Abstract: The subject disclosure is directed towards secure query processing over encrypted database records without disclosing information to an adversary except for permitted information. In order to adapting semantic security to a database encryption scheme, a security model for all query processing is specified by a client and used to determine which information is permitted to be disclosed and which information is not permitted. Based upon the security model, a trusted, secure query processor transforms each query and an encrypted database into secure query results. Even though the adversary can view the secure query results during communication to the client, the adversary cannot determine any reliable information regarding the secure query results or the encrypted database.

Abstract: Systems and methods for recognizing and reacting to malicious or performance-degrading behaviors in a mobile device include observing mobile device behaviors in an observer module within a privileged-normal portion of a secure operating environment to identify a suspicious mobile device behavior. The observer module may generate a concise behavior vector based on the observations, and provide the vector to an analyzer module in an unprivileged-secure portion of the secure operating environment. The vector may be analyzed in the unprivileged-secure portion to determine whether the mobile device behavior is benign, suspicious, malicious, or performance-degrading. If the behavior is found to be suspicious, operations of the observer module may be adjusted, such as to perform deeper observations. If the behavior is found to be malicious or performance-degrading behavior the user and/or a client module may be alerted in a secure, tamper-proof manner.

Abstract: A system and method for providing digital data content to a wireless device. Although a fee is typically charged for access to the digital data content, e.g., electronic books, the system and the method provides controlled access to this content for free while the wireless device is accessing the content in a specified location, e.g., a retail location. A content control server receives a request from the wireless device requesting access to the digital data content. The request is received over a secure connection, preferably a virtual private network (VPN). The content control server monitors how much of the digital data content has been provided to the wireless device, and/or an amount of time the wireless device has been accessing the digital data content. This content control server uses this monitored data to control, throttle, the provision of the digital data content to the wireless device.

Abstract: An obfuscated program can be configured to resist attacks in which an attacker directly calls a non-entry function by verifying that an execution path to the function is an authorized execution path. To detect an unauthorized execution order, a secret value is embedded in each function along an authorized execution path. At runtime, the secrets are combined to generate a runtime representation of the execution path, and the runtime representation is verified against an expected value. To perform the verification, a verification polynomial is evaluated using the runtime representation as input. A verification value result of zero means the execution path is an authorized execution path.

Abstract: Systems and methods presented herein may allow a sending user to stream audio to recipients without providing a permanent audio file, facilitating sharing of audio while retaining control over the audio file and reducing the chances of users copying the file. The sending user may specify number of plays, duration of time audio will be available for streaming, and the number of times the audio can be re-shared in one embodiment. The sending user and recipients may all execute a common client software on their computing devices that causes the computing devices to delete the audio when the streaming is complete and detect attempts to copy the audio at the device.

Abstract: A method and system is provided for securing content from malicious shaders. The method includes determining the content the shader is to execute. A signature of the shader is verified in response to the shader attempting to execute on protected content. In response to the shader being verified, it is verified that the shader has not been modified. The shader is executed in response to not being modified.

Abstract: A method for modular software protection includes steps for receiving, at a server, a license key registered for a software executable installed on a client device and machine fingerprint data generated at the client device, accessing, using the server, stored usage rights data indicated by the license key, the usage rights data specifying a number of client devices on which the software executable is licensed to operate and which features of the software executable are enabled, determining, using the machine fingerprint data received by the server, whether operation of the software executable on the client device would cause the number of client devices on which the software executable is licensed to operate to be exceeded, and creating, in response to the determining step, an encrypted license file for transmission to the client device that defines separate features of the software executable to be enabled on the client device.

Abstract: Systems and methods in accordance with embodiments of the invention enable streamlined content download that minimizes user input during the download process. One embodiment includes a system for streamlined downloading of content to a user computing device, including: an application server system configured to locate an intermediary application in response to a request received from a user computing device; where the intermediary application includes a content ID and configures a user computing device to initialize a download manager on a user computing device, and to pass the content ID to the download manager; and where the download manager configures the user computing device to utilize the content ID to retrieve content access information, and download content from a content server system utilizing the content access information.

Abstract: Systems, methods and machine-readable media for providing a security service are disclosed. The methods include receiving a modification of the application object code to allow the software application to transmit a request for the security service; retrieving the modified application object code corresponding to the software application from memory; receiving, via a processor, the request for the security service from the modified application object code; and providing, via the processor, the security service. The systems and machine-readable media performing operations according to the methods disclosed.

Abstract: A method and system transfers the hosting of financial services to a virtual asset computing environment from a hardware asset computing environment, according to one embodiment. The method and system transfers a secondary copy of application data to a storage device, and delivers the storage device to a second computing system from the first computing system using a parcel courier, according to one embodiment. The method and system receives, with the second computing system, the secondary copy of the application data from the storage device, and configures virtual assets to execute a second instance of the financial services application to enable the second computing system to provide the financial services to the multiple users, according to one embodiment. The method and system configures the second computing system as a primary service provider, according to one embodiment.

Abstract: The present disclosure relates to applying techniques similar to those used in neural network language modeling systems to a content recommendation system. For example, by associating consumed media content to words of a language model, the system may provide content predictions based on an ordering. Thus, the systems and techniques described herein may produce enhanced prediction results for recommending content (e.g. word) in a given sequence of consumed content. In addition, the system may account for additional user actions by representing particular actions as punctuation in the language model.

Abstract: A communication terminal accepts a communication start request for starting communication with a counterpart terminal indicated by counterpart information, through one of a first acceptance unit and a second acceptance unit. The communication terminal stores the counterpart information of the counterpart terminal in a first memory as log data, when the communication start request is accepted through the first acceptance unit, and prevents the counterpart information of the counterpart terminal from being stored in the first memory as log data, when the communication start request is accepted through the second acceptance unit.

Abstract: A method and computing system for receiving a plurality of discrete audio signals from a plurality of participants of a synchronous communication session. The plurality of discrete audio signals are combined to form a composite audio signal. At least a portion of the composite audio signal is divided into a plurality of sequential time slices. The plurality of sequential time slices are processed to identify one or more copyright-infringing time slices. The one or more copyright-infringing time slices are associated with a copyright infringing participant chosen from the plurality of participants of the synchronous communication session.

Abstract: A device and method for provided access to distributed data sources includes a cloud security server configured to associate any number of data sources and client devices with a cloud security server account. The cloud security server assigns trust levels to the data sources and the client devices. A client device requests data from the cloud security server. The cloud security server authenticates the client device and verifies the trust levels of the client device and the requested data. If verified, the cloud security server brokers a connection between the client device and the data source, and the client device accesses the requested data. Data sources may include cloud service providers and local storage devices. The cloud security server may assign a trust level to a client device for a limited time or revoke a trust level assigned to a client device. Other embodiments are described and claimed.

Abstract: A method of performing communication between a first device and a second device by using a Wi-Fi direct scheme is provided. The method may include receiving, by the first device, information on relating to a content protection capability of the second device in during a device discovery procedure; and determining, by the first device, whether to perform a connection setup procedure with the second device based on the received information on relating to the content protection capability of the second device.

Abstract: A method and system for remote control of a presenter's computer screen using only web browsers is described. Viewers are able to view representation of a presenter's screen on a screen of the viewer's device and remotely control the presenter's screen directly from a web browser, without any downloads, plugins, or dialog boxes. Viewer control events are captured by the browser, sent to a server, and transmitted to the presenter's computer. A program running on the presenter's computer executes the control events, updates the presenter's screen, and transmits images of the updated screen back to the viewers.

Abstract: Protection against unauthorized copying of digital media content is achieved by receiving information from a client device related to its storing function used to store digital media content that is to be sent to the client device; and performing a procedure to protect against unauthorized copying of the digital media content if the client device is able to store the digital media content using its storing function.

Abstract: A secure electronic correspondence method and system based on a principle relating to the uniqueness of the originals of the correspondences. The archiving thereof is certified by a certification service provider and performed by an archive operator in an electronic safe box. The main steps of the processes for processing said correspondences are the subject of a report confirming the correct execution thereof, including the return of a certification token by the operator responsible for the step to the managers of the trust chain. In a variant, correspondences belonging to a document management series can only be sent if they meet management rules set for the series. In a privileged mode, functions of the electronic correspondence operators that do not necessarily have to meet user proximity requirements can be grouped together into shared service centers within which the communications are reduced without negatively affecting the reliability of the process.

Abstract: A method of enforcing security settings in a cryptographic system, including: receiving, by the cryptographic system, a first input message associated with a first security setting of a plurality of security settings; performing, by the cryptographic system, a keyed cryptographic operation mapping the first input message into a first output message, wherein the keyed cryptographic operation produces a correct output message when the cryptographic system is authorized for the first security setting, wherein each of the plurality of security settings has an associated set of input messages wherein the sets of input messages do not overlap.

Abstract: The present invention relates to a Spinacia oleracea seed designated 51-332 RZ, which exhibits medium bolting, an erect plant habit, smooth mature leaves with a three-sided shape and resistance to downy mildew (Peronospora farinosa f. sp. spinaciae) races Pfs1 to Pfs13 and strain UA4410. The present invention also relates to a Spinacia oleracea plant produced by growing the 51-332 RZ seed. The invention further relates to methods for producing the spinach cultivar, represented by spinach variety 51-332 RZ.

Abstract: The present invention relates to a Spinacia oleracea seed designated 51-331 RZ, which exhibits medium bolting, an erect plant habit, smooth mature leaves and resistance to downy mildew (Peronospora farinosa f. sp. spinaciae) races Pfs1 to Pfs13 and strain UA4410. The present invention also relates to a Spinacia oleracea plant produced by growing the 51-331 RZ seed. The invention further relates to methods for producing the spinach cultivar, represented by spinach variety 51-331 RZ.

Abstract: A method of authorization in a cryptographic system that provides separate authorization for a plurality of different input message groups using a single cryptographic key, including: receiving, by the cryptographic system, a first input message from a first input message group; performing, by the cryptographic system, a keyed cryptographic operation mapping the first input message into a first output message, wherein the keyed cryptographic operation produces a correct output message when the cryptographic system is authorized for the first input message group, wherein the keyed cryptographic operation does not produce a correct output when the cryptographic system is not authorized for the first input message group, and wherein each of the plurality of input message groups has an associated set of input messages wherein the sets of input messages do not overlap.

Abstract: The present invention relates to a Spinacia oleracea seed designated 51-333 RZ, which exhibits medium bolting, an erect plant habit, ovate first foliage leaves, semi-savoy mature leaves and resistance to downy mildew (Peronospora farinosa f. sp. spinaciae) races Pfs1 to Pfs13 and strain UA4410. The present invention also relates to a Spinacia oleracea plant produced by growing the 51-333 RZ seed. The invention further relates to methods for producing the spinach cultivar, represented by spinach variety 51-333 RZ.

Abstract: The present invention relates to a Spinacia oleracea seed designated 51-707 RZ, which exhibits early bolting, erect plant habit, semi-savoy leaves, and resistance against downy mildew (Peronospora farinosa f. sp. spinaciae) races Pfs1 to Pfs13 and strain UA4410. The present invention also relates to a Spinacia oleracea plant produced by growing the 51-707 RZ seed. The invention further relates to methods for producing the spinach cultivar, represented by spinach variety 51-707 RZ.

Abstract: A processing-based bypass “fail open” mode is provided for an intrusion prevention system by a primary process running on a first logical core (lcore) is used as a control plane, which invokes bypass-open run-to-completion threads in other lcores comprising a bypass data plane, and which spawns a secondary process to fully configure intrusion prevention threads on other lcores to create an Intrusion Prevention System data plane. Upon a ready signal from the secondary process, the primary process quiesces such that the secondary process IPS data plane exclusively owns and executes on the other lcores.

Abstract: Disclosed are a method for component access control and electronic device. The method comprises: acquiring a target component list corresponding to the first application, which list includes at least one target component required by the first application, with the at least one target component belonging to at least one basic component; after a component selection command is received, generating information about those basic components accessible by the first application from the target component list according to the component selection command; and storing the information about those basic components accessible by the first application.

Abstract: The present invention relates to a Spinacia oleracea seed designated 51-336 RZ, which exhibits late bolting, circular first foliage leaves, smooth mature leaves, and resistance against downy mildew (Peronospora farinosa f.sp. spinaciae) races Pfs1 to Pfs13 and strain UA4410. The present invention also relates to a Spinacia oleracea plant produced by growing the 51-336 RZ seed. The invention further relates to methods for producing the spinach cultivar, represented by spinach variety 51-336 RZ.

Abstract: Systems and methods for recognizing and reacting to malicious or performance-degrading behaviors in a mobile device include observing mobile device behaviors in an observer module within a privileged-normal portion of a secure operating environment to identify a suspicious mobile device behavior. The observer module may generate a concise behavior vector based on the observations, and provide the vector to an analyzer module in an unprivileged-secure portion of the secure operating environment. The vector may be analyzed in the unprivileged-secure portion to determine whether the mobile device behavior is benign, suspicious, malicious, or performance-degrading. If the behavior is found to be suspicious, operations of the observer module may be adjusted, such as to perform deeper observations. If the behavior is found to be malicious or performance-degrading behavior the user and/or a client module may be alerted in a secure, tamper-proof manner.

Abstract: The present invention relates to a Spinacia oleracea seed designated 51-335 RZ, which exhibits late bolting, savoy mature leaves with an ovate shape, and resistance to downy mildew (Peronospora farinosa f.sp. spinaciae) races Pfs1 to Pfs13 and strain UA4410. The present invention also relates to a Spinacia oleracea plant produced by growing the 51-335 RZ seed. The invention further relates to methods for producing the spinach cultivar, represented by spinach variety 51-335 RZ.

Abstract: The present invention relates to a Spinacia oleracea seed designated 51-706 RZ, which exhibits medium bolting, semi-erect plant habit, semi-savoy mature leaves, and resistance to downy mildew (Peronospora farinosa f. sp. spinaciae) races Pfs1 to Pfs13. The present invention also relates to a Spinacia oleracea plant produced by growing the 51-706 RZ seed. The invention further relates to methods for producing the spinach cultivar, represented by spinach variety 51-706 RZ.

Abstract: The present invention relates to a Spinacia oleracea L. seed designated 51-518 RZ, which exhibits a combination of traits including early bolting, a semi-erect plant habit, smooth mature leaves, field resistance against leaf spot diseases and resistance to downy mildew (Peronsopera farinosa f. sp. spinaciae) races Pfs 1 to 12 and Pfs 14. The present invention also relates to a Spinacia oleracea plant produced by growing the 51-518 RZ seed. The invention further relates to methods for producing the spinach cultivar, represented by spinach variety 51-518 RZ.

Abstract: A method and system for remote control of a presenter's computer screen using only web browsers is described. Viewers are able to view representation of a presenter's screen on a screen of the viewer's device and remotely control the presenter's screen directly from a web browser, without any downloads, plugins, or dialog boxes. Viewer control events are captured by the browser, sent to a server, and transmitted to the presenter's computer. A program running on the presenter's computer executes the control events, updates the presenter's screen, and transmits images of the updated screen back to the viewers.

Abstract: Methods and apparatuses that collect tracking data items into a plurality of data stores for one or more domain in response to resources received from the domains are described. Each tracking data item may be accessible for one of the domains. Relationships of the domains may be identified among the tracking data items across multiple data stores according to the resources received. One or more of the domains may be selected according to the identified relationships to control accessibility of the tracking data items for the domains. The data stores may be updated to prohibit accessing at least a portion of the tracking data items for the selected domains.

Abstract: Methods, systems, and computer program products for providing attribute-based data access. Embodiments include receiving a data request specifying search data attributes describing requested data that is to be found in an anonymous directory. The anonymous directory provides access to secured data of clients according to access controls, including secured data comprising a first portion that is unencrypted and readable by the anonymous directory and a second portion that is encrypted and unreadable by the anonymous directory. The second portion is encrypted using multi-authority attribute-based encryption that associates the second portion with encryption data attributes. The anonymous directory provides the first acid second portions of data f conditions in the access controls are met. The first and second portions of data are provided, based on determining that the conditions in the access controls are met, and that at least one data attribute is relevant to at least one encryption data attribute.

Abstract: An approach for registration an application instance is provided. A registration request including credential information related to a user, a device and an instance of an application resident on the device is generated. The registration request is transmitted over a network to a registration platform. A unique identifier that is encrypted, in response to registration of the application instance is received from the registration platform. This unique identifier is used to securely authenticate communication with the application instance.

Abstract: Imposing one or more usage constraints on digital content involves communicating a digital content data item to a digital content receiver system. The digital content data item includes the digital content and a usage constraint data item different from a digital license data item, or a reference to the usage constraint data item, the use case item being indicative of the one or more usage constraints.

Abstract: In one embodiment, an internet monitor service may use a final content rating to determine access to a webpage. A monitor client 102 may generate a client content rating of a webpage 104. The monitor client 102 may factor the client content rating with a server content rating of the webpage 104 to determine a final content rating for the webpage 104.

Abstract: According to one embodiment, a computer program product for collaboratively installing a computer application includes a computer readable storage medium having computer readable program code embodied therewith, the computer readable program code including computer readable program code configured to: monitor an installation process of an application, send a remote assistance request in response to a determination that the installation process requires remote assistance, receive a response to the remote assistance request, and continue the installation process of the application using the remote assistance information. The response includes remote assistance information required for installing the application, and the remote assistance information is invisible to an installer of the application.

Abstract: There is provided a data distribution system having a distribution device for holding a data file which is a distribution object and a plurality of user terminals, wherein each of the user terminals obtains each of a plurality of file pieces from any of the other user terminals or the distribution device, the plurality of file pieces being obtained by dividing the data file, and the plurality of file pieces obtained are assembled to thereby obtain the data file, at least one predetermined file piece among the plurality of file pieces is a restricted piece for which obtaining from the other user terminals is restricted, and the distribution device restricts distribution of the restricted piece to each of the user terminals, based on a predetermined condition.

Abstract: A method of providing control preferences set by a person for a second person who is a prospective Internet user, the method comprising the steps of establishing a first account, the settings of the first account being stored in a database; establishing a second account, the settings of the second account being stored in the database; linking the first and second accounts such that control settings of the second account are determined through the first account; and viewing Internet content from the second account consistent with the control settings of the second account.

Abstract: Embodiments provide virtual volumes to virtual machines based on configuration information to secure the virtual machines. Each virtual volume, without a file system, represents a portion of a storage array and is associated with at least one of the virtual machines. A host computing device attaches the virtual volume to the virtual machine based on the configuration information. Security software executing on the virtual machine accesses security information (e.g., encryption keys, etc.) stored in the virtual volume to provide security to the virtual machine (e.g., during bootup). In some embodiments, the virtual volume is attached and detached from the virtual machine as a universal serial bus (USB) device via an application programming interface to the storage array.

Abstract: A method, system, and computer program product for forming cloud upgrade recommendations. The method commences by initiating an environment monitoring agent to run on a plurality of nodes within a cloud environment. The monitoring agent checks periodically for changes in the environment. When changes are detected, a process forms an upgrade recommendation, and sends the upgrade recommendation to recipients. An instance image includes a runnable copy of an environment monitoring agent, and nodes run respective instances of the environment monitoring agent. An upgrade recommendation comprises an upgrade path, which in turn includes recommendation of a processor model, or a device, and/or an operating system version, a software component, a middleware component, or a driver. The upgrade recommendation is formed based on a detected presence of at least one of, a directory on a file system, or a file on a file system or on the basis of detected port usage.

Abstract: A bipartite graph is generated which includes one or more source vertices and one or more destination vertices. For a given source vertex, a temporal behavioral matrix is generated using the bipartite graph where a first dimension of the temporal behavioral matrix is associated with time and a second dimension of the temporal behavioral matrix is associated with at least some of the one or more destination vertices. For the given source vertex, a model is generated using at least some portion of the temporal behavioral matrix. Anomaly detection is performed on at least part of the temporal behavioral matrix using the model.

Abstract: A method and apparatus that protect information on a mobile device. The method and mobile device obtain a predetermined portion of asymmetric information upon an input of the asymmetric information in the mobile device; generate an identifier by using a first generating algorithm that uses the predetermined portion of the asymmetric information as an algorithm input; generate an encryption key by using a second generating algorithm that uses the predetermined portion of the asymmetric information as an algorithm input; generate ciphered information by using an encryption algorithm that uses the encryption key and the information as algorithm inputs; associate the identifier with the ciphered information; and store the ciphered information as associated with the identifier.

Abstract: A first device implements an application platform that is shared with a second device. The application platform can be implemented so that the first device and the second device operate to have a same identity to at least the network service. The first device provides a user interface in order to receive input for accessing or using the network service. Additionally, the first device communicates input received in response to providing the user interface to the network service. The first device can receive a token from the network service in response to communicating the input. Additionally, the first device can communicate a set of data items to the second device. The set of data items includes the token and one or more identifiers that enable the second device to access and use the network service while appearing as the first device to the network service.

Abstract: Data access lockdown is described, including receiving a request from a first user to disable access to all data that are access-controlled by the first user based on at least one setting. The data are shared with at least one other user. In response to the request, modifying, without further action by the first user, the at least one setting by replacing a current value indicative of at least some of the data being shared, with a lockdown value indicative of disablement of access to all the data access-controlled by the first user, so as to prevent the at least one other user from accessing any of the data.

Abstract: According to one embodiment, a content reproducing device is provided with connection unit and reproducing unit. The connection unit connects a license server and removable medium to each other in such a manner that mutual authentication can be carried out between the license server and removable medium, and rights information can be downloaded from the license server to the removable medium. The reproducing unit carries out mutual authentication between itself and the removable medium and, when the authentication is successful, acquires rights information recorded on the removable medium to thereby decrypt the encrypted content item delivered by the content server on the basis of the rights information, and subject the decrypted content item to streaming reproduction.

Abstract: A system includes a file access manager driver and a kernel file system driver stack in a kernel-mode address space of an operating system (OS). The system also includes session processes, a public file whitelist; a public file whitelist manager; a user/group file whitelist, which is a private whitelist; and a user/group file whitelist manager in a user-mode address space of the OS. A method includes receiving a request for access and/or visibility to a directory and/or file and then determining whether the request is allowed to execute based on whether the file access manager driver identifies that the directory and/or file is allowed in either public or private whitelists.

Abstract: The subject disclosure is directed towards automated, static analysis-based program code processing that detects unprotected resource accesses by applications, that is, those that do not provide proper opt-in consent dialogs (prompts). In one aspect, consent prompt code is automatically inserted into the program code to protect such unprotected access points. Also described are program representation graph construction and processing, a dominator node-based approach to determine placement points for inserting consent prompt code, and a backward search-based approach for inserting consent prompt code.

Abstract: A sandboxed application issues a request to enable content protection for audio and video content. The request is sent via an application programming interface to an unsandboxed application. The request is received from the unsandboxed application by an output device. After receiving the request, content protection is enabled and the output device employs a certificate to create a signed message indicating the content protection is enabled. The sandboxed application verifies the request has been fulfilled based on the signed message, and provides protected audio and video content.