Abstract: The invention is a method for loading data into a portable secure token comprising a plurality of security domains. A first security domain comprises a first administration agent and a second security domain comprises a second administration agent. A remote application server comprises a first data to be provided to the second administration agent. A syndication server, which is distinct from the remote application server, contains a list which comprises a reference to the first data. The list is sent in response to a polling request that is sent by the first administration agent. This list is comprised in a polling response which is sent by the syndication server.

Abstract: An image processing device includes: a reading unit to read information stored in a detachable storage medium; a transmission unit to transmit image data outwardly; a determination unit to determine, in a case where the transmission unit transmits the image data, whether or not the information stored in the detachable storage medium is necessary; and a control unit to execute, in a case where the determination unit determines that the information stored in the detachable storage medium is necessary, control to maintain a state capable of reading the information stored in the detachable storage medium until the reading unit reads from the detachable storage medium the information necessary to transmit the image data.

Abstract: A system and method for classifying a webpage may include generating, by an analysis server, a first representation of a webpage. A system and method may include generating, by a unit installed in a user web browser, a second representation of the webpage and the method may comprise producing a classification of the webpage by relating the first representation to the second representation.

Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for mapping data to an authorized data source. The system is configured to receive data from one or more systems of record, wherein the data comprises one or more fields; determine one or more domains associated with the data, wherein the one or more domains comprise at least a transaction domain, a reference and master data domain, a derived domain, and a discovery domain; determine one or more data types associated with each of the one or more domains; categorize the data into at least one of the one or more domains and the one or more data types, wherein categorizing the data further comprises reconciling the data and removing data redundancies; and store the categorized data as an authorized data source capable of being accessed by one or more target systems.

Abstract: Methods, systems, and computer programs for trusted communication among mobile devices are described. In some aspects, an authentication value is generated at a first mobile device based on a message and a shared secret value stored on the first mobile device. In response to detecting proximity of a second mobile device, the message and the authentication value are wirelessly transmitted from the first mobile device to the second mobile device. In some implementations, the message and the authentication value can be wirelessly transmitted by a proximity-activated wireless interface, such as, for example, a Near Field Communication (NFC) interface.

Abstract: A client includes a security agent configured to create a client certificate that corresponds to one or more client identifiers. A server includes a server certificate and is in communication with the security agent. The server is configured to facilitate establishing an initial mutually authenticated transport layer security (TLS) session with the client based on the client certificate and the server certificate. The server is also configured to extract the client certificate from the security agent once the TLS session is established. The server is configured to store the certificate as being associated with only the corresponding client identifier(s) and to categorize the association between the client certificate and the corresponding client identifier(s) as being secure but not trusted for the client until the identity of the client has been verified. Moreover, the server is configured to receive an indication that the identity of the client has been verified.

Abstract: Aspects of the present disclosure involve systems, methods, computer program products, and the like, for collaboration conferencing with multiple participants over a communications network, and more specifically for a conferencing controller in the network configured to control certain aspects of establishing a collaboration conference. In one particular embodiment, the user of the network may access the control system application to provide one or more conferencing parameters or settings the user wishes to be present during a collaboration conference session. The parameters may then be established by the control system and associated with the conferencing session involving the user. In one embodiment, such information may be associated with the identification token. In yet a further embodiment, a user to the collaboration control system may subscribe to receive a notification when another user of the system accesses a portion of a collaboration of the system.

Abstract: The present disclosure involves a method of communicating with an implantable medical device. An authentication process is performed to verify an identity of a user of a mobile computing device. A request is received from the user to access an implantable medical device via the mobile computing device. Based on the identity of the user, a first user interface suitable for the user is selected from a plurality of user interfaces that are each configured to control an implantable medical device. The plurality of user interfaces have different visual characteristics and different levels of access to the implantable medical device. The first user interface is displayed on the mobile computing device.

Abstract: Embodiments of the present invention disclose a method, system, and computer program product for bluesalt security. A computer receives a confidential data configuration wherein specific sensor are assigned to specific confidential information. The assigned sensors are measured for values as a system administrator enters a password corresponding to the confidential information. The measured values are converted into a salt and concatenated with the password to generate a primary key. The primary key is used to encrypt the confidential information, then the primary key is encrypted using a secondary key comprised of a second password with a second set of sensor information as the salt. The encrypted key is saved securely while the secondary key is destroyed. In order to decrypt the confidential information, a user must replicate the password and sensor values to generate the primary or secondary key.

Abstract: Network switches and methods are disclosed. A network switch may include multiple input ports and multiple output ports, a switch fabric, and switch controller. The controller may receive and store data identifying a plurality of users and data defining which input ports and which output ports each user has authority over. The controller may receive, from a requesting user from the plurality of users, a request to make a connection between a selected input port and a selected output port. The controller may determine, based on the stored data, if the requesting user has authority over both the selected input port and the selected output port. The controller may refuse to make the requested connection if the requesting user does not have authority over both the selected input port and the selected output port.

Abstract: Authentication to a remote-server from a computing device having stored credentials for the remote server is described. In one example, a method of authenticating a user to a remote server through a client application executing on a computing device includes: receiving, by the client application, a request to authenticate the user to the remote server using credentials stored on the computing device; prompting, by the client application, the user for gesture-based password; authenticating, by the client application, the gesture-based password; and sending, by the client application, the stored credentials to the remote server for authentication in response to successful authentication of the gesture-based password.

Abstract: An image processing apparatus transmits, after reception of a login notification of an authenticated user, the login notification to an identified application, and then changes displaying of a screen of a display unit to displaying of an initial screen corresponding to the identified application. After the displaying of the display unit has been changed to the displaying of the initial screen, the image processing apparatus transmits the login notification to, among applications belonging to a first group, an application to which the login notification has not been transmitted, and applications belonging to a second group.

Abstract: The invention relates to a method for remotely performing operations determined by a service provider on a secure element connected to a communication device having a user application capable of IP based communication, characterized by providing a non service provider specific Internet terminal client module for the user application for establishing connection with the secure element; obtaining context parameters for connection to an Internet terminal provider module hosted on a remote server via the user application, launching the Internet terminal client module by the user application, using the context parameters to establish remote connection between the Internet terminal provider module and the Internet terminal client module, detecting the secure element connected to the communication device via the Internet terminal client module, opening a virtual communication channel between the Internet terminal provider module and the secure element over the connection between the Internet terminal client module a

Abstract: A system and method for distributing a quantum key from a first party to a second party. A first node is connected to a public channel, wherein the first node includes a pulse position modulation encoder connected to a quantum channel. A second node is connected to the public channel, wherein the second node includes a pulse position modulation decoder connected to the quantum channel. The pulse position modulation encoder encodes quantum states |0> and |1>, and transmits the encoded quantum states from the first node to the second node via the quantum channel. Quantum state |1> is encoded as |1>?(|t1>+|t2>)/?{square root over (2)}.

Abstract: In one embodiment, a method for reducing information leakage in order to counter side channel attacks against a secure execution environment is described, the method including receiving at the secure execution environment a first input comprising a key comprising a sequence of k input elements in a commutative ring, CR, receiving at the secure execution environment a second input comprising a text comprising a sequence of p input elements in the commutative ring, CR, defining an input INP comprising a sequence of j input elements, wherein INP comprises either one or both of the first input or the second input, performing one of a matrix randomization operation or a polynomial randomization operation on the inputs, and producing a randomized output.

Abstract: A method performed by a network device may include obtaining an Internet Protocol address and a user device identifier associated with a user device, determining that the obtained user device identifier does not match a previous user device identifier associated with the obtained Internet Protocol address, and monitoring packets destined for the obtained Internet Protocol address to determine whether the packets are associated with a streaming application, based on determining that the obtained user device identifier does not match the previous user device identifier. The method may further include detecting a packet destined for the obtained Internet Protocol address, where the packet is associated with a streaming application and where the packet is received from a particular network device and signaling the particular network device to stop sending packets associated with the streaming application and destined for the obtained Internet Protocol address.

Abstract: To provide for a physical security mechanism that forms a complete envelope of protection around the cryptographic module to detect and respond to an unauthorized attempt at physical access, a tamper sensing encapsulant generally encapsulates the cryptographic module. The tamper sensing encapsulant includes a first shape actuation layer associated with an electrically conductive first trace element and a second shape actuation layer associated with an electrically conductive second trace element. The first shape actuation layer is positioned against the second shape actuation layer such that the first trace element and the second trace element do not physically touch at an operating temperature of the cryptographic module and do physically touch when the first shape actuation layer and the second shape actuation layer are thermally loaded. Upon first trace element and the second trace element touching, a circuit is formed that disables the cryptographic module.

Abstract: The present invention generally relates to systems and methods for establishing trusted, secure communications from a mobile device, such as a smart phone, to an immobile device, such as a multi-function device. The disclosed techniques can include the immobile device displaying a pattern that encodes a cryptographic key. The mobile device can obtain an image of the pattern and decode it to obtain the cryptographic key. Because the mobile device obtained the image within its line-of-sight, for example, it can be assured that it communicated with the immobile device, and only the immobile device. The mobile device and the immobile device can use the cryptographic key to secure further communications.

Abstract: Embodiments of the present invention relate to time delayed release of previously distributed digital content. In one embodiment, a method of and computer program product for low-bandwidth time-embargoed content disclosure are provided. A first cryptographic key is received. Encrypted content is received, encoded in a computer readable medium. A correction value is received. A predetermined function is applied to the first cryptographic key and the correction value to determine a second cryptographic key. The second cryptographic key is applied to the encrypted content to obtain decrypted content.

Abstract: An architecture is provided for protecting service-level entities. Such an architecture may escrow service requests prior to forwarding the requests to the service, and checking may be performed prior to releasing the request to the service. A crumple zone (CZ) architecture may be provided that buffers incoming service requests and may intercept attacks and/or sustain damage in lieu of the services being protected. The CZ may include an outward interface that is accessed by other entities, and the underlying service is not accessed directly. Elements of the CZ receive service requests, analyze them, and determine whether they can be safely executed by the underlying service.