Abstract: A method of accessing a remote resource (4) from a data processing device (2) includes obtaining a first URL corresponding to the remote resource (4), obtaining secret data corresponding to the first URL, using the secret data to generate an obscured URL at the data processing device (2), and accessing the remote resource using the obscured URL. This allows the user of the device (2) to see a first URL which is intelligible and provides useful information about the device, without sharing that information with the network. The obscured URL identifies the actual location of the remote resource and can be an unintelligible stream of digits or letters.

Abstract: The present invention relates to a method and system for performing deep packet inspection of messages transmitted through a network switch in a Software Defined Network (SDN). Embodiments of the invention include a network switch, a controller, and a firewall in a software defined networking environment. In the present invention, the network switch is a simple network switch that is physically separate from the controller and the firewall. The invention may include a plurality of physically distinct network switches communicating with one or more controllers and firewalls. In certain instances, communications between the network switch, the controller, and the firewall are performed using the Open Flow standard communication protocol.

Abstract: The embodiments herein relate to a method performed by an AAA server (103) for enabling authorization of a wireless device (101) to access a first network (100a) while simultaneously accessing a second network (100b) which the wireless device (101) is currently accessing. The AAA server (103) determines that the wireless device (101) requests access to the first network (100a). The AAA server (103) transmits, to a HLR (105), information associated with the first network (100a). The AAA server (103) receives, from the HLR (105), network profile data associated with the wireless device (101). Based on the received information, the AAA server (103) authorizes the wireless device (101) to access the first network (100a).

Abstract: Embodiments generally relate to out-of-band management of a computing system. The present technology discloses enable a primary service controller to provide a centralized configuration of multiple secondary service controllers so that they can share a same configuration. It can utilize an authentication-free protocol to modify and manage credentials for a large number of service controllers.

Abstract: Provided are methods and systems for mitigating a DDoS event. The method may comprise receiving an indication of a collapse of a collapsible virtual data circuit associated with network data traffic. In response to the received indication of the collapse, the collapse may be attributed to the DDoS event. Furthermore, the method may comprise redirecting the network data traffic to one or more DDoS mitigation services. The method may further comprise mitigating the DDoS event by the one or more DDoS mitigation services.

Abstract: An image of users of an application may be received from a computing device on a home network. The image may comprise representations of a group of users. Recognition techniques may be applied to the image. Unclaimed profiles may be created for users who are not recognized. The unclaimed profiles may be utilized by applications prior to being claimed by a user or group. Access to the unclaimed profiles may be controlled based on the identity of the network gateway used in the transmission of the image used as the basis for forming the profile.

Abstract: Various systems and methods for locking computing devices are described herein. In an example, a portable device comprises an electro-mechanical lock; and a firmware module coupled to the electro-mechanical lock, the firmware module configured to: receive an unlock code; validate the unlock code; and unlock the electro-mechanical lock when the unlock code is validated. In another example, device for managing BIOS authentication, the device comprising an NFC module, the NFC module comprising an NFC antenna; and a firmware module, wherein the firmware module is configured to: receive an unlock code from an NFC device via the NFC antenna; validate the unlock code; and unlock a BIOS of the device when the unlock code is validated.

Abstract: Trusted firmware on a host server is used for managing access to a hardware security module (HSM) connected to the host server. The HSM stores confidential information associated with an operating system. As part of access management, the firmware detects a boot device identifier associated with a boot device configured to boot the operating system on the host server. The firmware then receives a second boot device identifier from the HSM. The boot device identifier and the second boot device identifier are then compared by the firmware. Based on the comparison, the firmware determines that the boot device identifier matches with the second boot device identifier. Based on this determination, the firmware grants the operating system access to the HSM.

Abstract: The disclosed apparatus may include (1) a reply-reception module, stored in memory, that receives, from a satellite device, an authentication reply that includes an original authentication message digitally signed by the aggregation device using a private key of the aggregation device and that is digitally signed by the satellite device using a private key of the satellite device, (2) a forwarding module, stored in memory, that forwards the authentication reply to a network management server, (3) a validation-reception module, stored in memory, that receives, from the network management server in response to forwarding the authentication reply, a validation message, and (4) an authentication module, stored in memory, that authenticates the satellite device based at least in part on receiving the validation message. Various other apparatuses, systems, and methods are also disclosed.

Abstract: A computer-implemented method of and a first web service system for anonymously authenticating a service user having an account associated with a first web service system are disclosed. The method is executable by a processor and comprises receiving an authentication request originating from a device of the service user, the authentication request comprising data identifying the account of the service user; generating, based on data relating to the account of the service user, a token comprising first data anonymously authenticating the service user and second data identifying an action that a second web service system is authorized to perform for the service user; storing, in a memory, at least one of the first and second data of the token; and transmitting the generated token to the second web service system. A computer-implemented method executable by a second web service system and a second web service system are also disclosed.

Abstract: Techniques for dynamic throttling of scan requests for multiple scanners in a cluster of nodes are described. An apparatus may comprise a dynamic throttling service component for executing the dynamic throttling of scan requests for the multiple scanners in the cluster of nodes. The dynamic throttling service component operative to estimate, by the scanner proxy, a resource limit count value representative of resource capacity for servicing scan requests for each one of the multiple scanners in the cluster of nodes; detect a first scan request exceeds the resource limit count value for a first scanner; dynamically throttle each subsequent scan request for the first scanner in response to the first scan request exceeding the resource limit count value; and revise the resource limit count value, by the scanner proxy, for the first scanner.

Abstract: In various example embodiments, systems, devices, methods, and media for configurable data endpoints are presented. In one example, a system comprises a module, executing on at least one processor of a machine, configured to issue a request for access to data residing on a client device. In response to receiving an authorization of the request, the module communicates with a user-configurable API data endpoint on the client device to retrieve at least some of the requested data and store the requested data in a database. This allows users to leverage data already residing on their mobile devices when required to enter data into other computerized systems, for example.

Abstract: In particular embodiments, a temporary user is able to use another's personal computing device in shared mode for a short period of time while experiencing a personalized user interface. An indication is detected that a personal computing device associated with a primary user is to be shared with a temporary user. Access to local personal information associated with the primary user is disabled if it is stored on the personal computing device. Access to remote personal information of the primary user that is accessible from the personal computing device is disabled. A personalized user interface incorporating personal information associated with the temporary user is presented on the personal computing device for the temporary user. Personal information of the primary user is not accessible by the temporary user, and vice versa. When shared mode is to be terminated, all personal information of the temporary user is deleted.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to facilitate secure screen input. An example disclosed system includes a user interface (UI) manager to generate a UI comprising a quantity of ordinal entry points, each one of the quantity of ordinal entry points comprising a repeating selectable pattern, an ordinal sequence generator to generate an initial randomized combination of the quantity of ordinal entry points, the randomized combination stored in a trusted execution environment, and an offset calculator to calculate a password entry value by comparing an offset value and direction value retrieved from the UI with the initial randomized combination of the quantity of ordinal entry points.

Abstract: A system and method for authenticating and enabling an electronic device in an electronic system are disclosed.

Abstract: An apparatus includes a memory, and a processor coupled to the memory and configured to specify a communication source device that performs a plurality of traffic confirmations of communications with a plurality of first devices, and control to discard a plurality of first authentication requests for the plurality of first devices generated by the communication source device after performing the plurality of traffic confirmations of communications.

Abstract: Provided are a secure data interactive method and system, the method including: scanning, by a terminal, an intelligent cipher token in a signal coverage range and obtaining identification information of the intelligent cipher token; conducting a mutual authentication between the terminal and a background system server, and/or conducting a mutual authentication between the terminal and the intelligent cipher token; obtaining, by the terminal, user information corresponding to the intelligent cipher token based on the identification information of the intelligent cipher token; and storing, by the terminal, the user information into a pre-established current user list.

Abstract: Methods and apparatus for detecting VOIP spoofing attacks in systems that provide communication services over IP networks, for gathering information that can be used for preventing or mitigating future malicious attacks, are described. The methods and apparatus send various signals and check for expected responses. Actual responses and/or lack of responses to signals, e.g., messages, are detected, logged and used for making decisions as well as generating a record for informational purposes and analysis which can facilitate identification of common features of malicious packets and/or messages. The methods are well suited for use in a session border controller.

Abstract: Systems and methods are disclosed for registering a host computing device at a server and registering a lock device at the server via an application running on a mobile computing device, each being provided host keys from the server that allow communication between the host computing device the lock device. Further, the lock device can only be registered with the server if a current registered device count is less than a maximum registered device threshold.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for analyzing threat intelligence information. One of the methods includes receiving by a threat information server, threat intelligence information from one or more intelligence feeds and generating one or more identified security threats, identifying a compromise by a management process orchestration server and retrieving information from the threat information server and identifying one or more actions to be performed, determining by an indicator analytics processor, a composite credibility based on the actions, and determining one or more components for profiling and determining indicators of compromise for each component, and communicating the indicators of compromise to the management process orchestration server.