Abstract: A data processing method and apparatus, where the method includes acquiring a first network data packet that is sent by a target application that runs in an untrusted execution domain, where the first network data packet includes a first identifier; acquiring, in a trusted execution domain, first data corresponding to the first identifier; generating, in the trusted execution domain, a second network data packet according to the first data and the first network data packet; performing, in the trusted execution domain, encryption on the second network data packet by using a first session key to acquire an encrypted second network data packet; and sending the encrypted second network data packet to the target server. The data processing method and apparatus in the embodiments of the present invention can effectively prevent an attacker from stealing data.

Abstract: A method and system for authenticating a user at a first computer to first and second applications installed in a second computer. The second computer receives from the user a first request to access the first application, and in response, the second computer redirects the first request to a third computer, and in response, the third computer determines that the user was previously authenticated and so notifies the second computer, and in response, the second computer returns a first session key to the third computer. The first session key enables a session with the first application but not with the second application. A second session key was sent by the third computer to the first computer after the third computer received the first session key from the second computer. The second session key enables a session with both the first application and the second application.

Abstract: A system and method for managing pestware on a protected computer is described. The method in one variation includes monitoring events during a boot sequence of the computer; managing pestware-related events before native applications can run and after a kernel is loaded; managing pestware-related events when native applications can run; and scanning a registry of the computer for pestware when native applications can run. In variations, a pestware management engine is initialized after an operating system of the protected computer is initialized and the pestware management system both receives an event log of the monitored events and compiles the set of behavior rules utilized by kernel-level monitor.

Abstract: A security authentication method, device, and system are provided. A first device and a second device perform security authentication by using a first mapping key and a second mapping key, where the first mapping key is generated according to an initial key of the first device and a first predetermined algorithm, the second mapping key is generated according to an initial key of the second device and the first predetermined algorithm. A device in embodiments of the present invention performs security authentication by using a mapped initial key, which can increase the difficulty for an attacker to acquire a key, thereby improving security of a wireless network connection.

Abstract: For authenticating at least one terminal requesting access to at least one resource, an authentication server performs: obtaining for each terminal at least one piece of authentication information; transmitting to a gateway device at least one checking function, or coefficients thereof. Each piece of authentication information is representative of a value such that, when inputted to respective checking function(s), the checking function(s) return(s) a predefined value.

Abstract: A process is provided for communication security certificate revocation status verification by using the client device as a proxy in online status verification protocol. The process utilizes a nonce of an authentication protocol request message (nonce_A) to derive the nonce for the revocation status protocol request (nonce_S) to reduce the number of message exchanges needed between the client and the verifier devices, and a mechanism to send the nonce (nonce_S) prior to actual authentication protocol execution to ease the connectivity requirement of client device from on-demand connectivity to periodic connectivity. Similar functionality is achieved using a random seed established between the verifier and client. The verifier picks a seed for random number generation and sends that seed to the client. The client derives the nonce_S from the seed before status protocol execution, and the verifier derives the nonce_S from the seed before proxied status response verification.

Abstract: A prompt for input data in a user interface (UI) is detected. An input window to receive the input data is presented, and the input data is received via the input window. The input data is encrypted by the input window, and the encrypted data is stored to a memory. A copy of the stored encrypted data is forwarded to a server device. In one example, portions of the encrypted data may be forwarded to the server device in separate transmissions.

Abstract: A learning management system and method. Controllable devices, generally intended for students of a smart classroom, are each operable in a locked configuration and in an unlocked configuration. A controller device, generally intended for a teacher of a smart classroom, is configured to send command signals over a communication network. A server system interprets and handles communications between the controllable devices and the controller device such that when a locking signal is sent from the teacher's controller device, the server system sets each of the controllable devices to the locked configuration in which the user interface of each controllable device is controlled by the controller device, and when an unlocking signal is received from the teacher's controller device, the server system sets each of the controllable devices from the locked configuration to the unlocked configuration in which the user interface is operable independently of the controller device.

Abstract: Systems or methods can be used to detect evidence of tampering. The tampering can be physical tampering, such as the turning of a screw, or removal or modification of an electronic component. In some examples, a tamper detection value can be determined from a tamper detection device and compared to a predetermined tamper detection value to determine if tampering is indicated. The system can, upon detection of the tampering, halt an operation, disable device or circuit functionality, disable future operations, physically disable a device, or any combination thereof.

Abstract: A method for providing evidential data is disclosed. The method includes establishing one or more first secret tokens with a server; obtaining one or more data items from one or more sensors; modifying the one or more data items with at least one of the one or more first secret tokens to provide one or more modified data items; generating a respective first hash value for each of the one or more modified data items; generating a second hash value for a data set including each of the one or more data items; and transmitting the one or more data items, the one or more first hash values, and the second hash value to the server.

Abstract: A system and method helps to control “read” and/or “write” access to electronic paper (e-paper). Informational data may be on a restricted portion of e-paper material that is protected by a security methodology accessible to authorized entities. Some embodiments maintain a record of access activity regarding the restricted portion, and a record of access activity regarding use of an item or product or service related to the e-paper informational data. Some implementations include an authorization listing of a party having a particular access privilege or authorization to make modifications to various restricted portions including an authentication region and a protected region. One possible aspect includes performing a verification analysis of data indicia in a restricted portion of the e-paper media. Additional possible system and process components may determine an authenticity status of the data indicia, and provide an output result.

Abstract: A content management system implementing methodologies providing retroactive shared content item links is disclosed. The content management system and methodologies allow a team administrator of a team to configure a team-wide shared link policy that determines whether non-team members can access content items associated with team accounts using shared links generated for the content items by team members. The team shared link policy has two settings. In a first setting, the content management system allows non-team members to use shared links generated by team members to access content items associated with team accounts. In a second setting, the content management system blocks access to the content items by non-team members. Shared links are retroactive in the sense they do not need to be regenerated after the team shared link policy has been changed from the second setting back to the first setting.

Abstract: A computer system and method are provided to intercept a task from a primary user account 121 prior to execution of the task by the computer device 200, where the task relates to an untrusted content. A task isolation environment 350 is provisioned for executing the task, including programmatically creating a secondary user account 121b on the computer device. A mapped network drive 420 of the primary user account 121 is determined and is automatically provisioned in the secondary user account 121b. Access to the mapped network drive 420 is controlled by an agent 300 on the computer device 200.

Abstract: Disclosed is a structure that includes: an information processing apparatus that stores content into an information storage device such as a memory card including an access allowed block based on an access right check made on each block, and uses the content; a content usage managing server that provides content usage permission information to the information processing apparatus; and a content correspondence information providing server that provides the encryption key to be used in decrypting the encrypted content stored in the information storage device. The content usage managing server determines the block for storing the encryption key and notifies the content correspondence information providing server of a block identifier that is the identifier of the determined block, and the content correspondence information providing server performs a process to write the encryption key into the block corresponding to the received block identifier.

Abstract: Remote computing resource service providers allow customers to execute one or more applications in a virtual environment on computer systems provided by the computing resource service provider. The customer applications are generally executed by multiple virtual machine instances working together. The virtual machines may be managed by a hypervisor executing on computer systems operated by the service provider. These computer systems may be vulnerable to intrusions and other malicious attack, thereby exposing the virtual machines and corresponding customer applications executing on the computer systems. A monitoring device may be used in one or more of the computing systems, operated by the service provider, in order to monitor and prevent a variety of different attacks.

Abstract: In an example embodiment, a system determines a set of instructions from the available instructions for a computer application. The determined set of instructions provides specific functionality of the computer application. The system may determine the set of instructions by performing functional testing and negative testing on the specific functionality. The system may reorganize and randomize the set of instructions in memory and write the reorganized set of instructions to a smaller memory space. For each available instruction not in the set of instructions, the system changes the respective instruction to inoperative to prevent execution of the respective instruction. The system may change the respective instruction to inoperative by overwriting the instruction with a NOP instruction. The system then captures a memory address of the computer application being accessed at runtime.

Abstract: There is provided an authentication control system including an acquisition unit configured to acquire information detected by a sensor, an evaluation unit configured to evaluate suitability for use of each of one or more sensors in environmental conditions indicated by the information, and an authentication mode selection unit configured to select an authentication mode from among a plurality of authentication modes based on an evaluation result obtained by the evaluation unit, each of the authentication modes using any one of the one or more sensors.

Abstract: A machine has a processor and a memory connected to the processor. The memory stores instructions executed by the processor to receive an email account request, a name and a public key. A selected domain name is designated from a group of available domain names. A user name is generated based upon the name. An email account is formed using the user name and the selected domain name. The public key is stored.

Abstract: Key information that is currently in use is archived in a management server to prevent the key information from being lost. A storage device 10 is communicatably connected to a management server 60 managing key information 1. The storage device includes a memory device 21, and a controller 100 controlling the memory device. The controller implements encryption processing on data inputted and outputted to and from the memory device by using the key information. When stoppage of an operation is indicated, the controller determines whether the key information used by the controller is managed by the management server, stops the operation in a case where the key information is managed by the management server, and does not stop the operation in a case where the key information is determined not to be managed by the management server.

Abstract: An obfuscated program can be configured to resist attacks in which an attacker directly calls a non-entry function by verifying that an execution path to the function is an authorized execution path. To detect an unauthorized execution order, a secret value is embedded in each function along an authorized execution path. At runtime, the secrets are combined to generate a runtime representation of the execution path, and the runtime representation is verified against an expected value. To perform the verification, a verification polynomial is evaluated using the runtime representation as input. A verification value result of zero means the execution path is an authorized execution path.