Abstract: Systems and methods for preserving privacy in distribution of content using private tokens in accordance with embodiments of the invention are disclosed. In one embodiment, a method of anonymously tracking a digital content and remediating unauthorized distribution includes generating a private token including an identifier distinguishable from tokens generated by other playback devices and the association with the playback device is not shared, receiving a portion of content, embedding a digital watermark in the content, where the digital watermark includes the private token, detecting an unauthorized copy of the content, extracting the digital watermark from the unauthorized copy of the content, broadcasting an enforcement message containing the private token to the playback devices, receiving the enforcement message, and performing an enforcement action on the playback device in response, where only a playback device that generated the private token responds.

Abstract: A control circuit to achieve irretrievable erasure of data in a mobile phone comprises a control unit, a SIM unit and a memory unit. The SIM unit is coupled with the control unit and the memory unit. The control unit can provides a delete signal to totally delete data of the memory by the SIM unit.

Abstract: A communication apparatus includes a first execution unit, a second execution unit, and a selecting unit. The first execution unit performs a first process for setting a wireless parameter, based on information obtained from a captured image. The setting of a wireless parameter is performed between the communication apparatus and another communication apparatus that operates as an access point and that is different from the communication apparatus. The second execution unit performs, based on information obtained from a captured image, a second process for setting a wireless parameter to another communication apparatus that operates as a station and that is different from the communication apparatus. The wireless parameter is one for performing wireless communication with an access point. The selecting unit selects whether the first process or the second process is to be performed, in a case where information is obtained from a first captured image.

Abstract: Computerized apparatus useful within vehicles for causing provision of location-based services to users via a portable wireless computerized device. In one embodiment, the vehicle comprises a global positioning system (GPS) based receiver capable of providing location data to the computerized apparatus.

Abstract: A method for preventing counterfeiting of an object (e.g. paper) is described. The method comprises capturing an image of at least a portion of the object, wherein the portion of the object whose image is captured is at least partially transparent, and wherein the captured image includes features of the internal structure of the object (e.g. the texture of the paper resulting from the arrangement of fibres from which the paper is made). The method further comprises generating, based on the image, a code that encodes features of the internal structure of the object, and recording the code. Generating the code may comprise applying a filter to the image to obtain a filtered image, and processing the filtered image to obtain a binary code. The filter may be a Gabor filter, and processing the filtered image may comprise applying a Gray code to the filtered image. The method may further comprise encrypting the binary code, and recording the code may comprise recording the encrypted binary code.

Abstract: The Kentik Data Engine (KDE) is an integrated real-time, big data software system able to analyze what exactly is happening on a network at the present moment, and what happened on the network over the a prior period of time. KDE collects live operational data from computer network infrastructure devices (routers and switches) and computer hosts, consisting of multiple data types, categories, and protocols, and correlates them to analyze network activity and health. KDE does this in a lossless manner, meaning that it retains all raw data rather than summarizing or aggregating prior to storage. In this way, KDE provides a combination of precise, actionable information in real-time as well as a complete forensic data store for detailed exploratory analysis.

Abstract: Techniques for deriving system architecture from security group relationships are described. One or more security group rules can be obtained for an application, the one or more security group rules controlling communication of one or more security groups. The one or more security group rules can be analyzed to determine placement data for the one or more security groups. The placement data can be provided to a placement service, and the placement service can be caused to deploy at least one virtual machine using the placement data.

Abstract: A system, and methods, for transmitting quantum states between a first node and a second node, or among more than two nodes. Each node is characterized by an instantaneous spatial position, and the instantaneous spatial position of the second node is repositionable within a frame of reference associated with the first node. A hovering drone is adapted either for running a quantum key transmission protocol in secure communication with the first node, and/or for running a quantum key reception protocol in secure communication with the second node. Either drone may serve as a relay of optical data between a base station and another drone. Secure communication among more than two nodes may be reconfigured.

Abstract: The present application provides an authorization method for a joint account, applied to client software. The joint account is jointly managed by N joint managers, N is a natural number greater than 1. In one example, a user-side authentication parameter of a joint account is obtained. The user-side authentication parameter is the same as or corresponds to a network-side authentication parameter of the joint account, wherein the user-side authentication parameter is used to perform authentication on operation permissions for the joint account. The obtained user-side authentication parameter is divided into N parts. N joint management authentication parameters are generated based on each of the N parts. Each of the N joint management authentication parameters are transmitted to a different client device associated with each joint manager.

Abstract: Embodiments of the invention are directed to methods, systems and devices for providing sensitive user data to a mobile device using an encryption key. For example, a mobile application on a mobile device may receive encrypted sensitive user data from a mobile application server, where the user sensitive data is encrypted with a key from a token server computer. The mobile application may then request that the encrypted payment information be sent to the token server. The mobile device may then receive a payment token associated with the payment information from the token server.

Abstract: Embodiments of the present disclosure disclose a secure communication method for a mobile terminal and a mobile terminal. The secure communication method may include: when a wireless communication connection is established between the mobile terminal and another mobile terminal, and the wireless communication connection meets a preset security processing trigger condition, prohibiting, by means of setting, a program in a common virtual kernel from accessing a shared memory between a secure virtual kernel and the common virtual kernel and accessing a peripheral that needs to be called for the wireless communication connection; performing, by using the secure virtual kernel, preset policy-based processing on communication content corresponding to the wireless communication connection; and outputting, by using the secure virtual kernel, communication content obtained by performing the preset policy-based processing.

Abstract: A vehicle system is provided that performs authentication with a plurality of terminals. The system includes a server that generates a first token and transmits the first token to a first terminal. The first terminal stores the first token and a vehicle verifies the first token using a first encryption key and a first authentication key stored in advance for the first token. A second terminal receives the first token and a second token from the first terminal to be delegated with an authority. The second terminal stores the first token and the second token, and the vehicle verifies the first token stored in the second terminal using the first encryption key and the first authentication key, and verifies the second token stored in the second terminal using a second encryption key and a second authentication key stored in advance for the second token.

Abstract: A method and system for detecting domain name system (DNS) recursive cyber-attacks are presented. The system includes learning a plurality of baselines of at least rates and rate invariants of DNS features; monitoring DNS traffic directed to and from a DNS resolver, wherein the DNS resolver is communicatively connected between at least one client and at least one name server; analyzing the monitored DNS traffic using at least one detection function to detect an anomaly based in part on at least one baseline of the plurality of learnt baselines; and upon detection of at least one anomaly, performing at least one mitigation action to filter out incoming DNS queries to a domain name under attack.

Abstract: Various approaches discussed herein enable validation of an application on a computing device, such as a mobile computing device, prior to that application being invoked by activation of a link in another application. Upon activation of the link in a calling application, the computing device determines a target application to be invoked in response to the activation. Sensitive or confidential data, such as login credentials, may be included in the link to be passed to the target application. By validating either the calling or the target application, the data may be safeguarded by confirming an identity of an application associated with the link.

Abstract: A method is provided for preventing an IoT device within a trusted system from being harnessed in a malicious DDOS attack. The method may include bombarding the IoT device. The bombardment may originate from within the system, and may inundate the IoT device with harmless packets in a manner mimicking a traditional DOS attack. The inundating may utilize the resources of the IoT device to respond to the bombardment, and may thereby render the IoT device unavailable for fraudulent uses.

Abstract: Various hardware and software configurations are described herein which provide improved security and control over protected data. In some embodiments, a computer includes a main motherboard card coupled to all input/output devices connected to the computer, and a trusted operating system operates on the main motherboard which includes an access control module for controlling access to the protected data in accordance with rules. The trusted operating system stores the protected data in an unprotected form only on the memory devices on the main motherboard. The computer may also have a computer card coupled to the main motherboard via a PCI bus, on which is operating a guest operating system session for handling requests for data from software applications on the computer.

Abstract: Methods and systems for account authentication in a distributed computing node group may involve sending a message to a member, the message having a first timestamp, increasing an authentication failure count, receiving a first key-exchange message from the member, the first key-exchange message having a second timestamp, evaluating the second timestamp, and determining whether to ignore the first key-exchange message based on an evaluation of the second timestamp. The first timestamp may be associated with a message received from the member prior to sending the message with the first timestamp to the member. The first key-exchange message may include a value computed by the member based on a group passcode shared with the member. The evaluation of the second timestamp may be based on at least one of a default value, the authentication failure count, or a timestamp associated with the group passcode.

Abstract: A method of monitoring tasks for reducing security risks in a computer system comprising a plurality of computers executing a plurality of applications is provided. The method based on a set of login information, displays a set of risks for a set of applications that execute on the plurality of computers and an identification of a person in a hierarchy supervised by the logged-in person assigned to mitigate each risk. The method also displays the current status of each assigned mitigation.

Abstract: During a touch operation for setting authentication information, authentication information is generated based on data input in accordance with a touch position of a touch operation performed on a touch panel and touch pressure applied to the touch panel by the touch operation. At the time of accepting a touch operation for unlocking an information processing apparatus, a combination of data input in accordance with a touch position of a touch operation performed on a touch panel and touch pressure applied to the touch panel by the touch operation are compared with authentication information. When a result of the comparison is a match, the information processing apparatus is unlocked and execution of various functions is allowed.

Abstract: In an embodiment, a computer system comprises one or more computer processors configured with a message transfer application; a message transfer/vision processing (MT/VP) interface coupled to the one or more computer processors and interposed between the message transfer application and a vision processing computer, wherein the MT/VP interface performs operations comprising: extracting risk indicator data from a message that is in transit to a recipient computer on a computer network; in response to the risk indicator data matching a message risk criterion, transmitting an image address for an image of interest coupled to the message or the image of interest to the vision processing computer; receiving, from the vision processing computer, a label that semantically describes visual content of the image of interest; using the label, querying a set of correlation data to determine a reference address that is associated with the label; in response to the image address matching the reference address, transmitting