Abstract: A platform, apparatus and method for Internet of Things Implementations. For example, one embodiment of a system comprises: an Internet of Things (IoT) hub comprising a network interface to couple the IoT hub to an IoT service over a wide area network (WAN), and programming logic to program an identification device with one or more encryption keys usable to establish encrypted communication with an IoT device; and at least one IoT device interfacing with the identification device following programming of the identification device by the IoT hub; wherein once the identification device is programmed and interfaced with the IoT device, the IoT device uses the one or more keys to establish a secure communication channel with the IoT hub and/or the IoT service.

Abstract: Methods, systems, and computer-readable storage media for processing queries in analytical web applications over encrypted data. Implementations include actions of receiving, by a database driver executed on a server-side computing device and from a client-side proxy, a query and one or more encryption keys, the one or more encryption keys having been selected by the client-side proxy based on operations required to perform the query, performing at least one operation of the query to provide a query result including encrypted data, and transmitting, by the database driver, the encrypted data to the client-side proxy, the client-side proxy processing the encrypted data to provide plaintext data to an end user.

Abstract: Example embodiments disclosed herein relate to distributed pattern discovery. A local frequent pattern tree or local frequent pattern trees can be merged. The merging can be based on activities or transactions associated with the local frequent pattern tree or trees.

Abstract: Programmable devices selectively allocate file content portions between cloud and secured hardware device storage mediums. A confidential portion of a first file is stored as a second file on a memory device, and a remainder portion of content of the first file that is different from the confidential portion and is not designated as confidential is stored on a cloud storage system. A uniform resource indicator is generated that includes a routing identifier to the memory device, and a section routing identifier to a location of the stored second file on the memory device. A revised version of the first file is stored to the cloud storage system wherein the confidential portion of the first file is replaced with the generated uniform resource indicator within the revised version of the first file at a location of the confidential portion within the content of the first file.

Abstract: A system for and method of storing data comprising: encoding a file into a plurality of fragments; retrieving storage configuration data from a data management store including data associated with a plurality of remote storage volumes, the storage configuration data comprising an indication of a predefined data transmission size corresponding to each remote storage volume; using the storage configuration data to identify a storage strategy associating each fragment with a remote storage volume, wherein using the storage configuration data includes using the indications of the pre defined data transmission sizes; packaging one or more fragments each associated with a common identified remote storage volume as identified by the storage strategy to form a data bundle; communicating the data bundle to the respective common identified remote storage volume associated with the fragments in the data bundle; and storing the fragments at that identified remote storage volume.

Abstract: A computer-implemented method for providing an operating system level interface for communicating credential data between applications includes detecting, by an operating system, a field configured to receive an authentication credential and identifying a credential management application configured to provide authentication credentials. The method includes requesting, by the operating system and using an operating system interface configured to communicate authentication credentials, the authentication credential from the credential management application. And when the credential management application provides the authentication credential using the operating system interface configured to communicate authentication credentials, the method includes providing the authentication credential for entry into the field.

Abstract: Enforcing access control to individual extensions of services in a multi-tenant cloud environment by initializing objects for the extension based on public and private configuration files with service access rules that are merged is described. This allows third party vendors to specify payment rules for their own extensions while securely keeping the core extension configuration files. Tenants of the multi-tenant cloud environment can pick and choose which services to purchase, and the cloud environment automates the process of accessing the service using the third-party developer's tenant access list rules.

Abstract: A method involves measuring and monitoring usage of data stored on a user device by software applications installed on the user device, the data being generated by resources of the user device. The method includes for each resource, assigning a resource sensitivity value, the resource sensitivity values of different resources being adapted to enable discrimination among resources based on sensitivity of the data they generate; for each application, calculating a respective application access level to the data by combining through a first predetermined function the resource sensitivity values of the resources that generate data accessed by the application; calculating a device access level to the data by the applications, the device access level being calculated by combining through a second predetermined function the calculated application access levels of the applications installed on the device; and associating with each application a respective indication of the calculated device access level.

Abstract: Disclosed are a method and apparatus for recognizing advertisement plug-ins, relating to the field of computer technologies. The method comprises: searching for files related to application plug-ins; based on feature vectors of feature dimensions in a feature vector set of a predetermined advertisement, scanning the files related to the application plug-ins, and calculating feature vector similarity between data in each file and the feature vector in each feature dimension; calculating an advertisement similarity of a current application plug-in according to the feature vector similarity of each feature dimension and a feature recognition weight of the feature dimension; comparing the advertisement similarity with a threshold, and determining whether the application plug-in is an advertisement plug-in according to the comparison result.

Abstract: An electronic access protection system for a computer system includes an access-protected apparatus having a firmware component and a data processing device that executes program code of the firmware component; a reading device coupled to the apparatus that reads chip cards; and at least one chip card having at least one chip-card-specific access procedure, wherein a predetermined memory area of the at least one chip card stores first information concerning the at least one chip-card-specific access procedure; and the at least one firmware component has executable program code that reads in and evaluates data from the at least one chip card and performs the at least one chip-card-specific access procedure for the at least one chip card on the basis of the first information stored in the first memory area.

Abstract: A smart tag and methods of interacting with and authenticating interactions with the same are provided. The smart tag (308) is enabled to generate a Tag Authentication Cryptogram (TAC) and include the TAC in a data signature transmitted (S305) to a reading device (304). The data signature can be forwarded by the reading device (304) to an authentication service (340) that will issue a valid signature certificate (S309) if the TAC is determined to be unique and correct. Upon receiving the valid signature certificate, the reading device (304) can validate other data read from the smart tag (308) based on the increased trust relationship between the smart tag (308) and reading device (304).

Abstract: Apparatus for applying geographical limitations to control actions of a security system is described. The apparatus receive location data from a user device, determines whether location data has the user device within a predetermined distance range from the security system and cause a message to be sent to the security system to perform the control action specified in the request when the processor determines that the user device is within the predetermined distance range.

Abstract: Methods, apparatus and articles of manufacture for protecting virtual machines processing sensitive information are provided herein. A method includes processing a request for uninterrupted virtual machine execution of a designated section of code by a first virtual machine; enabling uninterrupted virtual machine execution of the designated section of code by the first virtual machine on a selected core of a central processing unit based on said request; and disabling said uninterrupted virtual machine execution of the designated section of code by the first virtual machine based on an indication that the first virtual machine completed execution of the designated section of code.

Abstract: Provided are a method and system for distributing service data, wherein the method includes that a user terminal is authenticated and accesses a core network, a service data message sent by the user terminal is received, target address information contained in the service data message is acquired, and the service data message is distributed according to the acquired target address information.

Abstract: The techniques described herein include configuration of channels between devices and service providers at a connectable system platform. For example, a system platform may include a receiver to receive data from a communicatively coupled device. The system platform may include a controller having logic, at least partially comprising hardware logic, to configure communications channels. The communication channels include a communication channel for transmission between the system platform and a service provider to receive the data, and a communication channel for transmission between the system platform and the coupled device. The communication channels are configured based on a context. The context comprises characteristics of the coupled device, content of the data, and security requirements associated with the service provider.

Abstract: Method and System for enhanced privacy in privacy-preserving identity solutions. The technology provides for a redirect of a request to generate a proof of an attribute from a service provider to a separator. The separator removes source identification from the attribute-proof request and redirects the attribute-proof request, free of original source identification, to a credential issuer which issues the credential. A security device of the user generates a presentation token from the privacy-preserving credential and presents the presentation token to the service provider as proof of the attribute. Other systems and methods are disclosed.

Abstract: A method and system for optimizing segregation between human-operated clients and machine-operated clients accessing computing resources are provided. The method comprises receiving, from a client, an authentication request, wherein the authentication request is received in response to a redirect request sent from a remote server to the client; dynamically selecting at least one authentication challenge from a plurality of different authentication challenges; sending the at least one generated authentication challenge to the client; determining whether a notification call is received from the client during a predefined time interval; and upon receiving the notification call during the predefined time interval, confirming that the client passes the authentication challenge, wherein a client that passes the authentication challenge is a human-operated client.

Abstract: Providing secure radio information transfer over a mobile radio bearer by generating one or more secret keys, applying symmetric encryption to unencrypted radio information to generate encrypted radio information, applying a keyed hash operation to the unencrypted radio information using the generated one or more secret keys to generate a message digest, and transmitting both the encrypted radio information and the message digest over a network.

Abstract: A method and device for monitoring virus trend abnormality are provided which may enable timely and effective monitoring of computer viruses. The method may include measuring a frequency of hits of a virus being found and/or removed. The frequency may be used for calculating an M-day moving average value of the number of hits of the virus. Method may also involve calculating a standardized residual of the number of hits of the virus. When the standardized residual is larger than a first preset threshold, the time at which the virus was encounter the last may be identified as an abnormality point on a trendline of the virus.

Abstract: Disclosed are systems and methods that provide authentication for printed and/or electronic versions of a document through the use of a document authentication device in the form of a computational tag configured for short-range wireless communication only. This document authentication device receives authentication information for a document from a computerized device over a wireless communication link and uses this authentication information to generate encoded data to be embedded in the document in order to establish the authenticity of the document by functioning as an imprimatur. Specifically, when embedded in the document, this encoded data can add a visible feature or non-visible feature that, upon inspection, establishes the authenticity of an electronic version of the document and/or can add a printable feature, which will be readable off a surface of a printed version of the document to establish the authenticity of that printed version.