Abstract: Disclosed are a key managing system and method for sensor network security. The key managing system includes a secret key transmitter configured to transmit a portion of a secret key map, stored in a node, to a correspondent node, and transmit the secret key map of the node to the correspondent node by using the transmitted portion of the secret key map and an authenticator configured to acquire a trust level of the correspondent node which indicates a ratio of a total size of the secret key map of the node and a size of the secret key map transmitted to the correspondent node, compare the acquired trust level of the correspondent node and a threshold value, and authenticate the correspondent node and a message acquired from the correspondent node by using the comparison result.

Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.

Abstract: For example, an implementation of the present invention can comprise a method for authenticating a user. The method can comprise an authentication server receiving from a user a password. The server can then hash the password such that a password hash is created. The server can then receive a second token from the user. Using the second token, the server can identify a sequence of characters associated with the second token within the password hash. The server can create an authentication token by removing the sequence of characters from the password hash. If the authentication token matches a stored value, the server can authenticate the user.

Abstract: According to embodiments of the present invention a system and method for encrypting traffic on a network is disclosed. Encrypted data is transmitted between a first network element and a second network element by: acquiring an encryption seed at the first network element, the encryption seed being substantially similar to a decryption seed at the second network element; generating at least one encryption key from the encryption seed; receiving data; encrypting the data using the encryption key to generate encrypted data; transmitting the encrypted data from the first network element to the second network element via a network; and updating the encryption seed at the first network element in response to an event trigger.

Abstract: Methods and apparatuses in a client terminal and a web server for enabling safe communication between said terminal and server. When the terminal obtains a web page from the server in a session, the terminal creates a context-specific key, Ks_NAF?, based on one or more context parameters, P1, . . . Pn, pertaining to said session and/or web page. The terminal then indicates the context-specific key in a login request to the server, and the server determines a context-specific key, Ks_NAF?, in the same manner to verify the client if the context-specific key determined in the web server matches the context-specific key received from the client terminal. The context-specific key is thus bound to and valid for the present context or session only and cannot be used in other contexts or sessions.

Abstract: A first security context is established between a given user computing device and a first network computing device associated with a first network cell of a communications network to enable a secure data connection between the given user computing device and the first network computing device. A second security context is established between the given user computing device and a second network computing device associated with a second network cell of the communications network to enable a secure data connection between the given user computing device and the second network computing device simultaneous with the secure data connection between the given user computing device and the first network computing device. Establishment of the second security context includes the first network computing device sending the given user computing device a simultaneous secure data connection parameter useable by the given user computing device to establish the second security context with the second network computing device.

Abstract: Each of ECUs counts the number of messages transmitted for each of CAN IDs. A transmission node that has transmitted a main message produces an MAC from a data field and the CAN ID in the main message and a counter value corresponding to the CAN ID, and transmits the MAC as an MAC message. A reception node that has received the main message produces an MAC from the data field and the CAN ID contained in the main message and the counter value corresponding to the CAN ID, and determines whether the MAC matches the MAC contained in the MAC message. By so doing, verification whether the main message is valid or not can be made. According to this configuration, message authentication by the MAC can be made without changing a CAN protocol.

Abstract: The first device, which utilize a cipher, generates device unique data by a PUF, and the second device generates one pair of helper data and a device unique ID on the basis of the generated device unique data. The device unique data has fluctuations caused by the generation environment, and regarding the fluctuations as an error to the device unique ID, the helper data serves as correction data for correcting the error. The second device generates a Hash function from the device unique ID and the encryption key. The second device writes one of the helper data and the Hash function to the first device first, and after authenticating the first device by the write, the other of the helper data and the Hash function is written in the first device. Decrypting the encryption key, the first device is allowed to utilize the cipher.

Abstract: A web-based system allows for publishing a website with features and access configured on a user-by-user basis by the website owner to present personal data as well as social network feeds in a single interface. The website owner can update and manage his/her social media from the same page, as well as organize private data if desired. The system includes a messaging function, in accordance with which users can drop a message into the message service of a site owner, and it gets delivered to the site owner in exactly the manner specified by the site owner.

Abstract: The present invention is a procedure for a self configuring eNB/E-UTRAN. The eNB/E-UTRAN interacts with the Enhanced Packet Core (EPC) of the LTE network in order to complete the mutual authentication task between the eNB and the EPC and other operating procedures in the eNB self configuration phase.

Abstract: A user device provides a mechanism for securing messages communicated between trusted processes along an established Inter-Process Communication (IPC) channel. The mechanism permits the trusted processes to determine which messages to protect, and executes independently of platform-dependent IPC mechanisms.

Abstract: An approach is provided for providing a trust level to access a resource. A system receives a request at a device, from a first user, to access a resource associated with a second user. The resource is further associated with a predetermined privacy level. The system calculates a trust level between the first user and the second user based, at least in part, on a trust metric. The system then determines whether the trust level meets the predetermined privacy level and grants an access right to the resource based, at least in part, on the determination.

Abstract: Reference architecture pattern role data representing reference architecture pattern roles to be associated with entities taking part in the development, and/or deployment, and/or operation of an application is generated. Reference architecture pattern tier data representing reference architecture pattern tiers used to create, and/or deploy, and/or operate an application using the reference architecture pattern is generated. For each reference architecture pattern role at least one access and/or operational permission is associated with each reference architecture pattern tier. At least one entity is assigned one of the reference architecture pattern roles and for each reference architecture pattern tier, the at least one entity is automatically provided the at least one access and/or operational permission associated with the reference architecture pattern role assigned to the entity.

Abstract: A method and a system embodying the method for generating an opaque data comprising a stream identifier, comprising encrypting at least part of a stream identifier with a first secret random data to provide an encrypted stream identifier; generating a digest by applying a cryptographic hash to at least the at least the part of the stream identifier; and combining the encrypted stream identifier with the digest, is disclosed Additionally, a method and a system embodying the method for reconstructing a stream identifier from the opaque data indicating permission to access a region of a storage at an entity that generated the opaque data is disclosed.

Abstract: A system, methods and devices for the secure notification of an identity in a communications network. The methods include sending or receiving a communication including a hash of a certificate of a device to notify or detect the presence of the device in a network. Each certificate is associated with an identity which is excluded from the communication of the hash of the certificate. The received hash is compared to hashes of certificates stored in an electronic device to determine an identity. The identity may represent an electronic device or a user of the electronic device.

Abstract: A method for playing multimedia content encrypted based on digital rights management (DRM) by a terminal apparatus having a web server module unit, the method comprising: receiving a request for playing the multimedia content encrypted based on DRM; converting a local file path via which the multimedia content encrypted based on DRM corresponding to the received play request is stored into a web server URL path for the web server module unit; providing the web server URL path to a multimedia device player for playing the multimedia content encrypted based on DRM; when the multimedia device player accesses the web server module unit by using the web server URL path, checking whether there is a session being connected to the web server URL; and controlling whether to decode the multimedia content encrypted based on DRM depending on the checking results.

Abstract: A data migration system in which security policies of a source file system are preserved, in an environment in which clients actively issue communications for the source filer while data is migrated to a destination file system.

Abstract: A password-encrypted key (PEK) is generated from a user-supplied password or other identifying data and then used to encrypt the user's password. The encrypted password is stored in a user record on a server. At login a would-be user's password is again used to make a key, which is then used to decrypt and compare the stored encrypted password with the would-be user's password to complete the login. The successful PEK is stored in a temporary session record and can be used to decrypt other sensitive user information previously encrypted and stored in the user record as well as to encrypt new information for storage in the user record. A public/private key system can also be used to maintain limited access for the host to certain information in the user record.

Abstract: A method and a device for monitoring an unauthorized memory access to a predetermined memory area in a computing device are described, in which a monitoring medium is provided, having at least one sensor medium, which is set up for the purpose of recognizing an event of the computing device, and at least one recognition medium, which is set up for the purpose of tracking the behavior of the event recognized by the sensor medium, the monitoring medium being integrated into a sequence pattern on the computing device, and the monitoring medium being set up for the purpose of monitoring the sequence pattern at its runtime, in that memory accesses to a memory address or an address range are detected by the monitoring medium as events.

Abstract: The disclosed embodiment relates to identity verification and identity management, and in particular, to methods and systems for identifying individuals, identifying users accessing one or more services over a network, determining member identity ratings, and based on member identity ratings that restrict access to identity rating-restricted services and certain user-to-user interactions. Further, the user experience in performing identity management is simplified and enhanced as disclosed herein.