Abstract: The method relates to a method for generating a soft token, having the following: providing a secure element, wherein, in a protected storage area of the secure element, a secret key of a first asymmetric cryptographic key pair is stored, setting up a first cryptographically secured connection between an electronic device and a service computer system, transmitting a request for the generation of the soft token from the electronic device to the service computer system via the first connection, generating a one-time password on the basis of the reception of the request by the service computer system, registering the one-time password as an identifier of the first connection by the service computer system, transmitting the one-time password from the service computer system to the electronic device via the first connection, issuing the one-time password via a user interface of the electronic device, setting up a second cryptographically stored connection between a user computer system and the service computer sy

Abstract: This specification describes technologies relating to software execution. A sandboxing computer system accesses at least one application file and instantiates a sandbox environment. The sandbox environment does not having allocated, when instantiated, a memory buffer for use by a running application. The application file is run in the sandbox environment to produce an application output. A memory buffer is for use by the running application after the application has begun running, and a client computer system is provided with the application output.

Abstract: It is inter alia disclosed to provide first identity data stored in an apparatus, the first identity data comprising an identifier and a first certificate, and to provide second identity data stored in the apparatus, the second identity data comprising an identifier and a second certificate, wherein the identifier of the first identity data is the same as the identifier of the second identity data.

Abstract: A message screening system includes routing to a supervisory recipient an electronic message directed to an intended recipient. The supervisory recipient then is allowed to screen the electronic message by approving or rejecting the electronic message. The electronic message then is forwarded to the intended recipient if the electronic message is approved by the supervisory recipient.

Abstract: A portable memory storage device is provided for interfacing with a computer system. During operating system startup, fields relating to the operating system are prompted for. The portable memory storage device retrieves from memory therein data for populating said fields and provides same to the computer system.

Abstract: A method and system for tracing internet protocol packets is disclosed. One aspect of the method involves generating traceback packets containing information relating to their origin, destination, and encountered devices. The generated traceback packets can differ depending on the network configuration and Internet traffic scenarios. Another aspect involves analyzing incoming Internet traffic and generating traceback packets based on the performed analysis. Another aspect involves discovering a denial-of-service attack. Another aspect involves modifying operational parameters in response to the attack. One aspect of the system involves traceback servers, which can collect and provide traceback information to the public or on a private network. Another aspect involves the dissemination of traceback information to interested and/or authorized parties.

Abstract: Disclosed herein are methods of and systems for facilitating decryption of encrypted electronic information to obtain unencrypted electronic information for consumption by an authorized recipient. A decryption server receives a request for decryption sent by a requesting entity. Subsequently, prior to fulfilling the request for decryption, authentication of the requesting entity may be performed based on a secondary credential. The secondary credential may be issued based on the primary credential. Thereafter, the decryption server retrieves the decryption key by communicating with a source entity, such as a certificate authority, that issued the decryption key. Subsequently, the decryption server decrypts the encrypted electronic information utilizing the decryption key. Thereafter, in an embodiment, the decryption server may transmit the unencrypted electronic information to the requesting entity.

Abstract: An information processing apparatus for accessing a server via a network transmits an issuance request of a certificate including information unique to the information processing apparatus to a certificate authority, and receives the certificate transmitted by the certificate authority in response to the issuance request. The apparatus determines whether or not it is possible to access the server by comparing information unique to the information processing apparatus with the unique information included in the received certificate, and restricts, if it is determined that it is not possible to access the server, issuance of a connection request to the server.

Abstract: A secure mobile application connection bus is disclosed. First encryption information and an identifier associated with a data storage location on a mobile device are provided from a first application to a second application. Second encryption information associated with the second mobile application is retrieved from the data storage location. The second mobile application is configured to provide data to the data storage location. Data is transferred securely between the first mobile application and the second mobile application via the data storage location.

Abstract: Disclosed is an icon password setting apparatus and an icon password setting method, which provide a keyword of an icon for an icon password to be set. The icon password setting apparatus according to the present invention enables password setting using an icon image and an associated keyword, the apparatus comprising: a password management unit for generating or inquiring an icon password; a keyword phrase management unit for generating or inquiring a keyword phrase of the icon password; a password list generating unit for generating a list having each icon password and corresponding keyword phrases; and a user password setting unit for receiving a request for setting the password for the icon password in the list and setting a user password. According to the present invention, a user may easily remember an icon password using the keyword phrase provided when setting the icon password.

Abstract: Fields are determined for pattern discovery in event data. Cardinality and repetitiveness statistics are determined for fields of event data. A set of the fields are selected based on the cardinality and repetitiveness for the fields. The fields may be included in a pattern discovery profile.

Abstract: Systems and methods for enhanced security of media are provided. Media security may be enhanced by improving the setup of encryption and/or decryption, by improving the performance of encryption and/or decryption, or by improving both. The calls related to enhanced security of media from an application in an emulated environment to a security module in the operating system hosting the emulated environment may be combined to reduce the overhead of accessing a security module. An application handling secure shell (SSH) communications may execute multiple calls to a cryptographic module in the host operating system. Because many calls to the cryptographic module during SSH communications follow patterns, two or more related calls may be combined into a single combined call to the cryptographic module. For example, a call to generate a server-to-client key and a call to generate a client-to-server key may be combined into a single call.

Abstract: An information processing system includes a receiving unit configured to receive from an external device a use initiation request designating user specific information and organization identification information, and an authentication unit configured to issue authentication information indicating that authentication has been completed in a case where the user specific information and the organization identification information designated in the use initiation request are stored in association with each other in a first storage unit that stores one or more sets of user specific information in association with the organization identification information. The authentication unit receives a new authentication information issuance request designating the authentication information and issues new authentication information that can be used even after a user termination request designating the authentication information is made.

Abstract: A processor-implemented access control method includes receiving credential and policy directory information to configure an access controller to allow self-provisioning of the access controller through periodic, automated query of the directory by the access controller; acquiring from the directory, credential and policy information for one or more individuals who may require access; storing in a local cache the acquired credential and policy information; receiving an access request to allow an individual access; comparing the access request to the credential and policy information in the cache; and when the comparison indicates a match, granting the individual access.

Abstract: A method, apparatus and computer program product for performing authorization control in a cloud storage system. The method comprises: receiving an access request to a file block, wherein the file block is embedded with tag data comprising at least file block authorization information; retrieving the file block; extracting the file block authorization information from the tag data; determining whether the access request matches the file block authorization information; and performing the access request if the access request matches the file block authorization information. Effective authorization control may be performed in a cloud storage system.

Abstract: Methods, systems, and devices are described for the prevention of network peripheral takeover activity. Peripheral devices may implement an anti-takeover mechanism limiting the number of available device command classes when certain handshake and verification requirements are not met. Anti-takeover peripheral devices with protection enabled may be relocated within a controller network, or in certain cases, from one controller network to another controller network when certain conditions are met. That same device may be hobbled when removed from a controller network and may remain hobbled when connected to another network that fails to meet certain conditions. Unprotection and unhobbling of a device may occur through an algorithmic mechanism using values stored on the peripheral device and the controller device for one or more of anti-takeover code generation, anti-takeover code comparison, network identification value comparison, and manufacturer identification value comparison.

Abstract: Techniques are described for use in inhibiting attempts to fraudulently obtain access to confidential information about users. In some situations, the techniques involve automatically analyzing at least some requests for information that are received by a Web site or other electronic information service, such as to determine whether they likely reflect fraudulent activities by the request senders or other parties that initiate the requests. For example, if a request is being made to a Web site based on a user's interaction with a third-party information source (e.g., another unaffiliated Web site) that is not authorized to initiate the request, the third-party information source may be a fraudulent phishing site or engaging in other types of fraudulent activity. If fraudulent activity is suspected based on analysis of one or more information requests, one or more actions may be taken to inhibit the fraudulent activity.

Abstract: In some implementations, a computing device may download a campaign from a server. The campaign may include a trigger and one or more actions associated with the trigger. In response to detecting that the trigger occurred, the computing device may perform the one or more actions associated with the trigger. The trigger may comprise an event that occurs at the computing device or a short message service (SMS) message that originates from the server.

Abstract: An information processing system includes a receiving unit and a determining unit. The receiving unit receives an application request to request an application for a service. The application request includes first information identifying a type of the service. When the receiving unit receives the application request, the determining unit determines third information indicating an authority to use the service by combining the first information included in the application request and second information used for identifying a user to whom the service is to be provided.

Abstract: Exemplary systems and methods are directed to decrypting electronic messages in a network. The system includes a processor configured to receive or monitor message sources for encrypted messages, where private keys associated with the encrypted messages are not previously provided to the system. For each message, extract a set of user certificate identifiers and corresponding encrypted session keys, securely communicate with private key provider to decrypt the encrypted session key with an acquired private key, and decrypt the message with the unencrypted session key.