Abstract: There is disclosed a method of signing an electronic document. The method comprises: receiving via an encrypted connection a signature generation request file; receiving the AD information (such as dynamic autographic signature of the user) associated with a user. The method further comprises generating a first control sum based on the electronic document and a second control sum based on the AD information. The method further comprises generating a single numeric sequence based on the first and second control sums and encrypting the single numeric sequence using the private key to generate a digital signature. The method further comprises generating a final signature confirmation file including a hyperlink to the electronic document to be signed and to the AD information associated with the user; and transmitting, to the electronic address associated with the user, a file containing the digital signature, only in response to a conformation response from the user.

Abstract: The disclosed computer-implemented method for identifying detection-evasion behaviors of files undergoing malware analyzes may include (1) monitoring, by a plurality of monitor components related to an automated execution environment, a file that is undergoing a malware analysis in the automated execution environment, (2) detecting a suspicious discrepancy among the monitor components with respect to computing activity observed in connection with the malware analysis by (A) identifying a monitor component that has observed the computing activity in connection with the malware analysis and (B) identifying another monitor component that has not observed the computing activity in connection with the malware analysis, and then (3) determining, based at least in part on the suspicious discrepancy, that the file demonstrates a detection-evasion behavior that led to the other monitor component not observing the computing activity in connection with the malware analysis.

Abstract: The present disclosure describes a method for repairing a file. A user device searches for a defect file corrupted by a virus file, obtains a virus file name of the virus file and transmits the virus file name to a server. The user device receives an indication transmitted by the server and generates first characteristic information according to the indication; wherein the indication includes information of positions of the defect file that will not be modified by the virus file. The user device transmits the first characteristic information to the server, such that the server obtains a repairing file corresponding to the first characteristic information. The user device replaces the defect file with the repairing file.

Abstract: The embodiments relate to a method and a test system for testing integrity of property data of a device using a testing device within a network, the devices and their respective property data within the network, such as all the measurement or control device distributed inside an industrial automation system, being taken into account in order to simplify testing of a large number of devices. The various property data are tested for an identity and are labelled, and calculations, which are carried out by the testing device for testing purposes, are initiated on the basis of the labelling. By taking other devices in the system into account, security requirements may be fulfilled during testing and the computational effort for the testing device may also be reduced.

Abstract: Methods, systems, and computer-readable storage media for storing event data in an audit log file. Implementations include actions of receiving event data, determining a first signature based on the event data and an end marker, and appending the event data and the first signature to the audit log file, the first signature comprising at least a portion of a signature chain associated with the audit log file.

Abstract: According to an embodiment, a database coordinator processor is described comprising a memory configured to store, for a plurality of databases storing hardware certificates or software certificates an indication, for each certificate, of the database of the plurality of databases in which the certificate is stored; a receiver configured to receive, for a certificate, a request from a communication device for an indication of a database in which the certificate is stored; a determiner configured to determine from the memory a database in which the certificate for which the request has been received is stored; and a transmitter configured to transmit a message to the communication device indicating the determined database.

Abstract: A system comprising at least one component running on at least one server and receiving vulnerability data and, for each device of a plurality of devices, device data that includes data of at least one device component. The system includes a trust score corresponding to each device of the plurality of devices and representing a level of security applied to the device. The trust score is generated using a severity of the vulnerability data. The system includes an access control component coupled to the at least one component and controlling access of the plurality of devices to an enterprise using the trust score.

Abstract: There is disclosed a method of authenticating a client computing device to a server, the client computing device and the server both parties to a common authentication approach, the client computing device including an encrypted identifier containing a secret, in which the client computing device cannot decrypt the encrypted identifier, in which the client computing device encrypts the encrypted identifier using the common authentication approach and sends the encrypted encrypted identifier to the server, and in which the server decrypts the encrypted encrypted identifier, using the common authentication approach and a server secret, so as to determine the secret. Related systems, servers, client computing devices, pairs of computer program products comprising a server program product and a client computing device program product, the server program product, or the client computing program product, are disclosed.

Abstract: A key pair validation method provides for a first party to generate a seed to define a private key, a public key, a session key and a validation field for the purpose of performing a cryptographic activity with a second party. The validation field is determined by encrypting the first party seed. The second party receives the first party public key and the validation field from the first party. The second party calculates a session key and utilizing the calculated session key, decrypts a cipher text to recover the first party's seed and the first party's private and public key. The recovered first party public key is compared to the received first party public key. If the received and recovered public keys match, the private-public key pair received from the first party is validated and the second party proceeds with the cryptographic task. If the received and recovered public keys do not match, the second party simply reports to the first party that the cryptographic task failed.

Abstract: A method of configuring an appliance to be a plug-and-play network filter includes the steps of configuring an appliance to alter the flow of network traffic when the appliance is connected to a network. The appliance is configured to change the address resolution protocol ARP so that it assumes the role of a router by issuing an ARP packet. The appliance is configured to establish itself between the router and end user terminals. The appliance is configured to respond to any ARP Request on the Gateway IP address. The appliance is configured to monitor Internet traffic, and filter certain predefined types of Internet traffic. The appliance is configured to transparently proxy web packets on TCP with destination port 80.

Abstract: An electronic device comprises a processor, a permissive sector, a trusted security zone that is separate from the permissive sector, a hardware driver, a first trusted application, stored in the trusted security zone, that is configured to invoke the hardware driver in response to activation instructions, and a second trusted application, stored in the trusted security zone, that when executed on the processor, configures the processor to: amass information about an uncompromised state of the hardware driver, store the information about the uncompromised state of the hardware driver in the trusted security zone, and compare, in response to receipt of activation instructions by the first trusted application, the information about the uncompromised state of the hardware driver with a current state of the hardware driver, and perform an action in response to a result of the comparison.

Abstract: A method, a computer program product, a system and a connectivity analyzer are disclosed for determining available communication functionalities during the configuration of a DICOM node in a DICOM network. According to an embodiment of the invention the available communication functionalities are registered automatically by way of test communication requests and analysis of the test communication responses. Following the analysis the result containing the detected communication functionalities can be provided automatically. The result is preferably provided in the configuration phase and already prior to the entry into operation of the respective DICOM node.

Abstract: A user login method for use in a terminal is provided. The method includes: receiving an automatic login request; acquiring a terminal identifier of the terminal; sending, to a server, a query request about a user account associated with the terminal identifier and a password corresponding to the user account, the query request including the terminal identifier; receiving, from the server, a query result based on the query request; selecting a user account from the query result and a password corresponding to the selected user account, if the query result is not empty; and sending, to the server, the selected user account and the corresponding password, for the selected user account to login after authentication by the server.

Abstract: A method for configuring an application for an end device having a predefined end-device configuration with a predefined security level. A query about the predefined end-device configuration is directed by means of the application to a central place in which a multiplicity of security levels of end-device configurations have respective application configurations associated therewith. In response to the query, the central place ascertains the predefined security level of the predefined end-device configuration from the multiplicity of security levels, and outputs it to the application together with the associated application configuration. In dependence on the output security level, one or several functions of the application are configured by means of the application on the basis of the output application configuration for the end device.

Abstract: A network security policy may be implemented at network switches as a set of active packet disposition directives. In a dynamically programmable network, the network switches can be dynamically reprogrammed with packet disposition directives. A security actuator receives flow policy directives from a number of network applications. The flow policy directives express higher-level network security policy goals, including blocking and/or redirecting network traffic. The security actuator converts a flow policy directive into one or more packet disposition directives. The packet disposition directives may include trigger rules to cause network communications to be monitored for matching trigger packets. An automated mechanism initiated by the security actuator may cause trigger packets to be forwarded to the security actuator for analysis. The security actuator may generate packet disposition directives in response to receiving the trigger packets.

Abstract: A method and apparatus is disclosed herein for performing auto discovery of virtual machines. In one embodiment, the method includes monitoring, using an interface of the device, one or more packets being sent from one or more virtual machines, the one or more packets being sent determining, using a processor of the device, if one of the monitored packets includes a discovery packet from one virtual machine of the one or more virtual machines, wherein the discovery packet includes an address of a destination location; sending, using the interface of the device, a reply packet to the one virtual machine using an address in the discovery packet identified in the monitored packets, the reply packet including an Internet Protocol (IP) address of the device.

Abstract: A method of for issuing a radio frequency (RF) card key of an authentication server is disclosed. The method includes receiving an encrypted serial number of a smart card from a mobile terminal, decrypting the encrypted serial number, extracting an RF card key corresponding to the decrypted serial number, encrypting the RF card key, and transmitting the encrypted RF card key to the mobile terminal.

Abstract: A network security policy may be implemented at network switches as a set of active packet disposition directives. In a dynamically programmable network, the network switches can be dynamically reprogrammed with new packet disposition directives. A security mediation service permits such dynamic reprogramming as long as the new directives are consistent with the then-current network security policy. The security mediation service evaluates candidate packet disposition directives for conflicts with the currently active security policy, before instantiating the candidate packet disposition directives at the network switches.

Abstract: A method and device for user authorization is presented herein. The authorization device may be integrated in a display interface configured to receive an infrared input signal. The device may include a means for converting the infrared signal into an electric signal. The device may further include a processor configured to analyze the electrical signal. The processor may further be configured to provide an authorization of a user based on the analysis of the electrical signal.

Abstract: The disclosure relates to a countermeasure method in an electronic component, wherein binary data are transmitted between binary data storage units, binary data being transmitted in several transmission cycles comprising a first cycle comprising: randomly selecting bits of the data, transmitting the selected bits and transmitting bits, each having a randomly chosen value, instead of transmitting non-selected bits of the data. A last transmission cycle comprises transmitting bits of the data that have not been transmitted during a previous cycle.