Abstract: A method for use with a public cloud network is disclosed. The method includes setting up a private cloud routing server and a smart device client in a client server relationship. The private cloud routing server includes a first message box. The smart client includes a second message box. The first and second message boxes are located on the public cloud network. The method also includes passing an authenticated session based message between the first and the second message boxes in a secure manner. The smart device client and the private cloud routing server can communicate with each other after authentication to provide security. The method also includes setting up another smart device client in a client server relationship with the private cloud routing server. The two smart device clients can privately and securely communicate with each other through the public cloud network.

Abstract: In one embodiment, a method includes receiving a packet from an end node, the packet comprising an authenticated source MAC (Media Access Control) address and a source IP (Internet Protocol) address computed based on the authenticated source MAC address, and verifying the source IP address in the received packet, wherein verifying the source IP address comprises computing an IP address based on the authenticated source MAC address and comparing the computed IP address to the source IP address in the received packet to verify the source IP address. An apparatus is also disclosed herein.

Abstract: Various exemplary embodiments relate to a method performed by a DIAMETER network node, the method including: receiving a first DIAMETER message; determining that the first DIAMETER message is not trusted; and rejecting the first DIAMETER message.

Abstract: Improved techniques involve comparing access patterns in a storage system to expected access patterns under similar circumstances. An intrusion detection system, in response to a suspected malicious application workload, collects information about a current session on the storage processor, e.g., application workload s running, users logged in, and timestamp, as well as parameters such as storage allocation requests sampled at prespecified intervals over a period of time. In a database that stores such sampled parameter values by application workload, user, and time, the system extracts the sampled parameter values having the application workload, user, and time corresponding to the current session. The system then compares the extracted sampled parameter values with the current parameter values and computes a difference. Based on the difference, the system determines whether the storage system is accessed by a malicious application workload.

Abstract: The present disclosure provides a network architecture and verification platform for analyzing the various modules of a Unified Extensible Firmware Interface (UEFI) firmware image. In one embodiment, the disclosed network architecture and verification platform obtains various UEFI firmware images, such as UEFI firmware image residing on a client device or a UEFI firmware image hosted by a hardware manufacturer. The network architecture and verification platform may then segregate the various UEFI firmware modules that make up the UEFI firmware image, and subject the modules to different types of analysis. By analyzing the UEFI firmware modules individually, the network architecture and verification platform builds a repository of Globally Unique Identifiers (GUIDs) referenced by a given UEFI firmware module, which may then be referenced in future analyses to determine whether any changes, and the extent of such changes, have been made to an updated version of the given UEFI firmware module.

Abstract: Video content sharing is provided. A user may select friends from various social networking site accounts and aggregate those friends into a friends list with the user's video service provider. The user may select a video to share, select friends with whom he/she would like to share the video, and a link to the video may be created. The video link, a token, and, if applicable, a link to download a video player may be sent to each selected friend in an invitation via email, text, programming guide, or social media services. The token may be used for tracking the sender and the receiver of the video, contain authorization information allowing each friend to watch protected content, and may be used to authenticate the receiving user. Each friend may be enabled to stream the shared video and watch the content based on rules associated with the token.

Abstract: A method for use with a public cloud network is disclosed. The method includes setting up a private cloud routing server and a smart device client in a client server relationship. The private cloud routing server includes a first message box. The smart client includes a second message box. The first and second message boxes are located on the public cloud network. The method also includes passing an authenticated session based message between the first and the second message boxes in a secure manner. The smart device client and the private cloud routing server can communicate with each other after authentication to provide security. The method also includes setting up another smart device client in a client server relationship with the private cloud routing server. The two smart device clients can privately and securely communicate with each other through the public cloud network.

Abstract: A method of enforcing control of access by a hosting device to a secure element, and a secure element are described. The method includes steps performed by the secure element: receiving a request for retrieving at least one access rule controlling access to at least one application of the secure element, from access rules stored in the secure element; outputting at least one access rule retrieved from the stored access rules, wherein an access rule controlling access to an application of the secure element is retrieved by searching only in access rules stored in a security domain to which the application belongs in the secure element, or an access rule controlling access to an application of the secure element is stored only in a security domain to which the application belongs in the secure element.

Abstract: A method and system for managing suspicious devices on a network. The method includes, setting based on a manager's input or selection a suspicious group corresponding to each of at least one suspicious management item for managing a plurality of devices on a network via a user interface; accessing the devices and reading information corresponding to the suspicious management item; determining whether each device is a suspicious device based on the information corresponding to the suspicious management item, and registering the device in the suspicious group if the device is determined as a suspicious device; checking whether an error of the device comprised in the suspicious group is resolved; and eliminating the device from the suspicious group if the error of the device is resolved.

Abstract: Provided are techniques to enable, using broadcast encryption, a device to locate a service offered by a server with the knowledge that the service offered by the server is a trusted service. A signed enhanced Management Key Block (eMKB) includes a trusted service locator (TSL) that includes one or more records, or “trusted service data records” (TSDRs), each identifying a particular service and a corresponding location of the service is generated and transmitted over a network. Devices authorized to access a particular service parse the eMKB for the end point of the service, connect to the appropriate server and transmit a request.

Abstract: A state sensitive device is described, the device including a state register which stores a record of the effective-state of the device, a mask field having a value which varies according to a value of the state register, and a processor which changes the value of the mask field to a new value of the mask field when there is a change in the value of the state register, wherein, the processor performs a state dependent calculation requiring the value of the mask field as an operand in the state dependent calculation which will yield an incorrect result if the value of the mask field does not properly correspond to the value of the state register. Related methods, systems and apparatus are also described.

Abstract: A license management device includes a license identifier generator unit generating a license identifier and license information corresponding to a group of application programs, the license identifier associated with a group identifier of the group and the license information on the group, a group information storage unit storing the group identifier with a product identifier of each application program, a license information storage unit recording the license identifier corresponding to the group identifier with the product identifier of the application program, a determination unit determining, on receiving the license identifier associated with the application program, whether the received license identifier is recorded in the license information storage unit, and a sending unit sending via a network, if the received license identifier is recorded in the license information storage unit, a license file corresponding to the recorded license identifier to provide a permission to use the application program

Abstract: A method and apparatus for intrusion detection, the method comprising: receiving a description of a computerized system, the description comprising two or more entities, one or more attribute for each entity and one or more statistical rule related to relationship between the entities; receiving data related to activity of the computerized system, the data comprising two or more events; grouping the events into two or more groups associated with the entities; comparing the groups in accordance with the statistical rule, to identify a group not complying with any of the statistical rules.

Abstract: Communication apparatus includes a one-way, hardware-actuated data relay, which includes a first hardware interface configured to receive a command from a communications network and a second hardware interface configured to convey the received command to a protected destination when the relay is actuated. A decoder includes a third hardware interface configured to receive a digital signature for the command from the communications network and hardware decoding logic coupled to verify the digital signature and to actuate the relay upon verifying the digital signature, whereby the command is conveyed via the second hardware interface to the protected destination.

Abstract: A method for communicating between a user using a viewing device (2000) and the viewing device, includes the following steps: acquiring, at an acquisition interface (1400) integrated into a pair of glasses (1000) of the user, an item of information on utilization of the glasses; and generating and sending to the viewing device (2000), by a microcontroller (1100) integrated into the glasses, a data signal (DATA) depending on the acquired information. The acquired information enables in particular the authentication of the user, so as to send, to the viewing device, data that the latter will use to display a digital content.

Abstract: In an approach for providing auditable retrieval of privileged credentials in a privilege identity management (PIM) system, a processor invokes a checkout of a PIM credential, based on, at least, a determination that a PIM server cannot be accessed. A processor receives a request to access the PIM credential by a user. A processor receives validation of the request to access the PIM credential and an identity of the user. A processor retrieves the PIM credential from a database, wherein the database stores a plurality of PIM credentials owned by a system owner.

Abstract: Methods, apparatuses, and computer program products are provided for facilitating the secure transmission and storage of data. In this regard, a method is provided that comprises causing data encrypted by a sender system to be received at a service provider system; causing the data as encrypted by the sender system to be stored at the service provider system; receiving a request for the data from a recipient system; determining the recipient system is authorized to receive the data; and causing the data as encrypted to be transmitted to the sender system.

Abstract: In an approach for providing auditable retrieval of privileged credentials in a privilege identity management (PIM) system, a processor invokes a checkout of a PIM credential, based on, at least, a determination that a PIM server cannot be accessed. A processor receives a request to access the PIM credential by a user. A processor receives validation of the request to access the PIM credential and an identity of the user. A processor retrieves the PIM credential from a database, wherein the database stores a plurality of PIM credentials owned by a system owner.

Abstract: Systems, devices, and methods for traffic management are provided. An example of a method for traffic management includes receiving a number of policies for data traffic redirection 230 in a data network 100 and authorizing a subset of the number of policies based upon matching a plurality of authorization rules 350 saved in the data network 100, for example, in a management tool 120 and/or a network device 123.

Abstract: Systems, methods, and devices for authenticating a user are provided. A device includes one or more processors configured to determine if a requested service requires high quality authentication, generate a request for high quality authentication if the requested service requires high quality authentication, and generate a request for low quality authentication if the requested service requires low quality authentication. The device also include a network interface component coupled to a network, the network interface component configured to: receive the request for the service requiring authentication, and a memory, the memory storing high quality authentication information and low quality authentication information for authenticating the user.