Abstract: In a method for protecting digital information, a processor converts a protected address range into a plurality of address blocks of a storage device based on a preset conversion unit, and generates an address block rearranging rule using the address blocks as a parameter. When it is desired to load data into a space of an address batch of the protected address range, the processor converts the address batch into a plurality of address blocks based on the conversion unit, locates rearranged addresses of the address blocks in the protected address range according to the address block rearranging rule, and loads the data into spaces of the rearranged addresses.

Abstract: A method for providing efficient management of certificate revocation may comprise storing a list of identifiers of digital certificates including a revocation list defining a list of revoked certificates in an accumulator, storing a witness value in association with at least some entries in the revocation list in which the witness value provides proof of the membership or non-membership of an identifier in the revocation list, enabling generation of a new accumulator and a new witness value responsive to each insertion or deletion of an entry in the revocation list, and enabling batch updates to the revocation list using a reduced bitlength value generated based on to a ratio of a value generated based on elements added to the revocation list to a value generated based on elements deleted from the revocation list. A corresponding apparatus is also provided.

Abstract: A password-less method for authenticating a user includes capturing one or more images of a face of the user and comparing the one or more images with a previously collected face template. Randomly selected colored light and randomized blinking patterns are used to capture the images of the user. Such captured images are compared to previously collected face templates, thereby thwarting spoof attacks. A secret image, known only to the user and the device, is moved from one area of the display to another randomly selected area, using the movements of the user's head or face, thereby providing a Turing based challenge. Protected audio video path (PAVP) enabled devices and components are used to protect the challenge from malware attacks.

Abstract: In accordance with an embodiment, the logical exclusive operation on the random number RAND and the OPc value are performed several times, the logical operation and encryption processing using a random number RAND and logical operation and encryption processing using a random number S are done in any order, which brings an increase of an attack complexity as to whether to calculate the correlation coefficient from the power consumption waveform at any point when analyzing the correlation power, whereby it is possible to defend the CPA attack effectively.

Abstract: Methods and apparatus are provided for identity verification for at least one user to a text-based communication. An identity of at least one user to a text-based communication is verified by obtaining a plurality of characteristic features of at least one prior text-based communication between the at least one user and at least one additional user; comparing the plurality of characteristic features to a current session of the text-based communication; and verifying the identity of the at least one user based on a result of the comparison. The text-based communication can optionally be suspended if a user is not verified and/or an alarm can be generated.

Abstract: A method for managing access to encrypted data of a data storage system storing snapshot data, a snapshot providing a previous point-in-time copy of data in a volume of the data storage system, wherein the data storage system utilizes changing encryption keys for write data. For each snapshot, the method stores at least one decryption key identifier for each decryption key corresponding to an encryption key utilized to encrypt data written to a volume since a previous snapshot was committed to disk, and associates the at least one decryption key identifier with the snapshot. A key table associating decryption key identifiers with corresponding decryption keys is provided, and based on the key table and the at least one decryption key identifier associated with the snapshot, one or more decryption keys required for accessing encrypted data associated with the snapshot are determined. Decryption key identifiers may be stored in snapshot metadata.

Abstract: Tools and methods in which user interaction via a common user interface enables the assessing of network security prior to implementation of the network, as well as assessing the security of existing networks, portions of existing networks, or modifications to existing networks. A network security model useful in realizing the tools and methods is also disclosed.

Abstract: Methods, systems, and computer program products for authenticating an online user. Authentication involves sending a code from a server to a user device equipped with a source of illumination and a camera capable of capturing video imagery of the online user. The user device receives the code, modulates the source of illumination in accordance with the code, and captures video imagery of the user while the source of illumination is being modulated according to the code. The captured video imagery of the online user is sent to the server where it is analyzed to detect evidence of changes in illumination that correspond to the code. If good correspondence is found, the user may be authenticated. Similar methods may be applied to other biometric data. Applications of the authentication include identify validation, pseudonym verification, and distinguishing human from non human access attempts.

Abstract: A first computing device receives over a telecommunications network from a second computing device a verification message encrypted using a public key. The verification message is generated by the second computing device when initiating a call to the first computing device. The first computing device transmits to a wireless router via a wireless local area network (WLAN) created by the wireless router, the encrypted verification message. The first computing device receives from the wireless router over the WLAN, a decrypted verification message decrypted from the encrypted message by the wireless device using a private key associated with the public key. The first computing device transmits over the telecommunications network to the second computing device, the decrypted verification message. If the second computing device determines that the decrypted verification message corresponds to the encrypted verification message, the second computing device allows the call to the first computing device to proceed.

Abstract: A method for password verification comprises a first verification step for verifying a password that is input at least one time with a first preset password; and a second verification step for verifying the password that is input in another round with a second preset password when the password input in the first verification step is determined to be incorrect. The number of digits of the second preset password is larger than that of the first preset password.

Abstract: Immediately upon identifying a potential breach to a file system, a read-only snapshot of one or more file sets of data stored on a storage volume of the file system is created, and one or more file system protection commands are invoked that restrict access to the snapshot of the file set. Generating the snapshot and restricting access to the snapshot data may include immediately opening an administrative shell for the file-system in response to identifying a potential breach, and executing administrative shell commands that invoke creation of snapshot and limit access of the snapshot data to an administrator or super user.

Abstract: A system and associated computer program product for identifying malware. The system includes one or more processors, one or more computer-readable memories, one or more computer-readable storage devices, and program instructions stored on the one or more storage devices for execution by the one or more processors via the one or more memories. The program instructions include program instructions to receive a data communication simulating manual interaction between a user of the computer and the computer. The program instructions may determine that no user was interactively logged on to the computer approximately at a time the data communication was received by the computer, and in response, classify the data communication as a potential malware communication.

Abstract: There is provided an information processing apparatus including an encrypted-ID generation section which encrypts a unique ID to generate an encrypted ID, the unique ID being set as an ID unique to the information processing apparatus, a communication section which sends the encrypted ID as ID information to be sent to another apparatus, an individualization code holding section which holds, in advance, an individualization code capable of being generated by decrypting the ID information in the other apparatus, and an access key generation section which generates an access key used for authentication with the other apparatus based on the individualization code held by the individualization code holding section.

Abstract: In a method for 802.1X authentication, used in a network which comprises an access device and an access control device, a WLAN security template and a 802.1X client template is enabled at the access device, a 802.1X client template is enabled at the access device, and a 802.1X device template is enabled at a tunnel port of the access control device. The access control device establishes a 802.1X authentication tunnel with the access device, receive a packet transmitted by a client at the access control device through the 802.1X authentication tunnel, authenticates the client after receiving the packet, and assists the access device through the 802.1X authentication tunnel to obtain a session key.

Abstract: Systems and methods for cloning a Wi-Fi access point. A determination is made by a network monitoring device to transition communications between a Wi-Fi device and a first access point (AP) to a second AP. The SSID and the security configuration information, and, optionally, network address translation (NAT) information of the first access point are acquired and provided to a second AP. The second AP instantiates the SSID and the security configuration information and, optionally, the NAT information. The networking monitoring device directs the first AP to cease using the SSID and the security configuration information and, optionally, the NAT information in response to receipt of confirmation that the second AP has instantiated the SSID and the security configuration information and, optionally, the NAT information of the first AP.

Abstract: In one embodiment the present invention includes a computer-implemented method for a mobile device. An application security status is detected. When the application security status is active an application passcode is required to access functionality of a mobile application operating on the mobile device. A first encryption of data associated with the mobile application is performed, where the first encryption uses a first encryption key when the application security status is active, and the first encryption uses a second encryption key when the application security status is not active. A mobile device passcode status is detected. When the mobile device passcode status is active a mobile device passcode is required to access functionality of the mobile computing device. A second encryption of the data is performed when the mobile device passcode status is active, where the second encryption uses a third encryption key.

Abstract: A protocol provides authentication of peripheral devices by a computing device to which the peripheral device connects. Computing devices include a verifier with a public key that authenticates multiple associated private keys. Private keys are embedded on peripheral devices. When the verifier is able to authenticate a connected peripheral, particular functionality is enabled that may not be enabled for peripherals that do not authenticate.

Abstract: A transmitting device, a receiving device, a wireless communication system and a method for controlling the wireless communication system are used for creating a secure wireless communication network of a limited area. The transmitting device comprises: one or more transmitters configured to transmit wireless signals, and create the limited area by a coverage scope of the wireless signals; a cryptography key generating unit configured to generate a cryptography key for the wireless signals; a cryptography key encoding unit configured to encode the cryptography key to a cryptography key frame; and a cryptography key scheduling unit configured to schedule the cryptography key frame so as to control the transmitter to transmit the wireless signals including the cryptography key frame.

Abstract: A customer server receives a client request to access protected resources over the Internet. First factor authentication is performed and if it is successful a vendor authentication engine is invoked to undertake second factor authentication. The results of the second factor authentication are returned to the customer server, which grants access only if both first and second factor authentication succeeds.

Abstract: When a connection device is connected to an SD socket of an electronic device, a process setting unit of the electronic device obtains permission/inhibition information (an output signal) set forth in a permission/inhibition information setting unit of the connection device. Based on the obtained permission/inhibition information, the process setting unit identifies an execution unit whose operation is to be activated among the execution units provided in the electronic device. Then, the process setting unit instructs the identified execution unit to start operation. This realizes operation of execution units in correspondence to the permission/inhibition information.