Abstract: A portable electronic card system and a verifying method thereof are provided. The portable electronic card system includes: a portable personal electronic device, a rewritable card, and a writing device. The portable personal electronic device is used for obtaining a certificated code and a personal information from a remote controller. When a bidirectional verifying communication is performed between the remote controller and the portable electronic device to download the personal information, security code stored in the rewritable card be compared with security code stored in the portable electronic device for verifying and writing the personal information into the rewritable card, and another security code is generated to update or replace the original security code stored in the portable electronic device and the rewritable card.

Abstract: Techniques for network-based security for mobile devices based on device state are disclosed. In some embodiments, automatically configuring mobile devices and applying policies based on a Host Information Profile (HIP) report includes receiving a Host Information Profile (HIP) report for a mobile device; performing a policy match based on the HIP report for the mobile device; and performing an action based on the policy match based on the HIP report for the mobile device.

Abstract: A method, an apparatus, and a computer program product for wireless communication are provided in connection with providing private expression protection in a wireless communications network. In one example, a UE is equipped to internally receive a request (e.g., from an application running on the UE) to announce a private expression and/or at least a reference to an expression-code associated with the private expression, and determine whether the reference to the expression-code and/or the expression-code matches a stored instance of the expression-code. In an aspect, the UE may be equipped to announce the at least one of the private expression or the expression-code when stored instance of the expression-code corresponds to the expression-code received with the request. In another aspect, the UE may be equipped to prohibit announcement of any information associated with the private expression when stored expression-code does not correspond to the expression-code received with the request.

Abstract: An information processing system comprising interface circuitry configured to receive message-independent information, the message-independent information having been generated by another apparatus and transferred to the interface in advance of a digital signature being generated, send message-dependent information to an external device, and receive a digital signature from the external device; and processing circuitry configured to generate the message-dependent information from a message and at least a part of the message-independent information, and associate the digital signature with the message.

Abstract: The disclosed computer-implemented method for detecting potentially illegitimate wireless access points may include (1) detecting, at a current point in time, an attempt by a computing device to automatically connect to a target wireless access point that resembles a known wireless access point with which the computing device has established a previous connection at a previous point in time, (2) detecting at least one suspicious discrepancy between the target wireless access point and the known wireless access point, and then (3) determining, based at least in part on the suspicious discrepancy, that the target wireless access point is potentially illegitimate. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A modular learning system for certifying learning applications is provided. When the system receives a request to certify a learning application from a learning application authoring user, the system provides a certifying user an interface to view the learning application and determine whether the learning application meets standards for certification. The certifying user provides a certification for the learning application and the system determines a fee for the certification service. The learning application author pays the fee and a certification is associated with the learning application. A certification badge may also be generated for display with the learning application to indicate compliance of the learning application with the certification standards.

Abstract: A method, computer readable medium and apparatus for obtaining cellular network load information in a secure manner are disclosed. For example, the method receives the cellular network load information, where the cellular network load information is encrypted. The method then decrypts the cellular network load information using a decryption key and performs a task responsive to the network load information that is decrypted.

Abstract: Protecting a computer security application by executing the computer security application on a computer in a first namespace associated with an operating system of the computer, and creating a second namespace associated with the operating system of the computer, where the second namespace is accessible to the computer security application, and where the first namespace is inaccessible from the second namespace.

Abstract: A method includes authenticating a user of a client device and sending a response to the client device. The response includes browser code configured to retrieve respective first values for a plurality of device properties from the client device. The method also includes storing session information for the user in a memory. The session information includes the first values and criteria for triggering validation of the client device. The method further includes receiving a request, sent from a requesting device, to access a protected resource and determining whether the request is authenticated by determining that the request is associated with the session information and determining that the criteria has been met. Determining whether the request is authenticated also includes retrieving respective second values for the plurality of device properties from the requesting device, and determining whether the second values match the first values to authenticate the request.

Abstract: A method and system for a countermeasure to power analysis attacks, where an impedance element is coupled to a power source providing power to a cryptographic module causing a measurable power supply noise, a timing sequence is generated, and the impedance element is decoupled from the power source based on the timing sequence to cause the measurable power supply noise to vary according to the timing sequence.

Abstract: An anti-exploit system monitors and identifies malicious behavior related to one or more protected applications or processes. The anti-exploit system intercepts API calls associated with the protected application or process including parameters passed on to the operating system functions as well as a memory address associated with the caller to the API calls. Based on the characteristics associated with the intercepted API call a Behavioral Analysis Component determines whether the API call is malicious in nature.

Abstract: Systems and methods for identifying a weak stimulus in a stimulus-based authentication system is provided. Counters are associated with each stimulus used in the authentication and a first counter is incremented when the stimulus is used in an authentication session and a second counter is incremented when a successful event occurs with respect to the stimulus during the authentication session, but the authentication session ultimately fails. A ratio of the second counter and the first counter is compared to a threshold and the stimulus is identified as weak when the ratio exceeds the threshold. The stimulus may then be removed and no longer be used in the stimulus-based authentication system.

Abstract: An electronic device with a network subscription is provided. The device comprises an embedded secure element including a subscription identification code for identifying the subscriber, a unique public first device identification code and a unique second device identification code linked to the first code. The embedded secure element is one of a physical and virtual secure element, and the second device identification code can be read with external reader equipment when the device is disconnected from the network. Methods of transferring a network subscription and identifying an electronic device are also provided.

Abstract: Techniques to reduce false positives in detecting anomalous use of resources are disclosed. In various embodiments, resource access data indicating for each resource in a set of resources respective usage data for each of one or more users of the resource is received. Cluster analysis is performed to determine one or more clusters of users. For each cluster, a set of recommended resources to be associated with the cluster is determined. For each of at least a subset of users, a temporal behavior based model for each user that reflects one or more resources included in the set of recommended resources associated with a corresponding cluster of which the user is a member is generated.

Abstract: A method, a system, a registry, a repository and a computer program product are disclosed for securely accessing sensitive medical data records stored in a repository. Before accessing security-critical data in the repository, a registration inquiry with a separate registry must be carried out in order to obtain a security token having limited temporary validity, for example in the form of a barcode. A data source and/or a data sink can then use the security token to access the security-critical data in that an index module indexes the data record inquired about on the repository.

Abstract: Techniques are described for implementing a cloud computer system to facilitate communication between a computing device (e.g., a mobile computing device) and enterprise computer systems. In certain embodiments, the cloud computer system may receive, from a computing device, a request for a service provided by an enterprise computer system. The cloud computer system may determine security authentication of a user for the requested service. A security protocol may be determined for a requested enterprise computer system and a security token may be generated for the request according to the determined security protocol. The request may be sent to the requested enterprise computer system. In some embodiments, security authentication for a request to an enterprise computer system may be determined based on previous authentication. The cloud computer system may be configured to communicate with several different enterprise computer systems according to their supported protocols (e.g.

Abstract: A computer network for data transmission between network nodes, the network nodes being authenticatable to one another by authentication information of a public key infrastructure, with a root certificate authority configured to generate the authentication information for the public key infrastructure. The root certificate authority is arranged separate from the computer network and is not linked to the computer network. A network node of the computer network comprises an authentication information storage, a processor, a network communication device and an initialization device having an initialization communication device and a temporary authentication information storage that can be read out by the processor.

Abstract: A policy distribution server provides, on a subscription basis, policy updates to effect desired behaviors of network intermediary devices. The policy updates may specify caching policies, and may in some instances, include instructions for data collection by the network intermediary devices. Data collected in accordance with such instructions may be used to inform future policy updates distributed to the network intermediary devices.

Abstract: Techniques are described for storing data. A command is issued from a client to a data storage system. The data storage system includes a plurality of storage tiers comprising a first storage tier of physical storage devices and a second storage tier of physical storage devices, wherein data stored on any physical storage device of the first storage tier is stored in an encrypted form and data stored on any physical storage device of the second storage tier is not stored in an encrypted form. The command includes a hint indicating whether data stored at a first logical address range of a first logical device is stored in an encrypted form. The command is received at the data storage system. First data written to the first logical device at the first logical address range is stored on one or more physical storage devices of any of said first storage tier and said second storage tier in accordance with the hint.

Abstract: An example method includes identifying a transport layer security (TLS) session between a client and a server, parsing one or more TLS messages to identify a session ticket associated with the session, transforming the session ticket into a fixed size session token, and managing the session using the session token to identify the session. The transforming may include computing a hash value of the session ticket using a hashing algorithm. If any of the TLS messages is spread across more than one TLS protocol record, the method can include computing a hash value of a portion of the session ticket encountered in a TLS protocol record using a hashing algorithm, incrementally computing another hash value of another portion of the session ticket encountered in a subsequent TLS protocol record from the previously computed hash value, and repeating the incremental computing until portions of the session ticket have been processed.