Abstract: Techniques for authenticating the identity of shippers and receivers of goods at each point along a supply chain. A central hub repository issues shippers and receivers a pair of public and private keys for encrypting communications between the shippers and receivers and the hub repository and for authenticating the identity of shippers and receivers. The hub repository may also maintain a log of all transactions between shippers and receivers to provide an audit trail that may be used to track the progress of goods along a supply chain.

Abstract: An apparatus having a carrier with circuit structures including a complex impedance has a measurement unit implemented to measure the complex impedance of the circuit structures at a first time to get a first result and at a later second time to get a second result. Further, either a control implemented to enable operation of a component or to judge whether unauthorized to the component has taken place in dependence on whether the first result matches the second result, or an interface implemented to transmit the first result and the second result in a wireless or wired manner to such a control are provided. In that way, specifically embedded systems without integrated security functions can be upgraded with cryptographic routines in a simple and cost effective manner.

Abstract: A system and method for application software security and auditing are disclosed. A particular embodiment includes an application security management system configured to: cause installation of a client application (app) agent in a client app on a client app server; communicate with the client app agent via a data network to collect trace data corresponding to data elements accessed in the client app and previously identified as sensitive data; cause transfer of information indicative of the trace data to a host site via the data network; identify a policy corresponding to the trace data; and apply the identified policy to the sensitive data elements in the client app.

Abstract: Method of authentication including sending a login web page to a first device of a user including a scannable code having an envelope ID and a login challenge. The envelope ID generated by an identity manager is associated with a first envelope of data including a session ID. A confirmation login request is received from a second device associated with the user, and includes a second envelope of data comprising the session ID, a user ID, and a seal of the user ID registering the user ID with the identity manager. The confirmation login request to the login challenge is verified using the session ID, and the user is verified using the user ID and seal. User login is authorized upon successful verification of the login challenge and user, and a communication session having the session ID is established between the web server and the first device.

Abstract: A wearable device includes: a touch screen; an acceleration sensor configured to generate an acceleration signal; an optical sensor using a light source and configured to generate a touch interrupt signal; and a control unit configured to detect a wearing state of the wearable device, the wearing state of the wearable device including a not-wearing state for the wearable device, a wrist wearing state, and a hand gripping state on the basis of the acceleration signal and the touch interrupt signal, and to execute a function corresponding to the wearing state of the wearable device.

Abstract: Methods, systems, and products authenticate a user to a device. A user selects or submits a media file for authentication. Features in the media file are compared to a set of criteria for authentication. The number of matching criteria, that is within a range of values for each criterion in the set of criteria, is determined. The number of matching criteria is compared to a threshold value. When the number of matching criteria equals or exceeds the threshold value, then the user that selected or submitted the media file is authenticated.

Abstract: Systems herein allow an administrator to efficiently enroll computing devices into a mobile device management system, even when those computing devices are offline and not connected to the system. A management server can include a console that allows the administrator to enroll an offline computing device by selecting an offline enrollment option on a registration record. This option can cause the management server to create a device record, indicating the computing device is enrolled. The management server can also create and save a provisioning file onto a storage device, such as a USB drive. Assets, such as graphics and applications, specified by the device record are also saved onto the storage device. The storage device can be physically connected to the computing device, at which point the provisioning file guides automatic installation of the assets and implementation of device settings and compliance rules specified by the device record.

Abstract: The invention relates to a method for transmission of a secure virtual key (VK) from a server (50, S) to a mobile terminal (20, T) capable of communicating with the server (50, S), comprising the steps of: a) reception by the server (50, S) of a certification request from the mobile terminal (20, T), b) provision and downloading on the mobile terminal (20, T), by the server (50, S), of a user application (25), and c) provision of the mobile terminal (20, T), by the server (50, S), with a virtual key (VK), and d) downloading and securing of the virtual key (VK) in a security element (27) of the mobile terminal (20, T), characterised in that said security element is formed by an encrypting software environment (27).

Abstract: A server has a communication interface, a database, a biometric authentication means, a password specifying means, and a password transmission means. The database stores information in which, for each registrant, biometric information, identification information of an application and a password are associated with one another. The biometric authentication means is configured to, upon receiving biometric information and identification information of an application from an external processing apparatus, execute biometric authentication by using the received biometric information and biometric information of a registrant registered in the database. If biometric authentication is successful, the password specifying means refers to the database and specifies a password corresponding to the identification information of a successfully authenticated registrant. The password transmission means transmits the specified password to the external processing apparatus via the communication interface.

Abstract: A system for managing security within an enterprise includes a computing device that receives a vulnerability, generates a user score for each user within the enterprise and generates a threat score for the vulnerability. A user device score may also be generated for each device associated with a user. Based on the user score and the threat score, a composite score is generated. After acquiring a security measure, the security measure is implemented based on the composite score and, at times, the user score.

Abstract: Mitigating malicious actions associated with graphical user interface elements may be performed by a computing device. A user interface element is monitored in a graphical user interface environment executing on the computing device. An association between the user interface element and a malicious action is determined. Access to the user interface element is blocked to prevent the malicious action.

Abstract: A respective node in a linear communication orbit receives an instruction packet through the linear communication orbit, where the instruction packet has been propagated from a starting node to the respective node through one or more upstream nodes along the linear communication orbit, and the instruction packet includes an instruction for establishing a direct duplex connection between the respective node and a respective server. In response to receiving the instruction packet, the respective node sends an outbound connection request to the respective server to establish the direct duplex connection. The respective node then uploads local data to the respective server through the direct duplex connection (e.g., in response to one or more queries, instructions, and requests received from the respective server through the direct duplex connection), where the respective server performs analysis on the local data received from the respective node through the direct duplex connection.

Abstract: Methods and systems for carrying out multiple campaigns of penetration testing using different lateral movement strategies for discovering and reporting security vulnerabilities of a networked system, the networked system comprising a plurality of network nodes interconnected by one or more networks.

Abstract: A mechanism called time-deterministic replay (TOR) that can reproduce the execution of a program, including its precise timing. Without TOR, reproducing the timing of an execution is difficult because there are many sources of timing variability. TOR uses a combination of techniques to either mitigate or eliminate most of these sources of variability. Using a prototype implementation of TOR in a Java Virtual Machine, we show it is possible to reproduce the timing to within 1.85% of the original execution. A study of one of the applications of TOR is described: the detection of a covert timing channel. Timing channels can be used to exfiltrate information from a compromised machine by subtly varying timing of the machine's outputs, TOR can detect this variation. Unlike prior solutions, which generally look for a specific type of timing channel, our approach can detect a wide variety of channels with high accuracy.

Abstract: The invention provides a processor device having an executable, white-box-masked implementation of a cryptographic algorithm implemented thereon. The white-box masking comprises an affine mapping A, which is so designed that every bit in the output values w of the affine mapping A depends on at least one bit of the obfuscation values y, thereby attaining that the output values w of the affine mapping A are statistically balanced.

Abstract: A system that implements a Hypertext Transfer Protocol Secure (HTTPS) enabled client tool to facilitate HTTPS communication between a client device (on which the tool is installed) and a remote browser through which online product support to the client device is provided. The client tool creates a unique self-signed digital certificate on the fly and is used for client-server authentication purpose. The validity of the certificate is set to one day to avoid its re-use. A unique private key for the certificate is generated as well and is neither shared with other client devices nor made available after authentication. In an HTTPS session, the certificate is renewed and re-authenticated every one hour of interaction with the remote browser. The most recent version of the certificate is stored. When the client tool application is exited or stopped, the stored certificate is deleted. This ensures a secure communication between the client device and the remote browser.

Abstract: A gateway apparatus for managing local-device access to vehicle data, including an input/output component for receiving requests for vehicle data from a local device and sending vehicle data to the local device. The apparatus also includes a tangible processing unit in communication with the input/output component and the input/output component, and a non-transitory computer-readable storage device. An access unit of the apparatus has access-unit code that receives, by way of the input/output component, a request for the vehicle data from a local device and determines whether the gateway apparatus may satisfy the request. A control unit has control-unit code that, when executed by the processing unit, determines what vehicle data will be provided. A data unit has data-unit code that prepares the vehicle data to be provided to the local device, and sends the vehicle data to the local device by way of the input/output component.

Abstract: A computing device executing an instant messaging application receives a selection from a user specifying at least one instant message conversation record to hide from view. The selected conversation record is hidden from view in response to occurrence of an event of a first type. In response to the occurrence of an event of a second type, a timer hidden from the user is launched. An unlock procedure is received from the user, where the user enters the unlock procedure. In response to the entered unlock procedure matching a predetermined unlock procedure prior to expiration of the timer, the corresponding hidden conversation record is made viewable and is accessible again by the user.

Abstract: Techniques involving migrating authenticated content on a network towards the consumer of the content. One representative technique includes a network node receiving an encrypted seed having at least a location of the user data at a network service that stores the user data, and a cryptographic key to access the user data. The seed is received in response to a user login attempt to the network service. The user data is requested from the location using at least the received cryptographic key. The method further includes receiving and storing the user data at the network node, where the network node is physically closer to a location of the user than is the location of the network service. If the user is successfully authenticated, user access is provided to the stored user data at the network node rather than from the network service.

Abstract: Systems and methods provide for management of a gateway. In one embodiment, a method includes: in response to a request from a client device, establishing, by a computer system implementing a gateway to a private network, a network tunnel between the client device and the gateway; and starting a firewall service with a set of firewall rules on the computer system for selectively blocking and allowing network traffic between the client device and one or more network devices in the private network.