Abstract: A system and method for associating message addresses with certificates, in which one or more message addresses are identified and associated with a user-selected certificate that does not contain any e-mail addresses. In certain situations, a message may be encrypted using a certificate that does not contain an e-mail address that matches the e-mail address of the individual to which the message is to be sent, so long as the address to which the message is to be sent matches any of the message addresses associated with the certificate. The message addresses are saved in a data structure that resides in a secure data store on a computing device, such as a mobile device.

Abstract: Terminal certification means of a communication terminal manages a content and certification information on the content in association with each other. Upon access to a server associated with the execution of the content, request means sends the server a request including certification information associated with the content. In response to the request from the communication terminal, the server uses server certification means to certify the request. Access control means performs access control based on policy information stored in policy information storage means.

Abstract: A system for secure data processing can include an electronic data storage device and a field programmable gate array coupled to the electronic data storage device. The field programmable gate array can be configured to include a data storage section for performing a data storage operation and a data retrieval section for performing a data retrieval operation. The data storage operation can include obtaining a seed value and retrieving one or more algebraic operations based on the seed value. The storage operation can also include processing input data according to the one or more algebraic operations to generate pseudorandom output data, prepending the seed value to the output data and storing the output data in the electronic data storage device.

Abstract: A method for managing server apparatuses and a management apparatus thereof are provided. A server apparatus is searched in the management apparatus for receiving an Internet Protocol (IP) address from a Baseboard Management Controller (BMC) of the server apparatus. And identification information of an Operating System (OS) of the server apparatus is obtained according to the IP address. The IP address and the identification information are bound. Then, an out-of-band message received from the BMC is updated into a server object according to the identification information.

Abstract: A device includes a first bus, a second bus, a processor configured to communicate with a storage circuit through the first bus and to communicate with a debug host through the second bus and a control circuit configured to inhibit transfer of data from the second bus to the debug host while receiving authentication information from the debug host and to enable transfer of data from the second bus to the debug host responsive to authentication of the received authentication information. The control circuit may be configured to inhibit data transfer from the second bus to the debug host by causing dummy data to be transmitted to the debug host over a transmit channel between the device and the debug host.

Abstract: By disabling at least one data transmission port of a media access device when the media access device is connected to a storage medium under an encrypted state and when the media access device is capable of performing decryption corresponding to an encryption mechanism applied on the storage medium, data security of the storage medium can be secured.

Abstract: A method of mediating communications between a first computing device and a second computing device, by an intermediary computing device, comprising establishing a communications link to each of the first and second computing devices, receiving a first message from the first computing device, the content of the first message comprising information in a protected format, converting at least part of the information in the protected format to an unprotected format, and transmitting a second message to the second computing device, the content of the second message comprising at least part of the information in the unprotected format.

Abstract: A method identifies anonymized parties in a transmitted communication. A sender replaces one or more communication party identifiers in control data within a communication with one or more anonymized identifiers before transmitting the communication to one or more recipients of the communication. A recipient receiving the communication searches a local lookup table by an anonymized identifier for a corresponding non-anonymized identifier which identifies a party of the communication. In response to identifying a corresponding non-anonymized identifier, the recipient then replaces the anonymized identifier with the corresponding communication party identifier and presents the recipient with the non-anonymized identifiers within the communication.

Abstract: A data-processing system, such as a payment processing system, including a tokenizer, such as a card encryption and storage system (CES) employing a tokenization feature. In one embodiment, the present invention provides a first-computer-implemented method for preventing the transmission of confidential information between a first computer and a second computer in communication with the first computer. The method includes the steps of: (a) the first computer receiving information for performing a transaction, the information including confidential information manually entered by a user; (b) the first computer sending the confidential information to a third computer; (c) the first computer receiving, from the third computer, a token having no algorithmic relationship to the confidential information; and (d) the first computer sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token.

Abstract: To securely transmit data from a communication terminal (TC) to an application server (SA) over a telecommunications network (RT), the communication terminal (TC) being connected to the application server (SA) via an unsecure access network (RAns) and being able to communicate with the application server (SA) via at least one secure access network (RAs), the communication terminal (TC) switches the connection with the application server (SA) from the unsecure access network (RAns) to a secure access network (RAs), when personal data (DonP) is likely to be entered or is entered by the user, transmits the personal data (DonP) to the application server (SA) via the secure access network (RAs), and switches the connection with the application server (SA) from the secure access network (RAs) to an unsecure access network (RAns).

Abstract: A licensing platform is provided. The licensing platform, in communication with a first license sharing device and a second license sharing device, includes a license database and a main license sharing device. The license database provides a plurality of licenses. The main license sharing device includes: a license allocation manager, in communication with the license database, for dynamically managing a usage status of the plurality of licenses; a next-tier membership manager, in communication with the license sharing devices, for allocating at least one of the plurality of licenses to the license sharing devices, and updating a license usage status of the license sharing devices; and a license record manager, in communication with the license allocation manager and the next-tier membership manager, for recording the usage status of the plurality of licenses.

Abstract: The subject disclosure is directed towards automated, static analysis-based program code processing that detects unprotected resource accesses by applications, that is, those that do not provide proper opt-in consent dialogs (prompts). In one aspect, consent prompt code is automatically inserted into the program code to protect such unprotected access points. Also described are program representation graph construction and processing, a dominator node-based approach to determine placement points for inserting consent prompt code, and a backward search-based approach for inserting consent prompt code.

Abstract: A method and system for secure distribution of digital content, using a disintegration tool under control of a distributor of the digital content to divide the digital content into protected and unprotected segments, delivering the unprotected segments to the customer along with installation software and identification information. The segments to be protected are modified using the identification information on the distribution medium and hardware information unique to a particular customer device. Upon communication of this information from the customer device, the modified segments are sent to the customer device for integration with the unprotected segments to generate a modified digital content operable only on the particular customer device.

Abstract: Systems and techniques are disclosed for detecting whether a wearable computing device is worn by a user or not. The detection can be made based on whether the device is secured to a user or based on a sensor. A device worn by a user may be operated in a private mode such that the user wearing the device is provided information that is useful while wearing the device. For example, the user may receive message notifications, news updates, telephone call information, or the like. A wearable computing device maybe operated in a public mode while not being worn by a user. While in the public mode, the device may provide non user specific information such as a current time, media items, or the like.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for automated mobile device management profile distribution. One of the methods includes receiving a first request for access to a first network resource from a client device, the first network resource corresponding to one of a plurality of restricted resources accessible only by devices enrolled with a mobile device management system, determining that the client device is not enrolled with the mobile device management system, preventing the client device access to the first network resource, providing to the client device a redirect to a mobile device management resource that is different from the first network resource, providing instructions for presentation of a user interface to the client device, and enrolling the client device with the mobile device management system, the enrolling comprising providing a copy of the mobile device management profile to the client device.

Abstract: A method for manipulating security of an integrated circuit layout, comprising: rendering a PCell that is created by an original user for a successive user; providing an open access to the PCell; providing a PCell evaluator to execute evaluating steps of: getting license information from the PCell, and checking the PCell license information; and generating a layout of a sub-master by instantiating a super-master of the PCell if the PCell license information is valid, or leave the sub-master empty in a PCell view if the PCell license information is invalid.

Abstract: A storage device started when connected to a computer so as to be able to communicate. The storage device includes: an interface for controlling communication with the computer, a data storage unit for storing data received from the computer via the interface, a radio signal processing unit for receiving radio signals including ID information at a predetermined timing and for authenticating the received ID information, and a control unit for encrypting data using the authenticated ID information as a key, for sending the encrypted data to a data storage unit, and for disabling communication with the computer via the interface when radio signals including the authenticated ID information are not received by the radio signal processing unit within a predetermined period of time.

Abstract: Systems and methods for obfuscating user data in a remote web-based application are disclosed. According to one method, user inputs to a displayed web page of the remote web-based application are received at a first web browser that is used by the user, wherein at least a portion of the user inputs comprise user-inputted data intended to be stored at the web-based application. The user inputs are transmitted to a management component that is configured to interact with a second web browser that communicates with the web-based application. The management component obfuscates at least a portion of the user-inputted data and forwards the obfuscated and un-obfuscated portions of the user inputs to the second web browser, which correspondingly transmits the obfuscated and un-obfuscated portions of the user inputs to the remote web-based application.

Abstract: A computer implemented method and system for managing electronic content security and access within a networked environment are provided. A proprietary wrapper file is created for encapsulating the electronic content upon transferring the electronic content to the computing device of a user. The proprietary wrapper file is configured for enforcing content usage policies on the electronic content and for performing configurable functionalities. A security client application is provided on the computing device in response to a request for accessing the electronic content. A local software component employed for accessing the electronic content is embedded within the security client application. The user is granted controlled access to the electronic content by enforcing the content usage policies through the wrapper file.

Abstract: An environmental monitoring device that monitors the operation of a legacy electronic device is described. In particular, a sensor in the environmental monitoring device provides sensor data that represents an environmental condition in an external environment that includes the environmental monitoring device. This environmental condition is associated with the operation of the legacy electronic device in the external environment. The environmental monitoring device analyzes the sensor data and provides feedback about the operation of the legacy electronic device based on the analyzed sensor data. Moreover, the sensor provides the sensor data without or excluding communication and/or electrical coupling between the environmental monitoring device and the legacy electronic device. In this way, the environmental monitoring device facilitates monitoring, analysis and feedback of the sensor data without directly interacting with the legacy electronic device.

Abstract: Disclosed is a system and method for receiving, by a wireless gateway device from a user computing device, a request for network access. In an embodiment, the request is formatted to comply with a different communication protocol, and transmitted to a authentication computing device. The gateway device receives a reply from the authentication computing device that grants the request. The reply is transmitted by the wireless gateway device and to the user computing device. A first communication pathway is established between the authentication computing device and the user computing device, and a request for access to at least one other computing device is received by the authentication device. The request is forwarded, and a reply granting the request is received and forwarded to the user computing device.

Abstract: When a content write unit records a content on a medium, a control unit controls to record a dummy license which is generated by a dummy license generation unit and an expiration time limit is set into a past time, into the medium. When a recording of the content on the medium is completed, the control unit controls to delete the dummy license recorded on the medium and to record a normal license into the medium.

Abstract: A method and apparatus may rapidly test applications by causing or simulating failures within nodes of a cloud computing system in support of both application and infrastructure testing. The method and system may support a variety of “attacks” including the ability to stop or freeze application servers, insert latency or drop packets between servers, constrain CPU or memory, and disable various software flows and applications. Rather than randomly inserting random failures or simulated failures into cloud-based computing system nodes to test their durability and the efficacy of particular applications or services that are executing within the system, the system and methods include a user interface for manually controlling the system attacks.

Abstract: Techniques are disclosed for hiding sensitive information from a provider of support services. In one embodiment, a first network device determines that network device information includes non-sensitive data and sensitive data. In response to the determining, the first network device generates mapping data that maps dummy information to the sensitive data. The first network device generates output data that comprises the non-sensitive data and the dummy data and sends the output data to a second network device. In other embodiments, the user may select the network parameters that are sensitive. The first network device may also receive first report data from the second network device that identifies a network problem and includes the dummy data and generate second report data by using the mapping data to replace the dummy information with the sensitive data.

Abstract: A secure data storage system includes a mechanism that can be activated to inhibit access to stored data. In one embodiment, access to stored data can be prevented without having to erase or modify such data. An encryption key, or data used to generate the encryption key, is stored in an MRAM module integrated within the data storage system. The data storage system uses the encryption key to encrypt data received from a host system, and to decrypt the encrypted data when it is subsequently read by a host system. To render the stored data inaccessible, an operator (or an automated process) can expose the MRAM module to a magnetic field of sufficient strength to erase key data therefrom.

Abstract: An information processing system, an information processing method for use with the system, an information providing system, and information providing method for use with the system, an information processing apparatus, an information processing method for use with the apparatus, a doll, an object, a program storage medium, and a program for authenticating users reliably are provided. A user acquires beforehand a doll called Pochara the Good Friend incorporating an IC chip that stores a user ID for authenticating the user. When the user mounts the doll on a platform connected to a personal computer, the user ID is read from the IC chip by a reader housed in the platform and transmitted over the Internet to a Pochara service server. The server has a Pochara database holding personal information about users of the service. The transmitted user ID is checked against the personal information in the database for authentication. This invention applies advantageously to servers offering services through networks.

Abstract: A storage device protection system including a protection control unit, a detection unit, an account/password input unit, an ID acquiring unit, and an encryption unit is provided. The detection unit determines whether a storage device and a key storage device are both coupled to a host. The account/password input unit receives an administrator ID and an administrator password. The ID acquiring unit obtains IDs of the storage device and the key storage device. The encryption unit encrypts the administrator ID, the administrator password, and the IDs of the storage device and the key storage device into encryption data. The protection control unit stores the encryption data into the key storage device and sets an access mode of the storage device as a protection status according to the administrator ID and the administrator password. Thereby, the storage device can be effectively unlocked by using the key storage device.

Abstract: Determining the vulnerability of computer software applications to privilege-escalation attacks, such as where an instruction classifier is configured to be used for identifying a candidate access-restricted area of the instructions of a computer software application, and a static analyzer is configured to statically analyze the candidate access-restricted area to determine if there is a conditional instruction that controls execution flow into the candidate access-restricted area, perform static analysis to determine if the conditional instruction is dependent on a data source within the computer software application, and designate the candidate access-restricted area as vulnerable to privilege-escalation attacks absent either of the conditional instruction and the date source.

Abstract: A secure content delivery or access method may include coordination among three devices such as servers—a content management server, a delivery server, and an authorization server. A request for content may originate from an authorization server application, and may involve the application obtaining two digitally signed tokens for the request. The first token may be from the authorization server, and may include a content management server identifier for the requested content. The second token may include two identifiers for the content: the first identifier being the content management server identifier, and the second being a delivery server identifier. The first and second tokens may be signed by the authorization server and content management server, respectively, and may be delivered to the delivery server for validation. Successful validation may result in the delivery server providing a content decryption key for the requested content to a device requesting the content.

Abstract: Data can be scanned using a network managed appliance. The network managed appliance may integrate commercial hardware elements connected through a basic or simplified operating system environment expressly developed for the appliance, thus being more malware resistant and less vulnerable to attacks from the scanned data or other sources. The network managed appliance may be a self-contained apparatus with an integrated chassis, designed and configured as “single-purpose” device. Such appliances may be connected to an appliance management network including central management servers in communication with appliances in remote locations. The central management servers may ensure that scanning software and the definitions lists for each of the appliances are current and match an enterprise-approved configuration.

Abstract: Described is a method, apparatus for visiting privacy content. The method includes: obtaining system input event, and extracting input data corresponding to the system input event; obtaining sample data matching with the input data; accessing to an application corresponding to the sample data; and displaying privacy content of the application. The method and the apparatus for visiting privacy content is used to reduce user operating steps and improve operating efficiency.

Abstract: Systems and methods for providing privacy settings for applications associated with a user profile are provided. Exemplary methods include receiving a request from a member of a web-based social network to access a third-party application, providing privacy settings selections to control access to data associated with the installed application, receiving a privacy settings selection from the member, and providing to the third party application information about the user subject to the received privacy settings selections.

Abstract: According to at least one embodiment, an electronic apparatus includes a wireless communicator, storage, and an erasing processor. The wireless communicator communicates with a management device connected to a network. The storage stores a plurality of account information elements and data. The plurality of account information elements correspond to a plurality of accounts. The plurality of account information elements include account names. The data correspond to the plurality of accounts. The erasing processor erases a first account information item corresponding to a first account in the plurality of accounts and first data corresponding to the first account when a request to erase the first account is received from the management device.

Abstract: A method is provided of anonymising an interaction between a user entity and a service provider node wishing to provide a service to the user entity in dependence upon characteristics of the user entity determined or revealed as a result of the interaction, the method comprising: assigning the user entity to at least one set, each set comprising as members a plurality of user entities sharing a characteristic associated with that set; counting the number of user entities the set or in an intersection of the at least one set and calculating a share of said value attributable to each user by dividing the value by the number of user entities in the set; ensuring that the intersection of the at least one set comprises at least a predetermined minimum number of user entities; and providing to the service provider node information relating to the or each characteristic associated with the at least one set, the information being for use at the service provider node in providing a service to the user entity that is a

Abstract: A users' data profiling network implementing a method of dynamic pseudonymization of users for ensuring user privacy, including: receiving at a data node new input data related to a user along with an associated new user pseudonym and an old user pseudonym; in the data node, finding user data record, corresponding to the received new input data, having stored therein a dynamic input user pseudonym equal to the old user pseudonym received together with the new input data or to one user pseudonym; temporarily storing, in the found user data record, the new input data; setting the dynamic input user pseudonym stored in the user data record equal to the last received new user pseudonym associated with the received input data related to the user; computing and storing an output user data profile in the user data record, and then erasing accumulated new input data from the user data record.

Abstract: Various aspects of the disclosure relate to configuring and providing policies that manage execution of mobile applications. In some embodiments, a user interface may be generated that allows an IT administrator or other operator to set, change and/or add to policy settings. The policy settings can be formatted into a policy file and be made available for download to a mobile device, such as via an application store or to be pushed to the mobile device as part of a data push service. The mobile device, based on the various settings included in the policy file, may perform various actions to enforce the security constraints that are represented by the policy. The various settings that can be included in a policy are numerous and some examples and variations thereof are described in connection with the example embodiments discussed herein.

Abstract: Methods and systems are disclosed for distributing video sequences in a coded stream. The methods and systems include analyzing an original coded stream, generating at least one modified coded sub-frame, generating, based upon the analysis, a modified stream and a second stream by replacing an original coded sub-frame by the modified coded sub-frame, so that the modification from the original coded sub-frame results in a visually altered video sequence, transmitting the first and the second generated streams, and reconstructing the original stream using the modified coded sub-frame contained in the second stream.

Abstract: A system and process for identifying a client, comprising a client device having a video camera and a voice transmitting and receiving device capable of transmitting a client's image and voice via a communication carrier system and a communications network to a user terminal, whereby the user terminal permits an authentication of the client's image and voice in real time. Another aspect of the present invention includes a method of identifying a fraudster, comprising the steps of using a client device having a video camera and voice transmitting and receiving device to initiate an authentication of a client's identity, transmitting the fraudster's image and voice over a communication carrier system and a communications network to a user terminal, comparing the fraudster's image and voice to client data, and storing the fraudster data.

Abstract: A programmable cryptography circuit includes memory-based cells defining the logic function of each cell, integrating a differential network capable of carrying out calculations on pairs of binary variables, including a first network of cells implementing logic functions on the first component of the pairs and a second network of dual cells operating in complementary logic on the second component of the pair. A calculation step includes a precharge phase, in which the variables are put into a known state at the output of the cells, and an evaluation phase in which a calculation is made by the cells. A phase of synchronizing the variables is inserted before the evaluation phase or the precharge phase in each cell capable of receiving several signals conveying input variables, the synchronization being carried out on the most delayed signal.

Abstract: Data received at, or created on, a device may be tagged as corporate dependent upon a service over which the data is received or an application in which the data is created. When a user attempts to insert tagged data into a data item that is to be transmitted by the device, the insertion may be prevented. Similarly, the transmission of tagged data may be restricted to only occur on a secure service.

Abstract: In some embodiments, techniques for computer security comprise receiving a first email, detecting a first link in the email, wherein the first link is associated with a first link destination, determining a second link associated with a second link destination, wherein the second link destination is associated with a predetermined address and with the first link destination, providing a second email, where the second email differs from the first email at least by having the first link rewritten with the second link, receiving an HTTP request for the second link destination, determining the first link destination from the second link destination, verifying that the first link destination is not suspicious, and enabling navigation to the first link destination.

Abstract: In a multitenant service, security of the entire service is guaranteed by logically separating data for each tenant, and performing control to prevent access to data of another tenant. In an operation of the multitenant service, there are some special cases in which an access to data of another tenant becomes necessary. Further, processing executable across tenants needs to be subjected to restrictions on an executor of the processing and a processing target in addition to restrictions on a processing content. In data access control of the multitenant service, a control operation to determine whether processing is executable across tenants for each API and a control operation to determine whether processing is executable across tenants according to tenant categories of the executor and the processing target are performed.

Abstract: Disclosed are various embodiments for inhibiting or preventing automated data extraction from network pages. A source for a network page having a document structure is obtained. An obfuscated network page is generated from the network page by altering the document structure to inhibit automated extraction of data. The obfuscated network page is configured to have a visual appearance that is the same as that of the network page when rendered by a client for display. The obfuscated network page is sent to the client in response to a request from the client for the network page.

Abstract: Extracting data from a source system includes generating an authorization model of the data protection controls applied to the extracted data by the source system. The authorization model is used to map the data protection control applied to the extracted data to generate corresponding data protection controls provided in target system. The extracted data is imported to the target system including implementing the corresponding data protection controls.

Abstract: Described are a secure geo-location obscurity network and ingress nodes, transit nodes and egress nodes used in such a network. In particular, a novel device is provided and comprises: a node for a network, the node comprising: a private portion for allowing high bandwidth secure private traffic to be received and transmitted by the node on a private pathway through the node; and a public portion for allowing low bandwidth secure public traffic to be received and transmitted by the node on a plurality of public pathways through the node.

Abstract: The invention concerns a cryptographic key distribution system comprising a server node, a repeater network connected to the server node through a quantum channel, and a client node connected to the repeater network through a quantum channel; wherein in use: the repeater network and the client node cooperatively generate a transfer quantum key which is supplied to a system subscriber by the client node; the server node and the repeater network cooperatively generate a link quantum key; the repeater network encrypts the link quantum key based on the transfer quantum key and sends the encrypted link quantum key to the system subscriber through a public communication channel; the server node encrypts a traffic cryptographic key based on the link quantum key and a service authentication key and sends the encrypted traffic cryptographic key to the system subscriber through a public communication channel.

Abstract: Code is associated to a target based on an inspection of the code. A target may be a device or a user. A number of code components may be inspected at one time and then transferred or otherwise associated to a target based on the target's profile. A code component may be a policy of an information management system.

Abstract: Devices, methods, and computer programs are presented for displaying information output of a host. One apparatus includes a housing that includes a panel, a scalar, a sensor, an integrated circuit (IC), and a communications device. The panel includes a plurality of light emitting devices arranged to define an area for displaying information output from the host. The scalar is for receiving pixel data from the host computer to be displayed on the panel, and the sensor is for capturing data proximate to the panel. The IC is in communication with the scalar and the panel, the integrated circuit configured to intercept the information output from the host computer, the data of the sensor being analyzed for security control when the information output is to be presented to the scalar. The communications device is for enabling the IC to communicate with a remote computer without communicating through the host computer.

Abstract: Cross-site request forgeries (“XSRF”) can be prevented using a client-side plugin on a client computer. The client computer accesses a content provided by a third party host via a network and generates a request to a web application as directed by the content. The client-side plugin determines whether the request is associated with suspicious activities based on the content, a source of the request and a list of approved hosts associated with the target host. In response to a determination that the request is associated with suspicious activities, the plugin removes authentication credentials from the request and sends the request to the web application.

Abstract: A method, system, and device for verifying authorized issuance of a statement or expression, including determining if a statement or expression is associated with a statement of trusted issuance; determining if the statement of trusted issuance applies; determining if issuance of the statement of trusted issuance is authorized; and verifying that the issuance of the statement or expression was authorized, if the statement of trusted issuance applies, and the issuance of the statement of trusted issuance is authorized.