Abstract: An attack handling location selection apparatus includes an acquisition unit configured to acquire traffic volumes of a plurality of first transfer apparatuses related to a path of an attack traffic, and a selection unit configured to assign priorities based on the traffic volumes to second transfer apparatuses extracted from the plurality of first transfer apparatuses based on comparison between the traffic volume of each first transfer apparatus and an upper limit value of a traffic volume capable of being handled by a protection apparatus configured to handle the attack traffic, and select, as a forwarding point of the traffic to the protection apparatus, a highest-ranking third transfer apparatus in the priorities. Thus, a forwarding point capable of increasing the likelihood that attack traffic is appropriately handled is selected.

Abstract: The present disclosure provides a terminal and a method for managing launch of an application of the terminal. The method includes: receiving a first indication from a user, wherein the first indication indicates that the launch of the application needs to be banned; in response to the first indication, setting the application to a launch-restricted state, wherein the launch-restricted state means that the application is prohibited from being launched by itself or by other applications; receiving a second indication from a user, wherein the second indication indicates that the launch-restricted state needs to be removed; and in response to the second indication, setting the application to a launch-allowable state, wherein the launch-allowable state means that the application is allowed to be launched by itself or by other applications.

Abstract: A system and method for providing secure access to an organization's internal directory service from external hosted services. The system includes a remote directory service configured to accept directory service queries from an application running on hosted services. The remote directory service passes the queries to a directory service proxy server inside a firewall of the organization via a secure connection service. The directory service proxy server passes the queries to the internal directory service inside said firewall. Request responses from the internal directory service pass through the directory service proxy server to the remote directory service through said firewall via the secure connection service. The remote directory service returns the response to the requesting application.

Abstract: Aspects of this disclosure include fuzzy inclusion based impersonation detection technology. In one embodiment, a reverse n-gram map is created for the list of protected entities. A suspicious string may be broken into n-grams, and each n-gram of the suspicious string is to be searched in the reverse n-gram map for corresponding protected entities. A fuzzy inclusion of a protected entity may be detected in the suspicious string depending on the protected entities found during the search. Subsequently, impersonation can be identified based on the characteristics of the fuzzy inclusion. In this way, the communication system can detect impersonation techniques using visually similar text, and accordingly take various actions to help user mitigate risks caused by impersonation.

Abstract: Storage medium and electronic device are provided in the instant application. An executable computer program is stored in the storage medium. The executable computer program is executed by a processor, including: receive and store a default identification information in an electronic device. Receive an identification request and a to-be-authorized identification information collected by the electronic device. Receive the default identification information from the electronic device. Compare the to-be-authorized identification information with default identification information. if they are determined to be matched, the to-be-authorized identification information being true, otherwise the to-be-authorized identification information being false. When identification information is authenticated, the identification information can be collected real-time because the default identification information is stored in the electronic device in advance.

Abstract: An embodiment of an electronic processing system may include a processor, persistent storage media communicatively coupled to the processor, a reconfigurable device communicatively coupled to the processor over a physically isolated trusted communication channel, a secure provisioner communicatively coupled to the processor and the reconfigurable device to provision a secure storage area and to securely store a remotely generated bitstream security key in the provisioned secure storage area, and a device configurer to configure the reconfigurable device with a remotely generated bitstream and the remotely generated bitstream security key. Other embodiments are disclosed and claimed.

Abstract: A mobile device has a private memory that stores multiple software programs including a trusted software program. A non-private memory stores copies of the software programs except the trusted software program. The mobile device can be set in a full non-private mode, a modified non-private mode, or a private mode. In the full non-private mode, the full non-private memory is restored with copies of the software programs stored at the private memory. In the modified non-private mode, only selected software programs are restored at the non-private memory with a copy from the private memory. In the private mode, the trusted software program at the private memory can be executed.

Abstract: Provided is a data registration system capable of efficiently registering data related to a vehicle while enhancing confidentiality. The data registration system includes an integration processing server and an integrated database server. The integration processing server creates a data mart having weather data, vehicle condition data, vehicle movement status data, fuel economy data, navigation data, a vehicle ID, and a user ID which are linked to one another and creates an encrypted data mart by encrypting the vehicle ID and the user ID in the data mart. The integrated database server stores the encrypted data mart as registered data in a storage region.

Abstract: In accordance with some embodiments, an apparatus for privacy protection is provided. The apparatus includes a housing arranged to hold a second device; one or more sensors, at least partially supported by the housing, operable to continuously collect biometric data of a user; an authentication neural network, operable to extract from the biometric data a plurality feature vectors associated with a plurality of identifiable scores; and a decision unit, coupled to the authentication neural network, operable to generate an authentication score as a function of the plurality of identifiability scores and the plurality of feature vectors, determine whether or not the authentication score satisfies an authentication threshold, and gate electronic access to the second device base on whether or not the authentication score satisfies the authentication threshold.

Abstract: A bundle of public counters and a corresponding bundle of private counters are created and transmitted to a user device. The user device receives a request and processes the request without accessing a secure element processor on the user device. The user device calculates a security code using the private counter and a number. The user device transmits the calculated security code and one of the bundle of public counters in response to the request. A receiver of the response to the request determines the validity of the public counter and looks up the corresponding private counter using the public counter. The receiver determines the validity of the security code by recomputing it using the private counter and the number.

Abstract: The present invention provides an identification key generating device and an identification key generating method. The identification key generating device comprises: a plurality of unit cells provided on a circuit in a semiconductor manufacturing procedure; a reading unit for reading for shorting of each of the unit cells; a digital value generation unit for determining the probability for the shorting of each of the unit cells, and generating a digital value of each of the unit cells on the basis of the reading for shorting from the reading unit; and a selection unit for selecting at least one of the plurality of unit cells, wherein an identification key is generated from a combination of respective digital values generated from the unit cells selected by means of the selection unit.

Abstract: The present invention relates to a method of secure generation by a client device A and a server device B of at least a RSA current signature and a RSA next signature with a private exponent component d of an RSA key, comprising: •a handshake phase (P1) comprising: a. receiving (S1) a handshake request comprising a hash of the next client value (pvA_next), b.

Abstract: Embodiments are directed to a method of transferring data between a customer site and a benchmarking site, including: receiving, from the customer site, encrypted packet data, wherein the packet data is encrypted using a first key of a key pair; storing the encrypted packet data, by the processor, in a first cache at the benchmarking site; decrypting the encrypted packet data in the first cache, by the processor, using a second key of the key pair; storing decrypted packet data, by the processor, in a second cache at the benchmarking site; indexing the decrypted packet data in the second cache; storing indexed packet data as a dataset in a permanent storage device; and performing a benchmarking session on the indexed packet data.

Abstract: Provided in some embodiments are systems and methods for determining a data flow path including a plurality of network devices for routing data from a first network device to a second network device; determining for the network devices one or more flow rules that specify an input for receiving data, an output for outputting data, and a role tag indicative of a role of a network device, where the role tag for one or more flow rules for a first network device of the network devices indicates a source role; distributing, to the network devices, the one or more flow rules; determining malicious activity on the data flow path; determining that the first network device is a source based at least in part on the role tag for the first network device; and sending, to the first network device, a blocking flow rule to inhibit routing of malicious data.

Abstract: A graphical user interface provides network security administrators a tool to quickly and easily create one or more courses of action for automatic response to a network threat. The courses of action are hardware and system agnostic, which allows a common response task to be implemented by an underlying response engine for any or multiple similar-function devices regardless of brand or version. The course of action builder allows the administrator to use a simple, graphic-based, business modeling concept to craft and design security response processes rather than having to hard code response routines specific to each piece of hardware on the network. The graphic interface model allows the user of the threat response software incorporating the course of action builder to easily understand the overall flow and paths the response may take, as well as understand the data requirements and dependencies that will be evaluated.

Abstract: The invention relates to a method and an apparatus for encrypted communication between a client and a server, wherein the communication comprises request messages, each with request elements, and response messages, each with response elements. Request elements and response elements can comprise data. It is an object of the invention to hamper or prevent unauthorized access to the data during communication and also during storage and processing on the server. In this case, it is assumed that the communication channel and also the server itself are not trustworthy and neither client nor server provide measures or are adaptable in order to counter said risks of unauthorized access, for example by means of cryptographic methods.

Abstract: An apparatus and method for performing operation being secure against side channel attack are provided. The apparatus and method generate values equal to values obtained through an exponentiation operation or a scalar multiplication operation of a point using values extracted from previously generated parameter candidate value sets and an operation secure against side-channel attack, thereby improving security against side-channel attack without degrading performance.

Abstract: A graphical user interface provides network security administrators a tool to quickly and easily create one or more courses of action for automatic response to a network threat. The courses of action are hardware and system agnostic, which allows a common response task to be implemented by an underlying response engine for any or multiple similar-function devices regardless of brand or version. The course of action builder allows the administrator to use a simple, graphic-based, business modeling concept to craft and design security response processes rather than having to hard code response routines specific to each piece of hardware on the network. The graphic interface model allows the user of the threat response software incorporating the course of action builder to easily understand the overall flow and paths the response may take, as well as understand the data requirements and dependencies that will be evaluated.

Abstract: A Material eXchange Format (MXF) digital file generated by a digital electronic processor is disclosed that includes a generic container for a media file. The MXF file also includes a SDTI-CP (Serial Data Transport Interface-Content Package) compatible system item. The SDTI-CP compatible system item has a media file metadata and a blockchain hash digest information formed from the media file. The blockchain hash digest information of the media file may be a blockchain hash digest used to error check the media file. Alternatively, the blockchain hash digest information of the media file may be a link to a cloud-based blockchain hash digest used to error check the media file.

Abstract: A system for creating a combined electronic identification that obtains user information (202) about a user of a hardware device (100), authenticates the user from the user information (202), obtains a hardware profile (208) of the device (100), the hardware profile 208 comprising user generated data stored on the device (100) and links the user information (202) and the hardware profile (208) as a combined electronic identification. The hardware device (100) can be comprised of a main processor, memory, a touchscreen interface, and a wireless communication module, such as a mobile phone, computer, or tablet computer.