Abstract: Methods and systems for securely accessing a transportation vehicle are provided. As an example, one method includes obtaining user specific secret information from a key server with a user device, without providing the user access to the user specific secret information; securely storing the user specific secret information in a memory of the user device; generating a challenge message for the user device with an LRU, the challenge message generated by the LRU using the user specific secret information also stored at the LRU and optionally an identifier identifying the LRU; generating a response to the challenge message by the user device using any user specific secret information and the challenge message; providing the response to the LRU; and validating the response by the LRU using any user specific secret information and the challenge message for authorizing access to the LRU by the user device.

Abstract: The present disclosure relates to a sensor network, Machine Type Communication (MTC), Machine-to-Machine (M2M) communication, and technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the above technologies, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method for controlling contents and an electronic device thereof are provided. An operation method of an electronic device includes the operations of setting an access authority for one or more contents, if there is a request for an access of at least one application to the contents, resetting the access authority for the contents, and controlling the access by the application to the contents in accordance with the reset access authority of the application for the contents.

Abstract: Disclosed are systems and methods for selecting secure data entry mechanism for software applications. An example method comprises: detecting, by a hardware processor, a data entry activity during execution of the program on a user device; determining, by the hardware processor, security requirements associated with the detected data entry activity; selecting a data entry mechanism for the program based on the security requirements, wherein selection of the data entry mechanism includes: selecting a data entry device, selecting an interface for transmission of data from the data entry device, selecting a method of storing the entered data, and selecting a method of displaying the entered data; and activating the selected data entry mechanism for receiving user input for the program.

Abstract: A method of secure key generation includes writing a predetermined write pattern to a particular address of volatile memory, wherein the volatile memory includes bit lines; reading data from the particular address while applying a first set of operating variables to the volatile memory, subsequent to the writing; sensing a first plurality of timing mismatches during the reading, wherein sense amplifiers are coupled to the bit lines, each latch of a plurality of latches is coupled between a respective pair of sense amplifiers, and each latch is configured to output a data value that indicates a respective timing mismatch between outputs of the respective pair of sense amplifiers; and determining an entropy ratio for the particular address, wherein the entropy ratio is equivalent to a ratio of a first number of latches that output a first data value to a second number of latches that output a second data value.

Abstract: This invention discloses a system and method for selective erasure, encryption and or copying of data on a remote device if the remote device has been compromised or the level of authorization of a roaming user in charge of the remote device has been modified.

Abstract: Disclosed are various embodiments of transmit and receive connectivity devices that include signal processing circuitry, an HDMI port, and a multi-position multi-contact port. The signal processing circuitry can transmit and receive signals over the multi-position multi-contact port. The signals can include a first signal corresponding to a first frequency and a second signal corresponding to a second frequency. A power and ground can be send over a cable attached to the multi-position multi-contact port.

Abstract: A provider computer announces content to the provider computer and establishes a secure connection to a VPN server. Requests for the content are received in one protocol (HTTPS) from the consumer computer and forwarded to the VPN server in a less secure protocol (HTTP) by a protocol conversion proxy, which then forwards the request to the provider computer. A public URL and secure URL may be associated with the same content. The public URL is announced to a consumer computer. A public server receives the public URL and returns the secure URL, which consumer computer uses to establish a secure connection to the provider computer. Upon the secure URL being compromised, a new secure URL is associated with the public URL. The source IP addresses of requests for the public and secure URLs may be compared to determine whether the secure URL is compromised.

Abstract: A local content server system (LCS) for creating a secure environment for digital content is disclosed, which system comprises: a communications port in communication for connecting the LCS via a network to at least one Secure Electronic Content Distributor (SECD), which SECD is capable of storing a plurality of data sets, is capable of receiving a request to transfer at least one content data set, and is capable of transmitting the at least one content data set in a secured transmission; a rewritable storage medium whereby content received from outside the LCS may be stored and retrieved; a domain processor that imposes rules and procedures for content being transferred between the LCS and devices outside the LCS; and a programmable address module which can be programmed with an identification code uniquely associated with the LCS. The LCS is provided with rules and procedures for accepting and transmitting content data.

Abstract: According to an embodiment, a communication device includes an acquirer and a determiner. The acquirer is configured to acquire a first history value for each of one or more applications that use an encryption key. The first history value indicates a history value of a volume of the encryption key used by the each of one or more applications. The determiner is configured to determine a volume of the encryption key to be assigned to the corresponding application, according to the first history value.

Abstract: A novel code signing system, computer readable media, and method are provided. The code signing method includes receiving a code signing request from a requestor in order to gain access to one or more specific application programming interfaces (APIs). A digital signature is provided to the requestor. The digital signature indicates authorization by a code signing authority for code of the requestor to access the one or more specific APIs. In one example, the digital signature is provided by the code signing authority or a delegate thereof. In another example, the code signing request may include one or more of the following: code, an application, a hash of an application, an abridged version of the application, a transformed version of an application, a command, a command argument, and a library.

Abstract: A data processing system including a data processing apparatus, includes a user data storing unit that stores user data of a user who uses a first service, the user data including first authentication data used for logging in the first service and user specifying data; a determining unit that determines, when the user who uses the first service sets second authentication data used for logging in a second service different from the first service, user specifying data usable as the second authentication data from the user specifying data included in the user data; and a management unit that sets the user specifying data determined to be usable as the second authentication data in the user data of the user who uses the first service as the second authentication data, and manages the user data as user data of the user who uses the first service and the second service.

Abstract: A method, system or computer usable program product for managing exchanges of sensitive data including utilizing a processor to request a service across a network from an application, the service requiring a disclosure of a first set of sensitive data by the application; providing a set of certified policy commitments regarding the first set of sensitive data to the application for a determination of acceptability; and upon a positive determination, receiving the service including the disclosure of the first set of sensitive data.

Abstract: An approach is provided for performing authentication in a communication system. In one embodiment, a key is established with a terminal in a communication network according to a key agreement protocol. The agreed key is tied to an authentication procedure to provide a security association that supports reuse of the key. A master key is generated based on the agreed key. In another embodiment, digest authentication is combined with key exchange parameters (e.g., Diffie-Hellman parameters) in the payload of the digest message, in which a key (e.g., SMEKEY or MN-AAA) is utilized as a password. In yet another embodiment, an authentication algorithm (e.g., Cellular Authentication and Voice Encryption (CAVE)) is employed with a key agreement protocol with conversion functions to support bootstrapping.

Abstract: A variety of techniques for performing identity verification are disclosed. As one example, a verification request is received from a remote user. The verification request pertains to a cryptographic key. In response to receiving a confirmation from a local user of the local device, a verification process is initiated. A result of the verification process is transmitted to the remote user. As a second example, a verification request can be received at the local device, from a local user of the device. A verification process with respect to the local user is initiated, and a result of the verification process is transmitted to a remote user that is different from the local user.

Abstract: Methods and systems for scrubbing confidential insurance account information are provided. According to embodiments, a scrubbing server can receive a request to scrub confidential insurance data that includes the contents of an insurance account information database and an indication of the category of confidential data stored in the database. The scrubbing server can scrub the valid data contained in the received database, replacing confidential information with “scrambled” data that is not confidential. The scrubbing server can transmit the contents of the scrubbed database back to the requesting party.

Abstract: A computer-implemented method may conceal sensitive data displayed within a viewport of a display of a client computing device, such as sensitive data relating to auto, home, life, or renters insurance, banking, and/or vehicle loans. In one aspect, the method may receive a user credential authenticating a user of the computing device and determine that a sensitive data flag has been triggered. The sensitive data flag may indicate that sensitive user data is displayed within a viewport of the computing device. The method may also initiate a biometric detection service, application, and/or functionality in response to determining that the sensitive data flag has been triggered and detect a first biometric identifier belonging to the user of the computing device. The method may further detect a second biometric identifier belonging to someone other than the user, and obscure the sensitive user data displayed within the viewport of the computing device.

Abstract: Embodiments of the invention provide techniques for receiving, authenticating, parsing, and storing operational status data (or telemetry data) from one or more hardware and software systems within an aggregated computing infrastructure. Operational status data may be transmitted over secure transmission channels and stored within secure data stores at a computing infrastructure analyzer. Additionally, some embodiments describe techniques for creating, storing, and retrieving operational risk rules that may apply to one or more computing infrastructures. Based on the operational risk rules, one or more determinations may be performed to identify data items for extraction from the received telemetry data of an aggregated computing infrastructure. Using the extracted telemetry data items, one or more operational risk rules may be evaluated with respect to the aggregated computing infrastructure.

Abstract: A method for live migrating a virtual machine includes connecting to a virtual machine operated in a first host by a client; transmitting condition data of the virtual machine to a second host by the first host during a transmitting time, the first host and the second host being located at different net domains; transmitting a variance of condition data of the virtual machine generated in the transmitting time to the second host by the first host; providing a notification to the client to reconnect to the second host by the first host; modifying a network packets transmitting rule by the client based on the notification of the first host, and activating the virtual machine by the second host based on the condition data of the virtual machine and the variance of the condition data of the virtual machine thereby maintaining the connection between the client and the virtual machine.

Abstract: A computer-implemented method may conceal sensitive data displayed within a viewport of a display of a client computing device, such as sensitive data relating to auto, home, life, or renters insurance, banking, and/or vehicle loans. In one aspect, the method may receive a user credential authenticating a user of the computing device and determine that a sensitive data flag has been triggered. The sensitive data flag may indicate that sensitive user data is displayed within a viewport of the computing device. The method may also initiate a biometric detection service, application, and/or functionality in response to determining that the sensitive data flag has been triggered and detect a first biometric identifier belonging to the user of the computing device. The method may further detect a second biometric identifier belonging to someone other than the user, and obscure the sensitive user data displayed within the viewport of the computing device.

Abstract: A system, method and program product for spear phishing. As system is disclosed having a system for automatically constructing a background story using computational logic that includes true declarative content associated with a target; a system for automatically constructing an expanded story using computational logic that includes deceptive declarative content; and a communication generator that generates a communication including the true declarative content, the deceptive declarative content, and an actionable element.