Abstract: In embodiments, apparatuses, methods and storage media (transitory and non-transitory) are described that are associated with user profile selection using contextual authentication. In various embodiments, a first user of a computing device may be authenticated and have an access control state corresponding to a first user profile established, the computing device may select a second user profile based at least in part a changed user characteristic, and the computing device may present a resource based at least in part on the second user profile. In various embodiments, the computing device may include a sensor and a user profile may be selected based at least in part on an output of the sensor and a previously stored template generated by a machine learning classifier.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to initialize a platform. An example disclosed apparatus includes a boot loader manager to prevent operating system loading in response to detecting a power-on condition, a context manager to retrieve first context information associated with the platform, and a policy manager to identify a first operating system based on the first context information, the policy manager to authorize the boot loader manager to load the first operating system.

Abstract: Credential and/or location data included in data received by a networked system from a device that communicated the data to the networked system may be processed to determine if the credential data and/or location data validate an identity of a user (e.g., a guest, traveler, patron) and/or a location of the user based on a location of the device when the data is communicated. The data may be review data and the credential and/or location data may be included in review data. The device and/or the networked system may generate a location history database from location data from the device or other system that is periodically logged from multiple locations at different times during an event (e.g., a stay at a vacation rental). Data from the database may be used to determine if a location for a communication is with a threshold of an allowable distance from an allowable location.

Abstract: Methods and systems are provided for creation and implementation of firewall policies. According to one embodiment, a firewall maintains a log of observed network traffic flows. An administrator may request the firewall to generate a customized report based on the logged network traffic by extracting information from the log based on specified report parameters. The report includes aggregated network traffic items and one or more corresponding action objects. Responsive to receipt of a directive to implement an appropriate firewall policy for one or more network traffic items based on interaction with one or more action objects by the administrator, the firewall then automatically defines and establishes an appropriate firewall policy.

Abstract: In one embodiment, a method includes receiving client-server connection data for clients and servers, the data including IP addresses corresponding to the servers, for each one of a plurality of IP address pairs performing a statistical test to determine whether the IP addresses in the one IP address pair are related by common clients based on the number of the clients connecting to each of the IP addresses in the one IP address pair, generating a graph including a plurality of vertices and edges, each of the vertices corresponding to a different IP address, each edge corresponding to a different IP address pair determined to be related by common clients in the statistical test, and clustering the vertices yielding clusters, a subset of the IP addresses in one of the clusters providing an indication of the IP addresses of the servers serving a same application.

Abstract: A combination of shim and back-end server applications may be used to identify and block the installation of malicious applications on mobile devices. In practice, a shim application registers with a mobile device's operating system to intercept application installation operations. Upon intercepting an attempted installation operation, the shim application identifies the application seeking to be installed, generates a key uniquely identifying the application, and transmits the key over a network connection to a back-end server. The back-end server may be configured to crawl the Internet to identify malicious applications and compile and maintain a database of such applications. Upon receiving a key from the shim application, the back-end server can search its database to locate a matching application and, if found, respond to the mobile device with the application's status (e.g., malicious or not). The shim application can utilize this information to allow or block installation of the application.

Abstract: A blinding function is generated. The blinding function is applied to a random value to generate a blinded random value. The blinded random value is utilized for one or more scalar multiplications in an elliptic curve cryptographic operation.

Abstract: Through use of the technologies of the present invention, one is able to store and to retrieve data efficiently. One may realize these efficiencies by coding the data and storing coded data that is of a smaller size than original data.

Abstract: According to some aspects disclosed herein, a system for remote assistance and control of user devices subject to one or more remote assistance policies may be provided. In some embodiments, an administrator may request remote control of a managed user device. A managed application launcher may be provided by the user device and may be modified by the user device to remove managed applications or otherwise prevent access to applications that have a policy indicating that remote assistance is not allowed. The administrator may open a managed application included in the launcher and remotely control that application. In other embodiments, a user of the managed user device may initiate a request for remote assistance from within a managed application and/or the managed application launcher. The administrator's control of the user device and access to other applications on the user device may be limited based on the remote assistance policies.

Abstract: The present disclosure relates to systems and methods for facilitating trusted handling of genomic and/or other sensitive information. Certain embodiments may use a virtualized execution environment to execute code and/or programs that wish to access and/or otherwise use genomic and/or other sensitive information. In some embodiments, data requests from the code and/or programs may be routed through a transparent data access proxy configured to transform requests and/or associated responses to protect the integrity of the genomic and/or other sensitive information.

Abstract: Personalized services often utilize individual profiles, such as social network profiles, product purchase histories, or browsing histories. However, personalization may exhibit or imply a familiarity level between the service and the individual that is beyond the individual's comfort level. Presented herein are techniques for adapting personalized services to request supplemental individual information only within a current familiarity stage that has been established by the individual with the service, and only to provide a requested usage of a service. Such solicitation may inform the individual of the intended usage of the requested information. Usages that may involve more sensitive information may be predicated upon requesting and receiving individual consent from the individual to advance to a higher familiarity stage.

Abstract: A survey providing apparatus includes a reception unit configured to receive a survey participation signal, from a user device, related to the broadcasting program that is being reproduced in a broadcasting device, a user authentication unit configured to authenticate a user based on identification information of the user device included in the received survey participation signal and user information that is previously stored in a database, a transmission unit configured to transmit a survey list for the broadcasting program to the user device and a survey result generation unit configured to generate a survey result based on a survey response to the survey list and the user information, wherein the transmission unit is further configured to transmit the generated survey result to the broadcasting device.

Abstract: Methods and structure for Digital Rights Management (DRM) are provided. An exemplary system includes a Digital Rights Management (DRM) licensing server. The DRM licensing server is able to receive authentication information generated by a DRM module of a client device, and to receive a device identifier that uniquely distinguishes the client device from other client devices, wherein the device identifier has been generated by the DRM module. The DRM licensing server is further able to authenticate the DRM module based on the authentication information, to create a signed identifier based on the device identifier responsive to authenticating the DRM module, and to transmit the signed identifier to the client device. The system also includes an application server able to register the client device with an account at the application server, based on the signed identifier.

Abstract: Embodiments regard security descriptors for record access queries. An embodiment of a method includes: receiving a record access query, the query regarding records for a certain one or more users, groups, or both at a certain access level; searching one or more sharing tables of entities in a computing environment for security descriptors, each security descriptor being associated with a set of one or more users, groups, or both having access to one or more records of a set of records at an access level; identifying any security descriptors in the one or more sharing tables that relate to the certain one or more users, groups, or both with at least the certain access level; and searching the one or more records associated with each of the identified security descriptors according to the record access query.

Abstract: The instruction code including an instruction code stored in the area where the encrypted instruction code is stored in a non-rewritable format is authenticated using a specific key which is specific to the core where the instruction code is executed or an authenticated key by a specific key to perform an encryption processing for the input and output data between the core and the outside.

Abstract: An approach for implementing a local device management application for deterring misuse, loss, or theft of mobile devices includes determining that a use of a first device at least substantially satisfies one or more use criteria. The approach also includes generating a notification message regarding the use. Further, the approach includes initiating a transmission of the notification message from the first device to a second device.

Abstract: Systems and methods for providing content items to users. A computer system may provide to a first user an indication of a plurality of available content items. The computer system may receive from the first user an indication of a first content item selected from the plurality of content items. The computer system may determine whether a content provider service associated with the computer system is authorized to stream the first content item to the first user. When the content provider service is not authorized to stream the first content item to the first user, the computer system may identify an alternate source for the first content item. The computer system may initiate playback of the first content item to the first user from the alternate source.

Abstract: A redirection service may receive a destination URI plus a set of conditions for reaching the URI. The conditions may include authentication conditions. The service may generate an intermediate URI which may direct to an intermediate service. The intermediate service may execute the various conditions, then redirect to the destination URI. In some cases, the intermediate service may pass data to the destination URI, and such data may include data gathered while executing the various conditions. The intermediate service may accessed through an Application Programming Interface (API). An example use scenario for the redirection service may be to generate publically publishable URIs for a private chat service, where an intermediate URI may be generated for a specific user or group of users, and may permit only those users to access a private chat room through the publically available URI.

Abstract: The present invention relates to a method for protection of a means of transportation against unauthorized usage or theft using a lock and an end device that can be operated in a cellular network. Subject of the invention are further a lock for protection of a means of transportation against unauthorized usage or theft as well as a end device that can be operated in a cellular network, that are particularly designed to carry out process steps of the inventive method which need to be carried out by the lock respectively the end device.

Abstract: Methods, apparatus, and systems for securing a mobile application are disclosed. Users of the mobile application may be authenticated using a smartphone or other device including a Near-Field Communication (NFC) transfer device capable of NFC communication. An authentication device may be adapted to present itself to the NFC transfer device as an NFC tag and make a dynamic credential available to the NFC transfer device by including the dynamic credential in an NFC tag readable by the NFC transfer device using NFC mechanisms for reading data contents of NFC tags. An access device comprising the NFC transfer device may then provide the dynamic credential to an application server for verification.