Abstract: Telemetry data concerning web pages that users attempt to access containing fields prompting entry of personal information is received from many client computers over time. Based on the telemetry data, it is determined which fields prompting entry of personal information are expected to be present on specific web pages. The fields prompting entry of personal information on web pages users attempt to access are compared to the fields expected to be present. When a specific user attempts to access a specific web page in real-time, it can be adjudicated on-the-fly that the web page is suspicious, based on the web page containing at least one unexpected field. Correlations between web pages containing specific unexpected fields and the hygiene ratings of the users attempting to access the web pages when the unexpected fields are encountered can be tracked and taken into account in the adjudication of web pages.

Abstract: There is described a method of controlling application access to predetermined functions of a mobile device (240), the method comprising (a) providing a set of keys, each key corresponding to one of the predetermined functions, (b) receiving (225) an application from an application provider (220, 221, 222, 223) together with information identifying a set of needed functions, (c) generating a signed application by signing the received application with each of the keys that correspond to one of the needed functions identified by the received information, and (d) transmitting (227) information identifying the needed functions and the signed application and a set of access rules to a Secure Element of the mobile device (240). There is also described a device for controlling application access and a system for controlling and authenticating application access. Furthermore, there is described a computer program and a computer program product.

Abstract: The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM.

Abstract: Content inspection techniques are described. In one or more implementations, it is detected that an application executing on a computing device is calling a particular code element of a group of code elements to be used to process content. For example, the group of code elements can include a pre-specified group of code elements (e.g., functions and/or properties) that may enable access to particular functionalities of a computing device and thus are associated with a known security risk. It is then ascertained that the content is untrusted and, in response to ascertaining that the content is untrusted, the content is inspected to determine if the content is safe to be passed to the code element.

Abstract: A method for protecting a security module equipping a telecommunication device equipped with a near-field communication router, against an attempt of diversion of a communication channel between a gate of this security module and a gate of the router, wherein, for each request from the router to the security module, the module verifies the rights of access to the information that is contains according to the origin of the request.

Abstract: Methods, devices, and systems for conducting a checkless cash access settlement are provided.

Abstract: A case includes a main body, a protective frame, and at least one fixing member. The main body includes a first mounting portion and a second mounting portion rotatably connected to the first mounting portion. The protective frame is disposed on boundaries of the first mounting portion. The at least one fixing member is mounted on the first mounting portion and the second mounting portion. The first mounting portion and the protective frame jointly define an accommodation space to receive a reader, the second mounting portion secures a portable electronic device communicating with and separates from the reader. The first mounting portion rotates relative to the second mounting portion to be secured on the second mounting portion via the at least one fixing member.

Abstract: An automated method for authenticating a proving device to a verifying device involves an elliptic curve formula (ECF) for a predetermined elliptic curve associated with a proving device. According to one example method, the prover sends the verifier a message containing a first proof value (P2). The verifier determines whether P2 is a point on the elliptic curve associated with the proving device. If P2 is not on the elliptic curve, the verifier may determine that the proving device should not be trusted. The message may further comprise a second proof value (K1), and the verifier may automatically determine whether K1 corresponds to P1, based on a previous point (P0) on the elliptic curve. If K1 does not correspond to P1, the verifier may determine that the proving device should not be trusted. Other embodiments are described and claimed.

Abstract: Devices, systems, and methods for conducting trusted computing tasks on a distributed computer system are described. In some embodiments, a client device initiates a trusted task for execution within a trusted execution environment of a remote service provider. The devices, systems, and methods may permit the client to evaluate the trusted execution capabilities of the service provider via a planning and attestation process, prior to sending data/code associated with the trusted task to the service provider for execution. Execution of the trusted task may be performed while enforcing security and/or compartmentalization context on the data/code. Systems and methods for managing and exchanging encryption keys are also described. Such systems and methods may be used to maintain the security of the data/code before during, and/or after the execution of the trusted task.

Abstract: In a system that performs communication between master and slave, the device better suited as the master device is not always the master device, since the device that initially constructs the network becomes the master device. A device that enters the network later transmits a restart request on detecting the master device, and if a restart permission is received, the device transfers to a restart state and transmits a master inquiry before the device that was the master device up until that point. Thus, a device that newly enters a network is able to operate as the master device even if a master device already exists in the network.

Abstract: An authentication method for trusted communication between a first party (A) and a second party (B) is intended to be efficient and secure. For this purpose, provision is made to combine password-based authentication and certificate-based authentication. For certificate-based authentication, the first party (A) has a static key pair consisting of a private static key and a public static key and a certificate for the public static key issued by a certification body (C). The certification body (C) is assigned a public key which is known by the second party (B). During the certificate-based authentication, the party A calculates a transformation between its own ephemeral key pair from the password-based authentication and its own static key pair from the certificate-based authentication so as to obtain a transformation parameter for carrying out the transformation.

Abstract: A medium processing device includes: a cylindrical drum; an inner tape that is withdrawn from an inner reel and are wound onto the drum; an outer tape that is withdrawn from an outer reel and are wound onto the drum together with the inner tape with a paper medium interposed therebetween; a contrasting region that has contrasting physical properties, and that is formed at a terminal-end portion of at least one of the tapes; a detection section that detects the physical properties on a contrasting tape that is one of the tapes formed with the contrasting region; and a controller that controls rotation of the drum based on a detection result of the detection section, wherein a normal tape that is one of the tapes not formed with the contrasting region, has a length that is longer than that of the contrasting tape by an additional length.

Abstract: A computer-implemented method for secure third-party data storage may include (1) identifying, at a server-side computing system, a data access request from a client system to access an encrypted file stored under a user account, (2) receiving a long poll request from the client system, (3) identifying an asymmetric key pair designated for the user account, the asymmetric key pair including an encryption key and a decryption key that has been encrypted with a client-side key, (4) responding to the long poll request with a message notifying the client system to transmit the client-side key, (5) receiving, from the client system, the client-side key, (6) decrypting the decryption key with the client-side key, and (7) using the decryption key to access an unencrypted version of the encrypted file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An integrated circuit is provisioned after the integrated circuit has been sold and integrated into a customer's product. During provisioning, the integrated circuit is booted in a secure manner using a security value, such as a cryptographic key, owned by a manufacturer of the integrated circuit, or by a purchaser of the integrated circuit, to establish a secure communications channel with a provisioning server. Once the secure communications channel is established, the integrated circuit can be provisioned with a security value that is owned by the purchaser of the integrated circuit and the manufacturer's security value is disabled.

Abstract: Updating a central repository with information about malware resident upon a computer system. Upon detecting the malware executing in a virtual machine, a software module, without manual instruction, sends malware manifest data to a central repository over a network. The malware manifest data may comprise a copy of the malware and data identifying or comprising a set of files infected by the malware. The central repository may receive, over a network from at least two computer systems, distinct sets of malware manifest data and may subsequently store the sets of malware manifest data.

Abstract: A message including a digital signature is received at a processor. It is determined whether a specific authorized certificate issuer is configured for a message originator within a data protection policy. In response to determining that the specific authorized certificate issuer is configured for the message originator within the data protection policy, it is determined whether a message originator certificate used to generate the digital signature is issued by the configured specific authorized certificate issuer.

Abstract: Document personalization machines with a mechanism designed to operate as an in-line document puncher/voider. The document personalization machine includes a document personalization mechanism that performs a personalization operation on the document, a document transport mechanism that transports the document along a document path through the document personalization machine and a document punch mechanism that creates a punch hole on the document. The document can be, for example, a card such as a financial (e.g. credit and debit) card, drivers' license, and a national identification document, or another documents such as a passport. A punched hole can, for example, indicate that the document is void, destroy a magnetic stripe, integrated circuit chip or other information storage medium on the document, or provide access for a lanyard, a key ring and the like.

Abstract: Provided is a rim exchange apparatus of a tire testing machine having a simple and space-saving configuration and capable of rotating a turntable having a plurality of rim placing parts with no interference and appropriately identifying a plurality of rim assemblies set on the turntable. A turntable is installed to be rotated about a rotary shaft with respect to the support part, a plurality of rim placing parts on which a rim assembly is placed are provided to the turntable about the rotary shaft, and reading parts are attached to the support part at a lower side of the turntable. Then, the reading parts read rim identification information of the rim assembly placed on the rim placing parts through the turntable at a predetermined reading position. Accordingly, the identification information of the rim assembly can be appropriately read with no interference with rotation of the turntable.

Abstract: A method for manufacturing a card (102) based on a substrate (101), the method comprising a step of defining the perimeter of the card (102) within the substrate (101), the method also comprising a step of chamfering on a portion of the perimeter of the card (102) so that on completion of the perimeter definition and chamfering steps the physical dimensions of the card (102) are compliant with the parameters A, Ai, B, Bj, C2, C3, and Rm defined by that Micro SD card standard designated V3.00, wherein: i=1, 6 . . . 8; j=1, 4, 10, 11, x, y (the pair [x,y] being equal to [6,9] or to [14,15]); and m=1 . . . 6, 17 . . . 19, the physical dimensions of the card (102) also being compliant with the parameter A9 of the standard when x=6 and y=9.

Abstract: According to one embodiment, an authenticatee includes, a memory configured to store secret information XY, secret information XY which is created by multiply duplicating, at least twice, the secret information XY, and secret information XYE, a generation module configured to generate a random number A, a generation module configured to generate a random number D which is composed of at least a part of the generated random number A and a random number B which is received, a calculating module configured to generate data C by executing a compression calculated operation with respect to at least a part of the random number D and the secret information XY loaded from the memory, a generation module configured to generate data ?, and a bit-by-bit addition module configured to calculate an calculated result Z from the data ? and the data C.