Abstract: An end-to-end client server system and related method for use in conjunction with mobile terminals. A client application on a mobile terminal is configured to remotely access a backend server via a gateway system. The mobile terminal includes a client application configured to generate a one time password using secret information and a password library, both known only to the client application and a verification component of the gateway system. The one time password provides an additional level of security, which is user dependent and not network dependent.

Abstract: A system and method in one embodiment includes modules for creating an asset tag including one or more conditions of an asset on a network, adding the asset tag to an asset report template, and generating an asset report from the asset report template. More specific embodiments include creating the asset tag by generating a query for the one or more conditions. The asset tag may include a second asset tag configured to be updated automatically, and a third asset tag configured to be updated manually, and the second asset tag may be updated automatically when the asset tag is updated. Other embodiments include creating a vulnerability set including a selection of vulnerabilities from a plurality of vulnerabilities, adding the vulnerability set to the asset report template, and scanning a plurality of assets on the network.

Abstract: A system and method of detecting malware. A program file is received and analysis performed to identify URLs embedded in the program file. The URLs are categorized as a function of a URL filter database and a malware probability is assigned to each URL identified. A decision is made on how to dispose of the program file as a function of the malware probability of one or more of the URLs identified. In one example approach, a malware type is also assigned to the program file as a function of one or more of the URLs identified.

Abstract: A method of setting which includes: obtaining, from a smart meter, an ID of the smart meter; obtaining, from a HEMS-controller, an ID and a certificate of the HEMS-controller and an ID and a certificate of an appliance controlled by the HEMS-controller; generating management information in which the ID of the smart meter, the ID and the certificate of the HEMS-controller, and the ID and the certificate of the appliance are associated with one another; and transmitting, based on the management information, the ID and the certificate of the HEMS-controller and the ID and the certificate of the appliance which are associated with the ID of the smart meter, to the smart meter.

Abstract: The described implementations relate to trusted platform module (TPM) security. One configuration that is implemented on a computing device includes a TPM configured to generate a key pair utilizing a factor stored on the TPM and an external cofactor that is not stored on the TPM. The computing device also includes a communication device configured to receive the external cofactor and convey the external cofactor to the TPM.

Abstract: Techniques for electronic signature processes are described. Some embodiments provide an electronic signature service (“ESS”) configured to facilitate the creation, storage, and management of electronic signature documents. In one embodiment, an electronic signature document may be associated with custody transfer rules that facilitate transfers of custody of an electronic signature document from one user or party to another. A custody transfer may results in a transfer of rights or capabilities to operate upon (e.g., modify, view, send, delete) an electronic signature document and/or its associated data. A custody transfer rule may be trigged by the occurrence of a particular event, such as the receipt of an electronic signature.

Abstract: A device newly introduced to a network is automatically credentialed to be able to communicate over a network before the device first communicates with the network. For example, at a point of purchase, a user can provide network identification information to a merchant computing device that effects transfer of that information to the new device such that the new device can communicate directly with the network without initial credentialing directly between the unique device and the local network. In another example, the merchant computing device communicates with the local network to register a newly purchased device with the local network before the newly purchased device is introduced to the network. Accordingly, the network is configured to begin communications with the unique device without initial credentialing directly between the unique device and the local network.

Abstract: A gateway device for operation at a user premises to provide and manage application services provided for endpoint devices associated with the gateway device. The gateway device includes a communications client program to enable client-server communications between the gateway device and a remote communications server via the wide area network using a presence and networking message protocol. The gateway device utilizes at least one driver program with a driver communications protocol to communicate with, control, and manage associated endpoint devices. The communications client program interacts with the driver program, and the gateway device is configured to specify which associated endpoint devices, attributes and operations are exposed to the network via the communications client.

Abstract: In general, the invention relates to a method for performing a command on a token. The method includes receiving a first command authentication message digest (CAMD), a command, and scrambled data from a sender, and making a first determination that the sender is allowed to send commands to the token. The method further includes, based on the first determination, generating a second CAMD on the token using the command, the scrambled data, and an Administrative Command Authentication Secret (ACAS), making a second determination that the first CAMD and the second CAMD match, and based on the second determination, performing the command by the token.

Abstract: Methods, systems, and computer-readable media for providing device-based authentication for secure online access are provided. An authentication request is received from an online service. The authentication request may be associated with a login request received by the online service from a user. The authentication request may further indicate a list of device identifiers for computing devices connected to a provider network and previously designated by the user as authorized to access the online service. Communication logs collected from the provider network are analyzed to determine whether the login request originated from one of the authorized computing devices based on the list of device identifiers. If it is determined that the login request originated from one of the authorized computing devices, an indication is returned to the online service that the login request was received from an authorized computing device.

Abstract: Disclosed are various embodiments for supervising execution of untrusted code. Untrusted code that is to be executed in a computing device is obtained. A virtual machine in the computing device is configured to execute the untrusted code, with one or more resource access restrictions being placed on the untrusted code. Periodic updates are obtained from the virtual machine relating to one or more resources of the computing device that are consumed by the virtual machine. Execution of the untrusted code in the virtual machine is interrupted in response to a value indicated by one or more of the periodic updates.

Abstract: Method and system for user authentication using one or more unique ID's associated with one or more electronic devices connected in a communication network, more specifically in short range radio communication network. the method comprising the steps of polling and detection of a short range wireless electronic device within a short range radio communication network, establishing a connection between such short range wireless electronic device with a centralized server, authenticating the short range wireless device ID, requesting further the user to feed a pre-determined authentication code, verifying the fed authentication code with corresponding entries in the database of the central server, establishing an encrypted channel if authentication code found in such database, receiving a user authentication certificate from the wireless electronic device.

Abstract: Remote media access is facilitated. According to an example embodiment, remote-user media access is facilitated using media provided by a subscriber media source, over a packet-based network. This access is facilitated in an environment involving subscriber users that provide media for transfer over a packet-based network to a remote device. A host server receives a request for access to media content provided by a subscriber. The request is authorized as a function of authorization criteria. In response to the request being authorized, a media source associated with the subscriber is controlled to provide requested media for access at a remote device. A media player is displayed at the remote device, and the media is provided for access via the media player.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for verifying a digital object obtained from a remote host. A system configured to practice the method downloads a first object from a first remote source and presents the user with a first request to allow access to the first object. Upon user approval, a multitude of characteristics associated with the object are stored to facilitate future uses of the object. When a second object is downloaded from a second remote source, the system checks the database for a stored user approval. Access to the second object is allowed if the multitude of characteristics associated with the first and second objects match. If the system does not find a match, the user is presented with a second request to allow access to the object.

Abstract: A method of refining cyber threat intelligence data, comprising: sending a first version of a threat list to a first cyber threat intelligence source and to a second cyber threat intelligence source; obtaining original first cyber threat intelligence data from the first source; obtaining original second cyber threat intelligence data from the second source; creating a second version of the threat list based on at least the original first cyber threat intelligence data and the original second cyber threat intelligence data; sending the second version of the threat list to the first source and to the second source; obtaining new first cyber threat intelligence data from the first source; obtaining new second cyber threat intelligence data from the second source; and creating a third version of the threat list based on at least the new first cyber threat intelligence data and the new second cyber threat intelligence data.

Abstract: Packets may be received by a packet security gateway. Responsive to a determination that an overload condition has occurred in one or more networks associated with the packet security gateway, a first group of packet filtering rules may be applied to at least some of the packets. Applying the first group of packet filtering rules may include allowing at least a first portion of the packets to continue toward their respective destinations. Responsive to a determination that the overload condition has been mitigated, a second group of packet filtering rules may be applied to at least some of the packets. Applying the second group of packet filtering rules may include allowing at least a second portion of the packets to continue toward their respective destinations.

Abstract: A handheld communications device is created with a touch sensitive display, a secure computing component, and a non-secure computing component. The secure component may comprise a secure CPU executing a secure operating system. The non-secure component may comprise a separate non-secure CPU executing a separate non-secure operating system. The touch sensitive display on the handheld communications device is divided into a secure portion and a non-secure portion such that information displayed in the secure portion is provided by the secure operating system, and information displayed in the non-secure portion is provided by the non-secure operating system. Similarly, data entered through the secure portion of the display is provided to the secure operating system, and data entered through the non-secure portion of the display is provided to the non-secure operating system.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for responding to an attempt to disable a malware protection program and performing an identification process and one or more protection processes to prevent the execution of potentially malicious code. In one aspect, a method includes monitoring for attempts to disable a malware protection program, identifying a process that generated an attempt to disable the malware protection program, determining whether the process is an approved process, and in response, performing one or more protection processes on the process so as to prevent the execution of potentially malicious code.

Abstract: A uniform certificate revocation list managing apparatus is provided for managing canceled register information of all believable groups in a believable anonymous register system. Canceled register information includes canceled member information of each believable group, list information of unbelievable groups, and list information of unbelievable register service institutions. The uniform certificate revocation list managing apparatus interacts with each believable group and each register system, so as to update a certificate revocation list of each believable group in real time.

Abstract: To improve user-friendliness in recording AV data created after recording is started until it is stopped as a file. AV data that are created after recording is started until it is stopped are recorded as a file. Information that represents a reproduction region and mark information that represents a jump position are additionally written to a reproduction list file. At this point, it is determined whether or not restrictions that have been set to the reproduction list file and an attribute file for additional writing are satisfied on the basis of the reproduction list file as an additionally writable candidate and the attribute file that correlates reproduction time and address of the AV data. When having been determined that they be satisfied, the reproduction region information and the mark information are additionally written to the reproduction list file as the additionally writable candidate. When having been determined that they be not satisfied, a new reproduction list file is created.