Abstract: Methods are provided for determining an enterprise risk level, for sharing security risk information between enterprises by identifying a security response by a first enterprise and then sharing the security response to a second enterprise when a relationship database profile for the first collection indicates the security response may be shared. Methods are also provided for determining whether to allow a request from an originating device where the request may have been initiated by a remote device.

Abstract: Method for processing data, in which a Petri net is encoded, written into a memory and read and executed by at least one instance, wherein transitions of the Petri net read from at least one tape and/or write on at least one tape symbols or symbol strings, with the aid of at least one head. [Fig 1]. In an alternative, data-processing, co-operating nets are composed, the composition result is encoded, written into a memory and read and executed from the memory by at least one instance. In doing this, components can have cryptological functions. The data-processing nets can receive and process second data from a cryptological function which is executed in a protected manner. The invention enables processing of data which prevents semantic analysis of laid-open, possibly few processing steps and which can produce a linkage of the processing steps with a hardware which is difficult to isolate.

Abstract: Various embodiments of the present technology involve the sharing of a content item though a synchronized content management system (CMS) without requiring a user to register or provide login credentials. For example, the CMS can receive a request from a first user of a computing device to share a content item with a second user. Instead of requiring the user to register or provide their login credentials, the CMS can generate an unregistered user account using a unique identifier associated with the computing device. Accordingly, in order to share the content item, the CMS can generate a link to retrieve the content item and send the link to the second user. Thus, creation of an unregistered user account can require no login credentials, thereby providing a simple, user friendly interface for initiating interactions with the CMS.

Abstract: A method of providing a restricted set of application programming interfaces includes decrypting, by a secure object information reader executing on a computing device, an encrypted data object using information associated with the encrypted data object to generate a decrypted data object, the information received from an access control management system. The method includes intercepting, by a kernel driver executing on the computing device, from a process executing on the computing device, a request to access the decrypted data object. The method includes identifying, by the kernel driver, using the information associated with the encrypted data object, a usage requirement restricting a set of operations available to the process in accessing the decrypted data object. The method includes providing, by the kernel driver, to the process, a restricted set of application programming interfaces with which to interact with the decrypted data object, as permitted by the restricted set of operations.

Abstract: Methods and systems are provided for detection of unauthorized entities in communication systems. The method includes obtaining a secret string by a first network element and generating a random number by the first network element. The method also includes computing a first cryptographic result by the first network element. The first cryptographic result is based on a cryptographic function, the secret string, and the random number. The method further includes attempting to transmit, by the first network element, a first packet that includes the random number to a second network element using a layer 2 packet terminating protocol. The method includes receiving, within a configured time, a second packet including a second cryptographic result at the first network element, and terminating transmission to the second network element when a second cryptographic result is different from the first cryptographic result.

Abstract: The present disclosure relates to systems and methods for facilitating trusted handling of genomic and/or other bioinformatic information. Certain embodiments may facilitate policy-based governance of access to and/or use of bioinformatic information, improved interaction with and/or use of distributed bioinformatic information, parallelization of various processes involving bioinformatic information, and/or reduced user involvement in bioinformatic workflow processes, and/or the like. Further embodiments may provide for memoization processes that may persistently store final and/or intermediate results of computations performed using genomic data for use in connection with future computations.

Abstract: A method in a first entity for authenticating itself to a second entity by proving to the second entity that it is in possession of a full secret without sending the full secret to the second entity, the method comprising: receiving in the first entity an input from a user, the full secret having been divided into at least a first factor and a second factor and the input relating to the second factor of the full secret; reconstructing in the first entity the full secret from at least the first factor and the input; and carrying out a calculation in the first entity using the reconstructed full secret and sending the results of the calculation to the second entity, wherein the results provide an input to a pairing calculation in the second entity.

Abstract: A server obtains a challenge from another computer system during a negotiation with a client according to a protocol. The server injects the challenge into a message of the protocol to the client. The client uses the challenge in an authentication request. The server submits the authentication request to the other computer system for verification. The other computer system verifies the authentication request using a key registered to the client. The server operates further dependent at least in part on whether verification of the authentication request was successful.

Abstract: A method enables prefix search of cloud stored encrypted files that are encrypted using an order preserving encryption (OPE) algorithm. The encrypted text prefix search method generates a minimum possible plaintext string and a maximum possible plaintext string of the same character length including the search term as the prefix. The minimum and maximum possible plaintext strings are encrypted using the same order preserving encryption algorithm for the encrypted text. The method determines from the minimum ciphertext and the maximum ciphertext a set of common leading digits. The set of common leading digits is used as an OPE encrypted prefix search term and provided to a cloud storage service to search in the cloud stored encrypted files for encrypted text matching the OPE encrypted prefix search term.

Abstract: A method for limiting user access to a captive domain or an open domain. The captive domain may include electronically accessible content that is selected/controlled by a service provider and the open domain may include electronically accessible content that is not completely selected/controlled by the service provider. The method may include configuring a modem or other user device in such a manner as to limit use access to the desired domain.

Abstract: A method and system is provided for signing data such as code images. In one embodiment, the method comprises receiving, from a requestor, a request to sign the data according to a requested configuration selected from a first configuration, in which the data is for use with any of the set of devices, and a second configuration in which the data is for use only with a subset of a set of devices; modifying the data according to the requested configuration; generating a data signature using the modified data; and transmitting the generated data signature to the requestor. Another embodiment is evidenced by a processor having a memory storing instructions for performing the foregoing operations.

Abstract: A system and method for selectively securing data from unauthorized access on a client device storing a plurality of data types with reference to an authorization level indicated in a command. A command is received at a client device comprising an authorization level indicator. Based on at least one predefined rule, which may be implemented in an IT policy stored at the client device, each of the plurality of data types to be secured is determined, and then the data corresponding to those types is secured. The data may be secured by encrypting and/or deleting the data at the client device. The predefined rules associated with each authorization level may be configured by a user or administrator having an authorization level that exceeds the associated authorization level.

Abstract: Systems and methods are described for determining whether an electronic computing device complies with the security policy for a network.

Abstract: A system and method for creating and retrieving verifiable media and in particular, such a system and method in which the circumstances related to the media are encapsulated along with the media to guarantee its authenticity.

Abstract: Provided are methods and systems related to communications between a social media service or provider (e.g., Twitter®, Facebook®) or other resource (e.g., web page) and one or more content providers. In an aspect, provided are methods comprising receiving a request for content, wherein the request comprises a user agnostic identifier, determining user information associated with the request, determining time information associated with the request, determining media content associated with the user agnostic identifier based on the time information, determining one or more access rights to the media content based on the user information, and providing access to the media content based on the one or more access rights.

Abstract: A cryptographic key is generated using biometric data and a hierarchy of biometric descriptors. The hierarchy of biometric descriptors includes multiple levels, wherein a biometric descriptor at a first level is associated with a subset of the biometric descriptors at the next lower level. To generate a cryptographic key, biometric data is collected and compared to the biometric descriptors at the first level of the hierarchy. One of the biometric descriptors is selected at the first level, and a first key component is generated based on the first selected biometric descriptor. The biometric data is then compared to the subset of biometric descriptors at the second level of the hierarchy associated with the first selected biometric descriptor. This process of selecting a biometric descriptor and generating a key component continues for each level of the hierarchy. The key components are then used to generate a cryptographic key.

Abstract: Systems and methods for authoring and performing procedural workflows, and engaging in multimedia communication, remote assistance, training, data entry, inventory management, authentication, and secure networking using a hands-free or substantially hands-free wearable digital device are described. In one implementation, a user logs into a secure network using existing credentials, and a Quick Response Code is generated to temporarily authorize the user's wearable device within the secure network. In another implementation, information is encrypted and transferred between a computing device and a remote system, and the computing device is verified as being connected to a particular network and located within a particular geofence. In a further implementation, an interface for authoring a procedural workflow includes defining workflow steps based on selected primitives, and displaying rendered previews of the workflow as it would appear on different user devices.

Abstract: Systems and methods for authoring and performing procedural workflows, and engaging in multimedia communication, remote assistance, training, data entry, inventory management, authentication, and secure networking using a hands-free or substantially hands-free wearable digital device are described. In one implementation, a user logs into a secure network using existing credentials, and a Quick Response Code is generated to temporarily authorize the user's wearable device within the secure network. In another implementation, information is encrypted and transferred between a computing device and a remote system, and the computing device is verified as being connected to a particular network and located within a particular geofence. In a further implementation, an interface for authoring a procedural workflow includes defining workflow steps based on selected primitives, and displaying rendered previews of the workflow as it would appear on different user devices.

Abstract: Computer and communications systems and methods are provided in which a first computing system sends a second computing system a message and an associated deep-string and the second computing system applies a key of a cryptographic system or a one-way function to the deep-string to determine the deep-string's deep-string-depth. The second computing device then uses the determined deep-string-depth in determining subsequent behavior regarding the message. In some environments, a third computing device may generate and provide deep-strings of various deep-string-depths to the first computing device to ensure more favorable behavior of the second computing device.

Abstract: A radio device is provided with a first radio unit and a second radio unit, wherein the first radio unit provides a certified functionality which is certified by an authorized certification authority. The second radio unit provides a certified functionality, wherein the functionality of the second radio unit is different from the functionality of the first radio unit, and the functionality of the second radio unit is similarly certified by an authorized certification authority. Furthermore, a method is provided for the transmission of information via the radio device.