Abstract: An electronic communication evaluating device determines a suspicion level for an initial electronic communication. The initial electronic communication is addressed to an addressed entity that is associated with an electronic communication receiver. In response to the suspicion level exceeding a predetermined level, a communication switching device reroutes the initial electronic communication from the addressed entity to a cognitive honeypot. The cognitive honeypot transmits, to the electronic communication transmitting system, emulation electronic communications that emulate the addressed entity until a predefined state of the communication session occurs.

Abstract: The present invention is related to a method, apparatus, and computer program product, in which a password-based digest access authentication procedure is used for performing authentication between a client and a server, wherein the authentication procedure is secured by at least one of modifying a digest-response parameter with a user password and generating a bootstrapped key based on the user password and at least one fresh parameter not used in a previous protocol run between the client and the server.

Abstract: Methods and systems are provided for facilitating access to a cloud-based logging service. According to one embodiment, access to a cloud-based logging service is integrated within a network security appliance by automatically configuring access settings for the logging service and creating an account for the security appliance with the logging service. A log is created within the logging service by making use of the automatically configured access settings and the account. A request is received by the security appliance to access data associated with the log. Responsive thereto and without requiring separate registration with the cloud-based logging service, the data is retrieved by the security appliance from the logging service and is presented via an interface of the security appliance.

Abstract: Provided are an authentication method and an apparatus for the method. An authentication method includes generating, at a terminal, an identifier (ID)-based secret key using an ID of a user of the terminal and key generation factors exchanged with a server, encrypting, at the terminal, a password of the user using a symmetric key encryption algorithm taking the generated secret key as a symmetric key, and requesting authentication for the terminal user by transmitting the encrypted password to the server, and receiving, at the terminal, a response to the authentication request from the server.

Abstract: An access control list lockout prevention system includes a network. A first administrator Information Handling System (IHS) is coupled to the network. A networking device is communicatively connected to the first administrator IHS through the network. The networking device is configured to receive an access control list instruction from the first administrator IHS. The networking device then determines that at least one administrator IHS that is communicatively connected to the networking device will lose access to the networking device in response to execution of the access control list instruction. In response to determining that the at least one administrator IHS will lose access to the networking device in response to execution of the access control list instruction, the networking device provides a warning message for display on the first administrator IHS.

Abstract: Enforcing access control to individual extensions of services in a multi-tenant cloud environment by initializing objects for the extension based on public and private configuration files with service access rules that are merged is described. This allows third party vendors to specify payment rules for their own extensions while securely keeping the core extension configuration files. Tenants of the multi-tenant cloud environment can pick and choose which services to purchase, and the cloud environment automates the process of accessing the service using the third-party developer's tenant access list rules.

Abstract: A method comprises sending a set of values from a first party to a second party, the set of values being usable to compute a solution to a first problem involving inversion of a first one-way function. The method further comprises receiving a given value from the second party and utilizing the given value as an input for computing a solution to a second problem involving inversion of a second one-way function, wherein a valid solution to the second problem uses as input a valid solution to the first problem.

Abstract: Programmable devices selectively allocate file content portions between cloud and secured hardware device storage mediums. A confidential portion of a first file is stored as a second file on a first device, and a remainder portion of content of the first file that is different from the confidential portion and is not designated as confidential is stored on a cloud storage system. A uniform resource indicator is generated that includes a routing identifier to the first device, and a section routing identifier to the second file stored on the first device. A revised version of the first file is stored to the cloud storage system wherein the confidential portion of the first file is replaced with the generated uniform resource indicator within the revised version of the first file at a location of the confidential portion within the content of the first file.

Abstract: There is disclosed a method in which information relating to a sequence of instructions of a thread is examined to determine a security condition of the thread. It is further determined by using the security condition which processor core of a multicore processor has an appropriate security mode to fulfil the security condition. If the determining indicates that one or more processor cores of the multicore processor has the appropriate security mode are available, one of the one or more processor cores is selected as a potential processor core to execute the sequence of instructions of the thread. There is also disclosed an apparatus and a computer program product to implement the method.

Abstract: A semiconductor device having a plurality of on-chip processors, a plurality of key RAMs, a plurality of key RAM controllers, a fuse bank, a fuse bank controller and a boot controller is described. The boot controller is arranged to, in a first programming stage, allocate a first array of fuses in the fuse bank in dependence on the size of a first device key for storing the first device key in the fuse bank and, during boot-time, provide the first device key to a first key RAM controller. The fuse bank controller is arranged to program the first array of fuses with the first device key in the first programming stage, provide the first device key to the boot controller during boot-time, and prevent access to the first device key in the fuse bank during run-time. The first key RAM controller is arranged to, during boot-time, store the first device key in the first key RAM, and, during run-time, restrict access to the first device key in the first key RAM to exclusive access by the first on-chip processor.

Abstract: A measuring device has a consumption measurer to measure a consumption of at least one target equipment at every unit time within a predetermined measurement area, a consumption storage to store the measured consumption, a secret key storage to store a secret key shared with a key management device, an encryption key updater to update an encryption key at every predetermined period based on the secret key and time information, an encryption key storage to store the encryption key, an encryptor to generate encrypted data by encrypting the consumption using the encryption key stored in the encryption key storage, an encrypted data storage to store the encrypted data, and a communication controller to control transmission of the encrypted data, which is stored in the encrypted data storage, to a total consumption detecting device.

Abstract: A method of accepting a remote access at a target machine from a source machine may include receiving a login request at the target machine from the source machine, wherein the login request includes a user identification for the target machine. Responsive to accepting the login request, a session may be provided between the source and target machines using the user identification for the target machine. In addition, a user identification for the source machine may be received, and the user identification for the source machine may be locked at the target machine so that the user identification for the source machine is associated with target machine actions relating to the session between the source and target machines. For example, the user identification for the source machine may be received as an environment variable.

Abstract: To securely transmit content through remote access via an external network, such as a WAN, while exceeding restrictions of an RTT and a TTL. A way of handling a flag for controlling remote access of content is explicitly defined, and an authentication method is explicitly defined when a content using device performs remote access. Thus, also in remote access, similarly to access of the related art in a household, a copyright protection environment of content based on the DTCP-IP is constructed.

Abstract: The present invention discloses a method and a system for performing scanning and killing on browser bookmarks, the method comprising: receiving, by a browser background server, a synchronization request that includes a user account and bookmark web addresses from a browser client; storing, by the browser background server, the bookmark web addresses correspondingly to the user account; and receiving a cloud scanning and killing instruction that includes the user account from the browser client, performing risk scanning and killing on the bookmark web addresses which the user account corresponds to, determining a risky web address, and feeding back a scanning and killing result that includes the risky web address to the browser client, by the browser background server. The solutions of the present invention can improve security of the browser bookmarks, and save storage spaces of a terminal device where the browser client resides.

Abstract: An interactive streaming media and application service provider system can securely stream high resolution, multiple formats of video and data. Different data sets can be included in a single stream. A rights management system controls matrix manipulation and other aspects of user control of the data, including one or more of rendering in various different 2D, 3D, or other media formats, reconstruction and modeling, zooming, frame grab, print frame, parental controls, picture in picture, preventing unauthorized copying, adapting to different data transmission formats, adapting to different resolutions and screen sizes, and actively control functionality contained in embedded data, encryption/decryption. Control can be exerted by an external entity through a user-side virtual machine. Control codes can optionally be embedded in the media, embedded in the user's device, and/or sent separately to the device.

Abstract: Exemplary methods for performing authentication by a first network device of an inter-chassis redundancy (ICR) system, the ICR system comprising the first network device communicatively coupled to a second network device of the ICR system, includes in response to determining to transmit an ICR message to the second network device, generating the ICR message by generating a first and second authentication digest. In one embodiment, the methods include encrypting a payload of the ICR message, and transmitting the ICR message that includes the first and second authentication digest to the second network device. In another aspect of the invention, the methods include receiving an ICR message from the second network device and performing a first level authentication of the received ICR message. The methods further include in response to determining the first level authentication is successful, performing a second level authentication of the received ICR message.

Abstract: Methods and systems are provided for facilitating access to a cloud-based logging service. According to one embodiment, access to a cloud-based logging service is integrated within a network security appliance by automatically configuring access settings for the logging service and providing a basic level of service from the logging service by registering a user account for the security appliance with the logging service. A log is transparently created within the logging service by making use of the automatically configured access settings and treating the logging service as a logging device. A request is received by the security appliance from an administrator to access data associated with the log. Responsive thereto and without requiring separate registration of the administrator with the cloud-based logging service, the data is transparently received by the security appliance from the logging service and is presented via a graphical user interface (GUI) of the security appliance.

Abstract: A password audit system is provided for determining the strength of user passwords in a computer system, application or network to which users have access via a user identification and password. The password audit system may include: an interface for establishing a data connection between the password audit system and the computer system, application or network, configured to retrieve cipher text user passwords stored thereon; a central processing unit, configured to successively generate different plain text passwords, encode them into corresponding cipher text passwords, and compare the encoded cipher text passwords to a given one of the retrieved cipher text passwords, until a match is found or a predetermined time has elapsed; and data storage means for storing data relating to the strength of the user passwords, the strength being dependent on the employed method to generate the different plain text passwords and/or the time needed to find a match.

Abstract: A computer system, comprising: a virtual computer system and a verification system, the virtual computer system including: a deployment request reception part for receiving a deployment request; a server search part for searching for a server, for which a security strength equal to or larger than the security strength associated with target image data is set; a deployment instruction part for instructing the retrieved server to deploy the target image data; and a virtual computer management part for generating a virtual computer for executing an application on the retrieved server by using the target image data, and transmitting a integrity report, which is obtained on the boot of the virtual computer for executing the application and used to verify the integrity relating to the virtual computer for executing the application, to a verification server.

Abstract: Approaches for using the historical party reputation data to calculate an access decision rating are provided. Specifically, one or more approaches provide a method, including: collecting reputation information of a first user that is requesting access to one or more assets, the reputation information based on at least an association of the first user with an organization and an association of the first user with one or more other users associated with one or more other organizations; storing the requester's reputation information; determining a change in the requester's reputation information, wherein the change comprises at least one of: the first user forming a new association with another organization, and the first user forming a new association with a second user, wherein the second user is affiliated with another organization; and causing an access decision rating to be calculated based upon the determined change in the requester's reputation information.