Abstract: A system for authorizing an operation is provided. The system may acquire motion data collected by a wearable device. A mobile terminal may determine whether the motion data matches with a physical motion for verification. If the motion data matches with the physical motion for verification, the mobile terminal may be authorized to perform a predetermined operation corresponding to the physical motion for verification. Thus, a user's identity may be verified based on the wearable device that collects motion data.

Abstract: Content receivers may simultaneously record multiple instances of content for multiple programming channels based on content provider instructions. Systems and methods utilize the content receivers to record these multiple instances from at least a single transponder. In some instances, multiple transponders may have a common control word so that content carried on each such transponder may be simultaneously received, decoded and recorded. Further, a single demodulator may be associated with multiple tuners, so that the single demodulator processes all content received from transponders with common control words and/or other encryption mechanisms.

Abstract: Managing and accessing media items, including: a plurality of domains configured to provide access to media items; a plurality of clients associated with the plurality domains, and providing a pathway for accessing the media items; and a spanning application configured to track and aggregate accessible media items from the plurality of domains based on authentication and registration information and associated rights of the plurality of clients and the plurality of domains, wherein the spanning application enables accessing of the media items across the plurality of domains.

Abstract: A method and system of authenticating communications sessions between two or more parties over one or more simultaneous communications channels using one or more communicating devices is provided including having a first party create a first set of signatures, wherein the first set of signatures includes a signature for each communications channel, communicating with at a second party over at least one communications channel, whereby the second party authenticates the first party's signature associated with the at least one communications channel and accepts communication with the first party.

Abstract: Circuitry and methods prevent unauthorized programming, or reprogramming, of a programmable device, by requiring a signature in the configuration data to match a signature previously stored in the programmable device. A programmable integrated circuit device includes an input for configuration data, and programming control circuitry operable to derive a current signature from the configuration data, examine a first bit stored in the programmable integrated circuit device, and when the first bit is in a first state, compare the current signature to a first predetermined signature stored in the programmable integrated circuit device and configure the programmable integrated circuit device according to the configuration data only when the current signature matches the first predetermined signature, and when the first bit is in a second state, configure the programmable integrated circuit device according to the configuration data without comparing the current signature to the first predetermined signature.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

Abstract: A trusted identity may be established for an agent device for performing trusted communication with one or more application providing apparatuses. The method of establishing the trusted identity includes determining which of a number of authentication models is a selected authentication model to be used for uniquely authenticating the agent device. First and second authentication information is generated according to the selected model. The first authentication information is for uniquely authenticating the identity of the device and the second authentication information is for verifying that the agent device has the first authentication information. The first authentication information is embedded in the agent device while the second authentication information is transmitted to a registry apparatus for maintaining a device of agent devices. Authentication model information identifying which is the selected authentication model is also sent to the registry.

Abstract: A method and system of managing a chain of custody for cannabis is provided that includes depositing one or more identification tags onto the surface of one or more cannabis seeds at a first custodian location, and depositing the identification tags onto the surface of one or more cannabis, wherein the cannabis plants are grown and matured from the cannabis seeds. The method and system further includes receiving the tagged cannabis plants at a second custodian location and extracting cannabinoids from the tagged cannabis plants, wherein the extracted cannabinoids include the one or more identification tags. In addition, the method and system further includes receiving the extracted cannabinoids at a third custodian location, wherein the extracted cannabinoids include the one or more identification tags which may be accumulated from all the prior custodians.

Abstract: Disclosed is an apparatus and method for a computing device to determine if an application is malware. The computing device may include: a query logger to log the behavior of the application on the computing device to generate a log; a behavior analysis engine to analyze the log from the query logger to generate a behavior vector that characterizes the behavior of the application; and a classifier to classify the behavior vector for the application as benign or malware.

Abstract: Process, equipment, and computer program product code for configuring a network security device using a hand-held computing device are provided. Default initial settings for a network security device are received by a mobile application running on a hand-held computing device. The default initial settings represent settings that allow the network security device to be remotely managed via a network to which the network security device is coupled. The default initial settings are presented to a network administrator via a touch-screen display of the hand-held computing device. Revisions to or acceptance of the default initial settings are received by the mobile application. The mobile application causes the network security device to be configured with the revised or accepted default initial settings by delivering the settings to the network security device via a management interface to which the hand-held computing device is coupled via a connecting cable.

Abstract: The embodiments of the present invention provide a secure establishment method, system and device of a wireless local area network. The method includes: acquiring, by a UE, a first key; the first key is a shared key of the UE and a network element equipment in a mobile communication network to which the UE is accessed when implementing air interface security, or is derived according to the shared key; deriving, by the UE, according to the first key and a derivation parameter to acquire a derivation key; establishing, by the UE, according to the derivation key, secure connection with a WLAN node acquiring a derivation key, wherein the derivation key acquired by the WLAN node is the same as the derivation key acquired by the UE.

Abstract: An early warning system and method for generating an alert regarding a potential attack on a client device is provided for based on real-time analysis. The early warning system and method generally comprise receiving data associated with an attack alert, wherein the attack alert corresponds to an electrical signal that indicates detection of a malware attack from a remote source. The received data is analyzed using an attack-specific engine that is configured to generate an attack-specific result. An attack value is computed based on the attack-specific result and a consideration of potential attack targets, wherein the attack value is compared to a threshold value so as to determine whether or not to generate an early warning alert. An early warning alert is generated when the attack value matches or exceeds the threshold value.

Abstract: A computing device includes an interface configured to interface and communicate with a dispersed storage network (DSN), a memory that stores operational instructions, and a processing module operably coupled to the interface and memory such that the processing module, when operable within the computing device based on the operational instructions, is configured to perform various operations. The computing device selects a subset of the other computing devices to perform a computing task on a data object. The computing device determines processing parameters of the data and determines task partitioning. The computing device also processes the data based on processing parameters to generate data slice groupings and partitions the task based on the task partitioning to generate partial tasks. The computing device obtains and processes at least the decode threshold number of the plurality of partial results generated by the subset of the other computing devices to generate a result.

Abstract: Techniques for securing name resolution technologies and for ensuring that name resolution technologies can function in modern networks that have a plurality of overlay networks accessible via a single network interface. In accordance with some of the principles described herein, a set of resolution parameters may be implemented by a user to be used during a name resolution process. In some implementations, when an identifier is obtained for a network resource, the identifier may be stored in a cache with resolution parameters that were used in obtaining the identifier. When a new name resolution request is received, the cache may be examined to determine whether a corresponding second identifier is in the cache, and whether resolution parameters used to retrieve the second identifier in the cache match the resolution parameters for the new resolution request. If so, the second identifier may be returned from the cache.

Abstract: A method for providing service plane encryption in IP/MPLS and GRE networks is disclosed. The method for providing service plane encryption in IP/MPLS and GRE networks includes receiving a first Security Parameter Index with associated first encryption key and associated first authentication key at a first network element supporting the first Service Distribution Point; receiving an instruction at the first network element to encrypt data entering the first Service Distribution point with the first encryption key; receiving an instruction at the first network element to associate a data communication service provided at the first network element to the first Service Distribution Point; providing an encryption label; and providing data associated with the first communication service to the first Service Distribution Point for transmission to the second Service Distribution Point.

Abstract: A method and apparatus are provided for performing information-theoretically secure cryptography using joint randomness not shared by others. Two valid communicating entities independently generate samples of a shared source that is not available to an illegitimate entity. The shared source may be a satellite signal, and each legitimate entity may generate uniformly distributed samples from a binary phase-shift keying signal received on an independent channel. Alternatively, the shared source may be a channel between the two legitimate entities, such that each legitimate entity generates samples of unknown distribution based on the channel impulse response of the channel. One legitimate entity generates an encryption key, a quantization error, and a syndrome from its samples. The quantization error and the syndrome are reported to the other legitimate entity. The other legitimate entity generates a matching encryption key using its samples, the quantization error, and the syndrome.

Abstract: Described herein are systems and methods for connecting devices to secured networks, such as secured wireless networks, by storing credentials for the network and passing the credentials to a new device, such as, for example, when the new device is attempting to connect to the secured network for the first time.

Abstract: Disclosed are various embodiments for an application wrapper. Content obtained by an application can be monitored to determine conformation with a content policy for a content rating. Communications can be monitored to determine violations of a privacy agreement. Processes, files, and communications are analyzed to detect malicious activity. The application wrapper may take remedial actions with respect to distribution of the application by an application distribution system.

Abstract: A system for controlling access to secured resources using a security token having a hologram embossed thereon is provided. A key is split into a user key and a complimentary key based on a mask, wherein key values in the user key correspond to idle state values in the complimentary key and vice versa. The user key is used to generate a user key array, that is used to generate a three-dimensional virtual image that is holographically embossed onto a security token. The hologram is merged with a corresponding hologram for the complimentary key and the combination compared to an image of an ensemble of the key. The combination can be mergers of images or extractions of holograms. If a match is found, within a tolerance, an access grant signal is sent to the secure resources, thereby securing the resources based on presence of the security token.

Abstract: A constrained network entity may determine, via an authentication procedure with a core network entity, the trustworthiness of an endpoint attempting to establish a secure channel with the constrained network entity. The constrained network entity may receive a certificate from the endpoint attempting to establish the secure channel and the constrained network entity may send the certificate asserted by the endpoint to a core network entity for validation. The core network entity may receive the certificate during a key exchange with the constrained network entity and the core network entity may indicate to the constrained network entity the validity of the certificate. The constrained network entity may determine whether to establish the secure channel with the endpoint based on the validity of the certificate.