Abstract: The present invention provides a security key change method and a user equipment (UE). The method performed by the UE includes: receiving a key change command message from a master eNodeB (MeNB), wherein the key change command message comprises an indication that a change of a security key between the UE and a secondary eNodeB (SeNB), and the UE is configured with a dual connectivity between the MeNB and the SeNB; updating a security key between the UE and the SeNB; performing random access to the SeNB; and sending a key change complete message to the MeNB.

Abstract: In some implementations, a method of managing access to resources in a single device including receiving, from a first resource assigned to a first perimeter, a request to access a second resource assigned to a second perimeter different from the first perimeter. The single device includes the first perimeter and the second perimeter. Whether access to the second resource is prohibited is determined based on a management policy for the first perimeter. The management policy defining one or more rules for accessing resources assigned to the second perimeter including the second resource.

Abstract: An electronic communications method includes receiving, by a device, an electronic communication. The electronic communications method further includes analyzing, by the device, the electronic communications. The electronic communications method further includes generating, by the device, an electronic authentication certificate. The electronic communications method further includes sending a second electronic communication to another device that indicates that an electronic authentication certificate is generated for a particular electronic entity.

Abstract: Embodiments of the present invention may detect, identify, and notify of email phishing attacks. For example, a method may comprise constructing at least one behavioral model for an organization based on features extracted from a plurality of email messages and based on information relating to the organization, including analyzing behavioral patterns of emails in the organization, analyzing a plurality of new email messages using the behavioral model to determine non-binary scores representing analysis of features of the messages, including behavioral patterns of the new emails in the organization with regard to the features, determining whether any of the plurality of new email messages are malicious email messages based on the non-binary scores for the new email messages indicating that the new email messages deviate from the behavioral patterns of emails in the organization included in the behavioral model, and transmitting a notification that a message is a malicious email message.

Abstract: Systems and methods for configuration vulnerability checking and remediation are provided. The systems provided herein map vulnerability data with compliance data, such that automated compliance indication may be facilitated.

Abstract: Briefly, methods and/or apparatuses of virtual deployment of network-related features are disclosed.

Abstract: A security system makes secure exchanges between a services platform and a communicating thing, which includes a control device. The system further includes a server, referred to as a “mediation” server, which receives a message, referred to as a “first” message, from the services platform, encrypts the first message, and sends the encrypted first message to the communicating thing. The communicating thing is also fitted with an IC card that is distinct from the control device and that decrypts the encrypted first message and sends the decrypted first message to the control device. The encryption and decryption operations are performed by at least one secret key shared between the mediation server and the IC card.

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

Abstract: In various implementations, a method includes receiving a request to establish an end-to-end encrypted session between a device in an enterprise network and an external entity that is outside the enterprise network. In some implementations, the end-to-end encrypted session allows encrypted packets to be transmitted between the device and the external entity. In various implementations, the method includes determining whether the request satisfies an enterprise security criterion for establishing the end-to-end encryption session. In various implementations, the method includes in response to determining that the request satisfies the enterprise security criterion, triggering the establishment of the end-to-end encrypted session between the device in the enterprise network and the external entity that is outside the enterprise entity.

Abstract: Briefly, methods and/or apparatuses of overlaying a secure, connected, flexible networking structure, such as on cloud infrastructure, are described.

Abstract: A method of dynamically generating a domain based public group key and private member keys using a domain key agent, a domain key service of a domain key broker, and a domain key distribution center. The method includes: sending to the domain key service of a domain key broker a request for a private member key for the domain, wherein the request includes proof of possession of a vehicle private key associated with a vehicle certificate and a vehicle public key; receiving from the domain key service a private member key and a public group key; sending a message digitally signed using the member private key; verifying the digital signature on the received message using the public group key; and dynamically renewing the public group key and private member key based on the domain.

Abstract: A method is disclosed for providing first data and a first secret key to a cipher processor for ciphering. The first data is ciphered in accordance with a first cipher process and the first secret key to provide output data. Before ciphering of the first data, extra data is inserted within the cipher processor for ciphering in accordance with at least a portion of said first cipher process. The extra data is inserted within a sequence of cipher processor operations for obfuscating the output data.

Abstract: A method for ensuring compliance with organizational policies is described herein. The method can include the step of monitoring one or more parameters of a managed computing device for compliance with one or more policies of an organization in which the organizational policies may include limitations on the managed computing device. The method can also include the step of detecting a non-conformance event at the managed computing device with respect to at least one organizational policy. In response to the detection of the non-conformance event, the operation of the managed computing device may be restricted with respect to features or data associated with the organization.

Abstract: An attack on an RSA encryption algorithm based on simple power analysis (SPA) is thwarted by scrambling the sliding window sequence that results from performing sliding window processing on a power exponent. The sliding window sequence is scrambled with a random code that is utilized to determine an adjustment tendency and an adjustment length.

Abstract: A method of providing security for containers executing on a physical host machine is provided. The method receives a notification of a file access request. The notification includes a path in a file system of the host machine being accessed by a process. From the path, the method determines whether the file access event is for accessing a location in the file system to which container file systems are mapped. The method identifies a namespace of the process using the identification of the process included in the file path. The method determines the process is a container when the namespace belongs to a service that is used to implement containers on the host machine. The method sends the identifier of the container, the identification of a VM executing the container, and the file path to a set of security applications to determine whether the file access request to be allowed.

Abstract: A mechanism for providing secure feature and key management in integrated circuits is described. An example method includes receiving, by a root authority system, data identifying a command that affects operation of an integrated circuit, singing, by the root authority system, the command using a root authority key to create a root signed block (RSB), and providing the RSB to a security manager of the integrated circuit.

Abstract: Content receivers may simultaneously record multiple instances of content for multiple programming channels based on content provider instructions. Systems and methods utilize the content receivers to record these multiple instances from at least a single transponder. In some instances, multiple transponders may have a common control word so that content carried on each such transponder may be simultaneously received, decoded and recorded. Further, a single demodulator may be associated with multiple tuners, so that the single demodulator processes all content received from transponders with common control words and/or other encryption mechanisms.

Abstract: Briefly, methods and/or apparatuses of virtual deployment of network-related features are disclosed.

Abstract: Systems and methods are included for causing a computing device to implement a management policy prior to a user logging into an operating system on initial boot. As part of initial boot, the computing device contacts a management server for enrollment. Installation of the operating system is paused while the management server synchronizes the software and policies on the computing device. To do this prior to login, the management server can create a temporary user account to associate with the computing device and apply a default management policy. After the installation is complete, an installed management agent can gather user inputs made during login. The management agent can send these inputs to the management server for use in creating an actual user account to associate with the computing device.

Abstract: Embodiments of the present disclosure comprise methods, apparatus and computer readable instructions for establishing a relationship between user accounts. An account association request message in relation in relation to a first user account and a second user account is received. The account identifier for the first user account and the account identifier for the second user account is determined based on the account association request message. A profile information message is transmitted on the basis of the account identifier for the second user account and in response, a profile information response message is received. A relationship between the first user account and the second user account is established least in response to receipt of the profile information response message.