Abstract: Disclosed is a mobile terminal for providing screen information for face recognition includes: a camera unit configured to receive a face image; a display unit configured to output screen information for face recognition; and a control unit configure to, when face images captured in different postures are recognized, provide notification information indicating that the faces have been recognized, wherein the screen information for face recognition includes a plurality of graphic objects denoting face images of different postures, and when there is a posture identical to a posture of a face image received through the camera unit, among the postures denoted by the plurality of graphic objects, the control unit makes the graphic object denoting the posture identical to the posture of the face image received through the camera unit disappear from the screen information for face recognition.

Abstract: Provided are methods, network devices, and computer-program products for a domain name system (DNS) threat detection engine for analyzing DNS traffic for potential threats. In various implementations, the DNS threat detection engine can include threat profiles that include characteristics of network threats associated with DNS. When a DNS message includes a characteristic associated with a particular threat profile, a remediation rule associated with the threat profile can be used to modify the DNS message, including modifying the destination for the DNS message. When the DNS message is received at the new destination, the DNS message can be analyzed to determine whether the DNS message is associated with a threat to the network.

Abstract: An Identity Based Behavior Measurement Architecture (such as the BMA) and related technologies are described herein. In an exemplary embodiment, the BMA can be derived from an IMA and use an identity model to express a deterministic measurement value for platform behavior.

Abstract: Disclosed herein are methods and systems for link-based enforcement of routing of communication sessions via authorized media relays. In an embodiment, a media relay receives encrypted first payloads from a first endpoint and encrypted second payloads from a second endpoint as part of a session. The encrypted first payloads require a first key for decryption and the encrypted second payloads requite a second key for decryption. The media relay is preconfigured prior to the session with secrets useable for identifying the first and second keys. The media relay decrypts the first payloads using the first key and decrypts the second payloads using the second key, and transmits the first payloads to the second endpoint and the second payloads to the first endpoint as part of the session.

Abstract: A system and method for sharing electronic data between participants of a phone conference, such as an online presentation, without a need to exchange passwords to link two devices together for data transfer nor go through a login procedure to access the data resource. To achieve this, the participants use a device or software application that samples the audio of the phone conversation and creates a stream of audio fingerprints. The streams of fingerprints are sent to a matching service on the internet. This matching service finds the fingerprints that correspond to the same conversation among the streams of simultaneous users. Once a match is found with a high enough confidence level, the matching service exchanges identifiers such as public IP addresses and sends those back to the fingerprinting units. When instructed by the user, the units can then proceed to setup a secure data connection.

Abstract: The invention is a method for managing profiles in a secure element that has several profiles comprising files organized in respective logical tree structures comprising respective root files. The root files have identifiers whose values are different from 0x3F00 and the method comprises the step of enabling browsing of the logical tree structure comprising a targeted root file in response to the receipt of a Select file command aiming at selecting said targeted root file.

Abstract: Aspects of the embodiments are directed to an augmented reality Completely Automated Public Turing test to tell Computers and Humans Apart (“captcha”). Upon determining that a user, operating a user device, is attempting to access a website, a host server can cause a camera on the user device to activate and begin streaming and image feed to the host device across a network. The host device can determine an appropriate augmentation to the image feed that is germane to the context and/or environment of what is being displayed in the image feed. The augmentation can be displayed to the user on a display of the user device. The augmentation can also include a prompt instructing the user how to interact with the augmentation. The host server can determine whether to grant the user access based on the user's interaction with the augmentation.

Abstract: The present disclosure provides a method and system for transforming web application output that is vulnerable to XSS attacks to CSP-compliant web application output. This transformation is accomplished by parsing the output code to identify headers and script and splitting the headers and script to form CSP-compliant web application output.

Abstract: A system and method for reliably and securely recording and storing all attributes of personal identification, for the identification and authorization of individual identity as well as attributes relating to it and personal data including but not limited to individual's physical description, bank details, travel history, etc. (the “Personally Identifiable Information “PII”). PII can be difficult to manage in networks where correlation between data sources is required. Thus, in some embodiments, the system combines a distributed database to create a framework for a robust security. The system manages the distributed database to associate transactions, or actions, using data, digital signatures, and/or cryptographic keys, which can be unique to an individual.

Abstract: A network traffic monitoring service provides a way to search network traffic intercepted by a network firewall while protecting the privacy of non-matching network traffic that traverses the firewall. Network traffic is parsed and processed into a set of tokens. In various implementations, the tokens may be words, HTML tags, data values, or other searchable units of information. The tokens are converted into a set of hashes, and the set of hashes is provided to the traffic monitoring service. A search authority submits a search request to the traffic monitoring service. Search terms of the search request are converted to a set of hashes to produce a hashed search request. The traffic monitoring service processes the hashed search request against the set of hashes provided by the network firewall to determine whether the network traffic represented by the set of hashes matches the search request.

Abstract: Systems, computer program products and methods implementing YARN service protection are described. A reverse proxy in a cluster of computers in a distributed computing system can intercept a request to access a YARN service. The request can be associated with requester credentials. The reverse proxy determines that the request includes a REST API call. The reverse proxy determines, based on authentication configuration information, that the call needs to be authenticated. The reverse proxy authenticates the call based on the requester credentials using an authentication mechanism specified in the configuration information. Upon successful authentication of the call, the reverse proxy makes authorization checks based on specified configuration information. If the authorization checks pass, the reverse proxy forwards the request to a server that provides the YARN service in the cluster. If the authentication or authorization checks fail, the reverse proxy denies the request.

Abstract: The present invention provides an information display device which may simply display a defined information to improve the convenience. The information display device is able to read the member card having the member identification code, and access the member management server storing the plurality of information associated with the user, and display the plurality of information associated with the user. In the member management server, the plurality of information associated with the user is distinguished to be information not requiring to be authenticated and information requiring to be authenticated respectively and then is stored. The information display device acquires the information not requiring to be authenticated from the member management server according to the member identification code under the condition of reading the member card, and directly display the acquired information not requiring to be authenticated without being authenticated by the user.

Abstract: A vehicle communication system boarded on a vehicle, comprises a main processor, a Controller Area Network (CAN) controller, and a bi-directional firewall module. The main processor is configured to send one or more CAN messages to the CAN controller and the CAN controller is configured to forward the CAN messages to a CAN through the bi-directional firewall module. The bi-directional firewall module further includes a vehicle status logger, a CAN message filter and a storage module, and the vehicle status logger is configured to check the vehicle's status by collecting diagnostic parameters from ECUs, the storage module is configured to store a white-list and a black-list, and the CAN message filter is configured to selectively choose one of the white-list and the black-list according to different statuses of the vehicle and apply the one of the white-list and the black-list to the CAN messages.

Abstract: The present invention provides a method (500) for secure access to a network resource (150), comprising the steps of receiving a selection of a workflow from the set of workflows, made by a user, from a first client device (160), obtaining a user identifier from the user and a resource key and an interface key from the first client device (160), verifying the user with the user identifier and verifying the network resource (150) with the resource key and the interface key and executing a plurality of activities comprised within the workflow on successful verification of the user and the network resource (150).

Abstract: Protecting a runtime Web service application. A web service application is instrumented to log its operation and allow recreation of its execution trace. Trace point vulnerabilities are identified using one or more data payloads. Candidate trace point operations associated with the trace point vulnerabilities are identified. Supplementary candidate operations are computed based on the existing trace point operations and the one or more data payloads. The Web service application is further instrumented with the one or more supplementary candidate operations.

Abstract: Protecting a runtime Web service application. A web service application is instrumented to log its operation and allow recreation of its execution trace. Trace point vulnerabilities are identified using one or more data payloads. Candidate trace point operations associated with the trace point vulnerabilities are identified. Supplementary candidate operations are computed based on the existing trace point operations and the one or more data payloads. The Web service application is further instrumented with the one or more supplementary candidate operations.

Abstract: In one implementation, a computer system maintains one or more permissions associated with a credential held by a first user, where at least one of the one or more of permissions is delegatable by the first user to one or more other users. The computer system receives an indication that the first user has chosen to delegate a particular permission from amongst the one or more permissions to a second user, wherein the particular permission is needed to perform a particular type of action. Based on the first user indicating a choice to delegate the particular permission to the second user, the computer system associates the delegation of the particular permission with the second user. Based on delegating the particular permission with the second user, the computer system enables the second user to perform the particular type of action.

Abstract: A data-carrying device and methods of authenticating the same are disclosed. The data-carrying device is described as being capable of communicating via the Near Field Communications (NFC) protocol and may have one or more NFC Data Exchange Format (NDEF) records stored in its memory. The data-carrying device also comprises or has the ability to generate a signature that proves the data-carrying device is the authorized device for storing the one or more NDEF records. A data-carrying device that attempts to transmit an NDEF record without a valid signature may be identified as an unauthorized data-carrying device.

Abstract: A method may include identifying a shared usage of a first network address and a second network address in a predetermined period of time. The method may also include clustering the first network address and the second network address based on the shared usage. The method may include determining a weighting factor between the first network address and the second network address based on the shared usage. The method may further include receiving a request that includes the second network address from a client device. The method may include determining that the request for the electronic activity does not include suspicious activity based on the first network address and the second network address being in the cluster. The method may further include permitting the electronic activity based on the determination that the request for the electronic activity does not include suspicious activity.

Abstract: The present invention is to provide a system and a method for managing a terminal to improve the security. The system for managing a terminal 1 connects to a WEB content containing information on an application running on the terminal; calculates reliability of the WEB content; references data on an application in the WEB content if the calculated reliability exceeds a threshold; and performs control of the application for the terminal based on a result of the reference.