Abstract: Provided herein are media, systems, and methods that identify the address of a rental property from public sources (e.g., rental listings, maps, and county property records). A data mining task process may be performed, by each of a plurality of first data ingestion interfaces to a unique external property data source, to determine at least one property record depiction, each property record depiction associated with a property record. A first machine learning algorithm may be applied to the at least one rental property depiction and the at least one property record depiction from each data source to identify one or more common property records, wherein each common property record comprises a property record that refers to the rental property. A data mining task process may be performed, by a second data ingestion interface to the one or more common property records to determine the street address of the rental property.

Abstract: Described are medias, systems, and computer-implemented methods to detect improper residency status by performing a data mining task to data source to detect one or more improper residency indicia, applying a machine learning algorithm to identify an initial candidate, calculating a probability that the initial candidate has an improper residency status, and validating the detection. Further described are medias, systems, and computer-implemented methods to detect improper occupancy tax status. Further described are medias, systems, and computer-implemented methods to detect an improper homeowner exemption.

Abstract: Provided herein are media, systems, and methods that identify the address of a rental property from public sources (e.g., rental listings, maps, and county property records). A data mining task process may be performed, by each of a plurality of first data ingestion interfaces to a unique external property data source, to determine at least one property record depiction, each property record depiction associated with a property record. A first machine learning algorithm may be applied to the at least one rental property depiction and the at least one property record depiction from each data source to identify one or more common property records, wherein each common property record comprises a property record that refers to the rental property. A data mining task process may be performed, by a second data ingestion interface to the one or more common property records to determine the street address of the rental property.

Abstract: Described are medias, systems, and computer-implemented methods to detect improper residency status by performing a data mining task to data source to detect one or more improper residency indicia, applying a machine learning algorithm to identify an initial candidate, calculating a probability that the initial candidate has an improper residency status, and validating the detection. Further described are medias, systems, and computer-implemented methods to detect improper occupancy tax status. Further described are medias, systems, and computer-implemented methods to detect an improper homeowner exemption.

Abstract: Systems and methods can support change management thresholds within human machine interfaces. An operation or feature may be introduced into a multi-user information system where a benefit is conveyed to specific benefited instances of events. A user indication associated with the specific benefited instances may be initially disabled. A quantity of the specific benefited instances may be calculated or counted. The calculated quantity may be compared to a threshold quantity. The user indication associated with the specific benefited instances may be enabled in response to the comparison indicating that the threshold has been exceeded. The user indication may be presented via a user interface mechanism associated with the multi-user information system. According to certain examples, sender authentication may be added to an email system such that instances of authentication are not displayed until a certain number or percentage of messages is being authenticated.

Abstract: Cash-like anonymous transactions are facilitated using digital cash that cannot be traced to the payor. A payor requests a (payor) bank to issue a digital cash certificate be generated for a particular amount. The bank generates the digital cash certificate and associates a unique note identifier with the digital cash certificate. The digital cash certificate, including the denomination and the unique note identifier, are obscured/blinded using a payor public key for to obtain an encrypted digital cash certificate. The bank may cryptographically sign the encrypted digital cash certificate, using a denomination-specific private key, and returns the signed and encrypted digital cash certificate to the payor. The payor may decrypt the encrypted digital cash certificate to obtain a cryptographically signed digital cash certificate. The payor can a representation of the signed digital cash certificate to a payee. The payee can the signed digital cash certificate to a (payee) bank for redemption.

Abstract: A diagnostic device is provided that obtains test results and transmits a cryptographically secure version of such test results. The diagnostic device may be provisioned with a unique first public key and first private key pair and a unique device identifier for the diagnostic device. A link may be established with a mobile communication device associated with a unique patient identifier. A test request may be received from the mobile communication device including the patient identifier. The diagnostic device may then verify whether the requested test can or should be performed based, at least partially, on the patient identifier. If the patient identifier is verified, the diagnostic device may perform the requested test to obtain a test result. The test result may be encrypt/signed using the first private key and a first authorized receiver public key to obtain a first encrypted result that is transmitted to the mobile communication device.

Abstract: Systems and methods can support change management thresholds within human machine interfaces. An operation or feature may be introduced into a multi-user information system where a benefit is conveyed to specific benefited instances of events. A user indication associated with the specific benefited instances may be initially disabled. A quantity of the specific benefited instances may be calculated or counted. The calculated quantity may be compared to a threshold quantity. The user indication associated with the specific benefited instances may be enabled in response to the comparison indicating that the threshold has been exceeded. The user indication may be presented via a user interface mechanism associated with the multi-user information system. According to certain examples, sender authentication may be added to an email system such that instances of authentication are not displayed until a certain number or percentage of messages is being authenticated.

Abstract: A feature is provided that facilitates securely creating and/or replacing cryptographic keys. A first key pair is created comprising first private key and first public key. A second (spare) key pair is created comprising second private key and second public key. The second key pair is associated with the first private key. The second key pair is divided into shares and distributed to at least two shareholders. When the first key pair is to be replace, the second key pair is recreated and authenticated with at least a portion of the distributed shares. A trust level is associated with the second key pair corresponding to a trust level of the first key pair. The first key pair may be invalidated upon authentication of the second key pair. Further configurations provide for the creation of additional spare key pairs.

Abstract: Prior to transmission, a message is divided into multiple transmission units. A sub-message authentication code is obtained for each of the transmission units. A composed message authentication code is obtained for the whole message based on the sub-message authentication codes of the multiple transmission units. The multiple transmission units and the composed message authentication code are then transmitted. A receiver of the message receives a plurality of transmission units corresponding to the message. A local sub-message authentication code is calculated by the receiver for each transmission unit. A local composed message authentication code is calculated by the receiver based on the local sub-message authentication codes for the plurality of transmission units. The local composed message authentication code is compared to a received composed message authentication code to determine the integrity and/or authenticity of the received message.

Abstract: A hand-held token can be operated to generate an acoustic signal representing the digital signature generated by a private key of a public key/private key pair. Verifiers that might be located at, e.g., buildings, in vehicles, at bank ATMs, etc. receive the signal and retrieve the corresponding public key to selectively grant access authorization to components served by the verifiers. Methods and systems permit adding and removing a token from the access list of a verifier. Other methods and systems enable the token to be used with several verifiers that are nearby each other, such as might be the case with multiple vehicles owned by the same user and parked nearby each other, without more than one verifier being operated to grant access.

Abstract: The mobile commerce authentication and authorization system allows a user of a currently existing mobile wireless communications instrument to conduct financial transactions, including purchases, across a wireless communications system using location data to authorize and authenticate the user and the transaction. The location of the mobile wireless communications instrument and the location of a vendor point-of-sale device are matched with a payment sum. Authentication of the mobile wireless communications instrument user is achieved at least by application of the position and/or location determinable features of the mobile wireless communications instrument, the position and/or location of a point-of-sale device of a vendor or merchant where the instrument user seeks to purchase goods or services, and the payment sum entered on the point-of-sale device.

Abstract: Methods, devices, and systems for detecting return-oriented programming (ROP) exploits are disclosed. A system includes a processor, a main memory, and a cache memory. A cache monitor develops an instruction loading profile by monitoring accesses to cached instructions found in the cache memory and misses to instructions not currently in the cache memory. A remedial action unit terminates execution of one or more of the valid code sequences if the instruction loading profile is indicative of execution of an ROP exploit involving one or more valid code sequences. The instruction loading profile may be a hit/miss ratio derived from monitoring cache hits relative to cache misses. The ROP exploits may include code snippets that each include an executable instruction and a return instruction from valid code sequences.

Abstract: A system is provided for inside-to-outside or outside-to-inside cryptographic coding that facilitates product authentication along a distribution channel. An association of authenticated, secured codes is generated between inner items (e.g., pharmaceutical doses such as pills, capsules, tablets) and outer items (e.g., packaging containing inner items). For instance, an inner code associated with a first item is used to generate (at least partially) an outer code associated with a second item that contains one or more first items. This process may be repeated multiple times with codes for outer items being a function of codes for inner items. The sequence of items may be authenticated by the dependent relationship between their codes.

Abstract: A communications system and method of bootstrapping mobile station authentication and establishing a secure encryption key are disclosed. In one embodiment of the communications network, a distinguished random challenge is reserved for generation of a secure encryption key, wherein the distinguished random challenge is not used for authentication of a mobile station. The distinguished random challenge is stored at a mobile station's mobile equipment and used to generate a secure encryption key, and a bootstrapping function in the network uses a normal random challenge to authenticate the mobile station and the distinguished random challenge to generate the secure encryption key.

Abstract: A small form-factor security device is provided that may be inserted in series with a telephone line to encrypt dual tone multi-frequency (DTMF) tones from a telephone to prevent unauthorized disclosure of sensitive information. A receiving device decrypts the encrypted DTMF tones to receive the original information sent by the telephone. The security device acts as a second factor in a two-factor authentication scheme with a tele-services security server that authenticates the security device.

Abstract: A method and apparatus for re-synchronizing a stream cipher during soft handoff. Transmitted quasi-secret keying information is used with a secret key to reinitialize a stream cipher generator located in a base station and a stream cipher generator located in a travelling mobile station. Since the quasi-secret keying information is uniquely determined according to each base station in the wireless telephone system, a base station's quasi-secret keying information and a shared secret key can also be used to create a new key. Thus, as the mobile station travels from one base station to another base station, a unique new key is generated for each base station.

Abstract: Methods and systems enable thermal treating a portion of a subject using microwave or other electromagnetic radiation without harming other portions of the subject. In an embodiment, a plurality of electromagnetic radiation transmitters are positioned within a thermal treatment system and coupled to a control processor. The electromagnetic radiation may be transmitted as a pseudorandom waveform and maybe microwave radiation. The control processor coordinates the transmitters so that emitted electromagnetic radiation constructively interferes within a treatment volume while radiation passing through the rest of the subject randomly interferes or appears as noise. As a result, in a volume in which the electromagnetic radiation waveforms arrive in phase the power of all the transmitters add constructively resulting in a significant temperature rise, while the rest of the subject is exposed to a much lower average power level and thus a lower temperature rise.

Abstract: Disclosed is a system and method that provides a merchant associated with a point of sale (“POS”) system and a consumer associated with a portable computing device (“PCD”) to complete a purchase transaction without transmitting or presenting confidential payment credentials. In an exemplary embodiment, sound is used to transmit data between the POS and the PCD. A payment request is rendered on the PCD. The consumer reviews and authorizes via a unique cryptographic signature. The merchant approves via addition of its unique cryptographic signature. A remote service in communication with the POS verifies the signatures via previously registered public keys. The transaction is then settled to a consumer account. Confirmation is returned to the POS and PCD. Advantageously, the transaction is commenced and completed without the PCD being online. Further, the consumer payment credentials are not stored on the PCD or transmitted from the PCD to the merchant POS system.

Abstract: Methods, devices, and systems for detecting return-oriented programming (ROP) exploits are disclosed. A system includes a processor, a main memory, and a cache memory. A cache monitor develops an instruction loading profile by monitoring accesses to cached instructions found in the cache memory and misses to instructions not currently in the cache memory. A remedial action unit terminates execution of one or more of the valid code sequences if the instruction loading profile is indicative of execution of an ROP exploit involving one or more valid code sequences. The instruction loading profile may be a hit/miss ratio derived from monitoring cache hits relative to cache misses. The ROP exploits may include code snippets that each include an executable instruction and a return instruction from valid code sequences.