Abstract: A software defined networking (SDN) computer network includes an SDN controller and an SDN switch. The SDN controller inserts flow rules in a flow table of the SDN switch to create an SDN pipe between a sender component and a security component. A broadcast function of the SDN switch to the ports that form the SDN pipe may be disabled. The SDN pipe allows outgoing packets sent by the sender component to be received by the security component. The security component inspects the outgoing packets for compliance with security policies and allows the outgoing packets to be forwarded to their destination when the outgoing packets pass inspection. The SDN controller may also insert a flow rule in the flow table of the SDN switch to bypass inspection of specified packets.

Abstract: Embodiments relate to systems and methods for authenticating devices and securing data. In embodiments, a session key for securing data between two devices can be derived as a byproduct of a challenge-response protocol for authenticating one or both of the devices.

Abstract: Embodiments describe transmitting authentication data from an application to a communication system. The communication system verifies the authentication data transmitted from the application, and on the basis that the authentication data is verified, the communication system authenticates the application for accessing the communication system on behalf of a user. Prior to the transmitting step the authentication data is provided from the communication system to the client, and then from the client to the application. The verifying step comprises determining that the authentication data transmitted from the application corresponds to the authentication data provided from the communication system to the client, such that the application is authenticated for accessing the communication system on behalf of the user on the basis of the client's authentication with the communication system.

Abstract: User authentication techniques based on geographical locations associated with a client device is provided. A network connection can be established between two or more host machines and a client device. Upon a request received from the client device by one of these host machines, round trip times of test messages may be measured between the client device and each of the host machines. The round trip times can be utilized to determine the current geographical location of the client device. If the location is within a tolerance geographical area, the client device may be authenticated. Otherwise, the authentication may fail or additional security procedures may be implemented. In some examples, a travel time from a historical geographical location to current geographical location can be determined. This data may be also utilized in the user authentication process.

Abstract: A system and method of executing secure communications between first and second domains includes a first logical unit and a second logical unit. The first logical unit periodically calculates timestamps and hashes. The first logical unit also transmits a web form to a node of a first domain responsive to a request and the web form is displayed to a user. The first logical unit receives data input to said web form by the user and enhances the data by adding one or more security services. The first logical unit translates the received data from a first network application level protocol to a target network application level protocol while preserving said data security enhancements and transmits the translated data across a public network. A second logical unit de-enhances the translated data and filters the translated data data. The second logical unit further authorizes the filtered data and transmits the filtered data to a node of the second domain for use in an application.

Abstract: A method for activating an operating system in a security module, wherein the security module is operational either by means of a first operating system or by means of a second operating system. The method comprises the steps of: operating the security module by means of the first operating system and shifting the security module from the first operating system to the second operating system. A primary application incorporated in the security module accesses the respective operating system by means of an operating-system interface. The above concept are incorporated in a security module and employment of a security module in an end device.

Abstract: A management server includes a user management database in which mobile terminal identification information on the mobile terminal and working machine identification information on a sold working machine are registered in association with each other, a user registration determination unit adapted to determine whether or not the mobile terminal and the working machine are registered in association with each other on the basis of the mobile terminal identification information and the working machine identification information outputted from the mobile terminal and the mobile terminal identification information and the working machine identification information stored in the user management database, and an authorization information output unit adapted to output an authorization key necessary for wireless communication between the mobile terminal and the working machine in the case where the user registration determination unit determines that the mobile terminal and the working machine are registered in associa

Abstract: A system provided for eliminating access to data within a writable storage media cartridge. The system comprises a writable storage media drive, such as a tape drive. The writable storage drive determines if at least a first portion of data on the writable storage media is encrypted. If it is determined that the first portion of data is encrypted then the writable storage drive shreds a second portion of data within the writable storage media cartridge related to said encrypted first portion of data. The first portion of data and the second portion are not the same portions of the writable storage media cartridge.

Abstract: A capability for secure communication of data from a source device to a destination device is presented. The source device has a device identifier associated therewith. The source device stores an encrypted version of the device identifier that is encrypted based on a master key of the destination device. The source device stores an encryption key. The source device communicates data to the destination device in a secure manner by encrypting the data using the encryption key and propagating the encrypted version of the device identifier and the encrypted data to the destination device. The destination device recovers the data sent by the source device by decrypting the encrypted version of the device identifier based on the master key to determine the device identifier, determining a decryption key based on the device identifier, and decrypting the encrypted data based on the decryption key to recover the data sent by the source device.

Abstract: A method and a system for naming-conflict-free integration of software components originating from software component manufacturers (OEM), comprising software development devices from different software component manufacturers (OEM) that manufacture and encrypt software components with the respective cryptographic key, wherein when a naming conflict occurs during the integration of encrypted software components, at least one of the encrypted software components in which the naming conflict occurred is expanded by a naming conflict resolution rule to thereby allows for the resolution of naming conflicts in encrypted software components that can originate from different software component manufacturers without the source code of the software components becoming visible to third parties.

Abstract: Embodiments disclosed herein provide an authorization framework. An apparatus may include a data storage to store a first plurality of authorization plugin modules and a server coupled to the data storage. The server may receive a request to access a resource, identify a second plurality of authorization plugin modules that is a proper subset of the first plurality of authorization plugin modules, execute each of the second plurality of authorization plugin modules to generate a plurality of authorization decisions and determine whether to grant the request in view of plurality of authorization decisions.

Abstract: There is provided an information processing apparatus including: a data processing unit, on which a medium as an information storage apparatus is mounted, which controls reproduction of content stored on the medium, wherein the data processing unit executes host device ID registration processing for outputting a host device ID, which is an identifier of the host device, to the medium and storing the host device ID on the medium, receives the host device ID, which is stored on the medium, from the medium after execution of the host device ID registration processing, executes connection consistency confirmation processing for executing matching processing between the received host ID and the host device ID of the host device, and executes or continues content reproduction under a condition that the matching processing has been established in the connection consistency confirmation processing, or stops the content reproduction if the matching processing has not been established.

Abstract: The present invention relates to a system and method for facilitating access to secure network sites, such as sites providing secure financial information. An active software agent is utilized to fetch passwords and user identifiers from a user computing system and to use the passwords and identifiers to extract required information from the secure site. The password sites and identifiers are encrypted and an encryption key is stored at a network mode remote from the user's computer and is fetched in order to enable the passwords and identifiers to be decrypted so that the active agent can use them to obtain the required information.

Abstract: A computing device arranged for tracking an object in an image stream provided by a camera, said computing device comprising a memory and a controller, wherein said controller is configured to: track at least one object, identify a gesture, wherein said gesture is defined by said tracked at least one object in free space in front of said camera, retrieve an associated command, and execute said associated command, wherein said associated command is a command for controlling access to the computation device.

Abstract: A system of tracking rate of change of social network activity associated with a digital object includes a change measurement module in communication with at least one social network database and a ranking module in communication with the change measurement module. The change measurement module measures a change in the level of social network activity associated with the digital object based on a first object value and a second object value. The first object value is based on a measurement of activity associated with the digital object in at least one social network at a first time, and the second object value is based on a measurement of activity at a second time. The ranking module ranks the digital object relative to at least one other digital object based on a score derived from a rate of change in social network activity.

Abstract: A process for converting a DTCP-IP transport stream into HLS format, comprising receiving an encrypted DTCP-IP transport stream comprising DTCP frames at a secondary device from a source device, with each of the plurality of DTCP frames comprising encrypted 16-byte portions, forming chunks from the DTCP frames by grouping encrypted 16-byte portions into a chunk, adding HLS padding bytes to the end of each chunk and encrypting the HLS padding bytes to form an encrypted chunk, loading each of the encrypted chunks and a playlist to a media proxy server at the secondary device, loading a DTCP key onto a security proxy server, and providing the playlist, each of the encrypted chunks, and the DTCP key to a native media player on the secondary device, such that the native media player follows the playlist to decrypt the encrypted chunks using the DTCP key and plays back the chunks.

Abstract: A method, apparatus and system for securely managing account information are disclosed. In some embodiments, the method is performed at a computer system having one or more processors and memory for storing programs to be executed by the one or more processors. The method includes receiving a request associated with an account. The request includes location verification information. The method includes retrieving, in response to the request, information of a set of predefined locations associated with the account. The method also includes comparing information of the set of predefined locations with the received location verification information to determine whether the received location verification information satisfies a predefined condition. The method further includes sending a response to the request to a destination associated with the account when the received location verification information satisfies the predefined condition.

Abstract: A method, apparatus and computer program product are provided for enabling multiple mobile terminals to access a subscription service. The method may further include causing a client certificate to be issued to the first mobile terminal as a result of the certificate enrollment procedure. In some example embodiments, the client certificate comprises a subscription identifier and a flag indicating whether the client certificate is to be sharable with a second mobile terminal. The method may further include causing a certificate enrollment procedure to be initiated by a second mobile terminal with the first mobile terminal in an instance in which the first mobile terminal possesses one or more credentials that are configured to be shared with another mobile terminal. The method may further include the second mobile terminal receiving at least one credential in the form of a client certificate from the first mobile terminal.

Abstract: A technique for generating a cryptographic key is provided. The technique is particularly useful for protecting the communication between two entities cooperatively running a distributed security operation. The technique comprises providing at least two parameters, the first parameter comprising or deriving from some cryptographic keys which have been computed by the first entity by running the security operation; and the second parameter comprising or deriving from a token, where the token comprises an exclusive OR of a sequence number (SQN) and an Anonymity Key (AK). A key derivation function is applied to the provided parameters to generate the desired cryptographic key.

Abstract: According to one embodiment, a data processing arrangement is described comprising a processor configured to carry out a computer program including a plurality of program instructions; a signature determination arrangement configured to determine a signature of the program instructions carried out by the processor wherein the processor is configured to, when it carries out a program instruction of the plurality of program instructions which indicates the next program instruction of the plurality of program instructions to be carried out, provide information about the indication to the signature determination arrangement; wherein the signature determination arrangement is configured to take into account the information in the determination of the signature; and a detector configured to check, when the computer program is completely carried out, whether the determined signature is equal to a reference signature.