Abstract: A method performed by one or more processing devices, comprising: receiving a request for a quick response code associated with the hosted resource; generating a reference code that references information included in the request; and encoding the reference code into the requested quick response code; transmitting information indicative of the quick response code to the system hosting the resource; receiving a request for access to a resource, the request for access comprising a decoded version of the quick response code; determining that access is requested for the hosted resource; determining that a user who is requesting access to the hosted resource is permitted to access the hosted resource; responsive to determining that the user is permitted to access the hosted resource, transmitting a token for permitting the user to access the hosted resource; and transmitting a message specifying that the user is granted access to the hosted resource.

Abstract: Website trustworthiness is automatically displayed to a user by pre-establishing a user-defined good list identifying one or more known good website addresses. Each known good website address in the user-defined good list has associated therewith at least one user-defined visual characteristics for display. Subsequently, responsive to the user selecting to visit a website address identified in the user-defined good list, the website is displayed for the user and the user-defined visual characteristics associated therewith from the user-defined good list are also concurrently displayed with the website. The user-defined visual characteristics provide the user with a visual indication of website trustworthiness concurrently with display of the website.

Abstract: A reduction in the size of encryption processing configuration applying generalized Feistel structures is achieved. The encryption processing configuration applies a generalized Feistel structure for dividing and inputting data into multiple lines, and repeatedly executing data transformation processing applying a round function on the data transferred to each line, and during the execution cycle of a matrix operation by a matrix operation executing unit for executing linear transformation processing applying a matrix on the data in a first line, an operation is executed on the matrix operation processing data from the initial cycle and data in a second line. This configuration enables a register to be used for both the storage of the data for the second line and the storage of the results of the matrix operation on the first line of data in progress, a reduction in the total number of registers, and thus a reduction in size.

Abstract: An application to be installed is acquired. Security policy geographic information, which is geographic information of an application's target distribution area where a user permits installation, is acquired from security policy that defines processing regarding the application. Application geographic information, which is geographic information of an application's target distribution area, is acquired from the acquired application. Based on a comparison result of comparing the security policy geographic information with the application geographic information, whether or not to permit installation of the acquired application is determined.

Abstract: Disclosed are computers and methods of operating those computers. In the methods, a computer in a touch lock state displays a lock screen image showing a cover layer superimposed over, and obscuring, a background layer. A user enters a touch input to a touch screen of the computer, thereby specifying a portion of that touchscreen. The lock screen image is then modified so that the cover layer does not obscure the background layer in the specified portion of the touchscreen. The cover layer in the region of the touchscreen that is not specified in the touch input continues to obscure the background layer in those regions. If the portion of the touchscreen specified by the touch input exceeds a threshold amount the computer may be changed from being in a touch lock state to being in a touch unlock state.

Abstract: According to one embodiment, an electronic apparatus comprises a communication module and a connection control module. The communication module is configured to execute close proximity wireless transfer. The connection control module is configured to start an operation of establishing a connection between the communication module and an external device which is in close proximity to the communication module if an identifier of the external device wirelessly transmitted from the external device is included in a connection permission list. The connection control module is configured to display a password entry screen if the identifier is not included in the connection permission list, and to add, if a password entered on the password entry screen matches with a registered password, the identifier to the connection permission list and start the operation of establishing the connection between the communication module and the external device.

Abstract: Systems and methods for authenticating applications that access web services. In one embodiment, a web service gateway intercepts a request for a web service from an application, and determines if the application is authorized by a service provider based on information provided in the web service request. If the application is authorized, then the web service gateway identifies a profile for an end user that initiated the web service using the application, and determines if the web service is allowed for the end user based on the profile. If the web service is allowed for the end user, then the web service gateway determines that the application is authenticated, converts the web service request to a protocol used by a server that provides the web service, and transmits the web service request to the server.

Abstract: Aspects of the subject matter described herein relate to identity technology. In aspects, a user device requests access to a service provided by a relying party. In response, the relying party indicates required claims and may also indicate claims providers from which the required claims may be obtained. The user device may obtain the required claims from different claims providers, and send the claims obtained from the different claims providers in one or more messages to the relying party. The relying party may verify the claims or employ a validating service to verify that the claims are valid prior to providing access to the requested service.

Abstract: The invention described herein provides a method and system for foiling a keylogger by creating a custom keyboard driver and passing the keystrokes directly to the browser in an encrypted format. The browser (which is used to access the Internet) has a component that decrypts the keystroke before it is sent to the website. Thus the present invention enables the user to go to any website and enter sensitive information (passwords, credit card numbers, etc.) without the keystrokes being intercepted by Keyloggers. In general terms, the invention described herein provides a method and system for (1) modifying the keyboard driver, (2) encrypting the keystrokes between the keyboard driver and the browser, and (3) notifying the user if the invention has been compromised.

Abstract: Certain embodiments of the present invention provide an archive management application that operates within a host application to provide access to an archive and/or allow access to and/or modification of files in an archive using the host application's interface, instead of operating as a separate standalone archive management application. In an embodiment of the present invention, a file archiving system may include a user interface component, a file management component and a compression/extraction engine component. The user interface component may include an enhanced user interface of a host application that provides an interface for a user. The file management component may include a central directory that provides a representation of the contents of an archive. The compression/extraction engine component may include a file size module and/or a security module. The security module may be used to encrypt, decrypt, digitally sign and/or authenticate a file in an archive.

Abstract: A mobile device includes a session maintainer application, a native application and a shell application and a link to a web application. If a user is seeking to access a native application, and an active session has not been established, user login credential is obtained, a session token is obtained upon verification of the user login credential, and the obtained session token is provided to the native application. If the user is seeking to access a web application, and an active session has not been established, a session token is obtained upon verification of the user login credential and the obtained session token is provided to the shell application. If an active session has been established then the obtained session token is automatically provided to the native or shell application when the user subsequently seeks access to the respective application.

Abstract: Device information for each of multiple devices associated with a user account is maintained by a cloud service. The device information can include credential information allowing the device to be accessed by other ones of the multiple devices, remote access information indicating how the device can be accessed by other ones of the multiple devices on other networks, and property information including settings and/or device drivers for the device. The device information for each of the multiple devices is made available to other ones of the multiple devices, and can be used by the multiple devices to access one another and provide a consistent user experience across the multiple devices.

Abstract: Methods, apparatuses, and computer readable media for malicious request attribution are presented. For example, according to one aspect, requests for one or more records may be received from a requesting computing device. A determination may be made that the requests are of a malicious nature. Responsive to determining that the requests are of a malicious nature, one or more requests for obtaining information about the requesting computing device may be generated, and communicated to the requesting computing device. In some embodiments, at least one of the one or more requests for obtaining information about the requesting computing device may be configured to cause the requesting computing device to fail to properly render at least a portion of a web page comprising at least one of the one or more records.

Abstract: A request is received to install control rules before having received a corresponding QoS Authorization, especially where the QoS Authorization requires a prior reservation of resources. The request for a bearer resource is pre-authorized before having received a QoS authorization for said request, by receiving a request for a bearer resource; determining that a QoS authorization has not been received yet; pre-authorizing said request for the bearer resource by installing initial control rules; and updating the previously installed initial control rules with final control rules upon receipt of the QoS authorization. This pre-authorization and the submission of initial control rules are carried out from a PCRF server towards a PCEF device, before having received the QoS authorization. In particular, the pre-authorization may be triggered from a P-CSCF at the originating or destination side, or at both.

Abstract: A technology is provided which ensures a high security without affecting a plant operation. A plant security managing device includes a determining unit that determines which one of control units multiplexed as a service system and a standby system associated with monitoring and controlling of a plant is the standby system, a security processing unit that performs a security process for detecting the presence/absence of a security abnormality on the control unit that is the standby system, and a change instructing unit that outputs an instruction for changing the control unit that is the standby system and the control unit that is the service system with each other after the completion of the security process by the security processing unit.

Abstract: A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss.

Abstract: A system, method, and computer program product are provided for mounting an image of a computer system in a pre-boot environment for validating the computer system. In use, an image of a computer system is mounted in a pre-boot environment of the computer system, where the image includes a file system structure and initialization data of the computer system. Furthermore, at least one task is performed on the mounted image for validating the computer system.

Abstract: Obfuscating a message, in one aspect, may include detecting sensitive information in a message to be broadcast into public or quasi-public computer network environment; replacing the sensitive information in the message with a representation that preserves general aspects of the sensitive information and a user interface element, the user interface element for enabling a viewer of the message to request access to details of the sensitive information; and transmitting the replaced message for broadcasting into the public or quasi-public computer network environment. De-obfuscating the message, in one aspect, may include authenticating one or more viewers or receivers of the message and based on the authentication, presenting details associated with the sensitive information.

Abstract: The objective of the present invention is to disable functionality of an additional-function unit if an unauthorized program has been installed in an information processing device, thereby preventing an unauthorized program from acquiring, in an unauthorized manner, information from the additional-function unit.

Abstract: Systems, methods, and devices for providing an operational dashboard are described herein. One method includes receiving operational data associated with a system, receiving credentials associated with a user of a user device including a number of display elements configurable by the user, and determining a particular portion of the operational data to provide to the user via the display elements of the user device based, at least in part, on the credentials.