Abstract: Systems and methods for controlling access to digital works are described herein, e.g., including receiving a request for a digital work from a requestor; retrieving the digital work from a repository; incorporating a digital signature throughout the digital work specific to a device, wherein the incorporated digital signature includes information identifying the device having the ability to access to the digital work; providing the identified device with a device key associated with the device; encrypting the digital work, wherein the digital work is decryptable using the device key and the identified device; and providing the requestor with the encrypted digital work.

Abstract: A non-transitory computer readable medium includes instructions which, when executed by one or more hardware processors, causes performance of operations. The operations include receiving, by a network device from a first user device, a first message addressed to a second user device and identifying a first user role associated with the first user device and a second user role associated with the second user device. The operations further include determining whether a set of predefined user role relationships authorizes a communication between user devices having the first user role and user devices having the second user role. In response to determining that the set of predefined user role relationships do not authorize the communication between user devices having the first user role and user devices having the second user role, the operations refrain forwarding the first message from the first user device to the second user device.

Abstract: A UE communicates with a network gateway to access a provisioning device via a provisioning network. The provisioning device uses identification data of the UE to authenticate the UE for a primary network, and provides primary network configuration data to the UE. Using the primary network configuration data, the UE communicates with the network gateway to access the primary network. The primary network configuration data can include data to enable the UE to establish communications with one or more private networks accessible via the primary network.

Abstract: Systems and methods for monitoring user authenticity according to user activities on an application server. A user-modeling process and a user-verification process are performed. In the user-modeling process, a user model is adapted session-by-session to user activities in which the user model includes a plurality of adaptive feature-specific user-behavior models. The user-verification process includes determining a plurality of feature-specific risk-score values, comparing the at least one of the adaptive feature-specific user-behavior models with a respective feature extracted from user activity in the user session on the application server, and determining a total risk-score value indicative of user authenticity by weighting and combining the plurality of feature-specific risk-score values. If the total risk-score value is greater than a given threshold, a corrective action is performed.

Abstract: An authentication system comprising an authentication terminal and an authentication server is provided. The authentication terminal comprises an authentication apparatus authenticating an authentication subject, an artifact operating in accordance with an input signal and a signal processing section inputting an input signal without including information of the authentication subject designated by the authentication server in the artifact and outputting an output signal in accordance with an operation result of the artifact as an authentication result when the authentication result in the authentication apparatus is passed. The authentication server authenticates the authentication subject based on the output signal.

Abstract: A non-transitory computer readable storage medium stores one or more computer programs adapted to cause a processor based system to execute steps that include analyzing an image, identifying one or more faces in the image using a face recognition technique, designating at least one of the identified faces collectively as a first area of interest, and determining whether an insertion area exists in the image where additional content can be inserted without obstructing the first area of interest. Another computer program is adapted to cause a processor based system to execute steps that include determining whether the insertion area can be divided into two or more regions based on color. Methods and processor based apparatuses that perform one or more of these steps are also disclosed.

Abstract: Systems and methods are provided for enabling online entities to determine whether a user is truly the person who he says using a “two-factor” authentication technique and authenticating customer's identity utilizing a trusted authenticator.

Abstract: An authentication terminal comprising an authentication apparatus authenticating an authentication subject, an artifact operating in accordance with an input signal and a signal processing section is provided. When an authentication result in the authentication apparatus is passed, the signal processing section inputs an input signal without including information of the authentication subject in the artifact and outputs an output signal in accordance with an operation result of the artifact as the authentication result.

Abstract: Forward-secure one-time authentication tokens are provided with embedded time hints. A token generates a passcode for presentation to an authentication server by determining a current state of the token; generating a user authentication passcode based on the current state, wherein the generated user authentication passcode comprises an embedded time hint; and communicating the generated user authentication passcode to the authentication server. The passcode may be generated with the embedded time hint, for example, each time a user authentication passcode is generated or upon demand when a user authentication passcode is generated. A server processes a user authentication passcode by receiving the user authentication passcode, wherein the received user authentication passcode comprises an embedded time hint; and determining a time interval to search for another user authentication passcode based on the embedded time hint.

Abstract: Disclosed are systems and methods for eliminating vulnerabilities of smart devices connected to a data network. An example method includes: identifying a router providing access to the data network, obtaining access to the network and transmitting a request through the data network to obtain access to a smart device on the network. Furthermore, the method includes accessing the smart device to obtain its settings, comparing the settings with known vulnerabilities, determining an action for repairing the a network vulnerability associated with the settings of the device, and transmitting instructions to the smart device to perform the action to repair network vulnerability associated with the setting.

Abstract: The present invention provides an entity identification method, apparatus and system, and relates to: an entity A transmits an identification request message to an entity B, the identification request message includes the result SN1 of an XOR operation of a Pre-Shared Key (PSK) and the data from processing data N1 according to a first agreed rule, wherein data N1 is generated by entity A, and the PSK is a key shared by A and B; entity B receives the identification request message, performs an XOR operation on SN1 and PSK, performs a process according to a second agreed rule, then performs a process according to a third agreed rule, and then performs an XOR operation again with the PSK processed according to the third agreed rule and then processed according to a fourth rule to obtain SON1, and transmits SON1 through an identification response message to entity A.

Abstract: Systems and methods for filtering unsafe content by a network security device are provided. According to one embodiment, a network security device captures network traffic and extracts a media file from the network traffic. The network security device then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security device performs one or more actions on the media file based on a predefined security policy.

Abstract: A system and method for filtering detected anomalies in cloud service usage activities associated with an enterprise uses a trusted location analysis to filter detected anomalies. The locations from which the cloud usage activities are made are analyzed and designated as trusted or non-trusted. The trusted location determination is used to filter the detected anomalies that are associated with trusted locations and therefore may be of low risk. In this manner, actions can be taken only on detected anomalies that are associated with non-trusted locations and therefore may be high risk. The system and method of the present invention enable security incidents, anomalies and threats from cloud activity to be detected, filtered and annotated based on the location heuristics. The trusted location analysis identifies trusted locations automatically using cloud activity usage data and does not rely on potentially unreliable location data from user input.

Abstract: A method for emulating at least one resource in a host computer to a querying hosted code. The method comprises monitoring a plurality of operating system (OS) queries received from a plurality of code executed on a monitored computing unit, the plurality of OS queries are designated to an OS of the monitored computing unit, detecting among the plurality of OS queries at least one query for receiving at least one characteristic of at least one resource of the monitored computing unit among the plurality of OS queries, the at least one query is received from querying code of the plurality of code, preparing a response of the OS to the at least one query, the response comprising a false indication at least one false characteristic of the at least one resource, and sending the response to the querying code in response to the at least one query.

Abstract: System and method for authenticating a computer user includes: sending an invitation message from an entity computer to an API for authenticating a user of a user computer; receiving and translating by the API the invitation message and sending the translated invitation message including the first public key to the platform server; sending an invitation response to the API to be translated and sending the translated invitation response to the entity computer; preparing a first message including a link and a unique code by the entity computer and sending the first message to the user computer; registering with the platform server utilizing the link and the unique code, and generating a second public key, by the user computer; receiving a correct answer to the secret from the user computer; receiving the second public key by the platform server; and authenticating the user based on the received correct answer.

Abstract: One embodiment provides a device that includes one or more line of sight transmitters configured to transmit signals over a line of sight communications medium, one or more transmitters configured to transmit signals over another communications medium and a controller. The controller is configured to perform an operation that includes retrieving a key adapted for use in decrypting encrypted content. The operation further includes transmitting the key to a second device over the line of sight communications medium using the one or more line of sight transmitters. Additionally, the operation includes encrypting data such that the data can be decrypted using the retrieved key. The operation also includes transmitting the encrypted data to the second device over the other communications medium using the one or more transmitters, where the second device is configured to decrypt the encrypted data using the key received over the line of sight communications medium.

Abstract: Content is transmitted within a range of the user's legitimate use while limiting the number of equipment to which the content is transmitted at the same time. A content using apparatus periodically transmits an exchange key and the corresponding key ID using a command. Only while receiving the key ID at predetermined reception cycles, a content providing apparatus maintains the corresponding exchange key. When not periodically receiving the key ID, the content providing apparatus destroys the corresponding exchange key. After that, when receiving a command including the key ID, the content providing apparatus returns a response including information indicating that the exchange key has become invalid.

Abstract: An electronic system includes: a control unit configured to operate on a user interface; and the user interface, coupled to the control unit, configure to: present an application coupled to an access configuration to customize a permission level for a service type, and receive an input for changing the permission level of the service type for accessing a resource type for customizing an operation of the application on a device.

Abstract: An asset guardian system may comprise a server including a processor with memory and a database. The processor may be configured to receive asset information regarding a plurality of assets and update the database with the received asset information. A mobile device may be configured to change at least one of the assets from a disabled condition to an enabled condition in response to an asset code from the server. At least one of the plurality of assets may be configured to authenticate the asset code and register the asset code with the server thereby updating the asset information on the database. At least one of the plurality of assets may further be configured to be operatively paired with a respective socket.

Abstract: Technology is generally described for improving resistance to cache timing attacks made on block cipher encryption implementations. In some examples, the technology can include identifying one or more tunable parameters of the block cipher encryption algorithm; creating multiple encryption algorithm implementations by varying one or more of the parameter values; causing a computing system to encrypt data using the implementations; measuring average execution times at the computing system for the implementations subjecting the implementations to a cache timing attack; measuring average execution times at the computing system for the implementations subjected to a cache timing attack; computing a time difference between the average execution times for the implementations when not subjected and when subjected to a cache timing attack; selecting an implementation having a lower time difference; and using the selected implementation for a subsequent encryption operation.