Abstract: A computer-implemented method for determining whether a computer network is compromised by unauthorized activity on the computer network. The computer-implemented method comprises identifying a behavioral anomaly of an entity on the computer network, classifying the anomaly as a system event based on an assigned score for the anomaly being at least at a predetermined score threshold, updating an incident based on at least one common parameter between the system event and other system events which comprise the incident, each system event of the incident including an assigned score from when the event was an anomaly, updating a system status based on at least the incident, and assigning a system status score to the system status, and, determining whether the system status score is at least at a predetermined threshold system status score indicating that the computer network may be compromised.

Abstract: Disclosed are a method and a device for intercepting a call for a service by an application in an operating system of an electronic apparatus. The method comprises: loading an interception dynamic link library to a process where the service is located; replacing the address of an input/output control function in the process with a first address of the interception dynamic link library; when the application is calling the service, executing the interception dynamic link library based on the first address so as to obtain the name and information of the application as well as the information of the call, and replacing the address of the service to be called comprised in the information of the call with a second address of the interception dynamic link library; and executing processing based on the second address according to the name and/or information of the application. The invention increases the security of the operating system of the electronic apparatus.

Abstract: Systems and methods can secure personal identification numbers associated with secure elements within mobile devices. A host application of the mobile device can receive a personal identification number (PIN) or user PIN from a user. The application can generate one or more random PIN components. The application can compute a PIN for the secure element based upon the user PIN and each of the one or more random components. The SE can be configured using the PIN computed for the secure element. Each of the one or more random components may be stored in one or more distinct, diverse locations. In addition to entering the correct user PIN, each of the one or more random components must be retrieved from the diverse locations in order to reconstruct the PIN for the secure element whenever performing a transaction using the secure element.

Abstract: A system and method implemented at a server system, for securely wiping a remote mobile device after the device registration has been removed from the server system. Prior to removal of the device registration from the server system, a “pre-packaged” command is created and stored at the server system. In the event that it is determined, after removal of the registration, that the device should be wiped or disabled, means are provided for an administrator to issue the previously stored command to the target mobile device.

Abstract: A decryption device for decrypting a document encrypted using biometric information of an intended receiver of the document is provided. The decryption device comprises: an imaging device configured to capture an image of at least a portion of the document; a biometric detection device configured to detect biometric information of a user; a processor configured to decrypt at least the portion of the document using the captured image and the detected biometric information; and a display device configured to display at least the portion of the document decrypted by the processor.

Abstract: One time password (OTP) technology enables a plurality of OTP software token instances (or copies) to be used simultaneously on a plurality of computing devices of a user. OTP software instances may be counter based. An authentication server comprising authentication software assigns a set of counters for each OTP software instance. An OTP software instance may be provided along with the assigned set of counters to each computing device. A range of counters may be partitioned by the authentication server into mutually exclusive sets of counters. An OTP software instance executed by a computing device uses one of the counters in the assigned set of counters to provide an OTP. The authentication server attempts authentication by using each counter in the assigned set of counters to provide a calculated OTP that is compared to the received OTP. The authentication server verifies authenticity when a calculated OTP matches a received OTP.

Abstract: A method and an arrangement for providing keys for protecting communication between a terminal (300) and service points in a communication network. A basic key (Ik) is first established with a service control node (304) when the terminal has entered the network. An initial modified key (Ik1) is then created in both the service control node and the terminal, by applying a predetermined first function (f) to at least the basic key and an initial value of a key version parameter (v). The initial modified key is sent to a first service point (302), such that it can be used to protect communication between the terminal and the first service point. When the terminal switches to a second service point (306), the first service point and the terminal both create a second modified key (Ik2) by applying a predetermined second function (g) to the initial modified key, and the first service point sends the second modified key to the second service point.

Abstract: The disclosure discloses an apparatus for displaying a computer health index comprising: a health index calculator configured to calculate one or more health sub-indices, and calculate a computer health index based on the one or more health sub-indices, wherein each health sub-index is associated with one of one or more computer states, and reflects the health degree of the associated computer state; and a simple index display configured to receive the computer health index from the health index calculator, and displaying a small icon reflecting a value of said computer health index.

Abstract: Disclosed are a system and method for exchanging a key based on user authentication information. The system for exchanging a key based on user authentication information includes a terminal configured to generate an ID-based ciphertext corresponding to authentication information of a user of the terminal using a terminal-side random number and a server ID and a server configured to decrypt the ID-based ciphertext that is received from the terminal using a server-side private key corresponding to the server ID to restore the authentication information, authenticate the terminal using the restored authentication information, and generate a server-side session key corresponding to the authenticated terminal.

Abstract: Various methods and systems are provided for capture and transmission of images to a secure repository. In one example, among others, a method includes capturing an image of a document as an image file using a mobile device, adding metadata to the image file, and securely transmitting the image file to a server. The image file can be stored in a secure repository. In another example, a mobile device includes a secure transfer application that causes the mobile device to capture an image as an image file, add metadata to the image file, and transmit the image file to a server via a secure connection. The server may store the image file in a secure repository. In another example, a non-transitory computer-readable medium includes a program that captures an image, adds metadata to the image file, and transmits the image file securely to a server.

Abstract: The present invention may be deployed in a system for broadcast of conditional access content where it is desirable to detect and take action against receiver equipment which has been used in a control word sharing activity. By requiring that receiver equipment used in the system send a message to a broadcaster of conditional access content at a precise time, the invention provides a method for the server to detect receiver equipment involved in control word sharing activity and to inhibit that receiver's ability to further access the content.

Abstract: A method and apparatus for uploading files are disclosed. The method includes: upon receiving a scanning instruction, obtaining unknown files on a client and putting the unknown files in a file upload queue; scanning unknown files in the file upload queue to obtain a risk coefficient for each unknown file; sorting in descending order the unknown files in the file upload queue based on the risk coefficient of the unknown files; and uploading the unknown files in the file upload queue in order to a server. The unknown files in the file upload queue are sorted so that the most suspicious files are uploaded first to ensure that the server will timely receive the most suspicious files, which greatly improves the efficiency of cloud servers in collecting suspicious files.

Abstract: A technology to authenticate a user is described. A mobile telephone number associated with a user identification is identified. A message including a confirmation telephone number for authorization is sent to a mobile telephone, and a mobile telephone reply is initiated to the confirmation telephone number from the mobile telephone number to authenticate the user identification.

Abstract: An approach for receiving a request for an authentication code for presentation in an authentication user interface, wherein the request is from a relying party and wherein the authentication user interface is presented by the relying party at a first device. The approach further involves transmitting the authentication code to the relying party. The approach also involves authenticating a user with respect to the relying party by determining that a second device associated with the user has read the authentication code from the authentication user interface of the first device, wherein the second device is a previously authenticated device.

Abstract: A privacy processing system may use privacy rules to filter sensitive personal information from web session data. The privacy processing system may generate privacy profiles or privacy metadata that identifies how often the privacy rules are called, how often the privacy rules successfully complete actions, and the processing time required to execute the privacy rules. The privacy profiles may be used to detect irregularities in the privacy filtering process that may be associated with a variety of privacy filtering and web session problems.

Abstract: Provisioning techniques are described. In implementations, a particular one of a plurality of public keys are located using an identifier included in a request received via a network. The located public key is communicated via the network, the public key configured to encrypt data that is to be decrypted by a secure element of a mobile communication device, the secure element implemented using hardware and including a private key that is configured to decrypt the data that was encrypted using the public key.

Abstract: In implementations, a computer-implemented method for location assurance is disclosed. The method can include receiving, by an application executing on a mobile computing device, an electronic token from a server, wherein the electronic token comprises a timestamp signed using a cryptographic signing algorithm; providing, by the application, the electronic token to a passive computational tag, wherein the electronic token is countersigned by the passive computational tag; receiving, by the application, the electronic token that was countersigned by the passive computational tag; and providing, by the application, the electronic token that was countersigned to the server.

Abstract: A first information processing device holds data and a key for encryption. A second information processing device does not have rights to share data not encrypted with the first information processing device and a client. The first information processing device transmits data and key to the client when receiving a request to use the data. The first information processing device generates first encrypted data encrypted with the key, and transmits it to the second information processing device. The client transmits information obtained by encrypting the result of processing on the data with the key to the second information processing device until the use of the data ends. The first information processing device acquires second encrypted data received by the second information processing device from the second information processing device, and decrypts and stores it when notified that the use of the data has ended.

Abstract: A method for simulation aided security event management, the method comprises: generating attack simulation information that comprises multiple simulation data items of at least one data item type out of vulnerability instances data items, attack step data items and attack simulation scope data items; wherein the generating of attack simulation information is responsive to a network model, at least one attack starting point and attack action information; identifying security events in response to a correlation between simulation data items and event data; and prioritizing identified security events.

Abstract: A triggering mechanism may provide a user of a device the ability to send a multimedia message and/or capture multimedia information via the device without the user unlocking the device, without the user opening a messaging application and/or without the user opening an information capturing application on the device. In an example configuration, an emergency call button, or the like, on the device may provide a user several options for sending a message and/or capturing information. Upon selecting one or more of the options, applications for effectuating the selected option(s) may be automatically initiated without user intervention.