Abstract: Systems and methods for obtaining access to a session with a remote cloud service server. The methods comprising: receiving, by a first client computing device, a user unique identifier from a mobile device located in proximity to the first client computing device; and performing facial recognition operations by the first client computing device subsequent to the reception of the user unique identifier. The facial recognition operations comprise: capturing an image of the mobile device's user; and analyzing the image to obtain a user name associated with the facial features represented therein. A determination is made as to whether the user name matches the user unique identifier. If so, a first session with the remote cloud service server is automatically launched.

Abstract: A transaction system has Internet-connected partner platforms hosted by real-estate sale enterprises, displaying property for sale or rent with an Offer-Now button initiating coded instructions to display an electronic input form enabling a person to configure an offer on one of the properties, and an Internet-connected service enterprise providing the coded instructions to the partners, configured specifically to partner requirements. Upon the person activating the Offer Now button from a mobile device, a verification code is sent to the device, to be returned to verify the device, and offer input provided through the device and the electronic form is tracked to be saved as an offer for sale or rent of the specific property.

Abstract: A block-oriented lossless decompressor is used to decode encoded data fetched from storage that is subsequently transferred across a network in encoded (compressed) form. In examples described herein, applications executing at network nodes send GET requests, or similar messages, to storage systems, which can return compressed data this is decompressed in an intermediate node (between the storage node and the app), and can return compressed data that is decoded in the same network node in which the requesting application is running.

Abstract: A non-transitory computer-readable medium stores computer-readable program instructions configured to, when executed, cause a processor to transmit, to a terminal device via a communication interface, screen data representing a screen including specific identification information specifying one or more printers and being configured to receive a change instruction to change one or more setting values for the one or more printers to a specific setting value, after receiving the change instruction via the communication interface, transmit a change request including the change instruction and the specific identification information via the communication interface, obtain execution status information including the specific identification information and success-failure information each piece of which represents whether a setting value for a corresponding printer has been changed to the specific setting value, and transmit, to the terminal device via the communication interface, screen data representing a screen in

Abstract: An apparatus for data output control includes: an encryption executing circuit configured to receive first data from a processor with a control signal indicating whether the first data is to be encrypted, and encrypt the first data when the control signal indicates that the first data is to be encrypted; a selection circuit configured to output any of the encrypted first data and second data; and an output control unit configured to set a frequency of second timing to be smaller than a frequency of first timing, and transmit a signal to the selection circuit instructing that the second data be outputted at the second timing, in a case where the second data is received from the processor.

Abstract: A system for providing improved processing of data collected during a clinical trial. The system includes a portable electronic device configured to be operated by a clinician and/or a patient. The portable electronic device is configured for collecting data related to the condition of the patient participating in the clinical trial. The system also includes a controller for processing data collected from the patient. The data received from the patient includes AV data, bio sensor data, and clinician data based on information inputted into the portable electronic device by the clinician in response to an interview of the patient. The controller is configured to process the AV, bio data sensor and clinician data and output a recommended course of action related to the patient's participation in the clinical trial based on the data received from the patient.

Abstract: Systems and methods enable members of a secure transaction network to readily identify the appropriate trusted service manager (TSM) to support a particular transaction. A global directory of TSM providers is provided that a secure service provider can use for determining which TSM provider is the authorized manager of a security domain for the particular transaction. In aspect the directory of TSM providers may be stored within a mobile device secure element. In another aspect, the directory of TSM providers may be stored in a central TSM repository. In a further aspect, the directory of TSM providers may be distributed among a number of secondary TSM repositories. The appropriate TSM may be identified based upon a secure element identifier and an application identifier provided by a secure element as part of the transaction. Communication of the identifiers from mobile devices may be via cellular or near field communication links.

Abstract: Techniques for performing auto-remediation on computer system vulnerabilities in source code utilizing local repositories are disclosed herein. An application source code representation is scanned to determine any security vulnerabilities and from those vulnerabilities, a set of security patch rules are generated that may be used to automatically remediate the vulnerabilities. One or more of the security patch rules is selected for verification and, once verified may be used to generate a security patch. The security patch may then be automatically applied to the source code representation to produce a patched representation of the application source code with the vulnerability at least partly remediated.

Abstract: Methods, systems, and devices for address obfuscation for memory are described. A mapping function may map a logical address of data to a physical address of a memory cell. The mapping function may be implemented with a mapping component that includes mapping subcomponents. Each mapping subcomponent may be independently configurable to implement a logic function for determining a bit of the physical address. The mapping function may vary across memory devices or aspects of memory device, and in some cases may vary over time.

Abstract: Techniques for performing auto-remediation on computer system vulnerabilities in source code are disclosed herein. An application source code representation is scanned to determine any security vulnerabilities and from those vulnerabilities, a set of security patch rules are generated that may be used to automatically remediate the vulnerabilities. One or more of the security patch rules is selected for verification and, once verified may be used to generate a security patch. The security patch may then be automatically applied to the source code representation to produce a patched representation of the application source code with the vulnerability at least partly remediated.

Abstract: The disclosed computer-implemented method for detecting unauthorized use of an application may include (1) receiving, by the computing device, fingerprint data associated with a fingerprint, where the fingerprint data is received from the touchscreen, when a user interface of the application is displayed on the touchscreen, and in an absence of displaying a request for fingerprint data on the touchscreen, (2) comparing the received fingerprint data to a whitelist of authorized fingerprint data to determine a presence of a match, where the authorized fingerprint data indicates at least one fingerprint of at least one user that is authorized to access the application and (3) performing, when the received fingerprint data does not match the whitelist of authorized fingerprint data, a security action. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for automatically avoiding fault paths in software code of a System Under Test (SUT) includes generating a plurality of fingerprints by executing a plurality of regression tests. Each of the plurality of fingerprints uniquely identifies a specific code path in the software code of the SUT. A critical error is detected during execution of the software code of the SUT. A fault code path in the software code of the SUT associated with the critical error is identified by analyzing the plurality of generated fingerprints. At least one fingerprint associated with the fault code path in the software code of the SUT is identified. During subsequent execution of the software code of the SUT, the identified fault code path in the software code of the SUT is automatically prevented from being executed based on the identified at least one fingerprint.

Abstract: Methods, non-transitory computer readable media, and network traffic manager apparatus that assists with managing a federated identity environment based on application availability includes identifying a current status of one or more applications. Next, a response to a received request is generated based on the identified current status and a status of user authentication, wherein the generated response comprises an access token and a notification message corresponding to the identified current status. The generated response is provided to the client.

Abstract: A system and method for media content management may comprise creating, via a digital vault, a container file comprising media content submitted by a first user and content metadata; verifying, via the digital vault, a completeness of the content metadata associated with the media content in the container file; classifying, via the digital vault, the container file based on the completeness of the media content; and capturing, via the digital vault, event metadata when a second user gains access to the container file, the event metadata comprising identification of the second user, an activation timestamp, a duration of access, portions of the container file accessed, and changes to the container file.

Abstract: A network server includes a communicator and at least one processor coupled to the communicator. The at least processing is configured to: receive a first data signal from a first user terminal that is shared with a game server; transfer to the game server a first request, together with the first data signal, to verify validation of a game item when a first message including information relating to the game item is received from the first user terminal; receive from the second user terminal a second message relating to the game item; and transfer to the game server a second request, together with the first data signal, to change an owner of the game item from a first game ID associated with the first user terminal to a second game ID associated to the second user terminal in response to determining whether second message is authorized.

Abstract: An example computing device is programmed to: (a) detect an attempt to secondarily access a user account, the user account being involved in an ongoing primary financial session with a primary device; (b) raise the level of authentication required to secondarily access the user account beyond that which was required to access the account for the primary financial session; (c) when successful authentication at the raised level is achieved, permit secondary access to the user account through a secondary financial session and compare one or more user activities occurring during the secondary financial session to a plurality of fraud profiles; and (d) indicate fraud when comparison of the user activity is consistent with one or more of the plurality of fraud profiles.

Abstract: One embodiment of the present invention provides a system that automatic discovers and monitors enterprise components. During operation, the system scans an enterprise environment for an item of meta-data. Next, the system analyzes the item of meta-data to determine a monitoring instruction for a corresponding enterprise component. Finally, the system performs the monitoring instruction for the corresponding enterprise component.

Abstract: Methods and devices for managing browser extensions may include receiving a security list for restricting usage of one or more browser extensions on webpages that includes at least one or more of a webpage category and a uniform resource locator (URL). The methods and devices may include receiving a navigation request to a webpage and providing a browser extension decision whether to allow the one or more browser extensions to operate on the webpage based at least upon the security list.

Abstract: Methods, systems, and computer-readable media for secure offline transmission of a plurality of data segments from a sending device to one or more receiving devices. The sending device and the one or more receiving devices may communicate via an offline local network. A secure, encrypted container may be created at the receiving device to temporarily cache the received data segments one at a time and the encrypted storage container prevents access by one or more applications of the receiving device to data stored therein based on storage instructions from the sending device. The encrypted container may be configured to store the data segments such that less than all of the data segments are stored at the receiving device at any one time.

Abstract: Systems and techniques for removing a sound recording from an audio recording (e.g., an audio recording embedded in a media file) are presented. The system can include an identification component, a first subtraction component and a second subtraction component. The identification component identifies a sound recording in a mixed audio recording. The first subtraction component determines a local linear transformation of the sound recording and subtracts the local linear transformation of the sound recording from the mixed audio recording to generate a new mixed audio recording. The second subtraction component compares one or more segments of the sound recording with one or more corresponding segments of the new mixed audio recording and reduces a power level of the new mixed audio recording based at least in part on correlation of the one or more corresponding segments with the one or more segments.

Abstract: The present invention relates to data rights management and more particularly to a secured system and methodology and production system and methodology related thereto and to apparatus and methodology for production side systems and are consumer side systems for securely utilizing protected electronic data files of content (protected content), and further relates to controlled distribution, and regulating usage of the respective content on a recipient device (computing system) to be limited strictly to defined permitted uses, in accordance with usage rights (associated with the respective content to control usage of that respective content), on specifically restricted to a specific one particular recipient device (for a plurality of specific particular recipient devices), or usage on some or any authorized recipient device without restriction to any one in specific, to control use of the respective content as an application software program, exporting, modifying, executing as an application program, viewing,

Abstract: A networked device communication system can configure network devices (e.g., a primary and secondary database) to send and receive sequences of messages, such as replicated data, using one or more keypairs and wrapping keys. The sequences of messages can include an initial set of messages that are encrypted by a wrapping key, and further include another set of messages that are encrypted by a replaced staggered key. The sequence of messages can be configured to be decrypted without exporting keys of hardware security modules.

Abstract: Detecting emergent abnormal behavior in a computer network faster and more accurately allows for the security of the network against malicious parties to be improved. To detect abnormal behavior, outbound traffic is examined from across several devices and processes in the network to identify rarely communicated-with destinations that are associated with rarely-executed processes. As a given destination and process is used more frequently over time by the network, the level of suspicion associated with that destination and process is lowered as large groups of devices are expected to behave the same when operating properly and not under the control of a malicious party. Analysts are alerted in near real-time to the destinations associated with the activities deemed most suspicious.

Abstract: A method for providing access to media content from a media content provider is performed at an electronic device. The method includes receiving, from a client device, a request for access to a media item. The method further includes, in response to the request for access to the media item: initiating an heuristic analysis to determine whether the client device is authorized to access the media item, including an examination of a media consumption log associated with the client device; and asynchronously providing access to the media item while performing the heuristic analysis. The method further includes, based on the examination of the media consumption log, determining that the client device has reached an access limit of requests to access media content. The method further includes, in accordance with the determination, after the client device has been provided to access the media item, terminating access to the media item.

Abstract: A method and a system for determining an optimal authentication scheme for an authenticating system. Embodiments may include: receiving, from the authenticating system an identity of a user requiring access to the authenticating system and a policy of the authenticating system; receiving, from a storage device, data including historical information regarding previous authentication attempts by the user; producing a list including an optimal selection of one or more authentication schemes, each including one or more authentication factors, according to the historical information and the authenticating system policy; and sending the selection list of one or more authentication schemes to the authenticating system.

Abstract: Embodiments of systems and methods for storing documents in a cloud storage system comprising a cloud processor and a plurality of storage components are disclosed.

Abstract: A trust management system providing secure communication for storing and sharing personal electronic—data of health (e-health data) and a method thereof are provided. The method includes creating a security policy in accordance with at least one input of a user of the electronic device through a security policy design tool, generating a link for gaining access to the data of health based on the security policy, receiving a transmission request for the data of health using the link from a health data request device, and performing authentication on the transmission request based on the security policy.

Abstract: A system configured for a format to control streaming of content, comprising: a content player module configured to enable a first user to request contents on a first computing device through search keywords on the content player module; request continuous play of the contents from pre-established station on the content player module, the content streaming service module configured to send symmetric encryption keys to content player module on the first computing device through a secure communication between first user and second user, content streaming service module configured to deliver the requested contents to content player module through a payload data, when the content player module starts playing the contents, content player module configured to connect to the content streaming service module to identify which content is being used, by whom, on what device and in which location for accurate accounting of used contents and use in fraud prevention heuristics.

Abstract: Multimedia content, such as film or video, is streamed to a plurality of users with a unique watermark embedded for each user. The content is provided through asynchronous multicast transmission. Users may request the content at different times and receive a uniquely watermarked stream of the content upon request as a discrete, just-in-time transmission. Content is watermarked upon a request for the content by a user. In several embodiments, each user is associated with a unique user identifier that becomes associated with a unique watermark. Once a watermark is associated with a user, the association is stored so that the same unique watermark may be used for future content requested by the user.

Abstract: A method implemented in a computing system hosting a three-dimensional virtual reality world. The computer system collects personally identifiable information of users of accounts, where each account in the accounts is identified by an account identifier and each data field of personally identifiable information of each account is identified by a data field identifier. The system uses a scrypt function to generate an encryption key from the global key, the account identifier, and the data field identifier specifically for the content of the data field of the personally identifiable information of the respective account. Different encryption keys are used for different data fields and different accounts. Encrypted content of a data field is stored at a random location; and the identification of the random location is stored in a device, database or system, separate from where the encrypted contents of the data fields of the accounts are stored.

Abstract: A computing device of a dispersed storage network includes a processing module operable to receive a plurality of requests regarding writing a plurality of data objects to storage units from a plurality of user computing devices. The processing module is further operable to activate a verification process to verify a content format verification code provided by a user computing device for a request regarding writing a data object, activate a signature process to sign the content format verification code with a trusted certificate to produce a signed content format verification code, send the trusted certificate and a signed content format verification code identification to a dispersed storage (DS) processing unit, receive a verification message indicating that the content format verification code identifies a correct format for the data object, and send the data object in the correct format to the DS processing unit for dispersed storage error encoding and storage.

Abstract: One embodiments provides a method, including: determining, using a processor, whether content to be displayed on an information handling device comprises sensitive information; filtering, responsive to determining that the content comprises sensitive information, the sensitive information from the content; displaying, on a display of the information handling device, the content with the sensitive information filtered; and transmitting the sensitive information to a secondary device. Other aspects are described and claimed.

Abstract: A a method for generating and maintaining trusted data in a network environment includes: 1) initializing a data block [A]0 and shared computation rules, and broadcasting the same to the network; 2) acknowledging a node of the data block [A]0 as a participating node; when new data A needs to be added, n participating nodes independently computing a candidate data block [A]T of [A]1 according to the shared computation rules, and broadcasting the same to the other n?1 participating nodes, wherein [A]1 is a data block containing the newly added data A; 3) The n participating nodes determine an acknowledged candidate result [A]Y according to a monitored broadcast packet; and 4) the participating nodes computing the monitored [A]T/[A]Y, and, when the computation result satisfies a predetermined condition, the participating node determining the computation result thereof as an acknowledged result and broadcasting the same.

Abstract: This is directed to providing access to content stored on a local cloud. In particular, a device can direct a librarian service overseeing the operation of a local cloud to provide another device with access to content stored on the local cloud. The librarian service can generate credentials for the other device, and provide the credentials to the other device. Using the credentials, the other device can connect directly to the local cloud and access the content. In addition, the local cloud can validate the credentials of the other before providing access to the content. The credentials can include, for example, a key to install or load on the device. The librarian may not require, however, the user to create credentials or register with the librarian before being permitted to access the content on the local cloud.

Abstract: Provided is a process for mobile-initiated authentications to web services. Credential values of the user are established within a trusted execution environment of the mobile device and representations are transmitted to a server. The user of the mobile device may authenticate with the mobile device to the server, which may convey access to a web-based service from a relying device. The server may pass credentials corresponding to the web-service received from the mobile device and verified to permit user access to the web-service to the relying device. The relying device presents credentials to the web-service to login, authenticate, or otherwise obtain user-level permission for the user on the relying device. The user of the mobile device may authenticate with the mobile device to the server, and may initiate the authentication process from the mobile device, without inputting credentials corresponding to the web-service on the relying device.

Abstract: A client device is connected to a network via one or more communication channels and exchanges content with one or more content provider systems via the network and the communication channels. To evaluate performance of the network or communication channels, the client device requests content from each of multiple content provider systems via the network. The client device determines one or more metrics, such as download data rate or upload data rate, for receiving or for transmitting content from each of the different content provider systems during a time interval. Based on metrics determined for content from multiple content provider systems, the client device determines one or more network performance metrics. Different types of content may be requested from different content provider systems in some embodiments.

Abstract: The invention relates to a system of obtaining authorization where there are multiple authorization modules. When an authorization is provided by a module, it is combined with a security token, digital signature or encryption identifying which module provided the authorization. To obtain a full authorization, multiple authorization modules may be required and these modules can be connected in parallel and or in series with each other.

Abstract: Various embodiments are generally directed to utilizing an offline and/or online verification or authentication protocol to access, redeem, or otherwise utilize multiple loyalty points and loyalty accounts A method for utilizing various loyalty points includes: determining that a user is requesting access to a loyalty points account database, receiving encrypted data generated based a cryptographic algorithm and a diversified key, receiving, a verification of the user, the verification including verifying a data combination that includes the encrypted data, where a server associated with the issuer may decrypt the data combination based on the cryptographic algorithm and the diversified key, responsive to receiving the verification of the user, accessing the database associated with a loyalty points account of the user, and authorizing a redemption of a plurality of loyalty points associated with the loyalty points account.

Abstract: This disclosure relates to adaptive recommendations for user-generated mediasets. A mediaset component provides for users to generate mediasets. A user-generated mediaset can include a user-generated playlist or a user-generated media channel. A monitoring component monitors consumption of media, e.g., by a consumer. A relatedness component determines a set of the user-generated mediasets that are related to the media consumed by the consumer. A recommendation component recommends a subset of the user-generated mediasets based on a set of criteria. A rights management component determines a set of authorizations of the consumer for respective media content associated with the set of user-generated mediasets, and takes at least one action based on the set of authorizations, e.g., updating one of the mediasets based on the set of authorizations.

Abstract: A network apparatus according to an embodiment is provided in a radio access network including a plurality of core network slices. The network apparatus includes a controller configured to manage a resource allocated to a radio terminal for each core network slice, based on a quality of service requirement of each of the plurality of core network slices. The controller provides a control signal related with the resource to the radio terminal.

Abstract: A user provided content provided via the Internet is identified. The user provided content belongs to a previous version content item of a content page accessible via the Internet. A previous version content item identifier for the previous version content item is generated including by combining a content from a title of the previous version content item and a content from a description text of the previous version content item. A new version content item identifier for each content item of a plurality of content items belonging to a new version of the content page are generated, including by combining a content from a title of the corresponding content item belonging to the new version and a content from a description text of the corresponding content item belonging to the new version. Measures of similarity between the previous version content item identifier and each of the new version content item identifiers are calculated.

Abstract: A communication system includes an encryption device, a decryption device and a communication link connecting the encryption device to the decryption device. The encryption device is configured to send encrypted messages to the decryption device over the communication link. The system includes a failure monitor configured to monitor for a failure of the encryption device or the decryption device, and, in the event of failure, to continue the sending of the messages to the decryption device but without encrypting the messages.

Abstract: A method for detection and use of device identifiers to enhance the security of data transfers between electronic devices. A first electronic device can transmit access data to a second electronic device. The access data can be associated with a first access code that can be generated based at least in part on data representing a device identifier of the first electronic device. A device identifier can uniquely identify the first electronic device from a plurality of electronic devices. Transferring the access data can involve transforming the first access code into a second access code that can include data representing a device identifier associated with the second electronic device. Transforming the first access code into the second access code can facilitate access to a resource associated with the access data for a second user, but not for a first user.

Abstract: Methods, systems and computer program products for periodically generating a personalized playlist of media objects based on a most recent taste profile of a user. An N-dimensional latent factor vector that defines a taste profile of a user is constructed and matched to an M-dimensional latent factor vector that defines attributes of a media object. A playlist including the first media object is generated based on the matching.

Abstract: Providing an objective measure of trust in data provided by an Industrial Internet of Things (IIoT) device utilizes an objective trust indicator generated based at least in part on baseline device characteristics and corresponding monitored/observed device characteristics. These device characteristics may comprise device hardware characteristics, device software characteristics, application software characteristics (of software installed on the device), and/or device behavior characteristics. The trust indicator is determined by comparing a match vector indicative of weighted scores for the baseline device characteristics relative to a generated monitored characteristics vector indicative of differences between baseline and monitored device characteristics, and determining a directional difference between the match vector and the monitored characteristics vector.

Abstract: An unregistered cable modem is in a cable operator network having a computer, a dynamic host configuration protocol (DHCP) server, a spoofing domain name system (DNS) server and a good DNS server, a captive portal application, and a trivial file transfer protocol (TFTP) server. The cable modem is provisioned by the cable modem obtaining a configuration, rebooting, and activating the configuration. The computer obtains a plurality of computer configuration parameters including an IP address of the spoofing DNS. The spoofing DNS server answers an HTTP request from the computer with an IP address associated with the captive portal application. The captive portal obtains an activation code from the computer, verifies the activation code is correct, and forces the cable modem to reboot.

Abstract: A system and method for song management may include a digital vault receiving a song submitted by a user, the song comprising music in digital form; the digital vault uploading the song data to a song repository; the digital vault receiving and storing song metadata associated with the song; the digital vault sending a message to a reviewing user, inviting the reviewing user to access the song; and the digital vault capturing event metadata when the reviewing user gains access to the song, the event metadata comprising identification of the reviewing user and an activation timestamp.

Abstract: The present invention relates to data rights management and more particularly to a secured system and methodology and production system and methodology related thereto and to apparatus and methodology for production side systems and are consumer side systems for securely utilizing protected electronic data files of content (protected content), and further relates to controlled distribution, and regulating usage of the respective content on a recipient device (computing system) to be limited strictly to defined permitted uses, in accordance with usage rights (associated with the respective content to control usage of that respective content), on specifically restricted to a specific one particular recipient device (for a plurality of specific particular recipient devices), or usage on some or any authorized recipient device without restriction to any one in specific, to control use of the respective content as an application software program, exporting, modifying, executing as an application program, viewing,

Abstract: Example implementations are described that include displaying a graphical element related to privacy risk information for an application. A processor of a computing device may determine, for the application, a privacy attention score based on first privacy risk information. The processor may determine, for the application, an aggregated privacy assessment score from a plurality of privacy risk scores that are based on second privacy risk information. The processor may cause a graphical element representing a combination of the privacy attention score and the aggregated privacy assessment score to be displayed via a display device.

Abstract: Mobile devices executing applications utilize data services worldwide. The application executing on these mobile devices may be tested using proxy access devices (PADs) located at various points-of-presence (POPs) at different geolocations. A plurality of PADs in a high density configuration are managed to provide a pool of accessible devices at a POP for developers to utilize in testing. The PADs may comprise consumer-grade devices which individually are less reliable than that desired by an operator of the POP. Systems are used to provide a desired level of reliability by maintaining a reserve of additional PADs, automatically fixing problems, generating trouble tickets for more detailed troubleshooting, and so forth.