Abstract: The present invention relates to a method and computer program for providing authentication to control access to a computer. system including online services accessed via a portal, cloud based systems and browser accessed systems using for example HTML5, and relates particularly, but not exclusively, to authentication systems for mobile computer and telecommunications devices.

Abstract: Disclosed are systems and methods for delegating computations of resource-constrained mobile clients, in which multiple servers interact to construct an encrypted program representing a garbled circuit. Implementing the garbled circuit, garbled outputs are returned. Such implementations ensure privacy of each mobile client's data, even if an executing server has been colluded. The garbled circuit provides secure cloud computing for mobile systems by incorporating cryptographically secure pseudo random number generation that enables a mobile client to efficiently retrieve a result of a computation, as well as verify that an evaluator actually performed the computation. Cloud computation and communication complexity are analyzed to demonstrate the feasibility of the proposed system for mobile systems.

Abstract: Techniques for determining privacy leaks are described herein. The techniques may include (i) providing private data as input for an application, wherein the private data includes a signature identifying the private data; (ii) monitoring an output of the application for a presence of the signature; and (iii) determining that a private data leak has occurred in the application, wherein the determining is based, at least in part, on the presence of the signature in the output.

Abstract: Disclosed are various embodiments that facilitate bootstrap authentication of a second application by way of a user confirmation via a first application, where the first application is authenticated using trusted credentials. A security credential for a user account is received from a user. A first application is authenticated with an authentication service using the security credential. One or more user actions are received by the first application. The user actions constitute a confirmation of a bootstrap authentication request submitted by a second application. Data encoding the user actions is sent to the authentication service.

Abstract: Record addressing information retrieval is achieved using a plurality of user data descriptors. When a threshold number of user data descriptors from a set of user data descriptors are received, the threshold number of user data descriptors can be converted into a computed record index that is compared to a list of record indexes associated with a plurality of records. When the computed record index compares favorably to a record index in the list of record indexes, the record addressing information for a particular record is retrieved based on the record index.

Abstract: A method for processing data is suggested, and includes (i) conveying input data from a safety component to a security component, and (ii) calculating, at the security component, a second identifier based on the input data. The method further includes (iii) conveying the second identifier to the safety component, and (iv) verifying, at the safety component, a first identifier based on the second identifier.

Abstract: In an embodiment, a central computer performs a data processing method. The central computer receives telemetry data from intrusion sensors. The central computer stores authentication records in a hosts database. Each authentication record is based on the telemetry data and comprises a thumbprint of a public key certificate and a host identifier of a sender computer. The central computer receives a suspect record that was sent by a first intrusion sensor. The suspect record has a first particular thumbprint of a first particular public key certificate and a first particular host identifier of a suspect sender. From the hosts database, the central computer searches for a matching record having a same host identifier as the first particular host identifier of the suspect record and a same thumbprint as the first particular thumbprint of the suspect record. The central computer generates an intrusion alert when no matching record is found.

Abstract: Exemplary methods, apparatuses, and systems generate an encryption key based upon data content of a portion of data to be encrypted by the encryption key. The encryption key is stored as one of a plurality of encryption keys within a subset of storage. Each of the plurality of encryption keys is generated based upon corresponding data content. A checksum representing the plurality of encryption keys is calculated. In response to receiving an input/output (I/O) request for data encrypted by the encryption key, a verification checksum representing the plurality of encryption keys is calculated. The requested data is decrypted using the encryption key in response to verifying the checksum and verification checksum match.

Abstract: An embodiment includes a method executed by at least one processor of a first computing node comprising: generating a key pair including a first public key and a corresponding first private key; receiving an instance of a certificate, including a second public key, from a second computing node located remotely from the first computing node; associating the instance of the certificate with the key pair; receiving an additional instance of the certificate; verifying the additional instance of the certificate is associated with the key pair; and encrypting and exporting the first private key in response to verifying the additional instance of the certificate is associated with the key pair. Other embodiments are described herein.

Abstract: Technologies for securing an electronic device include trapping an attempt to access a secured system resource of the electronic device, determining a module associated with the attempt, determining a subsection of the module associated with the attempt, the subsection including a memory location associated with the attempt, accessing a security rule to determine whether to allow the attempted access based on the determination of the module and the determination of the subsection, and handling the attempt based on the security rule. The module includes a plurality of distinct subsections.

Abstract: A method and apparatus are provided for protecting security credentials (e.g., username/password combinations) and/or other sensitive data in a “password vault.” A password vault device may be or may be incorporated into a portable (or even wearable) electronic device, such as a smart phone, smart watch, smart glasses, etc. When a security credential is requested during a user's operation of the password vault device or some other computing/communication device, such as when the user is accessing an online site or service via a browser program, the request is passed to the password vault, and the appropriate security credential is retrieved, delivered, and entered into the requesting interface.

Abstract: A method is provided for attack detection and protection of a set of virtual machines in a system, which includes at least one first host server hosting said set of virtual machines. The method includes: receiving an attack detection message regarding a virtual machine, triggering a first migration of the virtual machine from the first host server toward a security system, and receiving an attack treatment message regarding the migrated virtual machine.

Abstract: Embodiments relate to facilitating social interactions. An aspect includes determining that a first communications device is in communicative contact with a second communications device, identifying at least one artifact relating to a user of the first communications device, and searching at least one database for information about a user of the second communications device that is in common with the user of the first communications device with respect to the artifact. Also, results of the searching are provided as a topic of conversation to the first communications device.

Abstract: A method for providing Link Aggregation Control between a plurality of systems adapted for Link Aggregation is provided. The plurality of systems includes a primary system, a first secondary system, and a second secondary system. The primary system comprises first primary ports being linked to first ports of the first secondary system by first links. Further, the primary system comprises second primary ports being linked to second ports of the second secondary system by second links. The method comprises forming a link aggregation group, wherein the link aggregation group includes at least one first link and at least one second link. A preferred system among the secondary systems having links within the link aggregation group is selected and further, the method comprises setting the status of the primary ports according to the selection of the preferred system.

Abstract: Apparatus and methods for controlling the distribution of electronic access clients to a device. In one embodiment, a virtualized Universal Integrated Circuit Card (UICC) can only load an access client such as an electronic Subscriber Identity Module (eSIM) according to an activation ticket. The activation ticket ensures that the virtualized UICC can only receive eSIMs from specific carriers (“carrier locking”). Unlike prior art methods which enforce carrier locking on a software application launched from a software chain of trust (which can be compromised), the present invention advantageously enforces carrier locking with the secure UICC hardware which has, for example, a secure code base.

Abstract: Digital content distribution systems and methods are provided for distributing for digital data files, such as digital audio and video data files. In accordance with one implementation, a token-based authentication system is provided that does not require knowledge of the individual user requesting the download of digital content data or real-time access to user account information. Instead, the token-based authentication system embeds the authentication information, or token, in the download request information itself. In this way, the download or content server authenticates the download request using the token contained in the download request information and therefore does not require any additional information to carry out this authentication, such as access to user account information.

Abstract: An IPS detection processing method, a network security device and a system are disclosed. The method includes: determining, by a network security device, whether an internal network device is a client or a server; if the internal network device is the client, simplifying an IPS signature rule base to obtain an IPS signature rule base corresponding to the client, or if the internal network device is the server, simplifying the IPS signature rule base to obtain an IPS signature rule base corresponding to the server; generating a state machine according to a signature rule in the IPS signature rule base obtained through simplifying processing; and performing IPS detection on flowing-through traffic by applying the state machine. In embodiments of the present invention, the network security device performs IPS detection by adopting the state machine with a redundant state removed, thereby improving IPS detection efficiency.

Abstract: A method and system for collecting, aggregating, and displaying type specific content in an inbox like view are described. An inbox manager collects information about data objects that are stored locally and stored remotely. This information may be stored as inbox information on a local computing system. Using the inbox information, the inbox manager creates an inbox view of merged inbox items from the local data objects and the remote data objects. The inbox view is configured to display the inbox items as being merged into a single view regardless of where the respective data objects are stored.

Abstract: Service providers may operate one or more services configured to detect requests generated by automated agents. A CAPTCHA may be transmitted in response to requests generated by automated agents. The CAPTCHAs may be included in a modal pop-up box configured to be displayed by a client application displaying a webpage to a customer of the service provider. Furthermore, the CAPTCHAs included in the modal pop-up box may be rendered inactive and caused not to be displayed by client application executing the webpage. Submitted solutions to CAPTCHAs may be presented with a cookie that enables access to resources of the service provider without restriction. Cookies may be tracked and their use may be used to detect automated agent activity.

Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.