Abstract: A mobile device including a touch panel and a processing unit is provided. The touch panel includes one transmitting electrode and one receiving electrode. The transmitting electrode performs signal transmission using a touch-link technology, and the receiving electrode performs signal reception using the touch-link technology. The processing unit receives a message from a terminal device via the receiving electrode, and transmits an identification number to the terminal device via the transmitting electrode according to the message, so as to use the identification number for a verification on the terminal device.

Abstract: Adaptive encryption optimization is disclosed. A first secure tunnel is established between a device and a node. It is determined that a second secure tunnel between an application on the device and a server has been established. The second secure tunnel is established at least in part using the first secure tunnel. The first secure tunnel is removed based at least in part on the determination that the second secure tunnel has been established.

Abstract: Methods and systems for mitigating cyber attacks on components of an automotive communication system are disclosed. These methods and systems comprise elements of hardware and software for receiving a frame; determining whether the frame potentially affects correct operation of an automotive component; and, taking protective action.

Abstract: An electronic address book storing apparatus keeps a login user's information confidential. A destination information storing section is configured to store items of registered destination information. Each item of registered destination information including a right-of-use associated with a registered user. An information extracting section is configured to extract an item of registered destination information from the destination information storing section in response to a login user's command. The extracted item of registered destination information is associated with the login user's right-of-use. A display controller is configured to display the extracted item of registered destination information to the login user.

Abstract: Installation of an application on a test bed machine is monitored to generate a streamed application set of a stream enabled version of the application. Execution of the application on the test bed machine is monitored to generate the streamed application set of the stream enabled version of the application. Stream enabled application pages and a stream enabled application install block to form the streamed application set is generated based on the monitoring of the installation of the application and the monitoring of the execution of the application on the test bed machine. The stream enabled application install block is provided to a client device. A request for a stream enabled application page of the stream enabled application pages is received from the client device. The stream enabled application page is provided to the client device for continued execution of the stream enabled version of the application.

Abstract: The disclosure relates to secured wireless communications. A sender device emits randomly photons in a first polarization, a second polarization and a third polarization without aligning a polarization system in a plane perpendicular to the first and second polarizations with a recipient device. The recipient device is adapted for detection of events in association with six polarizations. The recipient device selects randomly polarization basis for measurement of the received photons. Information of detected events in association with three basis is communicated to the sender device. The information from the recipient device and information stored in the sender device is processed to determine events where same polarization basis was used by the sender device and the recipient device.

Abstract: Automated locating and disconnection of undesired devices may include receiving a request to reroute the traffic associated with a device, receiving switch information from the switch, and using the switch information to determine a candidate reroute port based on the maximum distance from the candidate reroute port to the port coupled to the device associated with the media access control (MAC) address, presence of the candidate reroute port on the inclusion list, and absence of the candidate reroute port from the exclusion list. In addition, a command may be issued to reroute traffic associated with the candidate device to the candidate reroute port by transforming a destination of the traffic to the reroute port.

Abstract: An embodiment includes at least one machine readable medium on which is stored code that, when executed enables a system to initialize a trusted loader enclave (TL) and a measurement and storage manager enclave (MSM) within a memory of the system, to receive by the MSM a TL measurement of the TL from a trusted processor of the system, to determine whether to establish a secure channel between the MSM and the TL based at least in part on the TL measurement, and responsive to a determination to establish the secure channel, to establish the secure channel and store particular code in the TL. Additional embodiments are described and claimed.

Abstract: A computer system implements a plurality of modules, including a tenant administration proxy that receives session credentials from a tenant application in the private communication system and authenticates the tenant application in response to the session credentials, a connector service that receives a bridge setup request from the tenant application and establishes a bridge connection with the tenant application in response to the bridge setup request; and a configuration manager that stores service information regarding a cloud-based service that is accessible through the computer system. The tenant administration proxy retrieves the service information from the configuration manager and provides the service information to the tenant application in response to a request from the tenant application, and wherein the connector service facilitates communication between the cloud-based service and an enterprise service in the private communication system over the bridge connection.

Abstract: Automated locating and disconnection of undesired devices may include receiving both the addresses of the device and the switch coupled to the device and determining whether the switch can blackhole the traffic of the device. If it is determined that the switch cannot blackhole the traffic associated with the device, systems and methods of the present disclosure may further determine whether the switch can reroute the traffic of the device. If, however, the switch can blackhole traffic of the device, a blackhole command may be issued to transform a destination of the traffic associated with the device to a null destination. Alternatively, if it is determined that the switch can reroute traffic of the device, a reroute command may be issued to transform the destination of the traffic associated with the device to a safe zone.

Abstract: Various technologies pertaining to authenticating a password in a manner that prevents offline dictionary attacks are described. A protected module, which can be a hardware security module, a trusted platform module, or the like, is in communication with an authentication server. The protected module comprises a key that is restricted to the protected module. The key is employed in connection with authenticating the password on the protected module.

Abstract: Techniques for secure data management in a distributed environment are provided. A secure server includes a modified operating system that just allows a kernel application to access a secure hard drive of the secure server. The hard drive comes prepackaged with a service public and private key pair for encryption and decryption services with other secure servers of a network. The hard drive also comes prepackaged with trust certificates to authenticate the other secure servers for secure socket layer (SSL) communications with one another, and the hard drive comes with a data encryption key, which is used to encrypt storage of the secure server. The kernel application is used during data restores, data backups, and/or data versioning operations to ensure secure data management for a distributed network of users.

Abstract: A user who is authenticated to a system or service across a network can receive a token that includes a device fingerprint. The fingerprint can include information that is obtained from the client device through which the user supplied authentication credentials. The client device can be configured to include that token with subsequent requests. When a request is received, the information in the fingerprint can be extracted from the token and compared to information obtained from the device submitting that request. If the information matches within at least an allowable match threshold, for example, the request can be processed. If the information in the fingerprint does not match the current values of the device from which the request was received, the request can be denied or a remedial action performed.

Abstract: A server module evaluates a circuit based on concealed inputs provided by respective participant modules, to provide a concealed output. By virtue of this approach, no party to the transaction (including the sever module) discovers any other party's non-concealed inputs. In a first implementation, the server module evaluates a garbled Boolean circuit. This implementation also uses a three-way oblivious transfer technique to provide a concealed input from one of the participant modules to the serer module. In a second implementation, the server module evaluates an arithmetic circuit based on ciphertexts that have been produced using a fully homomorphic encryption technique. This implementation modifies multiplication operations that are performed in the evaluation of the arithmetic circuit by a modifier factor; this removes bounds placed on the number of the multiplication operations that can be performed.

Abstract: According to an embodiment, a key management device includes a key exchange processing unit, a transmission unit, and an update unit. The key exchange processing unit is configured to perform a key exchange process for executing an exchange of a shared key together with authentication between the key management device and a communication device. The transmission unit is configured to transmit update information for updating a device key of the communication device authenticated to the communication device, when the communication device has not been authenticated before performing the key exchange process, and not to transmit the update information, otherwise. The update unit is configured to update the device key using the update information, when the communication device has not been authenticated before performing the key exchange process, and not to update the device key, otherwise.

Abstract: Systems and methods for notification and privacy management of online photos and videos are herein disclosed. According to one embodiment, a computer-implemented method includes detecting a first feature from a first image belonging to an image source. The first image includes a tag. The computer-implemented method further includes determining a first feature location of the first feature, determining a first tag location of the tag, extracting a first feature signature from the first feature based on a relationship between the first feature location and the first tag location, detecting a second feature from a second image belonging to the image source, extracting a second feature signature from the second feature, performing a first comparison between the first feature signature and the second feature signature, and deriving a first similarity score based on a result of the first comparison.

Abstract: Methods, systems, and media for providing trap-based defenses are provided. In accordance with some embodiments, a method for providing trap-based defenses is provided, the method comprising: generating decoy information based at least in part on actual information in a computing environment, wherein the decoy information is generated to comply with one or more document properties; embedding a beacon into the decoy information; and inserting the decoy information with the embedded beacon into the computing environment, wherein the embedded beacon provides a first indication that the decoy information has been accessed by an attacker and wherein the embedded beacon provides a second indication that differentiates between the decoy information and the actual information.

Abstract: Certain exemplary embodiments comprise a method comprising: within a backbone network: for backbone network traffic addressed to a particular target and comprising attack traffic and non-attack traffic, the attack traffic simultaneously carried by the backbone network with the non-attack traffic: redirecting at least a portion of the attack traffic to a scrubbing complex; and allowing at least a portion of the non-attack traffic to continue to the particular target without redirection to the scrubbing complex.

Abstract: A device may receive a file to be analyzed in a sandbox environment, and may determine configuration information for configuring the sandbox environment. The configuration information may be determined based on at least one of: file information associated with the file to be analyzed, or client device information associated with a client device for which the file is intended. The device may configure the sandbox environment using the configuration information. The configuration information may identify a system configuration for the sandbox environment. The device may analyze the file in the sandbox environment based on configuring the sandbox environment using the configuration information.

Abstract: A certificate management method and a certificate management device are disclosed. The certificate management device includes a key collection computing unit, a certificate revocation unit, and a certificate revocation list broadcast unit. The certificate management method includes determining to at least revoke a first certificate in certificates that are recorded in a key tree and related to an entity, and determining whether a first root node only covers the first certificate and other revoked certificate in the key tree. When the first root node only covers the first certificate and the other revoked certificate, information about the first root node is added to a certificate revocation list. The certificate revocation list is sent to another entity at least.