Abstract: According to one embodiment, a device includes a second data generator configured to generate a session key (SKey) by encrypting a random number (RN) with the second key (HKey) in AES operation; a one-way function processor configured to generate an authentication information (Oneway-ID) by processing the secret identification information (SecretID) with the session key (SKey) in one-way function operation; and a data output interface configured to output the encrypted secret identification information (E-SecretID) and the authentication information (Oneway-ID) to outside of the device.

Abstract: In various example embodiments, a system and method for transferring the state of a first device to a second device are disclosed. An instruction to transfer a state of a first device to a second device is received. In response, information related to the state of the first device is packaged into a file. A type of connection to be used to transfer the state of the device is determined based on the connections available to the first device and the second device. The file containing the information of the state of the first device is transferred to the second device using the connection type. The file, when processed by the second device, causes the second device to reproduce the state of the first device.

Abstract: Sensitive pieces of information stored on an individual's device can be protected using a device identification system that applies, for each sensitive piece of information, a function that integrates an identifier of the individual with a respective sensitive piece of information to create a respective identity element. Each identity element can be signed with a signature to create a trust group. The identity element and signature can be uploaded to the individual's device using an application that is configured to provide a subset of the sensitive pieces of information in response to a query.

Abstract: An authentication method of a storage device includes an authentication device requesting an EID (Encoded IDentifer) from the storage device for authenticating the storage device, the authentication device receiving the EID and restoring original ID information by decoding the received EID, and finally the authentication device verifying, by using ID authentication information received from the storage device, individual ID information corresponding to use of the storage device included in ID information, wherein the ID information includes multiple pieces of individual ID information corresponding to the use of the storage device.

Abstract: Sensitive pieces of information stored on an individual's device can be protected using a device identification system that applies, for each sensitive piece of information, a function that integrates an identifier of the individual with a respective sensitive piece of information to create a respective identity element. Each identity element can be signed with a signature to create a trust group. The identity element and signature can be uploaded to the individual's device using an application that is configured to provide a subset of the sensitive pieces of information in response to a query.

Abstract: Techniques for execution-based license discovery and optimization. A method includes collecting execution information for one or more software processes on one or more servers in an operating system, mapping the collected execution information for the one or more software processes to one or more software products, determining usage of a software product in the operating system based on the mapping of the collected execution information for the one or more software processes to one or more software products, and identifying one or more software product license optimization opportunities based on a comparison of the determined usage of the software product in the operating system and an indication of all installations of the software product in the operating system.

Abstract: Cyber defense systems and methods protect an enterprise system formed of a plurality of networked components. Connectivity and relationship information indicative of connectivity and behavior of the components are collected. A relationship graph is created based upon the connectivity data and the relationship data, wherein nodes of the relationship graph represent the components and edges of the graph represent connectivity and relationships. At least part of the relationship graph is stored to form a chronology. The relationship graph and the chronology are analyzed to predict connectivity and relationship changes within the enterprise system, and a first anomaly is identified when the current connectivity and relationships do not match the prediction.

Abstract: A computer security vulnerability remediation system (CSVRS) is disclosed, including a CSVRS client communicatively coupled to a remediation server through a network. The CSVRS client includes software having a security vulnerability, which vulnerability may be known to malicious actors who develop an exploit. In some cases, the exploit is a “zero-day exploit,” meaning the vulnerability may not be known to the CSVRS client until the exploit is deployed. A RSP receives information about the exploit and vulnerability from a team of remediation experts. The RSP may prepare a remedial exploit, which carries a self-healing pay load. The remedial exploit may be delivered either through the vulnerability itself, or through credentials granted by the CSVRS client to the RSP. The self-healing pay-load takes appropriate action, such as closing ports or disabling scripts, to prevent the vulnerability from being further exploited.

Abstract: The storage section of the multifunction peripheral stores location information containing a storage location of software which transmits a control command whose execution is permissible. The execution permission judging section of the multifunction peripheral includes (I) a storage location detecting section which detects a storage location of software which has participated in a transmission of a received control command and (II) a command permitting/prohibiting section which (i) prohibits execution of the received control command when a storage location indicated by the location information is not detected by the storage location detecting section but (ii) permits execution of the received control command when the storage location is detected by the storage location detecting section.

Abstract: A method is provided for updating identity data on devices. The method provides for acquiring a device comprising a component associated with a component identifier and having a One Time Programmable Key installed on the component, submitting the component identifier and the One Time Programmable Key to an External Trust Authority, receiving new identity data tied to the component identifier from the External Trust Authority that is encrypted with the One Time Programmable Key, loading the new identity data onto an Update Server, receiving a request at the Update Server from the device that requests new identity data, and providing the new identity data upon receipt of the request, upon which the device decrypts and installs the identity data using the One Time Programmable Key installed on the component within the device.

Abstract: This specification relates to a mobile terminal capable of executing a lock state of restricting a touch input and a control method thereof. The control method for the mobile terminal, which displays a lock screen in the lock state of restricting an input of a control command for an application, includes displaying an execution screen of an application on the lock screen, and controlling the lock screen based upon a touch input detected in the lock state.

Abstract: A method and apparatus are provided for access credential provisioning. A method may include receiving, at a first mobile apparatus, information about a second mobile apparatus. The first mobile apparatus may be provisioned with network access credential information to be transferred from the first mobile apparatus to the second mobile apparatus. The method may further include causing the information about the second mobile apparatus to be provided to a provisioning apparatus for the network. The method may additionally include receiving authorization form the provisioning apparatus to transfer the network access credential information from the first mobile apparatus to the second mobile apparatus. The method may also include, in response to receipt of the authorization, causing the network access credential information to be provided to the second mobile apparatus. A corresponding apparatus is also provided.

Abstract: The invention relates to systems, methods and computer-readable media for controlling access to compute resources in a compute environment such as a cluster or a grid. The method of providing conditional access to a compute environment comprises associating a required service level threshold with a compute environment, associating a service level with a requestor, receiving a request for access to the compute environment from the requestor; and, if the service level of the requestor meets the specified service level threshold, then allowing access to the compute resources. The threshold-based access may be enforced by reservations, policies or some other method.

Abstract: The invention proposes methods and devices for managing domains. The domains comprise a plurality of member devices, and the method comprises the steps of: storing (S500, S501), by a first domain manager (M1), domain management information (P1, P2, P3, P4 and P5) in said plurality of member devices; and obtaining (S510, S511), by a second domain manager (M2), said domain management information from at least one of said plurality of member devices. In comparison with the prior art, where the domain management information is maintained in the domain authority, the embodiment decreases the work load of the domain authority and provides conveniences.

Abstract: A temperature key includes a temperature sensor, a microprocessor chip, a storage device, a port, a record button and an enter button. When the temperature key is connected to a computing device and the record button is pressed, the temperature sensor is triggered to record a temperature signal input by a user. The microprocessor chip converts the temperature signal into a password, stores the password in the storage device, and sends the password to the computing device to lock the computing device. When the temperature key is connected to the computing device again and the enter button is pressed, the microprocessor chip retrieves the password from the storage device and sends the password to the computing device. The computing device is unlocked in response to determining that the received password matches the password stored in the computing device.

Abstract: Provided are a secure transmission method and apparatus for transport stream (TS). The method is applied to a receiving terminal of a digital television broadcasting system, comprising: after receiving a TS, a first device in the receiving terminal encrypts the received TS using a key already negotiated with a second device in the receiving terminal and utilizing a determined encryption algorithm, and sends the encrypted TS to the second device in the receiving terminal; after receiving the encrypted TS, the second device in the receiving terminal decrypts the received encrypted TS using the key and utilizing a decryption algorithm corresponding to the encryption algorithm. Using the present invention can protect the security of the TS transmission.

Abstract: A method, apparatus and program storage device for program verification in an information handling system in which an application program runs on an operating system having a signature verification function for verifying a digital signature of the application program. Upon loading of the application program, the signature verification function of the operating system verifies the digital signature of the application program and, if the digital signature is verified, initiates execution of the application program. Upon initiation of execution of the application program, a verification testing function associated with the application program tests the signature verification function of the operating system by presenting to it a sequence of test digital signatures in a specified pattern of true and false signatures. If its test of the signature verification function of the operating system is successful, the application program initiates normal execution.

Abstract: Provided are an anti-malware (AM) system, a method of processing data in the AM system, and a computing device including the AM system. The AM system includes a hardware-based AV engine configured to perform hash matching on data for AV scanning of the data, and an AV function module configured to determine whether or not the data includes a virus pattern on the basis of a result of the hash matching.

Abstract: A method of operating a computing device that allows inspecting data that the device attempts to transmit over a network in an encrypted form for presence of malware, viruses or confidential information. The method includes intercepting a request from an application to an encryption component of an operating system to encrypt the data and acquiring encrypted data generated by the encryption component in response to the request. SSL or TLS protocol may be used for encryption. The request may be intercepted using API hooking. The data in an unencrypted form and an identifier of the encrypted data may be provided to a data inspection facility for establishing a correspondence between the unencrypted and encrypted data, using the identifier. The data inspection facility performs inspection of the unencrypted data to determine whether to allow transmission of the encrypted data over the network.

Abstract: A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access by an unauthorized user (such as, for example, a retail store, a service station, an on-line service provider or merchandiser, a healthcare provider, a medical insurer, an information consumer or the like) to the secured resource; a means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester.