Abstract: A negotiation-based mechanism enables a user to share personally identifiable information with a requesting website, for example, a third party website such as an aggregator website that might be gathering information about the user. The user, rather than being limited to a pre-set collection of privacy options, is free to negotiate with the requesting website and agree to share more or less information with based on the user's trust of the requesting website.

Abstract: A method begins with a processing module storing a set of encoded data slices in memory of a dispersed storage network (DSN), where a data segment is encoded using an error coding dispersal storage function to produce the set of encoded data slices. The method continues with the processing module adding the data segment to a rebuilding list, where encoded data slices of data segments identified in the rebuilding list are checked via a rebuilding process to detect errors and, when one of the encoded data slices has an error, the rebuilding process rebuilds the one of the encoded data slices. The method continues with the processing module, in response to a condition, removing the data segment from the rebuilding list.

Abstract: There are times when a first user may wish to distribute an excerpt of a protected digital content to a second user, for example for criticism. The protected digital content is divided into a plurality of parts, each part being encrypted using a control word specific for the part, wherein each control word can be generated from a master control word for the protected digital content. A device belonging to the first user selects the parts of the excerpt; generates the control words for the selected parts from the master control word; generates a license for the selected parts, the license comprising the control words for the selected parts; and transmits the selected parts and the license to the receiver of the second user. Also provided is the device of the first user.

Abstract: A domain name management system allows agents to manage plural domains for plural registrants. The system resides on a server of an accredited registrar or on a server of a partner website that can directly access the shared registry system. A variety of DNS or zone file information can be altered using simple graphical user interfaces to enter change information and pass that change information to the domain manager server. The domain name management system passes the change information to the DNS servers either directly through the SRS or through an accredited server that passes the change information through the SRS and to the root servers. Most preferably, the domain manager has substantially direct access to the shared registry system, which asynchronously updates the DNS servers.

Abstract: A technique for efficiently preventing exact data words (“entities”) from unauthorized disclosure is disclosed. Protect agents installed at various egress points identify candidate entities from digital information desired to be disclosed by a user. The candidate entities are compared against registered entities stored in a lightweight entity database (LWED). If a candidate entity matches against a registered entity in the LWED, the protect agent initiates a security action. Alternately, the protect agent transmits the matching candidate entity to a global entity database (GED) server to receive additional confirmation on whether the candidate entity matches a registered entity. In some instances, the protect agent also receives (from the GED server) metadata information associated with the matching candidate entity. The protect agent utilizes the metadata information to initiate suitable security actions.

Abstract: A system and method for replicating protected content on media includes a controller for enabling replicating of media content from partial encoded content received at a location of the controller. A media recorder is coupled to the controller and including a modulation process (104) to complete encoding of the partial encoded content to record media content on media readable by a device other than the media recorder.

Abstract: A computer-implemented method for replacing a security-relevant unencrypted data string from a data record by a token in a tokenisation device. The method is structured in such a way that it works more efficiently than a replacement table with randomly generated tokens and is more secure than the generation of tokens by exclusive application of a mathematical function to the unencrypted data string.

Abstract: A web browser that includes a network policy enforcement unit, a storage policy enforcement unit, and an ancillary policy enforcement unit is disclosed. The network policy enforcement unit controls communications between application logic of a web application and data communication APIs. The storage policy enforcement unit controls access between the web application logic and persistent storage APIs. The ancillary policy enforcement unit controls user authentication of the web application logic.

Abstract: An approach is provided for providing backend support for device control in risk conditions. A device control support platform determines one or more computational chains consisting of one or more computation closures for managing one or more risk conditions associated with at least one device. The device control support platform further causes a projection, a distribution, or a combination thereof of the one or more computational chains, the one or more computation closures, or a combination thereof to one or more other devices. The device control support platform also causes an execution of at least a portion of the one or more computational chains, the one or more computational closures, or a combination thereof to cause an initiation of at least one computational broker at the at least one device for managing the one or more risk condition.

Abstract: An apparatus for recording multimedia content transmitted over a network including a reception interface for receiving the multimedia content from the network, a user input interface for receiving user inputs, and a storage resource including executable instructions including a recording module for recording the multimedia content in accordance with the user inputs. The user inputs also include a multimedia selection signal for indicating the multimedia content to be recorded, and a segmenting signal for indicating a size of at least one of a plurality of segments in which the multimedia content is recorded.

Abstract: Aspects of the present invention provide a solution for managing and retrieving encrypted biometric data. A plurality of biometric entries is obtained and each one is encrypted with a unique non-invertible encryption function to get a plurality of encrypted biometric entries. A biometric measurement to be compared against the biometric entries is obtained, a predetermined noise is applied to the biometric measurement, and then the biometric measurement if encrypted using the non-invertible encryption function, resulting in a scrambled encrypted biometric. For each comparison, one of the encrypted biometric entries is subtracted from the scrambled encrypted biometric to get a calculated noise. This calculated noise is then compared with the predetermined noise to determine whether a match exists. Based on a determination that a match exists any information associated with the encrypted biometric entry is forwarded to the requestor.

Abstract: Web applications, systems and services, which are prone to cyber-attacks, can utilize an adaptive fuzzing system and methodology to intelligently employ fuzzer technology to test web site pages for vulnerabilities. A breadth first search and minimal fuzzing testing is performed on identified pages of a web site looking for either a vulnerability or the potential for a vulnerability. Heuristics are gathered and/or generated on each tested web page to determine a vulnerability score for the page that is an indication of the page's potential for hosting a vulnerability. When a page is discovered with a vulnerability score that indicates the page has the potential for a vulnerability a depth first search and expanded fuzzing testing is performed on one or more branches of the web site that begin with the page with the potential vulnerability.

Abstract: A novel solution is provided that utilizes the two-credential characteristics of accessing cloud-hosted data in a portal-oriented enterprise-specific solution. Cloud computing resources may be accessed through a separate, enterprise-specific portal clients used to manage a set of cloud service accounts. Individuals (e.g., employees of the enterprise or company) may access cloud computing resources via an instance of the portal client, and any communication between individuals in an enterprise and cloud services may be facilitated through the portal. Each portal client may also be configured to be compatible with any cloud service vendor.

Abstract: Techniques for sending information without interruption during a change in ciphering configuration are described. A user equipment (UE) communicates with a wireless communication network for a call. The UE sends first information to the wireless network using a first ciphering configuration. For a change in ciphering configuration, the UE selects an activation time for a second ciphering configuration and sends a security message with the activation time. This activation time is the time at which the UE applies the second ciphering configuration to transmission sent to the wireless network. The UE thereafter sends second information (e.g., a measurement report message) using the first ciphering configuration after sending the security message and before the activation time. The UE sends third information using the second ciphering configuration after the activation time.

Abstract: Methods and systems taught herein provide for authentication information for authenticating a user terminal to be shared between a network entity that supports IMS-AKA authentication of the user terminal and a network entity that supports GBA-AKA authentication of the user terminal. Sharing authentication information between these entities allows all or part of the authentication information generated for IMS-AKA authentication of the user terminal to be used subsequently for GBA-AKA authentication of the user terminal, or vice versa.

Abstract: An optical writing apparatus has a part configured to superpose an unauthorized copy protection pattern on image data; a control part configured to recognize the unauthorized copy protection pattern, correct image data of the unauthorized copy protection pattern in pixel unit, and control a size of an isolated dot included in the unauthorized copy protection pattern; and a writing part configured to write a corresponding image on a photosensitive body based on the thus-corrected image data.

Abstract: A method begins with a processing module issuing a retrieval request, receiving secret shares of a set of secret shares to produce received secret shares, and receiving encoded data slices of a set of encoded data slices. The method continues with the processing module decoding the received secret shares to recapture a message authentication key when a threshold number of the secret shares is received. The method continues with the processing module identifying a received encoded data slice of the received encoded data slices having an authentication code associated therewith when a threshold number of the encoded data slices is received. The method continues with the processing module verifying the authentication code based on the message authentication key and the received encoded data slice. The method continues with the processing module decoding the received encoded data slices to recapture a data segment when the authentication code is verified.

Abstract: A method for utilizing a policy system in the requisitioning of goods or services over a network, the network connected to a server, thereby allowing communication between the server and a plurality of users, each user having a login ID and belonging to one of a plurality of classes, the method comprising: the server storing each user's login ID, each user's class information, and a plurality of policies, wherein the class information comprises the identification of each class to which the user belongs, and each policy is associated with a class; a user logging into the server using the user's login ID; the user providing search input to the server; the server processing the search input; the server determining the appropriate policies, wherein the appropriate policies are policies that are determined to be associated with the user's class information; and the server providing the appropriate policies to the user.

Abstract: A proactive worm containment (PWC) solution for enterprises uses a sustained faster-than-normal outgoing connection rate to determine if a host is infected. Two novel white detection techniques are used to reduce false positives, including a vulnerability time window lemma to avoid false initial containment, and a relaxation analysis to uncontain (or unblock) those mistakenly contained (or blocked) hosts, if there are any. The system integrates seamlessly with existing signature-based or filter-based worm scan filtering solutions. Nevertheless, the invention is signature free and does not rely on worm signatures. Nor is it protocol specific, as the approach performs containment consistently over a large range of worm scan rates. It is not sensitive to worm scan rate and, being a network-level approach deployed on a host, the system requires no changes to the host's OS, applications, or hardware.

Abstract: Secure operation of SEMDs on a client computer in a host system is obtained by controlling what applications (i.e., U3 applications) that can run on the host system and access data on the SEMD. Applications allowed to run on each host machine are identified and any access to the SEMD by an allowed application is permitted and other access are prohibited. Security and/or privacy for data that is stored on a SEMD is provided by only allowing approved USB memory card based applications to access the data stored on the SEMD. All other applications, either unapproved USB memory card based applications or non-SEMD resident cannot access the data on the SEMD. Other security is provided by preventing access to the SEMD except for computers or systems that are a part of a company's private network and maintaining the data on the SEMD in an encrypted state.