Abstract: In one embodiment, a method includes enrolling a supplicant device as an authentication factor for a user. The enrolling includes storing a public key of an asymmetric key pair generated by an authentication application on the supplicant device. The method also includes receiving, from an access device, a request to access a service using an identity of the user. In addition, the method includes, responsive to the receiving, publishing an authentication code to the access device. The method further includes receiving an authentication package from the authentication application without contacting the authentication application. The authentication package includes a digital signature of the authentication code. The method additionally includes validating the digital signature using the public key. Moreover, the method includes, responsive to a determination that the validating is successful, allowing the access device to access the service.

Abstract: In various aspects, code-based indicia contain secured network access credentials. In some aspects, a computer processor receives user input that specifies secured network access credentials, and the computer processor creates or modifies credentials for establishing a secured network connection. In these aspects, the computer processor generates code-based indicia that contain at least part of the secured network access credentials. In other aspects, a computer processor scans the code-based indicia and extracts the network access credentials. In these aspects, the computer processor employs the network access credentials to establish the secured network connection. In additional aspects, a network router apparatus renders the code-based indicia to an active display. In further aspects, a network router apparatus conditions grant of network access to a device on receipt from the device of an answer to a security question included in the secured network access credentials.

Abstract: Methods and a system involve secure communication between an RFID tag and a reader via the over-the-air interface, and to corresponding RFID tags and corresponding readers. A modification of the Rabin method is employed wherein within the framework of the encryption of a plaintext M into which an identification element of the RFID tag or of an object furnished therewith is incorporated, there is computed by the RFID tag, the Montgomery residue (Montgomery reduction) of the square of the plaintext M modulo n with respect to a Montgomery base R, i.e. C*=M2R?1 mod n, and the resultant ciphertext C* is employed for authenticating the RFID tag. The modulus n=p·q is the public key of the reader, the prime numbers p, q are the private key of the reader, and the Montgomery base R is an integer that is larger than the modulus n.

Abstract: Disclosed are various embodiments for systems and methods for controlling access of networks. In one embodiment, an access control service receives requests to access network beacons from client devices. In response, the access control service determines whether the client devices satisfy authorization rules associated with the network beacons. If the access control service determines that the client devices satisfy the authorization rules associated with the network beacons, the access control service authorizes the client devices to access the network beacons. Subsequently, if the client devices cease to satisfy the authorization rules associated with the network beacons, the access control service terminates the authorization of the client devices to access the network beacons.

Abstract: In a processor of a security appliance, an input of a sequence of characters is walked through a finite automata graph generated for at least one given pattern. At a marked node of the finite automata graph, if a specific type of the at least one given pattern is matched at the marked node, the input sequence of characters is processed through a reverse non-deterministic finite automata (rNFA) graph generated for the specific type of the at least one given pattern by walking the input sequence of characters backwards through the rNFA beginning from an offset of the input sequence of characters associated with the marked node. Generating the rNFA for a given pattern includes inserting processing nodes for processing an input sequence of patterns to determine a match for the given pattern. In addition, the rNFA is generated from the given type of pattern.

Abstract: A computational system is configured to protect against integrity violation. The computational system includes a processing unit and a critical resource, the critical resource being controllable by the processing unit so as to be locked or unlocked. The critical resource is configured to intermittently transmit a polling value to the processing unit, and the processing unit is configured to apply a transformation onto the polling value so as to obtain a response value and send the response value back to the critical resource. The critical resource is configured to check the response value on correctness so as to obtain a check result, and subject the controllability to a dependency on the check result.

Abstract: Techniques are disclosed for encrypting application data files using a format-friendly encryption process. A software agent may create an encrypted version of an application file using the same data file format of the unencrypted file. For example, when a user encrypts a word processing document, the software agent outputs a word processing document which includes an encrypted copy of the first word processing document. Application data files for other file formats may be encrypted in a similar manner. Further, format-friendly encrypted documents may include instructions for accessing the encrypted content, allowing the standard applications for accessing a given file format to present the instructions to a user. Creating encrypted document using the format-friendly encryption formats allows users who access an encrypted file hosted by a cloud storage provider to receive the information needed to access that application file.

Abstract: In one embodiment, a processor includes at least one execution unit. The processor also includes a Return Oriented Programming (ROP) logic coupled to the at least one execution unit. The ROP logic may validate a return pointer stored on a call stack based on a secret ROP value. The secret ROP value may only be accessible by the operating system.

Abstract: The present invention is directed towards a method and system for automating workflow. The method and system includes receiving data from a portable identification key communicatively coupled to a processing device to initiate automation processes. The profile information comprised in the data is accessed, the profile information including an identification of a user associated with the portable identification key. The method and system further includes retrieving one or more instructions and parameters associated with the identified user by the processing device to initiate an automated workflow session, and initiating the automated workflow session according to the one or more instructions and parameters.

Abstract: Disclosed are various embodiments of generating a user signature associated with a user and authenticating a user. At least one behavior associated with at least one sensor in a computing device is identified. A timestamp is generated and associated with the behavior. A user signature corresponding to a user based at least in part upon the behavior and the timestamp is generated and stored.

Abstract: A client device is coupled with a server. The client device prompts a user to enter a number associated with a mobile device, which can be the client device, and generates data including a code. The code is typically hidden from the user when the code is generated and is saved on the client device. The client device transmits the number entered by the user and the code generated by the client device to the server, which sends a message, including the code, to the mobile device associated with the number. The client device prompts the user to enter the code included in the message. Validity of the number is based on one or more factors, including the accuracy of the code entered by the user. In addition, validity of the number can also be based on whether the second user input was entered within a predetermined time limit.

Abstract: A cross system secure logon in a target system by using a first authentication system and a second authentication system. A correct password may be valid on the first authentication system and the second authentication system. An aspect includes receiving an input password, generating a first hash key by using the first authentication system, and/or generating a second hash key by using the second authentication system, wherein each authentication system uses a system unique non-collision free hash algorithm. Further, in one aspect, comparing the first hash key with a first predefined hash key of the correct password stored in the first authentication system, and/or comparing the second hash key with a second predefined hash key of the correct password stored in the second authentication system. Furthermore, granting access to the target system based on at least one of the comparisons.

Abstract: The invention relates to a method for extending an application in a client device. The method comprises forming a connection from the client device to a server in order to access a document vault in the server; receiving one or more extension elements from the document vault wherein said one or more extension elements comprise software logic; executing the software logic in said client device in order to adapt a document management application as an extension of a file management system of the client device according to the one or more extension elements.

Abstract: Techniques are provided for evaluating compromised credential information. A method for evaluating compromised credentials comprises the steps of: collecting data regarding previously compromised credentials that were used to commit an unauthorized activity; applying one or more statistical learning methods to the collected data to identify one or more patterns; and evaluating a risk of credentials that have been compromised by one or more attackers using the identified patterns. According to a further aspect of the invention, a risk score is generated for one or more users and devices. The risk scores are optionally ordered based on an order of risk. The data can be collected, for example, from one or more of anti-fraud servers and information sources.

Abstract: A system and method are disclosed for providing wireless network access to a user of a remote device at a hotspot. In general, wireless communication is established by the system with the remote device to enable wireless transmission therefrom of social networking credentials associated with a social network profile maintained by a third party social network service provider. Using these credentials, the user is authenticated with the third party social network service provider, and, upon authentication, is provided wireless access to the network.

Abstract: A content data reproducing method includes: decrypting encrypted data to generate plain-text data; dividing the plain-text data into decrypted content data and reproduction management information; sending the reproduction management information to a user space; storing the decrypted content data in a secret buffer; obtaining the decrypted content data as reproduction target data from the secret buffer and transmitting the reproduction target data to a decoder; and decoding the reproduction target data by the decoder.

Abstract: A three-way trust relationship is established between a mobile device, Internet-connected vehicle system, and a cloud-based service. Access rights are granted to the mobile device from the vehicle system, such that the mobile device can securely connect to, and obtain status information and/or control the Internet-connected vehicle system, through the cloud-based service.

Abstract: The present invention discloses a XSS detection method for detecting the XSS vulnerabilities in a web page, comprising for each parameter-value pair in a set of parameter-value pairs that can be accepted by the web page: constructing a parameter-value pair in which a dedicated script is inserted; assembling a URL corresponding to the web page based on the parameter-value pair in which a dedicated script is inserted; acquiring the dynamic web page content corresponding to the assembled URL; and simulating the execution of the acquired dynamic web page content, if the dedicated script is executed, it is determined that the processing of the parameter in the web page contains XSS vulnerabilities. The present invention further discloses a corresponding XSS detection device and a web site security scanning system and a web scanning system using such a device.

Abstract: This discloses a video file encryption and decryption method, device, and mobile terminal. The encryption method can include: obtaining a to-be-encrypted video file and an encryption key, encrypting the video file using the encryption key to obtain an encrypted video file, obtaining scanned non-hidden partitions of a mobile terminal and an extended memory of the mobile terminal for storing user data, determining a partition storing the to-be-encrypted video file among the non-hidden partitions, and moving the encrypted video file to a folder in the partition storing the to-be-encrypted video file. The decryption method can include: obtaining a to-be-decrypted video file and a decryption key, decrypting the to-be-decrypted video file using the decryption key to obtain a decrypted video file, and determining a pre-encryption storage location of the to-be-decrypted video file and moving the decrypted video file to the pre-encryption storage location of the to-be-decrypted video file.

Abstract: Mechanisms are provided for collecting configuration data from components of a managed computing system environment. A portion of code is obtained, in a data processing system, from a data collection system that does not have security credentials to allow the data collection system to directly access to the managed computing system environment. The portion of code is executed by the data processing system using security credentials maintained in the data processing system. Executing the portion of code causes the data processing system to access the managed computing system environment and collect configuration data from the managed computing system environment. The data processing system, via the portion of code, provides the configuration data collected from the managed computing system to the data collection system which stores the collected configuration data in a data storage.