Abstract: A keyboard device and a data communication method using the keyboard device. The data communication method includes generating, by the keyboard device, data that is a set of commands to be executed by a computer using a key input signal that is generated when a key is input, transmitting, by the keyboard device, the generated data to the computer, thus allowing the computer to execute each command corresponding to the data, and receiving, by the keyboard device, results of executing the command corresponding to the data from the computer, wherein the command includes a line coding method to be used when the computer transmits data to the keyboard device, and wherein the computer generates a toggle key signal to correspond to the line coding method and transmits the toggle key signal to the keyboard device.

Abstract: A system and method for the management of electronic credentials stored on mobile devices. The system may encrypt information that is provided to a lock device and an access control system using diversification keys. The diversification keys may be generated by supplying a master key and a component identifier such as, for example, a mobile device identifier, to a diversification algorithm. The mobile device may be a conduit for the communication of information between the access control system and the lock device. The mobile device may be unable to decrypt information that has been encrypted by a diversification key. Embodiments also provide for enrolling administrative mobile devices with the access control system, the distribution and revocation of credential identifiers for user mobile device, and removing administrative mobile devices that are enrolled with lock devices.

Abstract: A system and method for Media Resource Control Protocol (MRCP) access control for a mobile device. An entity requesting to utilize MRCP resources establishes a relationship with a MRCP resource provider. The MRCP resource provider maintains account information for the entity, and the entity receives a unique account number for identification purposes. The entity requests from the MRCP resource provider generation of at least one MRCP access PIN associated with the account information, and provides a data string associated with the MRCP access PIN to the MRCP resource provider.

Abstract: A method, system and software for assessing an entity (15) at a first user terminal (13) connected to a data network (10). A control system (11) is used to receive an access request (101) from the entity (15) or an assessing user (16) at a second user terminal (14). The control system (11) invokes or facilitates transmission of a time-delimited sequence of unpredictable prompts (18) to the entity (15) for a performance of visible prompted actions (20). A video recording (21) of the prompted action performance is stored in a data store (61) and the control system performs an automated assessment of the video recording (21) by a gesture recognition system (67d) and generates an assessment signal respectively including a positive or negative indication of whether or not said entity (15) validly performed said prompted actions.

Abstract: A user manages security of one or more user devices by manipulating one or more sensors located in the user's mouth in a predetermined pattern corresponding to a password. The matching of the predetermined pattern to the password unlocks at least a portion of at least one user device.

Abstract: A controller is provided which monitors/manages information terminals' access to a network within a secured site. A controller of the present invention includes: a storage device for storing security information about at least one or more information terminals received from the information terminals before accessing a network; and a processor for determining whether to permit access of an information terminal to the network based on the security information read from the storage device and access permission criteria on the security information, and generating a control signal for permitting or blocking the access of the information terminal to the network according to the determination result.

Abstract: A whitelist of hash values for applications is signed and encrypted by a remote device and the encrypted whitelist is securely delivered over a network connection to a second device as an encrypted whitelist. The second device decrypts the whitelist and validates the signature of the remote device for the decrypted whitelist. Hash values in the decrypted version of the encrypted whitelist are compared against dynamically computed hash values for the applications. Applications with matching hash values are permitted to execute on the second device.

Abstract: In one example, a method for searching data includes creating a set of tokens corresponding to data of an encrypted dataset, and then encrypting the tokens. Next, an encrypted search index is created that includes the encrypted tokens and that excludes any positional information concerning the data to which the encrypted tokens correspond. A query is then defined that includes one or more encrypted search tokens. Next, search results are received that identify any matches between the encrypted search tokens and the encrypted tokens of the encrypted search index. Finally, the data that corresponds to any identified tokens that match a token of the encrypted search index is decrypted.

Abstract: The present disclosure relates to a method and a device for controlling access to the Internet. The method includes: determining whether a smart device is able to support a Low Density Parity Check Code (LDPC) coding-decoding scheme, broadcasting information about a Wireless Local Area Network (WLAN) to the smart device through a LDPC coding-decoding scheme if it is determined that the smart device is able to support the LDPC coding-decoding scheme, detecting whether the terminal tries to communicate with a router through a LDPC coding-decoding scheme when accessing a WLAN is requested if the smart device is not able to support the LDPC coding-decoding scheme, in response to detection that the terminal would communicate with a router through a LDPC coding-decoding scheme: establishing connection with the router, and notifying the router to broadcast information about the WLAN through a non-LDPC coding-decoding scheme.

Abstract: Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Components used to implement fast smart card logon may also be used to implement a federated full domain logon. A virtual smart card credential, which may be ephemeral, may be issued based on the acceptance of an external authentication event. Example external authentication events include logon at a Security Assertion Markup Language (SAML) Identity Provider, smart card authentication over TLS or SSL, and alternative authentication credentials such as biometrics or one-time password (OTP) without AD password. Moreover, the certificate operation interception components from fast smart card logon may be used to enable interaction with the virtual smart card without fully emulating a smart card at the PC/SC API level.

Abstract: A system of a first network, which is intermediate a second network and a third network, connects a host of the second network to a host of the third network. The system includes at least one processor programmed to receive a domain name system (DNS) request for a hostname corresponding to the host of the third network from the host of the second network. An internet protocol (IP) address of the first network allocated and an IP address of the host of the third network is determined from the hostname. The allocated IP address is mapped to the determined IP address and the allocated IP address is returned to the host of the second network in response to the DNS request.

Abstract: The method comprising: capturing and removing a public unique identifier set by a Website (300) in a computing device (100D) of a user (100); monitoring, during a first time-period, web-requests the user (100) makes to obtain a web-behavioral profile of the user (300), and storing the obtained web-behavioral profile as a first vector; tracking, during a second time-period, the web-requests to examine the effect each web-request has on assisting the de-anonymization of the user (100), obtaining a second vector; classifying, the obtained second vector taking into account a computed similarity score parameter; creating and mapping, a corresponding private unique identifier for said captured public identifier; and executing, based on said mapping between the private and the public unique identifiers, an intervention algorithm for said web-tracker, that considers a configured intervention policy.

Abstract: Authenticating applications to a network service includes authenticating an application with a certificate to access a service provider over a logical connection between the application and the service provider and confirming that the application is using an authorized port of the service provider.

Abstract: Techniques are disclosed for securing backup operational data (e.g., of an aircraft) maintained by a line-replaceable unit (LRU) in a removable storage media device. The LRU generates a first encryption key. The LRU encrypts the operational data using the first encryption key. The LRU generates a second encryption key based on key data of at least a second LRU. The LRU encrypts the first encryption key using the second encryption key.

Abstract: Devices, systems, and methods of user authentication, as well as automatic differentiation between a legitimate user and a cyber-attacker. A system detects that two different accounts of the same computerized service, were accessed by a single computing device over a short period of time. The system may employ various techniques in order to determine automatically whether a legitimate user accessed the two different account, such as, a husband accessing his own bank account and shortly after that accessing also his wife's bank account, or a payroll company accessing bank accounts of two clients for payroll management purposes. Conversely, the system is able to detect that the same user exhibited the same pattern of interactions when operating the two accounts, a pattern of interactions that does not frequently appear in the general population of legitimate users, thereby indicating that the single user is a cyber-attacker.

Abstract: An information processing apparatus includes an authenticating section, a detecting section, and a processor. The authenticating section authenticates a user. When the authenticating section has authenticated a first user, the detecting section detects a second user in the vicinity of the information processing apparatus. The second user is different from the first user. When the detecting section detects the second user, the processor performs a predetermined process.

Abstract: Presented are systems and methods that allow hardware designers to protect valuable IP and information in the hardware domain in order to increase overall system security. In various embodiments of the invention this is accomplished by configuring logic gates of existing logic circuitry based on a key input. In certain embodiments, a logic function provides results that are dependent not only on input values but also on an encrypted logic key that determines connections for a given logic building block, such that the functionality of the logic function cannot be determined by reverse engineering. In some embodiments, the logic key is created by decrypting a piece of data using a secret or private key. Advantages of automatic encryption include that existing circuitry need not be re-implemented or re-built, and that the systems and methods presented are backward compatible with standard manufacturing tools.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. The methods include monitoring of user-side input-unit interactions, in general and in response to an interference introduced to user-interface elements. The monitored interactions are used for detecting an attacker that utilizes a remote access channel; for detecting a malicious automatic script, as well as malicious code injection; to identify a particular hardware assembly; to perform user segmentation or user characterization; to enable a visual login process with implicit two-factor authentication; to enable stochastic cryptography; and to detect that multiple users are utilizing the same subscription account.

Abstract: A method for encrypting a message by a host device includes requesting, by the host device, a message key from a secure device and generating, by the secure device, the message key using a secret key stored in the secure device and which is not communicated to the host device. The method further includes the prior steps of requesting, by the host device, a token from the secure device and generating the token by the secure device, and transmitting the token to the host device. The requesting, by the host device, of the message key includes transmitting the token. The generating, by the secure device, of the message key is preceded by checking the legitimacy of the token.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a cyber-attacker. An end-user device (a desktop computer, a laptop computer, a smartphone, a tablet, or the like) interacts and communicates with a server of a computerized server (a banking website, an electronic commerce website, or the like). The interactions are monitored, tracked and logged. Communication interferences are intentionally introduced to the communication session; and the server tracks the response or the reaction of the end-user device to such communication interferences. The system determines whether the user is a legitimate human user; or a cyber-attacker posing as a legitimate human user but actually utilizing a Virtual Machine.