Abstract: Methods and systems for enabling a software application that does not have independent licensing information are described. Consistent with some embodiments, a first software application is associated with a license dependency rule that indicates one or more other software applications that must be installed and activated in order for the first software application to be fully executed and used on the target computer system. A license manager module evaluates the license dependency rule, for example, by making remote license calls to verify the license status of the software applications identified in the license dependency rule.

Abstract: An apparatus, method, system, computer program and product each capable of controlling addition of a printing function or controlling use of the printing function are disclosed.

Abstract: Disclosed is a method in a provisioning apparatus. The method comprises obtaining a family key, a family key defining a family; submitting the family key to a security element in a secure manner (2-2); using the family key for securing credential data; submitting said secured credential data to the security element (2-4); using the family key for binding an application to the family; and submitting said binding to the security element (2-5). Also a method in a related security element and related apparatuses, systems and computer programs are disclosed.

Abstract: A non-transitory processor-readable medium stores code representing instructions to be executed by a processor to receive data associated with access by a first plurality of entities to a first website location and to receive data associated with access by a second plurality of entities to a second website location. The processor is also caused to define a co-visitation factor for each of the first website location and the second website location based on the received data. The processor is also caused to, if the co-visitation factor of the first website location and/or the co-visitation factor of the second website location is over a predefined threshold, select the first website location and/or the second website location as target website locations. The processor is caused to send a signal to set a flag associated with each target website location indicating the target website location as a suspicious website location.

Abstract: An intrusion detection system collects architectural level events from a Virtual Machine Monitor where the collected events represent operation of a corresponding Virtual Machine. The events are consolidated into features that are compared with features from a known normal operating system. If an amount of any differences between the collected features and the normal features exceeds a threshold value, a compromised Virtual Machine may be indicated. The comparison thresholds are determined by training on normal and abnormal systems and analyzing the collected events with machine learning algorithms to arrive at a model of normal operation.

Abstract: A method for controlling media sharing among a plurality of nodes in a network. The present method is comprised of availing to the network an instance of media content for sharing among the plurality of nodes by a source node communicatively coupled to the network. The present method further includes decrypting the instance of media content from an encryption local to the source node. The present method further includes encrypting the instance of media content into an intermediate encryption. The present method further includes transferring the instance of media content to a node while the instance of media content is in the intermediate encryption. The node is associated with the network. The decrypting and the encrypting and the transferring are in response to receiving a request for the instance of media content from the node.

Abstract: Apparatus and methods for efficiently distributing and storing access control clients within a network. In one embodiment, the access clients include electronic Subscriber Identity Modules (eSIMs), and an eSIM distribution network infrastructure is described which enforces eSIM uniqueness and conservation, distributes network traffic to prevent “bottle necking” congestion, and provides reasonable disaster recovery capabilities. In one variant, eSIMs are securely stored at electronic Universal Integrated Circuit Card (eUICC) appliances which ensure eSIM uniqueness and conservation. Access to the eUICC appliances is made via multiple eSIM depots, which ensure that network load is distributed. Persistent storage is additionally described, for among other activities, archiving and backup.

Abstract: The invention provides techniques to implement unique identifier for an integrated chip and how this ID can be employed to enhance the security of content in personal video recorder type systems. The storage device can be a hard disk, a removable storage medium or any other type of storage medium. An integrated circuit (IC) within the personal video recorder stores a unique identifier that is used in for encryption and decryption of data stored on the storage device. Several embodiments are disclosed herein that maintain the secrecy of the unique ID such that it is not easily accessible thereby defeating the security scheme.

Abstract: A system and method for defining code by its functionality is disclosed. The technology initially accesses a portion of code. Once the portion of code is accessed at least one functional operation embedded in the code is determined. When the functional operation in the code is determined, the portion of code is then defined by the functional operation. In so doing, the portion of code can be defined by functional operation without requiring the consideration of any semantics related to the portion of code.

Abstract: In a policy handling system performing automatic execution, management, and control of a system, a policy retrieving section (102) retrieves a policy associated with a triggering condition, and notifies a policy-execution-pattern analyzing section (105) of the retrieved policy. A policy-operation-log retrieving section (106) refers to a policy-operation-log storage section (107) to acquire the number of triggering times of the retrieved policy in a predetermined history acquisition period. The policy-execution-pattern analyzing section (105) compares the number of triggering times of the retrieved policy against a predetermined threshold and causes an abnormality notifying section (108) to issue abnormality information when the number of triggering times exceeds the threshold.

Abstract: One of the objects of the present invention is to provide a communication system in which biometrics can be utilized without leaking to a third person so that a strict personal authentication can be conducted. The communication system includes, storing a correspondence table in a card, storing a reference password which is formed by converting a part of biometrics of an authorized user in the card by using the correspondence table, reading a part of biometrics of a user by the card, converting a part of the biometrics of the user into a password by the card using the correspondence table, and checking the password against the reference password by the card, wherein the card and the user are authenticated if a the password and the reference password match in the step of checking.

Abstract: This present application relates to, among other things, Key Caching, QoS and Multicast extensions and improvements to the Media-independent Pre-Authentication (MPA) framework, a new handover optimization mechanism that has a potential to address issues on existing mobility management protocols and mobility optimization mechanisms. MPA is a mobile assisted, secure handover optimization scheme that works over any link-layer and with any mobility management protocol.

Abstract: A first cryptographic device is configured to store secret information that is refreshed in each of a plurality of epochs. The first cryptographic device receives an epoch control signal, and adjusts at least one epoch responsive to the received epoch control signal. Refreshed secret information associated with an adjusted epoch is utilized to authenticate the first cryptographic device to at least a second cryptographic device, where the second cryptographic device and one or more additional cryptographic devices store respective portions of the secret information in a distributed manner. By way of example, the epoch control signal may comprise an epoch advance signal directing that the first cryptographic device advance from a current one of the epochs to a subsequent one of the epochs. In an illustrative embodiment, the first cryptographic device comprises an authentication token and the second cryptographic device comprises an authentication server.

Abstract: Leveraging a persistent connection to provide a client access to a secured service may include establishing a persistent connection with a client in response to a first request from the client, and brokering a connection between the client and a secured service based on a second request from the client by leveraging the persistent connection with the client. The brokering may occur before the client attempts to connect to the secured service directly and the connection may be established between the client and the secured service without provision by the client of authentication information duplicative or additional to authentication information provided by the client to establish the persistent connection.

Abstract: An exemplary method of the invention is for connecting a plurality of clients to one another over a computer network for communication of real-time streaming data to one another, with at least one of the clients being separated by a security device from the network. Exemplary steps include each of the clients communicating a request to the server including a client address and a conference identifier, the server using the conference identifier to identify a conference address, and the server communicating a confirmation to each of the clients in a first protocol containing the at least one conference address. The at least one security device recognizes one or both of the confirmation and request as a signal to allow traffic to pass from said conference address to the respective client separated from the network by the security device.

Abstract: The invention relates to a method for protecting at least one motor vehicle component against manipulation in a control device, which comprises at least one microcomputer (?C) and at least one memory module (2, 3), characterized in that the microcomputer (?C) reads out a specific original identifier (ID) of at least one memory module (2, 3) from the memory module (2, 3) and stores it. Furthermore the invention relates to a control device for a motor vehicle component which comprises at least one microcomputer (?C) and at least one memory module (2, 3), characterized in that at least one memory module (2, 3) has at least one specific identifier (ID) and the microcomputer (?C) has at least one area (11) in which at least one specific original identifier is stored.

Abstract: A method of asymmetric key wrapping in a system is disclosed. The method generally includes the steps of (A) transferring a shared key from a key storage to a cipher operation, wherein the cipher operation comprises a symmetric-key cipher utilizing a cipher key, (B) generating an encrypted key by encrypting a decrypted key with the cipher operation using the shared key as the cipher key in a wrap-encrypt mode and (C) presenting the encrypted key external to the system in the wrap-encrypt mode.

Abstract: A portable storage device has a storage peripheral interface connecting to a computer. An encrypted data storage is available to the computer connected to the interface. The encrypted data storage includes a first part accessible after an authentication. A controller has a first operation mode performing encryption and decryption of data of the first part after the authentication of a first combined credential. The encryption and the decryption rely on a cipher key derived from a second combined credential. The first combined credential and the second combined credential are derived from at least a computer signature of the computer connected to the interface and a user credential of a user of the computer connected to the portable storage device.

Abstract: A computer related security mechanism requires that a human participate in an access verification sequence. Upon a request to access secure data, a puzzle is provided to the requester. Proper solution of the puzzle requires human participation. The puzzle is chosen such that its solution is within the capabilities of a human, but beyond the current state of the art for computer systems. The puzzled can be visually and/or audibly rendered to the user. In one configuration, the puzzle is obtained via a library of pluggable puzzle generators. Puzzle generators in the library can be replaced as the state of the art of computing technology improves.

Abstract: A method for enabling security on a mobile terminal having a communication link with a circuit switched network against suspicious activities is provided. Activities performed at the mobile terminal are performed according to a security policy provided from the circuit switched network. Detection of a suspicious activity is alerted to the circuit switched network when the suspicious activity is detected. A policy manager server of the circuit switched network changes the security policy to cure the suspicious activity on the mobile terminal. Call traffic delivered to/sent from the mobile terminal is filtered out, which causes the suspicious activity according to the security policy. The mobile terminal enforces a security measure on a suspicious activity according to the security policy.