Abstract: An apparatus is capable of hosting a secure module, which secure module includes at least one secure module application. The apparatus is configured to provide connectivity to the secure module. A processing module is configured to obtain from the secure module information concerning the at least one secure module application. The processing module is, based on the obtained information, configured to check whether a compatible counterpart application is present in the apparatus. A communication module is configured to obtain the compatible counterpart application from an outside source in case no compatible counterpart application is present in the apparatus.

Abstract: Disclosed herein are systems and methods that allow for secure access to websites and web-based applications and other resources available through the browser. Also described are systems and methods for invocation of a secure web container which may display data representative of a requesting party's application at a user's machine. The secure web container is invoked upon receipt of an API call from the requesting party. Thus, described in the present specification are systems and methods for constructing and destroying private, secure, browsing environments (a secure disposable web container), insulating the user and requesting parties from the threats associated with being online for the purposes of providing secure, policy-based interaction with a requesting party's online services.

Abstract: The present invention relates to a computer-implemented method, system and computer readable medium for searching over encrypted keywords in a database. The method includes the steps of generating at least one keyword, generating a plurality of different encrypted keywords corresponding to the keyword, storing the at least one encrypted keyword in the database, generating a plurality of different trapdoors for the keyword, verifying the plurality of different trapdoors with the plurality of different encrypted keywords corresponding to the keyword, and determining the keyword is found if the plurality of different trapdoors match with one the encrypted keyword corresponding to the keyword, otherwise determining the keyword is not found.

Abstract: An electronic device with a display detects an input in a user interface for a second application not associated with a server system. In response to detecting the first input, the device sends a first request from the second application to a first application associated with the server system. In response to the first request, the device sends a first command from the first application to the server system on behalf of the second application. The first command is a command for performance of a first operation at the server system. The first operation corresponds to the input detected by the device. The device receives a voucher, or an indication that a voucher has been created, at the second application pre-authorizing performance of a predefined second operation at the server system upon receipt, by the server system, of a second command from the second application.

Abstract: A system, method, and computer program product are provided that utilize a decoy in response to a distributed denial of service attack in a communication network. In use, a distributed denial of service (DDoS) attack directed at one or more resources of a communication network is detected. Additionally, at least one first communication channel associated with the communication network that is subject to the DDoS attack is identified. Further, at least one second communication channel to implement functionality of the at least one first communication channel is initiated, while maintaining the at least one first communication channel subject to the DDoS attack to use as a decoy for the DDoS attack. Moreover, the at least one second communication channel is utilized to implement the functionality of the at least one first communication channel while the at least one first communication channel subject to the DDoS attack is used as the decoy for the DDoS attack.

Abstract: A system, method, and computer-readable medium for reporting sensor data over a communication network are provided. A data reporting instruction that identifies at least one of a sensor or a data reporting technique is received from a trust mediator over a communication network. The data reporting instruction is based at least in part on an identified risk. Sensor data is obtained from the sensor, and the sensor data is transmitted to the trust mediator over the communication network based on the data reporting technique.

Abstract: A hotspot provides an open wireless network and a secure wireless network. The open wireless network has no network-level encryption and allows open association therewith. The secure wireless network employs network-level encryption and requires authentication of a received access credential from a client device before allowing association therewith. A system for authorizing the client device for secured access at the hotspot includes an access controller configured to establish an encrypted connection between the client device and a login portal of the hotspot over the open wireless network, and to store a user-specific access credential transmitted via the encrypted connection as a valid access credential in a credential database. The credential database is accessed by wireless access points of the hotspot to authenticate the received access credential from the client device in response to a request from the client device to associate with the secure wireless network.

Abstract: An intermediate device (such as a firewall) is disposed between first and second devices (such as a client and a server device, respectively). Communications between the first and second devices are intercepted in both directions by the intermediate device, which spoofs the receiving device by modifying messages sent by the transmitting device. The modified message uses a key held by the intermediate device instead of a key belonging to the sending device.

Abstract: The disclosed technology can acquire a first set of data from a first group of data sources including a plurality of network components within an energy delivery network. A first metric indicating a likelihood that a particular network component, from the plurality of network components, is affected by cyber vulnerabilities can be generated based on the first set of data. A second set of data can be acquired from a second group of data sources including a collection of services associated with the energy delivery network. A second metric indicating a calculated impact on at least a portion of the energy delivery network when the cyber vulnerabilities affect the particular network component can be generated based on the second set of data. A third metric indicating an overall level of cybersecurity risk associated with the particular network component can be generated based on the first metric and the second metric.

Abstract: The system describes one aspect of an apparatus configured to implement a security state for preventing access to a storage device, including a communications hub including an upstream port and a plurality of downstream ports. A first downstream port of the plurality of downstream ports is connected to the storage device, and one or more other downstream ports of the plurality of downstream ports are configured to connect to one or more external devices. The apparatus includes one or more processors configured to monitor the upstream port, determine a connection state of the upstream port, and implement the security state for preventing access to the storage device based on the determined connection state.

Abstract: In various embodiments, methods and systems for implementing parental controls on mobile devices using virtual private network (VPN)-based parental control services are provided. A parental control profile is received at a controlled device where the parental control profile includes instructions to configure the controlled device with a device control policy. A VPN is configured using the parental control profile. The VPN can be a virtual point-to-point connection between the controlled device and a network of the parental control service platform. Requests for resources from the controlled device are communicated using the VPN such that access to a resource of the resource request is based on a parental control server referencing a device control policy in the VPN-based parental control service. The device control policy includes at least a selected predefined parental control policy. It is contemplated that custom restricted resources and additional controls can be configured for the device control policy.

Abstract: An industrial controller resistant to malicious attacks may provide a graduated response employing the elements of the control system to reduce access to the control system, log data, and announce intrusion based on a dynamically evolving assessment of the severity of any detected security issues.

Abstract: The present invention is directed towards systems and methods for managing SSL session persistence and reuse in a multi-core system. A first core may indicate that an SSL session established by the first core is non-resumable. Responsive to the indication, the core may set an indicator at a location in memory accessible by each core of the multi-core system, the indicator indicating that the SSL session is non-resumable. A second core of the multi-core system may receive a request to reuse the SSL session. The request may include a session identifier of the SSL session. In addition, the session identifier may identify the first core as an establisher of the SSL session. The second core can identify from encoding of the session identifier whether the second core is not the establisher of the SSL session. Responsive to the identification, the second core may determine whether to resume the SSL session.

Abstract: A template for implementing a control system with security features provides a generic control program and device programs for distribution to one or more industrial controllers and associated control devices together with matching security programs for distribution to the control devices, the security programs providing for the generation of security thumbprints indicating the state of the control devices. The template may also be associated with a security-monitoring program that can receive and process the security thumbprints.

Abstract: Disclosed are devices, systems, apparatus, methods, products, and other implementations, including a method that includes identifying a process to obtain timing information of a processor-based device, and in response to identifying the process to obtain the timing information, delaying delivery of the timing information for a time-delay period. In some embodiments, identifying the process to obtain the timing information may include identifying a request to obtain the timing information of the processor-based device. In some embodiments, identifying the process to obtain the timing information may include identifying a memory-access process.

Abstract: In one embodiment, a method is executed by a computer system. The method includes receiving information related to a platform-portable workload, the information comprising a data security policy expressed as digitally signed metadata. The data security policy specifies one or more data security features that any platform executing the platform-portable workload should implement. The method further includes validating the digitally signed metadata as originating from an issuer of the platform-portable workload. In addition, the method includes, responsive to successful validation of the digitally signed metadata, automatically determining whether a particular platform can satisfy the data security policy based, at least in part, on a comparison of the digitally signed metadata with data security attributes of the particular platform.

Abstract: Methods and systems are disclosed for detecting unauthorized actions associated with network resources, the actions including access to the resource and activity associated with the resource. The unauthorized actions are detected by analyzing action data of a client action associated with the network resource against credential retrieval data including records of authorized actions and/or procedures for performing an action associated with the network resource.

Abstract: The present invention provides a resin composition containing: (A) an ethylene-vinyl alcohol copolymer having an ethylene content of 20 mol % or more and 50 mol % or less; (B) an ethylene-vinyl alcohol copolymer having an ethylene content of 30 mol % or more and 60 mol % or less; and (C) an unsaturated aldehyde, a value obtained by subtracting the ethylene content of the ethylene-vinyl alcohol copolymer (A) from the ethylene content of the ethylene-vinyl alcohol copolymer (B) being 8 mol % or more, a mass ratio (A/B) of the ethylene-vinyl alcohol copolymer (A) to the ethylene-vinyl alcohol copolymer (B) being 60/40 or more and 95/5 or less, and the content of the unsaturated aldehyde (C) with respect to a resin content being 0.01 ppm or more and less than 100 ppm.

Abstract: Disclosed is a mobile terminal provided with a security function. The mobile terminal provided with the security function can include: a casing having a data input portion for inputting data, and an upper casing and a lower casing which can be assembled and disassembled; a circuit board for processing input data, which is electrically connected to the data input portion and is provided with a security unit that requires security; a tamper prevention conductive portion which is arranged between the casing and the circuit board and is electrically connected to the circuit board when the upper casing and the lower casing are assembled; and a control portion for denying access to data in the security unit based on a resistance value of the tamper prevention conductive portion. As a result, access to data in a secure region to which important data is saved is denied when the casing is forcibly opened, thereby effectively preventing important data from being leaked to the outside.

Abstract: A relay apparatus is connected to a communication apparatus, a service providing apparatus and a browser-equipped apparatus.