Abstract: A program analysis/verification service provision system (1) includes: a tool registration/search section (313) for extracting, from a plurality of program analysis/verification tools (virtual machines) stored in a tool storage section (320), a virtual machine (T) in which a program analysis/verification tool for use in analysis/verification of a target program (P) has been installed and set; and a virtual machine execution environment section (120) for analyzing/verifying the target program (P) with use of the virtual machine (T) thus extracted.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for embedding keys in hardware. One of the methods includes providing, to a device provider, one or more encrypted keys, each of the encrypted keys to be included in a corresponding device provided by the device provider. A user system that includes a device that includes one of the encrypted keys receives information specifying the encrypted key. The information received from the user system is validated. A decryption key is selected based on the information received from the user system that is configured to decrypt the encrypted key specified by the information received from the user system. The decryption key is provided to the user system that includes the device.

Abstract: A method and system for providing modular application for use within a cloud-based file includes storing on a cloud computing service a link to a modular application configured to be used with a cloud-based file, receiving a request to access the link to the modular application, determining whether the request source is associated with the cloud computing service, and providing an option to access the requested modular application. The option can be for a trial of the modular application or to create a cloud-based file using the modular application.

Abstract: An apparatus and a method provide a solution for a computer system. The apparatus may include a package containing or referencing a plurality of software components of the solution and containing a solution definition defining in logical terms the topology requirements of the solution. The plurality of software components may be packaged as installable units which comprise a descriptor providing requirements of a target hosting environment for the software component and the software component to be installed. The solution definition of the package may include target hosting environments of the software components of a solution being defined in terms of requirements each software component has on its own target hosting environment and requirements the solution imposes on the target hosting environments.

Abstract: The present invention relates to application-level secure end-to-end communication. Specifically it relates to methods apparatuses and computer program products for creating and distributing a shared secret and to sending or receiving messages between an embedded device and a user device via a cloud server.

Abstract: A method includes connecting to a client at a Virtual Private Network (VPN) device in a cloud system; forwarding requests from the client for the Internet or public clouds accordingly; and, for requests for an enterprise associated with the client, contacting a topology controller to fetch a topology of the enterprise, causing a tunnel to be established from the enterprise to the VPN device, and forwarding the requests for the enterprise through the tunnel. A cloud system and VPN system are also described. Advantageously, connections between the cloud and on-premises proxy are dynamic, on-demand and orchestrated by the cloud. Security is provided at the edge—there is no need to punch any holes in the existing on-premises firewalls.

Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for providing application attack monitoring. Actions can include: obtaining a security graph model associated with an attack vulnerability of a distributed application, the security graph model comprising a plurality of rule parts; screening log data obtained by a plurality of connectors to selectively obtain relevant log data corresponding to one or more of the rule parts, each connector being in communication with a respective components of the distributed application; evaluating the relevant log data based on the security graph model to provide an evaluation score; and in response to determining that the evaluation score is greater than a predetermined threshold, providing output indicating an attack on the distributed application.

Abstract: The trustworthiness of vehicle-to-vehicle (V2V) messages received from one or more associated vehicles in the vicinity of a subject vehicle is determined autonomously by a false signal detection system of the subject vehicle. Physical evidence relating to the associated vehicles is collected, and a statistical model is used to perform an analysis of the collected data. A V2V message is received by the system from a first one of the associated vehicles and a trustworthiness level of the message is determined in accordance with a correlation between the received V2V message and the result of the analyzed physical data relating to the first associated vehicle. The correlation may be a comparison of data contained in the received V2V message relative to a result of a stochastic analysis of the physical data. The received V2V message may be any V2V safety message including Emergency Electronic Brake Light (EEBL) messages.

Abstract: Systems and methods for user identification and authentication are disclosed. In one embodiment, a method of authenticating a first party to a second party may include the following: (1) receiving, from one of an electronic device of a first party and an electronic device of a second party, a request to generate authenticating indicia; (2) using at least one of a plurality of computer processors, generating the authenticating indicia; (3) transmitting, over a network, the authenticating indicia to the electronic device of a first party and to the electronic device of the second party; (4) receiving, from an electronic device of the second party, an indication that the second party has confirmed that the first party is authentic; and (5) storing an identity of the first party, the second party, and the authenticating indicia in a database.

Abstract: A method and apparatus for configuring an overlay network are provided. In the method and apparatus, a plurality of applications are deployed for execution on one or more computing systems. The plurality of applications may be part of an application group. Credentials information is provided to the one or more computing systems, whereby the credentials information is usable for securing communication between at least two applications of the plurality of applications that are executed on different computing systems. Further, configuration information that is usable for establishing a routing path for data sent by or addressed to a first application of the plurality of applications is provided to at least one computing system.

Abstract: Subscriber (user) data is encrypted and stored in a service provider cloud in a manner such that the service provider is unable to decrypt and, as a consequence, to view, access or copy the data. Only the user knows a user-specific secret (e.g., a password) that is the basis of the encryption. The techniques herein enable the user to share his or her data, privately or publicly, without exposing the user-specific secret with anyone or any entity (such as the service provider).

Abstract: Systems and methods for providing electronic content and applications to residents of controlled-environment facilities are disclosed. The portable computing device may be configured to determine that an external memory has been coupled to it. The external memory may include content requested by the resident and a key configured to allow the device to access the content to the exclusion of other devices associated with other residents. The portable computing device may retrieve the key from the external memory and allow the resident to view or play the content if the key matches a lock programmed within the device. If the resident attempts to insert a non-authorized external memory into the device, its contents may be erased and/or an alert may be generated. The content of the external memory may be transferred to the portable computing device and then the external memory may be locked so that it is unusable.

Abstract: An information processing device includes a processing-type accepting unit that accepts a type of first processing of data, a data accepting unit that accepts post-processing data, the post-processing data being data on which the first processing accepted by the processing-type accepting unit has been executed, and a data processing unit that determines a data confidentiality level indicating a degree of confidentiality of the post-processing data, on a basis of a first confidentiality level associated with the type of the first processing, and executes second processing according to the data confidentiality level with respect to the post-processing data.

Abstract: A display apparatus including an image processor which processes a video signal is provided. The display apparatus includes; a display which displays an image based on a processed video signal; a receiver which receives a key signal input by a user; a storage which stores a password key; and a controller which receives a user's first key signal which comprises an arrow key signal when a password is set up for the display apparatus, sets up and stores the password key which corresponds to the received first key signal, receives a user's second key signal when access is attempted, and allows the access in response to the received second key signal and the stored password key matching each other through a comparison.

Abstract: Techniques and logic are presented for encrypting and decrypting programs and related data within a multi-processor system to prevent tampering. The decryption and encryption may be performed either between a system bus and a processor's individual L1 cache memory or between a processor's instruction and execution unit and their respective L1 caches. The logic may include one or more linear feedback shift registers (LFSRs) that may be used for generation of unique sequential address related codes to perform the decryption of instructions and transformation logic that may be used for generation of equivalent offset address related codes to perform decryption and encryption of data. The logic may also be programmable and may be used for test purposes.

Abstract: A method and structure for entering authentication data into a device by displaying in an optical unit a key map which correlates data input into the device with keys of the device, the key map indicating data different from that of the keys of the device.

Abstract: An approach is provided to verify a network address. In the approach, a network address is received from a domain name service (DNS) based on a requested uniform resource locator (URL) that corresponds to a requested domain. A set of one or more network addresses previously established as corresponding to the requested domain is retrieved from a data store accessible from the information handling system. The information handling system is automatically connected to the network address in response to the received network address matching one of the set of one or more retrieved network addresses.

Abstract: A method to manage modification of encryption credentials for an encryption server. The encryption server is used to encrypt data uploaded by a user after provision of user encryption credentials associated with an encryption account. The data is encrypted by using a user encryption key stored in a cloud storage server.

Abstract: A method of performing a Real-Time Communication in Web-browsers (RTCWEB) identity authentication based on an authentication of a non-RTCWEB compliant Identity Provider (IdP) server comprising receiving, by an RTCWEB IdP client, an RTCWEB identity authentication request from a user agent, creating a session resource with a Relying Party (RP) client, wherein the RP client guards the session resource, instructing the user agent to authenticate with the RP client by employing a non-RTCWEB identity protocol to access the session resource, receiving authentication results from the non-RTCWEB compliant IdP server via the RP client, and sending an RTCWEB authentication to the user agent via the session resource.

Abstract: An example touch key system may include a master device, one or more carrier devices and protected devices, and a server. The master device may automatically detect a predefined trigger action. In response, the master device may automatically generate a carrier device credential and a corresponding cloud credential. The master device may then automatically send the cloud credential to the server. The master device may also automatically detect the carrier device in electrical communication with the master device. In response, the master device may automatically determine whether the carrier device credential from the key pair is intended for the carrier device. If so, the master device may automatically transfer the carrier device credential to the carrier device. The carrier device may use the carrier device credential to obtain access to the protected device. Other embodiments are described and claimed.