed on a genuine device and the second version on a jailbroken device. The hardware processor determines a jailbreak status of the device, i.e. genuine or jailbroken and derives a key based on at least the jailbreak status. In case the device is genuine, the hardware processor deciphers using the key at least a first part of the first version and executes, the first version using the first deciphered part, for example a jump table used to execute CFG flattened code. In case the jailbreak status is jailbroken, the hardware processor deciphers using the key at least a first part of the second version and executes the second version using the second deciphered part, for example comprising executable instructions.

Abstract: A first login request of a user is received from a first login window. The first login request comprises a login name, a user identifier, and a challenge. The challenge is generated and received from a second login request to a product in a second login window. The user copies and pastes the challenge into the first login window. A central control system determines if the login name and the user identifier are valid. If the login name and user identifier are valid, a response to the challenge is generated based a private key and is displayed in the first login window. The response to the challenge is copied from the first login window and pasted as part of a second step the second login process. The second login process verifies the response to the challenge using a public key to allow the user access to the product.

Abstract: Systems and methods are provided for modifying one or more guest memory permissions. An example method includes receiving a request to modify a memory permission of a guest running on a virtual machine. The guest includes a kernel that includes loading code and kernel code. The method also includes determining whether the request was sent from the loading code. The loading code corresponds to a first set of hypervisor page tables and is stored at a first range of memory addresses, and the kernel code corresponds to a second set of hypervisor page tables. The first range of memory addresses is in an executable mode in the first set of hypervisor page tables. The method further includes in response to a determination that the request was sent from the loading code, modifying the guest's memory permission in the second set of hypervisor page tables in accordance with the request.

Abstract: A method for authorizing a transaction has the following steps: inputting transaction data on a first mobile device, transmitting the transaction data from the first device to a background system by means of a first over-the-air interface, transmitting in encrypted manner at least a password to a second mobile device through the intermediary of the first mobile device, and authorizing the transaction by inputting the password displayed on the second device on the first device.

Abstract: A method is described for revoking a group of certificates, each of which includes a key, for an authenticated communication between one first subscriber and at least one second subscriber, one first key and one revocation value, with the aid of which the keys of the group of certificates may be calculated from the first key, being transmitted for the purpose of revocation to the at least one second subscriber.

Abstract: A method of performing finite field addition and doubling operations in an elliptic curve cryptography (ECC) authentication scheme as a countermeasure to side-channel attack. The addition and doubling operations are executed using atomic patterns that involve the same sequence and number of operation types, so that the noise consumption and electromagnetic emanation profile of circuitry performing the operations is identical regardless of operation. A subtraction operation using such an atomic pattern is also disclosed.

Abstract: Systems, methods, and devices of the various aspects enable identification of anomalous application behavior. A computing device processor may detect network communication activity of an application on the computing device. The processor may identify one or more device states of the computing device, and one or more categories of the application. The processor may determine whether the application is behaving anomalously based on a correlation of the detected network communication activity of the application, the identified one or more device states of the computing device, and the identified one or more categories of the application.

Abstract: Systems and methods for detecting malicious resources by analyzing communication between multiple resources coupled to a network are provided. According to one embodiment, a method of client reputation monitoring is provided. A monitoring unit executing on a network security device operable to protect a private network observes activities relating to multiple monitored devices within the private network. For each of the observed activities, a score is assigned by the monitoring unit based upon a policy of multiple polices established within the monitoring unit. For each of the monitored devices, a current reputation score is maintained by the monitoring unit based upon the score and a historical score associated with the monitored device. A monitored is classified by the monitoring unit as potentially being a malicious resource based upon the current reputation score for the monitored device.

Abstract: An encrypted text matching system is provided. The system is configured to generate first auxiliary data and second auxiliary to verify matching between a first encrypted text that is and a second encrypted text based on a Hamming distance between plaintexts; perform one-way conversion on at least part of the first auxiliary data; perform one-way conversion on intermediate data that is generated based on a difference between the first encrypted text and the second encrypted text and on the second auxiliary data; and determine, by using a result of the one-way conversion performed on the intermediate data as well as using the first auxiliary data that underwent the one-way conversion, whether a Hamming distance between plaintexts is equal to or less than a predetermined certain value, the Hamming distance corresponding to the difference between the first encrypted text and the second encrypted text.

Abstract: The disclosure is related to a machine to machine (M2M) device and a security management method thereof. The M2M device includes an identification circuit. The identification circuit may be configured to encrypt data collected from a sensor with a device identification (ID) of the M2M device and at least one subscriber ID of the identification circuit and to generate a data packet in a predetermined communication standard format by including the encrypted data in a payload of the data packet.

Abstract: A mobile device implements a state machine with full authentication, continuous authentication, and invalidation states. To access the device, the full authentication state requires the user to confirm his or her identity using some robust authentication technique. Upon success, the state machine transitions to the continuous authentication state wherein data samples are captured as the user interacts with the device and compared with stored exemplary fingerprints. Preferably, the state machine enforces a negative identification technique to determine whether the individual currently interacting with the touchscreen is not the user from which the exemplary fingerprints were generated. Upon such negative authentication, the state machine transitions to the invalidation state. In this state, operations (e.g., screen lock) are performed to secure the device against an unauthenticated use.

Abstract: A method comprises receiving a first user communication, accessing a directory entry associated with the user, accessing, by a processor, a database stored in a memory that includes content designated as private that is associated with the user in the directory, determining with the processor whether the first user communication includes content designated as private that is associated with the user, generating a second user communication by removing the content designated as private that is associated with the user from the first user communication, and sending the second user communication to an electronic personal assistant.

Abstract: Disclosed are various embodiments for synchronizing authentication sessions between applications. In one embodiment, a first authentication token is received from a first application in response to determining that the first application is authenticated with a service provider. A second authentication token is requested from a token exchange service associated with the service provider. The second authentication token is requested using the first authentication token. The second application is configured to use the second authentication token in order to access a resource of the service provider.

Abstract: A method of providing at least one communications service provider a connection to an Internet Protocol, IP, server in a perimeter network, the IP server providing a service over a public IP network, the method comprising the steps of detecting, in the perimeter network, an irregularity in IP traffic arriving at the perimeter network over the public IP network, disregarding, in the perimeter network, IP traffic arriving at the perimeter network over the public IP network, and enabling, in the perimeter network, a connection between the IP server and the at least one communications service provider for the service provided by the IP server over at least one private IP network.

Abstract: An authorized user obtains a packaging license that grants permission to use a particular recording device to generate multimedia content in accordance with specified license terms. The packaging license includes a content key that is used to encrypt the multimedia content at the point of capture on the recording device. The encrypted multimedia content can be transmitted via unsecure channels (for example, via electronic mail) to a networked content repository or an intended recipient. For playback, an authorized user obtains a playback license that grants permission to decrypt and playback the multimedia content using a particular playback device. An authorization server and a key management server are used to manage which users are entitled to receive a license, and to define the terms of the granted licenses. A record of the granted authorizations and licenses is maintained, thereby allowing access to a given content item to be audited.

Abstract: An upload management system for managing data upload from a client to a storage system includes an acquisition unit, a determination unit, and a control unit. The acquisition unit acquires information about data already uploaded by the client from the storage system in response to a request from the client which performs the data upload. The determination unit determines whether the client violates a predetermined condition based on the information acquired by the acquisition unit. The control unit performs control to return authentication information for performing the data upload to the client in a case where the determination unit determines that the client does not violate the condition, and performs control not to return the authentication information in a case where the determination unit determines that the client violates the condition.

Abstract: Disclosed are systems, methods, and non-transitory computer-readable storage media for shared folder backed integrated workspaces. In some implementations, a content management system can provide a graphical user interface (GUI) that integrates communications and content management into a single user interface. The user interface can include mechanisms that allow a user to provide input to generate a new workspace. The user interface can provide a mechanism to allow a user to view conversations related to the workspace and/or content items associated with the workspace. The user interface can present representations of content items associated with the workspace and allow the user to provide input to generate, view, edit, and share content items associated with the workspace.

Abstract: An image forming apparatus and a method of controlling the same, when it is instructed that the security policy be enabled, changes a setting item corresponding to the security policy so that the security policy is satisfied, and sets so that a setting value of the setting item cannot be changed, and when it is instructed that the security policy be disabled, controls so that a setting value of the setting item is changed under a condition that a security policy associated with the setting item corresponding to the security policy is disabled.

Abstract: In one example, a system for authenticating domains operates by authenticating a first domain and the extensions that make up the URI of an initial or primary Internet network call. Thereafter, the system can enable the owner of the first domain to make assertions or statements about additional domains and URIs that make up the rest of the web page, session or application.

Abstract: Techniques of information sharing involve processing queries from exchanges with multiple, non-colluding servers. Along these lines, each server stores a share of the query data such that readable query data may be reproduced only through combining the shares stored on a minimum number of the servers. In addition, a client wishing to submit a query encrypts any query input as well as a query function that provides an answer to the query. The client then sends a portion of the garbled query function to each of the servers. Each of the servers then evaluates their respective portion of the garbled query function using Yao's protocol in a serial manner so that one of the servers produces a garbled output. The client then determines the answer to the query by decoding the garbled output.