Abstract: A system and method provides security features for inter-computer communications. After a user has proved an association with one of several firms, a user identifier of the user that cannot be used to log the user in to a data consolidating system is received by a matching system from the data consolidating system. The validity of the user and the firm is checked at the matching system and, in response to the checking, the user identifier is converted to a different user identifier and the different user identifier is provided to a data providing system by the matching system. The data providing system provides the data of the user in response, and the matching system forwards the data to the data consolidating system.

Abstract: In one embodiment, a client computing device receives information regarding a Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA). The CAPTCHA includes an image file, a challenge, and code that is executable by a web browser to unscramble the received image file. The code includes instructions to divide the received image file into image sections, each image section having a unique identifier and grouped into either a first set or a second set. The code further contains instructions to transpose each image section in the first set into a new position, creating a new image. A web browser of the client computing device executes the code to create a second image from the received image file. The second image and the challenge are presented to a user of the client computing device.

Abstract: One embodiment of the present invention provides a system for delivering a content piece over a network using a set of reconstructable objects. During operation, the system obtains a metadata file that includes a set of rules; generates the set of reconstructable objects for the content piece based on the set of rules included in the metadata file; cryptographically signs the set of reconstructable objects to obtain a set of signed reconstructable objects; and delivers, over the network, the set of signed reconstructable objects along with the metadata file to a recipient, thereby enabling the recipient to extract and store a copy of the content piece and then to reconstruct the set of signed reconstructable objects from the stored copy of the content piece and the metadata file.

Abstract: A security-function-design support device is provided.

Abstract: An automatic machine implemented identification and data processing, gathering and storage system and method. A system, method and computer program product for communicating peer-validated reputation information enabling users, including automated processing equipment and methods, to, among other things, make decisions of safe or unsafe personal interactions, such as participating in an in-person meeting.

Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.

Abstract: A method and system for managing an embedded secure element (50) accessible as a slave of the resident applications (App1-3) of a host device of the eSE. The eSE includes an issuer security domain (51), ISD, with which cryptographic keys are associated. The method includes, in an application agent embedded in an OS of the host device: sending (420) the ISD a random value; receiving (435) a cryptogram corresponding to the random value encrypted using a key associated with the ISD; sending (440, 450) the random value and the cryptogram to a first extern entity entered in the application agent. The method includes: sending (455, 4555) the random value and the cryptogram from the first entity to a second external entity; verifying (4556) that the second entity possesses keys associated with the ISD from the cryptogram and the random value.

Abstract: A trusted peripheral device can be utilized with an electronic resource, such as a host machine, in order to enable the secured performance of security and remote management in the electronic environment, where various users might be provisioned on, or otherwise have access to, the electronic resource. The peripheral can have a secure channel for communicating with a centralized management system or service, whereby the management service can remotely connect to this trusted peripheral, using a secure and authenticated network connection, in order to run the above-described functionality on the host to which the peripheral is attached.

Abstract: Aspects of the subject disclosure may include, for example, a method comprising authenticating, by a server comprising a processor, a communication device to a first communication network, in accordance with authentication information stored in a first repository of the first communication network. The method also comprises determining, by the server, that a second communication network is accessible to the communication device. The method further comprises providing, by the server, the authentication information to a second repository of the second communication network in accordance with the determining, wherein the providing is performed independently of a request from the second communication network. Other embodiments are disclosed.

Abstract: A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent (“UHCA”) may also be used to detect anomalous behavior.

Abstract: An architecture is provided for protecting service-level entities. Such an architecture may escrow service requests prior to forwarding the requests to the service, and checking may be performed prior to releasing the request to the service. A crumple zone (CZ) architecture may be provided that buffers incoming service requests and may intercept attacks and/or sustain damage in lieu of the services being protected. The CZ may include an outward interface that is accessed by other entities, and the underlying service is not accessed directly. Elements of the CZ receive service requests, analyze them, and determine whether they can be safely executed by the underlying service.

Abstract: An image processing apparatus is provided, including a user input interface to input biometric information of at least one user, a processor to process image data to be displayed as an image and to provide a preset service to authenticate a personal identification (ID) and the group ID of a user group including users corresponding to personal IDs, and a controller to specify a personal ID corresponding to biometric information of an input through the user input interface, and to select and authenticate the group ID corresponding to specified personal IDs from the storage when multiple personal IDs are specified. The controller derives interest of the multiple users corresponding to the respective specified personal IDs in the image and selects the group ID corresponding to a personal ID of a user determined to have a high interest.

Abstract: A first device wirelessly transmits beacon frames having distinct identifying contents within each. The first device issues a request to a second device to report what beacon frame contents the second device may have received. The second device sends a response to the first device. The first device analyzes the response in view of the beacon frame contents actually sent, the respective radio-frequency broadcast power of the beacon frames, and so on. Based on the analysis, the first device may determine proximity or other information regarding the responsive other device.

Abstract: A system and method for regulating and analyzing inbound and outbound communications in and between computer networks on the basis of geographic security assertions are provided. Geographic information is collected, optimized, and shared between network objects to enforce network access control on the basis of configurable security assertions. Security assertions are configured and metrics displayed using maps and other geographic data in a graphical user interface.

Abstract: A non-transitory computer-readable recording medium stores an information processing program that causes a computer to execute a process including, generating feature information based on organism information of a user; calculating a first cryptogram based on a logical operation of the feature information generated and a random number; and encrypting the first cryptogram into a second cryptogram by using a cryptographic algorithm capable of calculating a Hamming distance in an encrypted state.

Abstract: A computer system includes a data network connection, a reading device, an input component and a security device, wherein the security device establishes a data network link via the data network connection as the computer system is starting up and said security device further receives access data either via the data network link or via the reading device and the input component, and said security device compares the received access data with a data record stored in a firmware on a memory element and boots the computer system if the comparison was successful.

Abstract: The specification and drawings present a new method, apparatus and software related product (e.g., a computer readable memory or storage device) for a session-based encryption (e.g., a common-tier encryption) for delivering a content (e.g., video, data, multi-media content and the like) on demand using multiple encryptors. According to an embodiment, the STB's request for a VOD session may be routed by a session resource manager (SRM) to receive content from an appropriate encryptor chosen from multiple encryptors based on a predefined criteria. This approach can minimize a number of encryptions/encryption devices (such as ECM generators) needed in a cable network. However, the simulcrypt encryptor can be also used, if necessary, e.g., when CAS-only encryptors are fully loaded with a traffic.

Abstract: A system to manage transmissions of data between a flight management system (e.g., of an avionics type) of an aircraft and a portable electronic (e.g., of an open world type) is proposed. The data management system may be implemented in flight management system architecture with core and supplementary modules that are distinct from each other. The core module may implement a set of generic functionalities related to a flight management of the aircraft, and the supplementary module may implement supplementary functionalities specific to an entity to which the aircraft belongs. The data management system may comprise a data securing module that monitors data to be transmitted between the flight management system and the portable electronic device, and allows or prevents the data transmission based on the monitoring results.

Abstract: Improvement of the security of communication is facilitated. A server receives from an on-vehicle device, encrypted data obtained by encrypting ECU information using key information (111-1#C), and identification information (112-1#C). Thereafter, the server determines from the identification information (112-1#C), whether identification information of a next key to be used after identification information (112-1) is stored. The server determines that the identification information of the next key to be used after the identification information (112-1) is not stored, and obtains key information (111-2#S) and identification information (112-2#S) to identify key information (111-2) as the next key. The server encrypts the key information (111-2#S) and the identification information (112-2#S) using key information (111-1#S), and transmits encrypted data and identification information (112-1#S) to the on-vehicle device.

Abstract: Methods and devices for NFC tap login with automatically-generated login information are disclosed. A user can launch a browser application and log in a desired website without having to enter the user's username and password. The user can achieve this by tapping a Near Field Communication-enabled computing device with an NFC-enabled wireless device. The wireless device generates and stores the user's usernames and passwords corresponding to a number of websites, and provides the username and password for the desired website to the computing device via an NFC-based communication link. Through a browser application running on the computing device, the user can sign up an account at and log in the desired website.