Abstract: A system and method of guaranteeing the presence of secure and tamper-proof remote files over a distributed communication medium, such as the Internet, is provided. The system and method automatically detects, and then self-repairs corrupt, modified or non-existent remote files. The method first performs an integrity check on a remote file and then determines whether the integrity check passed. If the integrity check passed, then the user goes through the authentication process as normal. If the integrity check fails, then the present invention redirects to an install module in order to prepare to reinstall the remote file. Via the install module, the present invention then reinstalls the remote file and the user is then taken through the authentication process as normal.

Abstract: Systems, methods and articles of manufacture for delivering website content to an internet user which is personalized to the user based on a persona associated with the user. A persona database system accesses personal and financial data for the user from any suitable source, such as from a tax return of the user or personal finance management application or even a questionnaire. The persona database system matches the user's data to a persona for the user from a predetermined, discrete set of personas, wherein each persona identifies a generalized profile of personal and financial characteristics of the user. Then, when a user access a website hosted by a website server, the website server accesses the persona for the user from the persona database system and the website server personalizes the website content delivered to the user based on the persona for the user.

Abstract: The present invention relates to digital rights management (DRM) for content that may be downloaded and bound to a storage device. The storage device may be an intelligent storage device, such as a disk drive, or network attached storage. In addition, the storage device is capable of performing cryptographic operations and providing a root of trust. In one embodiment, the DRM employs a binding key, a content key, and an access key. The binding key binds the content to a specific storage and is based on a key that is concealed on the storage. However, the binding key is not stored on the storage with the content. The content key is a key that has been assigned to the content, for example, by a trusted third party. The access key is determined based on a cryptographic combination of the content key and the binding key. In one embodiment, the content is encrypted based on the access key and stored in encrypted form in the storage device.

Abstract: A confidential information exchange between a sender and a receiver may be conducted without the use of encryption keys. The information is coded with a Challenge-Response Table that is shared between the sender and the receiver. Rather than sending a challenge and then waiting for a response, the challenge and response are both sent by the sender of the information. The information sent comprises an index with a challenge and a response from the Challenge-Response Table. Upon receiving the coded information, the receiver uses the Challenge-Response Table to decode the information by using the index to locate the challenge and its valid response. Upon determining that the challenge and the response are correct, a first decoded answer is determined. Upon determining that either the challenge or the response, or both, are incorrect, a second decoded answer is determined.

Abstract: Publishing content associated with an electronic file attached to an electronic message by executing instructions contained in the electronic attachment and accessing the content at a remote computer server identified by the attached file. The attached file includes computer-executable instructions, such as a computer program or script, which include an identifier for a remote server connected to a distributed computer network. This identified remote server typically hosts a web site containing content for viewing by the recipient of the electronic message. In response to launching the attached file of the electronic message with a viewer program, a browser program can be opened to enable the recipient to view the content of the identified remote server, typically a web site on an intranet or the global Internet.

Abstract: Aspects of the disclosure provide a system that includes a protected module, an input module and a gesture engine. The protected module is configured to be accessible based on a specific gesture of a user predetermined to have a right to access the protected module. The input module is configured to receive an input gesture from a requester to access the protected module. The gesture engine is configured to be trained to process the input gesture in order to grant/deny an access to the protected module by the requester.

Abstract: A computer-implemented method is presented herein. The method obtains a first content item from an online source, and then generates a characterizing signature of the first content item. The method continues by finding a previously-saved instance of the characterizing signature and retrieving data associated with a second content item (the second content item is characterized by the characterizing signature). The method continues by analyzing the data associated with the second content item, corresponding data associated with the first content item, and decision criteria. Thereafter, either the first content item or the second content item is identified as an original content item, based on the analyzing. The other content item can be flagged as an aggregated content item.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for key management for Issuer Security Domain (ISD) using GlobalPlatform Specifications. A client receives from a server an authorization to update a first ISD keyset. The client encrypts, via a client-side secure element, a second ISD keyset with a server public key. The client sends the encrypted second ISD keyset to the server for updating the first ISD keyset with the encrypted second ISD keyset. Prior to updating, the client generates the first ISD keyset at a vendor and sends the first ISD keyset to the client-side secure element and sends the first ISD keyset encrypted with the server public key to the server. The disclosed method allows for updating of an ISD keyset of which only the client-side secure element and a server have knowledge.

Abstract: A decentralized multi-authority functional encryption according to which the security of the whole system does not depend on a single party. Among a plurality of key generation devices, arbitrary one key generation device generates gparam, and each key generation device generates an authority public key and an authority secret key based on gparam. At least some key generation devices among the plurality of key generation devices generate a part of a decryption key of the user based on the authority secret key ask. The user forms one decryption by putting together the decryption keys generated by at least some of the key generation devices, and decrypts a ciphertext.

Abstract: Method for establishing and maintaining a person's identity starts at the time the person registers with the system using a mobile device to validate the identity of a person in an inherently anonymous computing environment such as the internet or any other distributed network where face to face communication is not possible. The person will provide information required to establish the person's identity with an authenticator. The authenticator then submits that information to the system administration service to be validated by external databases and services. The external service provides a set of challenge/response questions unique to that person to establish positive identification. Upon successful authentication of the person's identity, the person and their device will be associated with each other and recorded in the system. Each authentication service will define a criterion, labeled as a schema, by which authentication events will be governed.

Abstract: A system for interactive network access approval includes a server, a first application running on a first device for requesting access to a website on the network, and a second application running on a second device for approving access to the website. The server receives a request via the first application for access to the website, immediately transmits the request to the second application, receives via the second application approval for access to the website, and immediately grants access to the website to the first application. A method for granting access to a website is also described.

Abstract: In an intermediation system, an intermediary is positioned along a communications path between a client and a server. The client sends a payment message over the communications path to consummate a payment. The intermediary receives the payment message and detects whether the message includes an account number, such as a credit card number. The intermediary replaces the account number with a limited-use payment number, such as a one-time-use credit card number. The intermediary may request the limited-use payment number from a credit card issuer. The intermediary may send a verification message to the client to verify that the client approves of the replacement of the account number with a limited-use payment number.

Abstract: A method for ensuring media stream security in an IP Multimedia Subsystem network is disclosed. The method includes: assigning an end-to-end media stream security key for a calling User Equipment (UE) or a called UE, by a network device with which the calling UE or the called UE is registered, respectively, and transmitting the media stream security key to a network device with which the opposite end is registered; encrypting the end-to-end media stream security key using a session key shared with the calling UE or the called UE respectively, and transmitting the encrypted end-to-end media stream security key to the calling UE or the called UE, respectively, via a session message; encrypting or decrypting a media stream, by the calling UE or the called UE, respectively, using the end-to-end media stream security key.

Abstract: A method for secure text-to-speech conversion of text using speech or voice synthesis that prevents the originator's voice from being used or distributed inappropriately or in an unauthorized manner is described. Security controls authenticate the sender of the message, and optionally the recipient, and ensure that the message is read in the originator's voice, not the voice of another person. Such controls permit an originator's voiceprint file to be publicly accessible, but limit its use for voice synthesis to text-based content created by the sender, or sent to a trusted recipient. In this way a person can be assured that their voice cannot be used for content they did not write.

Abstract: Web pages and applications commonly consume functionality provided by services to provide users with a rich experience. For example, a backend mapping service may provide access to these services. However, the users and application consuming the services may be anonymous and unverified. Accordingly, a two ticket validation technique is provided to validate service execution requests from anonymous applications. In particular, a user is provided with a client ticket comprising a reputation. The reputation may be adjusted over time based upon how the user consumes services. An application may request access to a service by providing the client ticket and an application ticket for validation. The reputation of the user may be used to determine an access level at which the application may access the service. Users with a high reputation may receive high quality access to the service, while users with a low reputation may receive lower quality access.

Abstract: A mechanism is provided for establishing a trust relationship between two products. A resource device receives a registration request from an application device to access a resource on the resource device by an application and users of the application on the application device. The resource device sends a registration response using a redirection uniform resource identifier (URI) provided with the registration request, where the registration response includes an authorization code and a symmetric key in response to authenticating the registration request. The resource device receives an access token request that includes the symmetric key, verifiable authentication data, and the redirection URI. The resource device sends an access token to the application device in response to validating the access token request, where the access token allows for access to the resource on the resource device thereby establishing the trust relationship between the resource device and the application device.

Abstract: A computer-implemented method for securing personal information of a user on social networks. The method involves: receiving personal information from a user in an unencrypted textual form by a client computer; transmitting the received personal information via a secure virtual private network (VPN) connection to a dedicated VPN server/proxy; receiving the personal information at the dedicated VPN server/proxy; encrypting the received personal information at the dedicated VPN server/proxy using an encryption key; and transmitting the encrypted personal information from the dedicated VPN server/proxy to the social network. Other users of the social network also use the dedicated VPN server/proxy in order to decrypt (access) the personal information of the user, which has been encrypted as specified above.

Abstract: Systems and methods are disclosed for privacy-preserving flexible user-selected anonymous and pseudonymous access at a relying party (RP), mediated by an identity provider (IdP). Anonymous access is unlinkable to any previous or future accesses of the user at the RP. Pseudonymous access allows the user to associate the access to a pseudonym previously registered at the RP. A pseudonym system is disclosed. The pseudonym system allows a large number of different and unlinkable pseudonyms to be generated using only a small number of secrets held by the user. The pseudonym system can generate tokens capable of including rich semantics in both a fixed format and a free format. The tokens can be used in obtaining from the IdP, confirmation of access privilege and/or of selective partial disclosure of user characteristics required for access at the RPs. The pseudonym system and associated protocols also support user-enabled linkability between pseudonyms.

Abstract: A method is provided for generating a correspondence table suitable for use in a cryptographic processing method and comprising storing a plurality of input data and of output data in the table, each input datum being associated with at least one output datum in the table. For each input datum, at least one of the output data is obtained by applying a coding function to a first subsidiary datum and to an encrypted intermediate datum depending on the input datum. Also provided are a corresponding encryption method, a storage unit suitable for storing the correspondence table generated by the above generation method, a device for physically implementing such a correspondence table, a decryption device including such a storage unit, and a computer program product suitable for implementing the above generation method.

Abstract: Methods and systems are provided herein to enable secure proxying of network traffic between trusted and untrusted environments. In particular, a secure proxy may be provided that includes a set of security layers and a secure endpoint resolver, either of which may be provided and/or updated by a service provider. The security layers may be associated with policies that may be applicable to various network protocol layers (e.g., application layer). The security layers may be used to inspect, restrict and/or modify traffic between the trusted and untrusted environment to ensure data and network security. The secure endpoint resolver may be used, for example, by an application in the trusted environment, to obtain current service-related information such as the list of IP addresses currently associated with a service or service endpoint. Such endpoint information may be used, in turn, to update security layer policies such as a white list.