Abstract: A system may register a use case with the use case including an application. An application identifier may be assigned to the application. The system may generate a transformation associated with the use case. The transformation may include logic to derive an output variable from a source variable. The system may also execute the transformation to derive output data for the output variable from source data of the source variable. The system may further lookup an access permission for the application using the application identifier in response to an access request.

Abstract: Interprocess communication between processes that run on a host operating system of a computer is performed by way of a protected temporary file. File access operation on the temporary file is hooked to detect writing to the temporary file. When a process writes a message to the temporary file, a verification is performed to determine whether or not the process is authorized to access the temporary file. When the process is authorized to access the temporary file, the process is allowed to write the message to the temporary file. This allows another process that is intended to receive the message to read the message from the temporary file and act on the message. Otherwise, when the process is not authorized to access the temporary file, the process is blocked from writing the message to the temporary file.

Abstract: A privacy enforcement engine conducts a process that evaluates user privacy preferences against the privacy policy of a service provider. The engine works in conjunction with an identity selector. The identity selector filters user identity information cards to determine which ones satisfy the requirements of a security policy. The engine identifies privacy preferences that are relevant to the user identity information specified by the successfully filtered cards. The engine evaluates these privacy preferences against the privacy policy, to provide its own filtering operation relative to the exercise of privacy controls. The cards that pass the filtering operation conducted by the engine are deemed available for disclosure.

Abstract: A method for generating a blockchain configured for fast navigation includes: storing a blockchain comprised of a plurality of blocks, each block including a header comprised of a fast track flag, fast track reference, timestamp, and hash value, where the plurality of blocks includes standard blocks having a deactivated fast track flag and fast track blocks having an activated fast track flag; identifying a most recent fast track block based on the timestamp in the fast track blocks; identifying a most recent overall block based on the timestamp included in the plurality of blocks; generating a fast track hash value via hashing the most recent fast track block; generating a chain hash value via hashing the most recent overall block; and writing a new block to the blockchain including a block header comprised of a timestamp, activated fast track flag, the fast track hash value, and the chain hash value.

Abstract: A method of operating a data store system may include generating a registration key in response to identify a non-responsive processing node in a plurality of processing nodes. The method may further include providing the registration key to the other processing nodes of the plurality of processing nodes excluding the identified non-responsive processing node. The method may further include providing the registration key to a plurality of storage cluster nodes in communication with the plurality of processing nodes over a network. Each storage cluster node may be configured to manage access to a respective set of persistent storage devices. Each processing node provided the registration key may be authorized to access each of the persistent storage devices. A system and computer-readable medium may also be implemented.

Abstract: Embodiments provide a system and method for network tracking. Through various methods of packet encapsulation or IP option filling, one or more packets of information can be tagged with a unique security tag to prevent unauthorized access. A user agent can be validated by an authentication server through acceptance of one or more user credentials. The authentication server can generate a security token that can be transmitted to the user agent. The user agent can generate a keystream from the security token, and portions of that keystream can be attached to the packets as the security tag. The tagged packets can be forwarded to an authenticator, who can recreate the keystream from a copy of the security token provided by the authentication server. If the tags generated from the authenticator match the tags on the tagged packet, the authenticator can strip the tag from the tagged packet and forward the packet on to its next network address.

Abstract: A method for configuring a profile of a subscriber authenticating module embedded and installed in a terminal device, and an apparatus using same, are disclosed. The subscriber authenticating module embedded and installed in the terminal device according to an exemplary embodiment includes one or more network access application related data sets and one or more profiles having unique identifiers. The present invention enables an eco-system provider such as a network service provider, a eUICC manufacturer, or a terminal manufacturer to develop an efficient and rapid eUICC and provide a eUICC service.

Abstract: Method for establishing secure communication between a plurality of IoT devices in one or more vehicles include: provisioning the plurality of IoT devices by providing a unique identification, a digital identity token and a cryptographic key to each of the plurality of IoT devices; establishing a secure communication line between the plurality of IoT devices by authenticating respective communication lines between respective IoT devices and issuing a digital certificate to the respective communication lines; grouping the plurality of IoT devices into different groups based on a predetermined criteria; and including a group membership for a group of the different groups in an attribute certificate indicating group characterization.

Abstract: A system that provides responses to requests obtains a key that is used to digitally sign the request. The key is derived from information that is shared with a requestor to which the response is sent. The requestor derives, using the shared information, derives a key usable to verify the digital signature of the response, thereby enabling the requestor to operate in accordance with whether the digital signature of the response matches the response.

Abstract: A method and apparatus of key negotiation processing, which includes acquiring, by a control network element, a first key negotiation parameter and a second key negotiation parameter, and sending, by the control network element, the first key negotiation parameter and/or the second key negotiation parameter to the first user equipment UE and a second UE such that the first UE and the second UE generate a key according to the first key negotiation parameter and the second key negotiation parameter. Key negotiation may be performed between two UEs that perform proximity communication.

Abstract: Provided are an electronic apparatus in which a normal operating system (OS) and a secure OS are installed and a method for controlling the electronic apparatus. The method for controlling the electronic apparatus includes searching for at least one external terminal in which a secure OS is installed, selecting a first terminal from among the at least one external terminal in which a secure OS is installed, in response to a first terminal being selected from the retrieved at least one external terminal, performing communication connection with the first terminal, searching for at least one terminal in which only a normal OS is installed, from among at least one external terminal that is capable of being communication-connected to the first terminal, and performing communication with a second terminal of the at least one terminal in which only the normal OS is installed, through the first terminal.

Abstract: Location-based configuration profile toggling may be provided. Configuration profiles associated with user devices may be identified, determinations of whether the user devices are authorized to enable the configuration profiles on the user devices may be made based at least in part on location constraints, and the configuration profiles may be enabled on the user devices if the location constraints are satisfied.

Abstract: There are disclosed methods and apparatus for manufacture of image inventories. A production and packaging machine applies derivations to still images from image products. It assigns metadata to the derivative images. The production and packaging machine then generates a cryptographic hash of the derivative image and the metadata to produce a derivative image product, and writes the hash to a node of a transaction processing network.

Abstract: Secure and remote operation of a remote computer from a local computer over a network includes authenticating a remote computer for connection to a computer over the network and/or a local computer for connection to a remote computer over the network; establishing a secure connection therebetween; and integrating a desktop of a remote computer on a display of a local computer. Functions that are performed may include one or more of: integrating a file structure of accessible files accessed at the second or first computer, into a file structure contained at the first or second computer, respectively; at least one of integrating a desktop of the second computer on a display of the first computer and integrating a desktop of the first computer on a display of the second computer; and directly operating the second computer from the first computer or the first computer from the second computer.

Abstract: Systems, methods, and computer-readable media are described for a network address block treatment server. The network address block treatment server identifies blocks of network addresses, associates them with treatments, and generates compact representations of the network address blocks. Blocks may be identified based on network activity data or on the treatment of individual network addresses, and treatments may be associated with address blocks based on address-level and/or block-level criteria. Treatments may include, for example, denying service requests, throttling, queueing, issuing a challenge-response, or limiting the number or scope of services. The network address block treatment server may review treatments periodically or upon receipt of additional network activity data. The server may implement treatments in connection with firewall or routing services, or may transmit address block representations and associated treatments to network service providers for implementation.

Abstract: A method of ensuring the identity of a first processing device to a second processing device allows for secure network communication between the devices. A network resource address including an encoded trusted identifier in a portion of the address excluding the host name of the first processing device are provided to a second processing device by a trusted distribution mechanism. The trusted identifier is derived from a public key of the first processing device. Communication is initiated with the first processing device at the network resource address and a public key purporting to identify the first processing device is received in response to initiating the communication. The trusted identifier is compared to a transformation of at least a portion of the public key to determine a match between the identifier and the transformation. If the trusted identifier and the transformation match, the identity of the first processing device is verified.

Abstract: A method and system are provided for securing telecommunications traffic data. A method is provided for transmitting messages via a telecommunications network between a number of subscribers by means of a telecommunications service, wherein the telecommunications service receives at least one first message of individual first size from at least one first subscriber to the telecommunications service that is intended for at least one second subscriber of the telecommunications service. In reaction to receiving a message, the telecommunications service sends at least one second message to the at least one second subscriber, wherein the at least one second message obtains a second size. The first size cannot be conclusively deduced from the second size.

Abstract: A method according to one embodiment includes reading a unique credential identifier of a passive credential device, transmitting the unique credential identifier to a credential management system over a secure wireless connection, receiving credential device data from the credential management system over the secure wireless connection, and transmitting the received credential device data to the passive credential device.

Abstract: A method for processing session and a device thereof, a server and a storage medium are provided. The method includes: capturing packets sent from a client associated with the session; reconstituting a packet flow of the session from the captured packets based on quintets of the packets, wherein the quintet comprises a source address, a destination address, a source port, a destination port and a protocol number of the packet; extracting a behavior attribute of the client from the packet flow; determining that the behavior attribute of the client is beyond a baseline; and interrupting the session with the client.

Abstract: The present disclosure discloses an authentication server, an authentication system and an authentication method. The authentication server includes an information acquisition module and an identity authentication module. The information acquisition module obtains telecommunication user information from a telecommunications server, and obtains merchant user information from a merchant server, based on an end-user's cell phone number. The identity authentication module compares the telecommunication user information with the merchant user information according to a predetermined authentication mode, and returns a comparison result to the merchant server. The authentication method of the present disclosure can obtain better security protection, fast authentication, better user experience, and avoid security problem of repeat SMS interception.