Abstract: A system that incorporates the subject disclosure may perform, for example, receive secret information and non-secret information from a secure download application function, provide a request for a first verification to a secure element where the first verification is associated with access to content and/or an application that is accessible via the secure download application function, receive the first verification which is generated by the secure element based on the secret information without providing the secret information to the secure device processor, receive the non-secret information from the secure element, and generate a second verification for the access based on the non-secret information, where the content and/or application is accessible from the secure download application function responsive to the first and second verifications. Other embodiments are disclosed.

Abstract: Upon receiving ciphertext data transmitted by each service apparatus, a cooperation apparatus according to an embodiment generates re encrypted data by performing re encryption processing for the ciphertext data using are encryption key. Each of the service apparatuses transmits, to the cooperation apparatus, a request to acquire user information of a user specified by an identification (ID) indicated by the ciphertext data and stored in the other service apparatus, together with the ciphertext data. Upon receiving the re encrypted data transmitted by the cooperation apparatus, the service apparatus acquires an ID by decrypting the re encrypted data using a private key, reads out user information, and transmits the user information to the other service apparatus.

Abstract: Methods and arrangements for protecting enterprise data with respect to a hybrid application in a mobile device that accesses a global computer information network using enterprise infrastructure. A hybrid application is recognized in a mobile device, the hybrid application being configured to communicate with an enterprise network and a non-enterprise network. There are provided, in communication with the hybrid application, controls for segregating data flows from the enterprise network and non-enterprise network. A policy service is provided, which applies a policy for the segregating and governed routing of data flows from the enterprise network and the non-enterprise network. Other variants and embodiments are broadly contemplated herein.

Abstract: A device, system, and method for defending a computer network are described, network communications are received by a traffic filter, which dynamically determines whether the communications include an anomaly (i.e., are “anomalous” communications), or whether the communications are normal, and do not include an anomaly. The traffic filter routes normal communications to the correct device within its network for servicing he service requested by the communications. The traffic filter routes any anomalous communications to a virtual space engine, which is configured to fake a requested service (e.g., to entice deployment of a malicious payload). Anomalous communications are analyzed using an analytical engine, which can dynamically develop rules for handling anomalous communications in-line, and the rules developed by the analytical engine can be employed by the traffic filter against future received communications.

Abstract: Techniques for performing position analysis on a representation of an application source code are disclosed herein. An application source code is scanned to produce a representation of the application source code, start locations within the representation are determined, corresponding stop locations within the representation are determined, and a set of data impact locations within the representation are determined. The set of data impact locations are then used in a dataflow analysis to determine a position of high control of the data within the representation.

Abstract: The present disclosure discloses a network device and/or method for centralized configuration with dynamic distributed address management. The disclosed network device receives, at a first network node, a range of sub network addresses and a specified size for a sub network. The disclosed network device then divides the range of sub network addresses into a plurality of sub-ranges of sub network addresses based on the specified size. Further, the network device allocates the plurality of sub-ranges of sub network addresses to a plurality of sub networks, and transmits an allocated sub-range of sub network addresses to a corresponding sub network at a second network node through an established secure communication channel. Moreover, the network device can retrieve a profile template that includes the range of sub network addresses and the specified size of the sub network; and create a profile based on the profile template.

Abstract: IAMNOTANUMBER© Card System is a software system which uses a specially designed encryption/decryption algorithm for the creation of credit and debit cards which are numberless but contain, instead, images based on personal information provided by the card user and information provided by the card issuing organization. These numberless cards require a password supplied by the card user in order to be used at point-of-transaction terminals. The system can also be used to produce drivers' licenses, health insurance cards, social security cards and special identification (ID) cards for organizations which may wish to keep not only their employee identities hidden but the identities of the organizations hidden as well.

Abstract: Startup of a program and generation or change of a program is detected, or a program is searched for. It is determined, based on program information of a program whose startup is detected or a program which is found, whether or not the program meets a predetermined criterion. The program determined to meet the predetermined criterion is registered in a white list or black list.

Abstract: Systems, methods, and non-transitory computer-readable media can detect a set of images locally stored on a computing system. The computing system can be associated with a first user. One or more facial recognition processes can be applied to the set of images. It can be determined, based on the one or more facial recognition processes, that a subset of images, out of the set of images, is associated with a second user. One or more options for the first user to share the subset of images with the second user can be provided.

Abstract: A system for enabling an endpoint residing in an external network to perform resource operations on an internal resource, the system including a directory service managing authentication and authorization operations for the internal resource, a gatekeeper device residing in the external network, and a gateway device residing in an internal network. The gatekeeper device is configured to receive a resource operation request from the endpoint, the resource operation request is associated with a user and transmit the resource operation request to the gateway device. The gateway device is configured to receive the resource operation request from the gatekeeper device, authenticate with the directory service as the user, using credentials of the user, authorize the resource operation request with the directory service, and initiate the resource operation request with the internal resource.

Abstract: In one embodiment, a method includes providing a request to store at least a first piece of data. The request to store the first piece of data is a request to store the first piece of data in a first encrypted form on a cloud associated with the cloud application provider. The method also includes determining whether the cloud application provider is capable of encrypting the first piece of data, and providing the first piece of data to the cloud application provider if it is determined that the cloud application provider is capable of encrypting the first piece of data. If it is determined that the cloud application provider is not capable of encrypting the first piece of data, the method further includes encrypting the first piece of data to create the first encrypted form and providing the first encrypted form to the cloud application provider.

Abstract: Disclosed are systems, methods, and computer program products for emulation of files using multiple images of the emulator state. In one example, the method includes loading the file into an emulator of the computer system; initiating emulation of the file by the emulator; storing an initial image of an initial state of the emulator; continuing the emulation of the file and detecting occurrence of a condition that results during the emulation of the file; creating and storing a new image of a next state of the emulator when an occurrence of the condition is detected; determining whether the emulation of the file has terminated correctly or incorrectly; and upon determining that the emulation of the file has terminated incorrectly, loading the new image of the next state into the emulator and resuming the emulation of the file from the next state of the emulator.

Abstract: A system and method for authentication policy orchestration may include a user device, a client device, and a server. The server may include a network interface configured to be communicatively coupled to a network. The server may further include a processor configured to obtain, from a client device via the network, a transaction request for a transaction, determine an authorization requirement for the transaction request based, at least in part, on a plurality of authorization policies, individual ones of the plurality of authorization policies being separately configurable by at least one of a relying party and an authorizing party, and complete the transaction based on the authorization requirement having been met.

Abstract: Various mechanisms can be used for authorizing access between entities in a computing environment. Configuring such access may involve configuration data stored on one or more of the computing devices or stored externally to the computing devices. Various aspect are disclosed herein for collecting, analyzing, correlating, organizing, storing, using and/or displaying such information, for example in the form of pre-analyzed access relationships between entities in the computing environment. In accordance with an aspect access-related configuration information is collected from a plurality of entities and an access relationship between two or more entities is determined based on the configuration information. Information about the determined access relationship is stored in a non-volatile storage.

Abstract: A processing device searches executing at least one of a boot loader or a kernel for the operating system searches for an extensible firmware interface (EFI) binary object. Responsive to finding a first EFI binary object, the processing device verifies that a first signature associated with the first EFI binary object is valid using a platform key. Responsive to verifying that the first signature for the first EFI binary object is valid, the processing device performs the following operations: identifying a first public key encapsulated in the first EFI binary object, wherein the first public key is associated with a non-EFI certificate authority; extracting the first public key from the first EFI binary object; and performing at least one of a) passing the first public key to a kernel of an operating system (OS) or b) exposing the first public key to a user space of the OS.

Abstract: A host controller that controls a storage device includes an encryption unit that is selectively configured in response to file encryption information and disk encryption information to encrypt data. The encryption unit encrypts the data using a file encryption operation based on the file encryption information and/or a disk encryption operation based on the disk encryption information.

Abstract: A system may include a database, a processor coupled to the database, and a user module executed by the processor. The user module may be configured to receive a value for an attribute of a user and determine whether the value is derived from an assessment sponsored by an organization associated with the user. When the value is derived from the assessment sponsored by the organization associated with the user, the user module may store the received value in the database in a record associated with the user only and in a record associated with the organization and the user. When the value is derived from the assessment not sponsored by an organization associated with the user, the user module may store the received value in the database in the record associated with the user only.

Abstract: A computer-implemented method includes providing, for use by a third-party, injectable computer code that is capable of being served with other code provided by the third-party to client computing devices; receiving data from client computing devices that have been served the code by the third-party, the data including data that characterizes (a) the client computing devices and (b) user interaction with the client computing devices; classifying the client computing devices as controlled by actual users or instead by automated software based on analysis of the received data from the client computing devices; and providing to the third party one or more reports that characterize an overall level of automated software activity among client computing devices that have been served code by the third party.

Abstract: An identity authentication method of an internet account, an identity authentication device of an internet account and a system are provided.

Abstract: Solution for security negotiation during handover of a user equipment (UE) between different radio access technologies is provided. In the solution, the UE receives non-access stratum (NAS) security information and access stratum (AS) security information which are selected by the target system and then performs security negotiation with the target system according to the received NAS security information and AS security information. As such, the UE may obtain the key parameter information of the NAS and AS selected by a long term evolution (LTE) system and perform security negotiation with the LTE system when the UE hands over from a different system, such as a universal terrestrial radio access network (UTRAN), to the LTE system.