Abstract: The present invention provides for an electronic device having cryptographic computation means arranged to generate cryptographic data within the device for enhancing security of communications therewith, the device including an onboard power supplying means arranged to provide for the driving of the said cryptographic computational means, and so as to provide a device by way of a manufacturing phase and a post manufacturing phase arranged for distribution and/or marketing of the device, and wherein the step of generating the cryptographic data occurs during the post manufacturing phase.

Abstract: Detection of an encryption or compression application program may be based on similarity between read files read by a process of the application program and write files written by the process. Read fingerprints of the read files and write fingerprints of the write files are generated. A listing of the read fingerprints is searched for presence of matching write fingerprints to find matched fingerprints. The similarity is calculated based on the read fingerprints and matched fingerprints.

Abstract: Security measures for tokens comprise storing security rules associated with a generated token in a memory. A processor, communicatively coupled to the memory, accesses the security rules associated with the generated token and determines whether to encrypt the generated token by applying at least a portion of the security rules to the generated token. The processor encrypts the generated token. An interface, communicatively coupled to the processor, communicates the encrypted token to a mobile device associated with a user.

Abstract: A data transfer method performed at a proxy server includes intercepting a data request from a client computer that is directed to a target server, encrypting profile information, augmenting the data request by adding the encrypted profile information to the data request, and sending the augmented data request to the target server. A data transfer method that is performed at an information server includes receiving a data request from a proxy server, extracting profile information added to the data request by the proxy server, using the extracted profile information to generate a response, and sending the response to the proxy server.

Abstract: A first network device receives an authentication request, from a second network device, to authenticate a user device and a first over-the-top application, stored on the user device, to determine whether to apply a level of quality of service to the first over-the-top application. The first network device authenticates the user device, based on the authentication requested. The first network device authenticates the first over-the-top application, based on the authentication request. The first network device sends an authentication result, based on the authentication of the user device and the first over-the-top application, to the second network device; and the second network device initiates, based on the authentication result, a process to apply a level of quality of service to information sent between the first over-the-top application and a provider associated with the first over-the-top application.

Abstract: Efficient hardware architecture for a S1 S-box for a ZUC cipher is described. One circuit includes a first circuit to map an 8-bit input data of a Galois field GF(256) for a 8-bit data path for a ZUC cipher non-linear function component into 4-bit data paths for the ZUC cipher non-linear function component. The circuit further includes other circuits coupled to the first circuit to execute the 4-bit data paths in GF(162) to determine the inverse of the 8-bit input data for the ZUC cipher non-linear function component in GF(162) and to map the inverse in GF(162) to the Galois field GF(256).

Abstract: A method and system for analyzing source code is disclosed. A computer identifies a call in a first source code to an application programming interface in a second source code. Responsive to identifying the call in the first source code to the application programming interface in the second source code, the computer determines whether a set of policies for calls to application programming interfaces includes a policy for calls to the application programming interface. Responsive to a determination that the set of policies for calls to application programming interfaces does not include the policy for calls to the application programming interface, the computer generates the policy for calls to the application programming interface and adds the generated policy to the set of policies for calls to application programming interfaces.

Abstract: Disclosed are system, method and computer program product for assessing security danger of software. The system collects information about a suspicious, high-danger software objects, including one or more malicious characteristics of the software object, security rating of the software object, and information about one or more security rating rules used in assessing the security rating of the software object. The system then determines whether the suspicious object is a clean (i.e., harmless). When the suspicious object is determined to be clean, the system identifies one or more unique, non-malicious characteristics of the software object and generates a new security rating rule that identifies the software object as clean based on the one or more selected non-malicious characteristics. The system then assigns high priority ranking to the new security rating rule to ensure that the rule precedes all other rules.

Abstract: A computer-implemented method for executing a workflow is described, wherein the workflow comprises a set of individual activities, the method comprising the operations of deriving a global workflow access type and receiving a request to execute a workflow. Execution of access control based on the global workflow access type is performed. If access is allowable, the user is authorized to execute all activities belonging to the workflow. If access is not allowable, the user is rejected before executing the workflow.

Abstract: Approaches for ensuring a digital file does not contain malicious code. A digital file in an original format may or may not contain malicious code. An intermediate copy of the digital file in an intermediate format is created from the digital file in the original format. The intermediate format preserves a visual or audio presentation of the digital file without supporting metadata or file format data structures of the original format. A sterilized copy of the digital file is created from the intermediate copy. The sterilized copy is in the original format. The sterilized copy comprises a digital signature indicating that the sterilized copy has been converted from the intermediate format to the original format. Advantageously, the sterilized copy is guaranteed to not possess any malicious code.

Abstract: A technique for improving data security is provided. To be specific, in a memory system including an information processing apparatus and a semiconductor memory device, the semiconductor memory device has an interface section that transmits, to the information processing apparatus, data read out from a memory core according to a plurality of communication protocols having different signal transmission/reception methods. Based on a switch command inputted from the information processing apparatus, a communication protocol selection section inputs, to the interface section, a selection signal for selecting a particular communication protocol from the plurality of communication protocols.

Abstract: Security information such as fixed or dynamically received camera location information, laser signature information, timestamp information, and network information, may be used to secure the transport and storage of surveillance video. Where the surveillance video is to be transported on a communication network, the round trip time from a video data storage server to the surveillance camera and back to the video data storage server may be monitored and periodically added to the secured video data. By checking to see whether the round trip time has changed, it may be possible to determine whether the video has been tampered with. The secured video data may also be transported over two or more paths on the network to two or more video data storage servers so that redundant copies may be stored at different primary locations. By comparing copies of the data, alteration of one of the copies may be detected.

Abstract: Aspects of the subject matter described herein relate to a mechanism for assessing security. In aspects, an analytics engine is provided that manages execution, information storage, and data passing between various components of a security system. When data is available for analysis, the analytics engine determines which security components to execute and the order in which to execute the security components, where in some instances two or more components may be executed in parallel. The analytics engine then executes the components in the order determined and passes output from component to component as dictated by dependencies between the components. This is repeated until a security assessment is generated or updated. The analytics engine simplifies the work of creating and integrating various security components.

Abstract: An information processing system including a medium where a content to be played is stored; and a playing apparatus for playing contents stored in the medium; with the playing apparatus being configured to discriminate the content type of a content selected as an object to be played, to selectively obtain a device certificate correlated with the discriminated content type from a storage unit, and to transmit the selectively obtained device certificate to the medium; with the device certificate being a device certificate for content types in which content type information where the device certificate is available is recorded; and with the medium determining whether or not an encryption key with reading being requested from the playing apparatus is an encryption key for decrypting an encrypted content matching an available content type recorded in the device certificate, and permitting readout of the encryption key only in the case of matching.

Abstract: A method and apparatus for provisioning a mobile application that is related to a desktop software application comprising capturing a code using a mobile device, where the desktop software application generates and displays the code for capture by the mobile device; decrypting the code using the mobile device; validating the code; validating a user based on the code; and enabling functionality of the mobile application for use by the mobile device based on the validation of the user.

Abstract: A storage device includes a storage unit and a controller that controls the storage unit in accordance with a request provided from an upstream-side device. The storage unit includes a storage medium that stores data, an authentication processing unit that performs an authentication process, and a storage region managing unit that sets either a first region or a second region in a storage region. The first region is accessible and useable to perform data reading and data writing between the upstream-side device and the storage unit when the access authentication is successfully performed on the basis of a first password. The second region may be released when the access authentication is successfully performed on the basis of a second password. When the storage unit needs to be disconnected, the controller sets the second region in the storage region in which the first region has been previously set.

Abstract: A method in a receiver includes receiving from a transmitter a sequence of communication packets, which carry data encrypted with an encryption scheme. The encryption scheme depends on a counter value that is incremented independently by each of the transmitter and the receiver. Attempts are made to decrypt the data of a received packet multiple times using different, respective counter values, to produce multiple respective decrypted outputs. A decrypted output in which the data has been decrypted correctly is identified, the counter value is corrected, and the data of the received packet is recovered from the identified decrypted output.

Abstract: The invention relates to a security token comprising a communication interface adapted to communicate with a host computer; a security module, comprising encryption based security features; and a non volatile memory storing at least an application to be uploaded and executed in a host computer. The application makes use of the security features when executed in a host computer in communication with the communication interface. The security token is adapted to modify the content of the application as uploaded or its execution parameters at successive connections of the security token to a host computer.

Abstract: A signature generation apparatus includes basic operation execution units each executing a basic operation included in a signature generation procedure; and a whole operation controller connected to the basic operation execution units to control operations in the basic operation execution units and monitor operation states of the basic operation execution units, in which when there is a basic operation execution unit among the basic operation execution units which is executing a secret operation which uses data to be concealed as an argument, the whole operation controller causes basic operation execution units other than the basic operation execution unit to simultaneously execute a random number operation which uses a random number originally used for signature generation as an argument.

Abstract: The embodiments provide a runtime validation apparatus including a runtime interceptor configured to intercept a server request for a requested web resource and a response including response data, and an output validation policy identifier configured to identify an output validation policy from a database storing a plurality of output validation policies based on the requested web resource. The identified output validation policy may represent a template that encompasses allowed responses for the requested web resource. The runtime validation apparatus may further include a validation evaluator configured to compare the response data with the template, and a validation controller configured to permit the response to be transmitted if the response data complies with the template and block the response if at least a portion of the response data does not comply with the template.