Abstract: A user device outputs an unlock code or sends a signal that automatically unlocks a locked container housing a deliverable product when the user device authenticates the container, thereby indicating that the container has been delivered to an intended recipient. The device is associated with a user profile and stores a private key that is inaccessible except by the device. When a product order becomes associated with the user profile, a public key that pairs with the private key is encoded on a storage medium of the container. When the container is brought into proximity with the device, if the device determines that the public key encoded on the storage medium corresponds to the private key stored on the device, the device displays or audibly outputs an unlock code or sends a wireless signal that automatically unlocks the container. The container can also include sensors for detecting theft or tampering.

Abstract: The present invention has the aim of providing a method of an activity information notification service in which a server can receive activity information from a user of a target terminal, depending on his or her privacy setting, and then transmit the received activity information to a selected receiving user, and in which any receiving user can transmit a notification request to a target user in order to receive desired activity information. According to an embodiment of the present invention, a method of an activity information notification service at a server, the method includes steps of receiving activity information from a target terminal; determining a receiving terminal to which the received activity information will be transmitted, depending on a privacy setting of the target terminal stored in a storage unit; and transmitting the activity information to the determined receiving terminal.

Abstract: The disclosed embodiments include a method of disarming malicious code in a computer system having a processor. The method comprises receiving, by the computer system, input content, and rendering, by the processor, any malicious code included in the input content inactive for its intended malicious purpose without applying a malware detection algorithm to the input content. The rendering is performed by automatically applying, using the processor, a data value alteration model to the input content for altering select data values within the input content, and outputting a new content reflecting the application of the data value alteration model to the input content. The processor renders any malicious code included in the input content inactive for its intended malicious purpose without regard to any structure used to encapsulate the input content. The input content includes media content.

Abstract: A software image associated with a first customer of a computing resource service provider and criteria for identifying an event is received, the software image comprising a set of layers. The set of layers is stored in a first data store to form a stored set of layers, the first data store being physically located in a first region. The set of layers is copied to a second data store to form a copied set of layers, the second data store being physically located in a second region different from the first region. The copied set of layers is launched as a container executing in an instance that is physically located in the second region, and, as a result of identifying an occurrence of the event, the container is caused to be unavailable to an entity associated with the instance.

Abstract: Data may be masked on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage that are processed by an internet browser. The system may intercept data, such as text, images, and video input at the data input fields, prior to the data being posted online. The publishing node may control which users are permitted access to the posted data by defining a policy associated with the data input field. The posted data may be transformed or tokenized to ensure that it is inaccessible to a user (or group of users) unless that user/group has access to the decoding key under the policy. In this way, data security and data control may be provided to a publishing user node. Data that has already been posted may be destroyed, for example, by deleting the decryption key or a token.

Abstract: Method for validating a trusted user of an electronic device, which electronic device comprises an input surface, e.g. on a key, dedicated for application of a user finger; a user input data sensor system, including a fingerprint sensor connected to the input surface for detecting user input fingerprint data, and a tremor sensor for detecting user input tremor data; data access to stored user input data corresponding to a trusted user; and a main processor system configured to match detected user input data with stored input data for validation of a trusted user. A triggering algorithm may run in a sub-sensor system, for sensing device handling and comparing sensed device handling with stored data. If the comparison reveals that user input is likely to occur based on the, a command is sent to the main processing system to trigger activation of tremor sensing and matching.

Abstract: Systems and methods may be provided for masking data on public networks. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider's website. A policy may be defined to control which users are permitted access to a key to decode the encoded content. The policy may defer to a third party policy node in determining key access. An account for a controlling entity, such as a guardian or employer, may be configured to control the encoding status of posts made by another. The controlling entity may control who has key access to decode posts made by the other account. The guardian account may be configured to have preemptive rights over posting decisions made by the minor.

Abstract: Processing backup data based on file system authentication is described. A system request authentication information from an application in response to a receipt of a request from the application to process backup data. The system receives encrypted authentication information associated with an authentication system corresponding to a file system. The system requests a permission level from the authentication system based on the encrypted authentication information. The system receives the permission level from the authentication system. The system determines whether the permission level permits the request from the application to process the backup data. The system processes the backup data for the application in response to a determination that the permission level permits the request from the application to process the backup data.

Abstract: Systems and methods provide for data management and governance to enforce proper usage of data. Data is tagged with data governance metadata dictating usage of the data. Standard types of data governance metadata are set forth with each type having predefined options such that applications can share data and understand the associated data governance metadata. For a given data, one or more options are selected for each type of data governance metadata and tagged to the data to control usage of the data.

Abstract: A computer-implemented method includes producing medical information that characterizes a group of individuals from a set of private data representing pre or post-encounter characteristics of the individuals, wherein the individuals have had encounters with a healthcare facility. The identity of the individuals is unattainable from the produced medical information. The method also includes providing the produced medical information to report the pre or post-encounter characteristics of the group.

Abstract: Systems and methods are disclosed for distributing images corresponding to communication endpoints. A system includes one or more servers configured to determine whether image privacy settings corresponding to images of communication endpoints permit the images to be transmitted to others of the communication endpoints for display with contacts lists of the others of the communication endpoints. A method includes transmitting the data corresponding to the images to the others of the communication endpoints as permitted by the image privacy settings. A communication endpoint is configured to present a contacts list displaying the images corresponding to communication endpoints listed in the contacts list to a user, if permitted by the corresponding image privacy settings.

Abstract: Example methods and systems directed to an Alert Manager are described. According to various embodiments, the Alert Manager detects receipt of a message. The message includes a selectable functionality for accessing an external resource and message data indicative of a source of the message. The Alert Manager predicts when a recipient of the message will interact with the selectable functionality. Prior to the recipient's predicted interaction with the selectable functionality, the Alert Manager generates a message alert feature based on a degree of a difference between the external resource and the source of the message.

Abstract: In an example embodiment, invisible two factor authentication is performed by receiving, at a first machine, a registration request from a second machine, with the registration request encrypted using a common hash key. Then, in response to the receiving of the registration request, a server key is generated that is unique to the first machine and to the second machine. The registration request is responded to with the server key encrypted using the common hash key. Encrypted data is then received from the client machine, and this encrypted data is decrypted using the server key. In another example embodiment, in response to a determination that a data source has changed, incremental dynamic data processing is performed by identifying dynamic data relevant to records in the data source marked for distribution and, based on the existence of a state for each piece of dynamic data, marking the dynamic data for distribution.

Abstract: A service receives from a sender service a digital message and a corresponding trace, which includes an ordered set of digital signatures of one or more services that participated in causing the service to receive the digital message. The trace may further specify an ordering of the one or more services, which may be generated according to the order of participation of these one or more services. The service may compare the received trace to recorded message paths to determine whether the ordering specified within the trace is valid. If the ordering is valid, the service may use one or more digital certificates to further verify the digital signatures included within the trace. If the service determines that these digital signatures are also valid, the service may process the message.

Abstract: The subject matter herein is directed to a digital data locker that acts as an intermediary between end users operating end user device and document providers. The data locker provides the end user with a secure and easy way to manage, store, and retrieve data that is stored at the document providers. Specifically, the features provided by the data locker include, but are not limited to, a dual level of encryption for data, content assurance to determine whether the data is corrupted, and dissociation between an identity of an end user and the data of the end user stored at the document providers. More specifically, an end user device operated by the end user, through use of a single application, may access the data locker to securely store and retrieve data on/from the document providers.

Abstract: Techniques for application code obfuscation are disclosed. In one embodiment, the techniques may be realized as a method including receiving application code and testing data associated with the application; automatically generating obfuscated application code from the received application code; automatically testing the obfuscated application code by running the obfuscated application code and inputting at least the recorded inputs from the testing data while recording associated outputs; in response to determining that the associated outputs from automatically testing the obfuscation code do not match the testing data outputs, modifying the obfuscated application code and automatically testing the modified obfuscated application code against the testing data; and, in response to determining that outputs from automatically testing the modified obfuscated application code match the testing data outputs, transmitting the modified obfuscated application code as a successful obfuscation of the application.

Abstract: Systems and methods may be provided for masking data on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider's website. A privacy agent may process input field content to try to detect encoding markers in the input field content, which define portions of the content that are to be encoded. A third party key server may be used to store decoding keys. A URI reference to the decoding key may be used to access the decoding key by a node attempting to view the decoded version of the input field content.

Abstract: An authentication system and device including physical unclonable function (PUF) and threshold cryptography comprising: a PUF device having a PUF input and a PUF output and constructed to generate, in response to the input of a challenge, an output value characteristic to the PUF and the challenge; and a processor having a processor input that is connected to the PUF output, and having a processor output connected to the PUF input, the processor configured to: control the issuance of challenges to the PUF input via the processor output, receive output from the PUF output, combine multiple received PUF output values each corresponding to a share of a private key or secret, and perform threshold cryptographic operations. The system and device may be configured so that shares are refreshable, and may be configured to perform staggered share refreshing.

Abstract: Various embodiments are disclosed that relate to security of a computer accessory device. For example, one non-limiting embodiment provides a host computing device configured to conduct an initial portion of a mutual authentication session with an accessory device, and send information regarding the host computing device and the accessory device to a remote pairing service via a computer network. The host computing device is further configured to, in response, receive a pairing certificate from the remote pairing service, the pairing certificate being encrypted via a private key of the remote pairing service, and complete the mutual authentication with the accessory device using the pairing certificate from the remote pairing service.

Abstract: System and techniques for cyber-physical system defense are described herein. Sensor disagreements between a plurality of sensors over time can be sampled. Cluster analysis on the sampled sensor disagreements can be performed. A deviation indication can be provided in response to the cluster analysis resulting in disagreement density beyond a threshold.