Abstract: A mobile communications device may include a near field communications (NFC) device, an input device configured to generate a memory wipe command, a memory, and a memory controller coupled with the NFC device, the input device, and the memory. The memory controller may be configured to receive secure data from a provisioning server and store the secure data into the memory, receive wiping instruction data from the provisioning server and store the wiping instruction data into the memory for wiping the secure data from the memory, and wipe the secure data from the memory without an over-the-air (OTA) connection to the provisioning server based upon the memory wipe command and the wiping instruction data stored in the memory.

Abstract: In one embodiment, a method includes providing for presentation to a user a number of content objects. Some of the content objects are socially relevant to the user and some of the content objects are socially irrelevant to the user. The method also includes receiving input indicating a selection of one of the content objects by the user; determining whether the content object selected by the user is socially relevant to the user; authenticating the user if the content object selected by the user is socially relevant to the user; and declining to authenticate the user if the content object selected by the user is socially irrelevant to the user.

Abstract: A method for completing at least one portable data carrier connected to a completion device, wherein a completion data set that is present on the completion device is introduced into the data carrier. A security module is connected to the completion device and different authorization data sets are provided on the security module. The security module includes a management application for managing the different authorization data sets. Each of the authorization data sets exactly specifies one completion, and each of the authorization data sets is exactly associated with one completion data set. The managing application on the security module monitors the completion of the at least one data carrier according to the specification in an authorization data set selected from the different authorization data sets.

Abstract: An improved technique involves authenticating a user requesting access to a particular mobile device using knowledge-based authentication (KBA) questions generated from data taken from a group of mobile devices to which the particular mobile device belongs. Along these lines, consider a corporation that has a group of mobile devices distributed to its employees. The mobile devices provide data to an enterprise KBA (eKBA) server regarding events on each of the mobile devices. Because an owner of a mobile device belongs to a group of employees, the owner is able to answer questions regarding fellow employees. On the other hand, a malicious user that illegitimately gains access to the owner's mobile device will not be able to answer such questions, even if the malicious user knows details about the owner.

Abstract: The present invention discloses a method of verifying the authenticity of a provided signature, comprising the steps of: receiving a set of sampled data points, each sampled data point being associated with a different position along the signature; identifying a set of characterizing nodes within the set of sampled data points using a set of predetermined characterizing nodes comprised in a pre-stored user profile; determining if each identified characterizing node lies within a predetermined threshold range of a corresponding predetermined characterizing node; and generating a positive verification when the characterizing nodes lie within the predetermined threshold range. A system arranged to carry out the method is also disclosed.

Abstract: Described in an example embodiment herein is a Multiple Application Container. Various embodiments of the Multiple Application Container may include, but are not limited to: (1) managed intranet access via a dedicated Virtual Private Network (VPN) tunnel shared amongst applications within the container, (2) managed file/data encryption, (3) native look and feel applications for the base Operating System (OS), (4) isolation from any non-OS based services on the device, and/or (5) Mobile Device Management (MDM) based capabilities, such as policy enforcement.

Abstract: A computer program can be statically analyzed to determine an order in which client side workflows are intended to be implemented by the computer program. A virtual patch can be generated. When executed by a processor, the virtual patch can track web service calls from a client to the computer program, and determine whether the order of the web service calls from the client to the computer program correlate to the order in which client side workflows are intended to be implemented by the computer program. If the order of the web service calls from the client to the computer program do not correlate to the order in which client side workflows are intended to be implemented by the computer program, an alert can be generated.

Abstract: A computer program can be statically analyzed to determine an order in which client side workflows are intended to be implemented by the computer program. A virtual patch can be generated. When executed by a processor, the virtual patch can track web service calls from a client to the computer program, and determine whether the order of the web service calls from the client to the computer program correlate to the order in which client side workflows are intended to be implemented by the computer program. If the order of the web service calls from the client to the computer program do not correlate to the order in which client side workflows are intended to be implemented by the computer program, an alert can be generated.

Abstract: A system for securely transferring information from an industrial control system network, including, within the secure domain, one or more remote terminal units coupled by a first network, one or more client computers coupled by a second network, and a send server coupled to the first and second networks. The send server acts as a proxy for communications between the client computers and the remote terminals and transmits first information from such communications on an output. The send server also transmits a poll request to a remote terminal unit via the first network and transmits second information received in response to the poll on the output. The system also includes, outside the secure domain, a receive server having an input coupled to the output of the send server via a one-way data link. The receive server receives and stores the first and second information provided via the input.

Abstract: Disclosed are an apparatus and method of verifying an application installation procedure. One example method of operation may include receiving an application at a computer device and initiating the installation of the application on the computer device. The method may also provide executing the application during the installation procedure and creating a hash value corresponding to the executed application data. The method may further provide storing the hash value in memory and comparing the hash value to a pre-stored hash value to determine whether to continue the installation of the application.

Abstract: Methods and apparatus are provided for secure function evaluation between a semi-honest client and a semi-honest server using an information-theoretic version of garbled circuits (GC). An information-theoretic version of a garbled circuit C is sliced into a sequence of shallow circuits C1, . . . Cn, that are evaluated. Consider any wire wj of C that is an output wire of Ci, and is an input wire of Ci+1. When a slice Ci is evaluated, Ci's 1-bit wire key for wj is computed by the evaluator, and then used, via oblivious transfer (OT), to obtain the wire key for the corresponding input wire of Ci+1. This process repeats until C's output wire keys are computed by the evaluator. The 1-bit wire keys of the output wires of the slice are randomly assigned to wire values.

Abstract: An information storing device includes a storage section configured to store revocation information that is a list of an identifier of an unauthorized device, and a data processor configured to execute determination processing of unauthorized equipment in accordance with the revocation information. The data processor extracts version information enabling identification of the issue order of the revocation information from the revocation information and transmits the extracted version information to a communication counterpart device. If the data processor receives the revocation information of a new version of the issue order held by the communication counterpart device from the communication counterpart device, the data processor executes revocation information synchronization processing of substituting the received revocation information of the new version for the revocation information of an old version stored in the storage section to store the revocation information of the new version.

Abstract: Embodiments of the invention are generally directed to identification and handling of data streams using coded preambles. An embodiment of an apparatus includes an interface with a communication channel, transmitter coupled with the interface to transmit one or more data streams via the interface, and a processing element, the processing element to receive one or more data streams for transmission. Upon receiving multiple data streams for transmission of a first type of data, including a first data stream and a second data stream for transmission of the first type of data, the processing element is to select a first preamble for the first data stream and a second preamble for the second data stream, where the first preamble is distinguishable from the second preamble.

Abstract: Techniques are provided for authenticating a subject of a client device to access a software-as-a-service (SaaS) server. A network access device receives a request from a client device to establish a network session and transfers identity information of the subject, the client device and the network session to a session directory database. A request is sent to access an application on a SaaS server. If it does not contain an identity assertion that identifies the subject, the request is redirected to an identity provider device (IdP), to provide identity assertion services to the subject. A network session identifier is inserted into the request by a network access device and the request is forwarded to the IdP. The IdP uses the network session identifier to query the session directory database for the identity information to be used for a security assertion of the subject to the SaaS server.

Abstract: A system, computer-readable storage medium storing at least one program, and a computer-implemented method for controlling a local utility are disclosed. A first request originating from an application and including a first token is received at a local utility. The application received a web page, including a plurality of links and the first token, from a first server. The plurality of links are received by the application from a second server. The first token is authenticated. Authentication includes sending the first token to a third server. In response to authenticating the first token, a second token is generated at the local utility. The second token is sent to the application for inclusion in subsequent requests from the application.

Abstract: Disclosed is a protocol for a fault-tolerant, private distributed aggregation model that allows a data consumer to calculate unbounded statistics (weighted sums) over homomorphically encrypted sensitive data items from data producers. The data consumer can choose to calculate over an arbitrary subset of all available data items, thus providing fault tolerance; i.e., failing data producers do not prevent the statistics calculation. A key-managing authority ensures differential privacy before responding to the data consumer's decryption request for the homomorphically encrypted statistics result, thus preservation the data's producer's privacy. Security against malicious data consumers is provided along with aggregator obliviousness, differential privacy in a unidirectional communication model between data producers and data consumers.

Abstract: A request from a client system to perform computations on encrypted data is received at a server system. A request for a data key configured to decrypt the encrypted data is sent from the server system to the client system. The data key from the client system is received at the server system. The encrypted data is accessed at the server system. The encrypted data is decrypted using the data key to generate unencrypted data at the server system. The computations are performed on the unencrypted data to generate result data at the server system. The result data is provided to the client system.

Abstract: In various example embodiments, a system and method for providing policy-based authentication is provided. In example embodiments, a request to access and sign a document is received from a device of an intended signer. A policy assigned to the intended signer is determined. Based on the policy, a determination is made whether an authentication mechanism is applicable to the intended signer. In response to the determining that the authentication mechanism is applicable to the intended signer, the intended user is required to perform the authentication mechanism. The intended user is provided access to view and sign the document based on the intended user satisfying the authentication mechanism.

Abstract: Securely connecting a virtual machine in a public cloud to corporate resources. A cloud computing system is coupled to an enterprise computing system via a network. The enterprise computing system includes a management server, an authentication server and a virtual private network (VPN) server. A cloud engine runs on the management server. The cloud engine starts an exchange with the authentication server that leads to a state in which both parties know a one-time password (OTP) and an identifier (ID) of a virtual machine (VM) hosted by the cloud computing system. The cloud engine sends the OTP and the ID to the VM. The VPN server then receives credentials from the VM. If the credentials are successfully authenticated against the OTP and the ID, a secure connection is established between the enterprise computing system and the VM.

Abstract: Systems and method for implementing an encryption technique by combining matrix mathematics, audio frequencies, and symmetric key. Data encryption/decryption may be performed using symmetric key based implementations, with the encryption keys being derived from unique sequences of frequencies (e.g., either in written or audible form). In this regard, the encryption key may be derived from a reference signal, which may comprise a plurality of different frequencies, and the generating of the encryption key is based on assigning values to the plurality of different frequencies and/or to one or more attributes associated with the reference signal or elements (e.g., particular portions, such as notes or frequencies) thereof. The data may then be encrypted based on the generated encryption key, wherein the encrypting of the data comprises encrypting plaintext values.