Abstract: One or more techniques and/or systems are provided for dynamically maintaining user centric data. For example, a data provider app may have knowledge about user centric data associated with a user (e.g., a social network app may have contact information for a social network friend of the user). A user centric profile may be defined for the user centric data based upon information provided by the data provider app (e.g., a contact card may be generated for the social network friend). Responsive to receiving a request for the user centric profile from a requestor app (e.g., an event planning app), the user centric profile may be exposed to the user but not to the requestor app for security and/or privacy purposes. For example, an operating system may present at least some of the user centric profile within an operating system user interface.

Abstract: Systems and methods that efficiently combine multiple wireless networks or devices resulting in faster, more reliable, and more secure mobile Internet. A Virtual Private Network (VPN) service application is operated to route outgoing and incoming data packets of a mobile device. The mobile device is (i) either coupled to a remote server through the VPN service application for data packets transfer between the remote server and the mobile device or (ii) performs cross-layer translation for data packets transfer between the mobile device and direct target hosts on the Internet. Concurrently using multiple channels secures data packets transfer by sending encrypted data packets over multiple channels and receiving the encrypted data packets by a single apparatus. Data packets are designated to be transferred via a Wi-Fi channel or a cellular channel, and then transferred using both the Wi-Fi channel and the cellular channel.

Abstract: According to one embodiment, an electronic device includes a content transmitter. The content transmitter is configured to output a content item including first data and second data to one transmission path, by applying a first copyright protection system to copyright protection of the first data and applying a second copyright protection system to copyright protection of the second data. The first copyright protection system involves encryption of data to be copyright-protected. The second copyright protection system involves no encryption of data to be copyright-protected.

Abstract: A system and machine-implemented method of wireless network access are provided. An authentication request comprising credentials for a user account of a cloud-based service is received from a wireless client device. The authentication request is forwarded to a server associated with the cloud-based service for authentication of the user account credentials. A list of one or more network identifiers corresponding to networks for which access by the user account of the cloud-based service is authorized is received from the server. The received list of one or more network identifiers is sent to the wireless client device, wherein the received list of one or more network identifiers is sent to the wireless client device prior to the wireless client device being associated with the wireless local area network.

Abstract: Provided herein are systems and methods for behavior profiling of targets to determine malware presence. The method includes, in various embodiments, applying a domain specific language to a target, observing a set of temporal sequences and events of the target; determining presence of markers within the set of temporal sequences and events indicative of malware, and identifying the target as being associated with malware based on the markers. In some embodiments, a malware detection system is provided for creating a behavioral sandbox environment where a target is inspected for malware. The behavioral sandbox environment can include forensic collectors. Each of the collectors may be configured to apply a domain specific language to a target; observe a set of temporal sequences and events of the target; determine presence of markers within the set of temporal sequences and events indicative of malware; and detect malware presence based on the markers.

Abstract: A system and method for authenticating a candidate user accessing a host computing device as an authentic user is provided. The host computing device is in communication with an authenticating computing device. The method includes receiving, by the authenticating computing device, a request to authenticate the candidate user as an authentic user. The authentication request includes a user identifier. The method also includes retrieving, by the authenticating computing device, transaction data including payment transactions performed by the authentic user based on the user identifier. The method also includes generating, by the authenticating computing device, a challenge question and a correct answer based on the transaction data associated with the authentic user, and transmitting the challenge question for display on a candidate user computing device used by the candidate user.

Abstract: Computing devices are disclosed that include functionality for providing a trustworthy indication of software integrity. The computing devices include a hardware trust evaluation device capable of determining the trustworthiness of computer programs executing on the devices. At least one trust indicator is also connected to the hardware trust evaluation device for providing an external indication of the trustworthiness of a computer program. Additional security information regarding the trustworthiness of the computer program may be displayed on the primary display device of the computing device. The display of the security information is triggered by a user of the computing device submitting a request through a secure mechanism, where the request is unobservable and inaccessible to programs executing on the computing device. Additional secure mechanisms, such as a unique user interface for displaying the security information, can be utilized to ensure the authenticity of the displayed security information.

Abstract: A security policy management solution (such as a Data Loss Prevention (DLP) system) is augmented to enable a user to model and visualize how changes in a security policy may impact (positively or negatively) the effectiveness of a policy configuration as well as the risk associated with its deployment. This technique enables a user (e.g., a security policy administrator) to evolve enterprise information technology (IT) security policies and, in particular, to generate and display “what-if” scenarios by which the user can determine trade-offs between, on the one hand, the effectiveness of a proposed change to a policy, and on the other hand, the risk associated with the proposed change.

Abstract: A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion.

Abstract: Methods and apparatus for arranging event opportunities are disclosed. For example, the method detects the event opportunity that matches user profiles of at least two users who are unassociated with one another, verifies a safety parameter for one of the at least two users, wherein the safety parameter is defined by the one of the at least two users, and if the safety parameter is satisfied, sending an invitation to the event opportunity to each of the at least two users.

Abstract: A client device stores a user-specified privacy setting regulating communication of information associated with audio data captured by the client device to an external entity. When the client device captures audio data, the client device determines whether the user-specified privacy setting authorizes communication of data associated with the captured audio data to an external entity. The privacy setting may identify specific external entities to which data may be communicated, specify characteristics of captured audio data authorized to be transmitted, or generally specify whether communication of data associated with captured audio data is authorized or prevented.

Abstract: The present invention relates to the field of the connection to a secure remote service from a terminal and notably of the establishment of a connection between the secure remote service and a security device connected to the terminal. A security device including a security element is connected to the terminal via a physical or virtual local network. When trying to access a secure remote service, a software module is automatically downloaded onto the terminal, without requiring particular rights, from the secure remote service for the discovery and the interaction with the security device. In this way, it is not necessary to install drivers or other specific software in order to enable the use of the secure element when trying to access a secure remote service.

Abstract: An information distribution apparatus includes an acquiring unit that acquires individual identification information, product identification information, and user identification information. The information distribution apparatus includes a storing unit that stores the authentication information and the user identification information in an associated manner in a predetermined storing device. The information distribution apparatus includes a deciding unit that decides, whether the received authentication information and the received user identification information are stored in an associated manner in the predetermined storing device.

Abstract: A system and method are provided for use with a mobile device. The system is configurable to detect unauthorized access to onboard sensors or information developed by the sensors or configured by the user. Upon detection, access may be denied or limited according to pre-set rules or user intervention. The rules may consider prior access attempts, time-of-day or current location in the denial or limitation of access. Access limitation can include limiting access to only dithered data or spoofed data in accordance to the rules or user instructions.

Abstract: A method and apparatus are disclosed for performing secure remote subscription management. Secure remote subscription management may include providing the Wireless Transmit/Receive Unit (WTRU) with a connectivity identifier, such as a Provisional Connectivity Identifier (PCID), which may be used to establish an initial network connection to an Initial Connectivity Operator (ICO) for initial secure remote registration, provisioning, and activation. A connection to the ICO may be used to remotely provision the WTRU with credentials associated with the Selected Home Operator (SHO). A credential, such as a cryptographic keyset, which may be included in the Trusted Physical Unit (TPU), may be allocated to the SHO and may be activated. The WTRU may establish a network connection to the SHO and may receive services using the remotely managed credentials. Secure remote subscription management may be repeated to associate the WTRU with another SHO.

Abstract: A computing device has a processor and a first memory, e.g., a fuse-based memory, storing a first cryptographic key. The processor is configured to receive information related to a second cryptographic key from a cryptographic key provisioning system. The processor derives the second cryptographic key from the information related to a second cryptographic key. The first cryptographic key has fewer bits than the second cryptographic key. The processor is also configured to encrypt the second cryptographic key using the first cryptographic key, and store the encrypted second cryptographic key in a second memory, e.g., a flash memory.

Abstract: For secure handwriting input for password fields, an apparatus for using a tone indicator to identify language in text recognition is disclosed. The apparatus may include a processor, a handwriting input unit operatively coupled to the processor, a display operatively coupled to the processor, a handwriting element module that identifies a handwriting element from handwriting input, an input replication module that controls the display to present the handwriting element, and a privacy module that controls the display to obscure the handwriting element in response to a predetermined trigger event. Obscuring the handwriting element may include removing the handwriting element, rendering transparent the handwriting element, replacing the handwriting element and an area surrounding the handwriting element with a colored area, and/or replacing the handwriting element with an anonymizing symbol. A method and computer program product also perform the functions of the apparatus.

Abstract: A dead drop at a node in a dead drop domain exchanges data between a sender and a recipient. The recipient provides the sender with a dead drop identifier (DDID) referencing the dead drop. The sender sends the dead drop domain a write request including the DDID. Nodes within the domain forward the request to other nodes until the write request reaches the node containing the dead drop identified by the DDID. The node receives data from the sender and stores the data in the identified dead drop. The recipient sends the dead drop domain a read request including the DDID and nodes within the domain forward the request to other nodes until the read request reaches the node containing the dead drop identified by the DDID. The node retrieves the data from the dead drop and provides the data to the recipient.

Abstract: A computer-implemented method includes producing medical information that characterizes a group of individuals from a set of private data representing pre or post-encounter characteristics of the individuals, wherein the individuals have had encounters with a healthcare facility. The identity of the individuals is unattainable from the produced medical information. The method also includes providing the produced medical information to report the pre or post-encounter characteristics of the group.

Abstract: Disclosed are various embodiments for management functions relating to security credentials. Account data, which includes multiple security credentials for multiple network sites for a user, is stored in an encrypted form. A request to temporarily change the account data is obtained from a client. The request specifies a master security credential for accessing the account data. In response to the request, the multiple security credentials for the account data are changed to a single temporary security credential, as specified by a user. After an expiration period expires, the multiple security credentials are automatically reset to a plurality of different security credentials.