Abstract: Embodiments of the present invention disclose a method and an apparatus for displaying a keyboard, and a terminal device. The method includes: displaying, on a touchscreen, a keyboard whose keys are normally arranged; before a touching object touches the keyboard on the touchscreen, obtaining a location, which the touching object points to, on the keyboard; adjusting an arrangement order of some keys on the keyboard, where the keys include keys within a preset range, the preset range includes the location, which the touching object points to, on the keyboard, and the preset range includes at least two keys; and displaying the adjusted keyboard on the touchscreen. By means of the technical solutions in the present invention, an arrangement order of some keys on a keyboard displayed by a terminal is adjusted, thereby improving an information input speed, and reducing energy consumption of the terminal.

Abstract: A machine implemented method for protecting a target domain and a source domain from unauthorized accesses. The method comprising: identifying an exit call gateway comprising an exit transition instruction and at least one exit access parameter, said exit access parameters restricting exit from said source domain; identifying an entry call gateway corresponding to said exit call gateway, said entry call gateway comprising a transition instruction and at least one entry access parameter, said entry access parameters restricting access to said target domain; determining that said exit access parameters and said entry access parameters are compatible with each other; and performing a context switch from said source domain to said target domain, when said exit access parameters and said entry access parameters are complied with.

Abstract: It is presented a method for facilitating secure communication between a client device and an application server.

Abstract: In one example, a system for a system management mode (SMM) privilege architecture includes a computing device comprising: a first portion of SMM instructions to set up a number of resources and implement a privilege architecture for the SMM of a computing device and a second portion of SMM instructions to execute a number of functions during the SMM of the computing device, wherein the privilege architecture assigns the first portion of SMM instructions to a first privilege level and assigns the second portion of SMM instructions to a second privilege level.

Abstract: A method for establishing a wireless connection between a mobile communication device and a communication module (14) of a vehicle (10) with an identifier (17) is disclosed. According to the method, access rights, namely links between vehicle identifiers (17) and user identifiers, as well as data required for establishing the wireless connection, are stored in a database server (16) outside of the mobile communication device. A control unit (11, 12) for carrying out the method is also disclosed.

Abstract: An example method for performing a secure probabilistic analytic includes acquiring, by a client, an analytic, at least one analytic parameter associated with the analytic, and an encryption scheme. The encryption scheme can include a public key for encryption and a private key for decryption. The method further includes generating, using the encryption scheme, at least one analytical vector based on the analytic and analytic parameter, and sending the analytical vector and the encryption scheme to at least one server. The method includes generating, by the server based on the encryption scheme, a set of terms from a data set, evaluating the analytical vector over the set of terms to obtain an encrypted result; estimating, by the server, a probabilistic error of the encrypted result; and sending, by the server, the encrypted result and the probabilistic error to the client where the encrypted result is decrypted.

Abstract: In one embodiment, a method for preventing a difference attack on watermarked video content is implemented on at least one computing device and includes: manipulating values of a set of pixels to embed a forensic watermark in at least one video frame in a video content item, where the manipulating is in accordance with a given magnitude of change in the values, and introducing random noise to the at least one video frame, where the random noise is random noise of the given magnitude.

Abstract: According to an embodiment, a communication control device includes a receiving unit, a generating unit, and an output unit. The receiving unit receives input of a binary tree in which each of leaf nodes has an index assigned thereto, and receives input of a node ID that enable identification of a leaf node belonging to a group. The generating unit generates set information indicating a set of a predetermined number of partial trees of the binary tree. Each partial tree includes only the leaf node identified by the node ID. The generating unit generates range information of the indexes assigned to one or more leaf nodes of each partial tree included in the set. The output unit outputs the set information and the range information at least to a communication device corresponding to a leaf node belonging to the group.

Abstract: A computation device accepts a first processing request output from a first external device, executes first processing, which does not involve outputting information to a second external device, of processing based on the first processing request until the first processing request is judged to satisfy a predetermined security level, and executes second processing, which involves outputting information to the second external device, of the processing based on the processing request after the first processing request is judged to satisfy the security level.

Abstract: A communication control device includes a receiving unit, a generating unit, and an output unit. The receiving unit receives input of a binary tree in which each leaf node has an index and a node key assigned thereto, and receives input of node IDs that, from among the leaf nodes, enable identification of the leaf nodes belonging to a group. The generating unit generates, using the node key assigned to the root node of each partial tree of the binary tree which includes only the leaf nodes identified by the node IDs, a cipher text by encrypting a group key shared in the group, and generates set information containing the generated cipher text. The output unit outputs the set information at least to the communication devices that are associated to the leaf nodes belonging to the group.

Abstract: The invention provides a data processing method, comprising: S1: reading original algorithm data; S2: selecting algorithm data within default range from the original algorithm and obtaining a corresponding encryption parameter by using an encryption algorithm, wherein the encryption parameter comprising at least one of the following: encryption coefficient and encryption vector S3: inserting the encryption parameter into a default position in the original algorithm data to obtain encrypted algorithm data. The invention encrypts the algorithm data, and the encrypted data is similar to the original algorithm data, thereby greatly improving the security of data transmission.

Abstract: Systems for performing a security assessment of a target computing resource, such as a virtual machine or an instance of a virtual machine, include a security assessment service that enables the use of third-party-authored rules packages in the security assessment. The third-party rules package includes rules that can operate on telemetry and configuration data of the target computing resource, produced by sensors that are native to the computing environment, but the sensor protocols, message format, and sensitive data are not exposed to the rules. An interface, such as an ingest function, may be used to convert telemetry data in the form of sensor messages into assessment data objects. The assessment data objects contain the data elements the rules evaluate, and may also have corresponding retrieval methods that are exposed to the rules; the rules call the retrieval methods to extract parameter-value pairs from the data object.

Abstract: According to various embodiments, a control device is described including an application core including a processor, a memory and a direct memory access controller and a security module coupled to the application core via a computer bus. The direct memory access controller is configured to read data from the memory, generate a hash value for the data and provide the hash value to the security module via the computer bus. The security module is configured to process the hash value.

Abstract: A browser emulator is caused to emulate a client environment that is arbitrary values of types and versions of an OS, a browser, and a plugin. Further, the browser emulator monitors execution of a script or a plugin. A browser emulator manager then causes the browser emulator to patrol a predetermined Web site, and accumulates, in an analysis information database, results of access to the Web site in association with information on client environments emulated upon the access to the Web site. The browser emulator manager then refers to the accumulated results of access, and identifies a Web site that causes a difference between results of access according to a difference between client environments.

Abstract: In an embodiment, a system includes a processor and a non-volatile storage device. The non-volatile storage device may include a stored firmware program and a firmware loader. The firmware loader may be executable by the processor to read a first instruction of the stored firmware program; and generate, based on the first instruction, a set of runtime instructions to be included in a runtime firmware program, where the stored firmware program and the runtime firmware program are composed in a same programming language. Other embodiments are described and claimed.

Abstract: A method includes receiving a security profile comprising user-defined rules for processing sensitive data, and identifying a plurality of sensitive data components in a data file according to the security profile. The method further includes generating a respective format-preserving token for each of the identified plurality of sensitive data components. The method additionally includes generating a corresponding token key for each of the respective-format preserving tokens, and replacing each of the plurality of sensitive data components in the data file with the respective format-preserving token. Further, the method includes cryptographically camouflaging each of the token keys using a first password and storing each of the cryptographically camouflaged token keys.

Abstract: In some examples, for a given authentication event between a plurality of devices in a network, a system identifies a set of events, at the devices, that are temporally related to the given authentication event. The system extracts features from the set of events by aggregating event data of the set of events. The system provides the extracted features to a classifier that detects unauthorized authentication events.

Abstract: A method, an apparatus, a terminal, and a server for identity authentication are disclosed. The method includes: receiving dynamic face authentication prompt information sent by a server during identity authentication of a user; obtaining gesture recognition information of the dynamic face authentication prompt information by recognizing a facial gesture presented by the user; and sending the gesture recognition information to the server to enable the server to confirm that the identity authentication is successful for the user in response to verifying that the gesture recognition information is consistent with the dynamic face authentication prompt information. Using the embodiments of the present application, a highly secure authentication can be performed on an identity of a user through dynamic face authentication.

Abstract: A secured device including a security hardware module and a method thereof are provided. The secured device generates first user authentication information based on a user input, generates encryption key generation information corresponding to the first user authentication information, receives second user authentication information from an electronic device, and transmits to the electronic device the encryption key generation information corresponding to the first user authentication information when the second user authentication information matches the first user authentication information. The first user authentication information and the encryption key generation information are secured by the security hardware module.

Abstract: Example embodiments relate to selecting proxies. In this manner, the embodiments disclosed herein enable determination of a device to which to send communication through a firewall and determination of a set of proxies available to communicate with the device through the firewall. A set of success labels are determined for the set of proxies, wherein a success label for an individual proxy comprises information related to communicating with the device via the individual proxy. Based on a first success label determined for the first proxy, a first proxy may be selected to communicate with the determined device.