Abstract: A method for executing a safety-critical function of a computing unit in a cyber-physical system, a request being received for the execution of the safety-critical function, an environment-specific and/or user-specific measurement value being acquired by at least one sensor of the computing unit, the environment-specific measurement value describing an environment of the computing unit, the user-specific measurement value describing an interaction of a user with the computing unit, the safety-critical function being executed if the environment-specific and/or the user-specific measurement value fulfills a specified criterion.

Abstract: Embodiments of the present invention disclose a method, computer program product, and device for accessing encrypted data. A communication link may be established between an authorization dongle and a secure device having encrypted data stored thereon. A communication link may also be established between the authorization dongle and a secure server. An encryption key associated with the encrypted data may be received from the secure server. The encryption key may be stored in volatile memory on the authorization dongle. An indication that a user is attempting to access the encrypted data may be received. The encryption key may be transmitted from the authorization dongle to the secure device in response to the user attempting to access the encrypted data.

Abstract: A method of checking the authenticity of the content of a non-volatile memory of an electronic device including a microcontroller and an embedded secure element includes starting the microcontroller with instructions stored in a first non-reprogrammable memory area associated with the microcontroller, starting the secure element, executing, with the secure element, a signature verification on the content of a second reprogrammable non-volatile memory area associated with the microcontroller, and interrupting the microcontroller power supply if the signature is not verified.

Abstract: Systems and methods for online access credential transition are described, including receiving a first string of elements associated with a subsequent online access credential, during a credential transition period, receiving a second string of elements associated with an attempted subsequent online access credential, performing a matching operation to determine a degree of matching between the first string of elements and the second string of elements, and based on the degree of matching between the first string of elements and the second string of elements, providing online feedback, and prompting another attempted subsequent online access credential.

Abstract: A method of checking the authenticity of the content of a non-volatile memory of an electronic device including a microcontroller and an embedded secure element includes starting the microcontroller with instructions stored in a first non-reprogrammable memory area associated with the microcontroller, starting the secure element, executing, with the secure element, a signature verification on the content of a second reprogrammable non-volatile memory area associated with the microcontroller, and if the signature is verified, using the secure element to send the first key to the microcontroller.

Abstract: A method for processing information from a variety of submitters, e.g., forensic sources. The method includes receiving information about one or more nodes from a submitter from a plurality of submitters numbered from 1 through N. In a specific embodiment, the one or more nodes are associated respectively with one or more IP addresses on a world-wide network of computers. The method includes identifying a submitter reputation of the submitter from a knowledge base and associating a node reputation of the node based upon at least the reputation of the submitter and submitted information from the submitter. The method also transfers the node reputation.

Abstract: A method and apparatus for protecting a network communication security. In one embodiment, there is provided a method for protecting network communication security at a server. The method comprises: in response to a request from a client, determining whether a token from the client is included in a valid token queue, the valid token queue being a First-In-First-Out queue; in response to the token being included in the valid token queue, managing the valid token queue based on a position of the token in the valid token queue; and sending a response to the client based on the managing of the valid token queue. There is further disclosed a corresponding method and apparatuses at client side.

Abstract: A device receives a password from a user, obtains a public key for a cryptographic algorithm for the device, obtains a password verifier by applying a one-way function to a combination of a unique identifier, the password and the public key, generates the certificate comprising the unique identifier, the public key and the password verifier, signs the certificate using a private key corresponding to the public key thereby obtaining a self-signed certificate, and outputs the self-signed certificate. Also provided is the device.

Abstract: A method including transmitting, by a mobile device, a first encrypted gadget token over a wireless link to an Information Handling System (IHS). The method further including transmitting, by the IHS, an encrypted system token based on the first decrypted gadget token over the wireless link to the mobile device, transmitting, by the mobile device, a second encrypted gadget token based on the decrypted system token over the wireless link to the IHS, authenticating, by the IHS, the second decrypted gadget token, and unlocking the IHS based on the second authenticated gadget token.

Abstract: An electronic device includes a fingerprint detector sensor, a processor, and a memory coupled to the processor. The memory stores computer readable program code that when executed by the processor causes the processor to perform operations. The operations include receiving a sequence of digital fingerprint scans from the fingerprint detector sensor. The operations further include selectively allowing electronic access by a user to an application processed by the processor based on determining a combination of whether the digital fingerprint scans match a defined number of digital fingerprints stored in a data structure residing in the memory and whether an order of the digital fingerprint scans in the sequence matches a registered order of the defined number of digital fingerprints.

Abstract: An approach is described for authenticating a user. An associated method includes displaying a dynamic image on a display screen, detecting a user interaction with the displayed image, and detecting a duration of the detected user interaction. The method further includes comparing the detected user interaction and the detected duration with a stored user interaction and a stored duration. The method further includes authenticating the user upon determining that the detected user interaction matches the stored user interaction and the detected duration matches the stored duration. In an embodiment, the method further includes transmitting the detected user interaction and the detected duration to a remote device. In such embodiment, the method step of comparing the detected user interaction and the detected duration with the stored user interaction and the stored duration is performed by the remote device.

Abstract: Embodiments are directed towards establishing a network between mobile devices, an automobile head unit, and a plurality of automobile accessories. A user utilizes a user interface on a mobile device to send an accessory access request to the head unit. The head unit receives the request and determines if the mobile device is authentic. If authentic, the head unit determines if the mobile device has the proper permissions to perform the requested access of the accessory. If permitted, the head unit generates and sends control commands to the accessory or obtains the requested accessory data and provides it to the mobile device.

Abstract: In an example embodiment described herein, keyboard monitoring logic is operable to obtain data typed into a keyboard. The data typed into the keyboard is compared with predefined protected data stored in a local credential file. If data typed into the keyboard matches predefined protected data stored in the credential file, the keyboard monitoring logic determines whether the destination of the typed data (e.g., the application, website, or both the application and website are stored in a whitelist. If the destination is not stored in the whitelist, the keyboard monitoring logic determines that an attempt of unauthorized access to protected data is occurring.

Abstract: A method of processing broadcast data in a broadcast transmitting system, the method includes randomizing, by a hardware processor, the broadcast data; first encoding, by the hardware processor, the randomized broadcast data to add first parity data for first forward error correction; second encoding, by the hardware processor, the first-encoded broadcast data to add second parity data for second forward error correction; permuting the second-encoded broadcast data; block interleaving, by the hardware processor, the permuted broadcast data; third encoding signaling information for signaling the broadcast data to add parity data; fourth encoding the third-encoded signaling information at a code rate; block interleaving the fourth-encoded signaling information; modulating the block-interleaved broadcast data and the block-interleaved signaling information; and transmitting a broadcast signal including the modulated broadcast data and the modulated signaling information.

Abstract: Embodiments of the present invention disclose a method, computer program product, and device for accessing encrypted data. A communication link may be established between an authorization dongle and a secure device having encrypted data stored thereon. A communication link may also be established between the authorization dongle and a secure server. An encryption key associated with the encrypted data may be received from the secure server. The encryption key may be stored in volatile memory on the authorization dongle. An indication that a user is attempting to access the encrypted data may be received. The encryption key may be transmitted from the authorization dongle to the secure device in response to the user attempting to access the encrypted data.

Abstract: Provided are a mobile terminal for providing a one-time password (OTP) and an operation method thereof. The mobile terminal includes a first one-time password (OTP) generating module configured to provide identification information regarding each of a plurality of pieces of OTP data to a user, and output an OTP provided according to any one identification information selected by the user, and a second OTP generating module based on mobile trusted module (MTM) configured to transfer the identification information regarding each of the plurality of pieces of OTP data to the first OTP generating module according to a corresponding request from the first OTP generating module, generate an OTP by using OTP data corresponding to the selected identification information, and transfer the generated OTP to the first OTP generating module.

Abstract: A system for protecting computers against remote malware downloads includes a malware download detection system and participating client computers that provide download event information to the malware download detection system. A download event information identifies a file, a network address (e.g., uniform resource locator) from which the file was downloaded, and an identifier of the client computer that downloaded the file. The malware download detection system uses the download event information to build and update a tripartite download graph, and uses the download graph to train one or more classifiers. The malware download detection system consults the one or more classifiers to classify a download event. The download event is classified as malicious if either the file or the network address is classified as malicious.

Abstract: Systems and methods of verifying a user are provided. In particular, a request to engage in a verification process to gain access to an online resource can be received. The request can be provided by a first user device associated with a user. A validation request associated with a second user device associated with the user can be received. The validation request can include a device profile associated with the second user device. It can then be determined whether to validate the second user device based at least in part on the device profile. When it is determined to validate the second user device, the first user device can be granted access to the online resource.

Abstract: In an approach to masking data in a software application associated with a mobile computing device, one or more computer processors receive a request to display data in a software application on a mobile computing device. The one or more computer processors determine whether one or more masking rules apply to the data, where determining whether one or more masking rules apply to the data is performed by an instrumentation of application binary of the software application. In response to determining that one or more masking rules apply to the data, the one or more computer processors mask, based on the one or more masking rules, the data, where masking is performed by the instrumentation of application binary of the software application.

Abstract: A method, by an authentication unit of a wireless access network, allows anchoring of a data packet session of a user entity connected to the wireless access network to a packet core network of a mobile communications network. The user entity uses an access identifier for its identification in the wireless access network. The access identifier is not used in the mobile communications network to identify a subscriber. A request message is received in which access to the wireless access network is requested. The request message contains an MAC address of the requesting user entity. The MAC address is converted into a sequence of digits used as a mobile subscriber identifier with which the user entity is identified in the mobile communications network and a response message is transmitted accepting the access to the packet core network. The response message includes the sequence of digits used as mobile subscriber identifier.