Abstract: A method for setting a password for operating an application of a user device is provided. The method includes requesting the user device to input a password of the application, and requesting the user device to select device binding information of the user device to associate with the password. The device binding information is obtained from one or more of contact information, a photo, an e-mail, a file, or an address.

Abstract: Disclosed is a mobile terminal apparatus including one or more processors configured to execute a process. The process includes storing content data acquired in a specific mode in a storage, acquiring an address corresponding to authentication information at authentication when the content data are acquired in the specific mode, generating a first mail to which the content data are attached and setting the address in the first mail as a transmission destination, transmitting the generated first mail to the address, and controlling deleting the stored content data and a transmission history of the transmitted first mail.

Abstract: A connection method for a mobile device to access the Internet through wireless Local Area Network (WLAN) established by a wireless access point (WAP) includes receiving a connection request from a mobile device. Login information and interface is sent to the mobile device by WAP, the mobile device can generate and broadcast dual tone multi frequency information including its own MAC address through loudspeaker. A distance between the mobile device and the WAP being close, the information of mobile device through DTMF is heard and received and MAC address is extracted. If the extracted MAC address matches the MAC address recorded in an access control list of the WAP, the mobile device is permitted to access the internet through the established WLAN.

Abstract: A system and method for establishing and monetizing trusted identities in cyberspace relying upon user opt in. Users request to attain secure IDs for accessing parties that will rely on secure IDs to complete a transaction, for example merchants and service providers (relying parties). The relying parties (RPs) communicate with identity service providers and attribute providers via an Attribute Exchange Network (AXN) in order to obtain verified attributes associated with an entity (end user or user) that wishes to conduct business with the relying party. The relying party makes requests for verified attributes that are important to consummating business transactions for the relying party. Users are informed of requests for attributes on behalf of relying parties and users have the option to verify attributes, and add new attributes that may be useful or required for conducting business with relying parties.

Abstract: Multiple protocol tunnels (e.g., IPsec tunnels) are deployed to enable an access terminal that is connected to a network to access a local network associated with a femto access point. A first protocol tunnel is established between a security gateway and the femto access point. A second protocol tunnel is then established in either of two ways. In some implementations the second protocol tunnel is established between the access terminal and the security gateway. In other implementations the second protocol tunnel is established between the access terminal and the femto access point, whereby a portion of the tunnel is routed through the first tunnel.

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

Abstract: A method and an apparatus for transmitting data from a transmitter in a first communication network (21) to a receiver in a second, safety-critical application network (22) comprises an input buffer unit (31), an output buffer unit (32), a waiting unit (33) and a testing unit (34). The input buffer unit (31) provides the data that are to be transmitted. The waiting unit (33) detects an input time for the data that are to be transmitted, ascertains a dwell time for the data and stores the data that are to be transmitted and/or a check value for the data that are to be transmitted. The testing unit (34) is designed to test the data that are to be transmitted, following expiry of the dwell time, using a test pattern (41) that is up-to-date following expiry of the dwell time. The output buffer unit (32) is designed to provide the data for the receiver if the data have been deemed uncritical during the check. The test pattern preferably relates to a virus pattern.

Abstract: In one embodiment, a first computing device receives an access token from a second computing device, the access token being generated by the second computing device for a specific software application executing on a specific computing device; stores the access token; receives a request for the access token from a software application executing on a third computing device; verifies whether the software application is the same as the specific software application and the third computing device is the same as the specific computing device for which the access token is generated; and sends the access token to the third computing device only when the software application is the same as the specific software application and the third computing device is the same as the specific computing device for which the access token is generated.

Abstract: Apparatus and method for data security in a data storage environment. In some embodiments, input data from a host is received into a buffer memory. Data compression is applied to the input data to provide compressed data. Encryption is applied to the compressed data to generate encrypted data, and the encrypted data are stored in a main memory of a data storage device. A system parameter value associated with the storage of the encrypted data is generated and stored in a memory, such as the main memory of the storage device. The system parameter value may include information relating to the compression of the data. A trusted relationship is established to authenticate the host responsive to a request for the updated system parameter value. The system parameter value is transferred to the host responsive to the established trusted relationship.

Abstract: A system for executing code with blind hypervision mechanism comprises: at least one addressable physical memory, a processor operating in at least two modes, a mode termed initialization making it possible to define at least one partition in the memory and at least one second mode termed nominal, a memory bus linking the processor to the memory, a memory partitioning unit positioned on the memory bus, the unit being adapted for restricting memory access to the partition currently executing when the processor is in a mode other than the initialization mode.

Abstract: The present invention prevents a maintenance tool for carrying out maintenance work of an electronic control unit (ECU) from being abused by a third person. In an authentication system according to the present invention, an authentication apparatus authenticates an operator of an operation terminal (equivalent to the maintenance tool), and the operation terminal forwards an authentication code generated by the authentication apparatus to the ECU. By using the authentication code, the ECU determines whether or not to permit the operation terminal to carry out a maintenance operation.

Abstract: A method for providing remote access to segments of a transmitted program is presented. The program is recorded, and then stored at a communication server. Information specifying a segment of the stored program is transferred from a communication device to the communication server. Also, a request for access to the specified segment of the stored program is transferred from another communication device to the communication server. In response to the request, the specified segment of the program is transferred from the communication server to the requesting communication device.

Abstract: A technique is provided for a transmitting optical network element with an encrypting entity. The transmitting optical network element has an interface for receiving key information from a key management entity, storage means for storing a public key received by the key management entity, and a key generation entity configured for generating a symmetric encryption key. The transmitting optical network element is adapted to encrypt a received payload to be transmitted to a receiving optical network element using the generated symmetric encryption key, encrypt the generated symmetric encryption key using the public key of the receiving optical network element, and transmit the encrypted payload and the encrypted symmetric encryption key via an optical network to the receiving optical network element.

Abstract: This disclosure provides a notification subsystem for generating consolidated, filtered, and relevant security risk-based notifications. A method includes discovering multiple devices in a computing system. The method includes grouping the multiple devices into multiple security zones. The method includes generating a risk value identifying at least one cyber-security risk of the devices for one of the security zones. The method includes comparing the risk value to a threshold. The method includes automatically generating a notification for one or more users when the risk value violates the threshold.

Abstract: This disclosure provides an apparatus and method for dynamic customization of cyber-security risk item rules. A method includes obtaining information defining a rule by a risk manager system, the rule identifying a cyber-security risk to a computing device in an industrial process control and automation system. The method includes presenting a textual description describing the rule to a user by the risk manager system, the textual description including a selectable configuration parameter associated with the rule. The method includes receiving the user's selection of the configuration parameter by the risk manager system. The method includes, in response to receiving the user's selection of the configuration parameter, receiving a value associated with the configuration parameter from the user by the risk manager system.

Abstract: A method of detecting a content desired to be detected includes receiving electronic data at a first host, determining a checksum value using the received electronic data, sending the checksum value to a processing station, the processing station being a second host that is different from the first host, and receiving a result from the processing station, the result indicating whether the electronic data is associated with a content desired to be detected. A method of detecting a content desired to be detected includes receiving electronic data at a receiving station, and determining whether the received electronic data is associated with a content desired to be detected, wherein the receiving station does not include content detection data for identifying the content desired to be detected.

Abstract: Various implementations disclosed herein provide a method for performing one or more transactions between application containers. In various implementations, the method includes transmitting a key request to a first network node within a cluster of network nodes that are configured to generate and maintain a distributed ledger. In some implementations, the key request indicates that the requested key is for one or more transactions between a first application container and a second application container. In various implementations, the method includes receiving a key in response to transmitting the key request. In some implementations, the key is valid for the one or more transactions between the first application container and the second application container. In various implementations, the method includes synthesizing, at the first application container, transaction data with the key.

Abstract: Techniques described herein relate to generating and managing digital credentials using a digital credential platform in communication with various digital credential template owners and digital credential issuers. In some embodiments, a digital credential platform server may receive and coordinate requests and responses between the digital credential template owners and a set of digital credential issuers, to determine which digital credential issuers are authorized to issue digital credential based on which digital credential templates. The digital credential platform server may provide the authorized issuers with access to particular digital credential templates and the functionality to issue digital credentials to users based on any of the particular digital credential templates. Additional techniques described herein relate to tracking, analyzing, and reporting data metrics for issued digital credentials.

Abstract: This document generally describes techniques for using a distributed ledger to implement a framework for the validation and distribution of virus signatures, which may be used by antivirus engines on computing devices to detect and remove malware. Some implementations can include accessing, by a computing system, data that identifies a plurality of virus signatures. A signature score associated with a first virus signature can be identified that is determined based on a number of signature authorities that have submitted or endorsed the first virus signature. The computing system may determine whether the first virus signature is valid based on whether the signature score satisfies a threshold score. In response to determining that the first virus signature is valid, the first virus signature can be used by the computing system to perform virus scans of one or more files maintained by the computing system.

Abstract: A method for detecting beaconing behavior includes preprocessing network records to identify candidate source and destination pairs for detecting beaconing behavior, where each source and destination pair is associated with a specific time interval in a plurality of time intervals forming a time range, the time interval and time range having been predefined. The activity time interval information is converted from the time domain into the frequency domain. Candidate frequencies are determined from the source and destination pairs, as likely candidate frequencies/periodicities of beaconing activities.