Abstract: The objective of the present invention is to provide technology for detecting malicious action of an application upon a terminal device using a low load as well as to increase accuracy of detection; in particular, to provide technology capable of performing detection even regarding an application which has been deleted upon the terminal device. A change in the installation state of an application in a terminal device is detected, upon which information for the installed application is reported to a fraud detection server so as to be recorded. In addition, a predetermined feature value based on an application file or component files configuring a package of the application is reported to the fraud detection server. The feature value is associated with the malicious action of the application so as to be registered in an application DB, whereupon if malicious action of the application is detected, fraud detection information is transmitted to the terminal device.

Abstract: An information processing apparatus, method, and program product for appropriately setting confidentiality of a target electronic document even when copied data is pasted into a document from an electronic document including confidential information, without limiting replication from an electronic document including confidential information depending on attributes of the target electronic document.

Abstract: Techniques are described for generating a monosemous (i.e., single sense) keyword list associated with a particular domain (e.g., a medical or financial domain) for document classification. An input term frequency dictionary, a candidate keyword list, and a document corpus may be used to generate the keyword list. A collection of documents is divided into two sets, one related to a target domain and one not. A statistical approach may be used to evaluate each term in the candidate list to determine a measure of how monosemous each remaining candidate term is, i.e., how strongly the term (or short phrase) identifies with a single sense. Terms with a primarily single sense related to the target domain are added to the monosemous keyword list. The keyword list may be used to identify documents associated with the domain, allowing, the appropriate protections to be applied to the document (e.g., do not send outside an enterprise boundary or permit copying).

Abstract: A network device and method may provide secure fallback operations. The device includes a port allowing the device to communicate with a network and a processor to generate a security credential, provide the security credential to a call manager during initialization, and provide the security credential to a secondary device during fallback operations. The network device may include a memory to store the security credential and routing information for fallback operations.

Abstract: An anonymity authentication method for global mobility networks is provided. When a mobile user (MN) roams from an inner network to an outer network, a random number is introduced for participating an operation of the transmitted messages either in a registration procedure between the mobile user and a home agent (HA) or in a mutual verification procedure between the mobile user, the home agent, and a foreign agent (FA). Moreover, the operation of the transmitted messages uses only hash function and XOR operator. Therefore, the anonymity authentication method of the present disclosure has high efficiency, high security and low cost.

Abstract: Method and device for managing one or more secure gateway virtual private network, VPN, devices (104, 105) in a secure VPN for cryptographically separated and tunnelled VPN communication. VPN configuration data provided by a management system (110) is received (401); and the received VPN configuration data and a domain type encapsulating (402,403), wherein said domain type identifying an administrative network domain for cryptographically separated and tunnelled management communication with a hardware separated administrative controller (121) of said one or more secure gateway VPN devices (104, 105), exclusively for management of said one or more secure gateway VPN devices (104, 105).

Abstract: Device, system and method, in a vehicle communication system, of securely storing safety-related messages. Embodiments include both digital signing and digital encryption such that (i) stored message validity is assured; and (ii) only qualified or pre-selected recipients are able to decrypt the message. Embodiments include storing environmental information geographically related to a safety event. Embodiments include a plurality of vehicles within wireless communication range receiving a network warning message and then securely storing related information in response to the warning message. Embodiments include measuring time-of-transit of messages and using this measured time to triangulate position of a transmit source. This information may be transmitted or stored. Embodiments include forwarding of network warning messages. Algorithms are described to identify spoofed messages.

Abstract: An automated system and method for assembling and analyzing a candidate application to determine a type of credential in a professional credentialing area for the candidate is provided. The automated system may facilitate the receipt of application materials from various sources and may enable review and appraisal of the application by multiple parties. The application may be tailored to a specific type of requested credential.

Abstract: A method for transmitting signaling information, such as cryptographic key synchronization information, over a data path of a network, the data path having an originating end and a terminating end. The method uses in-band signaling to transmit the signaling information from the originating end of the data path to the terminating end of the data path without consuming any bandwidth of the data path. More specifically, the method includes the steps of receiving user data to be transmitted over the data path and encrypting this user data with a cryptographic key, thereby generating cipher data. The method next includes processing the cipher data such that the cipher data includes the signaling information, and mapping the cipher data including the signaling information into a traffic unit for transmission over the data path.

Abstract: A system transfers applications and datasets (files) from a server to a client device and assigns to each file a lease key that will expire at a specified time. A file cannot be accessed unless its lease key is validated. Upon expiration of a lease key, the client device will connect to the server to determine if the lease key may be renewed. If the lease key may be renewed, a new lease key is created and access to the associated application or dataset is restored. If the lease key may not be renewed, the file may be deleted or rendered inaccessible. If rendered inaccessible, the file may be restored in the future without having to re-transmit it from the server to the client device. The server may also revoke a lease key before it expires.

Abstract: Aspects of the invention include methods and systems for electronically signing a plurality of documents, such as an insurance application, a loan application, a set of mortgage papers, a bank application, or the like. A customer, or multiple customers, electronically submits the signature once and the customer's one signature is applied to all of the areas where the customer signature is required. The electronic signature may include initials and/or a graphical representation of the customer's handwritten signature. Aspects of the invention include an apparatus comprising a display, a memory, and a processor coupled to the memory and programmed with computer-executable instructions that, when executed, perform a method for electronically signing a plurality of documents.

Abstract: Data on a first computing device can be represented by a graphical object displayed on a screen of the first device. A user can initiate an “attach event” (e.g., a pinching gesture with respect to the object) to enable the object (e.g., the data represented by the object) to be associated and/or virtually attached to him/her. One or more cameras can view/track the user's hand/finger movement(s). Based on the viewed/tracked movement(s), the object representing the data can be moved on a screen of the first device to correspond to the movement of the user's hand/finger. The object can also be moved to a position on a screen of a second computing device when the user moves his/her hand/finger to an area corresponding to the position. A user initiated “release event” (e.g., an unpinching gesture) can end the association and enable the data to be shared with the second device.

Abstract: Data encryption systems and methods. The system includes a storage device storing data and an encryption/decryption module. The encryption/decryption module randomly generates a device key seed according to the occurrence time of a specific operation or the interval between two specific operations on the storage device, and applies the device key seed to data encryption.

Abstract: A method of operating a mobile device comprises executing a trusted service application in a trusted operating system through secure access, executing a trusted web server module in the trusted operating system, wherein the trusted web server module is configured to transfer information using an internet protocol and the information is generated by execution of the trusted service application, and executing a user application in a rich operating system through normal access, wherein the user application is configured to relay communication between a remote web server and the trusted web server module through a security session.

Abstract: Preventing spoofing in an automotive network includes monitoring, by electronic control unit, data packets on a bus in the automotive network. Upon determining, in response to the monitoring, that a data packet is from a source other than the electronic control unit, the preventing spoofing in the automotive network includes generating and transmitting a diagnostic message to at least one module in the automotive network over the bus, the diagnostic message instructing the at least one module to take no action on the data packet.

Abstract: Systems, apparatuses, and methods are provided for whitening and managing data for storage in non-volatile memories, such as Flash memory. In some embodiments, an electronic device such as media player is provided, which may include a system-on-a-chip (SoC) and a non-volatile memory. The SoC may include SoC control circuitry and a memory interface that acts as an interface between the SoC control circuitry and the non-volatile memory. The SoC can also include an encryption module, such as a block cipher based on the Advanced Encryption Standard (AES). The memory interface can direct the encryption module to whiten all types of data prior to storage in the non-volatile memory, including sensitive data, non-sensitive data, and memory management data. This can, for example, prevent or reduce program-disturb problems or other read/write/erase reliability issues.

Abstract: Implementations and techniques for asymmetrical chaotic encryption are generally disclosed. One disclosed method for asymmetrical encryption includes determining a ciphertext control block from data, where the ciphertext control block is based at least in part on one or more Chebyshev polynomials.

Abstract: A trusted platform module (TPM) is a silicon chip that constitutes a secure encryption key-pair generator and key management device. A TPM provides a hardware-based root-of-trust contingent on the generation of the first key-pair that the device creates: the SRK (storage root key). Each SRK is unique, making each TPM unique, and an SRK is never exported from a TPM. Broadly contemplated herein is an arrangement for determining automatically whether a TPM has been replaced or cleared via loading a TPM blob into the TPM prior to the first time it is to be used (e.g. when a security-related software application runs). If the TPM blob loads successfully, then it can be concluded that the TPM is the same TPM that was used previously. If the TPM blob cannot be loaded, then corrective action will preferably take place automatically to configure the new TPM.

Abstract: Systems and methods are provided for providing generating and managing profiles. Such systems and methods may be implemented to control access to a function of a web server or site based on a level of trust associated with a user or device profile. According to one exemplary method, session information associated with a request to access a function of a web server is identified. At least one processor determines whether the request is associated with a trusted device profile based on the at least the session information. Access to the requested function is provided when the request is associated with a trusted device profile.

Abstract: Authenticating a user for testing purposes. A web server receives a request from a client that includes an authentication credential and that is formatted to be handled by a particular authentication module. The authentication module is configured to obtain authentication tokens based on authentication credentials included in requests, while refraining from generating any interactive authentication dialog. Based on the request, the web server passes at least a portion of the request, including the authentication credential, to the authentication module. The authentication module determines that the request is formatted in a manner that triggers the authentication module. The authentication module obtains an authentication token from an identity provider based on the authentication credential, while refraining from generating any interactive authentication dialog. The authentication module returns the authentication token to the web server. The web server returns the authentication token to the client.