Abstract: An execution of a data object is identified by a computing device. In response to identifying the execution of the data object, it is determined that the data object has requested a sensitive action of the computing device before interacting with a user of the computing device. In response to determining that the data object has requested the sensitive action, the data object is classified as a high-risk data object.

Abstract: A method includes monitoring write processing performance while storing a plurality of sets of encoded data slices in storage units. The method includes comparing the write processing performance with a desire write performance range. When the write processing performance compares unfavorably to the desire write performance range, the method includes establishing a data partition between the data segments of the data encoded using the first dispersed storage error encoding parameters and subsequent data segments of the data; determining second dispersed storage error encoding parameters based on the unfavorable comparison between the write processing performance and the desired write performance range; encoding the subsequent data segments of the data using the second dispersed storage error encoding parameters to produce a second plurality of sets of encoded data slices; and monitoring write processing performance while storing the second plurality of sets of encoded data slices in the storage units.

Abstract: A method and system for automating threat model generation and pattern identification for an application includes identifying components of an application, and receiving security information that identifies whether security measures were implemented within the application to secure the application against security threats. The method further receives an identification of external events, and receiving first patterns from one or more first virtual assets. A database is populated with the first patterns and the external events and then second patterns are received and compared to the first patterns. The method and system include distributing the identification of the one of the external events to the one or more second virtual assets, if the second patterns are similar to the first patterns, according to one embodiment.

Abstract: The description relates in particular to a method for encoding information represented in the form of a function P, and to a corresponding method for decoding information. The encoding comprises the encoding of secondary information. These methods may be implemented within a context of biometric enrollment and (respectively) biometric authentication. The description also relates to an electronic device, a computer program, and a storage medium for the implementation of such methods.

Abstract: Systems and methods are used to provide distributed processing on a service provider network that includes a plurality of remotely located consumer devices. Each of the remotely located consumer devices includes a processing device. A service is provided from the service provider network to the remotely located consumer devices. Distributed processing of a task on the processing devices of the remotely located consumer devices occurs, the distributed processing being unrelated to the service provided to the consumers. The distributed processing occurs even when the processing devices are in use by corresponding remotely located consumer devices.

Abstract: The subject matter of this specification can be embodied in, among other things, a method that includes receiving, by one or more servers associated with an application marketplace, a policy that includes data that identifies one or more users, and a restricted permission. A request is received, by the servers associated with the application marketplace, to access one or more applications that are distributed through the application marketplace, wherein the request includes data that identifies a particular one of the users. One or more of the applications that are associated with the restricted permission are identified by the servers associated with the application marketplace, and access by the particular user to the applications that are associated with the restricted permission is restricted by the servers associated with the application marketplace.

Abstract: Disclosed are various embodiments for passive compliance violation notifications. In one embodiment, it is detected that that a policy violation with respect to use of a client device has occurred. It is then determined that the policy violation may be passive. A user notification of the policy violation is generated by the client device in response to determining that the policy violation may be passive. The frequency and/or intensity of this notification may depend upon an extent of the policy violation. If the policy violation is later determined to be active, additional actions may be performed, such as disabling access to or removing managed resources on the client device.

Abstract: Methods and devices for selectively allowing a reference to an object to be included on an unlock display screen are described. In one embodiment, a processor-implemented method is described. The method includes: providing a plurality of perimeters on the electronic device, the perimeters including a low-security perimeter and a high-security perimeter; associating one or more objects with the low-security perimeter and one or more objects with the high-security perimeter; and based on the associations between the one or more objects and the one or more perimeters, selectively allowing one or more of the objects to be referenced on an unlock display screen.

Abstract: A processing apparatus includes a process performing unit, an operation unit, a processor and memory. The processing apparatus receives first identification information from a communication device, acquires second identification information input by the operation unit, determines whether registration of the first and second identification information is permitted, registers registration information in which the first and second identification information are associated, when the first identification information is received after registering the registration information, performs authentication based on the first identification information, and, when the second identification information is acquired after registering the registration information, performs authentication based on the second identification information.

Abstract: A technique provides a secret to authenticate a user. The technique involves storing, by processing circuitry, an initial secret in local memory. The technique further involves receiving, by the processing circuitry, a release command after the initial secret is stored in the local memory. The technique further involves, in response to the release command and based on the initial secret, outputting a released secret through an audio jack which is coupled to the processing circuitry. With such a technique, the secret is only exposed in response to user actuation thus providing improved security against an attacker vis-à-vis a conventional authentication token which constantly generates and outputs a series of one-time use passcodes (OTPs) on a display based on a seed stored in memory.

Abstract: An apparatus and a method for processing an application in a mobile terminal are provided. The method includes loading, by a bootloader upon system booting, a kernel, determining whether the kernel is modified, creating, when the kernel is modified, kernel verification information indicating a custom kernel, encrypting the kernel verification information, and sending the encrypted kernel verification information, activating, by a kernel handler, the kernel, and receiving the kernel verification information from the bootloader, and forwarding the kernel verification information, decrypting, by a rooting detector, the kernel verification information into kernel status information and delivering the kernel status information when a specified Application Programming Interface (API) is invoked, and invoking, by an application handler, the API when an application is executed and controlling an execution of the application when the kernel status information indicating the custom kernel is received.

Abstract: Apparatus and methods for storing and controlling access control clients. In one embodiment, transmitting and receiving devices ensure that only one copy of an eSIM is active at any time. Specifically, each transferred eSIM is encrypted for the destination device; the eSIM from the source device is deleted, deactivated, or otherwise rendered unusable. Various aspects of network infrastructure are also described, including electronic Universal Integrated Circuit Card (eUICC) appliances, and mobile devices. Various scenarios for transfer of eSIMs are also disclosed.

Abstract: A computer-implemented method for content management across multiple server computers includes receiving operational information associated with each of two or more local server computers. The computer determines a strategy for transferring a file between a central server computer and a client device using the two or more local server computers based, at least in part, on the operational information associated with each of the two or more local server computers. The computer transfers based on the strategy, a first portion of the file between a first local server computer and the central server computer, wherein the first local server computer is one of the two or more local server computers. The computer transfers, based on the strategy, a second portion of the file between a second local server computer and the central server computer, wherein the second local server computer is one of the two or more local server computers.

Abstract: A computer-implemented system and method for secure electronic message exchange including coupling a control platform to a workstation of a plurality of workstations via a communications medium, where the control platform includes one or more apparatuses for monitoring, controlling, conversion, and billing, related to messages exchanged between a plurality of local users and a plurality of remote users. The system prevents forwarding or copying of a message sent by a local user of the plurality of local users and received by a remote user of the plurality of remote users, to another party by the control platform. The system and method also provides for authenticating the remote user with the control platform.

Abstract: A computer-implemented system and method for secure electronic message exchange including coupling a control platform to a workstation of a plurality of workstations via a communications medium, where the control platform includes one or more apparatuses for monitoring, controlling, conversion, and billing, related to messages exchanged between a plurality of local users and a plurality of remote users. The system prevents forwarding or copying of a message sent by a local user of the plurality of local users and received by a remote user of the plurality of remote users, to another party by the control platform. The system and method also provides for authenticating the remote user with the control platform.

Abstract: An information processing system that includes a service providing unit providing a service to an apparatus associated with a license; and a license administration unit administrating a provisionally registered license or a registered license, wherein the service providing unit includes a second memory storing a copy of license information, and an activation unit that receives a request to activate the license from the apparatus, activates the provisionally registered license or associates the registered license with the identification information of the apparatus, and requests a change of the license information stored in the second memory unit to be reflected on the license information stored in the first memory unit, wherein the activation unit adjusts a quantity of the identification information of the apparatus associated with the registered license based on the quantity of the apparatus by which a service included in the license information is made usable.

Abstract: An approach is provided for distributed policy management and enforcement. A policy manager determines one or more domains of an information system. The one or more domains are associated at least in part with respective subsets of one or more resources of the information system. The policy manager also determines one or more respective access policies local to the one or more domains. The one or more respective access policies configured to enable a determination at least in part of access to the respective subsets, the one or more resources, or a combination thereof. At least one of the one or more respective access policies is configured to operate independently of other ones of the one or more respective schemas.

Abstract: The invention enables digital music content to be downloaded to and used on a portable wireless computing device. An application running on the wireless device has been automatically adapted to parameters associated with the wireless device without end-user input (e.g. the application has been configured in dependence on the device OS and firmware, related bugs, screen size, pixel number, security models, connection handling, memory etc. This application enables an end-user to browse and search music content on a remote server using a wireless network; to download music content from that remote server using the wireless network and to playback and manage that downloaded music content. The application also includes a digital rights management system that enables unlimited legal downloads of different music tracks to the device and also enables any of those tracks stored on the device to be played so long as a subscription service has not terminated.

Abstract: A location-reporting request is sent by a processor to at least one remote server. The location-reporting request requests processing of data away from a geo-location-aware client device and instructs any available server to respond with a reported geographic location. An asserted geographic location is received from a remote server available to process the data. A determination is made as to whether the asserted geographic location of the available remote server satisfies location-based data processing restrictions that regulate remote processing of the data away from the geo-location-aware client device. In response to determining that the asserted geographic location of the available remote server satisfies the location-based data processing restrictions, the asserted geographic location is verified using a geo-location assertion server. In response to a successful verification of the asserted geographic location of the available remote server, the data is sent to the available remote server to process.

Abstract: A system and method for providing access to an object over a network may comprise hosting an object on a distributed data processing system accessible over the network, the object contained within a cell; generating, by a cell access provider, a unique and random address for the cell containing the object, utilizing an address resolution module and providing, by the cell access provider, the unique and random address to a computing device of a unique consumer; and upon receipt of the unique and random address from the unique user, matching the unique and random address with the cell to facilitate access by the unique user to the object. The object may comprise a virtual object acting as a cell for facilitating access to one or more additional objects. The virtual object cell may contain one or more unique and random addresses facilitating access to one or more additional objects.