Abstract: Methods, systems and computer program products for content management systems. The techniques of the methods, systems and/or computer program products automatically determine activity-based content object access permissions and/or make a recommendation of activity-based content object access permissions. A machine learning model is formed from observations of user interactions over a plurality of content objects. The model is continually updated based on ongoing observation and analysis of user interaction events. When a collaborative relationship is formed between an invitor and one or more invitees, the activity-based permissions model is accessed to determine a set of access permissions to assign to the collaborative relationship. A single collaborative relationship may cover many collaboration objects. In some cases, a set of access permissions are automatically assigned to the collaborative relationship. In other cases, a set of access permissions is presented to the invitor as a recommendation.

Abstract: The present disclosure is directed to for secure data access between multiple entities, and includes actions of receiving, by a secure file storage system, a set of metafiles including one or more metafiles that define actions to be performed and conditions to be satisfied before granting a first system use of data that is resident at a second system, the set of metafiles being provided by the second system, receiving, by the secure file storage system and from a central exchange, an indication that the actions are performed and the conditions are satisfied for use of the data by the first system, wherein the central exchange accesses the set of metafiles from the secure file storage without accessing the data, and in response to the indication, permitting use of the data by the first system.

Abstract: A walled garden system includes a firewall controlling access between a first network and a second network at least by allowing connection requests originating from a user device on the first network to a destination IP address on the second network in response to determining that the destination IP address matches a cleared IP address on a cleared IP addresses list. A controller receives a domain name service (DNS) reply from a DNS server on the second network, and determines whether a domain name specified within the DNS reply matches a cleared domain name on a cleared domain names list. In response to determining that the domain name specified within the DNS reply matches the cleared domain name on the cleared domain names list, the controller adds a resolved IP address specified in the DNS reply to the cleared IP addresses list as a new cleared IP address.

Abstract: A method, a computing unit and a system for token-based information exchange between a computing unit of a first entity (400A) and a computing unit of one second entity (400B) are presented. The method comprises obtaining (110) a token set (200A) associated with the first entity (400A) and a token set (200B) associated with the one second entity (400B), clustering (120) the token set (200A) associated with the first entity (400A) into clusters, requesting (130) information on tokens (205, 205A, 205B) from the computing unit of the one second entity (400B), receiving (140) information on said tokens (205, 205 A, 205B) from the computing unit of the one second entity (400B), determining (150) an active cluster associated with the first entity (400A), modifying (160) the token subset (310, 320) associated with the determined active cluster of the first entity (400A) at least partly with information on the received tokens (205, 205A, 205B) associated with the second entity (400B).

Abstract: Systems and methods are disclosed for online authentication of online attributes. One method includes receiving an authentication request from a rely party, the authentication request including identity information to be authenticated and credential information to be authenticated; determining whether a user account is associated with the received identity information by accessing an internal database; accessing user data of the user account determined to be associated with received identity information; determining authentication data to obtained from a user associated with the user account based on the user data of the user account and the credential information to be authenticated; transmitting a request for authentication data; receiving authentication data associated with the user; transmitting authentication data associated with the user; and receiving an authentication result from the verification data source server for the user associated with authentication data.

Abstract: The computer system is connected to a DB that stores data acquired from a production system in which a plurality of machines operate, and includes a generation unit and a data search unit. The DB stores operation data and environment data. The generation unit generates, by analyzing schedule information including a production schedule of the plurality of products, first owner information for storing first access control data including an owner, the machines, and a first access period set based on operation time, and generates, based on the first owner information, second owner information for storing second access control data including the owner, a type of the environment data, and a second access period set based on the first access period. The data search unit controls accesses to the DB based on the first owner information and the second owner information.

Abstract: A system is provided and includes a securable resource, a locking element configured to assume a locked condition in which the securable resource is locked and an unlocked condition in which the securable resource is unlocked and a controller. The controller is receptive of an instruction to authorize users to unlock the securable resource and is configured to perform operating system (OS) level authentication of the users and OS level control of the locking element in accordance with the instruction to authorize users and the OS level authentication.

Abstract: A system for detecting data leakage is disclosed. The system intercepts web traffic data, de-duplicates the web traffic data, and extracts data elements from the web traffic data. The system further groups the data elements into multiple clusters based on data types associated with the data elements. The system then identifies data elements in a cluster that were previously sent to a user and identifies allowed data elements from an allow table that are supposed to be sent to the user. The system determines whether there is a data leakage by determining whether the identified data elements in the cluster comprises at least one data element that is not in the identified allowed data elements in the allow table.

Abstract: Enclosed are a method and apparatus for operating a database.

Abstract: In embodiments of the present invention improved capabilities are described for detecting restricted content associated with retrieved content. The method and system may include receiving a client request for content, saving contextual information from the client request, presenting retrieved content in response to the client request, and presenting the contextual information from the client request, and retrieved content, to a scanning facility. The scanning facility may utilize the contextual information from the client request to aid in the detection of restricted content associated with retrieved content.

Abstract: Two-way secure channels are provided between two parties to a communication with certification being provided by one party. One method comprises providing, by a first entity that provides a certificate authority, a first signed certificate to a second entity, wherein the first signed certificate is signed by the certificate authority and wherein the second entity generates a first request to sign a second certificate generated by the second entity, wherein the first request is generated by the second entity using a first credential generated by the second entity; receiving, from the second entity, (i) the first request to sign the second certificate, and (ii) the first signed certificate; and providing, in response to the certificate authority verifying the first signed certificate, a second signed certificate, signed by the certificate authority, to the second entity; wherein one or more additional communications between the first entity and the second entity use the two-way channel.

Abstract: The present disclosure generally relates to managing access to credentials. In some examples, an electronic device authorizes release of credentials for use in an operation for which authorization is required. In some examples, an electronic device causes display of one or more steps to be taken to enable an input device for user input. In some examples, an electronic device disambiguates between commands to change the account that is actively logged-in on the device and commands to cause credentials to be released from the secure element.

Abstract: A system and method for authenticating users of a digital device includes an authentication device attached to an authorized user. The authentication device includes one or more motion sensors and acts as a user identity token. To authenticate with a digital device, the user performs one or more interactions with the digital device using the hand associated with the authentication device. The digital device correlates the inputs received due to the interactions with the user's hand and/or wrist movement, as measured by the authentication device. Access to the digital device is allowed if the inputs and movements are correlated.

Abstract: A license authentication device includes a memory that stores a license file including a license expiration date of an application that adjusts a parameter of a semiconductor manufacturing apparatus in a semiconductor factory; and a processor coupled to the memory. The processor acquires log data when the semiconductor manufacturing apparatus executes a processing; and determines whether or not a time included in the log data has passed the license expiration date stored in the license information storage.

Abstract: A computing system for securely managing access to resources of a computing device receives an input at a secure login of a user interface. The computing system compares the input to a plurality of stored security measures and activates one of an operating system or a configuration of a false desktop system. A user interface of the false desktop system shares characteristics with a user interface of an operating system and restricts access to specified files, data stores, applications, networking functions, and/or ports associated with the computing system. When configured, the false desktop system or the operating system is enabled based on the location of the computing system. When configured, the false desktop system deletes files, data stores, and applications of the operating system.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. Embodiments herein provide a method for authentication by dynamically generating security credentials in plug and play scenarios without a pre-configuration of F1 security credentials at an integrated access and backhaul (IAB) relay device in a wireless network.

Abstract: Disclosed is an operation method for a dynamic analyzer for analyzing an execution state of a web application. The present invention comprises the steps of: analyzing an execution state of the web application on the basis of a final attack string including a parameter which indicates a particular operation to be executed through the web application; and performing an analysis of the execution state of the web application, wherein the final attack string is generated so as to avoid filtering logic which is designed to filter a raw attack string including a predefined parameter. Therefore, the present invention can detect a security vulnerability, which cannot be detected by the existing dynamic analyzer, through easy generation of a final attack string capable of bypassing filtering.

Abstract: A method includes generating, at a first station, a security key that is usable for authentication with an access point associated with a wireless network. The method includes switching from an infrastructure mode to an ad hoc communication mode, and while in the ad hoc communication mode, broadcasting a beacon frame and receiving a request, from a second station, to join the wireless network. The method includes determining that the second station is an approved device and sending a first authentication request to the access point on behalf of the second station. The method includes receiving a first authentication response, including challenge text, from the access point. The method includes encrypting the challenge text based on the security key and sending the encrypted challenge text as part of a second authentication request to the access point to authenticate the second station with the access point.

Abstract: A wireless network transfers UE information to an authorization server. The authorization server generates an expected result based on a random number and secret key in response to the UE information. The authorization server transfers the expected result and the random number to the wireless network which transfers the random number to the UE. The wireless network receives an authentication result from the UE and authenticates the UE by matching the authentication result to the expected result. In response to network authentication, the wireless network transfers the expected result to a conferencing server. The conferencing server receives the authentication result from the UE and registers the UE by matching the authentication result to the expected result. The conferencing server establishes media conferences for the UE. The wireless network exchanges media for the UE.

Abstract: An apparatus includes a memory device and a microcontroller device integrated with the memory device. The microcontroller device is adapted to be communicatively coupled to a processor device and is configured to manage access by the processor device to data stored on the memory device. Managing access by the processor device to the data stored on the memory device includes setting an access permission for controlled data stored by the memory device based on authorization data stored in the memory device. Managing access by the processor device further includes receiving, from the processor device, a request to access the controlled data. Managing access by the processor device further includes determining whether to initiate access to the controlled data by the processor device based on the access permission.