Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for detecting security exposures of Voice over Internet Protocol (VOIP) devices. One of the methods includes obtaining data identifying a source Internet Protocol (IP) address associated with a communication device that has been provisioned with configuration files for VOIP services; determining that a VOIP phone configuration interface is exposed over an untrusted network at the source IP address; and determining that the communication device associated with the source IP address has a security exposure based at least in part on determining that the VOIP phone configuration interface is exposed over the untrusted network at the source IP address.

Abstract: Embodiments of the present invention disclose a method, an apparatus, and a system for increasing network security. The method for increasing network security includes: receiving, by a network management system, a certificate message reported by a network element; generating, by the network management system, a first list; when determining that a certificate corresponding to certificate information in the first list needs to be revoked, generating, by the network management system, a certificate revocation request file according to the certificate information, and removing the certificate information in the first list from the first list; and sending, by the network management system, the certificate revocation request file to a public key infrastructure (PKI) system.

Abstract: Licenses to software services are assigned automatically to users as a function of one or more user attributes. An attribute can include membership in a group such as a license group or a security group, among other things such as location. License assignments can also be retracted automatically upon changes in one or more user attributes.

Abstract: An embodiment of the present invention is provided with an access control device, an access control method, and a program that are capable of easily managing access control and easily confirming whether appropriate access control is exercised. An access control device has a screen generation unit for generating selection screen information allowing for an access rule used by a user having logged in to a working terminal to be selected from one or a plurality of access rules created by an administrator of a client environment, and an access control unit for executing access control on a user according to an access rule selected from access rules displayed on the basis of the selection screen information.

Abstract: In computer-based user authentication, a user performs an image-based log-in comprising a set of actions on at least one verification image on a display screen. Users are authenticated by a computer comparing the set of actions against a key definition for the verification image. The set of actions may include selecting a target location on the image, selecting target locations in a selected order and/or with a selected pattern, superimposing a target location with a selected overlay, covering target locations with overlays in a selected superimposing order and/or pattern. The user may define the set of actions and verification image to establish the log-in. The user may also establish or enhance security for a component of a multi-component password, which may be an image-based password; one method is to encrypt the position of at least one target location and to modify the encryption as frequently as desired.

Abstract: A one-way key switching method and an implementation device. The method comprises: after obtaining a new key and before deducing or determining that at least n receivers obtain the new key, a sender setting the sending direction of the new key as unavailable and keeping the sending direction of an original key as available; after obtaining the new key and before deducing or determining that at least n receivers obtain the new key, before the original key is invalid, the sender starting up a key switching process, i.e. setting the sending direction of the original key as unavailable and setting the sending direction of the new key as available; where N?n?1, N is the total number of the receivers corresponding to the sender.

Abstract: A device for processing a virus file, including a memory, and a processor in communication with the memory, the memory stores a virus file information providing instruction, a cleaning instruction, an isolating instruction and a transferring instruction, which are executable by the processor; the virus file information providing instruction indicates to provide virus file information; the cleaning instruction indicates to clean a virus file in a User Equipment (UE) corresponding to the virus file information, based on the virus file information; the isolating instruction indicates to provide isolation space, and utilize the isolation space to isolate the virus file, and the transferring instruction indicates to transfer the virus file, which is cleaned based on the cleaning instruction, to the isolation space.

Abstract: The present disclosure discloses a sensitive operation verification method, a terminal device, a server, and a verification system. The method includes: scanning, by a first terminal device, a two-dimensional code for initiating a sensitive operation, and obtaining information in the two-dimensional code, the information in the two-dimensional code being at least used to uniquely determine the sensitive operation; and sending, by the first terminal device, a first verification request to a verification server, the first verification request carrying verification information of the first terminal device and the information in the two-dimensional code.

Abstract: A method comprising using at least one hardware processor for: receiving input from a user with respect to masking of a data element in one or more documents of a java script object notation (JSON) type, wherein the input comprises: an identifier of the data element, and one or more constraints for masking the data element based on the hierarchy of the one or more documents of the JSON-type; and generating a masking rule for the one or more documents of the JSON-type based on the input.

Abstract: One embodiment of the present invention provides a system for retrieving a content collection over a network. During operation, the system determines additional information associated with the piece of content that is needed for consumption of the content collection; generates a plurality of Interests, which includes at least one Interest for a catalog of the content collection and at least one Interest for the additional information; and forwards, concurrently, the plurality of Interests, thereby facilitating parallel retrieval of the content collection and the additional information.

Abstract: A method for managing the installation of an application on an electronic device is disclosed. In one aspect, the method includes seeking the authenticity of a second signature using the public authentication key of a certificate, the certificate being authenticated if at least one of the second sub-signatures is considered authentic during implementation of the search.

Abstract: A system for transmitting a data signal is provided, comprising a plurality of network devices; a network connecting the plurality of network devices based on at least a first communication carrier, wherein the first communication carrier is a wired communication carrier; a network key generator configured to generate a network key; a mobile transmitting device configured to transmit the network key to at least one of the plurality of network devices on a second communication carrier, wherein the second communication carrier is a wireless carrier, and wherein the network devices are configured to communicate with the other network devices based on a link encryption key based on the network key. A corresponding method, a mobile transmitting device and a network device are provided as well.

Abstract: A method and system for detecting attacks performed using a cryptographic protocol are presented. The method includes upon receiving an indication about a potential attack, establishing an encrypted connection with a client device using the cryptographic protocol; receiving an inbound traffic from the client device, wherein the inbound traffic is originally directed to a protected entity; analyzing the inbound traffic received on the encrypted connection to detect at least one encrypted attack; and causing to establish a new encrypted connection between the client device and the protected entity, when the at least one encrypted attack at the application layer has not been detected.

Abstract: This invention creates separation between personal applications and corporate applications on a data processing device, so that both types of applications can run simultaneously while complying with all required policies. This enables employees to use their personal devices for work purposes, or work devices for personal purposes. The separation is created by dividing the data processing device into two or more “domains”, each with its own policies. These policies may be configured by the device owner, an IT department, or other data or application owner.

Abstract: A first electronic device, a second electronic device and methods for operating the same are provided. The method of the first electronic device includes obtaining wearing status information of a second electronic device which is wearable, and determining a security environment of the first electronic device based on the wearing status information. The method of the second electronic device includes detecting a wearing status of the second electronic device, confirming at least once of a security level and a user profile corresponding to the wearing status, and sending information of the security level or the user profile to a first electronic device.

Abstract: Provided is an operation limiting device which makes it possible to achieve more robust security and safety in processing of a workpiece by a processing apparatus. The operation limiting device limits operations relating to processing of a workpiece by a processing apparatus, and is provided with: an authentication unit for authenticating each of a plurality of users; a receiving unit for receiving an operation request or permission for said operation, from a plurality of authenticated users; an operation enabling unit for enabling an operation if an operation request or permission has been received from the plurality of authenticated users; and a releasing unit for releasing the operation enabled state set by the operation enabling unit if processing relating to the operation has terminated or if a predetermined period of time corresponding to the operation has elapsed.

Abstract: A certificateless multi-proxy signature method and apparatus, where the method may include computing, by a proxy signature device, a public key and a private key of the proxy signature device according to a public parameter, where the public key is corresponding to the private key, acquiring a verification result of a standard signature and determining, according to the verification result, whether the standard signature is valid, computing a partial proxy signature of the proxy signature device according to the private key if the verification result is used to represent that the standard signature is valid, and sending the partial proxy signature to a proxy signature device administrator, so that after the proxy signature device administrator obtains a multi-proxy signature through computation according to the partial proxy signature, a multi-proxy signature verification device verifies the multi-proxy signature.

Abstract: A system and method for processing the copyright notice of a media file stored in digital format in an electronic device are provided. The copyright notice of the media file is checked prior and/or during transmission between two devices and if the copyright notice is not found, action is taken to insert the copyright notice. The copyright notice is presented when the media file is presented.

Abstract: A data processing system supporting a secure domain and a non-secure domain comprises a hardware component, and a processor device having operating modes in the secure domain and non-secure domain, the processor device to execute a secure application in the secure domain. The hardware component has a property having a secure state. The property of the hardware component in the secure state may only be reconfigured responsive to instructions received from the secure domain. The secure application is operative to implement a configuration service to configure the property of the hardware component in the secure state, responsive to a request received from the non-secure domain according to an application programming interface associated with the secure application.

Abstract: Systems and methods for tiered connection pooling are disclosed herein.