Abstract: An example method includes obtaining a first public key associated with a private key of an application vendor of an application package signed with the private key. The first public key includes metadata including an identifier of the first public key. The method also includes transforming, via a processing device, the identifier into a Domain Name System (DNS) name, sending the DNS name to a DNS server to determine that the DNS name corresponds to a trustworthy source, in response to receiving, from the DNS server, a second public key associated with the DNS name in a DNS data store, confirming that the DNS name corresponds to the trustworthy source, and determining whether the second public key matches the first public key to verify whether the first public key and the associated private key used to sign the application package are authentic.

Abstract: The present disclosure provides a bootstrapping server, a network application function (NAF), a system and methods for establishing secure communication between a machine to machine (M2M) device and a NAF. A method for establishing secure communication between the NAF and M2M device comprises receiving a first data object, tunneling the first data object to the M2M device, via an interface between the NAF and the M2M device, for enabling the M2M device to derive first information to establish said secure communication, receiving a second data object and deriving second information for use in establishing said secure communication with the M2M device.

Abstract: Method for deploying an authentication application in a secure element of a communication terminal comprising a non-secure processing unit executing a program for calling the authentication applications. The method comprises the step of transferring via at least one communication network data between a first trusted server associated with a provider of the security element so as to execute a first program for managing the security element, a second trusted server associated with at least one provider of authentication applications so as to execute a program for managing authentication applications, and the communication terminal, so as to create in the secure element a secure domain and install the authentication application therein.

Abstract: A Virtual network computing (VNC) server receives a client launch request from a VNC client and provides a log-in page for display at the VNC client. The log-in page includes a graphical representation of a keyboard having a plurality of keys. Individual key designations at the keyboard are unique and are generated randomly in response to the client launch request. The VNC server receives pointing device movement coordinates from the VNC client; the movement coordinates indicating selection of individual keys at the keyboard by a user of the VNC client.

Abstract: A method and system securely discloses a shared, identity linked secret known by two parties, while preserving the privacy of the parties. The first party generates a challenge value that only the second party could respond correctly to if and only if the second party shares secret S with the first party. The first party generates a counter-challenge for the challenge value, computes a verifier associated with the challenge and counter-challenge, and sends the counter-challenge to the server. The server sends the counter-challenge value to the second party. The second party computes a verifier associated with the challenge and counter-challenge, the verifier matches the verifier computed by the second party if and only if the second party shares secret S with the first party. The parties execute a gradual release process, which confirms a match if and only if the secret S is shared between the parties.

Abstract: Disclosed are systems and methods for repairing vulnerabilities of smart devices connected to a data network. An example method includes accessing, by a hardware processor, a smart device communicatively coupled to a data network, accessing a configuration of the smart device, the configuration containing settings of the smart device, comparing each of the settings of the smart device with settings of known vulnerabilities from a database of vulnerabilities to identify a network vulnerability of the smart device that can be exploited, retrieving one or more setting correcting the network vulnerability from the database, determining a repair action for repairing the at least one network vulnerability, the repair action comprising the one or more settings and transmitting, by the processor, instructions to the smart device to perform the repair action.

Abstract: A system and method is proposed for managing email messages across a network. The system provides multiple means of verifying an originating sender of email. In addition, the system automatically generates unique email addresses as a means mask the email address of an original sender and shield users from unwanted email. The system may also be configured to block email security threats (e.g. phishing, spear phishing, etc.). Further, the system provides means of processing email messages to enable encryption, spam detection, geographical location identification of users, and social networking.

Abstract: A graph of interrelated computer-executable processes is obtained. That a change has occurred to one of the interrelated computer-executable processes in the graph is determined. A weight of the one of the interrelated computer-executable processes is determined based at least in part on the change. A security review of one or more of the interrelated computer-executable processes is determined to be triggered based at least in part on the weight, and the security review is triggered.

Abstract: Systems for managing content in a cloud-based service platform. Procedures for deduplication of a shared object in a cloud-based environment having one or more storage devices that store one or more files that are accessible by two or more entities. A computer-implemented method commences by generating a content-based encryption key for a shared object wherein the key is derived from one of the shared objects. The shared object is encrypted using the content-based encryption key to generate a content-based encrypted file. The content-based encrypted file is stored in a cloud-based storage system. A second or Nth entity and/or any number of users from the respective entities can upload the same file for shared storage, and before storing the same file for shared storage, a server in the cloud-based storage environment performs deduplication of the encrypted file across multiple entities by applying an intra-enterprise deduplicate directive or an inter-enterprise deduplicate directive.

Abstract: A security device (6) is provided for facilitating management of secret data items such as cryptographic keys which are used by a remote server (2) to authenticate operations of the server (2). The device (6) has a user interface (13), control logic (16) and a computer interface (11) for connecting the device (6) to a local user computer (5) for communication with the remote server (2) via a data communications network (3). The control logic is adapted to establish via the user computer (5) a mutually-authenticated connection for encrypted end-to-end communications between the device (6) and server (2). In a backup operation, the secret data items are received from the server (2) via this connection. The control logic interacts with the user via the user interface (13) to obtain user authorization to backup secret data items and, in response, stores the secret data items in memory (10).

Abstract: A scaling policy associated with a notification received by one or more computer systems is obtained. A first request is submitted, to a software container service, for a first current capacity of a resource. An amount by which to adjust a capacity of the resource is calculated, based at least in part on the scaling policy and the first current capacity. A second request is submitted, to the software container service, to adjust the capacity of the resource by the amount. A third request is submitted, to the software container service, for a second current capacity of the resource, and whether the second request has been fulfilled is determined based at least in part on a comparison between the second current capacity and the amount.

Abstract: The disclosure relates to access relationships, more particularly to controlling access relationships between entities in a computerized system. In the disclose arrangement a first access relationship between a first entity and a second entity is determined. At least one intermediate entity is selected for routing of a second access relationship between the first entity and the second entity via the at least one intermediate entity. The second access relationship is created, the second access relationship comprising a chain of access relationships via the first entity, the at least one intermediate entity and the second entity.

Abstract: The disclosure generally describes methods, software, and systems, including a method for publishing messages through a messaging client of a database server. A message to be published to one or more message brokers is received at a server and from a database client. The message is in the form of a SQL statement. The received message is processed at the server. Message broker configurations associated with the received message are determined. The message is published to the one or more message brokers by invoking a messaging client at the server and using at least the message broker configurations.

Abstract: Embodiments of the invention are directed to techniques for preventing access to protected resources by unauthorized individuals by enabling an administrator associated with a transport computer to customize filtering rules via a user interface. In some embodiments, a server computer can, from a client computer, receive credentials of the administrator. The credentials can be used to retrieve requesting computers registered with the transport computer. The requesting computers may then be displayed at the client computer. A selection of one of the requesting computers is received from the client computer. A plurality of settings, which represent rules controlling which authorization request messages from the selected requesting computer are forwarded, are displayed at the client computer, wherein one of the settings references one or more attributes that distinguish certain authorization request messages.

Abstract: A method for evaluating indicators of compromise (IOCs) is performed at a device having one or more processors and memory. The method includes receiving respective specifications of a plurality of IOCs, wherein the respective specifications of each IOC of the plurality of IOCs includes a respective cost associated with evaluating the IOC. The method further includes dynamically determining an order for evaluating the plurality of IOCs based on the respective costs associated with the plurality of IOCs, and determining whether a threat is present based on results for evaluating one or more of the plurality of IOCs in accordance with the dynamically determined order, instead of an order by which the plurality of IOCs have been received at the device.

Abstract: A memory device including at least one memory location for storing information representing data written using a first encryption/decryption method, and a read channel using a second encryption/decryption method for reading and decrypting information as written is disclosed. The memory device also includes an apparatus that prevents the reading of the at least one memory location using the second encryption/decryption method, in response to an indication that the at least one memory location was written using the first encryption/decryption method. In another embodiment, a reading of a predefined or custom code is returned in response to an indication of another encryption/decryption method.

Abstract: A method is supplied for operating a computer unit, wherein on the computer unit an application can be executed which can access the functions of a crypto API, wherein the functions of the crypto API can be supplied by at least one crypto implementation on the computer unit. The method therein includes the following steps of: executing the application on the computer unit; checking what crypto implementations are available on the computer unit; and selecting one of the available crypto implementations as that crypto implementation which supplies the functions of the crypto API.

Abstract: An electronic device, a method thereof, and a recording medium are disclosed. A main electronic device according to various embodiments of the present disclosure includes: an input interface; a communication module electrically connected to the input interface; and a processor electrically connected to the input interface and the communication module. The input interface receives an authentication request for transmitting data to sub-electronic devices of a second device group by sub-electronic devices of a first device group. The main electronic device is included in the first device group, and the processor is configured to control transmission of the authentication request to a main electronic device of the second device group when the authentication request has been received by the communication module.

Abstract: According to one embodiment, a method for protecting data is provided comprising receiving a plurality of data symbols, determining a sequence of checksum symbols wherein the checksum symbols are determined to be equal to the checksum symbols of the last iteration of an iterative checksum symbol generation process, wherein the determining of the checksum symbols includes at least one of randomly generating the initial values, randomly determining an order of the data symbols in which the contributions of the data symbols to the checksum symbols are incorporated into the checksum symbols and masking each data symbol and using the masked data symbols as data symbols for determining the checksum symbols and which includes storing at least some of the checksum values as checksum for the data symbols.

Abstract: Disclosed are systems, methods, and non-transitory computer-readable storage media for providing content management features in a messaging service. A content management system is configured to receive an update to a rule in a data loss prevention (DLP) policy, to identify, based on a log of DLP violations, one or more content items for updating content management permissions, and to update the content management permissions for the one or more content items based on the update to the rule.