Abstract: A fast-accessing method may comprise: establishing a first security connection between a first network node and a user equipment; obtaining first information from a second network node, wherein the first information comprises at least one of system information of the second network node and an identifier of a security algorithm selected by the second network node for the user equipment; providing second information to the second network node, in response to an indication of the second network node from the user equipment, wherein the second information comprises security information related to the user equipment; and sending the first information to the user equipment for establishing a second security connection between the user equipment and the second network node.

Abstract: An approach to generating and regenerating a profile value from features of a system (e.g., a computer system), allows for certain changes of features of the system over time. The system may correspond to a client computer or a particular component of the client computer or a user of a client computer, and may also correspond to a combination of the user (i.e., a biometric characterization of the user) and the client computer or a component of the computer. The profile value may be used, for example, for purposes including identification, authentication, key generation, and other cryptographic functions involving the system.

Abstract: A method and system for encrypting data packets in a multimedia stream are disclosed. Each data packet includes a header portion and a payload portion. In one embodiment, one or more data packets are selected from an incoming multimedia stream. Further, one or more of a header portion and a payload portion are selected within the one or more data packets. Furthermore, one or more regions in the selected one or more of the header portion and the payload portion are encrypted using an encryption algorithm.

Abstract: Disclosed in one example is a method of authenticating with multiple social network services. The method may include storing first authentication information associated with a user for a first social networking service using at least one computer processor, receiving second authentication information associated with the user for a second social networking service from a social networking application, and sending to the social networking application the first authentication information. The first authentication information may enable the social networking application to utilize a protected application programming interface call for the first social networking service and the second authentication information may enable the social networking application to utilize a protected application programming interface call for the second social networking service.

Abstract: Systems, methods, and computer program products are provided for managing data re-installation including service re-installation. A re-installation procedure re-installs and optionally activates data at least partially installed on a secure element without intervention middleware to repair a personalization procedure failure. Thus, personalization data on a secure element (SE) may be comprehensively managed by interfacing between one of a plurality of service provider (SP) trusted service managers (TSM) and a central trusted service manager (central TSM). The processing time required to manage the re-installation procedure is minimized.

Abstract: A transmission management apparatus includes a receiving unit that receives, from a first transmission terminal, a communication request for a communication with a second transmission terminal; a fists storage unit that stores therein terminal identification information for identifying the transmission terminals and relay device identification information for identifying a relay device that relays data to be transmitted and received by the first transmission terminal, in an associated manner; a relay device selecting unit that selects the relay device associated with the terminal identification information of the first transmission terminal in the first storage unit; a second storage unit that stores therein the relay device identification information and encryption necessity information in an associated manner; and an encryption necessity determining unit that determines whether encryption is needed based on the encryption necessity information associated, in the second storage unit, with the relay device se

Abstract: A users' data profiling network implementing a method of dynamic pseudonymization of users for ensuring user privacy, including: receiving at a data node new input data related to a user along with an associated new user pseudonym and an old user pseudonym; in the data node, finding user data record, corresponding to the received new input data, having stored therein a dynamic input user pseudonym equal to the old user pseudonym received together with the new input data or to one user pseudonym; temporarily storing, in the found user data record, the new input data; setting the dynamic input user pseudonym stored in the user data record equal to the last received new user pseudonym associated with the received input data related to the user; computing and storing an output user data profile in the user data record, and then erasing accumulated new input data from the user data record.

Abstract: A secure method for transmitting a control word between a server and a plurality of processing entities so as to respectively produce and utilize the control word. Preferably such a method is applied to the field of conditional access methods and systems for preventing the fraudulent use of compromised decryption keys resulting from a coalition of pirate hackers.

Abstract: A user may access an Institution system via more than one communications channel, either by the same device (e.g., a mobile device accessing the Institution system via a voice channel and a data channel) or by different devices (e.g., a personal computer via a web channel and a phone via a voice channel). If a user is not currently authenticated to a communications channel and attempts to access the Institution system via a communications channel, the user may be authenticated using strong authentication. If the user is currently authenticated to the Institution system via a communications channel and would like to engage a second communications channel to access the Institution system, the user may authenticate to the second communications channel using both communications channels and weak authentication, such as single factor authentication or a challenge question.

Abstract: Disclosed are systems and method for determining trusted wireless access points. An example method includes identifying, by a mobile device, one or more wireless access points are available to connect to a network resource; obtaining a plurality of access point characteristics of the one or more wireless access points; obtaining a plurality of network resource characteristics for connecting to the network resource; comparing the plurality of access point characteristics and the plurality of network resource characteristics; determining based on the comparison at least one trusted wireless access points that is acceptable for establishing a connection to the network resource; and establishing a connection to the network resource via the trusted wireless access point.

Abstract: Techniques for process security validation are described herein. In one example, a method includes determining, via a processor, that a process is in a first idle state based at least in part on system activity and process activity being below an activity threshold. The method can include detecting, via the processor, that the first idle state of the process transitions to an active state of the process based at least in part on the system activity or the process activity being above the activity threshold, and detecting, via the processor, that the active state of the process transitions to a second idle state based at least in part on the system activity and the process activity being below the activity threshold. Furthermore, the method can include generating, via the processor, the security validation data in response to detecting that the process has executed malicious content during the active state.

Abstract: A computer-implemented method for protecting computing systems from peripheral devices may include (1) identifying a peripheral device configured to perform a charging function and at least one non-charging function, (2) configuring an endpoint protection application with an endpoint protection rule that allows the charging function of the peripheral device and does not allow the non-charging function of the peripheral device, (3) detecting that the peripheral device is connected to a computing system that is provisioned with the endpoint protection application, and (4) applying the endpoint protection rule on the computing system to allow the charging function of the peripheral device so that the peripheral device is able to charge via the computing system and block the non-charging function of the peripheral device from being performed on the computing system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An information processing apparatus which updates a basic software package is disclosed. The information processing apparatus includes an encryption and decryption unit which stores values calculated uniquely from software and encrypts information based on the calculated values and decrypts encrypted information based on the calculated values. The basic software package includes a firmware authenticating module for authenticating a firmware updating file which includes new software for updating the basic software package, a value uniquely calculated from the new software, and a public key signature. The information processing apparatus further includes a software updating module which updates the basic software package by using the authenticated firmware updating file, and an encryption key managing module for encrypting again the information encrypted by the values based on a value changed by updating the basic software package.

Abstract: In an embodiment, a method comprises intercepting, from a first computer, a first set of instructions that define one or more original operations, which are configured to cause one or more requests to be sent if executed by a client computer; modifying the first set of instructions to produce a modified set of instructions, which are configured to cause a credential to be included in the one or more requests sent if executed by the client computer; rendering a second set of instructions comprising the modified set of instructions and one or more credential-morphing-instructions, wherein the one or more credential-morphing-instructions define one or more credential-morphing operations, which are configured to cause the client computer to update the credential over time if executed; sending the second set of instructions to a second computer.

Abstract: Techniques for leveraging multiple biometrics for enabling user access to security metadata are provided. In one embodiment, a computing device can receive first and second biometric identifiers from a user. The computing device can further determine, via a multi-biometric authentication system, that the user's identity can be verified using the first biometric identifier, but cannot be, or has not been, verified using the second biometric identifier. In response to this determination, the computing device can provide information to the user for facilitating verification of the user's identity using the second biometric identifier.

Abstract: The present disclosure relates to allowing the utilization of a virus scanner and cleaner that operates primarily in the pre-boot phase of computer operation and, more particularly, to allowing the utilization of a virus scanner and cleaner that operates primarily during the loading of an operating system.

Abstract: Methods, apparatus, and systems for securing application interactions are disclosed.

Abstract: Systems and methods are provided for the detection and prevention of intrusions in data at rest systems such as file systems and web servers. The systems and methods regulate access to sensitive data with minimal dependency on a communications network. Data access is quantitatively limited to minimize the data breaches resulting from, e.g., a stolen laptop or hard drive.

Abstract: The invention discloses a sandbox technology based webpage browsing method and device. The method comprises: upon receiving an instruction for webpage browsing in a sandbox, starting a framework process outside the sandbox, so that an operation incurred in the framework process is processed outside the sandbox; intercepting a browser process created by the framework process and putting the browser process into the sandbox, so that a webpage access result is saved in a specified directory in the sandbox, and/or a script in the webpage runs in a virtual environment of the sandbox. The present invention not only ensures the convenience of user operations, but also meets the security requirement for webpage access.

Abstract: A method for restricting use of an electronic device including a display part includes the steps of a) designating an application identification data (ID) of a display target to be displayed by the display part, b) switching the display target to another display target by designating another application ID, c) instructing the display part to display an operation screen based on screen data corresponding to the application ID designated in step a), d) receiving a request for the switching of step b) from a use restriction application, e) determining whether the switching of step b) is possible, and f) instructing the display part to display another operation screen based on another screen data corresponding to the another application ID in a case where the switching of step b) is determined to be possible in step e).