Abstract: A convenient, easy to use ubiquitous secure communications capability can automatically encrypt and decrypt messages without requiring any special intermediating security component such as gateways, proxy servers or the like. Trusted/secure applications for the mobile workforce can significantly improve productivity and effectiveness while enhancing personal and organizational security and safety.

Abstract: System and method embodiments are provided for content encryption in a key/value store. The embodiments include encrypting both the key and value of client data blocks for storage so that the data can be retrieved reliability without compromising the key. An embodiment method includes obtaining a key from a data block comprising the key and a value, encrypting the key using a deterministic encryption algorithm with an encryption key to map the key to a cypher text in a one-to-one mapping, and encrypting the value using a second encryption algorithm to randomly map the value to a second cypher text. Encrypting both the key and the value provides more protection to the client data instead of encrypting only the value and leaving the key vulnerable without encryption. The encrypted key can also be protected from unauthorized access and from the owner of the database or the storage system.

Abstract: A data selection method for reducing the decoding computational complexity of a vehicle-to-X communication system. The communication unit is used to transmit and receive vehicle-to-X messages, wherein the vehicle-to-X messages each include at least one useful data portion and at least one header data portion, wherein the at least one header data portion in each case is transmitted in uncoded form, and wherein the at least one useful data portion in each case is transmitted in coded form. The received vehicle-to-X messages are weighted into at least two categories on the basis of the at least one header data portion in each case, wherein the at least one useful data portion in each case is decoded on the basis of the weighting.

Abstract: Methods and systems for delivering a segmented content item from a server to a first and second device are provided. A first key is used to encrypt the segmented content item into a first plurality of encrypted segments and a second key is used to encrypt the segmented content item into a second plurality of encrypted segments. The first and second keys are different. The first plurality of encrypted segments is delivered to the first device, and the second plurality of encrypted segments is delivered to the second device.

Abstract: A system includes a server connectable to a client, the server configured to allow the client to acquire a message of an index designated by the client among N messages held by the server where N is an integer of two or more. The server includes a classification unit configured to classify the N messages into M classified messages by contents of the messages; a message encryption unit configured to encrypt each of the M classified messages; a message provision unit configured to provide the M encrypted classified messages to the client; and a key sending unit configured to send the client, by oblivious transfer, a message key for decrypting the classified message corresponding to the message of the index designated by the client.

Abstract: An apparatus and computer-implemented method comprise providing an algorithm to a client device comprising a processor, a memory, and a user interface comprising a display and an input mechanism, displaying on the display a supported document comprising a supported data item data item, receiving an instruction for the supported data item to associate supporting document information to the supported data item, providing a data entry mechanism at which the supporting document information can be specified, receiving the supporting document information; and attaching the supporting document information in a persistent manner to the supporting data item.

Abstract: Provided is an information reconciliation method in a quantum key distribution system between a transmitter and a receiver, which includes receiving a parity bit from the transmitter through a quantum channel, correcting an error of a receiver quantum key by using the received parity bit, and removing a residual error of the receiver quantum key through an open channel by using a cascade protocol to harmonize the receiver quantum key with a transmitter quantum key, wherein the parity bit is generated at the transmitter by using turbo codes. This method may enhance quantum key generation efficiency.

Abstract: Provided is a remote terminal device having an industrial versa module eurocard bus (VMEbus) structure and including a main module that receives control logic information of a field device from an input/output module, and a programmable logic controller (PLC) function module that receives the control logic information from the main module, performs a logic corresponding to the control logic information, and outputs a result of the performed logic. The PLC function module includes a dual port RAM including a plurality of memory areas, and a PLC chip that reads the control logic information written on one of the plurality of memory areas, performs the logic corresponding to the read control logic information, and outputs the result of the performed logic to another one of the plurality of memory areas.

Abstract: According to this disclosure, a proxy server is enhanced to be able to interpret instructions that specify how to modify an input object to create an output object to serve to a requesting client. Typically the instructions operate on binary data. For example, the instructions can be interpreted in a byte-based interpreter that directs the proxy as to what order, and from which source, to fill an output buffer that is served to the client. The instructions specify what changes to make to a generic input file. This functionality extends the capability of the proxy server in an open-ended fashion and enables it to efficiently create a wide variety of outputs for a given generic input file. The generic input file and/or the instructions may be cached at the proxy. The teachings hereof have applications in, among other things, the delivery of web content, streaming media, and the like.

Abstract: Embodiments regard security descriptors for record access queries. An embodiment of a method includes: receiving a record access query, the query regarding records for a certain one or more users, groups, or both at a certain access level; searching one or more sharing tables of entities in a computing environment for security descriptors, each security descriptor being associated with a set of one or more users, groups, or both having access to one or more records of a set of records at an access level; identifying any security descriptors in the one or more sharing tables that relate to the certain one or more users, groups, or both with at least the certain access level; and searching the one or more records associated with each of the identified security descriptors according to the record access query.

Abstract: Systems, methods, and non-transitory computer readable media are provided for maintaining local virtual states pending server-side storage across multiple devices and users and intermittent network connections. In exemplary embodiments, content added by a user to his or her account locally on a user device may be displayed, and all interactivity therewith may be facilitated, as if the content had already been created on the content management system. In content management system applications that support shared virtual spaces, changes made by the user from his or her user device to the shared virtual space (including creation of a new shared virtual space) may be displayed locally as soon as the change has been made, not waiting for the information to be transmitted to the server or its state to be made consistent with that of the mobile device.

Abstract: A trusted device includes a secure interface and a host interface, the secure interface being isolated from the host interface by an isolated environment. A user provides a communication to the trusted device via the secure interface. A processor of the isolated environment encrypts the communication and transmits the encrypted communication to a read file of the host interface. A host device connected to the trusted device via the host interface receives the encrypted communication. The host device transmits the encrypted communication to a second host device that is connected to a second trusted device via a second host interface. The second host device transmits the encrypted communication to a write file of the second host interface. A processor in an isolated environment of the second trusted device decrypts the communication and provides the decrypted communication to a second user via a secure interface of the second trusted device.

Abstract: A non-transitory computer-readable storage medium may comprise instructions stored thereon that, when executed by at least one processor, are configured to cause an intermediary server to at least receive, from a first client device, a first login request via a first browser installed on the first client device, the first login request identifying a user account, receive, from a third-party server, a message request, the message request including an identifier and indicating a browser application or a browser extension, map the identifier to the user account, determine whether the user account has installed the browser application or browser extension, and if the user account has installed the browser application or browser extension, send a first message to the first browser based on the message request.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method and an apparatus of a server in a communication system are provided. The method includes receiving identifier information of a user equipment (UE), obtaining, if an error is detected for a first authentication key corresponding to the identifier information, information on a second authentication key for authenticating the UE, and authenticating the UE based on the information on the second authentication key.

Abstract: Media content is managed by defining a list of authorized recipients in a network accessible security information repository, recording media content at a client device, obtaining the list of authorized recipients at the client device, associating at least one of the authorized recipients with the media content, and transmitting the media content along with information identifying the at least one of the authorized recipients associated therewith from the client device to a network accessible media repository for storage therein. The media content includes audio, video, and/or image content.

Abstract: Provided is a certificate issuing system including a client terminal and a server device. The client terminal derives a first hash value from a first random number using a unidirectional function, generates a secret key and a public key of the client terminal, and transmits the first hash value and the public key of the client terminal to the server device. The server device receives the first hash value and the public key of the client terminal from the client terminal, stores the first hash value, authenticates the client terminal on the basis of the stored first hash value and the derived first hash value, generates a client certificate on the basis of the public key of the client terminal and a secret key of the server device when the authentication succeeds, and transmits the client certificate to the client terminal.

Abstract: The present invention relates to a vehicle communication system and method used when transmitting and receiving driving information of a vehicle to and from surrounding vehicles. According to the present invention, a host vehicle may transmit and receive driving information to and from its surrounding vehicles to find out information about a position, a speed, a driving direction, etc., thereby decreasing traffic accident risk. However, transmission and reception of the driving information may not be smoothly performed depending on surrounding communication conditions. The present invention provides a communication congestion control device and method for smoothly performing data transmission and reception between vehicles depending on surrounding conditions, by setting a time frame variably depending on surrounding communication conditions and transmitting data on the basis of the changed time frame.

Abstract: Technologies for providing electronic security to a first network are disclosed. The system may include a user equipment, a gateway device configured to mediate communication between a first network and a second network for the user equipment, and an electronic security device communicatively coupled to the gateway device. The electronic security device may include a gateway interface module configured to assume an identity associated with the gateway device, a network interface module configured to present the identity to the second network, and a traffic inspection module configured to monitor traffic without substantially affecting a topology of the first network, wherein the electronic security device is configured to identify undesirable traffic; and implement a security policy.

Abstract: A system and method are disclosed for one-stop shopping for health-care services and related needs. The one-stop shopping system and method provide objective information for the system enrollee to assess and decide on health-care insurance and services. The system and method provide this objective information in a way that is easily accessible by system enrollees in an economical and rapid manner.

Abstract: An example of the present invention is a method of transmitting encrypted user data to a mobile terminal in a wireless telecommunications network. The method comprises sending to the mobile terminal a data packet. The data packet comprises both an identifier of encryption information to be used in recovering encrypted user data, and user data encrypted using the encryption information.

Abstract: A graphical user interface includes objects for controlling privacy settings specific to particular user data corresponding to charitable giving. Graphically depicted sharing zones each represent a privacy setting. An information container represents particular user data. The user may drag and drop the information container between sharing zones to control privacy of the user data represented by the information container.

Abstract: A system, a method, and an apparatus are disclosed. In an embodiment, a system includes a host processor with a communications unit, a memory coupled to the communications unit, and a coprocessor coupled to the communications unit. The memory may include at least a first area and a second area. The coprocessor may be configured to request access to the first area of the memory via the communications unit. The communications unit may be configured to verify an identity of the coprocessor, and grant access to the first area of the memory responsive to a positive identification of the coprocessor.

Abstract: Embodiments of the present invention include a method for configuring a femtocell. In one embodiment, the method includes identifying a cellular device within near-field communication range of the femtocell. The method identifies a carrier network associated with the cellular device and automatically configures the femtocell to operate on the carrier network associated with the cellular device.

Abstract: An image forming apparatus having a firmware update technology that realizes updating of firmware using an encrypted file and reduces a downtime using a differential update. When a first update instruction to perform an update using a first firmware including an encrypted plurality of files is accepted, a content list file is downloaded from an external apparatus, an update file to be updated is identified based on the content list file, and the identified update file is further downloaded from the external apparatus. Then, the update file is decrypted and installed in the image forming apparatus. When a second update instruction to perform an update using a second firmware including an encrypted plurality of files and content list files is accepted, the second firmware is downloaded in a single batch from the external apparatus. Then, the second firmware is decrypted, and the plurality of files is installed in the image forming apparatus.

Abstract: Technologies for utilizing trusted messaging include a local computing device including a message client and a local trusted message module established in a trusted execution environment. The local trusted message module performs attestation of a remote computing device based on communication with a corresponding remote trusted message module established in a trusted execution environment of the remote computing device. The local trusted message module further exchanges, with the remote trusted message module, cryptographic keys in response to successful attestation of the remote computing device. The message client forwards outgoing messages to the local trusted message module and receives incoming messages from the local trusted message module.

Abstract: A device and its operations are described herein. In some examples, the operations can include executing a first application within a first operating system domain of a device, the first application associated with at least a first activity view. The operations can further include detecting user input associated with the first application. The user input is associated with activating a second activity view of a second application. The operations can further include determining that the second application corresponds to a second operating system domain of the device. The operations can further include establishing a first proxy link within the first operating system domain that corresponds with a second proxy link within the second operating system domain. The first proxy link is associated with causing the second proxy link to invoke the second activity view of the second application within the second operating system domain.

Abstract: The present system and method pertain to the detection of malicious software and processes such as malware. A cloud security policy system receives hashes and behavioral information about applications and/or processes executing on user devices. The cloud security policy system records this information and then evaluates the trustworthiness of the hashes based on the information received from the user devices to provide a security policy for the applications and/or processes. The security policy is sent from the cloud security policy system to user devices to be applied by the user devices.

Abstract: Disclosed herein is a method for enforcing policy compliance on a device that includes detecting a compliance action associated with an electronic device. The compliance action initiates verification that the electronic device is in compliance with a policy. The method also includes sending configuration information for the electronic device to a compliance authenticator in response to the compliance action. The compliance authenticator verifies that the configuration information complies with a policy. Further, the method includes receiving an authentication certificate in response to the compliance authenticator verifying the configuration information complies with the policy. The authentication certificate expires after a predetermined period of time.

Abstract: Described are a system and method for presenting security information about a current site or communications session. Briefly stated, a browsing software is configured to receive a certificate during a negotiation of a secure session between a local device and a remote device. The certificate includes security information about a site maintained at the remote device. The security information is displayed to a user of the browsing software in a meaningful fashion to allow the user to make a trust determination about the site. Displaying the security information may include presenting a certificate summary that includes the most relevant information about the certificate, such as the name of the owner of the site and the name of the certificating authority of the certificate.

Abstract: The present invention provides methods, devices and systems for using and invoking an Oauth API.

Abstract: An on-vehicle apparatus transmits first license request information to content to be purchased, to a server, and receives content data, to which a first license issued by the server based on the first license request information is added, from the server. The server transmits the content data, to which the first license is added based on the first license request information, to the on-vehicle apparatus, transmits second license request urging information to a communication terminal based on driving end notification information, and issues a second license to the content data based on the second license request information. The communication terminal transmits driving end notification information to the server based on determination that driving of a vehicle having the on-vehicle apparatus mounted thereon is ended, and transmits second license request information according to the second license request urging information to the server.

Abstract: Server computers send requests over a network for an allocation of server tasks and processing tasks, the processing task requests having an associated expiration time. The plurality of server computers process received server tasks provided to the server computers in response to the requests, and process processing tasks within the expiration time in response to the requests for processing tasks. The server computers perform the allocated processing tasks only if there are no pending server tasks.

Abstract: A Machine Type Communication (MTC) device and method of the MTC device are provided for establishing a connection with a base station in a wireless communication network environment. The method includes receiving, by the MTC device, a broadcast message from a base station over a Machine-to-Machine (M2M) broadcast control channel, wherein the broadcast message includes header information and at least one M2M-Random Access CHannel (mRACH) parameter; determining whether an mRACH message can be sent to the base station, based on the header information in the received broadcast message; sending the mRACH message to the base station using the at least one mRACH parameter to establish an uplink connection with the base station, when the mRACH message can be sent to the base station; and receiving a resource assignment message indicating a successful connection establishment with the base station, in response to the mRACH message.

Abstract: A system for controlling access includes a computing device, configured to: determine a first identifier associated with a first access point being used by the computing device to access a network; determine first access control data associated with the first identifier and a first application executing on the computing device; and control access to data over the network by the first application based on the first access control data.

Abstract: Load balancing includes receiving, from a client, a connection request to establish a connection with a server; determining load balancing state information based at least in part on the connection request; synchronizing the determined load balancing state information across a plurality of service engines, including to invoke an atomic read-miss-create (RMC) function on a distributed data store service; and distributing the connection to a selected server among a plurality of servers according to a result of the RMC function.

Abstract: The invention relates to a method for initiating an OTA session in a mobile radio communication network at the request of a user of a mobile terminal. The OTA session is established between the mobile terminal and a remote OTA server, the mobile terminal including a security element such as a UICC card. According to the invention, the method comprises: i) entering a special code using the man/machine interface of said mobile terminal; ii) said security element intercepting said special code; and iii) opening said OTA session between said mobile terminal and said remote server in a secure mode.

Abstract: Disclosed are various embodiments of a system for rendering, in a first browser of a computer, a network page of an electronic commerce system. The system stores, in a first data store, a first capture of a rendering of the network page. The system transmits data associated with the first capture to another computer, where a second browser renders the network page based at least upon the data associated with the first capture. The system stores, in a second data store, a second capture of the network page.

Abstract: Aspects described herein allow multiple devices to function as a coherent whole, allowing each device to take on distinct functions that are complementary to one another. Aspects described herein also allow the devices function as a coherent whole when interconnected devices and their respective applications are configured to operate in various operation modes, when management policies are employed to control the operation of the interconnected devices and their respective applications, when transferring content between the interconnected devices and storing the content at those devices, when obtaining access credentials for the interconnected devices that enable the devices to access enterprise resources, when a policy agent applies management policies to control operation of and interaction between the interconnected devices, and when the interconnected devices are used to access an enterprise application store.

Abstract: The disclosed subject matter relates to computer implemented methods for providing to a web-based application access at a hardware level to a peripheral device. In one aspect, a method includes establishing a first link between a computing device and a web-based application. The computing device is configured to access the web-based application. The method further includes establishing a second link between the computing device and a peripheral device. The method further includes bridging the first link and the second link to establish a communication channel between the web-based application and the peripheral device. The communication channel is configured to provide to the web-based application access at a hardware level to the peripheral device.

Abstract: In an embodiment, a first client device establishes a P2P connection with a second client device. While the P2P connection is still established, the first client device receives a request to send data to the second client device via the P2P connection, and then sends the data to a server along with an indication of a temporary identifier of the second client device without notifying an operator of the first client device that the data is being sent to the server. In another embodiment, the server receives the data, maps the temporary identifier to a unique network address of the second client device and generates a record of the data transmission between the respective client devices. In another embodiment, the server maintains an association for the temporary identifier after the first and second client devices are disconnected from their P2P connection to permit supplemental communication.

Abstract: A digital certificate incorporated within a communication is received from a server associated with a host name. Resource records associated with the host name are caused to be queried for a list of certificate authorities. In response to causing the resource records to be queried, the list of certificate authorities is received. A certificate authority is identified within the received digital certificate. The identified certificate authority is compared to the received list of certificate authorities. A determination is made, based on the comparison, that the identified certificate authority is included in the received list of certificate authorities.

Abstract: According to an aspect of an embodiment, a system for secure recording and sharing of audio data includes a communication interface, a registration module, a microphone, an encryption engine, and a storage device. The registration module is configured to register an attendee device associated with an attendee for a meeting. The microphone is configured to convert sound generated at the meeting to audio data representing the sound. The encryption engine is configured to encrypt the audio data. The storage device is configured to store and associate the encrypted audio data with the attendee device for subsequent access by the attendee.

Abstract: Analytics data validation techniques are described. In one or more implementations, an analytics service collects analytics data from a client device that describes web content and consumption of the web content by the client device. The collected analytics data includes encrypted analytics data that is not accessible by the client device and dynamic analytics data that describes the consumption of the web content by the client device. The encrypted analytics data is decrypted and a determination is made as to whether the collected analytics data is valid using the decrypted analytics data based on whether the decrypted analytics data includes expected parameters or that the dynamic analytics data is consistent with the decrypted analytics data. Responsive to a determination that the collected analytics data is valid, use of the collected analytics data is permitted are part of a web content analysis.

Abstract: Apparatus and associated methods relate to securely transmitting, directly between two mobile devices, AES-256 encrypted file attachments which are decrypted within an application program (APP) using a decryption key that is available only to the APP. In an illustrative embodiment, the encrypted file may be attached to an e-mail. The e-mail may be transmitted directly to another mobile device via direct Wi-Fi, for example. The e-mail may be transmitted directly to another mobile device using Bluetooth, for example. In encrypted attachment may be deciphered only within the APP running on the receiving mobile device using a private key accessible to only the APP.

Abstract: Described is a method of assigning a network address to a trap, the network address being a dark address of a virtual private network. The network traffic destined for the network address is monitored and a classification of the network traffic is determined. After the classification, a predetermined response is executed based on the classification of the traffic.

Abstract: A method of storing a file is provided. The method includes splitting the file into a plurality of file chunks and encrypting each file chunk of the plurality of file chunks. The method also includes generating a first security key that decrypts a first encrypted file chunk of the plurality of encrypted file chunks and storing ones of the plurality of encrypted file chunks at a second location separate and distinct from the first location. The method also includes storing a second security key that decrypts a second encrypted file chunk of the plurality of file chunks at the first encrypted file chunk where access is gained to the second security key when the first encrypted file chunk is decrypted using the first security key.

Abstract: Disclosed are various systems, methods, and other embodiments directed to detection of malware in content items. To detect the malware, for example, one or more content items are identified in association with the rendering of a network page in a simulated environment. A plurality of tests are applied to the one or more content items to detect an existence of malware associated with the content items.

Abstract: A method for applying a security policy to an application session, includes recognizing the application session between a network and an application via a security gateway; determining by the security gateway a user identity of the application session using information about the application session; obtaining by the security gateway the security policy comprising network parameters mapped to the user identity; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.

Abstract: A communication apparatus identifies an access point with which the communication apparatus can perform wireless communication and transmits information indicating the identified access point to a communication partner apparatus by way of the wireless communication. In response to this, an access point designated by the communication partner apparatus is registered as a relay access point.

Abstract: Techniques for discovering and/or advertising services are described herein. A first bitmask is received from a remote device over a wireless network, the first bitmask having one or more bits that have a predetermined logical value. Each bit represents a particular service provided by the remote device. A logical operation is performed between the first bitmask and a second bitmask locally generated within a local device, where the second bitmask represents a service being searched by the local device. It is determined whether the remote device is potentially capable of providing the service being searched by the local device based on a result of the logical operation.