Abstract: A content access control system of a device determines whether the device is in possession of an owner of the device or another (secondary or non-owner) user and controls access to media content stored on the device based on the determination. The person in possession of the device at any given time is typically the person holding the device in his or her hand(s). If the device is in possession of the device owner, the system allows all media content on the device to be accessed. If the device is in possession of a secondary user, the system restricts access to media content on the device, such as by displaying only media content that has been captured within a threshold amount of time (e.g., the past hour) and that includes both the owner and the secondary user. Other restrictions can also be applied, such as disabling presentation of notifications.

Abstract: A randomization element includes a logic input for inputting a logic signal, a logic output for outputting the input logic signal at a delay and a randomization element. The randomization elements introduces the delay between said logic input and said logic output and operates selectably in static mode and in dynamic mode in accordance with a mode control signal. A logic circuit may be formed with randomization elements interspersed amongst the logic gates, to obtain protection against side channel attacks by inputting a selected control sequence into the randomization elements.

Abstract: Methods, systems, and devices for encryption key storage are described. An application server may store an encryption key in volatile memory and access the key directly from the volatile memory when performing an encryption process. In some cases, a user may supply the encryption key to the application server on demand. Accordingly, when the application server is restarted, the encryption key may be purged from the memory. In some cases, the encryption key may be wrapped in a public key, and the application server may derive a private key to decrypt the public key-encrypted information to access the encryption key and store it in the volatile memory. Additionally or alternatively, the user may supply a first fragment of the encryption key, and the application server may derive the encryption key from the first fragment and a second fragment of the encryption key retrieved from a database.

Abstract: Provided is an information leakage prevention technique which does not require a dedicated device for access management on a network, and which offers excellent security policy flexibility. An information leakage prevention system comprises: a client terminal including a client processing unit which performs network control in accordance with an acquired security policy; and a management server including a user database in which information concerning a user of the client terminal is stored, a security policy database in which a security policy defining a network control content for each attribute of the user is stored, and a server processing unit which selects the security policy on the basis of the attribute of the user and a time of delivery of the security policy, and which transmits the selected security policy to the corresponding client terminal.

Abstract: A system is provided for detecting behaviour of a mobile telecommunications device in a telecommunications network. Malware in mobile devices can cause malicious behaviour in the device, for example sequential attaching and detaching of an infected device relative to a telecommunications network. A telecommunications network is provided which is configured to identify at least one mobile telecommunications device and to receive signals from the mobile telecommunications device and process the signals into data streams. The data streams include data of a first type arranged to cause an event of a first type within the telecommunications network. The network is arranged to monitor an occurrence in the data streams of the data of the first type and to register when the occurrence exceeds a level indicating acceptable behaviour of the mobile telecommunications device in the telecommunications network. A device for detection of mobile device behaviour is also described.

Abstract: A wireless device receives, from a configurator device, a managed object that includes information indicating which of different provisioning techniques is to be used to provision the wireless device. The wireless device determines, based on the information, a particular provisioning technique of the different provisioning techniques to use.

Abstract: An information transmitting method and device, and an information receiving method and device are provided. The information transmitting method includes: obtaining authentication information; converting the authentication information into a binary sequence; encoding the binary sequence into optical signals based on a correspondence between a binary number and an optical signal; and transmitting the optical signals to a receiving device, wherein the receiving device receives the optical signals, obtains the authentication information carried in the optical signals, and performs an information authentication based on the authentication information.

Abstract: An active security token includes: a sentry that controls access to token data disposed on the active security token through verification of user authentication data; the token data including: reference authentication data for verification of user authentication data; and a security phantom including a password file, the security phantom being a public key certificate or a biometric template.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for obtaining blockchain information.

Abstract: A new controller (supporting device authentication) is a controller which performs encrypted communication with a device which has succeeded in mutual authentication using an electronic certificate, and the controller includes: a determining unit that determines whether or not a communication target device with which communication is to be performed is an authentication support device that supports the mutual authentication; a functional restriction unit that, when the communication target device is determined not to be the authentication support device by the determining unit, imposes a functional restriction on one or more functions of the communication target device which are operable by the new controller (supporting device authentication); and a communication unit which performs communication in plain text with the communication target device with the functional restriction imposed by the functional restriction unit.

Abstract: A system and method for performing image-based authentication requires users to enter an image-based password in order to access a secure system or network. A user may identify at least one password image, and may enter the system or network if he or she selects each of the password images shown in a group of images on the display. Additionally, the user may designate specific locations for multiple password images on a user interface, and a user may enter the system or network if he or she locates each of the password images in its designated location on the user interface.

Abstract: Systems, methods, and devices for implementing secure views for zero-copy data sharing in a multi-tenant database system are disclosed. A method includes generating a share object in a first account comprising a share role. The method includes associating view privileges for the share object such that an underlying detail of the share object comprises a secure view definition. The method includes granting, to a second account, cross-account access rights to the share role or share object in the first account. The method includes receiving a request from the second account to access data or services of the first account and providing a response to the second account based on the data or services of the first account. The method is such that the underlying detail of the share object that comprises the secure view definition is hidden from the second account and visible to the first account.

Abstract: The objective of the present disclosure is to provide a method and device for communicating securely between a T-Box device and an ECU device in an Internet of Vehicles system. Specifically, sending, by a T-Box device, a first piece of information to a corresponding ECU device; generating, by the ECU device, a second piece of information; generating, by the T-Box device, a third piece of information; generating, by the T-Box device, a first key; encrypting, by the T-Box device, a to-be-issued instruction based on the first key; generating, by the ECU device, a second key; and decrypting, by the ECU device, the encrypted instruction based on the second key to obtain the instruction. Compared with the prior art, the present disclosure achieves the secure communication between the T-Box device and the ECU device.

Abstract: Systems and methods verifying a user during authentication of an integrated device. In one embodiment, the system includes an integrated device and an authentication unit. The integrated device stores biometric data of a user and a plurality of codes and other data values comprising a device ID code uniquely identifying the integrated device and a secret decryption value in a tamper proof format, and when scan data is verified by comparing the scan data to the biometric data, wirelessly sends one or more codes and other data values including the device ID code. The authentication unit receives and sends the one or more codes and the other data values to an agent for authentication, and receives an access message from the agent indicating that the agent successfully authenticated the one or more codes and other data values and allows the user to access an application.

Abstract: A method, system and computer-usable medium are disclosed for injecting functionality into a security intelligence platform, comprising: providing the security intelligence platform with a plurality of backend endpoints; generating a modification to the security intelligence platform according to an application framework, the modification comprising metadata associated with functionality, the metadata corresponding to a predefined format; and, merging the modification with the security intelligence platform via a secure container system container.

Abstract: A computer apparatus for transmitting a certificate to a device in an installation is provided. The computer apparatus has a coupling unit for establishing and breaking a connection between the computer apparatus and the device, a processing unit for transmitting a certificate to the device by means of the established connection, wherein the certificate is valid for a first time period and is issued by a certification authority based on a certificate request, and a receiving unit for receiving a further certificate request from the device by means of the established connection, wherein the further certificate request is designed to request a certificate for a second time period, wherein the coupling unit is designed to break the connection after the certificate is transmitted and the further certificate request is received.

Abstract: There is provided an example memory system comprising a plurality of memory modules, each memory module comprising a persistent memory to store root key information and encrypted primary data; a volatile memory to store a working key for encrypting data, the encrypted primary data stored in the persistent memory being encrypted using the working key; and a control unit to provide load and store access to the primary data. The memory system further comprises a working key recovery mechanism to retrieve first root key information from a first module and second root key information from a second module; and compute the working key for a given module based on the retrieved first root key information and the retrieved second root key information.

Abstract: The disclosed technology includes systems and methods for determining secondary authentication of a user's log-in attempts by comparing received behavioral biometric data and/or received scenario-specific data to saved behavioral biometric data and/or saved scenario-specific data, respectively. Responsive to determining that the received behavioral biometric data and/or received scenario-specific data is above a predetermined threshold of similarity with respect to the saved behavioral biometric data and/or saved scenario-specific data, respectively, the systems and methods can determine that the corresponding log-in attempt is secondarily authenticated. of a user device via behavioral biometric data. Responsive to determining that the level of similarity is not above the predetermined threshold, the systems and methods can initiate a secondary authentication method and can associate the received behavioral biometric data with a second user model.

Abstract: A malware analysis system includes a preliminary analysis unit, a determination unit, and a designation unit. The preliminary analysis unit executes malware obtained as a candidate for an analyzing subject to obtain information related to communication transmitted from the malware. The determination unit determines whether the malware is handled as an analyzing subject based on information obtained by the preliminary analysis unit. The designation unit designates an analyzing order with respect to malware having been determined by the determination unit as an analyzing subject based on information obtained by the preliminary analysis unit.

Abstract: A processor-implemented access control method includes receiving credential and policy directory information to configure an access controller to allow self-provisioning of the access controller through periodic, automated query of the directory by the access controller; acquiring from the directory, credential and policy information for one or more individuals who may require access; storing in a local cache the acquired credential and policy information; receiving an access request to allow an individual access; comparing the access request to the credential and policy information in the cache; and when the comparison indicates a match, granting the individual access.