Abstract: A method and a system is provided for establishing a communications path over a communications network between a personal security device (PSD) and a remote computer system without requiring the converting of high-level messages such as API-level messages to PSD-formatted messages such as APDU-formatted messages (and inversely) to be installed on a local client device in which the PSD is connected.

Abstract: Disclosed is an anti-spying encrypted keyboard, particularly an anti-spying encrypted keyboard having an anti-spying detection protective system in multiple aspects. The anti-spying encrypted keyboard comprises a key panel and a main control board. The main control board includes a control circuit with self-destruct function. The control circuit is fixedly sealed on the back of the main control board by an anti-spying protective mechanism. The anti-spying protection mechanism is electrically connected with the control circuit.

Abstract: A system includes a bidirectional signal bus controlled by an M×S master/slave bridge circuit. An application processor having at least one core is communicatively coupled by the bidirectional signal bus to a radio processor having at least one virtual machine. The core hosts a master agent. The virtual machine hosts a slave agent. Each master agent is coupled to a collector server by an authenticated connection circuit to receive and store profiles and build and transmit packages. Each master agent is coupled to at least one slave agent and can transmit a profile to the slave agent and request and receive packages which are generated by the slave agent by executing the profile. Each slave agent receives and executes profiles to collect data from radio circuits and upon command builds and transmits data packages to a master agent.

Abstract: A method for establishing a secured communication channel, between a first processing component and a second processing component; the method comprising executing a digital rights management agent on a processing unit, the digital rights management agent being configured to enforce permissions associated with digital content based on a digital rights management protection mechanism; receiving, by the digital rights management agent at least a security data item, the security data item including a session key data item; verifying authenticity of the received session key data item by the digital rights management agent using said digital rights management protection mechanism; providing the verified session key data item by the digital rights management agent to at least the second processing component; establishing a secured communication channel between the first and second processing components using at least the provided session key data item.

Abstract: An information processing apparatus includes following components. An authentication processing unit authenticates a user. A display displays information. An accessing unit accesses an external service. An authenticated-access-information acquiring unit acquires authenticated access information associated with user information for identifying an authenticated user. An unauthenticated-access-information acquiring unit acquires unauthenticated access information having been input by an unauthenticated user when accessing the external service.

Abstract: In one embodiment, a method for applying security policy in an overlay network includes receiving a request, including a packet, for a communication path through an overlay network, determining whether a security policy is to be applied to the packet based on at least one of: contents of the packet, first information, and second information, selecting a communication path between a source physical switch and a destination physical switch, wherein the selected communication path directly connects the source physical switch to the destination physical switch when it is determined to not apply the security policy to the packet, and the selected communication path connects the source physical switch to the destination physical switch via a security appliance when it is determined to apply the security policy to the packet, and sending the selected communication path to the source physical switch.

Abstract: A controlling device may acquire setting information regarding a wireless setting for a wireless communication currently being set in a wireless communication device. The controlling device may determine, using the setting information, whether the wireless setting indicates a first authentication method in which an authentication is performed by an authentication server or a second authentication method in which an authentication is performed by a device with which the wireless communication performing unit performs a wireless communication directly. The controlling device may provide a first screen to a displaying unit in a first case where a determination is made that the wireless setting indicates the first authentication method. The controlling device may provide a second screen which is different from the first screen to the displaying unit in a second case where a determination is made that the wireless setting indicates the second authentication method.

Abstract: Techniques described and suggested herein include systems and methods for identifying potential sources of infections of devices by unauthorized code. In an embodiment, network traffic is logged. A plurality of computing devices that include unauthorized code is identified. The logged traffic is used to identify information sources accessed by the identified affected devices. The identified information sources may be refined. Refinement of the identified information sources may include excluding information sources that have been accessed by uninfected devices. A user interface that allows a user to further refine the identified information sources may be provided.

Abstract: An electronic device comprises an outer case, a wireless card reader and a signal processing device. The outer case comprises a door and a metal wall. The metal wall is disposed on a lateral side of the outer case and has an opening. The door is disposed on the metal wall and capable of covering the opening. The wireless card reader is inside the door and capable of transmitting wireless signals. The signal processing device has a case, a data storage device and a safety mechanism. The signal processing device is inside the outer case and is electrically connected to the wireless card reader. The signal processing device is capable of processing the data of wireless signals from the wireless card reader. When the case is dissembled, the safety mechanism destroys at least part of the data stored in the data storage device.

Abstract: An approach for enabling controlled access to a limited set of remote services associated with a device is described. A controlled access platform determines one or more network access descriptors to associate with a calling application of a device configured to access a remote service via a communication network. The controlled access platform initiates a limiting of the calling application to one or more allowed network interaction types with a remote service or a network access component associated with the device based on a profile for defining one or more allowed network interaction types between the calling application and the remote service.

Abstract: Disclosed are a method, apparatus, and system for securing a communication link between a user equipment device (UE) and a communication network. A first wireless communication link is established between the UE and the communication network. The first wireless communication link is an unsecured communication link and is established under a first air interface protocol. A second wireless communication link is established between the UE and the communication network. The second wireless communication link is a secured communication link and is established under a second air interface protocol. An encryption key is transmitted to the UE over the second wireless communication link, the UE encrypts data using the encryption key, and the encrypted data is communicated over the first wireless communication link from the UE to the communication network.

Abstract: A server receives from a mobile communication device application data identifying an application accessible by the mobile communication device. The server uses at least some of the application data to assess the application. The application data can include, for example, behavioral data, metadata, parts of the application, information indicating the application is installed on the mobile communication device, or combinations of these.

Abstract: Systems and methods are provided for protecting electronic content from the time it is packaged through the time it is experienced by an end user. Protection against content misuse is accomplished using a combination of encryption, watermark screening, detection of invalid content processing software and hardware, and/or detection of invalid content flows. Encryption protects the secrecy of content while it is being transferred or stored. Watermark screening protects against the unauthorized use of content. Watermark screening is provided by invoking a filter module to examine content for the presence of a watermark before the content is delivered to output hardware or software. The filter module is operable to prevent delivery of the content to the output hardware or software if it detects a predefined protection mark. Invalid content processing software is detected by a monitoring mechanism that validates the software involved in processing protected electronic content.

Abstract: A system and method for selectively securing data from unauthorized access on a client device storing a plurality of data types with reference to an authorization level indicated in a command. A command is received at a client device comprising an authorization level indicator. Based on at least one predefined rule, which may be implemented in an IT policy stored at the client device, each of the plurality of data types to be secured is determined, and then the data corresponding to those types is secured. The data may be secured by encrypting and/or deleting the data at the client device. The predefined rules associated with each authorization level may be configured by a user or administrator having an authorization level that exceeds the associated authorization level.

Abstract: A method for adjusting the frequency of updating certificate revocation list is provided. The method is used in a certificate authority. The method includes: receiving a first information indicating security levels from neighbor certificate authorities in a neighborhood or a central certificate authority; detecting whether the certificate authority has received a signal indicating that a user is using a revoked certificate and generating a second information of a security level; calculating an index value or a set of index values by the first information indicating the security levels of neighborhoods and the second information indicating its own security level; and adjusting the update frequency of updating the certificate revocation list according to the calculated index values or the set of index values.

Abstract: Novel methods, components, and systems that enhance traditional techniques for detecting malicious software are presented. More specifically, methods, components, and systems that use important contextual information from a client system (such as recent history of events on that system), machine learning techniques, the automated deployment of generic signatures, and combinations thereof, to detect malicious software. The disclosed invention provides a significant improvement with regard to automation compared to previous approaches.

Abstract: Disclosed herein are a method for providing active security authentication, and a terminal and system for supporting the same. The terminal includes a storage unit, a display unit, an input unit and a control unit. The control unit arranges a plurality of keys through an arrangement of random numbers when a security execution condition is satisfied, outputs, to the display unit, a security authentication screen based on a random-number matrix in which at least some keys in key regions adjacent to an item key among the plurality of keys arranged by the arrangement of the random numbers are set to exception keys that a user must not press, and decide that the terminal is used for an illegal use when the exception keys are included in an input information generated through the input unit.

Abstract: Provided are techniques for receiving, from a user, a first Role-Based Access Control (RBAC) request for access to a resource; correlating the first RBAC request to a first originating host device; mapping an ID corresponding to the user, the first originating host device and the resource to a first role; generating, based upon the first role, a first set of permissions corresponding to the resource; and enabling to the user to access the resource from the first originating host device in conformity with the first set of permissions. In addition to ID, host and resource, a communication medium may be factored into the mapping.

Abstract: A computer-implemented method for determining that uniform resource locators are malicious may include identifying a uniform resource locator that may be posted on a social networking platform and that may be subject to a security assessment, gathering contextual data from the social networking platform that describes at least one instance of the uniform resource locator within the social networking platform, generating, based on the contextual data, a social fingerprint of the uniform resource locator and classifying the uniform resource locator as malicious based at least in part on the social fingerprint. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Embodiments of a mobile device and methods automatically connecting to a Wi-Fi Hotspot 2.0 are generally described herein. In some embodiments, subscription information for one or more service providers (SP) that operate Wi-Fi networks is stored in a subscription data object of the mobile device. The subscription information includes home service provider information, policy information and pre-provisioned credentials. The mobile device may be configured to determine, without user interaction, if the subscription information is applicable to an available Wi-Fi network and perform without user interaction, an extensible authentication protocol (EAP) based authentication using the pre-provisioned credentials with the available Wi-Fi network to establish a Wi-Fi connection with the available Wi-Fi network. This automatic connectivity may allow a mobile device to roam across Wi-Fi hotspots of Wi-Fi networks and offload traffic to Wi-Fi networks.