Abstract: A digital media content management apparatus and method for securely storing a content file on a computer readable medium and playing the content file from the computer readable medium is disclosed. The content file comprises control information readable by a content player and payload information including content data. The content file is deconstructed into at least one control information portion and at least one payload information portion being undetectable to a content player of a user device. The control information portion and the payload information portion are separately stored, and at least one of the portions is associated with packing data, and the packing data associated with at least one of the portions comprises a reference to the location of the other portion.

Abstract: A malicious website access method and apparatus are provided. The method includes: determining whether a website is a malicious website; and acquiring a non-executable preview interface of a web page of the malicious website for a terminal to display, if the website is a malicious website. A user may view, through a non-executable preview interface, information about a website to be accessed by the user. Moreover, because a terminal does not access a malicious website directly, the terminal is not exposed to malicious websites, thereby enhancing security of the terminal.

Abstract: Embodiments provide methods, devices and computer program arranged to control access to clipboards by applications. In one embodiment a user device comprises: at least one processor; and at least one memory comprising computer program code and an application that has been provisioned by an application provisioning entity, the application having access to a first clipboard of a first type, to which data can be transferred and/or from which data can be retrieved by a further, different, application on the user device, wherein the application is configured with an encryption key for the transfer of data to and/or retrieval of data from a second clipboard of a second, type, clipboard, the encryption key being associated with the application provisioning entity. The user device can control the transfer of data to and/or retrieval of data from the second clipboard by the application via the encryption key.

Abstract: A method for user authentication for accessing protected applications by computing devices includes receiving, by a processor of a mobile computing device, a first authentication token. The method further includes transmitting an authentication request using the first authentication token. The method further includes receiving, in response to the authentication request, a second authentication token. The method further includes transmitting a resource access token request using the second authentication token. The method further includes receiving, in response to the resource access token request, a resource access token. The method further includes transmitting a computing resource access request using the resource access token.

Abstract: Disclosed is a working method for a multi-seed one-time password, which falls within the field of information security. The method comprises: powering and initializing a one-time password, opening a total interrupt, initializing the state of a system, and then entering a sleep mode; when the one-time password detects the interrupt, awakening the one-time password from the sleep mode, and entering an interrupt processing flow; after the interrupt processing flow is ended, checking each awakening flag; and executing a processing flow corresponding to the set awakening flag. According to the present invention, a user can burn seed data into the one-time password by operating the one-time password, and can update the seed data in the one-time password. In addition, according to the present invention, the one-time password is capable of storing and managing a plurality of seeds.

Abstract: Described is a technology by which code, such as an untrusted web application hosted in a browser, provides content through an interface for playback by an application environment, such as an application environment running in a browser plug-in. Content may be in the form of elementary video, audio and/or script streams. The content is in a container that is unpackaged by the application code, whereby the content may be packaged in any format that the application understands, and/or or come from any source from which the application can download the container. An application environment component such as a platform-level media element receives information from an application that informs the application environment that the application is to provide media stream data for playback. The application environment requests media stream data (e.g., samples) from the application, receives them as processed by the application, and provides the requested media stream data for playback.

Abstract: Methods and systems for providing secure computing environments. Features of the present invention use a plurality of integrated security controls to ensure security of a computing environment. More specifically, features of the present invention detect discrepancies between a node's behavior and a defined policy to identify and remedy malicious behavior.

Abstract: A method and an authentication apparatus are provided by the embodiments of the present disclosure. In the embodiments of the present disclosure, data to be processed is obtained, a character sequence is generated based on the data, physiological feature information sequentially inputted by a user is received to obtain a feature information sequence and it is determined whether every piece of physiological feature information in the feature information sequence matches with the corresponding character in the character sequence.

Abstract: Detection of abnormalities in multi-dimensional data is performed by processing the multi-dimensional data to obtain a reduced dimension embedding matrix, using the reduced dimension embedding matrix to form a lower dimension (of at least 2D) embedded space, applying an out-of-sample extension procedure in the embedded space to compute coordinates of a newly arrived data point and using the computed coordinates of the newly arrived data point and Euclidean distances to determine whether the newly arrived data point is normal or abnormal.

Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations.

Abstract: A method includes reading by a computing system a rule file including one or more rules having specified paths to methods, each method corresponding to one of a sink, source, or sanitizer. The method includes matching by the computing system the methods to corresponding ones of sinks, sources, or sanitizers determined through a static analysis of an application. The static analysis determines at least flows from sources of information to sinks that use the information. The method includes performing by the computing system, using the sinks, sources, and sanitizers found by the matching, a taint analysis to determine at least tainted flows from sources to sinks, wherein the tainted flows are flows passing information to sinks without the information being endorsed by a sanitizer. Apparatus and program products are also disclosed.

Abstract: A method, performed by an authentication processor of a first network device, includes receiving a first message through a network interface circuit from a second network device. The first message contains a first data unit to be operated upon by the first network device. A second message is received through the network interface circuit from the second network device. The second message contains a reported authentication token for the second network device and a second data unit to be operated upon by the first network device. The first message is received before receipt of the second message. A check authentication token is generated based on hashing the first data unit. A command that controls operation of the first network device is selectively performed on the second data unit based on whether the check authentication token matches the reported authentication token.

Abstract: The embodiments provide for binding files to an external drive, a secured external drive, or portable data locker. The files are bound in order to help restrict or to prevent access and modification by certain computers or users. Computers or users that are authorized or within the authorized domain are permitted full access. The files stored on the external drive may be bound in various ways. The files may be encapsulated in a wrapper that restricts the use and access to these files. The bound files may require execution of a specific application, plug-in, or extension. A computer may thus be required to execute program code that limits the use of the secured files. In one embodiment, the external drive provides the required program code to the computer. In other embodiments, the required program code may be downloaded from a network or provided by an external authority.

Abstract: Techniques are disclosed for dynamically managing hardening policies in a client computer (e.g., of an enterprise network). A hardening management application monitors activity on the client computer that is associated with a first hardening policy. The monitored activity is evaluated based on one or more metrics. Upon determining that at least one of the metrics is outside of a tolerance specified in the first hardening policy, the client computer is associated with a second hardening policy. The client computer is reconfigured based on the second hardening policy.

Abstract: An interface device includes a communication interface and a secure element. The communication interface receives input data and a selection of one of a plurality of secure modes to secure the input data for transmission to a secure external computing device, such as a banking web server. The secure element secures the input data based on the secure mode that was selected. The secured input data is then transmitted to the secure external computing device.

Abstract: A method and structure for a secure object, as tangibly embodied in a computer-readable storage medium. The secure object includes a cryptographically protected region containing at least one of code and data, an initial integrity tree that protects an integrity of contents of the cryptographically protected region; and an unprotected region that includes a loader, an esm (enter secure mode) instruction, and one or more communication buffers.

Abstract: Disclosed herein are techniques for determining vulnerabilities in applications under testing. It is determined whether a first database instruction of an application enters information into a database and whether a second database instruction thereof obtains said information from the database. If the first database instruction enters the information in the database and the second database instruction obtains the information therefrom, it is determined whether the application is vulnerable to entry of malicious code via the database.

Abstract: An identity of an entity (120) is authenticated at an authentication device (110) using at least one authentication process. The result of the authentication is indicated. The authentication result identifies at least the identity of the entity (120) and the at least one authentication process used to authenticate the identity of the entity (120).

Abstract: In an aspect, a method can include generating a cyclic redundancy check code for a binary data item, using a generator polynomial; and masking, using polynomial addition, the binary data item with a binary mask. The method can also include at least one of: storing, by a microcircuit, the masked binary data item in a memory of an electronic device; or transferring, by the microcircuit, the masked data item to another device. The cyclic redundancy check code for the binary data item can be generated from the masked binary data item to prevent discovery of the binary data item by a side-channel attack during the generating the cyclic redundancy check. The binary mask can be a multiple of a random number and the generator polynomial, such that respective cyclic redundancy check code of the masked data item and the binary data item have a same result.

Abstract: A system for identity based ticketing is provided, wherein a user device sends a challenge to a terminal; the terminal updates a filter based on the challenge and sends the contents of the filter to the user device. The user device sends the contents of the filter, relating to the user device and the terminal, to a backend server; and the backend server derives from the contents of the filter information concerning user behavior.