Abstract: The invention provides a method, device and system for processing DNS behavior. The method comprises: resolving received network data packet; judging a DNS behavior type corresponding to the network data packet according to the resolution result; determining a processing body according to the DNS behavior type, wherein the processing body comprises a kernel and/or an application layer; and transferring the network data packet to the determined processing body, and processing the network data packet by the determined processing body. The method in the disclosure can improve the DNS defense capability, while improving the service processing capability of a single machine.

Abstract: There is provided an authority delegation system capable of issuing, in a case where an identifier of a user is associated with an identifier of a client, authority information indicating that an authority of the user has been delegated to the client without receiving an instruction for authorizing the authority of the user on the service to be delegated to the client.

Abstract: A method and a system for identity authentication are presented. In one example embodiment, audio data (e.g. a sound wave) may be received from a user. The audio data may be used to establish an identity of an entity to the user. The audio data may be stored at a storage location; and be presented to the user to establish the identity of the entity when the entity participates in an electronic communication with the user. In another example embodiment, a server (e.g., a web client or client application server) may present a plurality of audio files to a user; receive a user selection of selected audio data from the plurality of audio files; responsive to the user selection, the server may communicate, via a network, the selected audio data to another server. The selected audio data may be used as an identity authentication.

Abstract: The embodiments herein provide a method and system for creating a secure connection for a User Equipment (UE) in a wireless network including a UE, carrier aggregated with at least one first serving frequency served by a first eNB and at least one second serving frequency served by a second eNB. A unique non-repetitive security base key associated with the second eNB is generated using a freshness parameter and security key associated with the first eNB. The use of a different freshness parameter for each security base key derivation avoids key stream repetition. Further, a user plane encryption key is derived based on the generated unique non-repetitive security base key associated with the second eNB for encrypting data transfer over at least one data radio bearer.

Abstract: Collecting online group chat messages. The method may include receiving a message associated with an online group chat session between chat participants. The method may also include determining the received message satisfies at least one message collection rule. The method may further include recording the received message to at least one message table based on each chat participant mentioned in the received message. The method may also include determining a first chat participant chooses to open a private chat session with at least one second chat participant. The method may further include identifying recorded messages within the message tables associated with the at least one second chat participant. The method may also include displaying the identified recorded messages in a private chat session sub-window.

Abstract: A cell phone is disclosed for acquiring information to be transmitted to a receiving facility and for transmitting such thereto. A capture device captures information from an external source. A processor is provided for associating with the captured information a representation of the date and time of the capture of the information, such that the representation of the date and time information in association with the captured information forms augmented captured information. The processor also places the augmented captured information in association with subscriber information in a transmission of the augmented captured information to a receiving facility requiring such subscriber information. A transmitter transmits the transmission including the augmented captured information and the subscriber information to the receiving facility.

Abstract: This invention relates to a method for generating correlation identity with respect to a client to establish, integrate and communicate to a server within a cloud environment (e.g. Inswit™ Cloud). A service location identity can be generated with respect to a remote client by getting at least one service node of an appropriate service request made by the client device within the cluster of the cloud environment. A correlation ID/source ID can be thereafter generated based on the service location identity to serialize the payload and establish a connection with the server. The integration services with respect to the client device can be instantiated to permit authenticated information flow within the cloud network. The messages including the information on the destination end points can be finally emanated out of the source end points to the destination end point by efficiently authenticating the client devices using the correlation ID.

Abstract: A system, apparatus, method, and machine readable medium are described for implementing a composite authenticator. For example, an apparatus in accordance with one embodiment comprises: an authenticator for authenticating a user of the apparatus with a relying party, the authenticator comprising a plurality of authentication components; and component authentication logic to attest to the model and/or integrity of at least one authentication component to one or more of the other authentication components prior to allowing the authentication components to form the authenticator.

Abstract: The present provides a method for logging in a website hosted by a serve by multi-account and the client. The method comprises: when logging into the server using the second account, a browser: receiving, from the user, login information of the user's second account generating authority request information of the second account based on the login information of the user's second account; saving the authority request information of said second account in a local system directory of the browser separately from authority request information of a first account that has logged into said server; transmitting the authority request information of the second account, via the Internet, to the server; and after receiving, via the Internet, identification information returned from said server for identifying said second account, the browser saving said identification information in the local system directory of the browser separately from corresponding identification information of the first account.

Abstract: In various example embodiments, a system and method for providing policy-based authentication is provided. In example embodiments, a request to access and sign a document is received from a device of an intended signer. A policy assigned to the intended signer is determined. Based on the policy, a determination is made whether an authentication mechanism is applicable to the intended signer. In response to the determining that the authentication mechanism is applicable to the intended signer, the intended user is required to perform the authentication mechanism. The intended user is provided access to view and sign the document based on the intended user satisfying the authentication mechanism.

Abstract: Methods and systems for detecting an electronic intrusion are described. A user activity may be identified for a user account. A location of a user corresponding to the user account may be determined. It may be identified, based in part on the location of the user, whether to communicate a request to the user for instructions to respond to the user activity. A response may be received from the user in response to determining to communicate the request to the user for instructions. The response may include instructions to block access to the user account at a server. Command information may be communicated to the server. The command information may include a command to block access to the user account.

Abstract: A Software-as-a-Service (SaaS) access control application on a client device is configured with a certificate that identifies a user, and with configuration information for one or more SaaS applications to access, and including an IDP identifier for the SaaS application. The SaaS access control application includes software to be inserted into a network software stack of the client device and software configured to serve as an identity provider for assertions. A request, made by an application on the client device to a SaaS service provider identified by a Universal Resource Locator (URL) provided during configuration of the SaaS access control application, is intercepted within the network software stack of the client device. The SaaS access control application generates an assertion based on the certificate and configuration information. The requesting application is caused to make a request to the SaaS service provider with the assertion embedded in the request.

Abstract: A method of authenticating a slave device. The method includes initializing, by a host device, a charge retention circuit of the slave device, and receiving, by the host device, an indication of a discharge time of the charge retention circuit. The host device authenticates the slave device based on the received indication of the discharge time of the charge retention device.

Abstract: A system, device and method for authenticating a user. The system, device and method may employ a computing device for providing credentials required for access to an on-line resource available over a network. The computing device may connect to the on-line resource to register a user. The computing device may receive from the on-line resource at least one request for a credential to identify the user. In response to the request, the computing device may generate a random credential, store the random credential in association with an on-line resource identifier and the request in a data store accessible to the computing device and, submit the random credential to the on-line resource to register the user.

Abstract: A computer-implemented method for digitally signing executables with reputation information is disclosed. This method may include (1) receiving a request for a reputation certificate for an executable file, (2) identifying reputation information associated with the executable file, (3) generating a digitally signed reputation certificate for the executable file that includes at least the reputation information associated with the executable file, and then (4) providing the reputation certificate in response to the request. Additional computer-implemented methods for evaluating the trustworthiness of executable files based at least in part on reputation information contained within such digitally signed reputation certificates, along with corresponding systems and computer-readable media, are also disclosed.

Abstract: A system and method of guaranteeing the presence of secure and tamper-proof remote files over a distributed communication medium, such as the Internet, is provided. The system and method automatically detects, and then self-repairs corrupt, modified or non-existent remote files. The method first performs an integrity check on a remote file and then determines whether the integrity check passed. If the integrity check passed, then the user goes through the authentication process as normal. If the integrity check fails, then the present invention redirects to an install module in order to prepare to reinstall the remote file. Via the install module, the present invention then reinstalls the remote file and the user is then taken through the authentication process as normal.

Abstract: Disclosed are various examples for facilitating distribution of an authentication code to installation of managed applications. An identity certificate is sent to a device by installing a configuration profile on the client device. The configuration profile includes the identity certificate. A management service can also initiate installation of a managed application. The identity certificate can be used to authenticate the client device so that an authentication key can be provided to the managed application.

Abstract: A user device and one or more server computers securely evaluate a k-nearest neighbor model, with reasonable computation speed and bandwidth utilization, using a combination of techniques. The user device encrypts input vectors using a client's public key to keep client information private. The server computer homomorphically computes a distance between the encrypted input vector and vectors stored in the k-nearest neighbor model. The server computer then engages in a minimization process which results in the user device receiving classification vectors corresponding to the k-nearest neighbors.

Abstract: Embodiments are directed towards employing a transaction room in a digital transaction service to provide participants controlled access and editing of a document. In response to a trigger, a first copy of the document is created. The first copy of the document may be provided to a participant for review such that the first copy is non-editable by the participants, while the document is editable in the transaction room. The document may be prepared for electronic signature such that, when the document has changed after the first copy was provided for review, a second copy of the document is created and tagged for signature; and when the document has not changed after the first copy was provided for review, the first copy may be tagged for signature. Tagging a document copy for signature may include pre-tagging the document for signature based on signing roles of the participants.

Abstract: Transmission of stereo image data may be performed between devices, where a source device receives E-EDID from a sink device via DDC of an HDMI cable. This E-EDID contains information on 3D image data transmission modes supportable by the sink device. Based on information on 3D image data transmission modes from the sink device, the source device selects a predetermined transmission mode from among the 3D image data transmission modes supportable by the sink device. The source device transmits 3D image data in the selected transmission mode to the sink device. The source device transmits information on the transmission mode for the 3D image data, to the sink device by using an AVI InfoFrame packet or the like. The sink device processes the 3D image data received from the source device in accordance with its transmission mode, thereby obtaining left and right eye image data.

Abstract: There is disclosed a technique for use in managing policy. The technique comprises storing information relating to at least one previous authentication request. It should be understood that the information can be used in an authentication operation performed in connection with an authentication request. The technique also comprises receiving a policy request to alter a policy relating to an authentication operation that can be performed in connection with an authentication request. The technique further comprises generating an alteration to the policy based on the stored information and the received policy request.

Abstract: The systems and methods described herein allow consumers to lock or unlock their credit files at multiple credit bureaus in real-time or near real-time. The service may allow a consumer to provide identifying information, such as a personal identifier to lock or unlock credit files at a plurality of credit bureaus over a network. Upon receiving the personal identifier, the system may use the personal identifier to translate the identifier into a plurality of access codes for respective credit bureaus, for example by accessing a data structure, such as a database or table, that stores a personal identifier and access codes that are associated with a consumer. The system may then use the access codes to automatically initiate locking or unlocking of credit files for the consumer at the respective credit bureaus.

Abstract: Systems and methods for determining trust levels for components of a computing application including a development framework, a trust matrix, a trust level calculation module, a visual design subsystem, and a deployment subsystem, where trust levels are associated with components, combinations of components, graphs, and blueprints, where trust levels relate to categories of use.

Abstract: The present invention relates to methods and apparatuses for eliminating or mitigating the effects of the corruption of contents in an external flash memory, such as that which can occur during a power interruption. Embodiments of the invention include methods to log external flash memory program and erase operations redundantly to dedicated buffer partitions in the flash memory itself. The log information from external serial flash memory is used to erase the sector that was being programmed or erased when power was removed. According to certain aspects, the redundant storage of log information in embodiments ensures that if one version of the log information is corrupted, the other version can be used.

Abstract: Technologies for prevention of forgery of a network communication request to a server include a system for security of a network communication request. The system includes a communication module configured to receive the network communication request from a client. The network communication request may have a content parameter. The communication module may be configured to generate a string of content parameters comprising the content parameters and a hash of the content parameter, and communicate portions of a result of the network communication request to the client incorporating the encrypted string of content parameters. Furthermore, the communication module may receive a subsequent request from the client. The subsequent request may be associated with the network communication request. As a result of authenticating the subsequent request, the communication module may complete the network communication request.

Abstract: System and method for associating general data with an end-user based on the domain name system (DNS) resolver that the end-user uses to map the canonical domain names of internet services to their associated network addresses. The present invention elegantly addresses concerns of scale regarding the key-space, for example the global number of distinct DNS resolvers, and the data-space, for example the number of distinct geographical areas to associate.

Abstract: Described herein are apparatus, systems and methods for enhancing Internet protocol (“IP”) multimedia subsystem service continuity. The methods including, at a user equipment (“UE”) connected to a first network using a first Radio Access Technology (“RAT”) and authorization information, connecting to a second network using a second RAT, transmitting a first registration attempt to an IP multimedia subsystem (“IMS”) associated with the second network, determining that the registration attempt with the IMS associated with the second network did not complete, clearing the authorization information, reconnecting to the first network and transmitting a second registration attempt to the IMS associated with the first network without the authorization information.

Abstract: A capability for controlling access by a mobile device to venue-related items associated with a venue is presented. A server may be configured to detect a presence of the mobile device at the venue and send a venue token toward the mobile device based on detection of the presence of the mobile device at the venue, where the venue token includes an indication of a venue-related item that the mobile device is permitted to access independent of a location of the mobile device. A mobile device may be configured to receive a venue token based on a presence of the mobile device at the venue where the venue token includes an indication of a venue-related item that the mobile device is permitted to access independent of a location of the mobile device, and send a request for the venue-related item toward a server based on the venue token.

Abstract: Transmission of stereo image data may be performed between devices, where a source device receives E-EDID from a sink device via DDC of an HDMI cable. This E-EDID contains information on 3D image data transmission modes supportable by the sink device. Based on information on 3D image data transmission modes from the sink device, the source device selects a predetermined transmission mode from among the 3D image data transmission modes supportable by the sink device. The source device transmits 3D image data in the selected transmission mode to the sink device. The source device transmits information on the transmission mode for the 3D image data, to the sink device by using an AVI InfoFrame packet or the like. The sink device processes the 3D image data received from the source device in accordance with its transmission mode, thereby obtaining left and right eye image data.

Abstract: A novel system, device and method of validation is provided for sensing a biometric such as a fingerprint, where biometric data corresponding to the biometric entity such as a fingerprint is then transmitted to a host configured to perform a plurality of authentication processes to authenticate the biometric data. At least one of the plurality of authentication steps is then validated. Alternatively, a portion of the biometric data may be retained, where biometric data corresponding to the biometric is then transmitted to a host configured to perform a plurality of authentication steps to authenticate the biometric data. At least one of the plurality of authentication steps is then validated.

Abstract: The invention is a system and a method for achieving private, personalized, real-time authentication of one or more networked peer users and their mobile or wearable electronic computing devices through holistic contextual verification of the device, location, proximity, knowledge and behavioral attributes for a defined session, event, object or resource access or mutual user and device identity context verification.

Abstract: A method, executed by a computer, for context-dependent message management, includes receiving proxy recipient information from a target recipient, detecting that a message is being drafted to the target recipient while the target recipient is unavailable, and suggesting a proxy recipient in place of the target recipient. The proxy recipient information may identify multiple proxy recipients organized according to message topic. The proxy recipient information may also describe one or more topics for which a target recipient is available and/or suitable. Proxy recipient information may be determined automatically or may be provided by a user. Furthermore, the proxy recipient information may include availability information. In one embodiment, a user approves of the proxy recipient prior to transmitting the message. In another embodiment, the target recipient is able to preemptively receive the message. A computer system and computer program product corresponding to the above method are also disclosed herein.

Abstract: The subject disclosure is directed towards a technology by which data is securely distributed using a homomorphic signature scheme and homomorphic network coding signature schemes. A homomorphic signature scheme for signing the data is based upon binary pairing with standard prime order groups. Sets of data are signed based upon dividing a larger block of data into smaller blocks, and separately signing each smaller block. The smaller blocks may be distributed to nodes of a network topology that are configured for network coding. In one alternative, the homomorphic signature scheme protects against changes to the block identifier. Proof data may be provided independent of a random oracle, may be provided by providing parameters for verification in a Groth-Sahai proof system, or may be provided by providing parameters for verification independent of a Groth-Sahai proof system.

Abstract: Systems and techniques are disclosed to facilitate the sponsored connectivity of a user equipment on a serving network so that the UE may access a service whose connectivity is sponsored by an application service provider. The application service provider provisions the serving network so that it is aware of the sponsored connectivity. In an attach attempt to the serving network, the UE provides a client token based on a pre-existing credential (established between the UE and the application service provider) instead of a subscriber identifier with the attach request. The application service provider's server validates the access credential to authenticate the UE and provides information that the serving network uses to mutually authenticate with the UE. The UE may then use the serving network to access the service via the sponsored connection, even where the UE does not have a subscriber identity and subscription with a cellular network.

Abstract: Embodiments of an invention for feature licensing in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to initialize a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes determining whether a requested feature is licensed for use in the secure enclave.

Abstract: Techniques are disclosed for configuring a server to establish a secure network communication session. An application monitors one or more resource utilization metrics of the server. Upon determining that at least one of the monitored resource metrics satisfies a specified condition, an optimization algorithm is selected based on the resource metrics and a configuration of the server. The optimization algorithm determines an updated configuration of the server while maintaining the security at par or better. The selected optimization algorithm is performed to modify determine the updated configuration of the server. Once determined, the application applies the updated configuration to the server.

Abstract: A security chip including a fusible logic array. The fusible logic array is configured to receive a plurality of seed values and output a plurality of respective keys using the received plurality of seed values. The respective keys correspond to logic results generated by the fusible logic array. The fusible logic array includes one or more fusible links. A key storage control module is configured to receive the plurality of seed values, receive the plurality of respective keys, and store, in memory, a selected first seed value of the plurality of seed values and a selected first key of the plurality of respective keys. The selected first seed value and the selected first key are stored as a seed-key pair.

Abstract: Various embodiments include a method of tracking a chain of custody of an item in a supply chain. A computer system implements a computer interface with a distributed consensus network comprised of computing devices configured to verify one or more waiting transaction records for addition into one or more blocks in a block chain representing a cryptographically verifiable ledger. The order of the block chain is cryptographically protected against tampering by the computing devices. The computer system can track provenance of the item by identifying an existing record in the block chain. The existing record can place a first quantity of a first stock keeping unit (SKU) at a first address. The computer system can then unitize the item by publishing a new record to the block chain. The new record indicates the existing record as a source record and associates a new SKU with a destination address.

Abstract: An electronic system, an electronic apparatus, and an access authentication method thereof are provided. The electronic system includes a master apparatus and a slave apparatus. The slave apparatus is coupled to the master apparatus through a serial transmission interface. The slave apparatus includes a data storage unit protected by the slave apparatus with a predetermined key. The master apparatus sends an access request to the data storage unit through the serial transmission interface. The slave apparatus determines whether the master apparatus is allowed to access the data storage unit according to the predetermined key and a key inputted by the master apparatus for authentication.

Abstract: Systems and methods for reducing file sizes for files delivered over a network are disclosed. A method comprises receiving a first file comprising sequences of data; creating a hash table having entries corresponding to overlapping sequences of data; receiving a second file comprising sequences of data; comparing each of the sequences of data in the second file to the sequences of data in the hash table to determine sequences of data present in both the first and second files; and creating a third file comprising sequences of data from the second file and representations of locations and lengths of said sequences of data present in both the first and second files.

Abstract: An approval device includes a storage circuit, a document acquiring circuit, an imaging circuit, a face recognition circuit, an approval circuit and an editing circuit. The storage circuit stores a face image database, the face image database registering face image data of at least one user to be an approver for approving a document. The document acquiring circuit acquires the document. The imaging circuit images a face of the approver for approving the document. The face recognition circuit analyzes an imaged face image of the approver and searches the face image database stored in the storage circuit using the analysis result. The approval circuit approves the document based on the search result. The editing circuit attaches one of an electronic stamp and an electronic signature to the approved document.

Abstract: A random number generating device includes an uncertain circuit which outputs uncertain data, and a cipher processing device. The cipher processing device encrypts input data using a cipher function of the cipher processing device, and generates a random number including higher uniformity than data outputted from said uncertain circuit using the cipher function of the cipher processing device and the data outputted from the uncertain circuit.

Abstract: Disclosed are systems and methods for controlling access to data on mobile devices using an accessibility API for users with disabilities.

Abstract: Embodiments encrypt Extract, Transform, Load (ETL) scripts created by a developer for an initial customer, against unauthorized access and copying. Such protection preserves the economic value of the ETL script for the developer, allowing re-use with other customers (who could otherwise simply copy the ETL script from the initial customer). A new hidden attribute is introduced to indicate ownership and protection of an object used in an ETL utility. A customer will not see this hidden attribute via the ETL utility. The hidden attribute may be assigned programmatically during a protecting process, and its value may be a current keycode (e.g., the signature of the developer's license of the ETL utility). The protected object thus has the attribute signature, and its value does not match any current keycode known to the customer. The signature for internal decryption of the script by the ETL utility, could be supplied by the developer.

Abstract: In one example implementation, a replaceable printing component includes a fluid supply chamber, and a printhead on the fluid supply chamber. The printhead includes a memory storing a factory identification code that comprises a combination of digitized analog performance parameters. The printhead also includes electronic test components from which the analog performance parameters have been measured.

Abstract: The present application is directed to symmetric keying and chain of trust. In one embodiment a prover may communicate with a verifier to perform device or data authentication. The verifier may issue a challenge to authenticate the prover, to which the prover may respond with key data and ticket data that may be forwarded to a certifier. If the ticket data is recognized, the certifier may transmit an authorization token to the verifier, which may then set a symmetric attestation key. The prover may utilize the symmetric attestation key to establish a chain of trust for use in responding to challenges to application or data authenticity. The symmetric attestation key may be used to generate a first level key that may be utilized to generate program keys. A challenge response may include at least program key data that may be authenticated by the verifier using the symmetric attestation key.

Abstract: A computing device for provisioning a wireless device for connection to a wireless network via a legacy access point. The wireless device supports a wireless protected setup protocol for obtaining the network profile of the network. A user requests the computing device discover wireless devices for provisioning. In response to the user input, the computing device is configured as a soft access point and broadcasts a beacon signal indicating that the access point supports a wireless protected setup protocol, such as Wi-Fi Protected Setup. A request for provisioning is then received by the computing device from the wireless device. A network profile is transmitted from the computing device to the wireless device in accordance with the wireless protected setup protocol. The wireless device may use the profile to connect to the network via the legacy access point using the network profile.

Abstract: Disclosed is a system and method to provide a seamless transition to IPv6 from IPv4 rather than the outage that occurs presently. This system and method for transition to IPv6 also takes into consideration the application, which must also be migrated to IPv6. There are two types of applications available to the customer, those that he has source code for, and those that he doesn't. The disclosed system and method differentiates between the two automatically.

Abstract: A call verification system in mobile terminals, including a calling/called unit, and the calling unit includes: a verification code acquiring module, a packaging module, a transmitting module; the called unit comprises a receiving module, a storage module, an analysis module, a verification code module and a call control module. A method includes steps of acquiring and packaging the verification code; transmitting verification code while calling; parsing and acquiring the verification code at the called terminal; matching the verification code with the standard verification code and intercepting the mismatched call establishment request. The effects are achieved without configuration of a mobile network and the service of operators; no delay for the users no effect on existing communication business; intercepting crank calls without answering or hanging up.

Abstract: A novel system, device and method of validation is provided for sensing a biometric such as a fingerprint, where biometric data corresponding to the biometric entity such as a fingerprint is then transmitted to a host configured to perform a plurality of authentication processes to authenticate the biometric data. At least one of the plurality of authentication steps is then validated. Alternatively, a portion of the biometric data may be retained, where biometric data corresponding to the biometric is then transmitted to a host configured to perform a plurality of authentication steps to authenticate the biometric data. At least one of the plurality of authentication steps is then validated.