Abstract: Technology for a dynamic adaptive streaming over hypertext transfer protocol (HTTP) aware (DASH-aware) network application function (D-NAF) on a server is disclosed. In an example, the D-NAF can include a network application function (NAF) for authenticating a client and a DASH proxy for delivering DASH content and authentication information for the client.

Abstract: A computer-implemented method, the method includes identifying a piece of data to be served from a server system to a client device that is remote from the server system; creating a plurality of expressions that, when executed, provide a result that corresponds to the piece of data; and providing the plurality of expressions to the client device with code for executing the plurality of expressions.

Abstract: A method of protecting WLAN Control Protocol (WLCP) message exchange between a Trusted WLAN Access Gateway (TWAG) (112) of a Trusted WLAN Access Network (TWAN) (110) and a User Equipment (UE) (101) are provided. The method comprises deriving, by an Authentication, Authorization, and Accounting, (AAA) Server (103) of an Evolved Packet Core (EPC) network which is interfaced with the TWAN, and by the UE, a Master Session Key (MSK) and an Extended MSK (EMSK), sending, from the AAA Server to a Trusted WLAN AAA Proxy (TWAP) (113) of the TWAN and an Access Point (AP) (111) of the TWAN, the MSK or a key derived from at least the MSK, and deriving, by the TWAN or by the AAA Server, and by the UE, from the MSK, the EMSK, or the key derived from at least the MSK or the EMSK, a key for protecting the WLCP message exchange. Corresponding devices, computer programs, and computer program products are further provided.

Abstract: A method and system for providing on-site content delivery and on-demand content access. The method comprising recording digital media content on a DMR device, managing distribution of the digital media content to one or more remote devices, automatically distributing the digital media content to the one or more remote devices, the distributed digital media content configured for local hosting at the one or more remote devices, and monitoring consumption of the digital media content distributed to the one or remote devices.

Abstract: A computing device configured for authenticating a remote computing device is described. The computing device includes a processor and executable instructions stored in memory that is in electronic communication with the processor. The computing device detects a biometric device on the remote computing device. The computing device also obtains information regarding the biometric device on the remote computing device. The computing device further sends a utility to the remote computing device. The computer device additionally receives biometric input from the remote computing device. The computing device furthermore validates the biometric input received. The computing device also grants or denies access to the remote computing device based on the validation of the biometric input.

Abstract: A technique for enabling a client to provide a server entity is disclosed. In method aspects, a first method is performed in the client and comprises the steps of providing the client with a secure trusted environment, the environment being trusted by the client and by at least one third party, and accommodating, in the secure trusted environment, at least a local portion of the server entity, the server entity being configured to handle one or more server requests from the client, and data required by the server entity so as to handle the server request. A second method is performed in a server and comprises the steps of providing, for the secure trusted environment of the client, the environment being trusted by the client and by the at least one third party the at least local portion of the server entity, and the data.

Abstract: A system and method for securely recording voice communications, comprising an authentication server, further comprising at least a software components operating on a network-capable computing device, and a database, wherein an authentication server verifies the validity of voice communications and a database stores voice communication recordings.

Abstract: Particular embodiments provide a system that analyzes and optimizes roles and authorizations for users of a customer. The system determines which executables have been used by users in the system over a certain time period. Thereafter, the system analyzes and optimizes authorizations within the assigned roles for the users. The authorizations for the roles assigned to the user are then analyzed. The vendor roles typically have redundant authorizations, some of which may be used and some not used. The system can then generate a new customer role for the user with the used authorizations combined into the new role. For example, the authorizations used by the user are combined into the new customer role. This reduces the number of roles the user has assigned to him/her, and also the number of authorizations. Also, the new customer role may be added to other users with the same role at the customer.

Abstract: Disclosed are various examples for facilitating distribution of an authentication code to installation of managed applications. An identity certificate is sent to a device by installing a configuration profile on the client device. The configuration profile includes the identity certificate. A management service can also initiate installation of a managed application. The identity certificate can be used to authenticate the client device so that an authentication key can be provided to the managed application.

Abstract: Systems, software, and methods are provided for accurate service, transaction, and cargo monitoring. An example system and/or method may include calibrating a wireless sensor, connecting a user device to a wireless sensor, obtaining initial information for a first process at least in part from the wireless sensor, obtaining subsequent information about at least the first process, and using a portion of the initial information about the first process and the subsequent information about the first process to create a dynamic report involving the first process.

Abstract: A device may obtain information regarding firewall rules. The information, for a firewall rule of the firewall rules, may include one or more match condition values and a ranking value. The firewall rule may be applicable to packets that are associated with packet information that matches the match condition values. A match condition value may be associated with a match count that identifies a quantity of times that packets match the match condition value. The ranking value may identify a quantity of times that the firewall rule has been applied to the packets. The device may obtain a new firewall rule. The device may predict a ranking value of the new firewall rule based on match condition values of the new firewall rule and/or based on analyzing the information regarding the plurality of firewall rules. The device may perform an action based on the predicted ranking value.

Abstract: According to an embodiment provided herein, there is provided a system that binds a trusted output session to a trusted input session. The system includes a processor to execute an enclave application in an architecturally protected memory. The system includes at least one logic unit forming a trusted entity to, responsive to a request to set up a trusted I/O session, generate a unique session identifier logically associated with the trusted I/O session and set a trusted I/O session indicator to a first state. The system includes at least one logic unit forming a cryptographic module to, responsive to the request to set up the trusted I/O session, receive an encrypted encryption key and the unique session identifier from the enclave application; verify the unique session identifier; and responsive a successful verification, decrypt and save the decrypted encryption key in an encryption key register.

Abstract: An application permission management method, includes: generating a running request in response to an operation of running an object of a terminal device, therein, the running request includes object information of the object; obtaining geographical location coordinates of the terminal device in response to the running request; determining whether the terminal device is located in one monitoring area and determine the monitoring area in which the terminal device is located; and determining forbidden lists corresponding to the determined monitoring area, determining the object according to the object information in the running request, and determining whether the object is forbidden to run according to the forbidden lists corresponding to the monitoring area.

Abstract: In accordance with the teaching described herein, systems and methods are provided for providing secure access to a software application on a computing device. The software application may include a security framework having a set of predetermined security requirements. Prior to enabling access to the software application by a user, the computing device may, (i) verify installation of a device security configuration profile on the computing device, wherein the device security configuration profile certifies that the software application includes the set of predetermined security requirements, (ii) receive identifying information from the user via a user interface, (iii) verify the identifying information with an authentication server, and (iv) based on a successful verification of the identifying information, receive and store a security token. Access to the software application on the computing device may be provided for a specified period identified by the security token.

Abstract: A computer-implemented method, the method includes identifying a piece of data to be served from a server system to a client device that is remote from the server system; creating a plurality of expressions that, when executed, provide a result that corresponds to the piece of data; and providing the plurality of expressions to the client device with code for executing the plurality of expressions.

Abstract: An arrangement for use in managing resources of a plurality of computing devices in response to an attack, the arrangement comprising: an interface configured to receive an indication of a parameter associated with a first computing device of the plurality of computing devices; and a migration module configured to migrate a virtual machine, or part of a virtual machine, from the first computing device to a second computing device in response to the indication received by the interface, wherein the parameter includes an indicator of a symptom of an attack against the first computing device or a program operating on the first computing device.

Abstract: Embodiments of the present disclosure include systems and methods for secure release of secret information over a network. The server can be configured to receive a request from a client to access the deposit of secret information, send an authorization request to at least one designated trustee in the set of designated trustees for the deposit of secret information, receive responses over the network from one or more of the designated trustees in the set of designated trustees and apply a trustee policy to the responses from the one or more designated trustees in the set of trustees to determine if the request is authorized. If the request is authorized, the server can send the secret information to the client. If the request is not authorized, the server denies access by the client to the secret information.

Abstract: An encryption and recording apparatus storing data, the apparatus including: a first nonvolatile memory; a second nonvolatile memory; and an encryption and decryption control unit, wherein the encryption and decryption control unit: manages an area included in the second nonvolatile memory on a per-block basis, and manages association between a block and a block-unique key using key management information stored in the first nonvolatile memory; receives the data and corresponding information associated with the data; encrypts the data, using one or more block-unique keys associated with one or more blocks included in the second nonvolatile memory and writes the data to the one or more blocks; and stores the corresponding information into the key management information, associating the corresponding information and the one or more block-unique keys.

Abstract: It is an object to allow for simplification of authentication information to be input by a user while ensuring security. An information processing apparatus identifies a current situation in which a user is placed. The information processing apparatus obtains a past situation in which the user was placed at the time of past authentication. When the user is currently authenticated, the information processing apparatus simplifies authentication information to be entered by the user, depending on the current and past situations. The information processing apparatus outputs information prompting for the simplified authentication information.

Abstract: There is provided mechanisms for configuration of liveness check using Internet key exchange messages. A method is performed by a user equipment. The method comprises transmitting, to a core network node, a first Internet key exchange message comprising a configuration attribute indicating support of receiving a timeout period for liveness check. The method comprises receiving, from the core network node, a second Internet key exchange message comprising a configuration attribute indicating a timeout period for said liveness check.