Abstract: A device enrollment method and system comprising trusted application code that is executed in isolation from the primary OS of a hosting device and an access control mechanism that manages access to this code. The trusted application code provides hardware-backed cryptographic and authentication services to multiple third party applications. The value of these services is dependent on the integrity of both the trusted application and the third party service applications that access the trusted application. To assert trust, the trusted application may be installed in the device's TEE per existing industry TEE provisioning mechanisms. The process may involve the generation of a unique device key within the trusted application that is signed by a provisioning agent. Through this device key, the access control mechanism obtains cryptographic assurance of the integrity of the trusted application when controlling access to the host device in transactions with online service providers.

Abstract: Systems and methods may be provided for masking data on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage that are processed by an internet browser. The system may intercept data, such as text, images, and video input at the data input fields, prior to the data being posted online on a public service provider's website. The publishing node may control which users are permitted access to the posted data by defining a policy associated with the data input field. The posted data may be transformed or tokenized to ensure that it is inaccessible to a user (or group of users) unless that user/group is granted access to the decoding key under the policy. In this way, data security and data control may be provided to a publishing user node. Data that has already been posted may be destroyed, for example, by deleting the decryption key or a token.

Abstract: Data may be masked on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage that are processed by an internet browser. The system may intercept data, such as text, images, and video input at the data input fields, prior to the data being posted online. The publishing node may control which users are permitted access to the posted data by defining a policy associated with the data input field. The posted data may be transformed or tokenized to ensure that it is inaccessible to a user (or group of users) unless that user/group has access to the decoding key under the policy. In this way, data security and data control may be provided to a publishing user node. Data that has already been posted may be destroyed, for example, by deleting the decryption key or a token.

Abstract: Systems and methods may be provided for masking data on public networks. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider's website. A policy may be defined to control which users are permitted access to a key to decode the encoded content. The policy may defer to a third party policy node in determining key access. An account for a controlling entity, such as a guardian or employer, may be configured to control the encoding status of posts made by another. The controlling entity may control who has key access to decode posts made by the other account. The guardian account may be configured to have preemptive rights over posting decisions made by the minor.

Abstract: Systems and methods may be provided for masking data on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider's website. A privacy agent may process input field content to try to detect encoding markers in the input field content, which define portions of the content that are to be encoded. A third party key server may be used to store decoding keys. A URI reference to the decoding key may be used to access the decoding key by a node attempting to view the decoded version of the input field content.

Abstract: Online retailers and advertisers typically attempt to glean information about a potential customer from his or her web browser click history. However, relying on only a potential customer's click history is not an effective means for tailoring and personalizing web content for the user in the moment of customer interaction with the web content. Obtaining information about the user's engagement with web content is critical to successful personalization of web content in real-time. The present invention provides solutions for monitoring, tracking and calculating user engagement with web content that enables successful personalization of web content in the moment of interaction.

Abstract: Systems and methods may be provided for masking data on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider's website. A privacy agent may process input field content to try to detect encoding markers in the input field content, which define portions of the content that are to be encoded. A third party key server may be used to store decoding keys. A URI reference to the decoding key may be used to access the decoding key by a node attempting to view the decoded version of the input field content.

Abstract: Methods, systems, and computer readable media for managing suspect subscriber bindings. In some examples, a method is performed by a Diameter signaling router (DSR) for a telecommunications network. The method includes binding a subscriber to a first policy and charging rules function (PCRF) server selected from a plurality of PCRF servers for the telecommunications network. The method includes determining that one or more messages destined to the first PCRF server have failed according to one or more user-configurable rules defining failure. The method includes tearing down the binding between the subscriber and the first PCRF server.

Abstract: Data may be masked on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage that are processed by an internet browser. The system may intercept data, such as text, images, and video input at the data input fields, prior to the data being posted online. The publishing node may control which users are permitted access to the posted data by defining a policy associated with the data input field. The posted data may be transformed or tokenized to ensure that it is inaccessible to a user (or group of users) unless that user/group has access to the decoding key under the policy. In this way, data security and data control may be provided to a publishing user node. Data that has already been posted may be destroyed, for example, by deleting the decryption key or a token.

Abstract: Systems and methods may be provided for masking data on public networks. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider's website. A policy may be defined to control which users are permitted access to a key to decode the encoded content. The policy may defer to a third party policy node in determining key access. An account for a controlling entity, such as a guardian or employer, may be configured to control the encoding status of posts made by another. The controlling entity may control who has key access to decode posts made by the other account. The guardian account may be configured to have preemptive rights over posting decisions made by the minor.

Abstract: According to one aspect, the subject matter described herein includes a method for routing Diameter messages. The method includes steps occurring at a Diameter signaling router (DSR) comprising a plurality of Diameter message processors. The method includes receiving a Diameter request message. The method further includes generating a hop-by-hop identifier for identifying a first Diameter message processor of the plurality of Diameter message processors. The method further includes incorporating the hop-by-hop identifier into the Diameter request message. The method further includes routing the Diameter request message to a first Diameter node.

Abstract: According to one aspect, the disclosed subject matter describes herein a method that includes aggregating, by an egress function, message traffic directed to a target server entity from each of a plurality of ingress functions and procuring, by the egress function, dynamic update data that includes a message processing capacity threshold value associated with the target server entity and an aggregated message traffic rate corresponding to the message traffic received from the plurality of ingress functions. The method further includes sending the dynamic update data to each of the plurality of ingress functions and adjusting, by each of the ingress functions, an outgoing message traffic rate directed to the target server entity in accordance with the dynamic update data.

Abstract: Device identification scoring systems and methods may be provided that can increase the reliability and security of communications between devices and service providers. Users may select and configure additional identification factors that are unique and convenient for them. These factors, along with additional environmental variables, feed into a trust score computation that weights the trustworthiness of the device context requesting communication with a service provider. Service providers rely on the trust score rather than enforce a specific identification routine themselves. A combination of identification factors selected by the user can be aggregated together to produce a trust score high enough to gain access to a given online service provider. A threshold of identification risk may be required to access a service or account provided by the online service provider.

Abstract: Systems and methods are disclosed that provide for a full validation of an unknown client device prior to acceptance of a block chain transaction would provide further security for block chain transactions. The health of the device can be attested to prior to engaging in electronic transactions. In some embodiments, automation of full device integrity verification is provided as part of a block chain transaction. Certain aspects of the invention enable trust in devices. Some embodiments operate on the fundamental premise that a reliable relationship with a device can make for a much safer, easier and stronger relationship with an end user. Achieving this requires knowing with confidence that a device involved in a current transaction is the same device it was in previous transactions.

Abstract: According to one aspect, the disclosed subject matter describes herein a method that includes aggregating, by an egress function, message traffic directed to a target server entity from each of a plurality of ingress functions and procuring, by the egress function, dynamic update data that includes a message processing capacity threshold value associated with the target server entity and an aggregated message traffic rate corresponding to the message traffic received from the plurality of ingress functions. The method further includes sending the dynamic update data to each of the plurality of ingress functions and adjusting, by each of the ingress functions, an outgoing message traffic rate directed to the target server entity in accordance with the dynamic update data.

Abstract: Device identification scoring systems and methods may be provided that can increase the reliability and security of communications between devices and service providers. Users may select and configure additional identification factors that are unique and convenient for them. These factors, along with additional environmental variables, feed into a trust score computation that weights the trustworthiness of the device context requesting communication with a service provider. Service providers rely on the trust score rather than enforce a specific identification routine themselves. A combination of identification factors selected by the user can be aggregated together to produce a trust score high enough to gain access to a given online service provider. A threshold of identification risk may be required to access a service or account provided by the online service provider.

Abstract: A photovoltaic module employing an array of photovoltaic cells disposed between two optically transparent substrates such as to define a closed-loop peripheral area of the module that does not contain a photovoltaic cell. The module is sealed with a peripheral seal along the perimeter; and is devoid of a structural element affixed to an optically transparent substrate and adapted to mount the module to a supporting structure. The two substrates may be bonded together with the use of adhesive material and, optionally, the peripheral seal can include the adhesive material. The module optionally includes diffraction grating element(s) adjoining respectively corresponding PV-cell(s).

Abstract: Methods, systems, and computer readable media for performing enhanced service routing are disclosed. One method includes receiving, at a Diameter application executing on a message processor associated with a DSR, a Diameter message that requires a service. The method also includes determining, using service routing data, at least one service provider for performing the service associated with the Diameter message, wherein the service routing data is based on service capability information provided by a plurality of service providers and sending the Diameter message or a portion of the Diameter message to the at least one service provider for performing the service.

Abstract: According to one aspect, the subject matter described herein includes a method of operating a Diameter signaling router (DSR) for routing Diameter messages. The method includes steps occurring at a DSR comprising a plurality of Diameter message processors, each configured to perform at least one Diameter function. The method also includes detecting, at a first of the plurality of Diameter message processors, a change in status relating to the at least one Diameter function. The method further includes communicating, by the first of the plurality of Diameter message processors and to a second of the plurality of Diameter message processors, an indication of the change in status.

Abstract: Data may be masked on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage that are processed by an internet browser. The system may intercept data, such as text, images, and video input at the data input fields, prior to the data being posted online. The publishing node may control which users are permitted access to the posted data by defining a policy associated with the data input field. The posted data may be transformed or tokenized to ensure that it is inaccessible to a user (or group of users) unless that user/group has access to the decoding key under the policy. In this way, data security and data control may be provided to a publishing user node. Data that has already been posted may be destroyed, for example, by deleting the decryption key or a token.