Abstract: A method of communicating a classical message M between a first party A and a second distant party B over a public channel F, comprises the steps of sharing a key between the parties, the shared key K comprising a short-term-secure key KS and/or a long-term-secure key KL; at A, encoding M as a quantum codeword, A using K to encode M into a first encrypted codeword belonging to a publicly known quantum code; communicating the first encrypted codeword from A to B over F whose output is a second codeword; unitarily transforming the second codeword into a third codeword by using a N-mode interferometer controlled by B, placed at the output of F and keyed by K; determining an estimate of M, at B, by performing a measurement on the third codeword and by processing the measurement using K.

Abstract: The present invention pertains to the field of Internet technologies, and discloses a method for establishing a network connection. The method includes: establishing a user plane connection to a terminal, where the terminal accesses a first WLAN; receiving, by using the established user plane connection, a connection selection request sent by the terminal, where the connection selection request includes connection selection information; determining, according to the connection selection information in the connection selection request, a service network selected by the terminal; and establishing a connection between the terminal and the service network selected by the terminal. In this way, the terminal can connect to different service networks, so that a network connection manner becomes more flexible, interaction between the terminal and a gateway is simplified, and a network connection range is expanded.

Abstract: Methods and apparatuses for user authentication are described. In one example, authenticating a user includes establishing a first wireless communication link between a headset and a first computing device and a second wireless communication link concurrent with the first wireless communication link between the headset and a second computing device. A user authentication request is received at the first computing device from a secure system. The user authentication request is transmitted from the first computing device to the headset. An authentication response is transmitted to the secure system utilizing the second computing device and the second wireless communication link.

Abstract: Detecting a volumetric attack on a computer network with fewer false positives and while also requiring fewer processing resources is provided. The systems and methods described herein use observations taken at the network level to observe network traffic to form a predictive model for future traffic. When the network's future traffic sufficiently exceeds the predictive model, the monitoring systems and methods will indicate to the network to take security measures. The traffic to the network may be observed in subsets, corresponding to various groupings of sources, destinations, and protocols so that security measures may be targeted to that subset without affecting other machines in the network.

Abstract: Systems and apparatuses for a secure mobile cloud framework (referred to as MobiCloud) for mobile computing and communication are disclosed. Embodiments of MobiCloud transfer each mobile node from a traditional strictly layer-structured communication node into a service node (SN). Each SN may be used as a service provider or a service broker according its capability. Each SN may be incorporated as a virtualized component of the MobiCloud. In some embodiments, MobiCloud mirrors an SN to one or multiple virtual images in the Cloud for addressing communication and computation deficiencies of mobile devices. Virtual images can create a visualized MANET routing and communication layer that can maximally assist the mobile nodes to enable pervasive computing services for each mobile device owner. A secure data processing framework is disclosed for the MobiCloud.

Abstract: A method, including collecting data transmitted from endpoints to Internet sites having respective domains and respective IP addresses, and transmissions to IP addresses of ASN numbers or ASN names included in a list of ASNs. An ASN data traffic model is generated by modeling, for each given ASN, data transmitted to any of the IP address of the given ASN based on the data, and for each given ASN and a set of keywords, multiple web searches are performed, each of the web searches including a given keyword and an ASN name or a number for the given ASN. Based on the web searches, a model of relationships between the keywords and the ASNs is generated, and one or more of the ASNs are predicted to be suspicious based on their respective modeled data transmissions and their respective modeled relationships between the keywords and the one or more ASNs.

Abstract: Particular embodiments of a gateway computing device provide a provisioning service for access credentials to a restricted network, wherein the provisioning service is accessible by an open network. A messaging protocol for the open network may only recognize messages relating to one of a set of services provided by the gateway computing device, including the provisioning service. The gateway computing device may receive, from a client device, a request to connect to the restricted network, wherein the request was sent using the open network. Upon determining whether the client device is authorized to access the restricted network, the gateway computing device may send a response to the client device using the open network.

Abstract: A wireless local area network (WLAN) access method, a terminal, and a server implement intelligentization and simplify a user operation. The method includes sending, by the terminal, a request for querying an available wireless access point to a server; sending, by the server according to the query request, obtained information about the available wireless access point; then, receiving, by the terminal, wireless access point information returned by the server, and determining a specific wireless access point from the received wireless access point information; then, sending, by the terminal, an authentication information request of the specific wireless access point to the server; and when receiving the request, sending, by the server, authentication information corresponding to the specific wireless access point to the terminal, where the authentication information is used to connect the terminal to the specific wireless access point.

Abstract: Servers in datacenters, mobile devices and virtualized servers without human interaction may experience difficulties in establishing entropy in a virtualized computing environment. Entropy is an important foundation for cryptography and a lack of entropy has led to weaknesses that can be used to break cryptographic systems in the past.

Abstract: A system and methods for providing and reclaiming a single use imaging device for sterile environments is disclosed and described. The system may include a single use high definition camera used for general purpose surgical procedures including, but not limited to: arthroscopic, laparoscopic, gynecologic, and urologic procedures, may comprise an imaging device that is a sterile and designed to ensure single use. The imaging device may have a single imaging sensor, either CCD or CMOS, encased in a housing.

Abstract: Methods for identifying potentially sensitive information and protecting such potentially sensitive information include scanning systems that collect and/or disseminate such information. Without limitation, systems collect and/or disseminate personal identification numbers (e.g., personal identification numbers, tax identification numbers, etc.), such as merchant systems, bank systems, healthcare systems, and the like, that collect, use, or disseminate sensitive information may be scanned to identify sequences of data that are likely to be sensitive, and may take actions to protect such sequences of data. Scanning and protection systems are also disclosed.

Abstract: A method of securing an industrial control system includes operating the industrial control system in an open mode, wherein communications between a plurality of devices of the industrial control system are unencrypted when the industrial control system is in the open mode. The method includes exchanging security tokens between the plurality of devices of the industrial control system. The method further includes ceasing operating the industrial control system in the open mode and instead operating the industrial control system in a secure mode, wherein the communications between the plurality of devices of the industrial control system are encrypted using the security tokens when the industrial control system is operating in the secure mode.

Abstract: A method of performing a cryptographic operation using a cryptographic implementation in a cryptographic system, including: receiving, by the cryptographic system, an identifying string value; receiving, by the cryptographic system, an input message; performing, by the cryptographic system, a keyed cryptographic operation mapping the input message into an output message wherein the output message is the correct result when the identifying string value is one of a set of binding string values, wherein the set includes a plurality of binding string values.

Abstract: A digital certificate based information security realization method and system are provided. The method includes: separately issuing a digital certificate for a cloud management host, a physical cloud computing host and a virtual cloud computing machine; and carrying out a compliance authentication according to a corresponding digital certificate when the cloud management host, the physical cloud computing host and the virtual cloud computing machine start up or are in the running process. By using a digital certificate trust chain technology for reference and combining with a cloud management system, the digital certificate based information security realization method and system provided in embodiments of the present disclosure realize trusted systems of the cloud management system, the physical host and the virtual machine; beside, by putting emphasis on the security protection of the host platform of a system itself, the security of a virtual cloud platform is improved.

Abstract: A method comprising: carrying out optimization of an item of software in a first intermediate representation; carrying out protection of the item of software in a second intermediate representation different to the first intermediate representation.

Abstract: A system and method is disclosed for using encryption algorithms in peer-to-peer encryption mode to restore the integrity of data. An example method is provided for generating a new derivative for a file that has a plurality of existing derivatives that have been stored on servers using an (n,k) algorithm, where the (n,k) algorithm provides that a minimum number k of the derivatives required to restore the file. The method includes accessing, on a server, a first derivative of the existing derivatives and forming a blob for the new derivative based on a modification operation that uses the first derivative. Moreover, the method includes determining a number of times the modification operation has been performed, and if the number of times the modification operation has been performed is equal to the minimum number k, uploading the blob to a server for storage thereon.

Abstract: The embodiments herein provide a system and method for an authentication-driven secret installation and access to applications and data on handheld computing devices. The secret storage is installed and accessed by a directly installed application or a host application on the device. The system comprises an authentication module for authenticating a user to access a data stored in the secret storage area, and a security module for detecting an intrusion of user's privacy during an accessing of the secret storage area. The authentication module automatically shuts down the application when a privacy intrusion is detected continuously for a preset period of time. A secret storage application is run to create a clone of one or more applications installed outside the secret storage area while the created clone of the one or more applications are stored in the secret storage area.

Abstract: A system and method for a portable device analyzing user information broadcast from target user devices is disclosed. The portable device includes a commodity user device (e.g. iPhone, smart phone) and a directional antenna system fastened to the commodity user device for receiving the user information broadcast from the target user devices. An application program executing on the portable device can then be used to disable a user account on an access control system, for example.

Abstract: A computing system includes: an interface circuit configured to provide access to a data block including an arrangement of multiple individual data; and a processing circuit, coupled to the interface circuit, configured to generate a non-orthogonal protection data corresponding to instances of the individual data along a non-orthogonal direction within the data block for correcting the one or more of the corresponding instances of the individual data.

Abstract: A method of detecting a DoS/DDoS attack includes: acquiring traffic data of a preset service in a preset time period, wherein the traffic data is correspondence data between an overall traffic of the service and a time; acquiring an overall traffic threshold data of the service corresponding to different time intervals calculated according to historical traffic data of the service; wherein the larger the historical traffic data of the time interval, the larger corresponding overall traffic threshold data of the service; determining the time interval corresponding to the acquired traffic data, and finding the overall traffic threshold corresponding to the time interval according to the determined time interval; and comparing the traffic data with the found overall traffic threshold, and performing an attack detection to the service when a duration for which the traffic data keeps exceeding the overall traffic threshold exceeds a preset value.