Abstract: A system and method for messaging application content that includes providing an application content messaging application programming interface (API); receiving a content delivery request from an account, through the application content messaging API; retrieving device information of a destination endpoint specified in the content delivery request; based on the device information, selecting an application content format from a set of formats and obtaining application content in the application content format; and transmitting the application content.

Abstract: Various exemplary embodiments relate to a method performed by a policy server in a communication network. The method includes receiving an access request message including a residential gateway identifier and a subscriber identifier; evaluating a policy rule based on the residential gateway identifier, the policy rule including a condition referencing the residential gateway identifier; and responding to the access request message based on evaluation of the policy rule and the subscriber identifier. The method may further include: receiving an IP address of the residential gateway; storing the IP address in association with the residential gateway identifier; receiving, from a service portal, a request for identification of a residential gateway associated with an IP address; sending the stored residential gateway identifier to the portal; receiving new subscriber information; and changing the authorization of the residential gateway based on the new subscriber information.

Abstract: One embodiment provides a system that delegates signature production in a CCN. During operation, a first content producing device monitors content objects created by a second content producing device. A content object can be identified by a name that is a hierarchically structured variable length identifier (HSVLI) which comprises contiguous name components ordered from a most general level to a most specific level. The first device retrieves the content objects and authenticates a message authentication code for each content object based on a key shared by the first and second device. The first device creates a manifest with a name and a content object hash value for each content object, produces a digital signature for the manifest based on a private key of the first device, and includes the digital signature in the manifest, thereby delegating signature production to the first device for content objects created by the second device.

Abstract: A device receives an attack on a Session Initiation Protocol (SIP) based device, and applies, based on a type of the attack, a method vulnerability based filter to the attack.

Abstract: Systems and methods that may be used in instant messaging (IM) environments to allow users in IM environments to share information and render shared information are described herein. In at least one embodiment, a system can receive an indication to publish a geographical location of a client and based on the indication to publish, a system can provide the geographical location of the client and instruction code for rendering an indication of the geographical location of the client within a map. In some embodiments, the geographical location of the client can be presented to one or more users, or contacts, in instant messaging environments.

Abstract: A computing system calculates a hash value of binary of a component of the computing system using a hash function and determines whether a signature that is associated with the binary of the component is valid. A trusted platform module in the computing system extends a platform configuration register value in the trusted platform module using a known value that is associated with the binary if the signature is valid.

Abstract: An approach is provided for providing separation of authentication protocols and/or authentication contexts for client-server and server-server communication in network communication. A proxy server receives a request to initiate a service session. The request includes a first authentication context. The proxy server request verification of the first authentication context from an authentication server and validates the first authentication context based, at least in part, on the verification. The proxy server implements a second authentication context based, at least in part, on the verification of the first authentication context to initiate the service session.

Abstract: A peripheral apparatus is communicably connected to a management apparatus. The management apparatus manages information of jobs in services provided from a providing apparatus via a network to execute processing of the jobs. The peripheral apparatus includes a communication unit. The communication unit transmits, in a series of processes in the services, checking information used to determine whether there is any job in the management apparatus to the management apparatus by a communication method that does not execute encryption. The communication unit transmits, in the series of processes in the services, other information different from the checking information to the management apparatus by a communication method that executes encryption.

Abstract: Systems and methods of performing link setup and authentication are disclosed. A first method utilizes an unprotected association request and an association response that includes an access point nonce (ANonce). A second method includes receiving, during a first link setup using a first ANonce, a second ANonce for use in a second link setup. A third method utilizes a temporary key to protect an association request. A fourth method includes generating an ANonce at a mobile device based on an ANonce-seed received from an access point.

Abstract: Techniques are described for storing data. A plurality of storage tiers are provided including a first set and a second set of storage tiers of physical devices. Data stored on any physical device in the first set is stored in an encrypted form. Data stored on any physical device in the second set is not stored in an encrypted form. A first value is specified for a first setting that is any of a tiering preference and tiering requirement indicating that at least one data portion of a logical device is to be stored on physical device(s) of a storage tier storing data in an encrypted form. Responsive to specifying the first value as the first setting, the at least one data portion of the logical device currently stored on physical device(s) of the second set are relocated to physical device(s) of the first set.

Abstract: A method begins by a source processing module securing data based on a key stream to produce secured data, where the key stream is derived from a unilateral encryption key accessible only to the source processing module, and sending the secure data to an intermediator processing module, where desecuring the secured data is divided into two partial desecuring stages. The method continues with the intermediator processing module partially desecuring the secure data in accordance with a first partial desecuring stage to produce partially desecured data and sending the partially desecured data to a destination processing module. The method continues with the destination processing module further partially desecuring the partially desecured data in accordance with a second desecuring stage to recover the data, where the destination processing module does not have access to the encryption key or to the key stream.

Abstract: A computer program includes a plurality of different types of computer program instructions. Prior to execution of the computer program, the computer the computer program instructions of each of the types. At a time during execution of the computer program, the computer counts the computer program instructions of each of the types. The computer, in response to determining that the count for one of the instruction types determined prior to execution of the computer program differs by at least an associated threshold value from the count for the same instruction type determined during execution, makes a record that the computer program has an indicia of maliciousness.

Abstract: A cloud deployment appliance (or other platform-as-a-service (IPAS) infrastructure software) includes a mechanism to deploy a product as a “shared service” to the cloud, as well as to enable the product to establish a trust relationship between itself and the appliance or IPAS. The mechanism further enables multiple products deployed to the cloud to form trust relationships with each other (despite the fact that each deployment and each product typically, by the nature of the cloud deployment, are intended to be isolated from one another). In addition, once deployed and provisioned into the cloud, a shared service can become part of a single sign-on (SSO) domain automatically. SSO is facilitated using a token-based exchange. Once a product registers with a token service, it can participate in SSO. This approach enables enforcement of consistent access control policy across product boundaries, and without requiring a user to perform any configuration.

Abstract: A cloud-based system is disclosed including at least one local client device communicatively coupled, via an intermediate network, with a server device having an information processing, organization, and management engine, and further including distributed local and cloud databases spread across separately owned user accounts. The information processing, organization, and management engine includes one or more information processing, organization, and management blocks responsive to selections by the owner of content and other users of the system to control access to and use of content by users of the system.

Abstract: Disclosed is a dynamic token operating method. In the method, a key on the dynamic token is pressed down. If a power key is pressed down and a power flag is not set, an unlocking code interface is entered if a lock flag is set. If a delete key is pressed down, data at tail end of a data cache is deleted. If a number key is pressed down, data corresponding to the pressed key is stored in a case that the dynamic token is not in the information interface and a logon password modifying interface is entered or data corresponding to the key pressed down is stored in a case that the dynamic token is in the information interface. If an OK key is pressed down, a dynamic password is generated and displayed in a case that the dynamic token is in the information interface.

Abstract: Apparatus (104) for connecting two or more computer networks having two or more network interface machines (201, 202, 203) each arranged to be connected to a respective computer network with a bidirectional communications link (105, 106, 107) enabling the network interface machine to receive data from and transmit data to the computer network. The network interface machines are connected together with at least one content checker (210, 211) to enable data to be transmitted from one network interface machine to another, and arranged such that data transmitted from one network interface machine to another network interface machine must pass via a content checker. Each network interface machine is arranged to transmit flow control data. The network interface machines are connected to the content checkers only by unidirectional communications links.

Abstract: A cloud computing system identifies opportunities for users to collaborate on a file. Collaboration opportunities are identified based on similarity of separate files that different users are associated with, and on relationships or similarities between the different users. If users associated with the separate files agree to collaborate, the users may be placed in a single editing session regarding a file having content from at least one of the separate files.

Abstract: An authenticating system includes an authenticating device, a background display device, a sensing device, and an authentication pattern checking device. The authenticating device displays a first display pattern on a transparent display panel including a transmissivity pattern. The transmissivity pattern includes a plurality of regions with different transmissivities. The background display device displays a second display pattern on a display panel to overlap the transparent display panel. The sensing device generates a sensing pattern by sensing an authentication pattern generated based on the transmissivity pattern, the first display pattern, and the second display pattern. The authentication pattern checking device performs authentication by checking whether the sensing pattern is consistent with an authentication reference pattern.

Abstract: Embodiments relate to systems and methods for establishing isolation between content hosting services executing on a common support server. In aspects, a server virtualization platform can operate on a common physical support server to instantiate, configure, and operate a set of virtual servers. The set of virtual servers can, for instance, be used to run independent Web sites or other locations or services. The data available to each process on each virtual server can be encoded using an SELinux™ label including an MCS (multi-category security) category or categories uniquely identifying that process. Isolation of the potentially sensitive data for multiple Web sites and/or their content hosted on a common physical server can therefore be enforced, since each process operating on each virtual server is restricted to only access and manipulate data objects or other entities having matching MCS category information identified on that baremetal support server.

Abstract: A method for dynamically associating, by a server, access rights with a resource includes the step of receiving, by the server, a request for a resource from a client. The server requests, from a policy engine, an identification of a plurality of access rights to associate with the resource, the plurality of access rights identified responsive to an application of a policy to the client. The server associates the resource with the plurality of access rights via a rights markup language. The server transmits the resource to the client with the identification of the associated plurality of access rights. An application program on the client makes an access control decision responsive to the associated plurality of access rights. The application program provides restricted access to the resource responsive to the access control decision.