Abstract: A distributed system in which time-dependent credentials are supplied by controllers that operate according to different local times. Errors that might arise from the controllers generating inconsistent credentials because of time skew are avoided by identifying credentials generated during transition intervals in which different ones of the controllers may generate different credentials at the same absolute time. During a transition interval, controllers and other devices may use credentials differentially based on the nature of the authentication function. Each controller may periodically renew its credentials based on self-scheduled renewals or based on requests from other devices, such that renewal times are offset by random delays to avoid excessive network traffic. Controllers may determine which credential is valid for any given time, based on a cryptographically secure key associated with that time and information identifying the entity that is associated with that credential.

Abstract: The invention relates to a subscriber data entity, method and a computer program product for defining a first record including a wildcarded public user identity covering plurality of public user identities of users, defining a second record including a public user identity of a user, wherein the public user identity belongs to the plurality of public user identities which the wildcarded public user identity covers and assigning the first record and the second record to the same registration set, wherein the registration set includes public user identities to be registered together.

Abstract: Systems, methods, and computer-readable media for managing application events are provided. In embodiments, a notifier is received that indicates a usage of an application installed on a user device and a date associated with the usage. A verification notifier is also received that verifies that the user device is registered in association with the application and indicates a date associated with the verification. The date associated with the usage and the date associated with the verification are compared to determine whether the dates occur within a predetermined time period relative to one another. In such a case, it might be determined that a provider of the application installed on the user device should be rewarded.

Abstract: According to one embodiment, a video receiving apparatus includes: a receiving module for receiving identifiers of respective video transmitting apparatus and key information to be used for permitting a wireless communication with the video receiving apparatus; a connecting module for establishing a wireless connection with each video transmitting apparatus; a registering module for registering all or part of the one or more video transmitting apparatus; a first display control module for displaying identification information of the one or more video transmitting apparatus, selection images, registration information indicating whether or not the one or more video transmitting apparatus are registered, and connection information indicating whether or not wireless connections are established on a display screen; a video receiving module for receiving video from the specified video transmitting apparatus using the established wireless connection; and a second display control module for displaying the received vi

Abstract: A platform of Trust Management software which is a single, customizable, complete distributed computing security solution designed to be integrated into an enterprise computing environment. Digital Network Authentication (DNA) is the centerpiece of the system of the present invention. It is a unique means to authenticate the identity of a communicating party and authorize its activity. The whole mechanism can be thought of as a trusted third party providing assurances to both clients and servers that each communicating entity is a discrete, authenticated entity with clearly defined privileges and supporting data. Furthermore, the level of trust to be placed in the authorization of every entity communicating within the system is communicated to every entity within a distributed computing environment.

Abstract: Visualization agnostic selection linked portlets provide a tree from a parent to one or more children that present each portlet with its own visualization and data synchronized with a root portlet based upon related filters. Each portlet uses its visualization to display a data set derived by applying its filter in conjunction with the filters of its ancestors. Each portlet then presents data that is at most the same size as its root in a visualization adapted to the child's type and quantity of data.

Abstract: Media content is provided using metric-apportioning. In accordance with one or more embodiments, remote-user interface circuits are authenticated and remote access is provided to different sets of media content via the interface. For each authenticated interface and a time-based period during which the interface accesses the media content, time-stamped usage data that characterizes use of the media content at the interface is communicated therewith. A usage metric characterizing usage of the media content is apportioned based upon the time-stamped usage data and stored weighting factor data for the media content.

Abstract: An environment is described which enables the generation, analysis, and use of secure browser extensions. Each browser extension includes an extension body and a policy expressed in a logic-based specification language. The policy specifies the access control and dataflow privileges associated with the extension body in a fine-grained manner by leveraging the structure and content of resources that are accessible to the browser extension. A suite of analysis tools for testing the safety of the browser extension includes a visualization module identifies features of a resource that are accessible to the policy. A static analysis module uses a static analysis technique to determine whether the extension body satisfies the policy. The environment also includes a conversion module for converting the browser extension, once deemed safe, into a form for use by a particular type of browser. The browser can execute that extension without performing runtime safety checks.

Abstract: A system and method transfers information relating to quality or standards of an organization from a server to a wireless handheld computing device and from the wireless handheld computing device to the server in real-time or near real-time. Each member of an organization can have the same policies and procedures as soon as any of the policies and procedures are updated. The inventive system can allow an organization to also measure compliance and conformance with the distributed policies and procedures. With the handheld computing devices, each member of an organization can complete tests that are closely tied to the distributed policies and procedures. The results of these tests can be transmitted in real-time or near real-time from the handheld computing devices to a central computer server so that an organization can track current performance of all its members relative to the policies and procedures and relative to each other.

Abstract: Pluggable network security modules provide a collaborative response across plural networks by allowing modules associated with detection and neutralization of a network security threat to plug into a network security platform of other networks. Plugging the security modules in provides an automated insertion of detection and neutralization tools into the network security platform to respond to potential threats based upon proven successful responses at other networks.

Abstract: Disclosed are various embodiments for identifying a table of non-decoy data matching a set of criteria. Decoy data is inserted into the table of non-decoy data. The decoy data is detected in a result comprising the decoy data, the result generated in response to an access of the data store. An alarm is generated based at least upon the result.

Abstract: A physical, non-human readable representation of a digital key may be in a physical key article. The key article may enable a person to generate a signal representing the digital key from a user interface device in communication with a computer by physical manipulation of the key article. Access to digital content via the computer may be unlocked in response to receiving the signal. In addition, a key may be represented by a pattern of unreadable errors in a computer-readable medium.

Abstract: A method and system for providing secure access to a remote file is disclosed. According to one embodiment, a portable memory device containing a secure desktop is provided to a user. The user has a user device that removably accepts the portable memory device. The user is allowed to securely access a dedicated storage of the cloud storage system that is created at a request from an administrator. The secure desktop runs independently from a user desktop of the user device. The user's access to a local storage of the user device is blocked while the secure desktop is running.

Abstract: Scaling and highly available clustering for large scale real-time applications is provided. A ring may be formed which includes multiple nodes for providing a set of services in a system. When a network partition is detected which affects communications between each of the nodes in the ring, the formation of additional rings is prevented by shutting down nodes which include a minority of voting nodes in the ring while maintaining the availability of the nodes which include a majority of the voting nodes to continue providing the set of services in the system.

Abstract: Technologies are generally described for a remote displaying scheme configured to transmit display data stored in a source device to a target device for displaying the display data on the screen of the target device. In some examples, a method performed under control of a source device may include broadcasting to one or more target devices request information that comprises a request for displaying display data, obtaining permission information generated by a target device of the one or more target devices, the permission information based, at least in part, on the request information, transmitting to the target device an acknowledgement that a communication channel between the source device and the target device is established, the acknowledgement based, at least in part, on the permission information and transmitting to the target device the display data based, at least in part, on the permission information.

Abstract: A storage device contains a smart-card device and a memory device, which is connected to a controller. The storage device may be used in the same manner as a conventional smart-card device, or it may be used to store a relatively large amount of data. The memory device may also be used to store data or instructions for use by the smart-card device. The controller includes a security engine that uses critical security parameters stored in, and received from, the smart-card device. The critical security parameters may be sent to the controller in a manner that protects them from being discovered. The critical security parameters may be encryption and/or decryption keys that may encrypt data written to the memory device and/or decrypt data read from the memory device, respectively. Data and instructions used by the smart-card device may therefore stored in the memory device in encrypted form.

Abstract: Systems and methods disclosed allow a permitting party to share personal information with a receiving party. The receiving party may use the information to authenticate the permitting party, assess the permitting party, determine if the permitting party is compatible with one or more other users associated with the receiving party, or validate the permitting party. The permitting party may define how much of the permitting party's personal information is shared, and/or limit the use of the information for one or more specific purposes. A requesting party may also set up criteria for the types of information it wants to review along with the intended use of the information. The systems and methods disclosed also enables permitting parties the ability to grant requesting parties access to requested information.

Abstract: Completely automated tests that exploit capabilities of human vision to tell humans apart from automated entities are disclosed herein. Persistence of vision and simultaneous contrasts are some of the properties of human vision that can be used in these tests. A video of an image is generated in colors that are distinguishable to the human eye but are not easily distinguished numerically. The image includes text manipulated such that positive image data and negative whitespace data occur at equal rates along with a noise component included in each of the video frames. Thus, raw data is made ambiguous while qualities of human visual interpretation are relied upon for extracting relevant meaning from the video.

Abstract: Terminal certification means of a communication terminal manages a content and certification information on the content in association with each other. Upon access to a server associated with the execution of the content, request means sends the server a request including certification information associated with the content. In response to the request from the communication terminal, the server uses server certification means to certify the request. Access control means performs access control based on policy information stored in policy information storage means.

Abstract: A material set, such as an asymmetric keypair, is processed using an associated workflow to prepare the material set for activation and/or use. In one embodiment, a material set is generated and information about the material set is communicated to a workflow manager. Based at least on the information, the workflow manager generates a workflow that when accomplished will allow the material set to be activated and/or used. In another embodiment, a service provider provides a key manager, workflow manager and destination for the key, such as a load balancer that terminates SSL connections. A key can be generated by the key manager, sent through the workflow manager for processing (potentially communicated to third parties such as a certificate authority, if needed) and installed at a destination.