Abstract: In general, techniques are described for modifying control plane messages for subscriber sessions with a network device to add and/or modify discrete information elements and thereby conform the messages to different versions of mobile network specifications, including roaming protocols, executed by different mobile networks or by heterogeneous infrastructure elements within a mobile network. In some examples, an input network interface of a network device receives a roaming protocol message on an interface connecting a first support node of a first mobile network and a second support node of a second mobile network. A roaming protocol module of the network device modifies the roaming protocol message by adding or modifying a discrete information element to conform the roaming protocol message to a roaming protocol of the second mobile network. An output network interface of the network device sends the modified roaming protocol message to the second support node.

Abstract: Various systems and methods for financial analysis are provided. A system is provided comprising a first node comprising a public facing data store in communication with a private facing data store, wherein the first node further comprises a cooperative lookup module configured to locate a second node, a secure data connection between the first node and the second node, and wherein the first node is configured to request processed internal data from the second node.

Abstract: A client-server communication protocol permits the server to authenticate the client without requiring the client to authenticate the server. After establishing the half-authenticated connection, the client transmits a request and the server performs or responds accordingly. A network management system and environment where this protocol can be used is also described and claimed.

Abstract: A method and apparatus to manage a user account. The method includes: setting a plurality of authorization accounts defining usage right regarding functions of the device; mapping at least one of the plurality of authorization accounts to a user authentication account of the device, based on an input of a user; and executing an application installed in the device using a result of the mapping the authorization account and the user authentication account, without stopping running of an operation system of the device.

Abstract: A computer-implemented method for controlling invocation of application programming interface (API) is provided. The method includes categorizing a plurality of APIs according to a plurality of API categories. The API categories are categorized by an API function through which user information is obtained. The method further includes setting a default invoking permission for a respective API category, and detecting, in real time, an attempt by an application to invoke an API in the respective API category. Upon detecting the attempted invocation of the API in the API category by the application, the method further includes controlling the invoking behavior of the API by the application in accordance with the default invoking permission for the API category.

Abstract: A method of enhancing security in a wireless mesh communication network operating in a process control environment and including a plurality of wireless network devices includes processing a join request from a wireless device wishing to join the wireless mesh communication network, providing a limited network functionality to the wireless device if the join request is granted, requesting a complete approval of the wireless device; and granting a full network functionality to the wireless device if the complete approval of the wireless device is received.

Abstract: A method for implementing a mandatory access control model in operating systems which natively use a discretionary access control scheme. A method for implementing mandatory access control for a plurality of computers, the system comprising information assets, stored as files on the computers, and a network communicatively connecting the computers, wherein each of the computers includes an operating system that uses a discretionary access control policy, and wherein each of a subset of computers includes a software agent component operable to intercept a request for a file operation on a file from a user of one of the computers including the software agent, determining whether the file is protected, if the file is protected, altering ownership of the file from the user to another owner, and providing access based on a mandatory access control policy.

Abstract: An access arbitration module includes a plurality of active component communication ports for communicating with a plurality of active components, and includes a passive component communication port for communicating with a passive component. The access arbitration module also includes switching logic defined to control transmission of access communication protocol signals between each of the plurality of active component communication ports and the passive component communication port, such that an authorized one of the plurality of active component communication ports is connected in communication with the passive component communication port at a given time, and such that non-authorized ones of the plurality of active component communication ports are prevented from communication with the passive component communication port at the given time.

Abstract: A computer system is provided comprising a non-volatile storage medium and a processor. The processor acquires authentication information from a first removable storage device, stores the authentication information into the non-volatile storage medium, and forbids data access of the computer system when detecting that a second removable storage device has been inserted and identification data of the second removable storage device is different from the authentication information.

Abstract: Systems and methods for searching secure electronic messages. An input search is received for use in searching content of electronic messages. The search includes searching content of secure electronic messages. The results of the search are provided.

Abstract: A method for providing authenticated access to an encrypted file system includes generating a first seed; providing a request for a key to a key server, the request including at least a first seed block having a first encryption, a message block having a second encryption, and an encryption encapsulation block having a third encryption, the encryption encapsulation block including information for decrypting the message block; at the key server, decrypting the encryption encapsulation block and using the information therein to decrypt the at least a first seed block and the message block; and authenticating the message if the first seed in the at least a first seed block matches a first predetermined seed.

Abstract: Systems and methods for authenticating a user of a service are disclosed. A host of a service provides a user interface that can be accessed via a display of a terminal. Upon successfully transmitting a first set of credentials, the host requests a random image to be generated by an authentication server. The authentication server transmits the random image to the host, as well as to a mobile device that is associated with the user of the service. The mobile device receives a picture message including the image. The user interface displays a list of images on the display. The user matches the received image with an image among the list of images, wherein a successful match follows in the user being granted access to the service. Consequently, an additional layer of security using a visual identification of a user is provided.

Abstract: The present disclosure discloses a method and mobile terminal for enhancing mobile terminal security, and relates to the information security field. The method includes: a mobile terminal providing in advance a target list to a user, setting at least one user-selected target from the list to a hidden state, and storing a password for a protected space set by the user, monitoring a specified application for the user to enter the password for the protected space, when detecting the user entering the password for the protected space via the specified application, entering the protected space, and restoring the target from a hidden state to a visible state, wherein the target can be an application/file at the mobile terminal. The mobile terminal can include: a setting module and a controlling module. The present disclosure can greatly enhance the security of the applications/documents at the mobile terminal.

Abstract: Various embodiments provide methods and systems for controlling an access to applications on a mobile terminal. In an exemplary method, an opened application can be scanned and an application identification can be obtained. The application identification can be compared with a pre-stored target application identification. When the application identification is compared to be consistent with the pre-stored target application identification, an unlock interface can be displayed. An unlock command can be obtained to run the application on the mobile terminal. An exemplary system for controlling an access to an application on a mobile terminal can include a scanning module, a comparing module, a displaying module, and an executing module.

Abstract: A method described herein includes acts of executing a cryptographic function over input data utilizing a processor on a computing device and generating a data packet that indicates how the cryptographic function interacts with hardware of the computing device, wherein the hardware of the computing device comprises the processor. The method also includes acts of analyzing the data packet, and generating an indication of security of the cryptographic function with respect to at least one side channel attack based at least in part upon the analyzing of the data packet.

Abstract: An object is to provide an information communication apparatus able to reliably transmit information to an intended site on a network and a program of the same. Before transmitting the information input from a key input portion (102) from a communication portion (101), it is judged based on registered content of an access list (107) whether or not the transmission of this input information is permitted. When this input information matches with the information included in the access list (107), and a URL address connected with the information matching with the input portion in the access list (107) differs from the address of the transmission destination of the input information, a warning screen is displayed in a display portion (105).

Abstract: An information processing device including a flow definition memory unit configured to store flow definition information in which a process flow of image data read by an image reading unit is defined, and an authentication screen generating unit configured to determine plural processing units that execute a part of the process flow based on the flow definition information, acquire item information indicative of items of authentication information corresponding to a part or all of the plural processing units which require authentication from the part or all of the plural processing units which require the authentication, and generate authentication screen definition information used for displaying an authentication screen integrating and showing the item information.

Abstract: Applications, systems and methods for securely and remotely operating a remote computer from a local computer over a network while providing seamless, firewall-compliant connectivity. Secure and remote operation includes authenticating at least one remote computer for connection to at least one computer over the network and/or at least one local computer for connection to at least one remote computer over the network; establishing a secure connection between the at least one local computer and the at least one remote computer over the network; and integrating a desktop of at least one remote computer on a display of at least one local computer. The connections may be made over a public network, as well as through multiple firewalls without loss of functionality.

Abstract: There are provided a method and apparatus for performing a login by a Mobile Station (MS) in a wireless communication system. In an Internet Protocol Multimedia Subsystem (IMS) network in a wireless communication system, an MS transmits a temporary login request to an IMS server by using a subscriber identity (ID) as a virtual Private Identity (PRID) and receives information about registered PRIDs that are associated with the subscriber ID. The MS determines whether at least one of PRIDs managed by the MS is unregistered in the IMS server. If at least one of the managed PRIDs is unregistered in the IMS server, the MS performs login to the IMS server using one of the managed PRIDs that is unregistered in the IMS server. If none of the managed PRIDs are unregistered in the IMS server, the MS performs login to the IMS server using one of the managed PRIDs that is registered.

Abstract: A system for providing notice of legal rights corresponding to a computing device includes presenting a notice to the user through an I/O interface. The notice is in response to an attempt by a user to access at least one feature of the device through the I/O interface of the device and the notice further indicates that the device is subject to legal rights under a legal instrument. An acknowledgement of the legal rights is presented through the I/O interface. If the user selects the acknowledgement, the user is allowed to access at least one feature of the device. The user is prevented from accessing the at least one feature of the device if the user does not select the acknowledgement.

Abstract: Systems and methods for secure control of a wireless mobile communication device are disclosed. Each of a plurality of domains includes at least one wireless mobile communication device asset. When a request to perform an operation affecting at least one of the assets is received, it is determined whether the request is permitted by the domain that includes the at least one affected asset, by determining whether the entity with which the request originated has a trust relationship with the domain, for example. The operation is completed where it is permitted by the domain. Wireless mobile communication device assets include software applications, persistent data, communication pipes, and configuration data, properties or user or subscriber profiles.

Abstract: According to one embodiment, an authenticator which authenticates an authenticatee, which stores first key information (NKey) that is hidden, includes a memory configured to store second key information (HKey) which is hidden, a random number generation module configured to generate random number information, and a data generation module configured to generate a session key (SKey) by using the second key information (HKey) and the random number information. The authenticator is configured such that the second key information (HKey) is generated from the first key information (NKey) but the first key information (NKey) is not generated from the second key information (HKey).

Abstract: In one example, a method includes intercepting, by a first security module, a request from a software application executing on the computing device to access a resource of the computing device. The first security module may include a first group of permissions received from a second security module included in an operating system. The second security module may control access by software applications executing on the computing devices to resources of the computing device based upon permissions granted to the software applications. The method may also include identifying a second group of permissions granted to the software application. The second group of permissions may be a subset of the first group of permissions. The method may also include determining, based upon the first group of permissions, whether the software application is allowed to access the resource. The method may also include controlling access to the resource, based on the determining.

Abstract: An apparatus, computer program product, and method are disclosed for access control to a mobile terminal. A use end event is generated indicating an end of use of a mobile terminal. Acceleration of the mobile terminal is binarized by the mobile terminal after the use end event is generated to one of a first value indicating a stationary state and a second value indicating a moving state. A use start event is generated indicating a start of use of the mobile terminal. A movement preparation period is measured from a time at which the use end event is generated to a time at which a transition from the first value to the second value occurs. Use authentication is requested in response to the use start event and in response to the movement preparation period exceeding a first threshold.

Abstract: A projection display device that operates, in case that the second authentication information which is input does not match the first authentication information which is stored, operates in the second operation mode in which the projection display device projects in a state that an operation to change the environmental setting information is disabled to be received.

Abstract: A cloud based service use may be logged into the service through multiple client devices simultaneously. Methods, systems, and computer program products base upon cryptographic challenge response are provide to efficiently and securely simultaneously effect a logout from the cloud based service at one or many logged-in client devices associated with the user. When a valid logout request is received by the cloud based service, a current key associated with the user is invalidated, and in some instances, replaced with a new key. Upon subsequent attempt to use the cloud based service by the user, one or more tokens residing on any previously logged-in client device associated the user will not allow cloud based service usage until the user validly logs into the cloud-based service and receives one or more new tokens based upon the new key at each client device.

Abstract: A method and apparatus are provided for protecting confidential information. The method includes the steps of providing a plurality of files where each file contains at least one item of secret information, password protecting the plurality of files with a master password, detecting entry of passwords into a master password entry field, comparing entered passwords with the master password to identify incorrect master passwords and deleting the plurality of files upon successive entry of incorrect master passwords a predetermined number of times.

Abstract: A method and apparatus for accessing contact records in an electronic device with multiple operation perimeters is provided. When accessing contact records from within one operation perimeter, only contact information accessible from that operation perimeter is retrieved. An option is provided to also access contact records of an alternative operation perimeter. If the alternative operation perimeter has a higher security level than the current operation perimeter, a password or other authorization may be required. The contact records may be accessed, for example, to find information for an outgoing communication, to identify information associated with an incoming communication, or to edit a contact record.

Abstract: A method includes receiving, at a computing device, one or more replicated authorization databases. At least one of the one or more replicated authorization databases corresponds to a subscription to access selected data. The selected data is aggregated from a plurality of sources. The method also includes storing the one or more replicated authorization databases at the computing device. The method also includes determining, via the replicated authorization databases, user permission to access the selected data via the computing device. The method also includes enabling access to the selected data at the computing device after determining the user permission to access the selected data.

Abstract: In one embodiment, a picture signature password system may use a picture signature password to determine access to a computing device or service. A display screen 172 may display a personalized digital image 310. A user input device 160 may receive a user drawing set executed by a user over the personalized digital image 310. A processor 120 may authenticate access to the user session if the user drawing set matches a library drawing set associated with the user.

Abstract: The present disclosure describes a method and apparatus for determining a safety level of a requested uniform resource locator (URL) on a mobile device. Secure memory may be configured to host at least one database comprising a plurality of uniform resource locators (URLs) and to also host information representing at least one logo indicative of a safety level of the URLs in the database. Secure circuitry may be configured to compare a requested URL with the database to determine if the requested URL corresponds to one of the URLs of the database and to select an appropriate logo stored in the secure memory. The secure circuitry may be further configured to direct overlay circuitry to blend the appropriate logo onto rendered data from a frame buffer video memory for display to a user.

Abstract: Systems and methods, including computer software adapted to perform certain operations, can be implemented for providing remotely defined security data to an application extension on a client device. A sequence of instructions and at least one permission indicator associated with the sequence of instructions are received. A first permission indicator is associated with a code extension to a software application adapted to execute at least a portion of the sequence of instructions. The code extension is adapted to perform one or more operations that supplement the operations supported by the software application. An instruction within the sequence of instructions associated with adapted for execution by the code extension and with an activity is identified. The first permission indicator is provided to the code extension. The code extension determines whether performance of the activity is permitted based, at least in part, on the first permission indicator.

Abstract: Implementations of the present disclosure involve a system and/or method for providing account information for a telephone number. All users are authenticated to ensure they may access the account information. Once authenticated, the user provides one or more telephone numbers that they would like to retrieve account information for. The system searches for the telephone number and if found, checks to ensure that the telecommunications provider services the phone number. When the telecommunications provider is the provider for the phone number, the record is retrieved and sent to the user.

Abstract: Methods, computer program products and systems are described for online-content management. Online content from multiple contributors is received at one or more first computers for public online display. An authentication score is determined for a contributor of the multiple contributors. The contributor's name and a representation of the contributor's authentication score is published online for display on one or more second computers in association with the online content received from the contributor.

Abstract: A user is presented with one or more user-level permissions in a human understandable language, where the one or more user-level permissions represent one or more application-level permissions requested from an application for accessing one or more resources. A security profile is generated having one or more operating system (OS)-level permissions based on at least one of the user-level permissions authorized by the user. The security profile is enforced to restrict the application to accessing the one or more resources based on the OS-level permissions.

Abstract: In accordance with embodiments, there are provided mechanisms and methods for authenticating and authorizing an external entity. These mechanisms and methods for authenticating and authorizing an external entity can enable improved data security, more efficient data transfer, improved data access channels, etc.

Abstract: The present invention provides a bootstrap system comprising a network system and a mobile handset where the mobile handset can easily receive services of NFC bootstrap application. The handset is effectively authenticated after a bootstrap controller in the network verifies whether a user credential derived in the mobile handset and a user credential separately received from a network server are equal. The application setting is sent to a handset from a bootstrap controller via ad-hoc near field communication (NFC) between the mobile handset and the bootstrap controller. Then the user of the mobile handset can receive various services of the NFC application after the network server delivers the user credential to the service devices with NFC interface.

Abstract: A request, from a requester, is received to view user information on a user's personal site associated with a user. A relationship is determined between the requester and the user. User information is provided to the requester based on the requester's relationship to the user.

Abstract: A user terminal apparatus and a control method thereof are provided. The control method includes: receiving a user control input selecting a user mode; reconstituting a screen based on use authority information of a user mode selected according to the user control input; and displaying the reconstituted screen.

Abstract: A device and a method are provided for increasing processing speed and for ensuring system security when an application or a driver is added. The device includes a first CPU group that executes software composed of basic processing and an OS; a second CPU group that executes software composed of additional processing and OS corresponding to the additional processing, inter-processor communication means used for communication between the first CPU and the second CPU, and access control means that controls access made by the second CPU to a memory and/or an input/output device.

Abstract: Mechanisms to secure data on a hard reset of a device are provided. A hard reset request is detected on a handheld device. Before the hard reset is permitted to process an additional security compliance check is made. Assuming, the additional security compliance check is successful and before the hard reset is processed, the data of the handheld device is backed up to a configurable location.

Abstract: Apparatus, systems and methods are provided for facilitating user authentication in a computing system based on pictorial discernment of images displayed to a user. Multiple images are displayed to a user, with each image having one or more distinguishing characteristics. Each symbol of the user's password is associated with a particular characteristic included in one of the displayed images. The user is properly authenticated if they select the images having the characteristics corresponding with the symbols of the user's password.

Abstract: An information processing apparatus, a software update method, and an image processing apparatus capable of encrypting and decrypting information using values uniquely calculated from booted primary modules or booted backup modules with less effort are disclosed. The information processing apparatus includes primary modules and the same kinds of backup modules, and includes a value storage unit storing values calculated from the modules, an encryption information storage unit storing information unique to the modules, an information decryption unit decrypting the information unique to the modules using the values in the value storage unit, and an encryption information update unit, when the module is updated, encrypting the information unique to the modules based on a value calculated from the each kind of the primary modules or the backup modules after the update.

Abstract: An approach is provided for requesting access to content associated with a resource identifier. A system receives a first request to access content associated with a resource identifier. The system then determines to generate a second request for validating the content based, at least in part, on the resource identifier and to transmit the second request to a validation service. The system receives validation information based, at least in part, on the second request. In one embodiment, the validation information includes a preview of the content.

Abstract: Various systems and methods generate access control policies. For example, one method can receive attribute information regarding a computer user. The method can compare the attribute information with access control information and select a value of an access restriction based on a result of the comparing. The access restriction indicates whether a computer resource can be accessed or not. The method then generates an access control policy that includes the value of the access restriction.

Abstract: Code is associated to a target based on an inspection of the code. A target may be a device or a user. A number of code components may be inspected at one time and then transferred or otherwise associated to a target based on the target's profile. A code component may be a policy of an information management system.

Abstract: A browser is requested to display a text file having a description of a screen structure. The state information on a current state of the embedded device is acquired. An access request for requesting the browser to update, with the acquired state information, a value of at least one node in a document object model (DOM) tree generated from the text file by the browser, is submitted by a state display control program. The at least one node is recorded in an access history list. At a subsequent time, it is determined whether to permit a subsequent access request. If the source of the subsequent access request is not the state display control program, and the at least one node is recorded in the access history list, the subsequent access request is denied.

Abstract: A method for authenticating a mobile device, the method comprising: detecting an external input to the mobile device; when the external input is detected, displaying a screen lock pattern having at least two or more pattern points, each pattern point having an identifier; determining whether a touch input is conducted on the at least two or more pattern points in an UI (User Interface) locked state of the mobile device; and when the touch input conducted on the at least two or more pattern points is successively made in a preset sequenced combination of identifiers, unlocking the locked state of the mobile device.

Abstract: An embodiment of the invention is directed to a data processing system having a plurality of users, a portion of which were previously assigned permissions respectively corresponding to system resources. The embodiment includes acquiring data from a first data source, containing information pertaining to the portion of users and their permissions, and further includes acquiring data from a second data source, containing information pertaining to attributes of each user of the plurality. A set of permissions is determined for a given role, from both first and second data sources. First and second criteria are determined for assigning users to the given role, from information in the first and second data sources, respectively. A particular user is selected for admission to the given role only if the particular user is in compliance with both the first criterion and second criterion.

Abstract: An information processing apparatus includes a storing portion, an authentication portion to authenticate a user using one of the one or more user apparatuses on the basis of identification information received from the user apparatus; a selecting portion to select, as main data, a piece of data from among one or more pieces of data stored in a presentation area which is a predetermined one of the plurality of storage areas; a screen generating portion to generate an access screen including an image of the selected main data; an access detecting portion to detect an access to the presentation area; and a screen transmitting portion, when the access detecting portion detects an access to the presentation area by the authenticated user, to transmit the generated access screen to the one of the one or more user apparatuses that is used by the authenticated user.