Abstract: A method of controlling access to one or more data resources may include receiving, from a client device by an authentication server device, a request to access a data resource. The request may include a job identifier associated with a job. The method may include transmitting, by the authentication server device to a scheduling server device, the job identifier, receiving, by the authentication server device from the scheduling server device, job information associated with the job, determining, by the authentication server device, whether at least a portion of the job information satisfies an access policy associated with the data resource, and granting the job access to the data resource in response to the at least a portion of the job information satisfying the access policy.

Abstract: A computer-implemented method, apparatus and computer program product for providing secure consumption of applications from mobile devices, The method comprises receiving a security policy associated with usage of an application by a user using a mobile device, the security policy comprising at least one vulnerability indication; receiving at least partial code of the application; identifying at least one JavaScript instruction in the code, the at least one JavaScript instruction associated with the security vulnerability; and adding additional JavaScript instructions to the code for handling the security vulnerability.

Abstract: Systems and method are provided for delivering notifications to user regarding use of their authentication information. The delivery of notifications involves ascertaining a device identifier associated with a request received from a user device to engage in a transaction using the authentication information and comparing this device identifier associated with the request to a plurality of known device identifiers previously associated with the authentication information. Thereafter, a notification for a user associated with the authentication information can be generated and delivered, if the device identifier is not among the plurality of known device identifiers. In the systems and methods, contact information for delivering the notification is based on contact information for at least one previous transaction that meets a selection criteria and that is associated with the authentication information.

Abstract: A tokenization system includes a vector table and one or more token tables. The tokenization system accesses sensitive data and a vector from a vector table column, and modifies the sensitive data based on the accessed vector. The tokenization system then queries the one or more token tables using a portion of the modified data to identify a token mapped to the portion of the modified data. The portion of the modified data is replaced with the token to create tokenized data. The vector table can be updated by replacing a vector table column with an updated vector table column. The tokenization system can modify subsequent data using the updated vector column prior to tokenization.

Abstract: A system and method for integrating business tools in a social networking environment. A proxy access module includes a social network application, a business registration engine, an application directory engine, an access request engine and a graphical user interface engine. The social network application receives input from a user for sharing the business tool with other members of a social network. The business registration engine receives and processes registration information for allowing access to a business tool. The application directory engine determines whether the user has permission to access the business tool. The access request engine receives and processes a request for accessing a business tool via a social network. The graphical user interface engine generates graphical data for displaying a business tool.

Abstract: System and method embodiments are provided herein for efficient representation and use of initialization vectors (IVs) for encrypted segments using template mode representation in Dynamic Adaptive Streaming over Hypertext Transfer Protocol (DASH). An embodiment method includes sending in a media presentation description (MPD), from a network server to a client, a template for generating a universal resource locator (URL) to obtain an IV that is used for encrypting a segment, in absence of an IV value in the MPD, receiving from the client a URL configured according to the template, and upon receiving the URL, returning an IV corresponding to the URL to the client. Another embodiment method includes receiving in a MPD, at a client from a network server, a template for generating a URL to obtain an IV that is used for encrypting a segment, upon detecting an absence of an IV value or IV base value in the MPD, configuring a URL for the IV using the template, sending the URL for the IV, and receiving an IV.

Abstract: A system can comprise a memory to store computer readable instructions and a processing unit to access the memory and to execute the computer readable instructions. The computer readable instructions can comprise a certificate manager configured to request generation of N number of random values, where N is an integer greater than or equal to one. The certificate manager can also be configured to request a digital certificate from at least one certificate authority of at least two different certificate authorities. The request can include a given one of the N number of random values. The certificate manager can also be configured to generate a private key of a public-private key pair, wherein the private key is generated based on a private key of each of the least two certificate authorities.

Abstract: Methods and apparatus are provided for signing data transactions using one-time authentication passcodes. User authentication passcodes are generated by generating a time-based user authentication passcode based on a forward-secure pseudorandom number, wherein the generated time-based user authentication passcode is used for authentication of the user; and generating an event-based user authentication passcode based on a forward-secure pseudorandom number, wherein the generated event-based user authentication passcode is used to sign one or more data transactions. The generation of an event-based user authentication passcode can be performed on-demand. The generation of the event-based user authentication passcode can optionally be performed substantially simultaneously with the generation of the time-based user authentication passcode.

Abstract: Various methods and communications devices to improve association and handoff performance of a wireless network are provided. By way of example, a modified state machine that permits reduced security requirements for authentication in order to achieve fast authentication is employed. The modified state machine providing fast authentication remains compatible with the classic state machine implementing the wireless fidelity (WiFi) standard.

Abstract: The present invention discloses an encoding apparatus using a Discrete Cosine Transform (DCT) scanning, which includes a mode selection means for selecting an optimal mode for intra prediction; an intra prediction means for performing intra prediction onto video inputted based on the mode selected in the mode selection means; a DCT and quantization means for performing DCT and quantization onto residual coefficients of a block outputted from the intra prediction means; and an entropy encoding means for performing entropy encoding onto DCT coefficients acquired from the DCT and quantization by using a scanning mode decided based on pixel similarity of the residual coefficients.

Abstract: By injecting bytecode into a predetermined method of a sandbox environment, an application that uses an exploit to attempt to escape from the sandbox environment may be detected without knowledge of the application or the exploit used to attempt to escape from the sandbox environment. Upon indicating that the application has escaped the sandbox, the application may be terminated or the escape may be reported, allowing further monitoring of the application.

Abstract: Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java TN applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides for monitoring information received, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information. An MPC embodiment further provides, within a Downloadable-destination, for initiating the Downloadable, enabling malicious Downloadable operation attempts to be received by the MPC, and causing (predetermined) corresponding operations to be executed in response to the attempts.

Abstract: An electronic device includes a positioning module, a micro processing unit and a first storing device. The micro processing unit electrically connects with the positioning module and the first storing device. The electronic detects a position thereof via the positioning module and generates a positioning coordinate datum. The micro processing unit determines whether the electronic device is in a preset working area through the positioning coordinate datum. When the electronic device is not in the preset working area, the micro processing unit stops the electronic device from accessing the first storing device. When the electronic device is in the preset working area, the micro-processing unit allows the electronic device to access the first storing device and boot a first operating system stored thereon.

Abstract: A one-time password (OTP) based security scheme is described, where a provider pre-generates a number of verification codes (e.g., OTP codes) which will be valid for a predetermined interval. The provider then encodes the verification codes (e.g., by hashing each code with a time value), and stores the verification codes into a data structure. The data structure can be provided to a verification system that can use the set of pre-generated OTP codes to authenticate requests received from users having personal security tokens.

Abstract: Systems and methods may provide for identifying unencrypted data including a plurality of bits, wherein the unencrypted data may be encrypted and stored in memory. In addition, a determination may be made as to whether the unencrypted data includes a random distribution of the plurality of bits. An integrity action may be implemented, for example, when the unencrypted data includes a random distribution of the plurality of bits.

Abstract: Methods and systems for evaluating and rating privacy risks posed by applications intended for deployment on mobile platforms. Validating the “intent” of a mobile platform application vis-à-vis its impact on user privacy, as viewed from an end-user's perspective allows those end-users to make better-informed decisions concerning the downloading, installation and/or operation of mobile platform applications. In making such assessments user preferences can be taken into account. Privacy scores are provided through sales channels for the applications, thereby affording potential users the opportunity to assess whether they wish to incur the associated privacy risk, before purchasing a subject application.

Abstract: A method of providing a user with an option to access a protected system by satisfying a reduced security measure is disclosed. An attempt by the user to access the protected system is detected. It is detected that a first security token system is within a first proximity to the protected system. Based on the detecting of the attempt by the user to access the protected system and the detecting that the first security token system is within the first proximity, the user is provided with the option to access the protected system by satisfying the reduced security measure.

Abstract: Disclosed embodiments of a data protection mechanism can provide secure data management. In particular, the disclosed embodiments provide secure data management mechanisms that can control transfer of data items so that contents of protected data items are not accessible to non-authorized parties. For example, the disclosed system can prevent an application from storing a protected file using a new file name. As another example, the disclosed system can prevent an application from sending a protected file to another computing device over a communication network.

Abstract: Embodiments of the present invention provide a key insulation method and device. The key insulation method includes: randomly selecting a first parameter s from Z*q, acquiring a helper initial key from a helper, and generating an initial user private key according to the first parameter s, a preset first cryptographic hash function H1, and the helper initial key; and acquiring a helper updated key for a time segment i from the helper, and updating a user private key for a time segment j according to the helper updated key for the time segment i to obtain a user private key for the time segment i. According to the key insulation method and device provided by the embodiments, in a process of generating an initial key and a process of updating a key, lifecycle is not involved, which improves flexibility of a key system.

Abstract: The cyber threat monitor and control apparatuses, methods and systems (hereinafter “CTMC”) determines risk across a global Internet network graph model for various virtual or physical network elements. In one embodiment, the CTMC defines a factor mechanism representing interactions among the set of network elements, the factor mechanism including a factor indicative of a correlation between a pair of network elements from the set of network elements, and dynamically calculate the probabilistic network security measure for each network element in the global Internet graph model based at least in part on the factor mechanism and any observed threat indicators related to the global Internet graph model.