Abstract: Authorizing transactions by an authentication provider involves at least one preparatory phase and an authorization phase. The preparatory phase includes registering a user account with several personal devices, each with an authentication application installed. The authorization phase receives knowledge of the transaction; determines the user account related to the transaction; determines at least one personal device registered with the user account related to the transaction; receives a request for details specific to the transaction from at least one personal device; provides the authentication application of the at least one personal device with the requested details specific to the transaction; receives from the authentication application a digitally signed transmission which indicates transaction-specific instructions received by the authentication application; and authorizes or denies the transaction based on the received transaction-specific instructions.

Abstract: A signaling controller (DSC) performs dynamic management in networks such as Evolved Packet Core (EPC) networks that rely on Diameter signaling interfaces. The controller executes in real time a self-adjusting algorithm that achieves user-based service continuity during signaling storms or congestion situations. The algorithm is self-adjusting on the basis of comparing a signaling and peer group values which are dynamically determined. The dynamic determination of these values is based on items such as signaling message weight and a base value for a network user.

Abstract: A security authentication method includes: receiving, by a control plane of a BFD device, a first BFD packet that is sent by a control plane of a peer BFD device; generating, by the control plane, a first token value according to the random nonce; sending the first token value to a data plane; receiving, by the data plane, a second BFD packet that is sent by a data plane of the peer BFD device, where the second BFD packet carries authentication information, and the authentication information includes a random nonce; and generating, by the data plane, a second token value according to the random nonce included in the authentication information and by using a calculation method the same as that of the control plane, and successfully authenticating, by the data plane, the second BFD packet if the first token value and the second token value are the same.

Abstract: A network configuration method, including acquiring a public key operation value of a second device in an out-of-band manner, acquiring a public key copy of the second device that is sent by the second device and that is used to perform key exchange, performing an operation of the preset algorithm on the public key copy of the second device, to obtain a public key operation value copy of the second device, and generating a first exchange key according to a private key that is used by the first device to perform key exchange and the acquired public key copy of the second device after the public key operation value copy of the second device matches the public key operation value of the second device, and hence the method simplifies a network configuration process.

Abstract: A policy enforcement point includes fraud prevention information associated with devices and/or users which is collected from: (i) many cloud fraud services located in the cloud; and/or (ii) authorization processing of users and/or devices. The policy enforcement point is consulted when a user/device undergoes authorization processing for a transaction with an application (for example, an application that serves protected content such as financial records, email, etc.). Fraud prevention information is added to session data, associated with the attempted authorization to the application, for the user/device as the user/device proceeds its attempted authorization to the application. In some cases, the authorization to the application may be refused based on the data added to the session data by the policy enforcement point or the policy enforcement point will propagate fraud prevention information to the application to make the decision.

Abstract: A computer-implemented method to provide voice-over-internet protocol (VoIP) credentials to a device may include receiving, at a system, first credentials from a device. The method may also include authenticating the device using the first credentials and after authenticating the device, obtaining, at the system, a device identifier for the device based on the first credentials. The method may further include establishing a connection between the system and a VoIP system configured to provide VoIP services and after establishing the connection, providing, from the system, the device identifier to the VoIP system. The method may also include receiving, at the system, VoIP credentials for the device. In some embodiments, the VoIP credentials may be configured to authenticate the device with the VoIP system such that the device is able to receive the VoIP services from the VoIP system. The method may further include providing the VoIP credentials to the device.

Abstract: Methods and systems are provided for authenticating a user using data related to the historical interactions of the user with computer based applications.

Abstract: Conflict detection and resolution methods and apparatuses relate to the field of communications technologies. The conflict detection method includes: acquiring, by a controller, a flow path of a data flow on a network, where the flow path is used to indicate a path along which the data flow reaches an address in a destination address range from an address in a source address range through at least two intermediate nodes on the network, a first flow table rule is added to or deleted from flow tables of the at least two intermediate nodes, and the first flow table rule is any flow table rule; and determining, by the controller, whether a conflict exists according to an address range of the flow path and an address range of a security policy.

Abstract: The invention provides a security system and method for use in a communications network, said network comprising means to allow a plurality of devices to communicate over the network; a security agent configured on at least one device and adapted to communicate with the security system; said system comprising: means for performing dynamic intelligent traffic steering from the device based on analysis of data traffic on the network or on the device, wherein the steering decision can be made to select a channel on a per flow basis.

Abstract: Disclosed are various examples for multi-party authentication and authentication. In one example, a user who forgets a password can gain access to secured data stored by a managed device by way of an authorization by one or more other users. This access can be granted even if the managed device is in an off-line mode or if a management server cannot be reached. In another example, access to secured data can depend upon authorization by a minimum quantity of other users. The authorization can involve an explicit approval or disapproval. Alternatively, the authorization can correspond to the presence of the minimum quantity of other users within a threshold proximity of the user who desires access.

Abstract: An apparatus is described for detecting anomalous behavior by an application software under test that suggests a presence of malware. The apparatus features a hardware processor and a storage device. The storage device stores logic that, when executed by the hardware processor, conducts an analysis of operations of the software for an occurrence of one or more events, generates a video of a display output produced by the operations of the software, and generates, for display contemporaneously with the video, a textual log including information associated with the one or more events, the textual log provides information as to when each event of the one or more events occurs within an execution flow of the operations of the software.

Abstract: Concepts and technologies are disclosed herein for filtering network traffic using protected filtering mechanisms. An indication that traffic is to be filtered can be received, and a hash key, a signature representation, and an obfuscated signature can be identified or generated. The hash key and the signature representation can be provided to a first device without exposing the contents of the signature to the second device, and the obfuscated signature can be provided to a second device without exposing the contents of the signature to the second device. The first device and the second device can execute independent operations to collectively determine if the traffic is to be filtered.

Abstract: A method of authenticating a request to change IMS supplementary service data stored at an application server within an IMS network. The method comprises sending from a user equipment to the application server a request for current IMS supplementary service data, on receipt by the user equipment of a response containing the IMS supplementary data in an XML configuration document, and an indication that an access code is required to change the supplementary service data. The method further comprises constructing an amended XML configuration document, incorporating the amended XML document into an Extensible Mark-up Language, XML, Configuration Access Protocol, XCAP, message, incorporating an access code into the XCAP message at a location external to the XML document, and transmitting the XCAP message from the user equipment to the application server.