Abstract: An integrated circuit includes a security module with multiple stages arranged in a pipeline, with each stage executing a different operation for accessing stored lifecycle (LC) information. For each portion of LC being accessed, each stage performs N iterations of its corresponding operation, whereby N is an integer greater than two, and crosschecks the results of successive iterations to ensure that the results of the operation are consistent. In addition, the stages of the security module are overlapping, such that different stages can perform different iterations concurrently. These concurrent operations at different stages are organized such that they may also be crosschecked and thereby confirm “offset” results between the stages.

Abstract: Authentication of a mobile device by its subscription is automatically performed by extracting the IMSI value from the mobile device's operating system via a locally installed mobile app. The IMSI value is passed onto an authentication system that has the necessary authentication and authorization infrastructure to query a mobile operator's database for a MSISDN associated with the IMSI value. If a valid MSISDN is found, the MSISDN is returned from the mobile operator to the authentication system and finally to the mobile app on the mobile device.

Abstract: Provided herein is a wireless healthcare system comprising at least one sensor and a base unit adaptable to be in communication with the sensor. The sensor can be is adaptable to communicate with the base unit at a first power during formation of a communication link and is further adaptable to communicate with the base unit at a second power after the communication link has been formed, and wherein the sensor and base unit are components of a wireless healthcare system. The sensor can be a patch adaptable to be positioned on the surface of a patient. Further provided herein is a method of using the wireless healthcare system and kit.

Abstract: Systems and methods for unmanned vehicle security and control are provided herein. An exemplary system includes a control station and an unmanned vehicle. The unmanned vehicle may be locked from remote control by the control station. The system may also include a first access control hardware device attached to the control station and communicably coupled, using a network, with the unmanned vehicle. The system may also include a second access control hardware device physically attached to the unmanned vehicle and communicably coupled, using the network, with the control station. The first and/or second access control hardware devices are utilized to unlock the unmanned vehicle from remote control by the control station.

Abstract: A system for verifying a request for access to data is provided, the system comprising a first module 20 and a second module 30. The first module 20 is arranged to generate a password, and the second module 30 is arranged to receive a password associated with a request for data, validate the received password, and enable access to the requested data. The system is such that the first and second modules 20, 30 share a secret that has been uniquely assigned thereto, the shared secret being for use in generation and validation of a said password. Furthermore, the first module 20 is communicatively disconnected from the second module 30.

Abstract: Embodiments provide a user equipment (UE) device that includes a memory and a processor configured to execute instructions stored in said memory. The processor is configured by the instructions to receive a first evolved packet system (EPS) mobility management (EMM) attach reject message in response to an attempt to attach to a first eNode B (eNB) of a radio access network (RAN). If the attach reject message includes an Evolved Packet System mobility management (EMM) error code, the processor directs an attach request to a second, confirming eNB. The processor may be further configured by the instructions to receive a second attach reject message from the second eNB and enter a lock state only the condition that the second attach reject message also includes an EMM error code, optionally the same EMM error code received in the first attach reject message.

Abstract: An apparatus for use in a digital messaging system includes a storage device and a processor coupled to the storage device. The storage device storing software instructions for controlling the processor that when executed by the processor configured the processor to: generate a master private and public key pair; associate the master private and public key pair with a first certificate; and derive at least one domain-specific key from the one of the master private and public key pair. The first certificate is registered to a group comprising a plurality of domains. The domain-specific key is associated with one of the plurality of domains.

Abstract: An attacker who gains control of a computer system using malicious software (malware) may be able to do anything to the data on the system. One type of malware, sometimes referred to as ransomware, can encrypt the contents of a hard drive or other data repository, preventing those contents from being accessed by their rightful owners. A ransomware attack can be greatly disruptive to an individual or business, and result in loss of data and loss of computer system uptime, impacting overall computing productivity. By detecting that ransomware is operating on a computer (e.g. by correlating between the original data and content in different cache layers), the negative effects of the ransomware may be mitigated or avoided.

Abstract: A method and system for generating by a server, a recommendation for a venue or an event of interest proximally located to an inferred current location of a user of a portable media player device. In an embodiment, a server may determine one or more media preferences for a user based at least in part on media stored on or accessed using the portable media player device of the user. The server may generate information related to the current location or a recommendation for a venue or an event of interest to the user based at least in part on the one or more media preferences and the inferred current location of the user. Once generated, the server then may communicate the recommendation (or the information) to the user, e.g. the portable media player device. Other embodiments may also be described and claimed.

Abstract: Various systems and methods for modifying application specific feature rights are disclosed herein. In one example, a system for modifying application specific feature rights (ASFR) is disclosed. The example system can include a file system to store a file, where the file system includes a number of ASFR corresponding to the file, where the number of ASFR designates a client type that is to trigger activation of features indicated by the number of ASFR. The system can include a processor and a computer-readable memory storage device storing executable instructions to be executed by the processor to cause a modifying service implemented on a computing device to perform actions. In an example these actions can include detecting a selection of the file stored in a file system. In an example, the system can also modify the file to indicate the number of ASFR associated with the file. The system can also send the modified file to a first user device.

Abstract: According to one embodiment, a method for predicting the trustworthiness of a particular website comprising receiving information about a plurality of websites and constructing a hierarchy of groups from the received information, the hierarchy of groups comprising one or more tiers and each tier comprising one or more groups. The method further comprising receiving information about a particular website and predicting the trustworthiness of the particular website based on the hierarchy.

Abstract: Methods, systems, and apparatus, including computer program products, are provided for configuring access controls to a database. In one aspect there is provided a method. The method may include receiving, from a first user, a table declaration for creating a database table in a database; generating, based on the table declaration, the database table; receiving, from the first user, a specification of one or more access mechanisms that have a privilege to access the database table; receiving a designation of at least one column in the database table as a protected column and one or more users who have a privilege to access the content of the protected column; and providing control over access to the content of the protected column based at least in part on the specification of the one or more access mechanisms and the designation of the at least one column and the second user.

Abstract: In one embodiment, a system, method, and computer program product are disclosed for authenticating a packet received from a client node, storing the results of the authentication in a cache memory of a service classifier node, and including the results of the authentication in a network service header of a packet before forwarding the packet to downstream service nodes. In one embodiment, the initial authentication is performed in conjunction with an authentication node.

Abstract: A method and system to securely split a digital promise that is recorded in a blockchain. A digital promise represents a promise by a promisor to pay a promisee an asset when a specified condition is satisfied. The specified condition may be fulfillment of a digital contract, also recorded in the blockchain, to which the digital promise is linked. When splitting a digital promise, a split transaction is recorded indicating a split into a first child digital promise and a second child digital promise. In each child digital promise, the promisor promises to pay a child promisee a portion of the asset when a specified child condition is satisfied. When a digital promise is split, the digital promise itself is no longer payable, but the child digital promises are payable when both the specified condition and the specified child condition for the child digital promise are satisfied.

Abstract: A method of supervisory control is provided according to aspects of the technology. The method includes setting, at a remote device, at least a first usage control parameter for at least a first account associated with access to content on a class of entertainment devices. The method also includes monitoring, at an entertainment device of that class, which account or accounts are active on the entertainment device and obtaining, at the entertainment device, the at least first usage control parameter set for the at least first account. The method further includes restricting usage of content on the entertainment device responsive to the at least first usage control parameter.

Abstract: The present invention discloses a computer implemented method for developing an anomaly detector which is adapted to detect/predict anomaly in one or more network terminals and optimize the behavior of the network terminals. The said method is adapted to collect and monitor the behavior of the network terminals and compare it with the behavior profile of the network terminals in order to detect the anomaly parameter. The behavior profile is the normal interaction of the software and hardware components of the network terminals. A system for implementation and execution of such anomaly detector is also disclosed.

Abstract: A multi-tiered file locking service provides file locking at the thread and process level, and can optionally include locking at the file system level. A local locking mechanism maintains a list of local locks for threads within a process. When a thread requests a lock for a file, and a local lock is obtained, a process lock for the file may be requested. When no file system locking is used, when the process lock is obtained, the thread receives the lock for the file. When file system locking is used, when the process lock is obtained, a file system lock for the file may be requested. When the file system lock for the file is obtained, the thread receives the lock for the file. The result is a file locking service that functions across threads, processes and nodes in a distributed computing environment.

Abstract: A method for implementing zone-restricted behavior of a computing device includes identifying wireless access points using the computing device, determining a number of authorized wireless access points from the wireless access points identified by the computing device, determining that the computing device is located within a restricted access zone when the number of authorized wireless access points identified by the computing device exceeds a predetermined threshold of authorized wireless access points identified, and enabling a zone mode of the computing device when the computing device is determined to be located within the restricted access zone.

Abstract: A computer system for providing software over a network includes: a computer system for providing software over a network is provided. The system includes: a control unit configured to reside at a site, the control unit including a control unit identification (ID) that uniquely identifies the control unit to the network; a copy of the software, the software including sets of features; a license generator configured to create a features activation file containing the control unit ID and identifying at least one set of features to be activated by the control unit; a computer configured to download the features activation file to the control unit; and, the control unit configured for activating one of the sets of features according to the features activation file. A method and a computer program product are disclosed.

Abstract: A method for controlling access to data displayed by an information services portal on a user device is provided. The method includes receiving a candidate login input corresponding to a user. The method further includes comparing the candidate login input to a list of login entries stored in the memory, each of the stored login entries having a corresponding code segment, each code segment defining a bounding area defining a geographic area. The method further includes retrieving from the memory a selected code segment corresponding to the stored login entry matching the candidate login input, and applying a geographic restriction to the data set by processing the selected code segment. The method further includes transmitting a data subset of the data set to the user computing device for display, the data subset including data satisfying the geographic restriction.