Abstract: Systems and methods can support change management thresholds within human machine interfaces. An operation or feature may be introduced into a multi-user information system where a benefit is conveyed to specific benefited instances of events. A user indication associated with the specific benefited instances may be initially disabled. A quantity of the specific benefited instances may be calculated or counted. The calculated quantity may be compared to a threshold quantity. The user indication associated with the specific benefited instances may be enabled in response to the comparison indicating that the threshold has been exceeded. The user indication may be presented via a user interface mechanism associated with the multi-user information system. According to certain examples, sender authentication may be added to an email system such that instances of authentication are not displayed until a certain number or percentage of messages is being authenticated.

Abstract: A transmission apparatus and a transmission data protection method thereof are provided. The transmission apparatus stores a data table, a bloom filter, a first randomization array, a plurality of second randomization arrays and an identifier of each of the second randomization arrays. The bloom filter has a plurality of independent hash functions. The transmission apparatus generates a current original datum according to the data table; inputs the current original datum to the bloom filter as a current input datum of the bloom filter to output a current bloom datum; randomizes the current bloom datum according to the first randomization array to generate a current first randomized datum; randomizes the current first randomized datum according to one of the second randomization arrays to generate a current second randomized datum; and transmits a data signal carrying the current second randomized datum and an identification datum to another transmission apparatus.

Abstract: An API bridge is for transporting a local API request from a local client system to a target server system. The API bridge includes a local API bridge in communication with the local client system, and a remote API bridge in communication with the target server system. The local API bridge is configured to receive the local API request from the local client system and create a first message to be sent to the remote API bridge. The remote API bridge is configured to receive the first message created by the local API bridge and call the target server system with a target API request.

Abstract: A system, method, and computer program product are provided for preventing access to data associated with a data access attempt. In use, a data access attempt associated with a remote data sharing session is identified. Further, access to the data is prevented.

Abstract: In order to reduce latency of elliptical curve digital signature generation a portion of the digital signature is pre-calculated before receipt of the message hash using an unmodified ECDSA computing engine. After the message hash is received, the digital signature is completed without using the ECDSA computing engine. Applications include generating digital signatures for the safety messages in Intelligent Transport Systems.

Abstract: A system for automatic authentication of service requests includes authentication of a remote access device. This authentication may be accomplished automatically prior to text or audio communication between a customer and a service agent. In some embodiments, authentication is accomplished automatically by authentication of the remote access device or accomplished by asking the customer questions. A single authentication of the remote access device may be used to authenticate a service request transferred between service agents. The authentication of the remote device may include, for example, use of a personal identification number, a fingerprint, a photograph, and/or a hardware identifier. Some embodiments include an intelligent pipeline configured for managing queues of customer service requests.

Abstract: A method for a keyed cryptographic operation by a cryptographic system mapping an input message to an output message, including: receiving input data for the keyed cryptographic operation; calculating a first mask value based upon the input data; and applying the first mask value to a first intermediate value of the keyed cryptographic operation.

Abstract: In Elliptic Curve Cryptography (ECC), one performs a great number of modular multiplications. These are usually done by Montgomery Multiplication algorithm, which needs the operands to be preprocessed (namely, converted to the Montgomery Domain), which is normally done by an equivalent of a long division. We provide a method to perform this conversion by a single Montgomery multiplication on the raw data. The method is formulated for elliptic curve points represented in Jacobian coordinates but can be extended to other representations.

Abstract: Methods and systems described herein may perform a word-level encryption and a sentence-level encryption of one or more documents. The word-level encryption and the sentence-level encryption may be performed with an encryption key generated by a client device. A document indexer is stored in the one or more storage networks. The document indexer includes encrypted word frequencies and encrypted word position identifiers based on the encrypted words of the one or more encrypted documents. The client device receives search terms and encrypts the search terms with the encryption key. The one or more encrypted documents are identified in the one or more storage networks based on searching with the encrypted search terms and at least one of the encrypted word frequencies and/or the encrypted word position identifiers.

Abstract: Systems and methods for controlling access to a private partition on a storage device are disclosed for. An example system includes a token reader that detects a hardware token storing a private key and obtains the private key stored on the hardware token. The system also includes a partition controller that determines whether the private key unlocks a private partition on a storage device. In response to determining that the private key unlocks the private partition, the partition controller unlocks the private partition on the storage device. The private partition is invisible to an operating system executing in the computer system when the private partition is locked.

Abstract: A method, medium, and system encoding and/or decoding a moving picture. The moving picture encoding method may include selecting a prediction mode that is optimal for the macro blocks, which correspond to each other, of the color components of a current image based on the characteristics of a predetermined image, generating a predicted image for the current image according to the selected prediction mode, and encoding a moving picture using the predicted image. An optimal prediction mode can be adaptively applied to the macro blocks, which correspond to each other, of the color components, thereby increasing the moving picture's encoding and decoding efficiencies.

Abstract: A computer-implemented method of authenticating a user with a computing device is disclosed. The method involves displaying a grid of selectable visually-distinguishable graphical elements on a device display, receiving from a user of the device a drawn pattern across the selectable graphical elements, comparing the received drawn pattern to information representing a stored authentication pattern for the user, and unlocking access to functions on the device if the received drawn pattern substantially matches the stored authentication pattern.

Abstract: In a method for determining a threat situation for an automation component of the controller or field level, wherein the automation component has at least one essentially cyclic program behavior, a number of required program behaviors is established in a learning phase in a processor, and the determined required program behaviors are stored and compared cyclically with actual program behaviors, that are established in operation of the automation component. The result of the comparison is logically linked with results of other security components for verification as to whether a threat situation exists.

Abstract: A trusted threat-aware microvisor may be deployed as a module of a trusted computing base (TCB). The microvisor is illustratively configured to enforce a security policy of the TCB, which may be implemented as a security property of the microvisor. The microvisor may manifest (i.e., demonstrate) the security property in a manner that enforces the security policy. Trustedness denotes a predetermined level of confidence that the security property is demonstrated by the microvisor. The predetermined level of confidence is based on an assurance (i.e., grounds) that the microvisor demonstrates the security property. Trustedness of the microvisor may be verified by subjecting the TCB to enhanced verification analysis configured to ensure that the TCB conforms to an operational model with an appropriate level of confidence over an appropriate range of activity. The operational model may then be configured to analyze conformance of the microvisor to the security property.

Abstract: A uniform protocol can facilitate secure, authenticated communication between a controller device and an accessory device that is controlled by the controller. An accessory and a controller can establish a pairing, the existence of which can be verified at a later time and used to create a secure communication session. The accessory can provide an accessory definition record that defines the accessory as a collection of services, each service having one or more characteristics. Within a secure communication session, the controller can interrogate the characteristics to determine accessory state and/or modify the characteristics to instruct the accessory to change its state.

Abstract: A keyboard is disclosed. The keyboard may comprise a biometric sensor configured for authenticating a user; a docking station configured for receiving a security device; and a processor configured for facilitating communication between the biometric sensor and the security device docked in the docking station with a computing device coupled to the keyboard.

Abstract: Embodiments of the present technology relate to a system for providing intrusion detection for industrial control systems, comprising serial data links to communicate with serial-based networks, Ethernet interfaces to communicate with industrial and enterprise networks, a protocol recognition engine to break down an incoming data packet by protocol and integrate the data into an Ethernet framework, an industrial control system recognition application to detect intrusions, a traffic analytics application to analyze traffic activity for abnormal traffic activity, a logfile creation application to poll industrial equipment and create a logfile of equipment statuses, a long term system deviation analysis application to monitor raw data of the industrial equipment to create a profile of long term system activity, a rule set to allow data that matches the rule set and flag data that does not match the rule set, and an alerts engine to alert a system administrator of suspect activity.

Abstract: Various features pertain to embedded key generation and provisioning systems, such as systems installed within smartphones for generating public-key/private-key pairs for use in encryption/decryption and digital signature generation. In some examples, an embedded system is provided that generates two public-key/private-key pairs—one for encryption/decryption and the other for signing/verification—where the two public-key/private-key pairs share a common modulus but are otherwise distinct or uncorrelated. This allows the two key pairs to be generated more efficiently than if two entirely separate key pairs were generated and yet, at least in the context of embedded systems, satisfactory integrity and confidentiality is achieved.

Abstract: Various embodiments relate to a device for generating code which implements modular exponentiation, the device including: a memory used to store a lookup table; and a processor in communication with the memory, the processor configured to: receive information for a generated randomized addition chain; output code for implementing the modular exponentiation which loads elements from the lookup table including intermediate results which utilize the information for a generated randomized addition chain; and output code for implementing the modular exponentiation which uses the loaded elements to compute the next element.

Abstract: An approach for managing the privacy and disclosure of location information associated with a computer system. For one aspect, a request is received from a requestor for a location property associated with a location of a computer system. It is then determined whether a privacy preference associated with the requestor has been specified. If not, a user may be prompted to supply privacy preferences associated with the requestor. The privacy preferences are then applied to determine whether or not to provide the requested information. A user setting, such as a basic input-output system memory location setting, may also be implemented to enable and/or disable location-aware computing.