Abstract: Application developers can request to have their applications registered for use with a content delivery platform. The operator of the content delivery platform establishes perimeters defining geographic areas, and maintains records reserving particular areas for delivery of content associated with particular sponsors. Registered applications running on mobile devices can request content from the content delivery platform. Based at least in part on the request, the content delivery platform can identify a target location, which may be the location of the mobile device, or some other location indicated in the request. A mobile device can be provided content based on the relationship of the target location to the geographic areas, so that a registered application running on a mobile device with a target location contained within a geographic area assigned to a particular sponsor will receive content related to that sponsor.

Abstract: A coordinate encryption method includes the steps of encoding a coordinate with an encryption algorithm, testing whether the result of the encoding is within a predefined range, and outputting the result of the encoding in case the result of the encoding is within the predefined range.

Abstract: Provided are a system and method for performing deduplication of web content. In one example, the method includes converting search results of a first website into a first fuzzy index and converting search results of a second website into a second fuzzy index, determining a search result of the first website corresponds to a same item as a search result of the second website based on a comparison of the first fuzzy index and the second fuzzy index, and displaying a comparison of web content associated with the item from the first search result and web content associated with item from the second search result. The deduplication of content according to various embodiments may be performed on the fly without storing web content in a centralized database.

Abstract: A system, method and program product for authenticating a device. An authentication service is provided having: a data management system for periodically collecting and storing signature data from each of a set of registered devices, wherein the signature data includes a plurality of data points, and wherein at least one of the data points includes a device usage characteristic; a system for obtaining a temporal signature state (TSS) vector of a device in response to a transaction request from the device, wherein the TSS vector includes values for a selected subset of the data points forming the signature data; and an authenticator for comparing the TSS vector of the device with stored signature data in order to authenticate the device.

Abstract: A system for implementing a virtual machine based on a zero-knowledge proof circuit for general operation verification is disclosed, which includes a general operation verification circuit generator that generates a general operation verification circuit having a base number of commands, a base number of machine steps, and a base system size and generates proof keys and verification keys by using the general operation verification circuit and a zk-SNARK algorithm, a prover terminal that generates a proof by using a proof key included in the general operation verification circuit, coefficients of a polynomial function obtained through the zk-SNARK algorithm, and information required for verifying and proving from the general operation verification circuit; and a verifier terminal that performs verification of whether or not the proof is valid by using the verification key, the information required for verifying and proving from the general operation verification circuit, and the proof.

Abstract: An authentication node (22) in a wireless communication system (10) authenticates a message received by a recipient radio node (16A) (e.g., a user equipment). The authentication node (22) in this regard determines a radio resource that carries the message received by the recipient radio node (16A). The authentication node (22) performs authentication of the message, by checking whether the message is bound to the determined radio resource. The authentication node (22) may, for example, compute an expected authentication or integrity code based on information identifying the determined radio resource and check whether the expected authentication or integrity code matches an authentication or integrity code associated with the message.

Abstract: A method for providing a promotion to a user to do commerce at a physical location includes offering a right to a particular piece of digital content to the user as an incentive to a commercial transaction that occurs at least partly at the physical location, discerning that the user is located at the physical location, and in response to the discerning, interacting with the user to provide the digital content to the user on a mobile device associated with the user.

Abstract: Implementations of the present disclosure include generating, by a consensus node, a certificate signing request (CSR); sending the CSR to a first certificate authority (CA); receiving a first public key certificate of the consensus node from the first CA, and a first one or more public key certificates issued by a first one or more CAs. The consensus nodes also sends the CSR to a second CA, receives a second public key certificate of the consensus node from the second CA, and a second one or more public key certificates issued by a second one or more CAs. The consensus node further configures a first truststore including the first public key certificate and the first one or more public key certificates, and a second truststore including the second public key certificate and the second one or more public key certificates.

Abstract: Systems, methods and computer readable media for providing users with encrypted content data associated with a service are disclosed. A device may receive first content data. The device may encrypt the first content data using a first key to obtain first encrypted data. The device may generate second encrypted data by applying a cipher substitution to the first encrypted data using a second key. The device may cause to send the second encrypted data to a second device.

Abstract: The present disclosure relates to systems and methods for implementing tiered authentication using position based credentials. In one implementation, a system for associating two user interface devices to provide position-based authentication for a user may include one or more memories storing instructions and one or more processors configured to execute the instructions to perform operations. The operations may include receiving a first identity associated with a first user interface device, receiving a second identity associated with a second user interface device, receiving credentials associated with the user, receiving a distance threshold, and establishing a credentialing association between the first identity and the second identity based on the credentials and the distance threshold.

Abstract: A system for secure communications using resonant cryptography includes a resonator that has a random number generator (RNG). The RNG can be at least one of a true random number generator, pseudo-random number generator, and any non-repeating sequence of numbers having a characteristic of a random number stream, and generating a first stream of random numbers. A transmitter, electrically coupled to the random number generator, is also included to transmit the generated first stream of random numbers.

Abstract: Data packets are received by a virtual cloud node from a cloud server. The virtual cloud node is one of a plurality of computing nodes forming part of an on-premise computing environment. Each of the computing nodes include at least one computing device and executed a plurality of servers with one of the servers being a central management server. Thereafter, the virtual cloud node converts the data packets from a first protocol compatible with the cloud server to a second protocol. The central management server routes the converted data packets to another one of the computing nodes for processing or consumption. Related apparatus, systems, techniques and articles are also described.

Abstract: In various example embodiments, systems, methods and media for omni-channel state preservation are provided. In example embodiments, a method comprises identifying a plurality of flow chain elements in a transaction flow of a user session, causing the presentation of a first flow chain element in the transaction flow in an interface of a first user device, causing the presentation of a second flow chain element in the transaction flow in an interface of a second user device, and preserving a state of the user in the session when causing the presentation of the second flow chain element in the second user device.

Abstract: The embodiments of the present disclosure provide a method and an apparatus for controlling a terminal device to access a wireless Local Area Network LAN. When a terminal device needs to connect to the wireless LAN, a smart terminal device firstly acquires first access information of the wireless LAN and validates whether the first access information is correct; and when the first access information is correct, the smart terminal device sends the first access information to the terminal device, such that the terminal device utilizes the first access information to access the wireless LAN. The method can ensure the first access information sent to the terminal device is correct, i.e., the terminal device can successfully access the wireless LAN by utilizing the first access information. Thereby, the method can improve the success rate of accessing the wireless LAN by the terminal device.

Abstract: An example communications apparatus includes a plurality of communicatively-interconnected communication domains and an electronic switch, integrated as part of a first domain of the plurality of communicatively-interconnected communications domains. The electronic switch effects secure communications of data over the one or more channels specific to the first domain, by using a first circuit and a second circuit. The first circuit is used to obtain and process sampled channel properties associated with the one or more channels specific to the first domain. The second circuit is used to generate, in response to the first circuit, a domain-specific code that is generated pseudo-randomly using the processed sampled channel properties, the domain-specific code being used for coding data conveyed over the one or more channels specific to the first domain.

Abstract: Provided are methods and systems for transmission of terrestrial data between aircraft and ground-based systems using broadband over power line (BPL) communication channels. These channels are established based on authentication of biometric data. Specifically, a biometric module, positioned on an aircraft or a gate, receives biometric data from a user and then authenticates this data based on available reference data. The authentication results are used by a BPL module to establish (or not establish) a BPL communication channel. The BPL communication channel is established through an electrical power cable connecting the aircraft to the gate. Furthermore, the BPL communication channel is established through at least a portion of the onboard electrical power distribution system of the aircraft. The terrestrial data, e.g., aircraft control data, in-flight entertainment data, and/or airplane information system data, is then transmitted through this BPL communication channel.

Abstract: In embodiments, an authentication server interfaces between a user device with a self-signed certificate and a verifying computer that accepts a user name and password. The user device generates a self-signed certificate signed by a private key on the user device. The self-signed certificate is transmitted to a verifying party computer over a network. The verifying party stores the self-signed certificate with user identification data, including at least one of a user name, user address, user email, user phone number, user tax identification (ID), user social security number and user financial account number. In subsequent communications, the verifying party receives a certificate chain including the self-signed certificate, and matches that with the user identification data stored in a database.

Abstract: A method of performing an operation on a data storage for storing data being encrypted with a key KD associated with an owner of the data is provided. The method includes deriving, for each authorized client Cj, a first key KCj and a second key KTj, providing the client Cj with the first key KCj, and providing a Trusted Third Party (TTP) with the second key KTj. The method further includes, at a Policy Enforcement Point, receiving a request for performing the operation on the data storage from a client Ck of the authorized clients, acquiring a first key KCk from the client Ck, acquiring a second key KTk from the TTP, deriving the key KD from the first key KCk and the second key KTk, and performing the operation on the data storage using the derived key KD. The disclosed trust model uses two-part secret sharing.

Abstract: A telecommunication device protects data stored in a security module. The device has a near field communication (NFC) router with a plurality of individually assignable gates and a routing table. In response to a request to assign a communication pipe to one of the gates, the device creates and stores a reference signature for the pipe based on at least one of a personal code of an authorized user of the device or an identifier of a radio frequency gate of the router. In response to a request to provide data from the security module to the NFC router, the device creates a current signature corresponding to the request to provide data. The device verifies whether the current signature corresponds to the stored reference signature and prevents a provision of the requested data based on a failure to verify the current signature corresponds to the stored reference signature.

Abstract: Systems and methods are provided for transferring state between devices. In one implementation, a gestural input is detected, and a state of a source application is transferred from a first device to a second device in response to the gestural input. The second device may then generate an instance of a target application that corresponds to a representation of the state of the source application received from the first device. In an additional implementation, a state of the target application is transferred from the second device to the first device. The first device then updates a state of the source application to correspond to a representation of the state of the target application received from the second device.

Abstract: Systems and methods are provided for checking many users in to a location using a Bluetooth® low energy (BLE) beacon. The provided systems and methods may allow a BLE beacon to facilitate a check in with a remote server that processes check ins and then disconnect from the device used to check in. The device may be assigned a unique identifier that may be broadcast from the device during the check in so that the BLE beacon can quickly scan for the identifier and connect with the device based on the identifier to provide content and other information to the device.

Abstract: A mobile storage device includes first and second memory regions in one or more semiconductor memory devices, a positioning system configured to generate positional information indicating a position of the mobile storage device, and a controller. The controller is configured to allow access to the first memory region and prohibit access to the second memory region when the positional information indicates that the position of the mobile storage device is within a first area, and prohibit access to the first memory region and allow access to the second memory region when the positional information indicates that the position of the memory storage device is within a second area, which is different from and does not overlap with the first area.

Abstract: Various systems and methods for determining whether to allow or continue to allow access to a protected data asset are disclosed herein. For example, one method involves receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprises first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset.

Abstract: A communication system and a comparison method for securing a communication path for a legitimate user via a terminal apparatus (“TA”). A vehicle-mounted communication device (“VMCD”) transmits a device ID identifying the VMCD to a TA, acquires a terminal ID from the TA, and transmits the device ID and the terminal ID acquired from the TA to a central apparatus. The TA transmits a terminal ID identifying the TA to the VMCD, acquires a device ID from the VMCD, and transmits the terminal ID and the device ID acquired from the VMCD to the central apparatus. The central apparatus receives a device ID and a terminal ID transmitted from the VMCD and a device ID and a terminal ID transmitted from the TA, and compares the device ID and the terminal ID received from the VMCD with the device ID and the terminal ID received from the TA.

Abstract: System and method are disclosed for providing authentication of a terminal device. One embodiment includes a method implemented by a first terminal device. The method may include receiving first location information and receiving a first predetermined signal. The method may also include transmitting status information and the first location information to a server upon receiving the first predetermined signal to allow the server to compare the first location information with second location information received from a second terminal device and to allow the server to transmit the status information to the second terminal device. The status information may indicate that the first terminal device is authenticated and the first location information may indicate a current location of the first terminal device.

Abstract: A processor-implemented method alters a computer resource based on its new geolocation. One or more processors receive a message that a computer resource has moved from a first geolocation to a new geolocation. The processor(s) receive an identifier of the new geolocation for the computer resource. In response to receiving the identifier of the new geolocation for the computer resource, the processor(s) request and receive encrypted data from the new geolocation. The processor(s) apply decryption information to the encrypted data from the new geolocation, where the decryption information is specifically for decrypting encrypted data from the new geolocation. In response to the decryption information failing to decrypt the encrypted data from the new geolocation, the processor(s) determine that the identifier of the new geolocation is false and apply a geolocation based resource policy to alter the computer resource at the new geolocation.

Abstract: Provided are a computer program product, system, and method for providing backup and restore services to network attached appliances in a network. Configuration settings comprising configuration settings used in a network attached appliance are gathered and a unique identifier for the network attached appliance is determined. A backup request is generated including the configuration settings, the unique identifier, and a backup operation code. The backup request is broadcasted on the network to be received by the backup servers to store the configuration settings for the unique identifier.

Abstract: Centralized monitoring of plural file systems that operate within or in association with an enterprise computing environment is provided. Each of the plural file systems are provided with a security policy, wherein the security policy defines one or more file system access activities to be monitored at the file system. Each file system is instrumented with a software agent that intercepts the relevant file system access activity. A centralized collector component is operative to receive from each of the plural file systems audit trail data, wherein the audit trail data is data that has been generated locally as file system access activity is intercepted at the file system by the local software agent in accordance with the applicable security policy. The collector applies the security policy against the audit trail data received from at least one of the plural file systems and, in response thereto, takes a given action.

Abstract: Disclosed is an approach to incorporate geographical access control features for a cloud-based storage platform. This allows, for example, enterprise administrators to define geographical areas (geofences) with arbitrary precision within which content access can be denied for items of data.

Abstract: An apparatus of a communication network system, which routes data packets and stores trusted routes between different communication network systems in a database, detects (S12) that a data packet requires a route with a specific level of trust, determines (S13), from the trusted routes stored in the database, a specific trusted route towards a destination as indicated in the data packet, and sets (S15) the data packet on the specific trusted route towards the destination.

Abstract: A mobile device detects its location and other devices in proximity to the mobile device. When the device is in an untrusted location, or is in physical proximity to an untrusted device, the mobile device ensures existing security and authentication mechanisms are in place, and may additionally require enhanced security measures on the device. In addition, the device may modify its functionality based on the mobile device being in an untrusted location or in physical proximity to an untrusted device.

Abstract: A mobile device detects its location and other devices in proximity to the mobile device. When the device is in an untrusted location, or is in physical proximity to an untrusted device, the mobile device ensures existing security and authentication mechanisms are in place, and may additionally require enhanced security measures on the device. In addition, the device may modify its functionality based on the mobile device being in an untrusted location or in physical proximity to an untrusted device.

Abstract: Systems and methods are provided that may be implemented to use angle of arrival (AoA) of a signal transmitted between two Bluetooth Low Energy (BLE) wireless devices to initially authenticate a connection between the two BLE devices. In one example, bonding or pairing with a first BLE device may be restricted to only those other BLE devices having an antenna currently positioned to transmit a signal to the first BLE device from an allowed direction and within a predefined permitted range of AoA relative to the first BLE device.

Abstract: A method, apparatus and computer program product are provided to facilitate the identification of one or more media files stored on respective ones of a plurality of user devices. In the context of a method, a current context is determined. The method also automatically identifies one or more media files stored on respective ones of a plurality of user devices based upon a relationship between a context associated with the respective media file and the current context. The method also causes the one or more media files to be transferred to an output device for presentation. A corresponding apparatus and computer program product are also provided.

Abstract: A method operates a server that is coupled to a network controlling door actuators at physical geo-locations. The server receives through a wireless communication network a request to enable physical access at a portal using a secure channel and a geo-location estimate from a mobile device. A circuit of the mobile device receives radio signal magnitude, phase, and power from at least one transmitter and authentication input from a user interface. Dual secured communications paths protect the server on its separately provisioned request channel and actuator command channel. Each legacy electronically controlled access portal is enabled to support smartphones without installing a replacement multi-band radio frequency reader at the geo-location.

Abstract: A client device bootstraps against a trusted server by obtaining an activation code that includes an identifier and a one time password. The client device sends a message to a public server requesting an address of a trusted server associated with the identifier. The client device receives the address of the trusted server from the public server and initiates a communication session with the trusted server at the address provided by the public server. The one time password is used as a shared secret to secure the communication session. The client device downloads cryptographic information from the trusted server.

Abstract: Embodiments relate to methods and systems for managing media content distribution rights to a media client on a craft to ensure that the distribution of media content items is consistent with media content distribution rights.

Abstract: A method of sorting and displaying data on a portable electronic device includes: determining geographical coordinates of the portable electronic device, providing search criteria to the portable electronic device, performing a search in a database based on the search criteria resulting in a list of database records, determining a search area of the portable electronic device and displaying selected records from the list of database records on a display screen of the portable electronic device. Each of the selected records is located within a search radius, which originates at the geographical coordinates of the portable electronic device, and within the search area, which is determined based on a pointing direction of the portable electronic device.

Abstract: Systems and methods may be provided for constructing and deconstructing encoded messages. A method for constructing an encoded message comprising: providing an unencoded message having one or more unencoded characters; identifying one or more suitable human-readable phrases indexed from one or more codebooks wherein characters from extended character sets are mapped to standard characters having similar appearances to the characters from the extended character sets to create one or more human-readable phrases; selecting a suitable human-readable phrase from the one or more codebooks; and generating an encoded message by mapping the unique and repeating characters of the unencoded messages to the extended character set provided by the selected human-readable phrase. Corresponding systems, and computer system products may be provided.

Abstract: Disclosed herein is a method for detection of a cyber-threat to a computer system. The method is arranged to be performed by a processing apparatus. The method comprises receiving input data associated with a first entity associated with the computer system, deriving metrics from the input data, the metrics representative of characteristics of the received input data, analyzing the metrics using one or more models, and determining, in accordance with the analyzed metrics and a model of normal behavior of the first entity, a cyber-threat risk parameter indicative of a likelihood of a cyber-threat. A computer readable medium, a computer program and a threat detection system are also disclosed.

Abstract: Disclosed are various embodiments for determining whether a client device is authorized to receive media content based at least in part on the call signs of broadcast stations that the client device is able to receive. A computing device receives a broadcast station identifier and a program identifier from a client computing device. The computing device determines that the client computing device is authorized to access media content identified by the program identifier based at least in part on the broadcast station identifier. Finally, the computing device streams the media content to the client computing device in response to determining that the client computing device is authorized to access the media content.

Abstract: Systems and methods are provided for checking many users in to a location using a Bluetooth® low energy (BLE) beacon. The provided systems and methods may allow a BLE beacon to facilitate a check in with a remote server that processes check ins and then disconnect from the device used to check in. The device may be assigned a unique identifier that may be broadcast from the device during the check in so that the BLE beacon can quickly scan for the identifier and connect with the device based on the identifier to provide content and other information to the device.

Abstract: A method and associated system. Before allowing a user to use a secured resource, a first security check may be performed with respect to the user and/or the secured resource to determine whether a first security condition is satisfied. In response to a first security condition being satisfied, allowing the user to use the secured resource. In response to failing to satisfy the at least one first security condition, performing a second security check on the user with a second security condition. In response to passing a second security condition, allowing the user to use the secured resource. The first security condition may include a dynamic evaluation of at least one available data point to calculate a projected security risk of the user using the secured resource and the level of complexity of the second security condition may be set based on the calculated projected security risk.

Abstract: A route learning system for a vehicle and a method of using the system is described. The method includes: in response to determining that a current location matches a historical location, retrieving from memory false alert geotag that includes historical path data; and based on determining that a currently-predicted path does not match the historical path, replacing the currently-predicted path with the historical path to mitigate a false warning to a driver of a host vehicle.

Abstract: A control device performs an admissions control process with a first device to determine whether the first device is authorized to communicate over the communication fabric that supports memory semantic operations.

Abstract: In accordance with an embodiment, described herein is a system and method for supporting interceptors in an application server environment. The method can provide, at one or more computers, including an application server environment executing thereon, a plurality of deployable resources which can be used within the application server environment, one or more partitions, wherein each partition provides an administrative and runtime subdivision of a domain, and an interceptor framework, the interceptor framework comprising a plurality of interceptors. The method can further select and trigger, on a call for a method invocation, an interceptor chosen from the plurality of interceptors. The method can interrupt, by the triggered interceptor, the call for the method invocation, wherein the interceptor is selected based at least upon the call for a method invocation.

Abstract: A transmission system includes a multiplexing apparatus and a message authentication code generating apparatus. The multiplexing apparatus multiplexes MMTP packets for video data and audio data to be transmitted to generate multiplexed data. The message authentication code generating apparatus generates a message authentication code in accordance with a message authentication scheme, using data except for at least either a time stamp or a packet counter in the MMTP packet included in the multiplexed data. The message authentication code generating apparatus adds the message authentication code to the MMTP packet.

Abstract: An apparatus and method are provided for implementing one or more security services to messages and data being communicated between a first network and a second network. In particular, a network bridge device is provided for applying communications security services to data passing by means of the device from a first network to a second network, the device having a first network interface for linking to the first network, a second network interface for linking to the second network, and a unidirectional link between the first and second network interfaces within the device incorporating a first hardware logic module, configured to apply one or more predetermined data security functions to message data received via the first network interface, and a second hardware logic module, arranged to apply a predetermined scheme for authentication of the source of messages passing through the device.

Abstract: A method, electronic device, and non-transitory computer-readable medium for establishing graphical authentication on an electronic device are disclosed. The method comprises: receiving a first user input corresponding to an image, the image comprising a plurality of points of interest; receiving a second user input corresponding to a selected point of interest in the plurality of points of interest in the image; receiving a third user input corresponding to a selected password element; and storing the selected image, the selected point of interest, and the selected password element in association with a user authentication profile in a memory of the electronic device.

Abstract: A system and method is provided to determine location information of a portable computing device and, in particular, to a secure and scalable system and method of decoupling and exposing handset originated location information to third parties. The system includes a location platform to determine location information of a remote user, and an encryption service configured to secure the location information of the remote user and send the secure location information to a content provider.