Abstract: In some examples, a client device receives, from a network-attached storage (NAS) system, installer code. Executing the installer code at the client device causes display of a user interface at the client device. Questions are presented in the user interface at the client device. Responsive to answers to the questions received in the user interface, the installer code executing at the client device installs a subset of software components relating to the NAS system the client device.

Abstract: A method begins by a module to generate a secure signature on an item by selecting a first key representation index of a set of key representation indexes, wherein a first mathematical encoding of a private key generates a first plurality of key shares as a first key representation. The method continues with the module determining whether a first plurality of signature contributions have been received in response to a signature request for the item based on the first key representation index, wherein one of a first set of dispersed storage (DS) units executes a first mathematical signature function using one of the first plurality of key shares on the item to produce a signature contribution of the first plurality of signature contributions and when the first plurality of signature contributions have been received, generating the secure signature on the item from the first plurality of signature contributions.

Abstract: Generally, this disclosure provides systems, devices, methods and computer readable media for prevention of cable swap security attacks on storage devices. A host system may include a provisioning module configured to generate a challenge-response verification key-pair and further to provide the key-pair to the storage device to enable the challenge-response verification. The system may also include a link error detection module to detect a link error between the host system and the storage device. The system may further include a challenge-response protocol module configured to initiate, in response to the link-error detection, a verification challenge from the storage system and to provide a response to the verification challenge based on the key-pair.

Abstract: A certificate management apparatus retains an important certificate, while deleting the oldest referenced certificate. An update determination information output unit outputs update determination information being information for determining whether or not to update a certificate. A certificate cache stores the certificate on a volatile memory. An operation unit stores the update determination information output by the update determination information output unit in the certificate cache by relating to the certificate, and based on the update determination information stored in the certificate cache, updates the certificate related to the update determination information.

Abstract: Traffic broadcast to a VLAN is restricted. To do so, a plurality of stations are associated with a BSSID (basic service set identifier). A first VLAN is configured by sending a first group key to each station from the plurality of stations that is a member of the first VLAN, wherein each VLAN is associated with a unique group key. One or more frames addressed to the first VLAN are received. The one or more frames are encrypted with the first group key to prevent stations without the first group key from being able to decrypt the one or more frames. The one or more encrypted VLAN frames are broadcast to the plurality of stations associated with the BSSID.

Abstract: A system includes a fingerprint sensor, an application processor, and an auxiliary processor. The application processor is operable to arm the fingerprint sensor prior to the application processor entering a low power or sleep mode. The auxiliary processor is to receive a state output from the fingerprint sensor. The state output is to cause activation of one or more functions of the auxiliary processor upon fingerprint authentication while leaving the application processor in the low power or sleep mode.

Abstract: Provided is a system and method for providing a certificate, and more specifically a certificate for network access upon a second system.

Abstract: A system includes a sensor to determine a user is proximate to the system and a logon module to receive information from the sensor that a user is proximate to the system, receive logon information from the user and identification information associated with the user, authenticate the user to use the system based on the logon information, store the identification information, receive second information from the sensor that the user is not proximate to the system, suspend an operating system session, receive information from the sensor that the user is again proximate to the system, receive second identification information associated with the user, determine that the first and second identification information matches, and resume the OS session in response to determining that the first and second identification information matches.

Abstract: A cloud-based computer system changes the modern paradigm from being device-centric to being person-centric. The system makes all user data, software settings, device settings, and licensed content for a user available in the cloud. The system includes a conversion mechanism that can convert information intended for one device type to a different device type. Thus, a user changing smart phone platforms can convert their current smart phone settings to equivalent settings on the new phone platform, and their new phone can then be configured using the user's converted settings stored in the cloud. By storing all the user's relevant information in the cloud, this information may be accessed anywhere and may be used to configure a large number of different devices according to the user's settings.

Abstract: Improved handling of battery recognition tasks in an electronic device such as a cell phone, smart phone, computer system, recording device or others is facilitated. Recognition of a battery so as to enable exchange of power between the device and the battery is determined by a match between one of a plurality of number strings stored in the device and the decrypted response to an encrypted challenge derived from the one of stored number string.

Abstract: A method begins by a first device generating a self-validating message by creating a master key, using the master key to create a message encryption key, encrypting a message using the message encryption key to produce an encrypted message, encrypting the master key using a public key of a second device to produce an encrypted master key, and including a message authentication code of the first device in the self-validating message. The method continues by the second device receiving and decoding the self-validating message by verifying the message authentication code of the first device, and when the message authentication code of the first device is verified, decrypting the encrypted master key using a private key of the second device to recover the master key, using the master key to create the message encryption key, and decrypting the encrypted message using the message encryption key to recover the message.

Abstract: An apparatus, method, and a computer program are provided to secure one or more sections of a document. For example, one or more sections of the document may be converted into secured content. The secured content may then be removed from the document, and replaced with replacement content in the document. This may prevent a viewer with no privileges from viewing secured content.

Abstract: Methods, media, and systems for, in one embodiment, protecting one or more keys in an encryption and/or decryption process can use precomputed values in the process such that at least a portion of the one or more keys is not used or exposed in the process. In one example of a method, internal states of an AES encryption process are saved for use in a counter mode stream cipher operation in which the key used in the AES encryption process is not exposed or used.

Abstract: A cloud based data loss prevention (DLP) system (“cloud DLP system”) implements offline scanning of content stored in a cloud-based service belonging to an enterprise in accordance with the enterprise's policy and control. The cloud DLP system provides alerts or remediation in response to detection of non-compliance cloud content. In some embodiments, the cloud DLP system is provided with the access credential of the enterprise to access the cloud-based service. In other embodiments, the enterprise's login credential remains within the enterprise data network and an on-premises client obtains an access token for the cloud DLP system.

Abstract: The disclosure relates to using a control service to control external access to APIs of IoT devices on a private network. An external application can request access to an API, and in response, the control service can monitor broadcasts from the IoT devices indicating what APIs they have available. If a match exists, the control service can request user authorization to allow the requested access. The user can grant or deny the requested access, and place limitations on the authorized access. The control service uses this information to open a connection between the requesting application and the IoT device having the requested API, and via this connection, the requesting application can access and control the device running the requested API.

Abstract: In one embodiment, a method includes identifying a request for access to a first system and obtaining a visual image including at least a first piece of information associated with the request. The visual image is associated with a first device and obtained using a second device. The method also includes determining if the at least first piece of information indicates that the access to the first system is to be granted, wherein determining if the at least first piece of information indicates that the access to the first system is to be granted includes implementing a visual recognition algorithm to process the at least first piece of information. Finally, the access to the first system is granted if it is determined that the at least first piece of information indicates that the access to the first system is to be granted.

Abstract: A method for dynamic switching of user profiles on a computing device. The computing device is coupled to at least one image-sensing device and can be configured using a plurality of stored user profiles. The method includes receiving at least one image from the at least one image-sensing device and generating a current user value based on the at least one received image. The method further includes determining if the current user value corresponds to at least one stored user value corresponding to a stored user profile. If the current user value corresponds to at least one stored user value, the method includes retrieving the stored user profile and configuring at least some programs operating on the computing device using the retrieved user profile. If the current user value does correspond to at least one stored user value, the method includes configuring the computing device using an alternative method.

Abstract: A managed container may be configured to manage enterprise applications, manage enterprise information stored on a device, manage a protected storage area used by the managed container to store and reference the enterprise applications during execution, and manage a database storing enterprise rules related to management of the enterprise applications and the enterprise information. The managed container may communicate with an application gateway server to control download and update of the enterprise applications, the enterprise information, and the enterprise rules. The application gateway server may be coupled to a backend enterprise application. At least one of the enterprise applications may be configured to execute in conjunction with the backend enterprise application according to at least one of the enterprise rules, and is configured to, according to another one of the enterprise rules, manage the enterprise information associated with the backend enterprise application.

Abstract: A method of providing a user with an option to access a protected system by satisfying a reduced security measure is disclosed. An attempt by the user to access the protected system is detected. It is detected that a first security token system is within a first proximity to the protected system. Based on the detecting of the attempt by the user to access the protected system and the detecting that the first security token system is within the first proximity, the user is provided with the option to access the protected system by satisfying the reduced security measure.

Abstract: A method for establishing a secure connection between a station and an access point includes transmitting a communications system management message to the station, the communications system management message including an access point nonce. The method also includes receiving a station nonce from the station, and determining a first security key according to the access point nonce and the station nonce. The method further includes securing a connection between the station and the access point using the first security key.