Abstract: A stranger who has come across user information of a user is prevented from being successfully authenticated as the user. A user authentication system includes: an authentication information acquisition unit (20) configured to obtain an entered password of a user; a user authentication unit (22) configured to execute authentication of the user based on the entered password; and an authentication procedure change unit (28) configured to change, when the authentication of the user fails and the entered password matches or is similar to a password candidate that is based on information associated with the user, a procedure of the authentication of the user which is executed by the user authentication unit (22), based on whether or not a genuine password of the user matches or is similar to the password candidate.

Abstract: An API call filtering system filters responses to API call requests received, via a network, from UEs. The API call filtering system is configured to require personalized API call requests wherein each API call (except for some minor exceptions) includes a unique UE identifier (“UEIN”) of the UE making the request. Using the UEIN, the web service or other service protected by the API call filtering system can be secured against excessive request iterations from a set of rogue UEs while allowing for ordinary volumes of requests of requests the UEs, wherein one or more boundaries between what is deemed to be an ordinary volume of requests and what is deemed to be excessive request iterations are determined by predetermined criteria.

Abstract: A client authentication system receives authentication requests associated with a web page in response to a client computing system requesting access to the web page. The authentication system determines whether a storage device contains configurations for the authentication requests. The authentication system configures client authentication for the client authentication requests in view of whether the storage device includes the configurations for the authentication requests. The GUI allows control to change the client authentication configuration for at least one of the authentication requests.

Abstract: There is provided a method of operating a node (512, 520, 1102) for use by a first network (502, 504), the first network (502, 504) applies an authentication process to allow a subscriber access to a network, wherein authentication information used in the authentication process is derived using a key associated with a subscriber identity of a subscriber, the key being stored in either a location within the first network (502, 504) or external to the first network (502, 504).

Abstract: The present disclosure is applicable to the field of network communications, and provides a login method and apparatus, and an open platform system. The method includes: receiving an Access Token parameter provided by a login platform after a user is authenticated and authorized; acquiring an open digital identity (OpenID) of the user by using the received Access Token parameter; and generating a corresponding command word according to a browser environment of a third-party page, and returning the command word to the third-party page, the command word including the Access Token parameter and the OpenID of the user.

Abstract: Various embodiments include a method for managing a group of devices in communication with each other and sharing a set of keys. The method may include opening a secure channel with each of two devices from the group; providing the set of keys to the two devices from the group, wherein the set of keys include an encryption and an authentication key; indicating to the two devices to begin using the set of keys; and performing an audit process including verifying that nodes within a key group have the same copy of encryption and authentication keys. Embodiments of the method may include synchronization, active/standby redundancy and the ability to manage the network when some nodes perform the data encryption and some node do not, do, or when both encrypted and non-encrypted tunnels and services can work together.

Abstract: An approach is provided for adapting privacy profiles to respond to changes in physiological state. The policy platform may process and/or facilitate a processing of sensor information to determine at least one change in one or more physiological states of at least one user, wherein the at least one user is associated with at least one context, at least one activity, or a combination thereof. Then, the policy platform may cause, at least in part, a modification of at least one privacy profile for at least one device associated with the at least one user based, at least in part, on the at least one change in the one or more physiological states, the at least one context, the at least one activity, or a combination thereof, wherein the modification of the at least one privacy profile includes, at least in part, an enabling or a disabling of one or more privacy services operating at least at least one device.

Abstract: Systems and methods are disclosed for managing and protecting electronic content and applications. Applications, content, and/or users can be given credentials by one or more credentialing authorities upon satisfaction of a set of requirements. Rights management software/hardware is used to attach and detect these credentials, and to enforce rules that indicate how content and applications may be used if certain credentials are present or absent. In one embodiment an application may condition access to a piece of electronic content upon the content's possession of a credential from a first entity, while the content may condition access upon the application's possession of a credential from a second entity and/or the user's possession of a credential from a third entity. Use of credentials in this manner enables a wide variety of relatively complex and flexible control arrangements to be put in place and enforced with relatively simple rights management technology.

Abstract: Tools, strategies, and techniques are provided for evaluating the identities of different entities to protect individual consumers, business enterprises, and other organizations from identity theft and fraud. Risks associated with various entities can be analyzed and assessed based on analysis of social network data, professional network data, or other networking connections, among other data sources. In various embodiments, the risk assessment may include calculating an authenticity score based on the collected network data.

Abstract: Example systems, methods and storage media to provide a cross-enterprise workflow among clinical systems are disclosed. An example cross-enterprise enabled clinical information system includes a workflow manager to coordinate user workflows with respect to the system and associated content. The system includes an image services manager configured to manage images and associated services for the system and associated content. The workflow manager and image services manager are configured for cross-enterprise content sharing such that the system is to locally authenticate a user at the system and the system is to locally authorize a remote request for access to content at the system from a remote user that has been authenticated remotely. The system is arranged to provide content in response to the remote request after the remote authentication has been received and the system has verified the remote user's authorization for access.

Abstract: When providing a user with native access to at least a portion of device hardware, the user can be prevented from modifying firmware and other configuration information by controlling the mechanisms used to update that information. For example, a clock or a timer mechanism can be used by a network interface card to define a mutability period. During the mutability period, firmware update to a peripheral device can be allowed. Once the mutability period has expired, firmware update to a peripheral device will no longer be allowed.

Abstract: An article of manufacture includes a machine-readable medium that stores a multimedia content file in a first format and multiple program sets. Each program set is a version of software that, when executed by a respective electronic system, produces the multimedia content file in a second format for use in the respective electronic system. A first program set is compatible with a first operating system executed by a first electronic system and a second program set is compatible with a second operating system executed by a second electronic system. The second operating system is distinct from the first operating system.

Abstract: Approaches for managing potentially malicious files using one or more isolated environments. In response to receiving a request to perform an action on a file, a client applies a policy to determine whether the action is deemed trustworthy. The client identifies, without human intervention, an isolated environment, executing or to be executed on the client, in which the action is to be performed based on whether the action is deemed trustworthy. In this way, embodiments allow a user to make use of data deemed untrusted in certain cases without allowing the untrusted data from having unfettered access to the resources of the client. If the requested action is performed in a different isolated environment from which the action was requested, embodiments enable the performance of the action to be performed seamlessly to the user.

Abstract: A method of filtering outbound Internet traffic includes connecting an appliance to a network (that includes an end user terminal and a router), altering the flow of network traffic to direct the end user terminal to route outbound Internet traffic through the appliance, and filtering the outbound Internet traffic with the appliance. The outbound Internet traffic is traffic to remote servers from the end user terminal. The appliance may alter the flow of network traffic by issuing a gratuitous ARP packet from the appliance to direct the end user terminal to route the outbound Internet traffic through the appliance instead of the router. The appliance may receive the outbound Internet traffic to remote servers from the end user terminal, monitor the outbound Internet traffic, filter the outbound Internet traffic to form allowed packets for the remote servers, and/or forward the allowed packets to the remote servers.

Abstract: A method and device for identifying an abnormal application are provided. The method includes executing abnormal applications, obtaining dynamic behavior information of the abnormal applications, inputting the dynamic behavior information of the abnormal applications into a preset detection network, obtaining a behavior rule of the dynamic behavior information via the detection network, and identifying a detected application according to the behavior rule to determine whether the detected application is an abnormal application.

Abstract: Technical solutions for presenting service processes are provided. In the solutions, operation instructions are received, and in response to the received operation instructions, a page of a first service process is displayed and the first service process is started; when a page of a second service process is displayed instead of the page of the first service process, execution progress of the first service process is presented through an icon of the first service process.

Abstract: The disclosure is directed to a connection modification method in a dual connectivity scenario. In one of the exemplary embodiments, a UE configures a first MCG bearer for communication with a first base station; configures a SCG bearer for communication with a second base station; generates and transmits a first encrypted PDCP SDU by encrypting a first PDCP SDU of the first MCG bearer by using a first security key, a first TX_HFN and a first PDCN SN associated with the first PDCP SDU; generates and transmits a second encrypted PDCP SDU; receives a third bearer configuration re-configuring the SCG bearer as either a second MCG bearer or a split bearer; generates a third encrypted PDCP SDU by encrypting a third PDCP SDU of the SCG bearer and transmits the third encrypted PDCP SDU after the SCG bearer is reconfigured as the second MCG bearer or the split bearer.

Abstract: A browser application programming interface is exposed to a web application to verify an identify of a user using user-specific identity information stored by the browser. Cryptographic information associated with the user is transmitted from the browser application programming interface to the web application. User-specific content is provided to the user through the web application if the web application verifies an identify of the user via the browser application programming interface using the cryptographic information.

Abstract: Aspects of the present disclosure include a system comprising a computer-readable storage medium storing at least one program and a method for managing access permissions associated with data resources. Example embodiments involve evaluating user access permissions with respect to shared data resources of a group of network applications. The method includes receiving a request, from one of the network applications, to access a particular data resource. The request includes an identifier of a requesting user. The method further includes accessing a policy object associated with the data resource that includes policy information specifying operations the user is authorized to perform with respect to the data resource based on satisfaction of one or more conditions. The method further includes evaluating the user's access permissions with respect to the data resource based on the policy object, and communicating a response to the network application that includes the access permission of the user.

Abstract: Embodiments described herein relate to securing the privacy of knowledge used to authenticate a user (i.e., Proof of Knowledge (PoK) test(s)). In some embodiments, a client device is operable to receive a first encryption key and encrypted test(s) from a PoK server. The client device also receives a second encryption key from a Relying Party (RP) server. The client device can decrypt the encrypted test(s) by using the first encryption key and the second encryption key to thereby render decrypted test(s). The client device is further operable to obtain answer(s) for the decrypted test(s), send a communication to the PoK server based on the answer(s), and receive a communication from the RP server that authorizes a user of the client device to access service(s) administered by the RP server.