Abstract: A discovery method for Device-to-Device (D2D) communication is provided. A terminal transmits a discovery service request message for D2D communication including one of application information and group information for a Proximity based Service (ProSe) to a server. The terminal receives, from the server, a discovery service key delivery message including a discovery service key corresponding to the one of the application information and the group information for a ProSe. The terminal acquires the discovery service key by decrypting the discovery service key delivery message, and performs discovery by encrypting a discovery code with the acquired discovery service key.

Abstract: A method and apparatus of a network element that authenticates a field replaceable unit of the network element is described. The network element authenticates a field replaceable unit of the network element by generating a nonce. In addition, the network element generates a signature using a nonce and a private encryption key that is securely stored in the field replaceable unit. The network element further verifies the signature using a public encryption key that is a pair to the private encryption key and is not securely stored in the field replaceable unit. If the field replaceable unit is verified, the network element uses the field replaceable unit to operate the network element. Otherwise, the network element disables the field replaceable unit.

Abstract: A keying infrastructure may generate and/or manage cryptographic keys. The cryptographic keys may include identity keys, encryption keys, and a variety of other types of keys. The cryptographic keys may be derived or created with a key derivation function (KDF) or other one-way function. The cryptographic keys may include keys that are accessible to a boot loader, keys that are accessible to particular components of a Trusted Execution Environment (TrEE), and so on. In some examples, a key may be derived from a preceding key in a sequence of keys. The preceding key may be deleted when the key is derived.

Abstract: The present invention relates to a web server having a web application using published API of one or more cloud storage providers, said web application being dedicated to secure and economical sharing of encrypted files residing at the cloud storage providers, said files being managed under a virtual folder which is shared by a group of different entities.

Abstract: The invention concerns a method of identification of a person to be identified, comprising: receiving, from an input device (106A to 106C), user input data of the person to be identified and location data indicating the location of the person to be identified; and identifying by a processing device, in a user database (108) storing a plurality of user records of registered users, each record comprising user reference data and historical location information of a registered user, a record of the person to be identified based on the user input data and the location data, wherein the historical location information of at least one of the registered users includes an association of time and location data provided by a user location device associated with the registered user.

Abstract: A computer-implemented method for de-identifying data by creating tokens through a cascading algorithm includes the steps of processing at least one record comprising a plurality of data elements to identify a subset of data elements comprising data identifying at least one individual; generating, with at least one processor, a first hash by hashing at least one first data element with at least one second data element of the subset of data elements; generating, with at least one processor, a second hash by hashing the first hash with at least one third data element of the subset of data elements; creating at least one token based at least partially on the second hash or a subsequent hash derived from the second hash, wherein the token identifies the at least one individual; and associating at least a portion of a remainder of the data elements with the at least one token.

Abstract: One aspect of the invention provides a computer system having processing and memory means operable to provide a monetized online content system. The computer system is coupled to one or more resource modules each having data in the memory means and includes: an interceptor module configured to receive a request from a client for one or more resources available from one or more resource modules, refer the request to one or more of the resource modules configured to fulfill the request, receive one or more responses from one or more of the resource modules, at least one of said one or more responses having one or more events associated therewith, and transform the one or more responses by removing the one or more events associated with the one or more responses prior to presentation of the one or more responses to the client.

Abstract: A security service enables service providers to register available services. Prospective service consumers may register with the security service to access a particular registered service, and may specify conditions for access that are subject to approval by the corresponding service provider. Based on the registrations of the service provider and the service consumer, the security service can define access policies that may be enforced to control the conditions under which a service consumer accesses or utilizes the particular service. Additionally, changes to the access policies may be propagated to running services in near real time. Some implementations enable masking of information provided to particular service consumers based on determined needs of each service consumer for access to particular information. In some instances, the service providers may provide log information to the security service, which may be monitored to identify anomalies, security breaches or the like.

Abstract: A software, system and methodology for protecting against malware Point-of-Sale attacks that utilize, for example, memory scraping techniques. The application protects Point-of-sale hardware and its software against memory scraping malware attacks, and the loss of critical user credit card and confidential information often swiped at a terminal or stored in point of sale application databases. An embodiment of a method for blocking memory scraping attacks includes the following steps. Upon detecting a credit card swipe submission event from local hardware or comport event specific memory table events are flagged as unreadable, and immediately after allowing the data to be properly submitted, the system memory tables are cleared of data and specific memory processes are flagged as readable again. The method prevents memory scraping or point of sale malware from capturing swiped credit card data or input data, thereby protecting the user from theft of credit card data or other credentials.

Abstract: Disclosed are an auto login method and device. The method includes: when a request for auto logging into a designated account is received, acquiring the URL of the login page, a login password and an account address of the designated account from a pre-stored configuration file, and loading the login page according to the URL; acquiring a login menu in an HTML document corresponding to the login page, searching for a login password input box and an account address input box contained in the login menu, and determining content to be filled into the account address input box; writing the content to be filled into the account address input box into the account address input box, and writing the login password into the login password input box; and submitting the login menu which is written with the account address content and the login password, and completing auto login.

Abstract: In some aspects, a first device detects information encoded in a wireless authenticator device based on a wireless interaction between the first device and the wireless authenticator device. The first device detects the information while securing resources on the first device according to a first security mode. Based on the detected information, the first device selects a second security mode associated with the wireless authenticator device. The first device then applies the selected second security mode. The selected second security mode is one of multiple distinct security modes. Each of the multiple distinct security modes is associated with a respective one of multiple wireless authenticator devices and defines accessibility attributes of the resources on the first device.

Abstract: A system, method, and apparatus are provided for performing reliable network, capability, and service discovery. A method may include providing for transmission of a request for signed access point information. The request may be provided for transmission prior to authenticating with an access point when authentication is performed or prior to associating with an access point when authentication is not performed. The method may further include receiving a response including signed access point information. The method may additionally include verifying the signed access point information using a digital certificate. The method may also include selecting the access point for communication based in least in part on the verified signed access point information. A corresponding system and apparatus is also provided.

Abstract: A method for detecting malicious HTTP redirections. The method includes obtaining, based on a single client IP address, HTTP flows triggered by visiting a website, extracting a sequence of URLs where a downstream URL is extracted from a child HTTP request that is triggered by a parent HTTP request containing an immediate upstream URL, analyzing the URL sequence to generate a statistical feature, and classifying, based on the statistical feature, the HTTP flows as containing at least one malicious HTTP redirection triggered by visiting the website.

Abstract: Systems and methods are disclosed for performing location-based authentication using location-aware devices. One method includes: receiving an access request comprising authentication credentials and a first location from a first location-aware device; receiving a second location from a second location-aware device associated with the authentication credentials; and upon determining that the first location and second location are within a pre-determined distance, authenticating the authentication credentials.

Abstract: Described embodiments provide a method and user equipment for restricting transferring of image data produced by a predetermined application to a coupled external device. The method may include detecting an activation of an application in a user equipment while the user equipment is coupled to an external device and determining whether image data produced by the activated application is transferred to the coupled external device. The determining may include restricting the produced image data of the activated application from being transferred to the coupled external device when an application control type of the activated application is a restricted application, otherwise, transferring the produced image data of the activated application to the coupled external device.

Abstract: Method and system for identity based encryption are described. The method comprises obtaining public parameters and a public key set from a central server, where the public parameters include a friendly prime, a torsion group prime order, an super-singular elliptic curve, a first torsion group, a pre-computed Tate pairing value, a first elliptic curve point and a second elliptic curve point, and a distortion map, and where the pre-computed Tate pairing value is generated by the central server. Further, a receiver key set of elliptic curve points based on a receiver identity of a receiver is determined, where the receiver key set is a subset of the public key set. Further a receiver public key based on the receiver key set is computed. Further, the data is encrypted using the Tate pairing value and an encryption component, wherein the encryption component is computed based on the receiver public key set.

Abstract: A network browser has a Malware detection manager for direct or indirect scanning of files during an upload or download processes for viruses, adware, spyware, etc. The malware detection manager defines and employs a quarantine bin, which is an isolated and secure memory space or directory for temporary placement of file packets during the file transmission while malware detection can commence. The malware detection manager scans for malware code associated with the packet sequence encountered during a file transmission to and from the Internet, during which it quarantines all the scanned packets in the quarantine bin. Quarantined files can be released if there is a human challenge authorizing the release of the file. Exchanging a Malware free signature between server and client via a trusted download center may be done so the client device need not scan the files for malware if content is certified and guaranteed as malware-free.

Abstract: Methods and systems for generating a circuit identification number include determining a propagation time delay across a scan chain of known length; comparing the propagation time delay to a threshold associated with the scan chain length; storing an identifier bit based on the result of the comparison; repeating the steps of determining, comparing, and storing until a number of stored identifier bits reaches a threshold number; and outputting the stored identifier bits.

Abstract: Communications and data security policy data for two or more communications jurisdiction zones is obtained that includes data indicating allowed protocols for the respective communications jurisdiction zones. Data indicating a desired exchange of data between a first resource in a first communications jurisdiction zone and a second resource in a second communications jurisdiction zone is received/obtained. The first communications jurisdiction zone communications and data security policy data and the second communications jurisdiction zone policy data is automatically obtained and analyzed to determine an allowed type of secure communications security level for the desired exchange of data that complies with both the first communications jurisdiction zone communications and data security policy data and the second communications jurisdiction zone policy data.

Abstract: The present invention relates to a distributed storage scheme, wherein every file is optionally encrypted, optionally interleaved, fragmented, and the various fragments stored on different constituent storage systems commensurate with the storage mechanisms supported by those storage providers.