Abstract: A computing device includes a secure storage hardware to store a secret value and processing hardware comprising at least one of a cache or a memory. During a secure boot process the processing hardware loads untrusted data into at least one of the cache or the memory of the processing hardware, the untrusted data comprising an encrypted data segment and a validator, retrieves the secret value from the secure storage hardware, derives an initial key based at least in part on an identifier associated with the encrypted data segment and the secret value, verifies, using the validator, whether the encrypted data segment has been modified, and decrypts the encrypted data segment using a first decryption key derived from the initial key to produce a decrypted data segment responsive to verifying that the encrypted data segment has not been modified.

Abstract: There is disclosed some techniques for processing an authentication request. In one example, a method comprises the step of determining the velocity between authentication requests of a user associated with the requests. Additionally, the method determines the likelihood that a location associated with one of the requests is associated with the user location. Furthermore, the method generates an authentication result based on the likelihood that a location associated with one of the requests is associated with the user location.

Abstract: An approach for receiving a request for an authentication code for presentation in an authentication user interface, wherein the request is from a relying party and wherein the authentication user interface is presented by the relying party at a first device. The approach further involves transmitting the authentication code to the relying party. The approach also involves authenticating a user with respect to the relying party by determining that a second device associated with the user has read the authentication code from the authentication user interface of the first device, wherein the second device is a previously authenticated device.

Abstract: A system and method for securely recording voice communications, comprising an authentication server, further comprising at least a software components operating on a network-capable computing device, and a database, wherein an authentication server verifies the validity of voice communications and a database stores voice communication recordings.

Abstract: A privacy processing system may use privacy rules to filter sensitive personal information from web session data. The privacy processing system may generate privacy profiles or privacy metadata that identifies how often the privacy rules are called, how often the privacy rules successfully complete actions, and the processing time required to execute the privacy rules. The privacy profiles may be used to detect irregularities in the privacy filtering process that may be associated with a variety of privacy filtering and web session problems.

Abstract: Examples disclose a cable to secure data transmission. Examples of the cable include a connector to connect to a computing device for data transmission. Further, the examples of the cable include an active component coupled to the connector and embedded in the cable. The active component is to at least perform one of encrypt and decrypt the data transmitted on the cable.

Abstract: Provisioning techniques are described. In implementations, a particular one of a plurality of public keys are located using an identifier included in a request received via a network. The located public key is communicated via the network, the public key configured to encrypt data that is to be decrypted by a secure element of a mobile communication device, the secure element implemented using hardware and including a private key that is configured to decrypt the data that was encrypted using the public key.

Abstract: Provided are an authentication method and an apparatus for the method. An authentication method includes generating, at a terminal, an identifier (ID)-based secret key using an ID of a user of the terminal and key generation factors exchanged with a server, encrypting, at the terminal, a password of the user using a symmetric key encryption algorithm taking the generated secret key as a symmetric key, and requesting authentication for the terminal user by transmitting the encrypted password to the server, and receiving, at the terminal, a response to the authentication request from the server.

Abstract: A method for simulation aided security event management, the method comprises: generating attack simulation information that comprises multiple simulation data items of at least one data item type out of vulnerability instances data items, attack step data items and attack simulation scope data items; wherein the generating of attack simulation information is responsive to a network model, at least one attack starting point and attack action information; identifying security events in response to a correlation between simulation data items and event data; and prioritizing identified security events.

Abstract: A triggering mechanism may provide a user of a device the ability to send a multimedia message and/or capture multimedia information via the device without the user unlocking the device, without the user opening a messaging application and/or without the user opening an information capturing application on the device. In an example configuration, an emergency call button, or the like, on the device may provide a user several options for sending a message and/or capturing information. Upon selecting one or more of the options, applications for effectuating the selected option(s) may be automatically initiated without user intervention.

Abstract: In some implementations, a computing device may download a campaign from a server. The campaign may include a trigger and one or more actions associated with the trigger. In response to detecting that the trigger occurred, the computing device may perform the one or more actions associated with the trigger. The trigger may comprise an event that occurs at the computing device or a short message service (SMS) message that originates from the server.

Abstract: Enforcing access control to individual extensions of services in a multi-tenant cloud environment by initializing objects for the extension based on public and private configuration files with service access rules that are merged is described. This allows third party vendors to specify payment rules for their own extensions while securely keeping the core extension configuration files. Tenants of the multi-tenant cloud environment can pick and choose which services to purchase, and the cloud environment automates the process of accessing the service using the third-party developer's tenant access list rules.

Abstract: Techniques are described for use in inhibiting attempts to fraudulently obtain access to confidential information about users. In some situations, the techniques involve automatically analyzing at least some requests for information that are received by a Web site or other electronic information service, such as to determine whether they likely reflect fraudulent activities by the request senders or other parties that initiate the requests. For example, if a request is being made to a Web site based on a user's interaction with a third-party information source (e.g., another unaffiliated Web site) that is not authorized to initiate the request, the third-party information source may be a fraudulent phishing site or engaging in other types of fraudulent activity. If fraudulent activity is suspected based on analysis of one or more information requests, one or more actions may be taken to inhibit the fraudulent activity.

Abstract: Methods and a system involve secure communication between an RFID tag and a reader via the over-the-air interface, and to corresponding RFID tags and corresponding readers. A modification of the Rabin method is employed wherein within the framework of the encryption of a plaintext M into which an identification element of the RFID tag or of an object furnished therewith is incorporated, there is computed by the RFID tag, the Montgomery residue (Montgomery reduction) of the square of the plaintext M modulo n with respect to a Montgomery base R, i.e. C*=M2R?1 mod n, and the resultant ciphertext C* is employed for authenticating the RFID tag. The modulus n=p·q is the public key of the reader, the prime numbers p, q are the private key of the reader, and the Montgomery base R is an integer that is larger than the modulus n.

Abstract: A method and system for role based access control for a plurality of users in a heterogeneous enterprise environment, comprising: establishing a functional relationship between a plurality of provisioning unit using a provision unit module. The users are mapped with the provisioning unit based on attributes of the users. Events are captured via the provision unit module. The users needed to be re-mapped are determined upon the event completion. Application role defined in context of an application embedded in an application registry module is mapped with the provisioning unit. Call back service is executed for the re-mapped users having entitlement associated with each of the application stored in a roles registry module. An application role is determined and defined for a new user for the plurality of the application enabling managing of the role based access control.

Abstract: Disclosed herein are a system and method for updating information capable of providing media content, wherein when a service restriction is generated in a DMS in a home network system based on DLNA. The system include a DMS configured to send service limitation information to DMPs when service limitation is generated and to send an unable content list to a specific DMP of the DMPs when a request for the unable content list is received from the specific DMP and the DMPs each configured to request the unable content list from the DMS when receiving the service limitation information from the DMS, receive the unable content list from the DMS, and update a content list by applying the received unable content list to the content list.

Abstract: A method of processing requests for different digital services hosted by respective service entities is disclosed. The method including steps of receiving a request packet from a communication device, the request packet includes source and destination identifiers, determining which one of the different digital services the communication device is requesting a service, based on the destination identifier, authenticating the request packet based on the source identifier to determine an access permission of the communication device for accessing the determined digital service, and if the access permission is granted, modifying the request packet and forwarding the modified request packet based on the destination identifier to the determined digital service for processing.

Abstract: A system and method for a credentials agent that automatically rotates and stores security credentials usable at least in part to authenticate calling applications with a computing resource service provider. Upon determining that a first set of credentials are due to be rotated, the credentials agent may obtain a second set of credentials and store the second set of credentials in a data store. The credentials agent may give notice to a calling application that the first set of credentials is due to be rotated, whereupon the calling application may obtain the second set of credentials and be authenticated to access a resource of the computing resource service provider at least in part by providing the second set of credentials. The authorization system provides visualizations and alerts to administrators of unexpected states that may be caused by misconfigured applications or malicious users.

Abstract: An information processing system provisions a client account for a user to enable a client computer associated with the user to store information in an elastic storage system and to prohibit the client computer, the information processing system, and the elastic storage system from altering and from deleting the stored information during an authorized retention period. Data messages are received from one or more client computers and include information that is required to be stored for the authorized retention period. That information is transmitted via one or more data communications networks to the elastic storage system for storage so that the stored information is non-rewriteable and non-erasable during the authorized retention period. The secure data center receives the retrieved copy and provides it to the user device.

Abstract: In an embodiment, a method is provided for enabling in-band data exchange between networks. The method can comprise receiving, by a first enveloping proxy located in the first network, at least one regular secure sockets layer (SSL) record for a SSL session established between a client and a server; receiving the data from a network element located in the first network; encoding the data into at least one custom SSL record; and transmitting the at least one regular SSL record and the at least one custom SSL record to an enveloping proxy. In another embodiment, a method can comprise receiving at least one regular secure sockets layer (SSL) record and at least one custom SSL record for a SSL session established between a client and a server; extracting the data from the at least one custom SSL; transmitting the at least one regular SSL record.