Abstract: A method includes the following. A task defined within a project plan of a software system under development is selected, and the task specifies a development tool and a user. The development tool is directly accessed, with a centralized data processing system separate from the user, to configure the development tool to automatically authorize the user to access the development tool.

Abstract: The invention relates to a data carrier having a semiconductor chip. In order to prevent an attacker from determining secret data of the chip from intercepted signal patterns of the chip, security-relevant operations are performed only with commands or command strings of the operating program whose use does not permit the processed data to be inferred from the signal patterns.

Abstract: The present invention is directed towards systems and methods for managing SSL session persistence and reuse in a multi-core system. A first core may indicate that an SSL session established by the first core is non-resumable. Responsive to the indication, the core may set an indicator at a location in memory accessible by each core of the multi-core system, the indicator indicating that the SSL session is non-resumable. A second core of the multi-core system may receive a request to reuse the SSL session. The request may include a session identifier of the SSL session. In addition, the session identifier may identify the first core as an establisher of the SSL session. The second core can identify from encoding of the session identifier whether the second core is not the establisher of the SSL session. Responsive to the identification, the second core may determine whether to resume the SSL session.

Abstract: Methods, devices, and systems for detecting return-oriented programming (ROP) exploits are disclosed. A system includes a processor, a main memory, and a cache memory. A cache monitor develops an instruction loading profile by monitoring accesses to cached instructions found in the cache memory and misses to instructions not currently in the cache memory. A remedial action unit terminates execution of one or more of the valid code sequences if the instruction loading profile is indicative of execution of an ROP exploit involving one or more valid code sequences. The instruction loading profile may be a hit/miss ratio derived from monitoring cache hits relative to cache misses. The ROP exploits may include code snippets that each include an executable instruction and a return instruction from valid code sequences.

Abstract: A method and apparatus are utilized to conveniently and swiftly render stored information inaccessible. Sensitive information is stored in an encrypted form and by eliminating the key or keys which are needed for decryption, the stored information becomes virtually destroyed. A variety of mechanisms and policies can be used to manage, set and eliminate decryption keys. In some cases decryption keys can be stored in volatile storage elements so that by merely interrupting power to the storage element, the decryption keys are eliminated. In this way, a manually controlled mechanism can be used to allow a user to accomplish a “self-destruct” of the stored information instantly without the need for the operation of any processor and without the need to change any stored information.

Abstract: A system is disclosed that generates a network attack within a simulated network environment. The system includes a module that creates one or more attack events against network devices within the simulated network environment wherein the attack events include exploitations of published and unpublished vulnerabilities and failures of hardware and software network systems, devices, or applications within the simulated network environment. Additionally, the module executes the created attack event on the simulated network environment. In addition, the system has an interface configured for receiving metadata regarding each attack event and adding the received attack event metadata to each associated attack event.

Abstract: Systems, methods, and machine-readable media for selecting an authentication process are disclosed. A system is configured to determine whether a user account on a client device is to be authenticated. If the user account is to be authenticated, the system is configured to transmit a request for a path indicator to an authentication path server. The request includes a user account identifier corresponding to the user account. The authentication path server is configured to select the path indicator based on the user account identifier. The system is further configured to receive the path indicator from the authentication path server, select an authentication process based on the path indicator, and initiate the selected authentication process.

Abstract: Systems, methods, and software for processing received network traffic content in view of content detection data and configuration data to either block, permit, or to further evaluate network traffic content when entering a network.

Abstract: An exemplary method includes receiving data representative of a content instance over a network from an access device associated with a first user, encrypting the content instance in response to a command initiated by the user by way of one or more graphical user interfaces, providing a key configured to facilitate decryption of the encrypted content instance, creating at least one access rule corresponding to the encrypted content instance, transmitting data representative of the encrypted content instance to a requesting access device associated with a requesting user, receiving, from the requesting access device, data representative of a request to access the key over the network, and performing a predefined action related to the key in response to the request and in accordance with the at least one access rule.

Abstract: An approach is provided in which a server receives a first request from a client over a command port connection. The server, in turn, sends a first phase authentication token to the client over the command port and receives a second request from the client over a management port connection. In response, the server sends a second phase authentication token to the client over the management port connection, which the server receives back from the client over the command port connection. In turn, the server authenticates the client to utilize the command port connection accordingly.

Abstract: Arrangements to identify, in some form, multiple participants by an interactive surface system utilizing multi-touch technology are disclosed. The interactive surface system could identify, authorize, and allocate space on a surface for a participant based on identifying at least one attribute of the participant such as an object associated with the participant. The method can include searching for a first distinctive attribute of the participant, assigning an identifier to the attribute, and storing the identifier for future use. Other embodiments are also disclosed.

Abstract: Often, for reasons of wireless bandwidth conservation, incomplete messages are provided to wireless messaging devices. Employing cryptography, for secrecy or authentication purposes, when including a received message that has been incompletely received can lead to lack of context on the receiver's end. By automatically obtaining the entirety of the message to be included, an outgoing message that includes the received message can be processed in a manner that securely and accurately represents the intended outgoing message. Alternatively, a server can assemble a composite message from a new message and an original message and, in cooperation with a wireless messaging device, sign the composite message. Since signing the composite message involves access to a private key, access to that private key is secured such that such access to the private key can only be arranged responsive to an explicit request for a hash that is to be signed using the private key.

Abstract: A user request can be reflected in the degree of security of an updated key in quantum key distribution. A sender and a receiver are connected through optical fiber. A quantum transmitter in the sender and a quantum receiver in the receiver carry out basis reconciliation and error correction through a quantum channel, based on a source of a key sent from the quantum transmitter and on a raw key received by the quantum receiver. Under the control of security control sections in the sender and receiver, the amount of information having the possibility of being intercepted, which is determined in accordance with a degree of security requested by a user, is removed from the key information after error correction, whereby a final cryptographic key is generated. Secret communication is performed between encryption/decryption sections in the sender and receiver by using the cryptographic key thus updated.

Abstract: A hotspot provides an open wireless network and a secure wireless network. The open wireless network has no network-level encryption and allows open association therewith. The secure wireless network employs network-level encryption and requires authentication of a received access credential from a client device before allowing association therewith. A system for authorizing the client device for secured access at the hotspot includes an access controller configured to establish an encrypted connection between the client device and a login portal of the hotspot over the open wireless network, and to store a user-specific access credential transmitted via the encrypted connection as a valid access credential in a credential database. The credential database is accessed by wireless access points of the hotspot to authenticate the received access credential from the client device in response to a request from the client device to associate with the secure wireless network.

Abstract: A system includes a tag having a machine readable tag identifier (Tag ID) configured to be read by a reader; and a device to be identified by the tag, in which: the device is configured to communicate with the reader; the device has access to a secure Tag ID; and the device communicates a verification to the reader if the machine readable Tag ID communicated to the device from the reader matches the secure Tag ID. A method includes: reading a Tag ID from a tag attached to a device; communicating the Tag ID read from the tag to the device; comparing a secure Tag ID of the device to the Tag ID read from the tag; and responding with a “match” or “no-match” message from the device, according to which the device is either trusted or not trusted as being identified by the Tag ID. A method of verifying a trusted agent (TA) on a device includes: storing a digital signature of the TA in a secure vault of the device; and verifying the TA by verifying the digital signature of the TA each time the TA is used.

Abstract: A method for assembling authorization certificate chains among an authorizer, a client, and a third party allows the client to retain control over third party access. The client stores a first certificate from the authorizer providing access to a protected resource and delegates some or all of the privileges in the first certificate to the third party in a second certificate. The client stores a universal resource identifier (URI) associated with both the first certificate and the third party and provides the second certificate and the URI to the third party. The third party requests access to the protected resource by providing the second certificate and the URI, without knowledge or possession of the first certificate. When the authorizer accesses the URI, the client provides the first certificate to the authorizer, so that the client retains control over the third party's access.

Abstract: A certificate status distribution system receives a request from a client pertaining to a status of a certificate and determines whether the client is an online certificate status protocol (OCSP) compliant client. The certificate status distribution system sends the certificate status to the client using OCSP in response to a determination that the client is an OCSP compliant client and sends a certificate revocation list to the client in response to a determination that the client is not an OCSP compliant client.

Abstract: User access is controlled through a computer network within a protected data environment of a computer environment. An exception list comprising an Identifier stored within the protected data environment for granting user access of an unauthorized user is defined. At least one allowed access property relation for user access is defined when accessed by the unauthorized user. An Identifier of a user access request of the unauthorized user is checked in the exception list. A One-Time Identifier is created. The One-Time Identifier is assigned to the electronic data resource according to the allowed property relation. The requested resource is delivered to the unauthorized user by using the assigned One-Time Identifier.

Abstract: User access for a requested resource is controlled through a computer network within a protected data environment of a computer environment. An exception list comprising an Identifier stored within the protected data environment for granting user access of an unauthorized user is defined. At least one allowed access property relation for user access is defined when accessed by the unauthorized user. An Identifier of a user access request of the unauthorized user is checked in the exception list. A One-Time Identifier is created. The One-Time Identifier is assigned according to the allowed property relation. The requested resource is delivered to the unauthorized user by using the assigned One-Time Identifier.

Abstract: The disclosure provides a method and a system for transmitting wireless data streams. After a user equipment sends a packet data protocol context activation request signaling to a base station, the base station checks whether the user equipment is allowed to activate a local Internet protocol access (LIPA) function. If the base station decides that the user equipment is allowed to activate the LIPA function, the base station instructs a core network to execute authentication accordingly. The base station disconnects a signaling connection between the base station and the core network. The base station assigns a private IP address to the user equipment, so that the user equipment having the private IP address performs the LIPA function and is directly connected to an external network through the base station without going through the core network, and a data transmission is performed between the base station and the user equipment.