Abstract: An authentication device includes an input unit that inputs specific information of an application to be installed and specific information of an image forming device which is an installation destination, and a controller that collates the specific information of the application and the specific information of the image forming device with a database to output an authentication result indicating that authentication has been performed or has not been performed.

Abstract: A mobile device receives an invitation to commence a media session. The invitation may be from a legitimate caller or from a spoofing caller. The mobile device checks parameters using templates to evaluate a consistency of the invitation with respect to a database in the mobile device. The templates include session protocol, network topology, routing, and social templates. Specific template data includes standardized protocol parameters, values from a database of the mobile device and phonebook entries of the mobile device. Examples of the parameters include capabilities, preconditions, vendor equipment identifiers, a hop counter value and originating network information. The originating network information may be obtained from the database by first querying an on-line database to determine a network identifier associated with caller identification information in the invitation.

Abstract: Techniques are disclosed herein for managing and sharing credentials, such as passwords for wireless access points using blockchain technology. In certain embodiments, a transaction may be generated using information and a set of conditions. A requester user device seeking access to a wireless access point may request the password from the blockchain fabric using a unique identifier for the wireless access point and may satisfy other conditions from the set of conditions which determines access to the password by the requester.

Abstract: According to an aspect of an embodiment of the present disclosure, operations related to emulated mobile device determinations may include obtaining sensor data associated with an entity. The sensor data may include sensor output values associated with one or more sensors of a physical mobile device. The operations may also include analyzing the obtained sensor data. The analyzing may include performing one or more determinations. The determinations may include determining whether the obtained sensor data includes static data. The determinations may also include determining whether the obtained sensor data includes computer-simulated data. In addition, the determinations may include determining whether the obtained sensor data includes reused sensor data. In some embodiments, the operations may include determining whether the obtained sensor data includes emulated sensor data based on one or more of the determinations.

Abstract: A method of securely resetting a first device comprising a UICC, the method comprising providing a secure reset control application to a secure element of the UICC of the first device wherein the secure reset control application is capable of commanding the UICC to provide notification indicative of a secure reset of the first device being requested if a corresponding signal is received from a remote management server; and/or communication between the secure reset control application and a remote management server cannot be established for a predetermined period of time and upon the next first device reset, determine whether a secure reset has been requested.

Abstract: A security system dynamically, depending on processor core execution flow, controls fault injection countermeasure circuitry protect processor core from fault injection attacks.

Abstract: An example operation may include one or more of identifying a smart contract, processing the smart contract to create a smart contract definition, determining whether the smart contract has been accepted by identified parties, when the smart contract has been accepted by the identified parties, generating a smart contract definition hash, and forwarding the smart contract definition hash to one or more blockchains.

Abstract: A device and method for quantum key distribution (QKD). The QKD center includes an authentication key sharing unit for sharing authentication keys with QKD client devices; a quantum key generation unit for generating a sifted key for each of the QKD client devices using a quantum state; an error correction unit for generating output bit strings by correcting errors of the sifted keys; and a bit string operation unit for calculating an encryption bit string by performing a cryptographic operation on the authentication keys, the distribution output bit strings and output bit strings received from the QKD client devices. The present invention improves security by preventing the QKD center from being aware of keys shared among users.

Abstract: A user can submit a request to a server associated with an ATM. The request can be submitted from a device (or portable device) of the user. The server can evaluate the request and designate which ATM or ATMs are best suited to process the request. This determination can be based on availability of resources on the ATM. Subsequently, the server can transmit a communication to the device of the user and the designated ATM. The communication can cause both the device and the ATM to emit a sound or display a visual cue to guide the user to approach the designated ATM. The device and the ATM can emit various patterns of sound to better guide the user to approach the designated ATM.

Abstract: A method for registering a first electronic entity of a user, which is capable of generating event data. The method includes: after a first main service platform dedicated to the first electronic entity receives a first registration request coming from a user terminal and including a user identifier for identifying/authenticating the user by a secondary service platform, the secondary service platform receives a second registration request including the user identifier from the first main service platform. Upon positive identification/authentication of the user by the secondary service platform, the first electronic entity is registered in a database of the secondary service platform, in association with an account of the user. Once the secondary service platform receives event data from the first electronic entity, the event data is made available to the second main service platform.

Abstract: SSL/TLS certificate filtering devices, systems and processes may filter packets based on risk associated with each packet. A risk score may be determined for each packet based on associated threats and risks. Risk scores may be determined based on certificates, certificate authorities, and/or end users associated with each packet. The certificates may be scored and/or categorized by threats and risk.

Abstract: Techniques for chunking data in data storage systems that provide increased data storage security across multiple cloud storage providers. The techniques employ a chunking engine and a policy engine, which evaluates one or more storage policies relating to, for example, cost, security, and/or network conditions in view of services and/or requirements of the multiple cloud storage providers. Having evaluated such storage policies, the policy engine generates and provides operating parameters to the chunking engine, which uses the operating parameters when chunking and/or distributing the data across the multiple cloud storage providers, thereby satisfying the respective storage policies. In this way, users of data storage systems obtain the benefits of cloud storage resources and/or services while reducing their data security concern and optimizing the total cost of data storage.

Abstract: Implementations and methods herein provide a networked storage system including a plurality of physical storage devices configured to store data on a plurality of virtualized volumes, a key store configured to store a plurality of encryption keys, and a security manager configured to encrypt data stored on each of the plurality of virtualized volumes using a different key.

Abstract: An aspect includes a computer system with a network encryption device and a trusted container within firmware or hardware and/or within a virtual machine running on the computer system. The network encryption device includes a key store for storing secret encryption keys and a network traffic encryption engine for negotiating and/or storing encryption keys in the key store and/or for encrypting and/or decrypting network traffic using the encryption keys from the key store. The trusted container includes a flow analyzer for analyzing network traffic received from the network encryption device.

Abstract: A method including: receiving a first plurality of randomly-selected logical operations; performing a first decryption of first client credentials stored locally at the client device by inputting cipher code to a decryption algorithm, wherein the decryption algorithm includes the first plurality of randomly-selected logical operations; subsequent to the first decryption of the first client credentials, performing a first authentication of the client-based application with a server, including transferring the first client credentials to the server; after the first authentication, receiving a second plurality of randomly-selected logical operations from a network resource separate from the client device; applying the second plurality of randomly-selected logical operations to the decryption algorithm; and performing a second decryption of the first client credentials stored locally at the client device by inputting the cipher code to the decryption algorithm, wherein the decryption algorithm includes the second

Abstract: Endpoint security is improved by monitoring and controlling interprocess communications through a kernel-based endpoint protection driver. A list of protected computing objects such as registry keys, files, processes and directories is stored in the kernel and secured with reference to a trust authority external to the kernel and the endpoint. Protected processes are further controlled from unauthorized access and use by monitoring all interprocess communications through the endpoint protection driver and preventing unprotected processes from passing (potentially unsafe) data to protected processes.

Abstract: In one embodiment, an apparatus comprises a first processor to generate a first cryptographic key in response to a request from a software application; receive a second cryptographic key generated by a second processor; encrypt the first cryptographic key using the second cryptographic key; and provide the encrypted first cryptographic key for use by the software application.

Abstract: A method for securing an IT (information technology) system using a set of methods for knowledge extraction, event detection, risk estimation and explanation for ranking cyber-alerts which includes a method to explain the relationship (or an attack pathway) from an entity (user or host) and an event context to another entity (a high-value resource) and an event context (attack or service failure).

Abstract: A method and an apparatus for identifying a user identity are disclosed. The method includes receiving, by a first platform, a first request sent by a second platform, the first request including a first identifier, the first identifier being a sequence number used for identifying the second platform and allocated to the second platform by the first platform after the second platform accesses the first platform; obtaining a second identifier corresponding to the first identifier, the second identifier being a sequence number used for identifying an identity of the second platform in the first platform; obtaining a third identifier corresponding to the first request, the third identifier being an account of a login user currently logging on to the first platform; encrypting the third identifier using the second identifier to obtain a fourth identifier; and returning the fourth identifier to the second platform.

Abstract: Some database systems may implement encrypted connections to improve the security of incoming server traffic. The systems may implement the encrypted connections using encryption keys known to both a proxy server and a server (e.g., a database server). For example, a proxy server may encrypt one or more communications between the proxy server and a user device, such as self-identifying information for the user device, using a known encryption key. The user device may, in turn, attempt to establish an encrypted connection with the server using the encrypted communications. Because the encryption key is known to both the server and the proxy server, the server may decrypt the encrypted communications and subsequently establish an encrypted connection with the user device based on the decrypted communications.