Abstract: A method for execution in a dispersed storage network operates to determine one or more slice names of one or more slices to consider for deletion; determine an access policy corresponding to the one or more slices; determine a current timestamp; and determine when there is no future slice availability for the one or more slices, based on the current timestamp and the access policy. When there is no future slice availability for the one or more slices, the dispersed storage network determines when reconsideration is available and sends a reconsideration message to a reconsideration entity when the reconsideration is determined to be available. The dispersed storage network deletes the one or more slices when the reconsideration is determined to be unavailable.

Abstract: A mechanism for performing a network boot sequence and provisioning a device may generate a command by a server and have the command executed by the device. The command may be used to verify the authenticity of the device, and may be used to establish ownership of the device. After authenticity and, in some cases ownership is established, bootable software may be downloaded and executed. The device may be provisioned with software applications.

Abstract: A system of ??2 servers is provided. The server system comprises an access control server for communication with user computers via a network and controlling access by the user computers to a resource in dependence on authentication of user passwords associated with respective user IDs, and a set of authentication servers for communication with the access control server via the network. In this system, at least each authentication server stores a respective key-share Ki of a secret key K which is shared between a plurality of the ? servers. The access control server is adapted, in response to receipt from a user computer of a user ID and an input password, to produce a hash value h via a first hash function operating on the input password. The access control server blinds the hash value h to produce a blinded hash value u, and sends the blinded hash value u via the network to at least a subset of the set of authentication servers.

Abstract: A secure file-deletion function providing apparatus includes a request input unit configured to receive a file deletion request to delete a file stored in an apparatus from a user; a file deletion unit for deleting the file included in the file deletion request, and a secure file-deletion unit for overwriting a region including a region that stores the file with a dummy value in order to make it more difficult and/or impossible to recover the file deleted by the file deletion unit.

Abstract: A method of access to a local service of a device communicating via a terminal, the method comprising steps of: access to the service via an access terminal by a communicating device; reading by the access terminal of data of the communicating device, the data being personal data relating to the communicating device and/or third-party service data; writing by the access terminal of the data of the communicating device, the third-party data written being chosen from among a set of third-party service data, the choice of the third-party data to be written by the access terminal being dependent on the choosing criteria.

Abstract: A method for securing user data includes the steps of: a) setting the user data as input data; b) randomly fragmenting the input data into a plurality of Atoms and randomly distributing the Atoms into an AtomPool; and c) recording information about the fragmentation and the distribution of step b) into an AtomMap.

Abstract: Disclosed are system and method for distributing most effective antivirus records to user devices. An exemplary method includes: collecting, by a server, statistics on the use of a plurality of antivirus records deployed on a plurality of user devices; calculating, by the server, a coefficient of effectiveness of each antivirus record based on the collected statistics on the use of the plurality of antivirus records by the plurality of user devices; identifying, by the server, a group of the plurality of antivirus records having the largest coefficients of effectiveness, wherein the group is a number of the plurality of antivirus records not exceeding a threshold value; and transmitting, by the server, the group of antivirus records to at least one of the plurality of user devices for storage in an antivirus database for use by an antivirus application of the at least one user device.

Abstract: A system, method and computer program product are provided. In use, execution of a portion of internal code of an interface is identified. Further, in response to the execution of the portion of internal code, at least one aspect of an invocation of the interface is monitored and/or analyzed.

Abstract: Novel solutions for detecting and/or treating malware on a subscriber's premise network. Such solutions can include, but are not limited to, tools and techniques that can detect, and/or enable the detection of, malware infections on individual subscriber devices within the subscriber's network. In a particular embodiment, for example, a premise gateway, or other device on the subscriber's premise network, is configured to analyze packets traveling through the premise gateway and, based on that analysis, identify one or more subscriber devices that are infected with malware.

Abstract: The invention provides a security system and method for use in a communications network, said network comprising means to allow a plurality of devices to communicate over the network wherein at least one device is a machine to machine (M2M) operated device and at least one other device is a human operated device, said security system comprising: means to capture data traffic originating from the plurality of devices on the network; means for analysing the data traffic; and means for identifying at least one of the M2M operated devices on the network wherein the system is configured to dynamically adapt to different data traffic patterns on the network.

Abstract: A method is described that includes receiving an application and generating a representation of the application that describes specific states of the application and specific state transitions of the application. The method further includes identifying a region of interest of the application based on rules and observations of the application's execution. The method further includes determining specific stimuli that will cause one or more state transitions within the application to reach the region of interest. The method further includes enabling one or more monitors within the application's run time environment and applying the stimuli. The method further includes generating monitoring information from the one or more monitors. The method further includes applying rules to the monitoring information to determine a next set of stimuli to be applied to the application in pursuit of determining whether the region of interest corresponds to improperly behaving code.

Abstract: A method to implement multifactor authentication of a user may include performing biometric authentication of a person that bears the wearable electronic device and at least one of: performing knowledge-based authentication of the person or presenting an access control token of the wearable electronic device to an access reader that performs token-based authentication of the person. Performing biometric authentication may include receiving a first biometric signal generated by a wearable electronic device and determining a person-specific biometric characteristic of the person therefrom; comparing the person-specific biometric characteristic to a user-specific biometric characteristic of the user determined from a second biometric signal generated when the wearable electronic device was born by the user; and based on the comparing, determining a confidence level that the person is the user to determine a positive or negative authentication of the person as the user.

Abstract: A method to implement multifactor authentication of a user may include performing biometric authentication of a person that bears the wearable electronic device and at least one of: performing knowledge-based authentication of the person or presenting an access control token of the wearable electronic device to an access reader that performs token-based authentication of the person. Performing biometric authentication may include receiving a first biometric signal generated by a wearable electronic device and determining a person-specific biometric characteristic of the person therefrom; comparing the person-specific biometric characteristic to a user-specific biometric characteristic of the user determined from a second biometric signal generated when the wearable electronic device was born by the user; and based on the comparing, determining a confidence level that the person is the user to determine a positive or negative authentication of the person as the user.

Abstract: The disclosure relates to a method for reading at least one attribute stored in an ID token, wherein the ID token is assigned to a user, said method comprising: determining, by a terminal, of whether a contact-based interface of the ID token is present and can be used for data exchange with the terminal. If the ID token does not have the contact-based interface or this cannot be used, implementing a zero-knowledge authentication protocol via a contactless interface of the terminal and ID token; and deriving an ID token identifier by the terminal.

Abstract: Embodiments of authenticating linked accounts are presented herein. In an implementation, an authentication service provides functionality to form links between a plurality of user accounts. A client may then authenticate by providing credentials for one account in a group of linked accounts, and is permitted access to each account in the group of linked accounts based upon the linking. Thus, a single sign-in of a client to one account may permit the client to obtain services for service providers corresponding to multiple linked accounts, without an individual sign-in to each account.

Abstract: A technique allows detection of covert malware that attempts to hide network traffic. By monitoring network traffic both in a secure trusted environment and in an operating system environment, then comparing the monitor data, attempts to hide network traffic can be detected, allowing the possibility of performing rehabilitative actions on the computer system to locate and remove the malware hiding the network traffic.

Abstract: The invention relates to a method for securing a request for executing a first application (P1) in a first device (11) of a secured environment, by a second application (P2) located in a second device (10), said method including the following steps: receiving a first request to execute the first application, from the second application; generating a random number and a session key that is dependent on the random number, sending said random number to a trusted entity (12), said random number being intended for enabling the trusted entity to generate the session key, receiving a second request for executing the first application, from a third application (P3) generated by the trusted entity and transmitted to the second device, said third application including the session key, authenticating the third application by means of the session key, said authentication being the condition for the execution of the first application.

Abstract: A method of performing a keyed cryptographic operation by a cryptographic system mapping an encoded input message to an output message, including: receiving an encoding selection parameter p; receiving the encoded input message, wherein the encoding on the input message corresponds to the encoding selection parameter p; decoding the input message using an inverse of a default input encoding; computing a first portion of the cryptographic operation on the decoded input message to produce a first portion output; and compensating the first portion output based upon the encoding selection parameter p.

Abstract: A system includes a first bit string position permutation unit to perform position permutation of an input first bit string; a template generation unit to perform an exclusive OR operation of a bit string resulting from the position permutation of the first bit string and a code word of a binary linear code and generate auxiliary data; a second bit string position permutation unit to perform same position permutation of an input second bit string; and a bit string collation unit to verify that a hamming distance between position permutation result of the second and second bit strings is not more than a predetermined value.

Abstract: Propagating authentication between terminals connected to a server having identification information and user information for the terminals. The terminal receives identification information, user information, location information and a login status from a first terminal and a second terminal in response to a predetermined impact between the terminals, or the terminals coming within a predetermined distance of each other, the login status of the terminals being either authenticated or unauthenticated. The server then authenticates the second terminal in response to the users of the first terminal matching some or all of the users of the second terminal based on the identification and user information, in response to the terminals being located within a predetermined distance of each other, and in response to the first terminal being authenticated and the second terminal being unauthenticated on the basis of the login status.