Abstract: A computer-implemented method for content management across multiple server computers includes receiving a request to transfer a file between a central server computer and a client device. A list of two or more local server computers is received, wherein the two or more local server computers transfer the file between the central server computer and the client device. Operational information is received that is associated with each of the two or more local server computers and a duration of connectivity between each of the two or more local server computers and the client device. A strategy is determined for the file across the two or more local server computers based, at least in part, on the operational information associated with each of the two or more local server computers.

Abstract: Embodiments of the present disclosure include data loss prevention methods by a cloud-based service including third party integration architectures. The disclosed techniques of the cloud-based platform (e.g., collaboration platform in an enterprise environment) can detect (and may optionally prevent) violations to, e.g., corporate policies, which can be configurable by a corporate administrator, for example, regarding the use, storage, and/or transmission of sensitive information. The types of sensitive information can include, for example, financial information—credit card and bank account numbers, Personally Identifiable Information (PII)—Social Security Number (SSN), health/healthcare information, Intellectual Property—earnings forecasts, sales pipeline, trade secrets, source code, etc.

Abstract: The present invention is directed to systems for and methods of controlling access to computer systems. A method in accordance with the present invention comprises performing a test that includes comparing input responses to randomly selected questions with corresponding pre-determined responses to the questions and granting access to the system in the event the test is passed. A first condition of passing the test is that each input response matches a corresponding pre-determined response. Once passing the test, the user is granted permissions to access data based on his position. For example, a corporate director generally has greater permissions than an engineer. Preferably, the user's permissions determine an encryption key and a decryption key that the user is able to use to access protected data.

Abstract: A system, apparatus, method, and machine readable medium are described for authenticating a client to a device.

Abstract: A rules evaluation engine that controls user's security access to enterprise resources that have policies created for them. This engine allows real time authorization process to be performed with dynamic enrichment of the rules if necessary. Logging, alarm and administrative processes for granting or denying access to the user are also realized. The access encompasses computer and physical access to information and enterprise spaces.

Abstract: A rules evaluation engine that controls user's security access to enterprise resources that have policies created for them. This engine allows real time authorization process to be performed with dynamic enrichment of the rules if necessary. Logging, alarm and administrative processes for granting or denying access to the user are also realized. The access encompasses computer and physical access to information and enterprise spaces.

Abstract: A biometric security method and apparatus for a capacitive sensor system is provided herein, where the method may include capturing a set of raw capacitive frames for a body part via the capacitive sensor system, wherein each raw capacitive frame includes a distribution of a plurality of capacitance levels measured from the body part; creating a capacitive profile based on the set of raw capacitive frames; comparing a first value in the capacitive profile to a second value in a biometric template generated from an enrolled body part, wherein the first value and the second value are located at a similar location with respect to the capacitive profile; and, generating an authentication signal based on a difference between the first value and the second value.

Abstract: A method of updating an authentication credential may include, by a client device, receiving an authentication credential from a user, generating an access key using the authentication credential, determining whether the access key decrypts a storage key that encrypts at least a portion of a computer-readable storage medium of the client device, and in response to determining that access key does not decrypt the storage key, sending a request to an authentication server. The request may include the authentication credential. The method may include receiving, from the authentication server, a recovery key, and generating an updated storage key using the decryption key.

Abstract: A validity determination method includes having a receiving apparatus of electronic data identify a public key corresponding to an electronic signature attached to the received electronic data among one or more public keys having respective valid terms, send a resend-request of the electronic data if the identified public key is not valid, and determine validity of the electronic data based on whether the electronic data is resent in response to the resend-request; and having a sending apparatus of the electronic data resend the electronic data to the receiving apparatus in response to receiving the resend-request if the sending apparatus has sent the electronic data relevant to the resend-request in a past.

Abstract: A method and device perform program identification based on machine learning. The method includes: analyzing an inputted unknown program, and extracting a feature of the unknown program; coarsely classifying the unknown program according to the extracted feature; judging by inputting the unknown program into a corresponding decision-making machine generated by training according to a result of the coarse classification; and outputting an identification result of the unknown program. The identification result is a malicious program or a non-malicious program. The method can save a lot of manpower and improve the identification efficiency for a malicious program by using the decision-making machine.

Abstract: A system for secure delegated authentication for applications may include one or more processors and a memory. The one or more processors perform operations including receiving a request from an application to retrieve a user authorization associated with a service provider. The operations also include authenticating the application in response to the request, the application being assigned a first identifier to associate the request with the application. The operations also include communicating the request to the service provider upon the application being authenticated. The operations also include receiving a response from the service provider, the response identifying a particular application associated with the service provider. The operations also include comparing the first identifier with at least a portion of the response to determine a match. The operations further include forwarding the received response to the application if a match is determined.

Abstract: Apparatus and methods for storing and controlling access control clients. In one embodiment, transmitting and receiving devices ensure that only one copy of an eSIM is active at any time. Specifically, each transferred eSIM is encrypted for the destination device; the eSIM from the source device is deleted, deactivated, or otherwise rendered unusable. Various aspects of network infrastructure are also described, including electronic Universal Integrated Circuit Card (eUICC) appliances, and mobile devices. Various scenarios for transfer of eSIMs are also disclosed.

Abstract: A system and method for providing access to an object over a network may comprise hosting an object on a distributed data processing system accessible over the network, the object contained within a cell; generating, by a cell access provider, a unique and random address for the cell containing the object, utilizing an address resolution module and providing, by the cell access provider, the unique and random address to a computing device of a unique consumer; and upon receipt of the unique and random address from the unique user, matching the unique and random address with the cell to facilitate access by the unique user to the object. The object may comprise a virtual object acting as a cell for facilitating access to one or more additional objects. The virtual object cell may contain one or more unique and random addresses facilitating access to one or more additional objects.

Abstract: A computer-implemented system and method for secure electronic message exchange including coupling a control platform to a workstation of a plurality of workstations via a communications medium, where the control platform includes one or more apparatuses for monitoring, controlling, conversion, and billing, related to messages exchanged between a plurality of local users and a plurality of remote users. The system prevents forwarding or copying of a message sent by a local user of the plurality of local users and received by a remote user of the plurality of remote users, to another party by the control platform. The system and method also provides for authenticating the remote user with the control platform.

Abstract: A data communication device that can communicate with an external device includes a scanner, a log-in processing unit, a sending unit, and a log-out processing unit. The scanner inputs image data. The log-in processing unit enables a user to log in to the data communication device. The user who logs in to the data communication device can submit an instruction to send image data input by the scanner to the external device. The sending unit sends the image data input by the scanner to the external device. The log-out processing unit enables the user to log out of the data communication device even if sending of the image data is not completed. Even if the user logs out of the data communication device after the user has submitted the instruction and before sending of the image data is completed, the sending unit continues the sending of the image data.

Abstract: An apparatus verifies whether a setting value is set correctly according to a security policy, and controls a screen to shift to a screen indicating a correction method if there is any incorrect setting. The apparatus includes an obtaining unit configured to obtain a security policy. Each function of the multifunction peripheral device in accordance with the security policy is verified by a verification unit. In a case where the function does not corresponding to the security policy is found as a result of verification by the verification unit, a display control unit is configured to display a security policy solution screen including a link to a change screen for changing a setting of the function.

Abstract: According to one embodiment, in response to receiving a plurality of uniform resource locator (URL) links for malicious determination, any known URL links are removed from the URL links based on a list of known link signatures. For each of remaining URL links that are unknown, a link analysis is performed on the URL link based on link heuristics to determine whether the URL link is suspicious. For each of the suspicious URL links, a dynamic analysis is performed on a resource of the suspicious URL link. It is classified whether the suspicious URL link is a malicious link based on a behavior of the resource during the dynamic analysis.

Abstract: An appliance communicates via a communication network via various communication services available for transmitting data via the communication network. The appliance can detect an anomaly in a communication that is established with the appliance via one of the communication services, and implement a defense communication mode. In the defense communication mode, the communications to be established with the appliance via a communication service for which a detection has occurred are inhibited, while the communications to be established via another communication service are allowed.

Abstract: The invention enables digital music content to be downloaded to and used on a portable wireless computing device. An application running on the wireless device has been automatically adapted to parameters associated with the wireless device without end-user input (e.g. the application has been configured in dependence on the device OS and firmware, related bugs, screen size, pixel number, security models, connection handling, memory etc. This application enables an end-user to browse and search music content on a remote server using a wireless network; to download music content from that remote server using the wireless network and to playback and manage that downloaded music content. The application also includes a digital rights management system that enables unlimited legal downloads of different music tracks to the device and also enables any of those tracks stored on the device to be played so long as a subscription service has not terminated.

Abstract: The disclosed embodiments provide a system that facilitates authenticating cloud services that execute in an untrusted cloud computing environment. During operation, a verifying party receives a request for a credential from a compute instance that is executing in the untrusted cloud computing environment. This request includes one or more metadata parameters that are associated with the compute instance. The verifying party queries a management interface for the untrusted cloud computing environment to retrieve a second set of metadata parameters for the compute instance, and then compares the two sets of parameters. If the values for the two sets of parameters match, the verifying party grants the credential to the requesting compute instance. Otherwise, the verifying party denies the request.