Abstract: Methods and apparatus are disclosed for facilitating online storage of files (e.g., audio tracks, video, etc.) for playback/access or sale/exchange by the owners of the files without violating copyrights that copyright holders have in the files. For example, by providing a playback service that does not store additional versions of an audio file when the file is transmitted to, and immediately played on, a user device without buffering, the present invention avoids violating copyright laws by not making copies of the file. Numerous other aspects are disclosed.

Abstract: A secure and fault-tolerant, or variation-tolerant, method and system to turn a set of N shares into an identifier even when only M shares from this set have a correct value. A secret sharing algorithm is used to generate a number of candidate identifiers from subsets of shares associated with asset parameters of a collection of assets. The most frequently occurring candidate identifier is then determined to be the final identifier. The method has particular applicability in the fields of node locking and fingerprinting.

Abstract: Embodiments of the present disclosure relate to a method for determining a path computation element and a communications device, where location information and transmission capability information of a PCE are carried in a route advertisement message and are advertised to a PCC, so that the PCC can select, according to the transmission capability information of the PCE in the route advertisement message, a PCE that meets a transmission capability of the PCC, to perform path computation; therefore, a problem that a transmission capability mismatch between the PCC and the PCE causes a failure in establishing a PCEP session is avoided.

Abstract: A wireless relay device for relaying encrypted data via a wireless network according to one aspect of the present invention includes a relay controller and an encryption processor. The relay controller is configured to relay a first data to a predetermined relay destination as a second data via the wireless network. The first data is transmitted to the wireless relay device via the wireless network and is addressed to the wireless relay device. The encryption processor is configured to decrypt the first data into a decrypted first data and to input the decrypted first data into the relay controller, and encrypt the second data to be relayed by the relay controller.

Abstract: One embodiment of the present invention provides a system for retrieving a content collection over a network. During operation, the system determines additional information associated with the piece of content that is needed for consumption of the content collection; generates a plurality of Interests, which includes at least one Interest for a catalog of the content collection and at least one Interest for the additional information; and forwards, concurrently, the plurality of Interests, thereby facilitating parallel retrieval of the content collection and the additional information.

Abstract: Disclosed are a security verification method, apparatus, and terminal. The method includes: acquiring a first verification code and prompting the first verification code, the content of the first verification code describing scenario information that is simple for a user to understand, and triggering the user to send a second verification code over a user terminal; receiving the second verification code, and acquiring an ID of the user terminal sending the second verification code; and obtaining a security verification result according to two verification results of the second verification code and the corresponding ID. A first verification code describing scenario information that is simple for a user to understand is displayed such that the user understands the scenario information corresponding to the first verification code and unauthorized users are prevented from stealing the verification codes using similar websites.

Abstract: A method, executed by a computer, for recording data includes splitting a file into sequential extents, reordering the sequential extents into non-sequential extents, writing the non-sequential extents to a storage medium, writing dummy data to the storage medium, and writing extent placement information corresponding to a placement for the non-sequential extents to the storage medium. A computer program product and computer system corresponding to the above method are also disclosed herein.

Abstract: Systems and methods for securing a computer system are described herein. The systems and methods, which are computer-implemented, involve receiving, by a computing device, a name of a software vulnerability. The computing device measures a lexical similarity distance between the vulnerability name and each name in a list of names of software systems and components of the computer system. The computing device further identifies the software system and component names that are within a predetermined similarity distance of the vulnerability name as corresponding to software systems and components having the software vulnerability. Once the vulnerabilities are detected and mapped to corresponding software systems and components, the systems and methods can generate derivative works (e.g., reports, charts, and other derivative data) for further data processing, storage or analysis by different stake holders and/or other computing devices.

Abstract: A client application performs certificate pinning as a means of authenticating the identity of a server. A proxy is interposed in the communications path of the client and the hosting server and provides a proxy security certificate to the client. In response to the client extracting a proxy authentication component from the proxy security certificate, operation of the client is paused and a hosting server authentication component is extracted from a hosting server security certificate. The client operation is resumed, providing the extracted hosting server authentication component to the client, in substitution for the proxy authentication component. Based on receiving the extracted hosting server authentication component, the client authenticates the proxy to receive communications directed to the hosting server.

Abstract: A client application performs certificate pinning as a means of authenticating the identity of a server. A proxy is interposed in the communications path of the client and the hosting server and provides a proxy security certificate to the client. In response to the client extracting a proxy authentication component from the proxy security certificate, operation of the client is paused and a hosting server authentication component is extracted from a hosting server security certificate. The client operation is resumed, providing the extracted hosting server authentication component to the client, in substitution for the proxy authentication component. Based on receiving the extracted hosting server authentication component, the client authenticates the proxy to receive communications directed to the hosting server.

Abstract: Facilitation of management and utilization of domain-specific anonymous customer references (ACRs) for protection of subscriber privacy across different domains is disclosed herein. In one aspect, on receiving user authorization, an ACR services (ACRS) component can generate an ACR that is to be inserted in a communication or message transmitted from a user equipment to an untrusted entity. The ACR can be generated based on address data associated with the untrusted entity and/or a unique subscriber identifier associated with the user equipment. As an example, the ACR creation component can generate the ACR based on a cryptographic hash, a static encryption key, and/or a dynamic encryption key. If the ACR is forwarded to a trusted entity, the trusted entity can calculate the unique subscriber identifier based on evaluating the ACR and/or exchange the ACR for the unique subscriber identifier via a secure communication with the ACRS component.

Abstract: A user device may access a remote conference management application and setup a conference customized for the user. For example, one method of operation may include transmitting a notification to a user device of an upcoming scheduled meeting time and receiving a confirmation that the scheduled meeting is a valid meeting time. The method may also include receiving at least one instruction from the user device regarding the meeting time, loading a data file sequence stored in a user account, and transmitting the data file sequence to a presentation management device.

Abstract: An image processing apparatus transmits, after reception of a login notification of an authenticated user, the login notification to an identified application, and then changes displaying of a screen of a display unit to displaying of an initial screen corresponding to the identified application. After the displaying of the display unit has been changed to the displaying of the initial screen, the image processing apparatus transmits the login notification to, among applications belonging to a first group, an application to which the login notification has not been transmitted, and applications belonging to a second group.

Abstract: One embodiment relates to a method of updating, by an electronic device of a first user of a tree of data files and/or folders of the first user stored in a storage server configured to implement a re-encryption mechanism, this tree comprising at least one target folder that the first user has authorized a second user to access by providing the storage server with a re-encryption key for this target folder from the first user to the second user.

Abstract: An access restriction device as well as an on-board communication system and a method for communication restriction, which prevent outside leakage of information caused by unauthorized access of malicious programs to an in-car network. The communication between the in-car network of the vehicle and an external device is performed by a security controller. The security controller can perform addition or update of a program involving processing for transmission and reception of the information. The security controller performs processing for restricting access to information of the in-car network performed by program execution according to an access authorization level of each program and an access permission level of each type of information. The security controller restricts the transmission depending on the access authorization level of each program and the access permission level of each type of information in case of transmitting the information to the in-car network by the program execution.

Abstract: A computer-implemented method for providing secure data management. The method includes obtaining data via a computing device, with the obtained data not being stored on non-volatile memory elements of the computing device. The method additionally includes encrypting the obtained data using a cryptographic key to generate encrypted data. Thereafter, the encrypted data is transmitted, via a communications network, to a server device for storage. The method additionally includes retrieving the encrypted data from the server. The method further includes decrypting the encrypted data to obtain decrypted data.

Abstract: Automatically generating audit logs is provided. Audit log statement insertion points are identified in components of an application based on a static code analysis identifying start and end operations on sensitive data in the components of the application. The application is instrumented with audit log statements at the audit log statement insertion points in the components of the application. Audit logs of monitored sensitive data activity events in the application are generated using the audit log statements at the audit log statement insertion points in the components of the application.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to execute an application in a system with an operating system, perform event tracing for the application, analyze each instruction pointer from the event tracing, and determine if an instruction pointer points to an orphan page of memory. The orphan page can be a region of code that is not associated with the application, a region of code that is unidentified, or unusual code that is not associated with the application. In addition, the event tracing can be an embedded application that is part of the operating system.

Abstract: Systems and methods for device-agnostic, multi-factor network authentication are disclosed. In some embodiments, a wireless network connection can authenticate a device over secure authentication means with a certificate that confirms a device identity. After authenticating the device, a user can be prompted to provide credentials in a captive portal. The captive portal can be inaccessible to devices that have not already authenticated using a certificate. After providing approved credentials to the captive portal, the user can access the network. This embodiment and additional embodiments are readily integrated into private wireless networks and others.

Abstract: Systems and methods for tiered connection pooling are disclosed herein, which may be used in a method of fulfilling user requests in an enterprise computing system. The method involving generating, by a processing unit, a first connection pool comprising one or more previously used authenticated connections with a resource; generating, by the processing unit, a second connection pool comprising one or more unused authenticated connections with the resource; and generating, by the processing unit, a third connection pool comprising one or more unauthenticated connections with the resource; receiving, by the processing unit, a request from the user device to access the resource, the resource requiring authentication for access; and fulfilling, by the processing unit, the request based on a connection from the first, second, or third connection pool.