Abstract: Disclosed herein are display techniques that will allow sensitive data displayed on a computer screen to only be viewed by authorized users and will render computer screen unreadable to unauthorized users. One or more display techniques are capable of automatically scrambling and unscrambling display screen of the computing device in which only an intended viewer is able to view data on the display screen using deciphering glasses.

Abstract: An image forming apparatus installs a license instructed to be installed when a reliable date has been successfully acquired from a server. When the reliable date fails to be acquired and the license instructed to be installed is a valid-days-designated license, the information forming apparatus installs the valid-days-designated license based on the image forming apparatus' built-in clock. When the reliable date fails to be acquired and the license instructed to be installed is an expiration-date-designated license, the information forming apparatus does not install the expiration-date-designated license.

Abstract: A method is disclosed. The method includes, in a client device, acquiring first and second asymmetric cryptographic key pairs for a user, where each key pair includes a public key and a corresponding private key, securing the private key of the second key pair in a cryptographic processor, and splitting the private key of the first key pair into plural private key fragments, so that a sum of the plural private key fragments equals the private key of the first key pair. The method further includes storing at least one of the plural private key fragments on the client device, and registering the user with an identity service not hosted on the client device. Registering the user includes providing to the identity service, for use in securely authenticating the user, the public keys of the first and second key pairs, and the plural private key fragment(s) excluding the at least one private key fragment secured on the client device.

Abstract: A computer server controls access to a hosted service using digital certificates that are requested from each client attempting to access the service. When a particular client accesses the hosted service, the host service requests a digital certificate from the particular client and issues a challenge message. The particular client signs the challenge message and provides a client digital certificate to the hosted service. The hosted service confirms that the signature on the challenge message matches the client digital certificate, and that the client digital certificate is signed by a trusted entity. Trusted entities are defined by an administrator by uploading, to the hosted service, one or more trusted digital certificates associated with a trusted entities. Using the trusted digital certificates, the hosted service confirms that the digital certificate provided by the particular client is signed by at least one of the trusted entities.

Abstract: A method of facilitating zero sign-on access to media services depending on trust credentials. The trust credentials may be cookies, certificates, and other data sets operable to be stored on a device used to access the media services such that information included therein may be used to control the zero sign-on capabilities of the user device.

Abstract: Technology is described for preventing cryptovirus attacks in a computing service environment. Data patterns of both read and write operations are monitored for files during a predetermined time period. The data patterns related to the files are recorded during the monitoring. A machine learning model is constructed according to the recorded data to establish a data change probability for the plurality of files. An unexpected change is detected using the machine learning model according to the data change probability of the files having changed data. A warning notification is sent indicating the unexpected change is detected for the files.

Abstract: A computer includes a memory and a processor programmed to execute instructions stored in the memory. The instructions include identifying a function in a binary file, assigning one of a plurality of classifications to the function, and determining that the function requires stack cookie protection based at least in part on the classification assigned to the function.

Abstract: Users of organizations use many different third-party applications. The organizations use the services of a server to manage and interact with the third-party applications. In particular, the server provides a user lifecycle API that defines a set of user lifecycle events corresponding to changes of the users with respect to their organizations and/or the third-party applications that they use within the organizations. The server further has access to lifecycle code modules corresponding to the different third-party applications and defining how those third-party applications will respond to the user lifecycle events. When a user lifecycle event occurs for a particular user of a particular organization, the server determines the third-party applications to which the organization has given the user access uses the appropriate functionality of the lifecycle code modules of the corresponding third-party applications to implement the appropriate user changes for those applications.

Abstract: A system that translates between Internet of Things (IoT) protocols and Internet name management protocols (domain name system—DNS) so as to allow the secure exchange of short messages through WiFi hotspots. Applications include but are not limited to remote configuration, control, tracking, telemetry, synchronization, emergency communication. The system is operated as an independent service or is integrated into hotspot or IoT management operations for public use or private use in an enterprise or home. The widespread installed base of hotspots, standardized IoT and DNS protocols allows the IoT ecosystem as a whole to immediately reap the benefits of greater communication capabilities.

Abstract: Technologies are described for selective persistence of data utilized by software containers. A configuration policy is defined that includes data that specifies one or more data stores for which data is not to be persisted following accesses to a software container and one or more data stores for which data is to be persisted following accesses to the software container. When the software container is first accessed, the data stores identified in the configuration policy are attached to the software container. Upon a subsequent access to the container, such as at the conclusion of a user session or upon destruction of the container, the data in the attached data stores is persisted or deleted based upon the configuration policy. When the software container is once again accessed, the data store containing the persisted data can be re-attached to the software container.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for session authentication. An example method includes determining a first set of quantum bases, generating a first control signal indicative of the first set of quantum bases, and transmitting the first control signal over a communications network to a qubit encoder. The example method further includes determining a second set of quantum bases, generating a second control signal indicative of the second set of quantum bases, and transmitting the second control signal over the communications network to a qubit decoder. The example method further includes generating a third control signal indicative of an instruction to encode a set of bits and transmitting the third control signal over the communications network to the qubit encoder.

Abstract: A conference management system (“system”) facilitates data compliance in recording conversations between users. A host user can send an electronic invitation for a meeting to participants. Upon accessing the invitation, the participants can be presented with two options to join the conference—a first option using which a participant can join the meeting by providing consent to recording the meeting and a second option using which the participant can join the meeting by opting-out of recording of the meeting. When a participant opts-out of the recording of the meeting, the conference management system ensures that the recording is performed in compliance with a data compliance policy applicable to the participant who opted out of recording.

Abstract: A computing device and method of controlling access to a computing device. A software lock request is received via an input device of the computing device. In response to receiving the software lock request, a picklist of a plurality of applications executable on the computing device is displayed on a display of the computing device. A selection of one or more impermissible applications from the plurality of applications executable on the computing device or one or more permitted applications from the plurality of applications executable on the computing device is received receiving via the input device. A locked state is entered. In the locked state, access is not permitted to the one or more impermissible applications and access is permitted to other applications of the plurality of applications executable on the computing device.

Abstract: Implementations of the specification include receiving transaction data associated with the transaction, the transaction data comprising: data representative of a plurality of assets, a first commitment hiding a first random number and a transaction amount of the transaction, a second commitment that hides a second random number and a change, the transaction amount and a third random number both encrypted by a public key of the second node, the change and a fourth random number both encrypted by a public key of the first node, and a zero-knowledge proof (ZKP); determining, based on the ZKP, whether the transaction is valid based on determining if the first random number is equal to the third random number, the second random number is equal to the fourth random number, and the transaction amount hidden in the first commitment is equal to the transaction amount encrypted by the public key of the second node.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for session authentication. An example method includes determining a first set of quantum bases, generating a first control signal indicative of the first set of quantum bases, and transmitting the first control signal over a communications network to a qubit encoder. The example method further includes determining a second set of quantum bases, generating a second control signal indicative of the second set of quantum bases, and transmitting the second control signal over the communications network to a qubit decoder. The example method further includes generating a third control signal indicative of an instruction to encode a set of bits and transmitting the third control signal over the communications network to the qubit encoder.

Abstract: Systems for detecting unauthorized user and controlling dynamic user interface functionality are provided. The system may receive a request to access functionality that may include login credentials of a user. The request may also include additional information associated with a computing device from which the request is received. The request and additional data may be analyzing using one or more machine learning datasets to determine whether a user requesting access is an authorized user or an unauthorized user. If the user is an authorized user, the user may be authenticated to the system an authentic user interface having enabled functionality may be generated. If the user is an unauthorized user, a decoy user interface having functionality disabled may be generated.

Abstract: A digital content provider is configured to identify, based at least in part on various customer user profiles, digital content that is to be pre-loaded onto one or more customer computing devices in advance of the digital content being available for at least one mode of consumption by the one or more computing devices. The digital content provider may use these user profiles, as well as other external information, to identify one or more customers that are to receive the digital content. Subsequently, the digital content provider may download the digital content onto each identified customer's one or more computing devices in advance of the at least one mode of consumption becoming available to the customers. Once the mode of consumption is made available, the digital content provider may enable the use of the pre-loaded digital content.

Abstract: A method alters a computer resource in response to the computer resource moving from a first geolocation to a second geolocation. One or more processors receive a message indicating that a computer resource has moved from a first geolocation to a new geolocation. In response to receiving the message that the computer resource has moved from the first geolocation to the new geolocation, the processor(s) encrypt data that is stored on the computer resource, and apply decryption information to the encrypted data from the new geolocation, where the decryption information is specifically for decrypting encrypted data at the new geolocation. In response to the decryption information failing to decrypt the encrypted data at the new geolocation, the processor(s) and/or a user alter the computer resource.

Abstract: In one aspect, a computer-implemented method for monitoring and validating execution of an executable binary code, includes the step of, prior to beginning execution of the executable binary code, disassembling the executable binary code, listing all of application programming interfaces (API) or function calls in the executable binary code, generating a validation table for a type of each of the APIs or each of the function calls, a location of each of the APIs or each of the function calls, and a return address of each of the APIs or each of the function calls in the executable binary code, and listing in the validation table the type of each of the APIs or each of the function calls.

Abstract: A communication system has first terminal and second terminals, and a relay server that relays communication between the first and second terminals. When a login request is received including authentication information from the first terminal, the relay server associates and stores, in a storage, identification information of the first terminal corresponding to the authentication information and access information for accessing the relay server; and sends the access information to the first terminal. When a login request has been received including authentication information from the second terminal, the relay server sends to the second terminal the access information specified based on the identification information of the first terminal sent from the second terminal and information stored in the storage, and relays communication between the first and second terminals based on the access information.