Abstract: Techniques for use in sharing a plurality of credential objects of a user account amongst a plurality of mobile devices operative in a wireless network are described. In one illustrative example, a network infrastructure (e.g. a cloud) stores a plurality of encrypted credential objects in association with the user account. Each encrypted credential object is encrypted with a credential key. The network infrastructure also stores a plurality of encrypted forms of the credential key in association with the user account. Each encrypted form of the credential key is encrypted with a respective one of a plurality of device keys. Each device key is stored at respective one of the mobile devices. The network infrastructure provides, to the mobile devices, access to the encrypted credential key and the encrypted credential objects.

Abstract: Techniques for use in sharing a plurality of credential objects of a user account amongst a plurality of mobile devices operative in a wireless network are described. In one illustrative example, a network infrastructure (e.g. a cloud) stores a plurality of encrypted credential objects in association with the user account. Each encrypted credential object is encrypted with a credential key. The network infrastructure also stores a plurality of encrypted forms of the credential key in association with the user account. Each encrypted form of the credential key is encrypted with a respective one of a plurality of device keys. Each device key is stored at respective one of the mobile devices. The network infrastructure provides, to the mobile devices, access to the encrypted credential key and the encrypted credential objects.

Abstract: Security vulnerability information aggregation techniques are disclosed. Vulnerability information associated with one or more security vulnerabilities is obtained from multiple sources and aggregated into respective unified vulnerability definitions for the one or more security vulnerabilities. Aggregation may involve format conversion, content aggregation, or both in some embodiments. Unified vulnerability definitions may be distributed to vulnerability information consumers in accordance with consumer-specific policies. Storage of vulnerability information received from the sources may allow the aggregation process to be performed on existing vulnerability information “retro-actively”. Related data structures and Graphical User Interfaces (GUIs) are also disclosed.

Abstract: A method includes receiving an authentication certificate of a voice mail account holder and/or an authentication certificate of a caller wanting to leave a voice mail message the holders' voice mail account. A voice mail apparatus that provides voice mail service for the voice mail account holder performs such receiving. The account holder and/or the caller are authenticated after receiving the authentication certificate of the party being authenticated. Authenticating the account holder and/or the caller is performed using authentication information contained within the respective certificate. After such authentication is successfully performed, a voice mail message record can be created in the account of the account holder. Such creating includes allowing the caller to store the message in the account of the account holder in addition to associating authenticated identification information of the caller with the message and/or providing authenticated identification of the account holder to the caller.

Abstract: Information system service-level security risk analysis systems, methods, and Graphical User Interfaces are disclosed. Assets of an information system that have relationships with a service provided by the information system are identified, and at least one security risk to the service is determined by analyzing security vulnerabilities associated with the identified assets. A consolidated representation of the service is provided, and includes an indication of the determined security risk(s) and an indication of a relationship between the service and at least one of the identified assets. The security risk indication may include indications of multiple security parameters. Security risks may be represented differently depending on whether they arise from a security vulnerability of an asset that has a relationship with the service or a security vulnerability of an asset that has a relationship with the service only through a relationship with an asset that has a relationship with the service.

Abstract: A method of automatically aggregating an online user community, and graphical user interface for same, the method including one or more of the following: a user creating the online community; the user defining an aggregation policy for the online user community; a service provider retrieving the aggregation policy; the service provider applying the aggregation policy to an other user; determining whether the other user fits the aggregation policy; adding the other user to the online user community; the user defining an anti-aggregation policy; the service provider retrieving the anti-aggregation policy; determining whether the other user fits the anti-aggregation policy; and removing the other user from the online user community when the other user fits the anti-aggregation policy.

Abstract: A method for authenticating an operator of an AP includes: registering the operator's identity with a CA, by providing the operator's identification information and public key; creating a certificate including the foregoing; signing the certificate with the CA's private key; provisioning the AP with the signed certificate; provisioning a client with the CA's public key; sending a request from the client to the AP; generating a signature with the operator's private key; returning a reply to the client, including the AP provisioned certificate signed with the generated signature; using the client provisioned CA's public key to obtain the operator's public key from the certificate received in the reply; and, using the operator's public key obtained from the certificate received in the reply to verify the signature generated with the operator's private key and used by the AP to sign the certificate received in the reply.

Abstract: A method comprises performing verification of an IM message sent using a specified Instant Messaging (IM) screen name and received by an information recipient after successful verification of authenticity of an authentication certificate received by the information recipient from the specified IM screen name. Verifying the IM message includes successfully verifying authenticity of the IM message using authentication information contained in the received authentication certificate. The IM message includes an encoded checksum for designated parts of the IM message. Performing verification of the IM message includes verifying authenticity of the encoded checksum.

Abstract: A certificate registry system is configured to issue authentication certificates to each one of a plurality of information providers and to maintain a root certificate corresponding to all of the authentication certificates. Each one of the authentication certificates links respective authentication information thereof to identification information of a corresponding one of the information providers. Each one of the authentication certificates includes a respective Instant Messaging (IM) screen name information of the information provider. The authentication certificates of the certificate registry are associated in a manner at least partially dependent upon at least one of a particular type of information that the information providers provide, a particular organization that the information providers are associated with, a particular type profession in which the information providers are engaged and a particular geographical region in which the information providers are located.

Abstract: Methods for authenticating peer mobile network nodes for establishing a secure peer-to-peer communications context in an ad-hoc network are presented. The methods include accessing wireless infrastructure network entities at low bandwidth and for a short time duration to obtain cryptographic information regarding a peer mobile network node for the purpose of establishing secure peer-to-peer communications therewith ad-hoc network. Having received cryptographic information regarding a peer mobile network node, the method further includes challenging the peer network node with a challenge phrase derived from the cryptographic information received, receiving a response, and establishing a secure communications context to the peer mobile network node based on the validity of the received response.

Abstract: A certificate registry system is configured to issue authentication certificates issued to each one of a plurality of information providers and to maintain a root certificate corresponding to all of the authentication certificates. Each one of the authentication certificates links respective authentication information thereof to identification information of a corresponding one of the information providers. Each one of the authentication certificates is devoid of linkage between the corresponding one of the information providers and domain name information thereof. The authentication certificates of the certificate registry are associated in a manner at least partially dependent upon at least one of a particular type of information that the information providers provide, a particular organization that the information providers are associated with, a particular type profession in which the information providers are engaged and a particular geographical region in which the information providers are located.

Abstract: A method is provided in a telecommunications network for authenticating a sender (10) of a message to a recipient of the message.

Abstract: A method is provided for authenticating an identity of an operator (10) of an access point (AP) (52) of a wireless local area network (WLAN) (50) to a client (40) seeking a connection with the AP (52).

Abstract: A method includes receiving an authentication certificate of a voice mail account holder and/or an authentication certificate of a caller wanting to leave a voice mail message the holders' voice mail account. A voice mail apparatus that provides voice mail service for the voice mail account holder performs such receiving. The account holder and/or the caller are authenticated after receiving the authentication certificate of the party being authenticated. Authenticating the account holder and/or the caller is performed using authentication information contained within the respective certificate. After such authentication is successfully performed, a voice mail message record can be created in the account of the account holder. Such creating includes allowing the caller to store the message in the account of the account holder in addition to associating authenticated identification information of the caller with the message and/or providing authenticated identification of the account holder to the caller.

Abstract: A method is carried out by a computer system for combating malicious keystroke-logging activities thereon. An operation is performed for generating a plurality of fake keystroke datasets that are each configured to resemble a keystroke dataset generated by keystrokes made on an input device of the computer system while entering sensitive information of a prescribed configuration. An operation is performed for receiving an instance of the sensitive information instance of the prescribed configuration concurrently with generating the fake keystroke datasets. Receiving the sensitive information instance includes a user of the computer system entering the sensitive information instance by performing keystrokes on the input device of the computer system such that a real keystroke dataset corresponding to the sensitive information instance is generated.

Abstract: A distributed authentication framework is presented. The framework includes an authentication stack that is created by an authentication server. The server receives an authentication request from an end-user, the request including an authentication domain ID that distinguishes the end-user. The authentication stack has entries that trigger local or remote specific authentication actions providing respective results. When the results are consolidated the authentication status of the end-user is determined.

Abstract: A method for enabling a mobile node to transmit encrypted data over a path including a wireless link and an untrusted link, while avoiding double encryption on any link. The data on the end-to-end path is encrypted using an application specific security mechanism, or an L2 mechanism is used for encrypting the data on the wireless link as mandated by the wireless standards, and an application specific security mechanism is used for encrypting the data on the untrusted link. By avoiding redundant double encryption, the method of the invention results in optimizing the use of network resources in bandwidth-limited wireless networks and increases the life of the mobile node battery.

Abstract: A system and method of authenticating the identity of a remote fax machine during a faxing operation is provided. An X.509-type Certificate received from the remote fax machine is validated to affirm it can be properly associated with the remote machine. The Certificate's public key is used to verify the remote fax machine has the corresponding private key. A Certificate's Common Name then compared to an Expected Name to authenticate the identity of the remote fax machine prior to sending a fax to prevent an unwanted misdirection of faxed information and to screen incoming faxes for unwanted spam.

Abstract: A method comprising a plurality of operations. An operation is provided for receiving an authentication certificate of a called party. Telephony apparatus of a party calling the called party performs receiving the authentication certificate. An operation is provided for facilitating authentication of the authentication certificate and called party identification information thereof in response to receiving the authentication certificate. An operation is provided for providing an authentication notification in response to facilitating the authentication of the authentication certificate and the called party identification information. The authentication notification indicates successful authentication in response to the authentication being successful and wherein the authentication notification indicates non-successful authentication in response to the authentication not being successful.

Abstract: A method of automatically aggregating an online user community, and graphical user interface for same, the method including one or more of the following: a user creating the online community; the user defining an aggregation policy for the online user community; a service provider retrieving the aggregation policy; the service provider applying the aggregation policy to an other user; determining whether the other user fits the aggregation policy; adding the other user to the online user community; the user defining an anti-aggregation policy; the service provider retrieving the anti-aggregation policy; determining whether the other user fits the anti-aggregation policy; and removing the other user from the online user community when the other user fits the anti-aggregation policy.