Abstract: The present invention relates to a method, computer program product and system for de-identifying data, wherein a de-identification protocol is selectively mapped to a business rule at runtime via an ETL tool.

Abstract: A host agnostic integration and interoperation system. The host agnostic integration and interoperation system includes an open platform interface and the associated conventions that define the roles of and direct operations between a host and a service application running on an external application server and allow the host to discover and integrate the functionality provided by the service application. The open platform interface employs a limited number of easily implemented semantic methods allowing a host to expose and integrate the ability to view, edit, or otherwise manipulate a document using the host supported functionality of the service application from a standard user agent. The host agnostic integration and interoperation system handles user authentication at the host using an access token and establishes a trust relationship between the host and the external application server using a lightweight but secure proof key system.

Abstract: The present invention is directed to an apparatus, system and method for pre-authorizing international use of an electronic credit or debit card (collectively “payment card”) using an electronic card case with biometric verification means for validating the card holder's biometric sample. Card holder may select a payment card housed within the electronic card case, which releases the selected payment card for use upon validation of the biometric sample and also causes the activation of the locator unit positioned within to determine location information for the electronic card case and by extension the selected payment card.

Abstract: Systems and methods are provided for authentication by combining a Reverse Turing Test (RTT) with password-based user authentication protocols to provide improved resistance to brute force attacks. In accordance with one embodiment of the invention, a method is provided for user authentication, the method including receiving a username/password pair associated with a user; requesting one or more responses to a first Reverse Turing Test (RTT); and granting access to the user if a valid response to the first RTT is received and the username/password pair is valid.

Abstract: An approach to securely distributing and running virtual machines is described that addresses the inherent insecurity of mobile virtual machines by authenticating a user before establishing a specialized virtualization runtime environment that includes a filesystem driver inserted into the host operating system to provide secure access to a virtual machine by authorized hypervisors only. Further described is the creation of a SecureVM package that includes the various components used to perform the operations of installation, user authentication and establishment of the specialized virtualization runtime environment.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

Abstract: A system, method, and computer program product are provided for implementing asymmetric AES-CBC (Advanced Encryption Standard-Cipher Block Chaining) channels usage between encryption and decryption of data. In operation, data to be written to memory is identified. In addition, the data is encrypted utilizing a first AES-CBC channel. Additionally, at least one of a plurality of AES-CBC channels is utilized to decrypt the data to achieve a determined performance target.

Abstract: A method for preventing unauthorized recording of media content on an Apple operating system (OS). The present method registers a compliance mechanism on a client system having the Apple OS operating thereon. The compliance mechanism comprises a framework for validating the compliance mechanism on the client system, and a multimedia component opened by the framework. The present method uses the multimedia component for decrypting the media content on the client system. The present method also prevents decryption of the media content on the client system having the Apple OS operating thereon if a portion of the compliance mechanism is invalidated.

Abstract: Techniques for multimedia metadata security are disclosed. In one particular embodiment, the techniques may be realized as a method for multimedia metadata security comprising receiving an indication that multimedia metadata has been created for a multimedia file, and encrypting, using at least one computer processor, the multimedia metadata stored in a body of the multimedia file.

Abstract: A system for identifying elements involved in joints of elements configured to form a duct, such as a pipeline, which works on element identifiers for an element identification code. The system includes an element identifier reader and a management device for supplying by a combination device the joint identification codes between two elements according to element identification codes of the two elements. The system is also useful for production of tanks for hydrocarbon by-products and for control and maintenance, for example, of pipeline networks and tanks.

Abstract: Symbologies for encoding data, as well as methods of encoding and decoding thereof are described. The symbologies may have a plurality of pixels arranged in a plurality of patterns on or in a substrate. Furthermore, each of the plurality of pixels may have one or more optical properties that each provides one or more types of non-interacting data.

Abstract: Methods and systems for Sustained Testing and Awareness Refresh against Phishing threats (STAR*Phish™) are disclosed. In an embodiment, a method assigns schemes and unique identifiers to target e-mail addresses associated with a user accounts. The method delivers e-mail messages to the targeted e-mail addresses, the e-mail messages comprising an HTTP request and a unique identifier associated with each of the user accounts. The method then receives, at a Phishing Metric Tool (PMT), a response including the unique identifier. The PMT logs training requirements for the user accounts, tracks response metrics for the training requirements, and redirects the respective HTTP requests to a phishing training tool (PTT). The PTT sends a notification of the user account identities and the unique identifiers to the PMT and returns a status for the training requirements for the user accounts. Upon completion of the training, the PMT sends completion notifications for the user accounts.

Abstract: A communication network containing components which use and provide services in the communication network, a plurality of components capable of providing the identical service. In one embodiment, one component determines the services provided by other components in the communication network. If the same services are provided by two components, information relating to the output state of the software controlling the services is compared by one of the components. A software update is initialized if the output states differ. If a defined service is activated in a second component by means of a first component, but the service cannot be provided by means of the software of the second component although the second component has the necessary hardware requirements therefore, said service is made available by downloading or updating the software of the second component.

Abstract: A system for acquiring access to a web-based application includes one or more computer-readable storage media and an application (e.g., a web browser) for accessing and retrieving over a network a plurality of resources. The system also includes a program interface embodied on the one or more computer-readable storage media. The program interface is configured to present a common set of application program interfaces (APIs) that can be used by the application to demonstrate that a user of the application is entitled to access a first resource. The system also includes programming logic configured to determine if the user of the application is authorized to access the first resource. If it is determined that authorization has not been established to access the first resource, the application is directed to communicate with a marketplace to obtain authorization to access the first resource.

Abstract: A method and apparatus for an system and process for sharing a secret over an unsecured channel in conjunction with an authentication system. A client computes a message authentication code based on a hashed password value and a first random string received from the server. The client sends a response to the server that includes authentication data including a second random string. Both the client and server concatenate the first random string, second random string and username. Theses values are processed to generate as a shared master secret to further generate shared secrets or keys to establish a secured communication channel between the client and server. The secured communication can be based on stateless messaging where the decryption key associated with the message is identified by the message authentication code, which is placed within the message.

Abstract: Mechanisms are provided to implement framework level mode specific file access operations. In a mode such as a work or enterprise mode, read and write accesses are directed to one or more secured locations. File data and metadata may be secured with encryption and/or authentication mechanisms. Conventional mobile solutions provide only for mode encryption distinctions at the application level, e.g. one work application may prevent access to certain data, but a different application may want to allow access to that same data. Various embodiments provide framework level mode sensitive encryption that does not require different, mutually exclusive, or possibly conflicting applications or platforms. A device and associated applications may have access to different data based on a current mode.

Abstract: A system and method for adding value to a customer account are provided. An identifier associated with a value is distributed to a customer. The identifier is usable to add the value to an account. A request to add the value to a customer account is received via short message service (SMS). The request comprises the identifier and account identification information associated with the customer account. In some embodiments, the identifier may be entered into the device using text auto-completion software. The request is received from a user communication device as an SMS message. The value associated with the identifier and the customer account associated with the account identification number are identified based on the request. The value is caused to be added to the customer account. A confirmation that the value was added to the customer account is passed to the user communication device.

Abstract: A credential, such as a password, for an entity is used to generate multiple keys. The generated keys are distributed to credential verification systems to enable the credential verification systems to perform authentication operations. The keys are generated such that access to a generated key allows for authentication with a proper subset of the credential verification systems. Thus, unauthorized access to information used by one authentication system does not, by itself, allow for successful authentication with other authentication systems.

Abstract: Installing apps and setting configuration on a device. A method includes receiving user input. The user input indicates a level of control that a user is willing to give an enterprise over the device. The method further includes determining, based on the level of control indicated by the user input, a set of apps allowed to install on the device. The set of apps allowed to install on the device is limited by the level of control indicated by the user. The method further includes authorizing installation of the set of apps on the device while restricting installation of other apps that would be authorized had the user selected a different level of control that the user is willing to give the enterprise over the device.

Abstract: According to an aspect of the invention, there is provided a method of protecting a user from a compromised web resource. The method may include monitoring a user's requests for trusted web resources to determine one or more web resources to be checked. The method may include querying a network database based on the determined one or more web resources to obtain historical data relating to whether any of the one or more web resources has been compromised at any time during a preceding time period. The method may include providing a predetermined response to protect the user if any of the one or more web resources has been compromised.