Abstract: A computer system having a system memory and being arranged to permit a target program (90) installed on the system to be modified in a trusted manner. The system comprises a White-list Management Agent, WMA, module (10) for receiving, at a notification receiver (12), a notification that the target program (90) which is loaded into the system memory of the computer system has performed an update operation on the target program resulting in the generation and storage of a modified version of the target program on a storage device associated with the computer system. The WMA module is operable, upon receipt of a target program update notification, to determine if the program (90) as loaded into the system memory is in a trusted state by measuring the program (90) using a program measurer module (14) and comparing this, using a comparator (16), with a pre-stored value contained in a program whitelist (30), the pre-stored value being obtained from the program whitelist (30) using a whitelist reader/writer (18).

Abstract: Collaborative computing and electronic records are disclosed. An entity that may be able to help achieve an objective is discovered and a connection to the entity established. A meta-language is used to exchange with the entity a description of the objective and a description of the entity. The meta-language is used to negotiate with the entity a contract to help achieve the objective. In the event a contract to help achieve the objective is reached, performing a self-configuration in accordance with the contract.

Abstract: A method for controlling the running of an application includes loading an application to be monitored; running the application loaded herein in a constructed running environment; and, according to a preset running configuration, executing a corresponding operation in the running environment, and processing a system call triggered by the application according to the operation herein. Furthermore, a device for controlling the running of an application includes a loading module configured to load an application to be monitored; a running module configured to run the application loaded herein in a constructed running environment; and a controlling module configured to execute a corresponding operation in the running environment according to a preset running configuration, and process a system call triggered by the application according to the operation herein. The present disclosure can thus ensure that data and applications are controlled and improve security.

Abstract: Systems, methods, and apparatus, including computer programs encoded on computer storage media, for analyzing telemetry data from physical process sensors to detect anomalies within the physical process. A telemetry analytics system is disclosed as a process level anomaly detection system based on operational telemetrics and domain-specific knowledge that protects cyber physical system (CPS) devices against zero-day exploits not detectable through traditional system log or network packet inspection. The telemetry analytics system operates as a security component comparable to intrusion detection or anti-virus/anti-malware that generates alerts upon detecting anomalies in the sensor and/or activity data ingested from system or network data sources.

Abstract: The embodiments described in this disclosure may be adapted to detect and mitigate tainted content in network communications across client-server boundaries using a pair of complementary taint engines at both ends of the network. Methods, systems and computer readable storage media are adapted to receive request from a web application of a client system and generate standard responses. The header of the request can include a request taint value that can be evaluated to determine whether the request is a standard network transfer protocol request (e.g., HTTP request) or a multipart network transfer protocol request (e.g., a CTTP request). If the request is a multipart network transfer protocol request, a multipart network transfer protocol response can be constructing based on the generated standard network transfer protocol response, and client systems can be configured to detect tainted content based on the multipart network transfer protocol response.

Abstract: Technologies for securing an electronic device may include determining a plurality of rules, monitoring execution of the electronic device, generating a notification that one of the operations has occurred based upon the rules, and, based on the notification and the pattern of the operations, determining whether the operations are indicative of malware. The rules may include an identification of a plurality of entities of the electronic device to be monitored, an identification of one or more operations between the entities to be monitored, and an identification of a pattern of the operations to be monitored.

Abstract: The subject matter discloses a method operated on at least two servers for a third-party client, the method comprising receiving by a first server a first result of the first irreversible function applied to a secret key from a first third-party client, receiving by a second server a second result of the second irreversible function applied to the secret key from the third-party client, receiving by the first server, a message from a second third-party client, the first server computing a first hash function on said first result and on said message, and sending a result of the first hash function from the first server to the second server, the second server computing a second hash function on said second result and on the result of the first hash function sent from first server and outputting the result generated by second server as HMAC result.

Abstract: A user login method for use in a terminal is provided. The method includes: receiving an automatic login request; acquiring a terminal identifier of the terminal; sending, to a server, a query request about a user account associated with the terminal identifier and a password corresponding to the user account, the query request including the terminal identifier; receiving, from the server, a query result based on the query request; selecting a user account from the query result and a password corresponding to the selected user account, if the query result is not empty; and sending, to the server, the selected user account and the corresponding password, for the selected user account to login after authentication by the server.

Abstract: Example embodiments relate to zeroconf profile transferring to enable fast roaming. In example embodiments, user identification is received from a user computing device that is connected to a wireless device, where the user identification is sent to an authentication server to determine a zeroconf profile name. In response to receiving a user authorization from the authentication server, the user computing device is provided with access to a network. Further, a zeroconf profile is used to provide the user computing device with access to services on the network, where the zeroconf profile is identified using the profile name. The zeroconf profile name is then sent to a neighboring wireless device that uses the zeroconf profile name to identify the zeroconf profile for providing the user computing device with access to the services.

Abstract: Creation of update of a security context between user equipment and MSC/VLR (Mobile Switching Centre/Visitor Location Register) for circuit switched domain services is provided. The creation or update is based on conversion of the security context used in an evolved Universal Terrestrial Radio Access Network (E-UTRAN) in the Mobility Management Entity (MME) to a security context for the circuit switched domain target system and transferring it to a MSC/VLR. When user equipment is moved from E-UTRAN to GSM EDGE Radio Access Network/Universal Terrestrial Radio Access Network (GERAN/UTRAN), a MME does not need to perform authentication and key agreement procedures to establish shared circuit switched security context for the user equipment.

Abstract: A method and a system for testing an authentication server. The method comprises: installing a certificate of an authentication server to be tested in a monitor console and installing a certificate of the monitor console in the authentication server to be tested; constructing and sending, by the monitor console, based on a configuration type of the authentication server to be tested, according to a roaming authentication protocol, roaming authentication protocol data to the authentication server to be tested; capturing response data sent by the authentication server to be tested, and performing comparative analysis to determine whether field information in the response data is consistent with locally stored respective information; and displaying that the authentication server to be tested is tested successfully in a case that the field information in the response data is completely consistent with the locally stored respective information; otherwise, displaying comparative analysis information.

Abstract: A method for secure communications between a transmitting computer and a receiving computer includes transmitting data from the transmitting computer over a first one-way link to a data security engine, receiving and validating the data within the data security engine, and, after validating the data, transmitting the data from the data security engine to the receiving computer over a second one-way link.

Abstract: An API call filtering system filters responses to API call requests received, via a network, from UEs. The API call filtering system is configured to require personalized API call requests wherein each API call (except for some minor exceptions) includes a unique UE identifier (“UEIN”) of the UE making the request. Using the UEIN, the web service or other service protected by the API call filtering system can be secured against excessive request iterations from a set of rogue UEs while allowing for ordinary volumes of requests of requests the UEs, wherein one or more boundaries between what is deemed to be an ordinary volume of requests and what is deemed to be excessive request iterations are determined by predetermined criteria.

Abstract: A system and method for managing an encryption key are provided, which include receiving, from a DRM agent, an RO request message for receiving content; generating a KSP including a first key and a second key; applying hash chains with different directions to the first key and to the second key to generate an encryption key for the content; and transmitting, to the DRM agent, a response message including a context element having an identifier of the content and a key information element. The key information element includes a first encryption key element; a rights encryption key information element; and an encryption data element.

Abstract: Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems are provided. These systems and methods provide an alert correlator and an alert distributor that enable early signs of an attack to be detected and rapidly disseminated to collaborating systems. The alert correlator utilizes data structures to correlate alert detections and provide a mechanism through which threat information can be revealed to other collaborating systems. The alert distributor uses an efficient technique to group collaborating systems and then pass data between certain members of those groups according to a schedule. In this way data can be routinely distributed without generating excess traffic loads.

Abstract: A method for transmitting information from a first security module to a second security module involves a system comprising the first and the second security modules. An anti-collision phase comprises a sequence of anti-collision queries, and a communication phase follows the anti-collision phase. The first security module transmits the information to be transmitted to the second security module in the anti-collision phase by sending responses of the first security module to the sequence of anti-collision queries, with the information to be transmitted being encoded in the responses of the first security module. The second security module decodes the information to be transmitted from the sequence of the received anti-collision queries. Furthermore, the invention discloses a first and a second security module, in particular for transmitting information.

Abstract: According to an example, a web page is loaded and description information of the web page and layout information of the web page are generated, the description information of the web page is compared with the layout information of the web page, whether all tag nodes comprised in the description information of the web page are comprised in the layout information of the web page is determined, and it is determined at least one tag node, which being comprised in the description information of the web page and not contained in the layout information of the web page, as hidden content.

Abstract: The invention relates to a method for monitoring a security network interface unit (23), for example a firewall, which receives a stream of data packets via a first interface (21), checks said data stream with respect to filtering rules, and outputs said data stream to a second interface (22). The method has the steps of duplicating and outputting the data stream to the second interface (22), checking the output data stream for inadmissible data traffic, transmitting a warning message to the security network interface unit if inadmissible data traffic is detected in the data stream, and restricting the data stream by means of the security network interface unit if the warning message is received in the security network interface unit (23). The device or the system according to the invention comprises units which are designed to carry out the aforementioned method.

Abstract: An approach is provided for adapting privacy profiles to respond to changes in physiological state. The policy platform may process and/or facilitate a processing of sensor information to determine at least one change in one or more physiological states of at least one user, wherein the at least one user is associated with at least one context, at least one activity, or a combination thereof. Then, the policy platform may cause, at least in part, a modification of at least one privacy profile for at least one device associated with the at least one user based, at least in part, on the at least one change in the one or more physiological states, the at least one context, the at least one activity, or a combination thereof, wherein the modification of the at least one privacy profile includes, at least in part, an enabling or a disabling of one or more privacy services operating at least at least one device.

Abstract: Embodiments of the present invention provide an approach for policy-driven (e.g., price-sensitive) scaling of computing resources in a networked computing environment (e.g., a cloud computing environment). In a typical embodiment, a workload request for a customer will be received and a set of computing resources available to process the workload request will be identified. It will then be determined whether the set of computing resources are sufficient to process the workload request. If the set of computing resources are under-allocated (or are over-allocated), a resource scaling policy may be accessed. The set of computing resources may then be scaled based on the resource scaling policy, so that the workload request can be efficiently processed while maintaining compliance with the resource scaling policy.