Abstract: An authentication system registers, in a service provision device, identification information for an information processing device that cooperates with the authentication system, associates the identification information for the information processing device with authorization information in accordance with an issuance of the authorization information corresponding to the information processing device, and saves them in the authorization service device, queries the authorization service device for the identification information for the information processing device associated with the authorization information in response to a request for obtaining the service and the issued authorization information from the information processing device, and provides, according to the request, the service with the information processing device in response to a correspondence between the identification information for the information processing device acquired as a result of the query and the identification information for t

Abstract: A method for standardizing computer system action, including: intercepting invoking command; obtaining data structure of the intercepted invoking command after intercepting the invoking command; determining the sponsor of the intercepted invoking command based on the data structure of the obtained and intercepted invoking command, and determining operation method and operation object of the intercepted invoking command; matching the sponsor, the operation method and the operation object of the intercepted invoking command with rules of standardizing computer system action, judging whether to allow executing the intercepted invoking command. The present disclosure determines the sponsor of the intercepted invoking command according to the data structure of the invoking command, and can monitor comprehensively computer system. If only the sponsor is spiteful, the disclosure does not all allow executing the intercepted invoking command, thus detecting lawless operation comprehensively and effectively.

Abstract: Systems and methods may provide for receiving runtime input from one or more unlock interfaces of a device and selecting a level of access with regard to the device from a plurality of levels of access based on the runtime input. The selected level of access may have an associated security policy, wherein an authentication of the runtime input may be conducted based on the associated security policy. In one example, one or more cryptographic keys are used to place the device in an unlocked state with regard to the selected level of access if the authentication is successful. If the authentication is unsuccessful, on the other hand, the device may be maintained in a locked state with regard to the selected level of access.

Abstract: A method for distributing cryptographic data to trusted recipients includes receiving, by an access control management system, from a first client device, information associated with an encrypted data object, the information including an identification of a platform for generating an integrity measurement digitally signed by a root of trust. The access control management system receives, from a second client device, a request for the information associated with the encrypted data object. The access control management system verifies that the second client device includes the platform for generating the integrity measurement digitally signed by the root of trust. The access control management system determines, based on the verification of the second client device, not to authenticate the second client device. The access control management system sends, to the second client device, the received information associated with the encrypted data object, responsive to the determination.

Abstract: A trusted user circle server for encryption key distribution and authentication support, as well as a client-side application which resides on user's devices are disclosed. In particular, the trusted user circle server manages a repository for static public keys (SPUK) which are used for authentication and secure distribution of a dynamic private context key (DPCK) used for the end-to-many encryption. Accordingly, posting users encrypt posted document using the DPCK and viewing users retrieve the DPCK to decrypt the posted document. These keys are associated to the trusted user circle and are generated dynamically for a given circle policy context (CPC). The CPC is an identifier that represents a group of members of a trusted user circle. It changes whenever any member of the trusted user circle leave it, when a new trusted user circle is created or when the DPCK expires after a pre-determined period of time.

Abstract: A system, method, and computer-readable medium for challenge-response authentication are provided. A plurality of codes is received over a communication network based on input provided by way of a user interface displaying a plurality of images. An alphanumeric string is generated based on the received plurality of codes and based on a table that associates each one of the plurality of codes with a respective one of the plurality of images and with a respective one of a plurality of alphanumeric characters. A determination is made as to whether to grant authorization based on whether the generated alphanumeric string matches an alphanumeric user identifier stored in a memory device in association with a user.

Abstract: Pass through service login for an application can include receiving, within a client system, a credential from a Web-based service responsive to a successful authentication of a user of the client system to the Web-based service. The user can be logged into the application executing within the client system using the credential.

Abstract: A computer-implemented method for sharing data stored on secure third-party storage platforms may include (1) identifying a request from a client system for a token that provides temporary access to an encrypted file stored under a user account, (2) identifying, in response to the request, an asymmetric key pair designated for the user account that includes an encryption key and a decryption key that has been encrypted with a client-side key, (3) receiving, from the client system, the client-side key, (4) decrypting the decryption key with the client-side key, (5) using the decryption key to generate temporary decryption data that facilitates the decryption of the encrypted file and that is set to expire, (6) generating the token and designating the temporary decryption data as available in exchange for the token, and (7) providing the token to the client system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A mobile telephone or other type of mobile communication device is configured to store a cryptographic credential within a secure hardware environment of the device. A script is provisioned for execution in the mobile communication device, the script comprising program code that executes at least in part within the secure hardware environment and is configured to utilize the cryptographic credential stored within the secure hardware environment. Prior to permitting the script to access the cryptographic credential, the secure hardware environment verifies an endorsement of the script. The endorsement may be provided by an issuer of the cryptographic credential. The cryptographic credential stored in the secure hardware environment may comprise a long-term credential and the script may be configured to generate a plurality of short-lived credentials based on the long-term credential.

Abstract: A method and apparatus can be configured to transmit indicators to a network entity. The indicators indicate whether security will be applied to a media data, whether security will be applied by an application layer, and whether security will be applied by an evolved-packet-system layer. The method can also include transmitting the media data to the network entity.

Abstract: A user information management apparatus stores various types of user information on a user in a storage unit, causes a providing unit to provide a user with an access code used to access the user information on the user stored in the storage unit, and when receiving the access code from the facility device installed in a facility that provides a service, causes the transmitting unit to transmit the user information corresponding to the service provided by the facility having the facility device among the various types of the user information stored in the storage unit.

Abstract: Systems and methods are provided for assisting a user with setting up an audio system with audio content services the user is already registered with. One method may involve receiving a list of a plurality of audio services supported by an audio system, selecting an audio service from the list of plurality of audio services, and determining whether a computing device application corresponding to the audio service is present on a computing device operated by the user and associated with the audio system. If the computing device application is present on the computing device operated by the user, the audio service may be set up with the audio system based on the user's registration information. In one case, the setup of the audio system with the audio service may require additional user input. In another case, the setup of the audio system with the audio service may be automatic.

Abstract: A memory controller includes a security key and parameter storage unit and a security engine. The security key and parameter storage unit stores at least one security key and at least one parameter that are used during encryption or decryption. The security engine receives encrypted data stored in an external boot memory, decrypts the received encrypted data by using the security key and the parameter, and outputs the decrypted data to a central processing unit (CPU), in a security operation mode.

Abstract: The present invention provides an injustice detecting system enabling detection of an injustice that is performed through an operation that cannot be distinguished from normal operation. This injustice detecting system is provided with: a history recording unit for recording operation history information of a monitored device; an audit information disclosure unit for disclosing audit information including at least information indicating that an audit for detecting an injustice is to be implemented; and an injustice detecting unit for detecting the injustice on the basis of pre-disclosure operation history information which is operation history information generated before the audit information is disclosed, and post-disclosure operation history information, which is operation history information generated after the audit information is disclosed.

Abstract: A code for accessing a resource having a customer account associated therewith is presented via a secondary device, and authentication data indicative of the code that was presented is received from a primary device. The primary device is identified as a trusted device associated with the customer account responsive to receiving the authentication data therefrom, and the secondary device is authenticated for access to the resource responsive to identification of the primary device as the trusted device associated with the customer account.

Abstract: A computer-implemented method for detecting malicious browser-based scripts may include (1) identifying an attempt by a web browser to access sensitive information stored on a server, (2) identifying a web browser script installed in the web browser, (3) calculating a signature hash for the web browser script, (4) querying, using the signature hash, a browser script signature database that associates web browser script signature hashes with script security indicators, (5) receiving, in response to querying the browser script signature database, a script security indicator associated with the signature hash, and (6) applying, based on the script security indicator associated with the web browser script, a script security policy associated with the web browser script. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In accordance with some embodiments, data may be automatically provided on preordained conditions for specific types of data. Thus specific types of data or specific requestors may be treated differently. The system may be programmed to respond appropriately to requests for certain types of data from certain types of requestors. This offloads the need to review specific requests in many cases and enables an automated system for providing requested data as appropriate.

Abstract: In some embodiments, a method comprises displaying a pre-registration invitation on a first digital device connected to a wireless network, determining one or more wireless network identifiers associated with the wireless network, generating a pre-registration code request, the request including the one or more wireless network identifiers, providing the pre-registration code request to a virtual network server, the server generating a pre-registration code in response to the pre-registration code request, the pre-registration code associated with the one or more wireless network identifiers, receiving the pre-registration code, providing a registration request from a second digital device, the registration request comprising the pre-registration code, and provisioning an account based on the registration request and the wireless network identifiers, the wireless network identifiers identified based on the pre-registration code.

Abstract: In a secure computing environment, a method, system and device are provided for loading stored encryption key data from a protected non-volatile memory of a portable device. A boot loader program is initiated after the portable device is powered on, encryption key data is loaded from the protected non-volatile memory of the portable device, and access to the protected non-volatile memory is disabled after a predetermined time after the portable device is powered on. In this way, the encryption key data is loaded from the protected non-volatile memory of a portable device before the boot operating system is loaded.

Abstract: A computer-implemented method for providing controls for application behavior may include (1) identifying an application that is distributed via an application repository and that is configured to use a permission on a computing platform that enables the application to access a feature of the computing platform, (2) receiving a request to reconfigure the application to intercept and interfere with attempts by the application to use the permission, (3) reconfiguring the application, in response to the request, to intercept and interfere with attempts by the application to use the permission, (4) determining that an updated version of the application is available via the application repository, and (5) reconfiguring the updated version of the application to intercept and interfere with attempts by the application to use the permission in response to an instruction to update the application. Various other methods, systems, and computer-readable media are also disclosed.