Abstract: A method of establishing a communication channel between a network client and a computer server over a network is described. The network client may be configured to communicate with the computer server over the network and to communicate with a token manager. The token manager may be configured with a parent digital certificate that is associated with the token manager. The token manager or network client generates a credential from the parent digital certificate, and transmits the credential to the computer server. The credential may be associated with the computer server. The network client may establish the communications channel with the computer server in accordance with an outcome of a determination of validity of the credential by, the computer server.

Abstract: A system and method for providing key challenge validation is provided. In example embodiments, an initiation of a transaction is detected and a challenge comprising a string of characters is generated based on the detection. The string of characters includes transaction specific information indicating a detail of the transaction. The challenge is presented whereby the string of characters includes a challenge key. A response to the challenge is received that includes the challenge key. In various example embodiments, the transaction is validated based on an identification of the key challenge of the string of characters.

Abstract: In conjunction with a registration mode of operation, a first cryptographic device in one embodiment sends challenges to a second cryptographic device comprising a symmetric-key cryptographic module or other key-based cryptographic module that utilizes one or more secret keys. The first cryptographic device receives from the second cryptographic device responses to respective ones of the challenges, and stores information characterizing the responses. In conjunction with an authentication mode of operation, the first cryptographic device sends a selected one of the challenges to the second cryptographic device, receives from the second cryptographic device a response to the selected challenge, and authenticates the second cryptographic device utilizing the response to the selected challenge and the stored information.

Abstract: Systems and methods for account security are provided. In one example embodiment, a first login request including a username and a password is analyzed to identify a first internet protocol (IP) address and a first request time associated with the first login request. A login history comprising login request data for the server computer is analyzed to identify a plurality of usernames, wherein each username of the plurality of usernames is associated with a corresponding login request from the first IP address within a threshold time period of the first request time. In response to determining a login success ratio is below a threshold login success ratio and a number of unique usernames in the analyzed data is above the unique username threshold, the system automatically performs a security action.

Abstract: Various arrangements for managing access to unstructured data are presented. A plurality of access requests may be received from a plurality of remote computer systems to a plurality of business entities stored by a content management server. In response to receiving a request for access to a business entity of the plurality of business entities stored by a content management server from a remote computer system, an identifier request may be transmitted to the content management server. A response from the content management server may be received in response to the identifier request. A resource locator that comprises the identifier may be created. The resource locator may be transmitted to the remote computer system for use in accessing the business entity.

Abstract: The embodiments include a method for providing security for a set of configuration files corresponding to a remote monitoring application. The method may include accessing a server configured to store the set of configuration files. The server is also configured to receive a connection request, over a network, from an agent having the remote monitoring application, generate an encryption key in response to receiving the connection request, transmit the encryption key, over the network, to the agent, encrypt the set of configuration files according to an encryption algorithm and the encryption key, and transmit the encrypted set of configuration files to the agent. According to one embodiment, the server may be accessed by performing one or more maintenance actions on the server.

Abstract: A system and method for controlling access to digital assets in an online media sharing system based on keywords are provided. In general, each digital asset is tagged with a number of keywords. The owner of the digital assets defines a guest list including a number of guests. For each guest, the owner defines permissions controlling the guest's access to the digital assets based on keywords. Thereafter, when a request to view the digital assets is received from a guest node associated with one of the guests, the digital assets that the guest is permitted to view are identified based on the permissions assigned to the guest and provided to the guest at the guest node.

Abstract: An object of the present invention is to more appropriately filter a packet from an external device. This object is achieved by: obtaining address information of the external device from the packet; judging whether or not the address information of the external device has been registered as filter information; extracting, when it is judged that the address information has not been registered, device discrimination information of the external device from the address information of the external device; judging whether or not address information having the same device discrimination information as the extracted device discrimination information has been registered as the filter information; and registering, when it is judged that the address information having the same device discrimination information has been registered, the address information of the external device as the filter information.

Abstract: There is disclosed an image forming apparatus to which one or more programs can be added. The image forming apparatus includes a managing part configured to manage access authorization information set for each of groups into which the programs are categorized, a displaying part configured to display a setting screen in which access authorization setting information is set in correspondence with each of the programs, a changing part configured to change a range of access authorization granted to the programs according to access authorization change information, the access authorization change information including definitions of change information corresponding to the access authorization setting information set in the setting screen, and a determining part configured to determine whether the access authorization can be granted to the programs.

Abstract: Systems, methods, and apparatuses are provided for ciphering error detection and recovery. A method may include using a first set of one or more cipher input parameters to decipher ciphered data ciphered using a second set of one or more cipher input parameters. The method may further include comparing a value of at least a portion of the deciphered data to an expected value. The method may additionally include determining an occurrence of a ciphering error when the value of the at least a portion of the deciphered data is not equal to the expected value. The method may also include initiating a ciphering resynchronization procedure in response to the determination that a ciphering error occurred so as to resynchronize at least one of the first set of cipher input parameters with at least one of the second set of cipher input parameters. Corresponding systems and apparatuses are also provided.

Abstract: An efficient encryption system for improving the computation speed of a garbled circuit is set forth. The garbled circuit includes a number of garbled Boolean gates having first and second garbled Boolean gate input wires. The system includes a first key ki on a first garbled gate input wire. A second key kj is also provided on a second garbled gate input wire. A programmable function is provided for combining the first key ki and the second key kj to obtain an encrypted output key. A method for expediting encryption and decryption of a garbled circuit having a number of encryptions for a garbled table of a garbled gate is also set forth. The method includes the steps of: forming the garbled table with a number of secret keys by applying a function to the secret keys to produce less than twice the number of secret keys as the number of encryptions for the garbled table, and evaluating the garbled table to decrypt an output key of the garbled table.

Abstract: A method and system for authenticating delivery including the steps of receiving by a receiver a delivery information package from a deliverer over a network during a communication between the receiver and the deliverer, wherein the delivery package includes deliverer identity information, sending an authentication request of the received delivery package from the receiver to an authentication module having a hardware processor, over at least one of a call network and an additional network, and authenticating the received delivery package using the deliverer identity information.

Abstract: As individuals increasingly employ their wireless devices to engage in different types of activities they face a growing threat from, possibly among other things, identity theft, financial fraud, information misuse, etc. and the serious consequences or repercussions of same. Leveraging the ubiquitous nature of wireless devices and the popularity of (Short Message Service, Multimedia Message Service, etc.) messaging, an infrastructure that enhances the security of the different types of activities within which a wireless device user may participate through dynamically configurable levels of authentication. The infrastructure may optionally leverage the capabilities of a centrally-located Messaging Inter-Carrier Vendor.

Abstract: A system and method for generating a limited use login credential associated with an account maintained by an institution, where the credential facilitates secure access to the account.

Abstract: A system and method for tracking a downloaded digital media file which employs reheader splicing of the digit media file for digital rights management (DRM) are provided. The system and method provide for receiving a request for a first file from a client, accessing the first file and a second file that is representative of the first file, applying data identifying the client into the second file, and combining the first and second file such that a size of the combined file is substantially the same size as the accessed first file, and downloading the combined first and second file to the client. The combining of the first and second file includes replacing corresponding object components of the first file with the objects components of the second file. The data identifying the client includes at least one of a transaction ID, merchant ID, user ID and order ID.

Abstract: A system and method for secure communication is provided. Outgoing messages to another computing device are encrypted using a first shared key shared with said other computing device, and a first counter, said first shared key and said first counter being stored in storage of a computing device. Incoming messages from said other computing device are decrypted using said first shared key and a second counter stored in said storage of said computing device.

Abstract: A system including a nonce module and an encryption module. The nonce module is configured to generate a nonce for each packet of a plurality of packets to be encrypted using a first temporal key. Each nonce includes a packet number that is different than packet numbers associated with other nonces generated by the nonce module for the plurality of packets. The packet number is greater than N bits in length, where N is an integer greater than 40. The encryption module is configured to encrypt, without reusing a value of the packet number, more than 2(N?1) packets of the plurality of packets using (i) the first temporal key and (ii) the nonces corresponding to the more than 2(N?1) packets using Galois/Counter Mode encryption.

Abstract: A method for authenticating a message by a wireless device is described. The wireless device obtains the input message. The wireless device generates a keystream. The wireless device computes a message authentication code using the keystream and a universal hash function. The universal hash function is computed using carryless multiplication.

Abstract: A system and method for monitoring, modeling and assessing networked devices. A continuous device profiling (CDP) system builds and maintains device-specific and network-specific behavioral models based on observation of network traffic. The behavioral models may be used for network management, detecting misconfigured or malware infected devices, performing network asset inventory, network access control, network discovery in support of network integration, and information security incident response management. CDP models and monitors the active roles that devices assume on the network based on a set of matching profiles, monitors transitions between roles, and triggers corrective action when role transitions violate the policies of the network.

Abstract: Methods, systems, and computer-readable media for updating a domain name server are provided. A console may receive a first request to access the console. The console may verify first permission to access the console. The console may receive a second request to access the domain name server. The console may verify second permission to access the domain name server. The console may receive an instruction to modify an entry in the domain name server. The instruction may specify that a previous Internet Protocol address in the entry is replaced with a new Internet Protocol address. The console may transmit the instruction from the console to the domain name server. The domain name server may be configured to replace the previous Internet Protocol address with a new Internet Protocol address in the entry in response to the instruction.