Abstract: Systems and methods for managing privacy settings of shared content include receiving content associated with an object; receiving privacy settings associated with the object associated with the received content; based on the received privacy settings, obfuscating, at least a portion of the content associated with the object to generated obfuscated content; and transmitting the obfuscated content to a publishing server, wherein the publishing server publishes the obfuscated content to one or more third parties.

Abstract: Methods and apparatus for optimizing computer detection of malware using pattern recognition by refreshing random classification forests are described. In one embodiment, one or more selected trees of a random forest on a computing system may be replaced by one or more new trees. As new categorized data becomes available, one or more new trees may be generated using the new categorized data. Once the one or more new trees are available, the performance of the one or more new trees may be compared to the performance of the trees in the current random forest. Based on this comparison, one or more trees of the random forest may be selected to be replaced by one or more of the new trees.

Abstract: A method for providing a transparent asynchronous network flow exchange is provided. The method may include receiving a query request from a requester, whereby the received query request is associated with a network packet. The method may also include determining if the network packet contains a plurality of defined signatures. The method may further include in response to determining that the network packet contains a plurality of defined signatures, authenticating a plurality of information associated with the network packet. The method may additionally include determining a plurality of flow related security information associated with the network packet based on the authentication of the plurality of information. The method may include sending the determined plurality of flow related security information to the requester.

Abstract: An information processing system including at least one information processing apparatus includes an access control unit configured to receive a request from a service use apparatus to a service providing apparatus, to give, in a case where the request includes information of a completed authentication, based on setup information in which a type of giving information to be given to the request is set, the giving information of the type set in the setup information, and to send the request to the service providing apparatus; and an information providing unit configured to administer the giving information corresponding to the information of the completed authentication, and to provide the giving information corresponding to the information of the completed authentication received from the access control unit to the access control unit.

Abstract: A wireless device blocking tool includes a user interface, a location engine, and a connection engine. The user interface receives at least one of a MAC address and an IP address of a device. The location engine communicates a query to an access control server, receives a response from the access control server, and determines, based on the response, whether the device connected to a network through a wireless connection or a wired connection. If the device connected through the wireless connection, the location engine determines a WLC through which the device connected and if the device connected through the wired connection, the location engine determines a switch through which the device connected. The connection engine connects to the determined WLC if the device connected through the wireless connection and connects to the determined switch if the device connected through the wired connection.

Abstract: A method for signing and subsequently verifying a digital message, including the following steps: generating an irreducible monic polynomial f(x) of degree n in a ring Fq[x]; generating an irreducible monic polynomial F(y) of degree n in a ring Fq[y]; producing first and second finite fields as Fq[x]/(f(x)) and Fq[y]/(F(y)), respectively; producing a secret isomorphism from the first finite field to the second finite field; producing and publishing a public key that depends on F(y); producing a private key that depends on the secret isomorphism; producing a message digest by applying a hash function to the digital message and the public key; producing a digital signature using the message digest and the private key; and performing a verification procedure utilizing the digital signature and the public key.

Abstract: A communication system includes a first communication device that determines, using identification information on a frame, whether to receive the frame, and a second communication device that belongs to a network identical to the first communication device. A report frame includes a detection of an attack on the network and target identification information that is identification information included in a frame used to perform the attack. When the first communication device receives a report frame from the second communication device, the first communication device sets the frame including the target identification information to be an authentication processing target. Upon transmitting a transmission frame set to be the authentication processing target, the first communication device transmits authentication information generated from the transmission frame along with the transmission frame.

Abstract: A foldable device includes: a display; a touch panel configured to detect a touch input; a sensing interface configured to detect an angle of the foldable device; and a controller configured to activate the display unit when the angle detected by the sensing unit as the foldable device is unfolded is equal to or greater than a first angle, and activate the touch panel when the angle detected by the sensing unit is equal to or greater than a second angle.

Abstract: The invention discloses a method for encrypting and/authenticating, comprising the following steps: Sending a request for a first bit combination or character combination as a first sub key (102); storing said first bit combination or character combination in the memory (104); generating a second bit combination or character combination as a second sub key (106), wherein the second bit combination or character combination is a random or pseudo random pattern; and combining said first sub key and second sub key to a key (108); further comprising at least one of the following steps: encrypting the data with the key (110); using the key as an authentication password (112); and a method of decrypting and/or authenticating, comprising the following steps: sending a request for a first bit combination or character combination as a first sub key (202); storing said first bit combination or character combination in the memory (204); repeating the following steps until a key has been verified as valid: generating o

Abstract: The method for tracking a cyber hacking is provided. The method of connection fingerprint generation and stepping-stone traceback based on NetFlow includes receiving a traceback request including IP packet attribute information of a victim and an attacker which corresponds to a target connection that is the last connection on a connection chain, generating a fingerprint for an associated connection based on the IP packet attribute information and requesting a NetFlow collector for relevant information, detecting a stepping-stone connection to the target connection which is generated at the time of generation of the fingerprint and instructing to check whether sorted candidate connections are present on the same connection chain as the target connection, and determining an order of the candidate connections based on an attacker host when the candidate connections are determined to be present on the same connection chain as the target connection.

Abstract: A system is configured for real time detection and prevention of segregation of duties violations in business-critical applications. The system includes a software application monitor, a Segregation of Duties (SoD) conflict detection engine, a processor and a memory. The software application monitor configured to monitor an action executed by a user in the software application in real-time. The SoD conflict detection engine receives an action notification from the software application monitor having an action and an associated user, and determines whether the action is associated with a conflict in a conflict rule database. The engine looks up the user and action and determines if the user has permission to execute the action and/or if the user has previously executed the action, and if so outputs a preventive alert indicating a segregation of duties violation.

Abstract: A processing system associated with a dispersed storage network is configured to detect a plurality of encoded data slices to be rebuilt, wherein the plurality of encoded data slices are associated with the DST execution unit; identify a plurality of slice names associated with the plurality of encoded data slices; obtain a slice name to slice memory device mapping for the DST execution unit; determine a schedule of rebuilding the plurality of encoded data slices, based on the mapping; and facilitate rebuilding the plurality of encoded data slices in accordance with the schedule of rebuilding.

Abstract: An anonymized biometric representation of a target individual is used in a computer based security system. The system receives a record of a target individual containing a weakened biometric representation of a detailed biometric signal of the target individual. The weakened biometric representation is designed to identify a plurality of individuals including the target individual when compared to detailed biometric signals corresponding to the plurality of individuals. The system obtains a detailed input biometric signal from a screening candidate individual. The system determines whether the detailed biometric signal of the screening candidate matches the weakened biometric representation included in the record for the target individual.

Abstract: A wireless device blocking tool includes a user interface, a location engine, a retrieval engine, and an update engine. The user interface receives at least one of a MAC address of a device and an IP address of the device. The location engine communicates a query to an access control server, receives a response from the access control server in response to communicating the query, and determines, based on the response, that the device connected to a network through a wireless connection. The location engine also determines a WLC through which the device connected. The retrieval engine retrieves, from the WLC, an access control list. The update engine disconnects the device from the VLAN and reconnects the device through a second VLAN.

Abstract: A system and method for detecting abnormal traffic behavior. The method comprises: applying a task to an input data set to create an un-normalized cluster of traffic features, wherein the task defines a plurality of traffic features; computing a center point of the cluster of traffic features; computing a distance between the computed center point and a new sample, wherein the new sample includes traffic features defined in the task; and determining, based on the computed distance, whether the received new sample demonstrates abnormal behavior.

Abstract: Disclosed are approaches for native enrollment of mobile devices. A first message is received from a client device, wherein the first message comprises an enrollment request for the client device. An application is sent to the client device, wherein the application is to be installed on the client device. A second message is received from the client device, wherein the second message comprises an authentication request from the client device. Authentication credentials are then provided to the installed application. A third message is received from the client device, wherein the third message comprises an enrollment confirmation for the client device. The enrollment status of the client device is then changed. Finally, a policy is sent to the installed application.

Abstract: According to one example of the present invention, there is provided, a method of accessing a service. The method comprising: receiving, from a requesting user, a request for a number of accessing users to have access to the service, generating service access data associated with the service, providing, to the requesting user, the generated service access data for distribution to the accessing users, receiving, from an accessing user, service access data, determining, based in part on the received service access data, whether the service can be provided, and where it is so determined, providing the service to the accessing.

Abstract: Methods and apparatuses that collect tracking data items into a plurality of data stores for one or more domain in response to resources received from the domains are described. Each tracking data item may be accessible for one of the domains. Relationships of the domains may be identified among the tracking data items across multiple data stores according to the resources received. One or more of the domains may be selected according to the identified relationships to control accessibility of the tracking data items for the domains. The data stores may be updated to prohibit accessing at least a portion of the tracking data items for the selected domains.

Abstract: A device blocking tool includes a user interface, a location engine, a retrieval engine, and an update engine. The user interface receives at least one of a MAC address and an IP address of a device. The location engine communicates a query to an access control server, receives a response, and determines, based on the response, that the device connected to a network through a wired connection. In response that determination, the location engine determines a switch through which the device connected. The location engine also determines a number identifying a VLAN through which the device connected and determines that the device is an IP telephone. The retrieval engine retrieves an access control list. The update engine disconnects the device from the VLAN and reconnects the device through a second VLAN.

Abstract: A secure access client can be employed to enforce limitations on a user's access to a file while also allowing the user to access the file using an application of choice. To provide this functionality, the secure access client can implement an RDP client that is configured to create an RDP session with an RDP service executing on the same computing device. The RDP service can allow the secure access client to display the user interface of an application employed to open a file. The secure access client can be configured to selectively apply access limitations on a per file basis. This selective enforcement can be accomplished by only implementing a virtual channel extension to provide a particular type of access to the file when the file's access limitations would allow such access.