Abstract: A method and a cryptographic device for encrypting/decrypting an input message by using an algorithm having as entries, said input message, a cryptographic key, and a complementary unique value used as parameter of the algorithm. The output data is formed by the input message decrypted/encrypted by the algorithm using the cryptographic key and the complementary value. The latter is determined on the basis of a unique value physically bound to an electronic device by using a physically unclonable function (PUF) which is inherent to this device and which is used to generate this unique value from a plurality of physical measurements carried out on components integrated in said device.

Abstract: A cloud computing system includes a cloud system managing unit, a plurality of sets of devices, where a set of devices includes one or more devices having a common aspect, and a plurality of authentication servers, where an authentication server is associated with one of the plurality of sets of devices based on the common aspect. The cloud computing system functions to establish trust between a corresponding one of the plurality of authentication servers and the one or more devices of one of the plurality of sets of devices, between the corresponding one of the plurality of authentication servers and the cloud system managing unit, and between the cloud system managing unit and the one or more devices. The cloud system managing unit configures the cloud computing system based on the trust between the cloud system managing unit and devices of the plurality of sets of devices.

Abstract: A method and apparatus for a certificate authority system providing authentication to a plurality of devices associated with an organization are described. The method may include receiving, at the certificate authority system, a request from a device to sign authentication information of the device, wherein the device is associated with the organization. The method may also include sending a challenge to the device to perform an action with a system other than the certificate authority system, and receiving the response to the challenge from the device. Furthermore, the method may include verifying that the response was generated correctly based on the challenge, and signing the authentication information of the device with one or more keys of the certificate authority system as an authentication of an identity of the device.

Abstract: The disclosure is directed to an access permission system that manages provisioning of access to an electronic resource through various types of access permissions. The access permission system provisions access by provisioning a license entitlement of a specified type. A provisioning optimization technique determines a combination of different types of license entitlements to be provisioned according to an optimization criterion associated with an attribute of a license entitlement. For example, the optimization criterion can based on a “unit cost” associated with a license entitlement, and the provisioning optimization technique can determine various types of license entitlements to be obtained (and therefore to be provisioned) in order to minimize a total cost of the license incurred in satisfying the consumption demand requests.

Abstract: Methods, apparatus, systems and articles of manufacture to monitor media presentations are disclosed. An example method includes extracting first network packet parameters from a first network packet received at a media device when retrieving a first encrypted web page, storing the first network packet parameters in association with identifying information for the first encrypted web page, extracting second network packet parameters from a second network packet received at the media device from an unknown encrypted web page, when the extension does not collect identifying information for the unknown encrypted web page, comparing the second network packet parameters to the first network packet parameters, and identifying the unknown encrypted web page as the first encrypted web page when the comparison of the second network packet parameters to the first network packet parameters has a similarity above a threshold.

Abstract: Disclosed is a system for delegating authentication of an untrusted application executing on a client device. For delegated authentication, an untrusted application relies on a trusted application executing in the same environment for authentication purposes. The delegated authentication process avoids requiring the user of the untrusted application to provide authentication credentials. The disclosed system for delegating authentication enables any trusted application executing in the same computing environment to authenticate the untrusted application.

Abstract: A system for detecting security vulnerabilities in web applications, the system including, a black-box tester configured to provide a payload to a web application during a first interaction with the web application at a computer server, where the payload includes a payload instruction and an identifier, and an execution engine configured to detect the identifier within the payload received during an interaction with the web application subsequent to the first interaction, and determine, responsive to detecting the identifier within the payload, whether the payload instruction underwent a security check prior to execution of the payload instruction.

Abstract: A computer implemented system and method of sharing files between a link sharer and a link recipient over a network. The method comprises generating, in response to a request by a link sharer, a file sharing link to a file set, where the link does not provide a link recipient the ability to modify the contents of the linked file set. In response to receiving an indication that the generated link has been activated by a link recipient, displaying a representation of the linked file set with a display element configured to send a request for modification rights to the linked file set when activated by the link recipient. In response to receiving the request for modification rights, either automatically granting modification rights to the linked file set or sending notice to the link sharer indicating that the link recipient is requesting modification rights to the linked file set.

Abstract: A system for detecting security vulnerabilities in web applications, the system including, a black-box tester configured to provide a payload to a web application during a first interaction with the web application at a computer server, where the payload includes a payload instruction and an identifier, and an execution engine configured to detect the identifier within the payload received during an interaction with the web application subsequent to the first interaction, and determine, responsive to detecting the identifier within the payload, whether the payload instruction underwent a security check prior to execution of the payload instruction.

Abstract: A data and instrument management and interface system comprises a web server hosted on an intranet network having a wireless range. The web server has a processor, and a non-transitory computer memory coupled with the processor and storing processor executable code. The web server can communicate over the intranet network with a web browser running on a handheld user device located within the wireless range of the intranet network, and with an instrument. The processor executable code causes the processor to: receive a first wireless signal over the intranet network, the first wireless signal transmitted by the web browser and indicative of request for data for the instrument; authenticate the handheld user device and a user of the web browser; and transmit a second wireless signal to the web browser indicative of data for the instrument responsive to the handheld user device and the user being authenticated.

Abstract: Techniques to perform secure authentication to provide mobile access to shared content are disclosed. In various embodiments, a user credential associated with a request to access content is received at a connector node from a mobile application running on a mobile device. The user credential is used to create at the connector node a secure credential token that includes the user credential. The secure credential token is used to provide to the mobile application on the mobile device, via the connector node, access to content on two or more servers residing on a protected network with which the user credential is associated.

Abstract: In an example, a stack protection engine is disclosed for preventing or ameliorating stack corruption attacks. The stack protection engine may operate transparently to user-space processes. After a call to a subroutine from a parent routine, the stack protection engine encodes the return address on the stack, such as with an exclusive or cipher and a key selected from a key array. After the subroutine returns control to the main routine, the stack protection engine decodes the address, and returns control. If a stack corruption attack occurs, the malicious return address is not properly encoded, so that when decoding occurs, the program may simply crash rather than returning control to the malicious code.

Abstract: One or more embodiments of techniques or systems for intelligent data presentation are provided herein. Data can be presented on similar devices having different characteristics in different manners. For example, data may be rendered in a first manner on a first device having one monitor, the same data may be rendered in a second manner on a second device having two displays or a different display size. Financial information, sales data, banking information, etc. may be presented in a variety of ways based on capabilities or properties of a device accessing the information or data. Similarly, renderings may be selected based on interaction capabilities or interaction options a user may have with different renderings or presentations. In other embodiments, user interaction with an automated teller machine (ATM), call center, vehicle, or other interface can be based on device properties or device capabilities.

Abstract: A method for controlling copyright permissions when assembling multiple copyrighted works into a compiled file. The copyright permission level of each file is analyzed, either based on the copyright permission information present in metadata associated with the file or based on the digital file format of the file which reflects the permission level. The compiled file is assigned a permission level which is the same as or more restrictive than all of the permission level of the files in the compilation, and is generated in a format that enforces the assigned permission level. A notification may be displayed to the user to notify the use of the permission level assigned to the compiled file.

Abstract: A source device for transmitting content to a sink device is provided. The source device may include an interface configured to perform high-bandwidth digital content protection (HDCP) authentication with the sink device, and a controller configured to determine an HDCP version supported by the sink device, convert the content so as to be encrypted in the HDCP version supported by the sink device in response to a determination that another HDCP version applied to the content is not supported by the sink device, encrypt the converted content in the HDCP version supported by the sink device, and control the interface to transmit the content to the sink device.

Abstract: A cloud computing system includes a cloud system managing unit, a plurality of sets of devices, where a set of devices includes one or more devices having a common aspect, and a plurality of authentication servers, where an authentication server is associated with one of the plurality of sets of devices based on the common aspect. The cloud computing system functions to establish trust between a corresponding one of the plurality of authentication servers and the one or more devices of one of the plurality of sets of devices, between the corresponding one of the plurality of authentication servers and the cloud system managing unit, and between the cloud system managing unit and the one or more devices. The cloud system managing unit configures the cloud computing system based on the trust between the cloud system managing unit and devices of the plurality of sets of devices.

Abstract: Methods, apparatus, and systems for characterizing vulnerabilities of an application source code are disclosed. Steps for characterizing vulnerabilities include traversing a representation of the application source code, generating a signature of a potential vulnerability of the application source code, and determining characteristics of the potential vulnerability based on a correlation between the generated signature of the potential vulnerability and previously stored signatures of potential vulnerabilities.

Abstract: Disclosed is a system for recommending content of a predefined category to an account holder, or account holders based on the account holder application graphs. The system receives information corresponding to applications executing on the client device of the account holders and generates an application graph for each account holder that includes a list of predefined application categories that are preferred by the account holder. For each predefined category, a list of account holders preferring content relevant to that category is predicted based on the set of generated application graphs.

Abstract: Systems and methods in which multiple key servers operate cooperatively to securely provide authorization codes to requesting devices. In one embodiment, a server cloud receives a device authorization code request and selects an “A server”. The “A server” requests authorization from one or more “B servers” and authorizes the “B servers” to respond. The “B servers” provide authorization to the “A server”, and may provide threshold key inputs to enable decryption of device authorization codes. The “A server” cannot provide the requested device authorization code without authorization from the “B server(s)”, and the “B server(s)” cannot provide the requested server authorization code and threshold inputs without a valid request from the “A server”. After the “A server” receives authorization from the “B server(s)”, it can provide the initially requested device authorization code to the requesting device.

Abstract: Disclosed are system and method for protecting computers from unauthorized remote administration. One exemplary method comprises: intercepting events occurred in a computer system; determining parameters of each intercepted event for identifying each intercepted event as being relating to a first data transfer by an application in a computer network or a second data transfer to an application from a peripheral data input device of the computer system; determining two intercepted events as being dependent on each other; determining a rule defining a dependency of the parameters of the two intercepted events; determining a degree of similarity of the rule and a previously created rule; if the degree of similarity exceeding a selected threshold value, identifying at least one application based at least on the rule and the previously created rule; and analyzing the at least one application for detecting a remote administration application.