Abstract: A method of downloading trusted content. The method comprises sending by a mobile device a request for a trusted content to a server, wherein the mobile device comprises a first mobile device trusted security zone and builds the request while executing in the first mobile device trusted security zone and wherein the server comprises a server trusted security zone and wherein the server handles the request for the trusted content at least partly in the server trusted security zone. The method comprises receiving the trusted content by the first mobile device trusted security zone, storing the trusted content in a second mobile device trusted security zone of the mobile device, inspecting the trusted content in the second mobile device trusted security zone, and when the trusted content passes inspection, at least one of executing or presenting a portion of the trusted content by the first mobile device trusted security zone.

Abstract: A subscriber network can provide services. External applications can use the services on the subscriber network. A service access gateway can control application access to services of the subscriber network. The service access gateway can filter requests from an external application to access services on the subscriber network based on the customer for which the external application is accessing the service.

Abstract: A determining unit determines whether housing specific information decrypted from a license key is identical to housing specific information acquired from the housing to confirm legitimacy of license, thereby ensuring security. The determining unit determines that the license can be activated if a usage number in the housing does not exceed a usable number. Only when the determining unit determines that the license can be activated, the setting unit activates the license to make software usable so that any blade can freely use the software within a limit of the usable number.

Abstract: The present invention provides improved security in a virtual machine. By extending the capabilities of modern secure processors, privacy of computation is provided from both the owner of the equipment and other users executing on the processor, which is an advantageous feature for rentable, secure computers. In addition to the hardware extensions required to secure a virtualizable computer, an infrastructure for the deployment of such processors is also provided. Furthermore, a signaling flow to establish the various relationships between the owner, user and manufacturer of the equipment is disclosed.

Abstract: Generally, this disclosure describes software delivery systems (and methods). A server is provided that operates to provision software on a customer's local machine. The server system, in response to a software purchase from an end user (customer), is configured to install the software on the customer's machine, encrypt the software, and provision encryption keys to grant the customer access to the software. In addition, a software agent is installed on the customer's machine that enables monitoring, by the server, of the customer's installed software. The server system is configured to control customer access to the installed software, via the software agent, and to terminate customer access to the software (for example, for nonpayment of fees). Thus, the software provider can retain control over software that is remotely deployed at an end user location.

Abstract: Implementations of the present disclosure are directed to for checking that a to-be-compiled program is well-typed such that the program is secure in a semi-honest model, and include actions of receiving the program, the program being provided in a human-readable, domain-specific programming language and including two or more protocols to provide secure computation based on inputs provided by two or more parties, processing the program in view of a type system to determine whether the program is secure in the semi-honest model, the type system including a secure type system extension provided as a set of typing rules that describe security types that can be assigned to one or more entities of the program, and compiling the program to generate a computer-executable program in response to determining that the program is secure in the semi-honest model.

Abstract: A system for authenticating a user to a service includes a service, an authentication server and a device. The service includes first signal interface, first processing hardware and first user interface. The authentication server includes second signal interface and second processing hardware. First signal interface transmits a request to the authentication server to authenticate a user. Second processing hardware creates a session identifier and encodes it into a pictogram. Second signal interface transmits the pictogram to the service. The device includes third processing hardware that scans the pictogram and extracts the session identifier, and a third signal interface that transmits the credentials and the session identifier to the authentication server. Second processing hardware verifies the credentials, and second signal interface securely transmits the result of the authentication to the service.

Abstract: An information processing apparatus includes: a program executing unit which interprets and executes codes of a computer program created in a procedural language in an environment with a tamper resistant performance, wherein a security attribute and an authentication key are provided in units of functions in the computer program executed by the program executing unit, and wherein the program executing unit executes authentication processing with the authentication key for executing the function, which makes it possible to execute the function based on the security attribute.

Abstract: Online and on-premise applications identify trusted authentication providers. The applications are configured with a list of trusted issuers of authentication credentials. When an application receives a request requiring authentication, the application returns a 401 response that includes the trusted issuer list. The requesting application compares the trusted issuer list from the 401 response to its own list of authentication providers. If there is a match between the two lists, then the requesting application creates a self-issued token for the authentication provider. The authentication provider uses the self-issued token to generate an authentication token for the requesting application. The requesting application may also directly create a token for a target partner application, without an authentication provider, if there is a direct trust between the two applications.

Abstract: Techniques for in-line filtering of insecure or unwanted mobile components or communications (e.g., insecure or unwanted behaviors associated with applications for mobile devices (“apps”), updates for apps, communications to/from apps, operating system components/updates for mobile devices, etc.) for mobile devices are disclosed. In some embodiments, in-line filtering of apps for mobile devices includes intercepting a request for downloading an application to a mobile device; and modifying a response to the request for downloading the application to the mobile device. In some embodiments, the response includes a notification that the application cannot be downloaded due to an application risk policy violation.

Abstract: Concepts and technologies are disclosed herein for management of application access. A security management application can be configured to set access controls and/or other security settings relating to application programs. Additionally, or alternatively, particular functions and/or functionality associated with application programs may be individually configured. Settings reflecting the access controls and/or other security settings can be stored and can be applied at the user device. The security management application also can be configured to determine if security settings and/or access controls are to be overridden. Data can be collected from various sensors and/or other sources to use in determining if particular application programs and/or application program functionality is to be allowed. Thus, normally disallowed activities can be allowed in emergency conditions, when in a business location associated with a particular device, and/or at other times and/or under other circumstances.

Abstract: Embodiments of the present invention provide a method and system, including a client and security token, for reducing a size of a security-related object stored in the token. The object is stored in a storage structure that is indexed according to an identity reference to a certificate associated with the object and a private key identifier identifying a private key assigned to an owner of the token. A request to access an encrypted data object results in accessing the private key identifier in the storage structure using only the identity reference as an index.

Abstract: A computing device comprising a security slot integral with an external surface of the computing device, wherein the security slot is configured to receive and mechanically cooperate with a blocking mechanism. In certain aspects, the computing device further comprises a switch mounted behind the security slot and integral to the computing device and configured to permit access to a developer mode when the switch is in a first position and to restrict access to the developer mode when the switch is in a second position.

Abstract: An apparatus, system, and method are disclosed for network authentication and content distribution. The apparatus includes an authentication module configured to receive redirected network requests over a communications network from a firewall module and configured to present a user license agreement and not require user-identifiable information, and a content distribution module configured to synchronize over the communications network with a client module and transmit content to the client module. The system includes a firewall module connected with a global communications network, a network connected with the firewall module, a computing device configured to couple with the network, and the apparatus.

Abstract: Embodiments of the present invention provide an MTC device authentication method, an MTC gateway, and a related device, which are used to solve a problem that direct interaction between a large quantity of MTC devices and a network side brings a heavy load to a network when the MTC devices are authenticated in the prior art. The method includes: performing, by an MTC gateway, mutual authentication with a core network node; performing, by the MTC gateway, mutual authentication with an MTC device; reporting, by the MTC gateway, a result of the mutual authentication with the MTC device to the core network node; and providing, by the MTC gateway, a non access stratum link protection key K between the MTC device and the core network node according to a key K1 or a key K2.

Abstract: A method and circuit for implementing data theft prevention, and a design structure on which the subject circuit resides are provided. A polymeric resin containing microcapsules surrounds a security card. Each microcapsule contains a conductive material. The conductive material of the microcapsule provides shorting on the security card responsive to the polymer resin and the microcapsule being breached, and a data theft prevention function using the shorting by the conductive material to prevent data theft.

Abstract: A data storage device that can be reversibly associated with one or more of a plurality of hosts. A “trusted” host on which the device is mounted is allowed access to a secure data area of the device automatically, without the user having to enter a password. Ways in which a host is designated as “trusted” include storing the host's ID in a trusted host list of the device, storing a representation of the host's ID that was encrypted using a trust key of the device in a cookie in the host, or storing a storage password of the device in a password list of the host. Alternatively, an untrusted host is allowed access to the secure data area if a user enters a correct user password.

Abstract: The embodiments described herein generally relate to methods and systems for enabling a client to request a server to cancel the digital signing of a form file associated with a form. Successful cancellation of the digital signing process results in a return of the form file to its initial state, in which data are not lost, and the form can be resubmitted and/or the application of the digital signature can be retried. Request and response messages, communicated between a protocol client and a protocol server, cause the performance of protocol functions for applying a digital signature to a form file and for cancelling the signature thereof where errors in the signing process are detected. A versioning mechanism enabling the detection of version differences and resulting upgrades to the digital signature control allows for robust communications between a client and a server operating under different product versions.

Abstract: In one embodiment, the invention provides a portable wireless personal communication system for cooperating with a remote certification authority to employ time variable secure key information pursuant to a predetermined encryption algorithm to facilitate convenient, secure encrypted communication. The disclosed system includes a wireless handset, such as PDA, smartphone, cellular telephone or the like, characterized by a relatively robust data processing capability and a body mounted key generating component which is adapted to be mounted on an individual's body, in a permanent or semi-permanent manner, for wirelessly broadcasting, within the immediate proximity of the individual, a secret or private key identifying signal corresponding to a time variable secure key information under the control of the certification authority.

Abstract: A device and a method for graphical passwords. A device displays an initial image comprising a plurality of graphical elements, each graphical element having at least two variants; receives user input to select a variant of a number of the graphical elements, thereby generating a modified image; and generates the secret value from at least the selected variants of the graphical elements. The graphical elements are advantageously seamlessly integrated in the images, thereby making the system resistant to shoulder surfing attacks.