Abstract: A method and system of enforcing a computer policy uses a central server to manage user profiles, policies and encryption keys. The server securely supplies the keys to client devices only after checking that the policy has been complied with. The checks include both the identity of the user and the machine identity of the client device. The keys are held in a secure environment of the client device, for example in a Trusted Platform Module (TPM), and remain inaccessible at all times to the end user. Theft or loss of a portable client device does not result in any encrypted data being compromised since the keys needed to decrypt that data are not extractable from the secure environment.

Abstract: An embodiment features an RSA process in which the private key is separated into shares. Decryption (and authentication and other RSA objectives) may be accomplished by successive modular exponentiation of, for example, a ciphertext or a signature.

Abstract: A method and device for identifying an abnormal application are provided. The method includes executing abnormal applications, obtaining dynamic behavior information of the abnormal applications, inputting the dynamic behavior information of the abnormal applications into a preset detection network, obtaining a behavior rule of the dynamic behavior information via the detection network, and identifying a detected application according to the behavior rule to determine whether the detected application is an abnormal application.

Abstract: The disclosure is directed to a connection modification method in a dual connectivity scenario. In one of the exemplary embodiments, a UE configures a first MCG bearer for communication with a first base station; configures a SCG bearer for communication with a second base station; generates and transmits a first encrypted PDCP SDU by encrypting a first PDCP SDU of the first MCG bearer by using a first security key, a first TX_HFN and a first PDCN SN associated with the first PDCP SDU; generates and transmits a second encrypted PDCP SDU; receives a third bearer configuration re-configuring the SCG bearer as either a second MCG bearer or a split bearer; generates a third encrypted PDCP SDU by encrypting a third PDCP SDU of the SCG bearer and transmits the third encrypted PDCP SDU after the SCG bearer is reconfigured as the second MCG bearer or the split bearer.

Abstract: Technical solutions for presenting service processes are provided. In the solutions, operation instructions are received, and in response to the received operation instructions, a page of a first service process is displayed and the first service process is started; when a page of a second service process is displayed instead of the page of the first service process, execution progress of the first service process is presented through an icon of the first service process.

Abstract: A first computing device is provided for transmitting one or more volumes via a secured connection. The first computing device includes a volume service that is executable by one or more processors and is configured to instruct a cloud computing device to generate a worker virtual machine. The volume service is also configured to provide, via a connection different from the secured connection, a random number to the worker virtual machine. The volume service is further configured to instruct the cloud computing device to generate one or more target volumes associated with the cloud computing service and to associate the one or more target volumes with the worker virtual machine. The volume service is further instructed to provide, irrespective of the content type of the volumes and the size of the volumes, the one or more volumes to the worker virtual machine via the secured connection.

Abstract: The present disclosure relates to systems and methods for secure communications. In some aspects, a method of signalling an interception time period is described. At least one keying information used by a KMF to regenerate a key is stored. A start_interception message is signaled from an ADMF to a CSCF. A halt_message is signaled from the ADMF to the CSCF.

Abstract: A multi-stage event detector for monitoring a system to detect the occurrence of multistage events in the monitored system, the multi-stage event detector includes: one or more event detecting detector units (142, 144) for detecting observable events occurring on the monitored system; one or more parameter generating detector units (152, 154) for generating parameter values which vary over time dependent on the behavior of the monitored system; a hidden state determiner (120) for determining a likely sequence of states of interest of the system based on the outputs of the one or more event detecting detector units; and a transition determiner (130) for determining a likely transition occurrence based on a comparison of a set of values of a parameter or set of parameters generated by one or more of the one or more parameter generating detector units with a plurality of pre-specified functions or sets of values of a corresponding parameter or set of parameters associated with different transition occurrences.

Abstract: A method for accessing a device by a user connected to the device and to at least two servers in different networks includes collaboratively generating parts of an authentication ticket on the at least two servers, collaboratively generating parts of a user session key and encrypting a combined user session key, authenticating with the authentication ticket at a distributed ticket granting server by collaboratively decrypting user request information using the combined user session key and comparing its content with the authentication ticket, collaboratively generating an encrypted user-to-device ticket and an encrypted user-to-device session key, and accessing the device by the user using the encrypted user-to-device ticket and the user-to-device session key.

Abstract: A multi-stage event detector for monitoring a system, the multi-stage event detector including: a process generator operable to generate main and sub-processes, each main and sub-process being operable to generate and initiate a detection agent each of which is operable to be triggered by detecting the occurrence of a trigger event and to report back to its generating process or sub-process upon being so triggered. Each process or sub-process is operable to respond to receipt of a report from a triggered detection agent by reporting the detection of a multi-stage event to an overall controller.

Abstract: Techniques for policy and identity-based workload provisioning are presented. Identities for requestors or workloads and identities for workloads are tied to specific policies. The specific policies are evaluated based on a stage of readiness for resources within a resource pool and based on resource identities for the resources within the resource pool. Resources are then dynamically provisioned based on the identity-based policy evaluation to handle workloads from the resource pool.

Abstract: According to an aspect of an embodiment, a method may include determining a set of entity instances in a software program. Each entity instance may correspond to a program entity through which the software program performs an interaction with an external entity that is external to the software program. The method may also include determining an identity of each external entity. Additionally, the method may include determining a set of data-flow predicates and a set of control-flow predicates that are satisfied by the software program. Further, the method may include comparing the set of data-flow predicates and the set of control-flow predicates with a signature library that includes one or more malicious software signatures. The method may further include determining that the software program is malicious in response to the set of data-flow predicates and the set of control-flow predicates matching one or more malicious software signatures.

Abstract: A network appliance is configured to determine a security policy controlled by a system of an organization. The network appliance creates an association between the security policy and support agent access to the system. The network appliance creates portals where the access is based on the security policy and access includes connectivity for providing remote support service to the system from a remote support service disconnected from the system.

Abstract: A method and apparatus for authenticating a communication device is disclosed. An system that incorporates teachings of the present disclosure may include, for example, an authentication system having a controller element that receives from a communication device over a packet-switched network a terminal ID and a request to authenticate said communication device, generates a first registration ID, stores the first registration ID and a first communication identifier, transmits the first registration ID to the communication device, receives from an interactive response system a second communication identifier and a second registration ID that the interactive response system received during a communication session with the communication device over a circuit-switched network, and authenticates the communication device in response to detecting a match between the first and second communication identifiers and the first and second registration IDs. Additional embodiments are disclosed.

Abstract: Electromagnetic (EM)/radio frequency (RF) emissions may be detected and corresponding EM personas may be created. One or more EM personas may be associated with a super-persona corresponding to a particular entity. EM personas, super personas, and/or supplemental identifying information can be used to enforce security protocols.

Abstract: Methods and apparatus, including computer program products, are provided for processing analyte data. In some example implementations, a method may include receiving, at a first processing system including a user interface, an installation package including a plug-in and code configured to provide at the first processing system an interface between a sensor system configured to measure an analyte concentration level in a host and a second processing system; storing, by the first processing system, the installation package in a location based on a role of a user initiating the installation of the code; installing the plug-in for the user interface to enable the plug-in to control one or more aspects of an installation of the code; and initiating, by at least the plug-in, the installation of the code at the first processing system to provide the interface. Related systems, methods, and articles of manufacture are also disclosed.

Abstract: Provided is an ultrasonic-wave communication system where the influence of ambient noise and the Doppler effect are suppressed and where a user of a portable terminal is prevented from hearing unwanted sound. After performing encryption processing of predetermined information such as store information, a beacon 5 sends out predetermined-information-containing beacon information of one channel as ultrasonic waves into the salesroom 3 by combining a control carrier, a first carrier, and a second carrier in such a way that a first carrier signal and a second carrier signal are output between control carrier signals a number of times according to the predetermined information and that a state where the first carrier signal and/or the second carrier signal is output is maintained.

Abstract: A network apparatus is provided that may include one or more security accelerators. The network apparatus also includes a plurality of network units cascaded together. According to one embodiment, the plurality of network units comprise a plurality of content based message directors, each to route or direct received messages to one of a plurality of application servers based upon the application data in the message. According to another embodiment, the plurality of network units comprise a plurality of validation accelerators, each validation accelerator to validate at least a portion of a message before outputting the message.

Abstract: The invention relates to a method for authorizing a person. The method comprises the step of receiving authentication data from a personal authentication device transmitting said data to a reader associated with a central authorization system. Further, the method comprises the steps of including the received authentication data in a request message and transmitting the request message to the central authorization system, receiving the request message at the central authorization system and retrieving the authentication data from the request message. The method also comprises the steps of performing an authentication process at a central authentication system using said reader authentication data and executing an authorization process at the central authorization system based on the authentication process result.

Abstract: According to an example, a client device determines at least one virus sample according to at least one anti-virus engine, transmits sample information of the at least one virus sample to a server, such that the server determines a first virus sample set needs to be reported according to the sample information of the at least one virus sample and a predefined sample information list in the server, and returns to the first virus sample set to the client device. The client device receives the first virus sample set needs to be reported and performs a virus reporting operation according to the virus sample set.