Abstract: Embodiments of the present application disclose a method and system for identifying whether an application is genuine by means of digital watermarks, which can conveniently determine whether an application is genuine.

Abstract: A configuration in which usage control that is substantially similar to content usage control in a copy source medium can be performed in a content copy destination is implemented. A data processing unit that performs a copy process of recording data recorded on a first medium on a second medium records encrypted content in the first medium on the second medium, without decrypting the encrypted content. In addition, the data processing unit converts a CPS unit key file recorded on the first medium to generate a converted CPS unit key file and records the converted CPS unit key file on the second medium. Further, the data processing unit acquires an MKB not requiring KCD, which is capable of directly calculating a media key using only a device key, without using key conversion data (KCD) recorded on the first medium, from a server and records the MKB not requiring KCD on the second medium.

Abstract: Examples relate to identifying algorithmically generated domains. In one example, a computing device may: receive a query domain name; split the query domain name into an ordered plurality of portions of the query domain name, the ordered plurality of portions beginning with a first portion and ending with a last portion, the last portion including a top level domain of the query domain name; provide, in reverse order beginning with the last portion, the portions of the query domain name as input to a predictive model that has been trained to determine whether the query domain name is an algorithmically generated domain name, the determination being based on syntactic features of the query domain name; and receive, as output from the predictive model, data indicating whether the query domain name is algorithmically generated.

Abstract: A computer-implemented method includes receiving download description information for an application from a network using an encrypted communications channel, wherein the download description information includes download address information specifying a network address from which application packages associated with the particular application can be retrieved; and downloading an application package associated with the particular application from the network address specified in the download address information, wherein the application package is downloaded using an unencrypted communications channel.

Abstract: The invention relates to a method for the identification of security processors in a system for delivering protected multimedia content, in which: upon request from an identification device, a network head-end transmits (136) a command to suspend a first identified pre-determined security processor which, in response, switches (136) from an active state to an idle state; the sharing server detects (120) that the first security processor is in the idle state and then transmits (120) access control messages to a second security processor instead of the first security processor; in response to the identification of at least the second security processor, upon request from the identification device, the network head-end transmits (134) a command to re-establish the first security processor, and, subsequently, in response, the first security processor switches (134) from the idle state to the active state.

Abstract: The present disclosure relates to methods and arrangements for protecting the integrity of subscribers to personal area networks. This object is obtained by a method, performed in a service subscribing node of a personal area network, for discovering a service providing node. The method comprises obtaining a service identity resolving key. A discovery signal is received from a service publishing node, and a service identifier of the service providing node is determined from a service identity comprised in the received discovery signal using the service identity resolving key.

Abstract: The embodiments provide for binding files to an external drive, a secured external drive, or portable data locker. The files are bound in order to help restrict or to prevent access and modification by certain computers or users. Computers or users that are authorized or within the authorized domain are permitted full access. The files stored on the external drive may be bound in various ways. The files may be encapsulated in a wrapper that restricts the use and access to these files. The bound files may require execution of a specific application, plug-in, or extension. A computer may thus be required to execute program code that limits the use of the secured files. In one embodiment, the external drive provides the required program code to the computer. In other embodiments, the required program code may be downloaded from a network or provided by an external authority.

Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. If the keys used to encrypt the data have not been exposed during serialization operation, they may be deleted or destroyed enabling the destruction of data encrypted with the keys.

Abstract: A method implemented in a user equipment (UE) includes connecting to a WLAN access point. The method further includes constructing a domain name for a packet system network, the domain name including network partition information for the packet system network. The method further includes transmitting, to a DNS server via the WLAN access point, the constructed domain name. The method further includes receiving, from the server, at least one address corresponding to a network node associated with the network partition information.

Abstract: A root-of-trust of geolocation is provided for an apparatus that includes a trust anchor module with a cryptographic processor and a secure memory. The apparatus further includes a main processor coupled to the trust anchor module and configured to receive a digital geolocation certificate, the geolocation certificate including information identifying the apparatus, information regarding a physical location of the apparatus, information identifying an authorized entity that has verified the physical location of the apparatus, and a digital signature of the authorized entity. The main processor is further configured to cause the trust anchor module to store the digital geolocation certificate in the secure memory such that the digital geolocation certificate is cryptographically bound to the apparatus. The trust anchor module may also include, or otherwise communicate over a secure channel with, a movement sensor associated with the apparatus.

Abstract: A method for authorizing an electronic device to perform an action includes detecting interaction data from an interaction between a hardware sensor and an identity-augmented tangible object; wherein data of the first set of interaction data is intrinsically dependent on physical characteristics of the identity-augmented tangible device; computing parametric descriptors from the interaction data; transmitting the parametric descriptors and supplementary data to a remote database system; generating, on the remote database system, identity data from a comparison of parametric descriptors with a known set of parametric descriptors; and authorizing, in response to both of the identity data and the supplementary data, the electronic device to perform a first action.

Abstract: Provided is an information processing apparatus including: a processing unit configured to selectively perform a process using information acquired from an application. The processing unit generates second key information based on first key information when the first key information is acquired from an application, retains specific information for specifying a target application on which a process is to be performed, when the first key information is acquired, determines whether an accessing application is the target application based on the specific information when being accessed by the application after the specific information is retained, performs a process based on information acquired from the accessing application and the second key information when the application is determined to be the target application, and refrains from performing a process using information acquired from the accessing application when the application is determined not to be the target application.

Abstract: A method performed by a communications system, for authenticating a station, STA, to access a network is provided. The STA is capable of communicating with a light source. The method includes sending, by a management server to a controller of the light source, network access information, sending, by the light source to the STA, the received network access information, which network access information is sent to the STA via a Visual Light Communication (VLC) channel. The VLC channel is emitted from the light source and received by a light detector in the STA. The STA is authenticated to the network by sending the received network access information to an Access Point (AP) operating in the network in which the STA communicates with the AP via a communication channel.

Abstract: A system to control an access right to apparatus log information of a plurality of output apparatuses includes a memory to store group hierarchical information indicating a hierarchical relationship of a plurality of service-use groups including at least a first service-use group where a first service user belongs, and a second service-use group where a second service user belongs, and group relationship information associating the first service-use group with at least one service provider group where one service provider person belongs, and associating the second service-use group with at least another one service provider group where another service provider person belongs, and circuitry to determine the access right to the apparatus log information of any one of the plurality of output apparatuses for the first service user, the second service user, the one service provider person, and the another one service provider group selectively.

Abstract: An electronic device and a method for operating the electronic device are provided. The method includes obtaining first information in a first zone of the electronic device, extracting second information included in the first information in the first zone of the electronic device, and storing the second information in a second zone of the electronic device that has a higher level of security than a level of security of the first zone.

Abstract: There is provided a method for auto-generation of decision rules for attack detection feedback systems. The method is executed on a server. The method comprises: receiving at least one event from an event database, the event database having been generated from data obtained by at least one sensor; analyzing the at least one event to determine whether the at least one event belongs to a class of malware control center interactions; if the at least one event belongs to the class of malware control center interactions, extracting at least one attribute from the at least one event; generating decision rules using the at least one attribute; and saving the decision rules; saving the decision rules, the decision rules being instrumental in updating what type of further data is obtained by the at least one sensor based on the decision rule.

Abstract: A storage device is provided with memory configured to store user authentication data for accessing an operating system executing on a host computer. A processor is provided to receive a command indicating readiness to accept input from the operating system, and to retrieve the user authentication data from the memory in response to the command.

Abstract: An identity confirmation method and a identity confirmation system which do not require users to remember passwords, and automatically update credentials for use in identity confirmation, without need for the manipulation by users. This identity confirmation method and system receives current location information from a mobile communication device of a user to accumulates, as a location information history, the current location information of a user. The identity confirmation system generates a question relating to the location information history. The user returns an answer to the question. The identity confirmation system compares and matches the answer with the location information history and determine the identification of the user if the answer coincides with the location information history.

Abstract: A method of user identity verification by a server, where the server pre-configures, by use of collected user information, verification information corresponding to accounts of users in a user verification information data store, the verification information including a plurality of verification security challenges and a plurality of respective first verification answers. The method includes detecting a condition to whether initiate a user identity verification is satisfied, where an account ID of a user is obtained from the condition. The method also includes inquiring the pre-configured user verification information about verification information matching the account ID and transmitting security challenges of the inquired verification information to the client.

Abstract: A system based on layered, two-tier double cryptographic keys providing a closed cryptosystem within a secured network environment, the system including a digital key management device and a network node. The digital key management device generates a first-tier cryptographic key, a second-tier cryptographic key and makes the first-tier and second-tier cryptographic keys publicly accessible within a first and a second secured walled regions that are accessible to a network node registered to a first authentication database associated with an access server of the system, encrypts a first and second content with the first-tier and second-tier cryptographic keys, and generates encrypted first and second content. The network node requests access to the first secured walled region, accesses the first-tier and the second-tier cryptographic keys, decrypts the first and second content, generates first and second data containers based on the decrypted content, and transfers the data containers to a client device.