Abstract: An improved system and method are disclosed for peer-to-peer communications. In one example, the method enables endpoints to securely send and receive messages to one another within a hybrid peer-to-peer environment.

Abstract: Embodiments of a method are provided for personalizing a memory card. The method comprises receiving one or more credentials. The method further comprises authenticating the one or more credentials. The method further comprises reserving a memory segment in the memory card based on the authentication, wherein one or more memory segments in the memory card are vacant. The method furthermore comprises writing the one or more credentials on to the memory segment.

Abstract: Various features and processes related to document collaboration are disclosed. In some implementations, animations are presented when updating a local document display to reflect changes made to the document at a remote device. In some implementations, a user can selectively highlight changes made by collaborators in a document. In some implementations, a user can select an identifier associated with another user to display a portion of a document that includes the other user's cursor location. In some implementations, text in document chat sessions can be automatically converted into hyperlinks which, when selected, cause a document editor to perform an operation.

Abstract: In an embodiment, an administrative computer system receives user login credentials from a user and makes at least one of the following determinations: that the user identifier does not match any existing user account, that the user identifier matches at least one existing user account, but that the user's account is in a locked state, or that the user identifier matches at least one existing user account, but the user's password does not match the user identifier. The administrative computer system then returns to the user the same response message regardless of which determination is made. The response indicates that the user's login credentials are invalid. The response also prevents the user from determining which of the credentials was invalid, as the response message is the same for each determination and is sent to the user after a measured response time that is the same for each determination.

Abstract: A method transmits data between network nodes of a network in a cryptographically protected manner. The network nodes are, for example, sensor nodes of a wireless sensor network. In the method, in order to transmit the data in a message, a NONCE value is created from a count value which is updated in the transmission of the message and from a constant value which is provided in a shared manner to the network nodes of the network. The data transmitted in the message is then encrypted and decrypted within the network nodes by a cryptographic key and the created NONCE value. The method offers in particular protection against replay attacks while at the same time minimizing the use of resources of the network nodes.

Abstract: A method includes storing a credential object for a user to an encrypted silo on an information handling system. The credential object operates to authenticate the user to use an application. The method also includes copying the encrypted silo from the information handling system to a second information handling system, retrieving at the second information handling system the credential object from the copy of the encrypted silo, and authenticating the user to use the application on the second information handling system using the credential object.

Abstract: Methods, systems, and computer programs for performing key agreement operations in a communication system are described. In some aspects, a wireless network operator accesses a secret key associated with a mobile device. A key derivation function (KDF) is evaluated based on the secret key to produce a key derivation key, and the KDF is evaluated based on the key derivation key to produce an output value. A session key and a challenge value are obtained based on the output value. In some aspects, the mobile device receives the challenge value and accesses a secret key. A KDF is evaluated based on the secret key to produce a key derivation key, and the KDF is evaluated based on the key derivation key to produce an output value. A response value and a session key are obtained based on the output value. The response value is transmitted to the wireless network operator.

Abstract: Embodiments of the present invention provide a method and an apparatus for inputting data. The present invention relates to the communications field and aims to improve security of input information. The method includes: acquiring, by a virtual machine manager, input data; performing, by the virtual machine manager, encryption processing on the input data according to an encryption rule of a security connection to obtain encrypted data, where the security connection refers to a connection that is established between an application interface and a server and used for data transmission; and sending, by the virtual machine manager, the encrypted data to the server. The present invention is applicable to a data input scenario.

Abstract: Methods and computer program products for analyzing privilege usage are disclosed. Event information is identified for each user, including a list of events and a count of each listed event. Privilege information of each user is identified, including a list of privileges of the user. The event information and privilege information of users with similar events are compared. Events are mapped to privileges based on the comparison to generate an event-privilege mapping. Users with similar counts for similar events may be used for comparison. A computer system is disclosed that includes an event identifier, a privilege identifier and an event-privilege mapper.

Abstract: Cross-site scripting vulnerabilities in a Web browser that may lead to malware execution on a computing device are reduced. The specific vulnerabilities arise from HTML-based e-mails using e-mail service providers (e.g., Hotmail, Gmail, Yahoo) that have unknown or malformed HTML elements and Javascripts. These unknown elements may execute in a browser and cause harm to the computing device. To prevent this, the e-mail is parsed to create a DOM tree. The DOM tree is filtered using a normal element filter. The modified DOM tree is filtered a second time using a script analyzer filter to isolate potentially harmful HTML and Javascript elements. These elements are then emulated to determine which of them are in fact malicious. These malicious elements are then prevented from executing, for example, by preventing the e-mail recipient from opening the e-mail in the browser.

Abstract: A biometric authentication device includes a processor to execute an operation including: obtaining biometric information from a user; creating verification characteristic data from the biometric information; verifying registered characteristic data registered in a storage device with the verification characteristic data and determining whether the user is a true user; permitting execution of re-authentications up to a predetermined number of times when the user is determined to not be the true user; managing the verification characteristic data by storing the verification characteristic data in an existing group or by creating a new group and storing the verification characteristic data therein, when the user is determined to not be the true user; determining whether the user is a false user based on the number of groups; and limiting the execution of re-authentications by the user when the user is determined to be the false user.

Abstract: A method of transmitting data over a network, from a sending application to a receiving application, including: coding the data, by the sending application, by implementing a predefined rule; detecting alteration of at least one item of data transmitted, by the receiving application, by implementing the predefined rule; and in case an alteration of a data item is detected, restoring the altered data item. In the course of the coding, in the course of the alteration detection, and in the course of the restoration, a cyclic redundancy check or an encryption can be implemented.

Abstract: Automatic authorization of users and configuration of a software development environment can include selecting a task defined within a project plan of a software system under development, wherein the task specifies a development tool and a user, and automatically authorizing, using a centralized data processing system, the user to access the development tool.

Abstract: An apparatus for identifying related code variants may include processing circuitry configured to execute instructions for receiving query binary code, processing the query binary code to generate one or more query code fingerprints comprising compressed representations of respective functional components of the query binary code, comparing the one or more query code fingerprints to at least some reference code fingerprints stored in a database to determine a similarity measure between the one or more query code fingerprints and at least some of the reference code fingerprints, and preparing at least one report based on the similarity measure.

Abstract: Automatic authorization of users and configuration of a software development environment can include selecting a task defined within a project plan of a software system under development, wherein the task specifies a development tool and a user, and automatically authorizing, using a centralized data processing system, the user to access the development tool.

Abstract: A wireless personal area network access method based on the primitive, includes: a coordinator broadcasts a beacon frame to the device which requests connecting to the wireless personal area network (WPAN), the beacon frame includes the authentication request information for the device and the authentication and a key management tool supported by the coordinator; the device authenticates the authentication request information, when the coordinator has an authentication request to the device, the coordinator and the device execute the authentication based on the primitive and obtains the conversation key.

Abstract: A method of tamper attempt reporting includes receiving a write attempt to configuration data stored within a field device in an industrial plant configured to run a process involving a plurality of physical process parameters including a network server, a plurality of processing units, and a plurality of field devices. The plurality of field devices include (i) a sensor for measuring at least one of the plurality of physical process parameters or (ii) an instrument for performing control output actions for at least one of the plurality of processing units. The plurality of field devices are in communication with at least one remote host system or device. The write attempt is automatically detected. An alert of the write attempt is automatically sent to at least the remote host system or device.

Abstract: A data recovery service protects against unauthorized use of a computer system. The service includes a data feed that contains data recovered from online repositories known to be used by malicious software or individuals, the recovered data identifying a compromised credential of an authorized user of the computer system. Based on this data, a protective action is automatically performed to limit or prevent use of the credential of the authorized user to access the computer system. Protective action may include disabling user account access privileges, etc.

Abstract: An OT or Oblivious Transfer protocol is used to output pseudonym tokens from a list of pseudonym tokens to user entities such that it is possible to obtain pseudonymized authentication by a preceding verification of proof of identity of the respective user entities and marking pseudonym tokens as used as soon as the same are used for authentication by means of the OT protocol after the output.

Abstract: This invention provides improved security of the McEliece Public Key encryption system adding features which make full use of random number generation for given message and cryptogram parameters, using this invention the encrypted message (i.e. the cryptogram) is a truly random function, not a pseudo random function of the message so that even with the same message and the same public key, a different, unpredictable cryptogram is produced each time. With the knowledge of the private key, the random function may be determined from the cryptogram and the message decrypted. Different embodiments of the invention are described which enable the level of security to be traded-off against cryptogram size and complexity. A number of different applications are given.