Abstract: Techniques facilitating using a blockchain system that integrates the trustworthiness of the blockchain concept with open scientific research by generating a blockchain of the experiments formed, data collected, analyses performed, and results achieved are provided herein. In an example, the blockchain system can form a blockchain representing a research project, wherein the blockchain comprises a first block of research data and a second block of analysis data representing a log of an analysis performed on the research data. Summary blocks and correction blocks can also be added to the blockchain representing the post analysis of the research results. One or more of the subsequent blocks can be linked to the preceding blocks using information in block headers that can also serve to determine whether modifications to the blocks have been performed.

Abstract: An access control system that protects signals between one or more secure databases for various user devices to ensure proper entrance or access into secure locations by approved personnel only that utilize one or more securitized container devices. These container devices may be software containers and either real or virtual devices. Specific methods and devices for securing (primarily digital and normally two-way) communications using applications that combine securing communications for wireless/cellular phones with personnel access card readers for entry into secure locations are also described. These combined communication and access devices require using specific encryption techniques impossible to corrupt and essential to denying fraudulent or otherwise unauthorized personnel the ability to enter or access security protected devices or locations.

Abstract: Techniques for preparing a user device for use in a location having limited network access include replacing data in the device cache prior to the user device reaching the location. A length of time until cached data expires, a length of time used to replace the cached data, and a length of time for the user device to reach the location are determined. Portions of the cached data that will expire while the user device is within the location are replaced. The time at which the data is replaced is based on the length of time used to replace the data and the length of time for the user device to reach the location. While the user device is in the location, functions that transmit large quantities of data may instead be replaced with more efficient data types or queued for later execution after the user device exits the location.

Abstract: An online system determines the likelihood of an interaction between a user and a content item being an invalid interaction. The online system receives an indication of an interaction of a client device with a content item. The online system identifies a device ID for the client device and determines whether the device ID is associated with one or more browser IDs. If the device ID is not associated with any browser ID, the received interaction is likely an invalid interaction. The online system may further determines the likelihood of an online publisher manufacturing interactions. The online system determines a number of invalid interactions and a number of valid interactions associated with the online publisher. The online system determines a ratio between the number of invalid and valid interactions. If the ratio is larger than a threshold value, the online system determines that the online publisher is likely manufacturing interactions.

Abstract: In various embodiments, authentication stations are distributed within a facility, particularly in spaces where mobile devices are predominantly used—e.g., a hospital's emergency department. Each such station includes a series of authentication devices. Mobile device may run applications for locating the nearest such station and, in some embodiments, pair wirelessly with the station so that authentication thereon will accord a user access to the desired resource via a mobile device.

Abstract: A method and system. A computer iteratively processes a unique condition digest of at least two condition digests in each iteration of a loop for a sufficient number of iterations to process all condition digests of the at least two condition digests. The processing in each iteration includes concatenating a reference digest with the unique condition digest of the iteration to generate a concatenand and hashing the concatenand to generate a hashed concatenand that serves as the reference digest for the next iteration if the next iteration is performed. Each unique condition digest is a different condition digest in each iteration of the loop. The regenerated reference digest of the last iteration of the loop is a last digest.

Abstract: A non-transitory computer-readable recoding medium having stored therein a communication management program that causes a communication management device to execute a process. The process includes authenticating a terminal in response to an authentication request from the terminal, receiving a communication content destined to a communication target system, the communication target system sharing access-authentication information with the communication management device, adding a first information with the communication content, the first information corresponding to a result of the authentication request, detecting whether the communication content includes a second information that is identified by the communication target system as information added by the communication management device, deleting the second information when the second information is detected in the communication content; and transmitting the communication content to the communication target system.

Abstract: Mechanisms for detecting fraudulent activity based on hardware events are provided. In accordance with some embodiments of the disclosed subject matter, the method comprises: receiving a request for advertising content to be placed on a website; receiving data describing physical activity at one or more user input hardware devices; receiving data describing interactions with the website; correlating the data describing interactions with the website with the data describing physical activity at one or more user input hardware devices; determining whether at least a portion of the interactions with the website are indicative of fraudulent behavior based on the correlation; and responding to the request for advertising content on the website by inhibiting the advertising content to be transmitted to the website in response to the determination that at least a portion of the interactions with the website indicates fraudulent behavior.

Abstract: A system may include a central computational instance disposed within a remote network management platform, where the central computational instance provides authoritative representations of software application licensing information to other computational instances, and where the other computational instances are dedicated to respective managed networks. The system may also include a particular computational instance that is configured to receive a representation of particular software application licensing information for a particular software application installed within the particular computational instance.

Abstract: In an approach for protecting a resource, a processor receives a resource and a parameter, wherein the parameter indicates a condition upon which the resource will be made accessible. A processor encrypts the resource. A processor associates the parameter with decryption information for the encrypted resource. A processor sends the encrypted resource to a computing device. A processor determines that the condition of the parameter has been met based on external information regarding the parameter. A processor sends the decryption information to the computing device.

Abstract: A network management entity is configured to communicate with one or more network security devices. Each network security device is configured to store in a respective event queue an event for each attempt to access a network accessible destination through the security device. Each event indicates the destination of the attempted access. The management entity periodically collects from the event queues the stored events so that less that all of the events stored in the event queues over a given time period are collected. The management entity determines, based on the collected events, top destinations as the destinations that occur most frequently in the collected events. The management entity determines, based on the collected events, bottom destinations as the destinations that occur least frequently in the collected events. The management entity generates for display indications of the top destinations and generates for display indications of the bottom destinations.

Abstract: There is provided a system and method for an interoperable keychest. There is provided a method for use by a central key repository (CKR) or keychest to provide content access authorizations to distributors, comprising receiving a key information file including a first encrypted second key for decrypting with a first key and a content identification, decrypting the first encrypted second key using a first key to retrieve the second key, receiving, from a distributor, a key request including the content identification, encrypting the second key using a third key to generate a second encrypted second key, and transmitting the second encrypted second key to the distributor in response to the receiving of the key request. In this manner, key management for protected distributors using different DRM schemas or systems may be simplified and made interoperable.

Abstract: A device receives, from a client device, a first request associated with target audience criteria and a time constraint. Based on the target audience criteria, the device sends, to an information device, a network state request. In response to the network state request, the device receives, from the information device, a network state response including user data associated with user devices. Based on the network state response, the device determines a predicted network state, including predicted user data associated with the user devices, associated with the time constraint. Based on the predicted network state and the target audience criteria, the device determines a predicted quantity of user devices associated with both the target audience criteria and the time constraint. The device sends, to the client device, a first response based on the determination of the predicted quantity of user devices.

Abstract: A system and method for providing augmented reality challenges. The method includes obtaining at least one multimedia content element; causing generation of at least one signature for each obtained multimedia content element; determining, based on the generated signatures, at least one augmented reality challenge; identifying, based on the determined at least one augmented reality challenge, at least one augmented reality object; creating at least one challenge multimedia content element by causing addition of the at least one augmented reality object to the obtained at least one multimedia content element; and causing a display of the created at least one challenge multimedia content element.

Abstract: A social networking system maintains characteristics with its users, with various characteristics, such as age, specified by the users (i.e., “asserted characteristics”). The social networking system selects content for a user based at least in part on the characteristics associated with the user. To account for potential inaccuracies in an asserted age of a user, the social networking system clusters users based on ages of other users connected to users. The online system receives verified ages for users in a cluster from a trusted third party system that maintains more accurate characteristics for users than the social networking system. By comparing the asserted ages for users in the cluster to the verified ages for users in the cluster, the social networking system determines an accuracy of the asserted ages for users in the cluster. The accuracy may be used when selecting content for the users.

Abstract: A method and a device for processing a multimedia file are provided. In some embodiments, for a multimedia file to be processed, payload data in the multimedia file is acquired, and the payload data includes multi-frame data forming the multimedia file. Some pieces of frame data are selected from the payload data as frame data to be encrypted, and the frame data to be encrypted is encrypted. New payload data is formed by the encrypted frame data and unencrypted frame data, and the new payload data is encoded to obtain an encoded multimedia file. Therefore, the protection of the copyrights of the multimedia file is achieved.

Abstract: A method and apparatus for extracting and displaying a feature data set is provided.

Abstract: Systems and methods may be provided for masking data on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider's website. A privacy agent may process input field content to try to detect encoding markers in the input field content, which define portions of the content that are to be encoded. A third party key server may be used to store decoding keys. A URI reference to the decoding key may be used to access the decoding key by a node attempting to view the decoded version of the input field content.

Abstract: Systems and methods allow targeting messages to consumers using a plurality of records for a group of consumers, each record comprising healthcare demographic information (HDI) associated with individual consumers. HDI can include insured status information identifying whether a consumer likely has health insurance, which is received from at least one health services provider. A cookie can correlates a consumer's browser to healthcare demographic information. The cookie allows subsequent association of HDI with the browser, without exposing personally identifiable information of the first consumer to advertisers. Systems and methods can also associate an ID of a consumer's electronic device with the HDI, allowing mobile device and set top boxes to serve relate ads to the consumer. Consumers can be targeted based on selected HDI criteria.

Abstract: Implementations of the present application disclose a method and device for processing a service request. If a service request passes consensus verification, each consensus node stores a digest of service data in a blockchain, instead of storing the service data in the blockchain. As such, the digest of the service data is stored in the trustworthy blockchain, and authenticity of the service data can still be verified. In addition, the service data is not stored in the blockchain so that the service data cannot be obtained by a blockchain node irrelevant to the target service. Therefore, each consensus node does not need to consume computing resources to encrypt the service data any more, thereby improving efficiency of performing consensus verification on the service request by each consensus node.

Abstract: The Distributed, Unfolding, Embedded Transaction and Inventory Apparatuses, Methods and Systems (“DUETI”) transforms site traversal, site request, embed data request, purchase request inputs via DUETI components into contextual activity payload, digital/media/actual asset procurement outputs. DUETI is a distributed transaction and transformer mechanism. DUETI, in one embodiment, provides a cloud based, distributable, site agnostic purchasing account, and in essence, may act as a commerce enabling media distribution platform. DUETI may provide distributed: advertising, asset browsing, electronic transactions, social sharing and gifting, etc., all disjoined from any one server/site/source. As such, the DUETI may operate with native (e.g., paid) media assets wherever they exist and unfurl around such asset to bring a user the ability to operate on and with the asset wherever it may reside.

Abstract: A computer system is securely booted by executing a boot firmware to locate a boot loader and verify the boot loader using a first key that is associated with the boot firmware. Upon verifying the boot loader, computer system executes the boot loader to verify a system software kernel and a secure boot verifier using a second key that is associated with the boot loader. The secure boot verifier is then executed to verify the remaining executable software modules to be loaded during boot using a third key that is associated with the secure boot verifier. During boot, state data files of the computer system are mounted in a namespace that is isolated from the namespaces in which the executable software modules are mounted.

Abstract: A system and method for evaluating socio-economic and/or environmental impact automatically identifies and transmits to a user computing device a socio-economic and/or environmental impact web page of an organization. A computer database coupled to a server contains data for various socio-economic and/or environmental impact web pages, defining formatting elements configured to display impact data. The computer database receives a data feed of the impact data from the organization and/or from one or more of the organization's vendors, and automatically updates the organization's socio-economic and/or environmental impact web page. The system automatically generates in the socio-economic and/or environmental impact web page, a socio-economic and/or environmental impact quotient depiction representing socio-economic and/or environmental impact of resource allocations of the associated organization.

Abstract: The present invention provides a method and system for receiving by a user from a source a communication being a fragment of a message having an unrecognizable part containing confidential data. The unrecognizable part is converted into recognizable data upon receipt of the communication and presented to the user. The user can send a request for an additional fragment of the message if needed to complete the message or to decipher the message.

Abstract: Data within a file system may be protected using a key rotation scheme. The key rotation scheme may include a data key and a metadata key. The data key may be used to encrypt data portions of the file system while the metadata key may be used to encrypt the metadata of the file system. The metadata key may be generated based at least in part on a user input and may be rotated at the end of a key rotation interval.

Abstract: In one embodiment, a unique (or quasi unique) identifier can be received by an application store, or other on-line store, and the store can create a signed receipt that includes data desired from the unique identifier. This signed receipt is then transmitted to a device that is running the application obtained from the on-line store and the device can verify the receipt by deriving the unique (or quasi-unique) identifier from the signed receipt and comparing the derived identifier with the device identifier stored on the device, or the vendor identifier assigned to the application vendor.

Abstract: The disclosed embodiments relate generally to complex data stream control and entitlement. Specifically, the disclosed embodiments provide systems and methods for ensuring that only authenticated/verified participants receive data streams. A third party, e.g., a party other than the data provider or the data recipient, who is nevertheless associated with both the data provider and the data recipient, may be involved in controlling whether data streams from the data provider can reach the data recipient. Thus, a third party may logically sit between the data provider and the data recipient, and may decide whether the data recipient should receive data streams. The disclosed embodiments implement data generation, flow, control and permissioning between multiple entities via digital assets accessed and manipulated on a shared data structure.

Abstract: Processing stacked data structures is provided. A system receives an input audio signal detected by a sensor of a local computing device, identifies an acoustic signature, and identifies an account corresponding to the signature. The system establishes a session and a profile stack data structure including a first profile layer having policies configured by a third-party device. The system pushes, to the profile stack data structure, a second profile layer retrieved from the account. The system parses the input audio signal to identify a request and a trigger keyword. The system generates, based on the trigger keyword and the second profile layer, a first action data structure compatible with the first profile layer. The system provides the first action data structure for execution. The system disassembles the profile stack data structure to remove the first profile layer or the second profile layer from the profile stack data structure.

Abstract: This disclosure provides for the securitization and/or encryption of software container devices that utilize both a control plane and a trust plane for ensuring that communication signals transmitted from and data residing within these containers are not corruptible. In addition, processors for monitoring statistics regarding data at rest and data on the move associated with creating these secure containers are also included.

Abstract: An encryption system, method, and computer software program product provides encrypted transmission of data between a server and a web browser application on a client computing device. The system includes an Internet browser; a JavaScript data encryption library; a public key encryption algorithm; a server; and a public private key pair of the user. The JavaScript library loads in user's browser and configured with symmetric and asymmetric encryption libraries and codes. Server sends an encrypted key data to the browser/JavaScript application. The user may then provide their private key and the JavaScript library decrypts the encrypted key data and obtains a symmetric key used to encrypt the data the server transmits to the browser during a session. With the server transmitting data in encrypted form, the browser is configured to decrypt the received data using the JavaScript data encryption library and the private key of the user.

Abstract: Disclosed are various embodiments for predictive caching of content to facilitate instantaneous use of the content. If a user is likely to commence use of a content item through a client, and if the client has available resources to facilitate instantaneous use, the client is configured to predictively cache the content item before the user commences use. In doing so, the client may obtain metadata for the content item from a server. The client may then initialize various resources to facilitate instantaneous use of the content item by the client based at least in part on the metadata.

Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosing operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. In the case of shellcode attacks, unsuccessful attacks may be emulated by selecting a corresponding emulator that will receive and execute instructions, as would a successful shellcode attack. Events occurring on the BotMagnet and Sinkhole are correlated and used to characterize the malicious code. The characterization may be transmitted to other computer systems in order to detect instances of the malicious code.

Abstract: Disclosed are various embodiments for controlling access to resources in a network environment. Methods may include installing a profile on the device and installing a certificate included in or otherwise associated with the profile on the device. A request to execute an application, and/or access a resource using a particular application, is received and determination is made as to whether the certificate is installed on the device based on an identification of the certificate by the application. If the certificate is installed on the device, then execution of the application and/or access to the resource is allowed. If the certificate is not installed on the device, then the request for execution and/or access is refused.

Abstract: A method and apparatus for identifying a risky user and a server. The method includes: extracting historical published information of users indicated by preset user identifiers; for each user indicated by each of the user identifiers, performing the following steps of identifying a risky user: extracting a feature vector from the historical published information of the user, and inputting the extracted feature vector to a pre-trained information identifying model to obtain an information identifying result corresponding to the historical published information of the user, the information identifying model being used to characterize a corresponding relation between the feature vector and the information identifying result; and determining the user as a risky user, in response to the information identifying result corresponding to the historical published information of the user indicating the historical published information of the user as risk information.

Abstract: A system that comprises a quantum key device configured to generate quantum information and transmit the quantum information over a first and second quantum communication channel. The system also comprises a first device, communicatively coupled to the quantum key device over the first quantum communication channel, and a second device, communicatively coupled to the quantum key device over the second quantum communication channel. The system further comprises an encryption module configured to encrypt data to create encrypted data, at the first device, using a first quantum encryption key. The system also comprises a decryption module configured to decrypt the encrypted data to create decrypted data, at the second device, using a second quantum encryption key. The first quantum encryption key is the same as the second quantum encryption key. The system further comprises a termination module configured to prevent access to the decrypted data after a predetermined period of time.

Abstract: Systems and methods are disclosed for sharing network feedback information. The method may include establishing, at a first access terminal, a wireless link with an access point, receiving network configuration data from the access point, composing a network feedback expression that indicates a status or availability of at least one network service associated with the access point, and transmitting the network feedback expression to a second access terminal via a D2D link.

Abstract: A download manger running on a computer system identifies an in-progress download of content by the computer system directly from a content system. The download manager causes the computer system to join a peer-to-peer network in which the content is being shared. The computer system starts to receive data blocks of the content from peer-to-peer network, as it continues the download from the content system. Based on the receipt of the content from the peer-to-peer network and from the content system, the download manager determines whether the computer system should rely primarily on the peer-to-peer network instead of the content system for receiving the content. If a determination is made to rely on the peer-to-peer network instead of the content system, the download manager terminates the download from the content system and continues receiving data blocks of the content from the peer-to-peer network.

Abstract: Systems and methods monitor copyrighted material and the proportion of a document accessed. A library of material in which copyright or related rights subsist is linked to copyright data for each item of material. A database contains rules for use of copyrighted material. The extent of a document in its entirety, including copyrighted material, can be quantified e.g. by an input counter counting its text, graphics and other content. The extent of a document accessed in each instance of use of the document can be quantified e.g. by an output counter. Use of copyrighted material can be metered based on the accessed extent. Document access can be permitted e.g. based on copyright use rules. A determination can be made as to whether the proportion of a document accessed is above a predetermined value. If fair use is unavailable or exhausted, a user may purchase a license to access copyrighted material.

Abstract: Virtual repository management is disclosed. An indication is received that a content management functionality is desired to be available with respect to one or more external content items. A reference object is created for each for the one or more external content items that represents the external content item and enables the content management functionality to be performed with respect to the external content item.

Abstract: Methods and systems of providing syndicated feeds are disclosed. Content metadata is received from a feed provider. At least one rule for syndicating to a feed receiver a content item that corresponds to the content metadata is identified. A request from the feed receiver for syndication of the content item is received. The content item is requested for the feed provider. The content item received from the feed provider is syndicated in real-time to the feed receiver according to the at least one rule.

Abstract: To ensure that digital rights cannot be forged or tampered with, they can be digitally signed. However, this means that updating the digital rights is no longer possible, as this would invalidate the digital signature. The present invention proposes that the issuer of digital rights issues rights which are signed in elementary pieces, rather than as a whole. Rather than issuing a right to play back a piece of content three times, the provider issues for example three rights to play back the content once in a particular AD, of which two may be transferred to other domains. The digital rights are individually protected by signatures and it is no longer possible to forge digital rights. As an enhancement the rights that can be transferred are indicated as such and stored securely to prevent tampering. When the right is transferred, it must be signed by the person who originally received it.

Abstract: A license update engine is run as part of a license entitlement automation system. The license update engine is minimally executed daily and identifies, for example, content updates to be applied and licenses that have drifted from their definition. The license update engine then generates proposals for operators to consider. Accepted proposals update the license configuration. Thus, the license update engine identifies licenses and the definitions that are connected to them, including definitions that the licenses from which the were created and definitions that are linked to SKUs of entitlement purchases. Analyses relates three categories of proposal, including license types, applications linked to licenses, and usage rights on licenses. Proposals are stored in a database and operators can accept or ignore them. The database maintains a history of license changes.

Abstract: Computer systems, devices, and associated methods of optimizing the execution of instructions of a database statement by a database server are disclosed herein. In one embodiment, a method includes identifying a potential execution plan for executing instructions of the database statement and estimating a cost for executing the execution plan. The cost can comprise an encrypted data processing cost associated with a operation in the execution plan of executing an operation on encrypted data in a protected computing environment. The method can include estimating the encrypted data processing cost in the protected computing environment based on statistics generated in the protected computing environment about a database table. In response to estimating the cost for executing the execution plan, comparing the cost to estimated costs of alternative execution plans, selecting the lowest-cost plan for execution, and executing the lowest-cost execution plan.

Abstract: Techniques facilitating using a blockchain system that integrates the trustworthiness of the blockchain concept with open scientific research by generating a blockchain of the experiments formed, data collected, analyses performed, and results achieved are provided herein. In an example, the blockchain system can form a blockchain representing a research project, wherein the blockchain comprises a first block of research data and a second block of analysis data representing a log of an analysis performed on the research data. Summary blocks and correction blocks can also be added to the blockchain representing the post analysis of the research results. One or more of the subsequent blocks can be linked to the preceding blocks using information in block headers that can also serve to determine whether modifications to the blocks have been performed.

Abstract: A computing system identifies a media stream being received by a client, based on fingerprint matching conducted with query fingerprints generated by the client at a frame rate. The computing system then causes the client to increase the frame rate, in order to facilitate establishment by the computing system of synchronous lock between true time within the media stream and client time according to an clock of the client. The computing system then uses the established synchronous lock as a basis to map a true-time point at which a content revision should be performed in the media stream to a client-time point at which the client should perform the content revision. And the computing system causes the client to perform the content revision at the determined client-time point.

Abstract: One embodiment facilitates data destruction in a phase change memory-based storage device. During operation, the system detects, by the storage device, a power loss. Subsequent to the power loss, the system overwrites keys and configuration information used to transform data stored in the phase change memory, wherein the keys and the configuration information are stored in the phase change memory, thereby preventing the data from being recovered.

Abstract: The subject matter herein is directed to a digital data locker that acts as an intermediary between end users operating end user device and document providers. The data locker provides the end user with a secure and easy way to manage, store, and retrieve data that is stored at the document providers. Specifically, the features provided by the data locker include, but are not limited to, a dual level of encryption for data, content assurance to determine whether the data is corrupted, and dissociation between an identity of an end user and the data of the end user stored at the document providers. More specifically, an end user device operated by the end user, through use of a single application, may access the data locker to securely store and retrieve data on/from the document providers.

Abstract: When a license management server according to the present exemplary embodiment receives a request for changing a license of a first version to a license of a second version from a license operation server that leases a license to a client, the license management server changes an expiration date of the license of the first version to a predetermined period of time later, and issues the license of the second version. Then, the license of the first version of which expiration date has been changed to the predetermined period of time later and the issued license of the second version are transmitted to the license operation server.

Abstract: Systems and methods of owner application control of an electronic device are provided. Owner application control information is stored on the electronic device and/or one or more remote servers. Owner application control information is consulted to determine if one or more required applications are available for execution on the electronic device. If not, one or more required applications not available are downloaded and installed. This could be in a manner transparent to the user of the electronic device. If one or more required applications are not available on the electronic device, the device can be functionally disabled in whole, or in part, until one or more required applications are available.

Abstract: A high speed apparatus and method for processing a plurality of financial market data messages are disclosed. With respect to an exemplary embodiment, a reconfigurable logic device is employed to generate a plurality of financial market data messages from a plurality of the data fields, each generated message having a specified message format.