Abstract: A malicious URL candidate extraction device extracts, from an access log including URLs accessed from a managed network, a known malicious URL excluded access log obtained by excluding an access log to known malicious URLs. The malicious URL candidate extraction device creates a minor URL list obtained by preferentially extracting, from URLs indicated in the known malicious URL excluded access log, URLs having a small number of times of access from the managed network. The malicious URL candidate extraction device also creates a popular URL excluded list obtained by preferentially excluding URLs having a large number of times of access from the managed network during a predetermined period of time. The malicious URL candidate extraction device outputs these lists as a malicious URL candidate list.

Abstract: The method comprises the following steps: presentation of a mobile terminal to an access control point, capture of an image carried by the access control point, and representative of an encoded item of computer data, by a camera of the terminal, and decryption, by the terminal of the of the image captured by the camera, so as to deduce therefrom the encoded item of computer data, which is a unique identifier of the access control point, by the mobile terminal, by the unique identifier of the access control point decrypted, transmission to the access control point broadcast, by the mobile terminal, of an entitlement for access to the reserve zone, which entitlement is stored in its memory, via the wireless connection, and control of the validity of the data of the access entitlement by the access control point.

Abstract: A terminal device includes: a condition checking unit to monitor an operation state of the terminal device by executing a terminal managing program, and determine whether the terminal device is in a state of a preset condition for terminal protection; a communication control unit to control the communication unit to be connected to the terminal management server using the location information when the condition checking unit determines that the terminal device is in a state of the condition for terminal protection, and control the communication unit to send the identification information to the terminal management server; and a lock control unit configured to lock the terminal device by executing the terminal managing program when a lock command is issued by, and received from, the terminal management server.

Abstract: User events of a platform are processed to extract aggregate information about users of the platform at an event processing system. A query relating to the user events is received at the system and at least one query parameter is determined from the query. Various privacy controls are disclosed for ensuring that any information released in response to the query cannot be used to identify users individually or to infer information about individual users.

Abstract: A system and method for policy-based active Data Loss Prevention (DLP) using a two-step process to first determine if an attempt to access a data object is governed by DLP policy, and if so, then applying the DLP policy to either allow or deny access. Attempts by an agent to access, create, modify, or distribute a data object are trapped by a policy execution point. A first query determines if DLP policies govern that access request. If they do, then the metadata is decrypted to form a second query to a policy decision point to adjudicate the access request. If the access request is allowed, then a second key is provided to decrypt the data object for further processing. The system further provides for the encryption of unencrypted data objects to protect them for all future access queries.

Abstract: An instant access device may receive a request from a user device to access secure content corresponding to a particular web service. The instant access device may create a hash code based on a telephone number of the user device and a hash code, and may communicate the hash code to an authentication system. The authentication system may authenticate the user device by comparing the hash code to a hash table that includes a list of hash codes associated with user devices that are authorized to access the secure content. Based on whether the user device is authenticated by the authentication system, the instant access device may cause the user device to access the secure content, whether by accessing the secure content directly (when the user device authentication is successful) or by creating a new user account (when the user device authentication is unsuccessful).

Abstract: The invention relates to a computer guard system for controlling delivery of encrypted media assets in a service which governs the delivery of a set of media assets to a group of authorized users comprising: an administrator interface configured to receive configuration data from an administrator to define at least one environment defining how media assets in that service are to be delivered to authorized users, wherein the configuration data defines, for each environment, (a) multiple DRM technologies for decrypting the same asset at multiple end user platforms, each DRM technology being associated with its own set of default license properties; (b) at least one software plug-in to be instantiated to perform a verification method to verify if an end user request for delivery of an asset is valid; a store for holding defined environments with respective environment identifiers; a key server module having an interface connectable to an encryption module and configured to: exchange (i) an asset identifier, whic

Abstract: In a fraud-detection method for use in an in-vehicle network system including a plurality of electronic control units (ECUs) that exchange messages on a plurality of buses, a plurality of fraud-detection ECUs each connected to a different one of the buses, and a gateway device, a fraud-detection ECU determines whether a message transmitted on a bus connected to the fraud-detection ECU is malicious by using rule information stored in a memory. The fraud-detection ECU transmits an error message including a message identifier of a message determined to be malicious. The gateway device receives updated rule information transmitted to a first bus among the buses, selects a second bus different from the first bus, and transfers the updated rule information only to the second bus. A fraud-detection ECU connected to the second bus acquires the updated rule information and updates the rule information stored therein by using the updated rule information.

Abstract: A local gateway device receives email across the internet from a sender of the email and forwards it across the internet to an email filtering system. The email filtering system analyzes the email to determine whether it is spam, phishing or contains a virus and sends it back to the local gateway device along with the filtered determination. The local gateway device forwards the received email and the filtered determination to a local junk store which handles the email appropriately. For example, if the email has been determined to be spam, phishing or containing a virus, the junk store can quarantine the email and if the email has been determined to be non-spun and/or not phishing and/or not containing a virus, the junk store can forward the email to a local mail server for delivery.

Abstract: A work process management system includes at least one work device and an individual controller that is directly or indirectly attached to a work object to control the work device. Each of the work device includes a work-device-side storage, a work-device-side communicator, a work part, and a work-device-side control part. The individual controller includes an individual-controller-side storage in which a work content of a work process performed with the work device and associated setting information are stored, an individual-controller-side communicator, and an individual-controller-side calculation controller that transmits the work content of the work process performed with the work device and the associated setting information in which a performance result is reflected to the work-device-side communicator, and additionally store the received performance result in the individual-controller-side storage.

Abstract: Methods for managing a communication session in a communication network are disclosed. For example, a method includes detecting, by a first endpoint comprising at least one processor, an error condition associated with the communication session, sending, by the first endpoint, a notification of the error condition to a second endpoint that is using a transport layer session and receiving, by the first endpoint, a communication from the second endpoint, proposing a response to the error condition. Another method includes receiving, by a first endpoint comprising at least one processor, a notification of an error condition associated with the communication session, selecting, by the first endpoint, a response to the error condition, and sending, by the first endpoint, a communication to a second endpoint that is using a transport layer session, proposing a response to the error condition.

Abstract: A method for allocating an addressing identifier includes: notifying, by an access point, at least two stations of an encrypted new MAC address that corresponds to each station, and indicating a predetermined update condition, so that the at least two stations update respective MAC addresses to the respective new MAC addresses when the predetermined update condition is met; and when the predetermined update condition is met, updating, by the access point, the MAC addresses of the at least two stations to the new MAC addresses that correspond to the stations, so that when a message is subsequently received from the stations or sent to the stations, the new MAC addresses are used as the MAC addresses of the stations. In the foregoing manner, the present invention can prevent an eavesdropper from tracing, by using a MAC address, a terminal to acquire user privacy, ensuring security of the user privacy.

Abstract: An apparatus includes a processor and a memory operatively coupled to the processor and associated with an instance of a distributed database at a first compute device. The processor is configured to select an anonymous communication path. Each blinded public key from a sequence of blinded public keys associated with the anonymous communication path is associated with a pseudonym of a compute device from a set of compute devices that implement the anonymous communication path. The processor is configured to generate an encrypted message encrypted with a first blinded public key. The processor is configured to generate an encrypted data packet including the encrypted message and a compute device identifier associated with a second compute device. The encrypted data packet is encrypted with a second blinded public key. The processor is configured to send the encrypted data packet to a third compute device.

Abstract: Systems, devices, and methods are provided for the control of interfacing between applications that facilitate the monitoring of diabetes running on a mobile device, including the authentication of a third party user interface application by a sensor interface application. Control of the display of current analyte levels and critical events is also provided.

Abstract: Detection of abnormalities in multi-dimensional data is performed by processing the multi-dimensional data to obtain a reduced dimension embedding matrix, using the reduced dimension embedding matrix to form a lower dimension (of at least 2D) embedded space, applying an out-of-sample extension procedure in the embedded space to compute coordinates of a newly arrived data point and using the computed coordinates of the newly arrived data point and Euclidean distances to determine whether the newly arrived data point is normal or abnormal.

Abstract: A device may receive a request for an authorization code, associated with providing content to a second device, from the second device. The device may provide the authorization code to the second device. The device may receive, from a third device, a request for a unique device identifier corresponding to the authorization code. The request for the unique device identifier may include the authorization code. The unique identifier may be associated with a subscriber of a network. The subscriber may be associated with the second device. The device may provide the unique device identifier to the third device. The third device may be associated with providing the content to the second device. The content may be targeted to the subscriber based on the unique device identifier.

Abstract: According to one embodiment, an electronic apparatus includes a memory and a hardware processor. The hardware processor is configured to store a log of a received packet in the memory, set a transmission delay time for the log stored in the memory, and transmit the log in accordance with the transmission delay time of the log.

Abstract: An access control device for controlling an access by a communication terminal to an application includes an authentication method management means configured to manage each of the application in association with authentication information, which indicates an effective authentication method effective for authenticating an access request source of an access request to access the application, an authenticating means configured to authenticate the access request source using a usable authentication method, which can be used in the communication terminal, based on the access request, an access request receiving means configured to receive the access request to access an intended application from the communication terminal, and an access control means configured to control the communication terminal so that the communication terminal does not access the intended application in a case where the authentication method management means does not manage the authentication information, which indicates the authentication

Abstract: The invention relates to a method for securing an electronic device (SC) against attacks via covert channels when the electronic device (SC) implements a Montgomery ladder for calculating the element A?A?. . . ?A where A appears k times. A designates an element of an Abelian group with a law ?, and k is a natural number. The method comprises a modified implementation of the Montgomery ladder. The invention also relates to a device (SC), a computer program and a storage medium arranged so as to implement such a method.

Abstract: A resource authorization system includes an authorization routing service that is executed on a computing device to authenticate a client to form a client login session, and to receive, from the client, a request to establish a connection to one or more of the resources of a distributed computing system. The authorization routing service then obtains a list of the resources associated with the client login session in which the list of resources includes those that the client is authorized to communicate with. When the requested resource is included in the list of resources, the authorization routing service authenticates the requested resources to form a resource login session, and establish the connection by communicatively coupling the client login session and the resource login session. The resource login session is established independently of the client login session.