Abstract: Login credentials for at least one website, such as a social networking website, are received from a user purporting to act on behalf of an entity, for example, in the context of registering the entity with a system for electronic bill payment. Social data relating to the entity is retrieved from the websites using the login credentials. The social data comprises a plurality of social connections, each reflecting a respective relationship between the entity and a respective third party. A plurality of relevant social connections comprising at least a subset of the plurality of social connections is determined, each social connection of the plurality of relevant social connections reflecting a relationship to a respective third party that is deemed to be reliable. A reliability rating of the entity is then determined based on the plurality of relevant social connections.

Abstract: Techniques for managing digital assets are described that enable a principal to designate a plurality of users that will gain access and ownership of the principal's account that contains the various digital assets of the principal in the event of a transfer of assets. The account may be a network accessible account that maintains various digital assets of the principal, such as multimedia, applications, virtual machines, data, and others. In the event of a transfer, access to the account can be controlled by a cryptographic secret, where each of the designated users has been provided with a distinct share (part) of the cryptographic secret. A minimum number of shares of the secret are required before access to the principal's account will be granted. The minimum number may be configured by the principal in advance.

Abstract: A system, method and computer program product for identifying malicious code running on a computer, including an operating system running on the computer with a data storage device; and a trusted software component running simultaneously with the operating system. An online snapshot process of a current state of the data storage device copies data blocks from the storage device to intermediate storage. Processes running under the control of the operating system have access to the data storage device. A scanning procedure runs under control of the trusted software component that has access to data representing the snapshot of the data storage device from the trusted software component. The scanning procedure analyzes the snapshot of the data storage device for the malicious code, and, in response to a “write” directed to a data block in the snapshot area of the storage device, that data block is written to the intermediate storage.

Abstract: Application of a ZUC cryptographic functions in wireless communication includes receiving a data stream at the wireless communication apparatus and applying the ZUC cryptographic function to the data stream. The ZUC cryptographic function includes generating at least one multi-byte pseudo-random number that provides an index to one of a plurality of substitution boxes. Each of the substitution boxes is further based on one or more normative substitution boxes. The ZUC cryptographic function further includes retrieving a value from each of the substitution boxes using each byte of the multi-byte pseudo-random number, assembling the retrieved values into at least one substituted values, and generating at least one key value based on the substituted values, wherein the key value is used in applying the ZUC cryptographic function to the data stream. The method also includes processing the data stream after application of the ZUC cryptographic function.

Abstract: Access to some aspect of a service may be limited until a user has invested in performing some amount of computation. Legitimate users typically have excess cycles on their machines, which can be used to perform computation at little or no cost to the user. By contrast, computation is expensive for for-profit internet abusers (e.g., spammers). These abusers typically use all of their computing resources to run “bots” that carry out their schemes, so computation increases the abuser's cost by forcing him or her to acquire new computing resources or to rent computer time. Thus, the providers of free services (e.g., web mail services, blogging sites, etc.), can allow newly registered users to use some limited form of the service upon registration. However, in order to make more extensive use of the service, the user can be asked to prove his legitimacy by investing in some amount of computation.

Abstract: A system and method includes a service provider registering a plurality of profile IDs with a central authority and providing the profile IDs to an institution where the profile IDs are utilized by the institution for authentication of individual users, authorized to act on behalf of the institution. Each profile ID corresponds to an authentication template for the respective user, and the authentication templates are stored by the central authority. A first user transmits an electronic communication, first authentication information, and an indication of a first profile ID, which is received by the service provider. The service provider then receives the first authentication template from the central authority, which may be requested. The first authentication information is then matched to the first authentication template, and additional actions can be taken with respect to the communication after successful matching.

Abstract: Systems and methods are disclosed for embedding information in software and/or other electronic content such that the information is difficult for an unauthorized party to detect, remove, insert, forge, and/or corrupt. The embedded information can be used to protect electronic content by identifying the content's source, thus enabling unauthorized copies or derivatives to be reliably traced, and thus facilitating effective legal recourse by the content owner. Systems and methods are also disclosed for protecting, detecting, removing, and decoding information embedded in electronic content, and for using the embedded information to protect software or other media from unauthorized analysis, attack, and/or modification.

Abstract: Disclosed is an electronic device and an authentication method performing therein. The authentication method includes transmitting a first address to a service providing node, receiving a first response to the transmission of the first address from the service providing node, transmitting a second address to the service providing node, receiving a second response to the transmission of the second address from the service providing node, and determining whether it is necessary to perform authentication for accessing a data network as a result of comparing the first response with the second response.

Abstract: Methods and apparatus, including computer program products, related to relationship-based authorization. In general, data characterizing a request for authorization to a computer-based resource is received, and the authorization may be provided based on one or more relationships of a requesting principal. A determination may be made as to whether a requesting principal is authorized, which may include determining whether the requesting user has a relationship with a principal that has management rights of the computer-based resource and determining whether the relationship allows for an access, such as a use of the computer-based resource, if the requesting principal has a relationship with the other principal. If there is no such relationship, a determination may be made as to whether an organization of the requesting principal has a relationship with the other principal that allows for the access.

Abstract: An anonymous entity authentication method includes the steps of: an entity B sending RB and IGB; an entity A sending RB, R?A, IGA and IGB to a trusted third party TP, the trusted third party TP checking a group GA and a group GB against IGA and IGB for legality; the trusted third party TP returning ResGA, ResGB and a token TokenTA or returning ResGA, ResGB, TokenTA1 and TokenTA2 to the entity A; the entity A sending TokenAB and IGA to the entity B for authentication by the entity B; and the entity B sending TokenBA to the entity A for authentication by the entity A. In this solution, anonymous entity authentication can be performed without passing identity information of the authenticated entity itself to the opposite entity. Furthermore this solution further relates to an anonymous entity authentication apparatus and a trusted third party.

Abstract: A person may be identified by at least an identification system including a device for capturing an image of a venous network of a finger and a database containing reference venous network images partitioned by class according to topological characteristics and for each class reference topological characteristics. In one embodiment, an image of the venous network is captured, transmitted to the processing unit, centered relative to a display window, and cut into at least two bands parallel to the finger's axis. A set of each band's topological characteristics is extracted. A distance between the extracted set and all reference topological characteristics of the class is calculated, for each class. The venous network image is classified in the class corresponding to the smallest distance and is compared with each reference venous network image in the class. The authenticity of the person from the result of the comparison step is decided.

Abstract: In particular embodiments, a method includes intercepting a remote desktop connection request and connecting to a network gateway based on the remote desktop connection request. A first connection with a server is initiated via the network gateway using a first communication protocol. A plurality of cryptographic contexts are exchanged with the server. A token encrypted using one of the plurality of cryptographic contexts is received from the server. The token is sent from a client device to the server or a proxy to authenticate the client device, and a second connection is initiated with the server, via the proxy, using a second communication protocol.

Abstract: Techniques for preventing unauthorized access to protected network resources include accessing, from a client appliance connected in a distributed network, a computing appliance through the world wide web, the computing appliance including a DNS server addressed by a particular domain name; receiving, from the computing appliance, a portion of code at the client appliance through a web browser of the client appliance, receiving, to a server appliance connected in the distributed network, a request to access secure content stored on the server appliance by the portion of code; comparing the domain name of the DNS server with a server-origin of the secure content; and based on the domain name of the DNS server being exclusive of a set of server-origin values that includes the server-origin, denying access to the request.

Abstract: A method of detecting correlated operations in a common storage. The method comprises providing at least one input operation, each the input operation being designated to write uniquely identifiable data on a memory unit of an application, monitoring a plurality of output operations of the application, each the output operation includes data read from the memory unit, comparing between the at least one input operation and the plurality of output operations to identify at least one matching group of input and output operations wherein each member of the at least one matching group has correlated written or read data in a common correlated target address in the memory unit, and outputting an indication of the at least one matching group.

Abstract: A method and apparatus for securely and remotely enabling the playing of a media program encrypted by a content encryption key over the Internet is disclosed. A license encryption key and a content decryption key are separately and securely transmitted to the receiver. The license encryption key is stored in the CAM and later used to decrypt the content encryption key so that the media program may be recovered.

Abstract: A portable self-contained node apparatus establishes a connection to a host apparatus having one or more peripheral devices connected directly thereto. The node apparatus is configured to view the one or more peripheral devices while being unaware of the host apparatus, and to act as a master device interacting directly with the one or more peripheral devices.

Abstract: Techniques for achieving tenant data confidentiality in a cloud environment are presented. A daemon process within a Tenant Storage Machine (TSM) manages a key store for a particular tenant of a cloud storage environment having multiple other tenants. Just TSM storage processes are given access to the key store. Data is decrypted for the particular tenant when access is needed and data is encrypted using encryption keys of the key store when written in the cloud storage environment.

Abstract: A secure communication kit is disclosed. The secure communication kit may include a plurality of tangible security tokens; each security token storing one or more cryptographic keys and a group identifier. A first cryptographic key stored on each security token may correspond to one of the cryptographic key(s) stored on every of the other security tokens. The group identifier stored on each security token may correspond to each group identifier stored on every of the other security tokens. A client device for securely communicating using the secure communication kit is also disclosed.

Abstract: This document discloses a method, apparatus, and computer program product for testing a computer program application in a server computer. The method comprises: receiving, from a client device, a test request requesting the server computer to test suspicious behavior associated with the computer program application; acquiring the computer program application on the basis of the test request; applying at least one test routine to the computer program application and testing for suspicious behavior associated with the computer program application; creating a test report specifying at least some features of the suspicious behavior, if any found during the at least one test routine; and communicating the test report to the client device.

Abstract: The processing device is intended to be connected to a network of the second domain so as to receive data encrypted according to an encryption method specific to the first domain. It comprises: a memory for containing a first secret specific to the first domain; means of decryption of the data encrypted with the aid of the first secret so as to obtain decrypted data; means of encryption of the data decrypted according to an encryption method specific to the second domain, so that the data encrypted by said means of encryption cannot be decrypted other than with the aid of a second secret specific to the second domain. The invention also relates to the method for transmitting data encrypted with the aid of the secret specific to the first domain in the network of the second domain.