Abstract: A method for generating a key hierarchy by a MS in a wireless network is provided. The method includes transmitting an authentication request message to a new BS, receiving an authentication response message as a response message to the authentication request message from the new BS, determining whether to perform a full authentication operation with a H3A server based on the authentication response message, performing the full authentication operation or a crypto-handshake operation with the H3A server based on the determining result, after performing the full authentication operation or the crypto-handshake operation, determining whether a first expected signature value received from the new BS is identical to a first expected signature value calculated by the MS, and if the first expected signature value received from the new BS is equal to a first expected signature value calculated by the MS, determining that an authentication for the new BS has succeeded.

Abstract: A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user's position or department), behavioral attributes, and other criteria.

Abstract: Generally, this disclosure describes providing theft deterrence for a device while in transit. The system may include lock state circuitry configured to receive and store an unlock token, the unlock token configured to indicate that an associated device has successfully completed transit from a source to a destination; and lock state read circuitry configured to request the unlock token from the lock state circuitry and to determine whether the associated device has successfully completed transit from the source to the destination based on the unlock token.

Abstract: A computer system supports a validation system that enables a business client to validate a business associate who has called the client using a pass phrase. The computer system manages one or more pass phrases that have been previously configured by the business client. The client can then challenge a caller (the purported business associate) with the phrase or keyword to make sure the caller is actually the authorized business associate before providing any sensitive information. Management of phrases and/or keywords may include a computer-executable process where in the client may set up phrases (for example, a challenge question and a corresponding answer) or keyword through an on-line application, telephone, e-mail or any other suitable communication mechanism. The business client may have an option to change, delete or create phrases and/or keywords at any time through appropriate security measures.

Abstract: An equipment manager manages the operating state of equipment. A user verification processor performs user verification according to a request from a monitoring terminal, and when user verification is successful, generates for each facility management device a verification code in which verification data, to which a digital signature has been added using a self-owned secret key, has been encoded using a public key of each facility management device, and transmits the verification codes to the monitoring terminal. After receiving the verification code, a verification code analyzer decodes the verification code using the self-owned secret key, and performs verification by verifying the digital signature using the public key of a representative facility management device. When verification is successful, a Web server is able to monitor and manipulate data that indicates the operating states of all of the equipment that is managed by the equipment manager.

Abstract: The various aspects include systems and methods for enabling mobile computing devices to recognize when they are at risk of experiencing malicious behavior in the near future given a current configuration. Thus, the various aspects enable mobile computing devices to anticipate malicious behaviors before a malicious behavior begins rather than after the malicious behavior has begun. In the various aspects, a network server may receive behavior vector information from multiple mobile computing devices and apply pattern recognition techniques to the received behavior vector information to identify malicious configurations and pathway configurations that may lead to identified malicious configurations.

Abstract: A method for unlocking a screen of the electronic device are provided. The method includes: detecting, in a screen-locked state, intent of a user to unlock the screen; if it is detected that the user intends to unlock the screen, extracting contact information from the storage unit of the electronic device, where the extracted contact information includes a first attribute value and second attribute values; displaying the first attribute value of the extracted contact information on the screen and displaying the second attribute values in a selectable manner; and detecting an operation of choosing a second attribute value by the user, and comparing the second attribute value chosen by the user with a second attribute value that is in the storage unit and corresponding to the displayed first attribute value; if the two values are the same, unlocking the screen; and otherwise, maintaining the screen-locked state.

Abstract: A watermark generator for providing a watermark signal as a sequence of subsequent watermark coefficients based on a stream of subsequent stream values representing discrete valued data includes a differential encoder. The differential encoder is configured to apply a phase rotation to a current stream value of the stream values representing the discrete valued data or to a current watermark symbol, the current watermark symbol corresponding to a current stream value of the stream values representing the discrete valued data, to obtain a current watermark coefficient of the watermark signal. The differential encoder is configured to derive a phase of a previous spectral coefficient of a watermarked signal which is a combination of the host signal and the watermark signal, and to provide the watermark signal such that a phase angle of the phase rotation applied to the current stream value or the current watermark symbol is dependent on the phase of the previous spectral coefficient of the watermarked signal.

Abstract: Establishing access controls includes establishing a communication session between an unrecognized user identity of a user device and a destination system through an online access provider device that provides the user device with access to the destination system. The communication session is established from a premise having associated therewith one or more user identities that are recognized by the online access provider device, with at least two of the recognized user identities being associated with different access control levels. An access control level to apply to communications between the unrecognized user identity of the user device and the destination system is determined by applying an access control level established for one of the recognized user identities. The determined access control level is applied to communications between the unrecognized user identity of the user device and the destination system.

Abstract: A search index stored within the system having a plurality of individual search index files having information stored therein. At least one of the individual search index files constitutes a term dictionary or a term index type file having internal structure that allows a portion of the individual search index file to be updated, encrypted, and/or decrypted without affecting the internal structure of the individual search index file. A file input/output (IO) layer encrypts the information being written into the individual search index file and to decrypt the information being read from the individual search index file. The file TO layer encrypts and decrypts only a portion of the individual search index file in reply to an operation without requiring decryption or encryption of the individual search index file in its entirety. A query interface executes the operation against the information stored in the memory in its decrypted form.

Abstract: Anomaly detection is disclosed, including: determining a set of anomalous events associated with an enterprise network; and determining a path of interest based at least in part on at least a subset of the set of anomalous events.

Abstract: To recover data, tampering of an electronic device that stores data in a storage medium of the electronic device is detected. A recovery procedure receives information relating to prioritizing of types of the data, and the recovery procedure detects a communication link. The recovery procedure sends the data over the communication link for transfer to a recovery destination, wherein the data is sent in an order according to the information relating to prioritizing of the types of the data.

Abstract: The embodiments of the disclosure provide a page display method and apparatus, belonging to the field of terminals. The method comprises monitoring the page browsing mode of a browser while running the browser; determining a changed page browsing mode, if the page browsing mode of the browser is changed; and displaying a tips button on the current page of the browser, if the changed page browsing mode is a specified mode. The apparatus comprises a monitoring module, a determining module, and a displaying module. Thereby, the tips-making process while switching modes is simplified. The tips button is displayed on a specific location to remind users, without breaking the continuous browsing via the browser, so that non-trace switch can be achieved when the browser changes its page browsing mode.

Abstract: A first network device may discover one or more values of one or more parameters corresponding to a plurality of links and/or devices of the network. The first network device may compare the discovered one or more values of the one or more parameters to an expected one or more values of the one or more parameters. The first network device may determine whether to transmit data onto a network path between the first device and one of the plurality of devices based on a result of the comparison, wherein at least one of the plurality of links and/or devices are not part of the network path. The first network device may be operable to utilize the discovered parameter values to generate a security key which may be utilized to encrypt and/or scramble content prior to transmitting the content onto the network.

Abstract: Systems and methods for managing a data incident are provided herein. Exemplary methods may include receiving data breach data that comprises information corresponding to the data breach, automatically generating a risk assessment from a comparison of data breach data to privacy rules, the privacy rules comprising at least one federal rule, at least one state rule, and at least one contractual obligation, each of the rules defining requirements associated with data breach notification laws, and providing the risk assessment to a display device that selectively couples with the risk assessment server.

Abstract: An information delivery system includes: a control unit configured to: generate an anonymous identity for concealing client information of an anonymous client from a provider, generate a comparison result for determining whether a client encryption data of the anonymous identity matches with a provider encryption data of the provider, obtain a provider notification based on the comparison result of a match for displaying on a device, and a user interface, coupled to the control unit, configured to display the provider notification.

Abstract: A signature rule processing method, a server, and an intrusion prevention system is provided. The method includes: performing, by a cloud server, correlation analysis on signature rule usage status information of each security device connected to the cloud server and a latest signature rule set published by the cloud server, to obtain a most active threat signature rule identification list, and sending, by the cloud server, update information to each security device to update a signature rule after generating the update information according to the most active threat signature rule identification list. The present invention is applicable to the field of network security systems.

Abstract: A system and method that correlate business transaction in a system and traffic generated from this business transaction in a network back to a user identity that invoked this business transaction and generated subsequent network traffic. The method enables a user to set up rules for tracking the activities in a system and network traffic and these rules can then be user later for monitoring user activities. The user activities, network traffic, and the user identity are correlated and stored in a data-to-business mapping file. This data-to-business mapping file can be used for auditing events in the system.

Abstract: After successfully authenticating a user of a mobile device, products that have been registered with the server are determined. For each of the registered products, a list of support options available to the user is determined for a corresponding registered product, the list of support options including a live support option and a self-support option. For the self-support option available to the corresponding registered product, articles associated with the corresponding registered product are identified that have been published in an online publication forum. For the live support option available a list of communication options is determined that is available for the user to establish a live communication session with a support agent. A personalized page to the mobile device to be displayed at a display of the mobile device, listing the registered products. Each product is associated with the support options available.

Abstract: The present invention relates to computer-based devices and methods supporting document exchange choreographies. More particularly, aspects of the present invention relate to devices and methods that facilitate evolution of systems by various combinations of choreography versioning, service versioning and document versioning. It provides for choreography management using a choreography agent and presents choreography-enabled interfaces to non choreography enabled applications. Additional aspects of the present invention include a graphical design tool and transparent aliasing of a host service as multiple context setting franchised services. Particular aspects of the present invention are described in the claims, specification and drawings.