Abstract: A method and apparatus are disclosed relating to ciphering and de-ciphering of packet units in wireless devices during retransmission in wireless communications. The packet units are re-segmented with the ciphering done on the re-segmented packet unit or on a radio link control protocol data unit (RLC PDU) with or without segmentation. Alternatively, the re-segmentation is done on the radio link control service data unit (RLC SDU) with or without segmentation. Alternatively, the ciphering process and multiplexing of the RLC PDU is done in the medium access control (MAC) layer of a MAC PU before undergoing a hybrid automatic repeat request (HARQ) process for retransmission. Further, the ciphering process in the RLC is done on a packet data convergence protocol packet data unit (PDCP PDU).

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network monitoring, user account compromise determination, and user behavior database system. The system monitors network actions of user accounts including user account access across multitudes of network accessible systems, determines user account transitions, and determines different types of high-risk user behavior indicative of compromise. Network actions can be obtained from generated information by the network accessible systems, and correlated across additional data sets including contextual ones. User interfaces are generated describing network actions of user accounts, and are configured for user interaction, which cause generation of updated user interfaces and access to electronic data sources to determine information relevant to the user interaction.

Abstract: Various systems and methods for authenticating a user are described herein. A system comprises a processor subsystem; and a memory including instructions, which when executed by the processor subsystem, cause the processor subsystem to: receive at a server from a first user device, a first authentication token; receive at the server from a second user device, a second authentication token; authenticate the user based on the first and second authentication tokens; and establish a communication session from the server to the first user device when the user is authenticated.

Abstract: A secure containment enclosure such as an equipment rack is disclosed that includes an electronic locking system. The electronic locking system locks and, upon receipt of a valid credential to a credential input device, unlocks an access door to the secure containment enclosure. The electronic locking system locks the access door during normal operation, and is prevented from unlocking the access door during normal operation and for a predetermined period of time after the secure containment enclosure is powered off to ensure that all data on electronic devices in the secure containment enclosure is erased. Other security features include storage encryption, network encryption, preventing administrative logon access to customers' compute nodes, and dedicated instances in which only virtual machines from specified customer accounts can be located on the same electronic device.

Abstract: An administrator controls viewer access to restricted multimedia programs using electronic permission slips. In response to a viewer's request to view a restricted multimedia program, the viewer may initiate the generation of an electronic permission slip that is sent to an electronic device associated with the administrator. The electronic permission slip may include text-based information, graphical information, audio information, and the like. The electronic permission slip may enable input of permission data regarding whether the viewer is allowed to receive the blocked program. In response to the administrator granting permission, a service provider network allows the viewer to access the restricted multimedia program.

Abstract: A method, system and computer-usable medium for generating a security analysis effort, cost and process scope estimates, comprising: analyzing a software system; identifying a complexity level of a security analysis, the complexity level of the security analysis comprising identification of an effort level for the security analysis; and, generating the security analysis effort estimate, the security analysis effort estimate comprising an estimate of an effort expenditure to perform a security analysis on the software system at the identified complexity level.

Abstract: A network testing device may be linked to a dedicated remote server e.g. a cloud-based server having a unique, pre-determined address. The testing device may be configured to cease operating, become locked or limited in testing functionality after a number of startup cycles, days of use, a certain date, etc. Once the testing device is locked, the testing device may be re-activated only by establishing a connection to the server. A database of network testing devices currently in use may be provided. Once a testing device is lost or stolen, the database may be remotely updated to prevent reactivation of that testing device, so as to render the lost or stolen testing device useless for an unauthorized operator of the testing device.

Abstract: An identity verification system enables the identity of an individual to be verified to others using the internet. An initial identification ceremony is recorded in which the user performs instructions that cannot be known in advance, such as reading text that cannot be anticipated. The initial ceremony can be replayed and authenticated by individuals who already personally know the user. Alternatively, the identity of the user in the initial ceremony can be authenticated using other existing techniques such as KBA. A secondary instruction ceremony is subsequently performed when identity verification is required in order to authorize a directive or transaction. In the secondary instruction ceremony the user performs unforeseeable instructions such as reading text that cannot be anticipated and reading aloud an indication of the transaction.

Abstract: Described herein are various technologies pertaining to constructions of a password-based authentication protocol that are configured to allow a user to register with and authenticate to an online service without the online service receiving a password or a deterministic function of the password of the user. When registering with an online service, a client computing device establishes a cryptographically strong random secret and stores an encryption of such secret with a data storage device. The storage device also never receives the password or a deterministic function of the password. When the user wishes to authenticate to the online service, the user employs her password to retrieve the encrypted secret from the storage device, decrypts such secret, and utilizes the decrypted secret to answer a cryptographically strong challenge provided to the user by the online service upon the online service receiving a username pertaining to such user.

Abstract: An architecture for application of digital rights management to industrial automation devices including programmable logic controllers (PLCs), I/O devices, and communication adapters is provided. Digital rights management involves a set of technologies for controlling and managing access to device objects and/or programs such as ladder logic programs. Access to automation device objects and/or programs can be managed by downloading rules of use that define user privileges with respect to automation devices and utilizing digital certificates, among other things, to verify the identity of a user desiring to interact with device programs, for example. The architecture can provide for secure transmission of messages to and amongst automation devices utilizing public key cryptography associated with digital certificates.

Abstract: A system for an electronic authentication client and a processing method thereof, and a system for electronic authentication and a method thereof are disclosed.

Abstract: A method of facilitating zero sign-on access to media services depending on trust credentials. The trust credentials may be cookies, certificates, and other data sets operable to be stored on a device used to access the media services such that information included therein may be used to control the zero sign-on capabilities of the user device.

Abstract: A system for performing hashing includes a controller for controlling the system and for providing a clock signal; an array of integrated circuits; in each integrated circuit, a plurality of cores for performing hashing; and in each core, a plurality of data expanders and data compressors, the data expanders and the data compressors having pipelined circuitry so that two iterations of a hashing loop are performed for each cycle of the clock signal. A method for performing hashing, includes controlling a system having an array of integrated circuits with a clock signal; performing hashing in a plurality of cores in each integrated circuit; and performing for each cycle of the clock signal, in each core, a plurality of data expansion and data compression operations, using pipelined circuitry so that two iterations of a hashing loop are performed for each cycle of the clock signal.

Abstract: A technique for supporting secondary use of content of an electronic work. This technique includes receiving, from a user terminal, a use request requesting secondary use of the content of the electronic work, in which a secondary use policy of an author of the electronic work is associated with the electronic work; determining whether the use request satisfies the secondary use policy specified by the author; and transmitting, to the user terminal, together with a unique identifier associated with the use request, content of the electronic work based on the determination or edited content based on the determination.

Abstract: A technique for supporting secondary use of content of an electronic work. This technique includes receiving, from a user terminal, a use request requesting secondary use of the content of the electronic work, in which a secondary use policy of an author of the electronic work is associated with the electronic work; determining whether the use request satisfies the secondary use policy specified by the author; and transmitting, to the user terminal, together with a unique identifier associated with the use request, content of the electronic work based on the determination or edited content based on the determination.

Abstract: In one embodiment, a storage and privacy system stores and manages information associated with users and ensures and enforces access-control rules specified for the stored information.

Abstract: A fingerprint identification system comprising a smart device, a fingerprint scanner, a processor coupled to a transceiver and to the fingerprint scanner, and a digital storage element coupled to the processor. The digital storage element stores logic that causes the processor to: activate the fingerprint scanner to scan a user's finger, identify a feature and multiple minutia of the user's fingerprint, and generate a digital fingerprint string(s) indicative of a position of each minutia relative to the feature. The processor is then caused to combine the digital fingerprint string(s) with a first cryptographic salt to generate a first hash. The first hash is compared to a first hash signature to determine if the first hash represents an authentic fingerprint. If authentic, the processor combines the digital fingerprint string(s) with a second cryptographic salt to generate a second hash. This second hash is transmitted to one or more servers.

Abstract: A method, and corresponding apparatus and system are provided for optimizing matching of at least one regular expression pattern in an input stream by storing a context for walking a given node, of a plurality of nodes of a given finite automaton of at least one finite automaton, the store including a store determination, based on context state information associated with a first memory, for accessing the first memory and not a second memory or the first memory and the second memory. Further, to retrieve a pending context, the retrieval may include a retrieve determination, based on the context state information associated with the first memory, for accessing the first memory and not the second memory or the second memory and not the first memory. The first memory may have read and write access times that are faster relative to the second memory.

Abstract: Memory security technologies are described. An example processing system includes a processor core and a memory controller coupled to the processor core and a memory. The processor core can receive a content read instruction from an application. The processor core can identify a cache line (CL) from a plurality of CLs of a cryptographic cache block (CCB) requested in the content read instruction. The processor core can load, from a cryptographic tree, tree nodes with security metadata. The processor core can retrieve, from the memory, the CCB. The processor core can generate a second MAC from the CCB. The processor core can compare the first MAC with the second MAC. The processor core can decrypt the CCB using security metadata when the first MAC matches the second MAC. The processor core can send at least the identified CL from the decrypted CCB to the application.

Abstract: A user equipment (UE) is configured to send a direct communication request to a peer UE, wherein the direct communication request comprises a signature authenticating an identity of the UE. The UE is configured to process a direct communication response from the peer UE to authenticate an identity of the peer UE, wherein the direct communication response comprises a signature authenticating the identity of the peer UE. In response to processing the direct communication response from the peer UE to authenticate the identity of the peer UE, the UE is configured to engage in direct communication with the peer UE.