Abstract: A method includes: receiving an operational command directed to a solid-state drive (SSD) and a security credential; issuing an asynchronous event from the SSD to an authentication agent including the security credential and a security certificate, wherein the security certificate is encoded based on the security credential and is stored in the SSD; forwarding the security credential and the security certificate from the authentication agent to an authentication server; validating the security certificate based on the security credential at an authentication server; providing a validation response from the authentication server to the authentication agent; forwarding the validation response from the authentication agent to the SSD; and executing the operational command based on the validation response.

Abstract: A storage device of the disclosure includes: a storage section that stores data; a communication section that performs wireless communication with one or a plurality of electronic apparatuses; an interface section that performs exchange of the data with a host apparatus; and a control section that determines a distance to each of the electronic apparatuses through the wireless communication, and controls access to the storage section by the host apparatus, on the basis of the distance and whether the host apparatus is accessing the storage section.

Abstract: Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.

Abstract: A networked system for authenticating devices that comprise constrained devices connected in a network either directly to cloud based and/or dedicated servers or though gateways to cloud based and/or dedicated servers.

Abstract: Embodiments of the present invention disclose a terminal authenticating method, including: receiving, by a UE-to-network relay UE-R, a first request message sent by user equipment UE; sending, by the UE-R, a second request message to a control network element according to the first request message sent by the UE; receiving, by the UE-R, an authentication request message sent by the control network element, and determining whether the authentication request message is for authenticating on the UE; if the authentication request message is for authenticating on the UE, sending, by the UE-R, an authentication request message to the UE; and receiving, by the UE-R, an authentication response message sent by the UE according to the authentication request message, and sending the authentication response message to the control network element.

Abstract: [Object] To provide an information processing system capable of making it difficult to be easily recognized as being a key at a glance by others. [Solution] Provided is an information processing system including a state acquisition unit configured to acquire information on a state of an object, and an authentication information acquisition unit configured to acquire authentication information corresponding to the information on the state of the object acquired by the state acquisition unit. According to such an information processing system, it is made difficult to be easily recognized as being a key at a glance by others.

Abstract: A master database server may store policy tables which are replicated to SQL databases on a periodic schedule. A master server may receive a privileged command request from a user. The master server may query the SQL database to determine whether the user is authorized to execute the command request. The master server may determine whether the user is a member of a privileged request command (“PRC”) group, whether the PRC group has access to the master server, and whether the PRC group has permission to execute the command request.

Abstract: In an example embodiment, a system determines a set of instructions from the available instructions for a computer application. The determined set of instructions provides specific functionality of the computer application. The system may determine the set of instructions by performing functional testing and negative testing on the specific functionality. The system may reorganize and randomize the set of instructions in memory and write the reorganized set of instructions to a smaller memory space. For each available instruction not in the set of instructions, the system changes the respective instruction to inoperative to prevent execution of the respective instruction. The system may change the respective instruction to inoperative by overwriting the instruction with a NOP instruction. The system then captures a memory address of the computer application being accessed at runtime.

Abstract: A method of producing a white-box implementation of a cryptographic function, including: creating, by a processor, a white-box implementation of a cryptographic function using a network of two dimensional lookup tables; identifying two dimensional lookup tables using a common index; and rewriting the identified two dimensional lookup tables as a three dimensional table.

Abstract: An application analysis platform enables automatic generation of abstract program representations (APRs) that are amenable to static analyses for finding security vulnerabilities. The APR is generated automatically, preferably from an existing build system or a source repository, and then encapsulated into a binary archival format for consumption by a static analysis tool, which operates on-premises or in the cloud. The abstract program representation is a highly compact version of the actual source code it represents. The archival format obfuscates the source code that is subjected to the analysis, thus protecting it from being reverse-engineered when moved off-premises or otherwise shared with other users, teams and even organizations.

Abstract: A privacy processing system may use privacy rules to filter sensitive personal information from web session data. The privacy processing system may generate privacy profiles or privacy metadata that identifies how often the privacy rules are called, how often the privacy rules successfully complete actions, and the processing time required to execute the privacy rules. The privacy profiles may be used to detect irregularities in the privacy filtering process that may be associated with a variety of privacy filtering and web session problems.

Abstract: The present disclosure belongs to the field of network technologies, and disclosed are a sensitive operation processing protocols. The method includes: receiving a sensitive operation request, the sensitive operation request carrying a first feature sequence and sensitive operation information; obtaining a user account corresponding to the first feature sequence according to the first feature sequence and a preset conversion relationship between feature sequences and user accounts; and executing a sensitive operation on the basis of the user account corresponding to the first feature sequence and the sensitive operation information. According to the present disclosure, when a sensitive operation is performed, a user account is no longer directly used to perform a sensitive operation request; instead, the user account is replaced with a feature sequence uniquely identifying the user account.

Abstract: An apparatus and method are described for modifying packet interval timing to identify a data transfer condition. For example, one embodiment of a system comprises: an Internet of Things (IoT) device comprising a first wireless networking interface to establish communication with an IoT hub over a local wireless network channel, the first wireless networking interface implementing a first advertising interval between advertising packets; advertising interval selection logic to cause the first wireless networking interface to use a second advertising interval for advertising packets upon detecting that the IoT device has data to be transmitted to the IoT hub, the IoT hub to detect that the IoT device has data to be transmitted based on the change to the second advertising interval.

Abstract: Disclosed are a system and method for key exchange based on user authentication information. The system for key exchange based on user authentication information includes a client configured to generate ciphertext corresponding to authentication information of a user of the client using a random number for the client and server identification information, and a server configured to decrypt the ciphertext received from the client using a private key for the server corresponding to the server identification information to restore the authentication information, authenticate the client using the restored authentication information, and generate a session key for the server corresponding to the authenticated client.

Abstract: An exemplary system, method, and computer-accessible medium can include, for example, receiving at a first entity from a second entity, a first request for encrypted user information associated with at least one user, wherein the first request includes a user identifier associated with the at least one user, and wherein the first entity is different from the second entity, sending, from the first entity, a second request to a user device associated with the at least one user, wherein the second request includes a notification to the at least one user for an affirmation of the first request or a denial of the first request, receiving at the first entity from the user device, the affirmation or the denial, and sending, from the first entity to the second entity, (i) the encrypted user information if the affirmation is received or (ii) a denied notification if the denial is received.

Abstract: The disclosure discloses a Machine-to-Machine/Man (M2M)-based information processing method and an M2M service platform. The method includes that: an M2M service platform provides subscription information storage and query service for subscribed M2M terminal devices and M2M applications; and the M2M service platform executes the transmission of service data between each subscribed M2M terminal device and the corresponding M2M application, between the M2M applications, and between the M2M terminal devices. The M2M service platform includes: a subscription module, configured to provide subscription information storage and query service for subscribed M2M terminal devices and M2M applications; and a service processing module, configured to execute the transmission of service data between each subscribed M2M terminal device and the corresponding M2M application, between the M2M applications, and between the M2M terminal devices.

Abstract: In an example implementation according to aspects of the present disclosure, a method may include establishing, by a host computing system, a secure connection to a user computing system via a wireless network, wherein the host computing system and the user computing system are in physical proximity to each other. The example method further includes providing, by a host computing system, an operating system session to the user computing system through the secure connection while the host computing system and the user computing system remain in physical proximity to each other. The example method also includes providing, by a host computing system, data associated with a user of the user computing system to the user computing system via the operating system session through the secure connection, wherein the data associated with the user of the user computing device is stored in a data store of the host computing system.

Abstract: Techniques are disclosed herein for reactively identifying software products, available from an electronic marketplace, that are exhibiting anomalous behavior. Data associated with software products is accessed and analyzed to determine anomalous behavior. The data analyzed may include, but is not limited to, crash data, ratings data, marketplace data, usage data, and the like. A machine learning mechanism may be used to classify the application into a category relating to whether a potential anomaly is identified for the software product. A score may also be calculated for the software applications that indicates a severity of the anomalous behavior. The classification and/or the score may be used to determine whether to perform further analysis or testing with regard to a software product. For instance, the score may be used to determine that the software product is to be tested by a testing service.

Abstract: An authentication system includes an authentication server, an application having a proxy, and a token store. The token store receives an authentication request and sends the request to the authentication server. The authentication server authenticates the user based on the request. The token store requests an offline token from the authentication server. The authentication server sends the offline token to the token store. The token store generates a key-secret pair and stores the offline token and the key-secret pair in a database. The token store sends the authentication result of the user to the application. The application receives an authentication result and requests a key-secret pair from the token store. The token store sends the key-secret pair to the application. The key-secret pair is used to configure an agent, which adds the key-secret pair to a communication request sent to the application. The application processes the communication request.

Abstract: A system and method are described for an Internet of Things (IoT) coin operated machine.