Abstract: Disclosed herein are embodiments of systems, methods, and products comprises a server, which receives a request from a user's electronic client device. The server determines the authentication level of the request. If the authentication level satisfies a threshold, the server may route the request to a call center computing system; otherwise, the server authenticates the user based on the authentication level. Specifically, the server presents one or more security challenges corresponding to the authentication level and authorizes the user if the user correctly answers the security challenges. The server may receive a second request from the same user who has been authorized for the first authentication level. If the authentication level of the second request is higher, the server may present more security challenges on the second level; if the authentication level is lower, the server directly allows the access of the requested services.

Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include associating a token with a computing device, defining preferences for the computing device, and conveying, by the computing device, the token and the preferences to an event processing system. Upon the event processing system, an event message from a computing system via a one-way firewall and matching the computing device preferences to the event message, the event processing system can convey the token and the event message to a push notification system. In some embodiments, upon the push notification service receiving the token and the event message, the mobile device can be identified based on the token, and the event message can be conveyed to the computing device. The event messages may include a severity level, and the preferences may include a severity threshold and a message detail level.

Abstract: A system that allows a contractor to remotely monitor and/or interact with its customers' building control systems, such as heating, ventilating and air conditioning (HVAC) systems, and analyze information obtained from the building control systems over time. Such a system may help the contractor monitor and diagnosis customer building control systems, setup service calls, achieve better customer relations, create more effective marketing opportunities, as well as other functions. In some cases, the disclosed system may be configured to allow a user to grant or deny access to its HVAC system in response to the user receiving an electronic invitation to the system. The granting of access by a user to its HVAC system may allow for remote monitoring of the HVAC system.

Abstract: A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a ROM (read only memory) of the portable device based on a public key certification process. A certified code image may be assigned a hash signature to be stored in a storage of the portable device. An operating environment of the portable device may be established after executing the certified code.

Abstract: Encryption of communications includes receiving plain text from a computing device and encrypting the plain text with knight's tour encryption. The knight's tour encryption includes generating a knight's tour table based upon a starting position, generating a cipher template by mapping Unicode characters of a standard state table to the knight's tour table, and mapping the plain text to indices of a first cipher template. The knight's tour encryption further includes generating a silent password, mapping the silent password to indices of a second cipher template, and adding the password indices of the first cipher template to the silent password indices of the second cipher template resulting in cipher indices. The knight's tour encryption further includes mapping the cipher indices to the first cipher template, and generating a cipher text string from the Unicode characters associated with the cipher indices mapped to the first cipher template.

Abstract: A method, system, and computer program product for providing protected remote access from a remote access client to a remote access server over a computer network through a plurality of inspections. A remote access configuration file is created for the remote access client. A digital hash of the configuration file is then generated. The digital hash is compared with a configuration file stored at a predefined web location. If the comparison results in a match between the digital hash and the stored configuration file, a digital hash comparison is performed between an encrypted remote access configuration file and an encrypted configuration file stored at the predefined web location. If the plurality of inspections are passed, the remote access client is released from a quarantine state and a virtual private network (VPN) connection to the remote access server is established.

Abstract: Systems and methods for an end-to-end secure operation using a query matrix Q_M having dimensions d×s. Exemplary methods include: extracting a set of term components {T} of the operation using a term generation function; partitioning a range of a keyed hash function H(T) into a set of vectors {c_T}; setting Q_M (j,m)=E(B_j,m) when c_T[j]=m for j=0, . . . , (d?1) and for m=0, . . . , (s?1), E(B_j,m) being a non-zero bitmask corresponding to element T from the set of term components {T} encrypted using a homomorphic encryption scheme E; and setting Q_M (j,m)=E(0) when c_T[j]?m for j=0, . . . , (d?1) and for m=0, . . . , (s?1), E(0) being a zero bitmask encrypted using the homomorphic encryption scheme E.

Abstract: System and techniques for multi-tenant cryptographic memory isolation are described herein. A multiple key total memory encryption (MKTME) circuitry may receive a read request for encrypted memory. Here, the read request may include an encrypted memory address that itself includes a sequence of keyid bits and physical address bits. The MKTME circuitry may retrieve a keyid-nonce from a key table using the keyid bits. The MKTME circuitry may construct a tweak from the keyid-nonce, the keyid bits, and the physical address bits. The MKTME circuitry may then decrypt data specified by the read request using the tweak and a common key.

Abstract: A new version of a structured collection of information, different from a previous version, of a cryptographic domain is created. The new version is created to be verifiable as a valid successor to the previous version and to specify a new set of quorum rules, with the new set of quorum rules defining one or more conditions to be fulfilled by a plurality of operators as conditions precedent to update the structured collection. The new version is provided to the plurality of operators. Digital signatures corresponding to the new version are obtained, and, as a result of the digital signatures received fulfilling the one or more conditions defined by a previous set of quorum rules specified by the previous version, the new version is caused to replace the previous version.

Abstract: In one aspect, the present disclosure provides for the accessing and playing of media files having differing associated rights such as non-DRM media files, purchased and downloaded media files, subscription download files such as tethered downloads, and subscription streamed DRM files. In one embodiment, the present disclosure provides a method and user interface for sharing a media collection among computing devices in communication via a network. In one embodiment, the disclosed method allows access and playback, from each computing device on a network, of all media files in a media collection, regardless of their associated rights.

Abstract: A configuration capable of performing reliable source analysis of illegal copy content using content in which a reproduction path is settable is implemented. Content in which an individual segment region including a plurality of pieces of variation data which include different identification information embedded therein and are decryptable using different keys and a common segment region including single data are provided, and variation data is configured with an aligned unit is set. A content reproducing device calculates a reproduction path by applying a device key and selects and reproduces an aligned unit corresponding to the reproduction path on the basis of a variation data identifier recorded in an adaptation field in a plain text region at the head of a plurality of aligned units constituting the variation data.

Abstract: A backup or storage management system is provided that can secure data within a primary storage environment that stores data in an unsecured format. The storage management system can automatically analyze data received for backup from the primary storage environment and determine whether the data includes information that has been identified as sensitive and/or information that is determined within a threshold degree of probability to be sensitive. The storage management system can then modify the storage of the data that includes sensitive information at the primary storage environment, thereby enabling the data to be secured within the unsecured, or partially secured, primary storage environment. Advantageously, in certain embodiments, by securing data with sensitive information within an unsecured storage environment, embodiments disclosed herein can reduce the occurrences of a data breach or data leak.

Abstract: Various embodiments relate to a method for producing a digital signature using a white-box implementation of a cryptographic digital signature function, including: receiving a input message; hashing the input message; generating a nonce based upon the input message and the white-box implementation of the cryptographic digital signature function; and computing a digital signature of the input using the nonce.

Abstract: Disclosed herein are system, method, and computer program product embodiments for intrusion detection and response. An embodiment operates by receiving one or more events corresponding to one or more user actions performed during a connectivity session to a computer system. The received one or more events are compared to one or more intrusion parameters associated with the computer system. It is determined that the received one or more events correspond to the intrusion event and that the user actions are performed on a first version of the computer system. The connectivity session is switched from the first version of the computer system to a second version of the computer system responsive to the determination of the intrusion event.

Abstract: Disclosed are a fingerprint identification system and a fingerprint identification method and a display device capable of simplifying operations of starting an application by a user. The fingerprint identification system includes: a fingerprint identification region arranged on a touch screen to acquire an input fingerprint; a fingerprint verification module connected with the fingerprint identification region to verify whether the input fingerprint is a fingerprint of a user and to unlock the touch screen if it is determined that the input fingerprint is the fingerprint of the user; an application start control module connected with the fingerprint identification region and the fingerprint verification module respectively to obtain a finger press direction from the input fingerprint and start an application corresponding to the finger press direction when the input fingerprint is the fingerprint of the user.

Abstract: Methods of communicatively connecting first and second endpoints are disclosed. One method includes transmitting from a first endpoint to a second endpoint a connection request, the connection request including an IP address of the second endpoint. The method further includes, based at least in part on the IP address of the second endpoint, selecting IPsec from among a plurality of available security protocols to first attempt to use in forming a tunnel between the first and second endpoints, and forming the tunnel between the first and second endpoints based on the connection request.

Abstract: This disclosure describes methods and systems for a biometric identity management system capable of being deployed incrementally one organization at a time, and also reversibly, such that any organization can unsubscribe at any time. A biometric processing engine can perform biometric matching between records from a first database and a second database, whereby the databases have been established independently of each other. Each record comprises a biometric record and a corresponding identifier unique across databases. If a biometric record of a first record and a biometric record of a second record are from a same individual, the first record comprising a first unique identifier and the second record comprising a second unique identifier are linked. Using the first or second unique identifiers, access to information about the individual linked to both the first record in the first database and the second record in the second database is provided.

Abstract: A system and method provides security features for inter-computer communications. A user identifier of the user that cannot be used to log the user in to a data consolidating system is received by a matching system from the data consolidating system. The validity of the user is checked at the matching system and, in response to the checking, the user identifier is converted to a different user identifier and the different user identifier is provided to a data providing system by the matching system. The data providing system provides the data of the user in response, and the matching system forwards the data to the data consolidating system.

Abstract: A wireless local area network (WLAN) access method, a terminal, and a server implement intelligentization and simplify a user operation. The method includes sending, by the terminal, a request for querying an available wireless access point to a server; sending, by the server according to the query request, obtained information about the available wireless access point; then, receiving, by the terminal, wireless access point information returned by the server, and determining a specific wireless access point from the received wireless access point information; then, sending, by the terminal, an authentication information request of the specific wireless access point to the server; and when receiving the request, sending, by the server, authentication information corresponding to the specific wireless access point to the terminal, where the authentication information is used to connect the terminal to the specific wireless access point.

Abstract: A non-transitory machine-readable media embodying instructions executable by one or more processors to perform a method is provided. In one aspect, the method includes receiving, from a first computing device associated with a first account, a request for interaction with a second computing device associated with a second account, wherein the first account is assigned a quota for interacting with one or more accounts. The method includes determining a cost associated with the interaction. The method includes, when the quota exceeds the cost, determining that the interaction is allowed and deducting the cost from the quota. Systems and methods are also provided.