Abstract: Systems and methods for authenticating a user attempting to access content are provided. The method includes requesting a first at least one user credential, determining if the requested first at least one user credential matches a second at least one user credential used when the user accessed previously accessed content, and generating a list of content providers requiring the second at least one user credential for access when the first at least one user credentials matches a second at least one user credential. The method also includes requiring the user to select a content provider from the list of content providers, allowing the user to access the content if the selected content provider corresponds to the content being accessed by the user, and preventing the user from accessing the content if the selected content provider does not correspond to the content being accessed by the user.

Abstract: Provided are a communication method and system that integrate 5G communication systems with IoT technologies to support higher data rates after 4G systems. The present disclosure is based on 5G communication technologies and IoT related technologies, and may be applied to intelligent services (e.g. smart homes, smart buildings, smart cities, smart or connected cars, health care, digital education, retail, and security and safety). There is provided a method of profile downloading for a terminal. The method may include: transmitting a first profile download request to a profile providing server; receiving unencrypted first profile information from the profile providing server; checking whether there is an input for consenting to profile downloading after receiving unencrypted profile information; and determining whether to download an encrypted profile on the basis of the check result. There is also provided a terminal capable of performing the above method.

Abstract: A method for storing a first data object includes: decomposing the first data object into a first fragment associated with a first original record locator and a second fragment associated with a second original record locator; obfuscating the first original record locator to generate a first obfuscated record locator and the second original record locator to generate a second obfuscated record locator; encrypting the first fragment using a first encryption key and the second fragment using a second encryption key; and storing, to at least a first of a plurality of storage locations, the first encrypted fragment with the corresponding first obfuscated record locator and the second encrypted fragment with the second obfuscated record locator.

Abstract: Systems and methods for retrieving a data object. An example method includes: receiving a query comprising a field identifier and a field value related to the field identifier; determining the field identifier corresponds to an entry of a data map, the data map comprising a plurality of entries generated in part based on a plurality of field identifiers; in response to the determination, obfuscating at least one of the field identifier, field value, and both the field identifier and the field value to generate a record locator; identifying one or more encrypted values within the data map based on the record locator, wherein the one or more encrypted values is associated with the entry having an corresponding record locator that matches the generated record locator; and decrypting and forwarding the one or more encrypted values as a response to the query.

Abstract: Disclosed are various embodiments for enforcing device compliance parameters by inhibiting access to devices, networks or resources. Methods may include associating a compliance rule with a client device. If the compliance rule is violated, a setting associated with the client device may be altered. The altered setting may inhibit access to the client device, a network, a client device resource and/or a network resource. For example, necessary password complexities may be increased, password lifetimes may be decreased and/or resources may be restricted based on a geofence, a time of day and/or a day of the week.

Abstract: Concepts and technologies disclosed herein are directed to proxy-based database encryption. According to one aspect, a database encryption proxy system can receive, from a database client, input of a Structured Query Language (“SQL”) statement and data to create an encrypted database table. At least a portion of the data is marked with an encrypted identifier to identify which data is to be encrypted by the proxy-based database. The database encryption proxy system can generate a random string for the portion of the data that is marked with the encrypted identifier. The database encryption proxy system can convert the SQL statement into a converted SQL statement that includes the random string in place of the portion of the data marked with the encrypted identifier and can send the converted SQL statement to a cloud database service that is configured to create the encrypted database table based upon the converted SQL statement.

Abstract: In various embodiments, there is provide a method for organizing devices in a policy hierarchy. The method includes creating a first node. The method further includes assigning a first policy to the first node. The method further includes creating a second node, the second node referencing the first node as a parent node such that the second node inherits the first policy of the first node.

Abstract: The disclosed computer-implemented method for updating locked states may include (i) identifying a computing system and a mobile device that are both operated by a user, (ii) using a signal strength between the computing system and the mobile device to calculate a physical distance between the mobile device and the computing system that correlates to a proximity of the user to the computing system, (iii) calibrating, based on input from a sensor that indicates an activity of the user, a parameter for calculating the physical distance, (iv) using the signal strength and the parameter to recalculate the physical distance, and (v) updating, based at least in part on the recalculated physical distance, a locked state of the computing system in response to a change in the proximity of the user to the computing system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: There is described a method of controlling access to IP streaming content by a plurality of receivers. The method comprises the steps of (a) for each receiver in the plurality of receivers, providing that receiver with access to first control information for that receiver to enable that receiver to access a first portion of the content; (b) identifying a receiver from the plurality of receivers as an identified receiver; (c) updating the first control information so as to provide updated control information for each receiver, the updated control information being associated with a second portion of the content; and (d) configuring each receiver to fetch the updated control information for that receiver. For the identified receiver, the updated control information is invalid such that the identified receiver is unable to fully access the second portion of the content. A server configured to carry out the method is also described.

Abstract: Monitored shareable links to content items in an online content management service. In one aspect, based on determining that a first view metric associated with a shareable link to a content item is above a first activity threshold associated with the shareable link, a first action is taken on the shareable link. The first action can be allowing or denying requested access to the content item via the shareable link or sending a notification to a user that requested creation of the shareable link regarding user activity on the shareable link. Further, based on determining that a second view metric associated with the shareable link is above a second activity threshold associated with the shareable link, a second action is taken on the shareable link. The second action can be like the first action.

Abstract: Aspects of the disclosure relates to managed access to content and/or services. In certain aspects, tokens or other artifacts can be utilized for authentication and authorization.

Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to intercept a query statement at a master machine. The query statement is an instruction from a client machine that specifies how data managed by a distributed storage system should be processed and provided back to the client. In the communication between the client and the master machine, tokens associated with the statement are evaluated to selectively identify a pattern match of one of connection pattern tokens, login pattern tokens or query pattern tokens. For the query pattern tokens, altered tokens for the query statement are formed in response to the pattern match to establish a revised statement. The revised statement is produced in response to application of a policy rule. The revised statement maintains computation, logic and procedure of the statement, but alters parameters of the statement as specified by the policy rule.

Abstract: A redundant and diverse secondary control system mirrors a primary control system but has some fundamental structural difference as compared to the primary control system to prevent a spread of a security breach from the primary control system to the secondary control system. The secondary control system may operate on different hardware built on different software written with different programming language as compared to the primary control system while performing the same function as that of the primary system. By hardware coding the algorithm to produce actuation signals, software based viruses and worms cannot interfere with the secondary control system's operation. A monitor device receives actuation signals from both the primary and secondary controls signals to determine whether an error occurred and to provide correct actuation signals to the controlled system.

Abstract: Data within a file system may be protected using a key rotation scheme. The key rotation scheme may include a data key and a metadata key. The data key may be used to encrypt data portions of the file system while the metadata key may be used to encrypt the metadata of the file system. The metadata key may be generated based at least in part on a user input and may be rotated at the end of a key rotation interval.

Abstract: Systems and methods for generating a data map for retrieval of a data object. An example method includes: receiving an indication to generate a data entry for the data map, the data entry corresponding to a field identifier and a field value related to the field identifier; obfuscating the field identifier to generate a record locator associated with the data entry based, at least in part, on one or more variable storage parameters; and encrypting the field identifier and field value and storing the data entry in the data map as an encrypted field identifier and field value in association with the record locator.

Abstract: Systems and methods are provided for monitoring time-series data relative to a temporal logic specification regarding expected behavior of a system, such as a vehicle. The time-series data and a threshold value(s) specified in the temporal logic specification may be encrypted and analyzed without decrypting the time-series data to maintain the privacy of a user(s) of the vehicle. Encryption of the time-series data and the threshold value(s) may be accomplished using an order preserving encryption scheme. Analysis of the time-series data may be accomplished utilizing a batch processing-type architecture or a continuous processing-type architecture. When utilizing the continuous processing-type architecture, historical time-series data may be stored and utilized to determine whether currently-monitored time-series data satisfies the temporal logic specification.

Abstract: The disclosed computer-implemented method for identifying malicious file droppers may include (1) detecting a malicious file on the computing device, (2) constructing an ordered list of files that resulted in the malicious file being on the computing device where the malicious file is the last file in the ordered list of files and each file in the ordered list of files placed the next file in the ordered list of files on the computing device, (3) determining that at least one file prior to the malicious file in the ordered list of files comprises a malicious file dropper, and (4) performing a security action in response to determining that the file prior to the malicious file in the ordered list of files comprises the malicious file dropper. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: There is disclosed a video player comprising a Widevine decoder, further comprising: a receiver for receiving an asset and an associated manifest file; a search engine for searching the manifest file to identify a KeyID field; a Widevine header creation module for creating a Widevine header including: a KeyID field corresponding to the identified KeyID field of the asset manifest file; and a ContentID field based on the identified KeyID field of the asset manifest file, wherein the format of the KeyID field and the created ContentID field of the created Widevine header are different; an interface for transmitting a request for a license to a Widevine license server, the request including the created Widevine header, and for receiving a Widevine license from the Widevine license server responsive to the request; and a controller for accessing video content associated with the asset using the Widevine license.

Abstract: A method for storing a first data object includes: altering one or more original record locators corresponding to one or more fragments of a decomposed data object based on one or more variable storage parameters; applying an obfuscating function to the altered record locators for each fragment of the decomposed data object, the obfuscated function based at least in part on the one or more variable storage parameters; and storing, in at least one storage location, the obfuscated record locators with and the corresponding fragments.

Abstract: Abstract system and method for enabling data modification, classification and enforcement of IRM capabilities in standard isolated software applications is disclosed, according to which an add-on code is installed on the terminal device of user that runs the standard application. The add-on code is adapted to interact with the virtual keyboard used by the standard application, to form a custom virtual keyboard to which the features of classifying data items(s) and/or of modifying the content of the data item are added, without changing the natural environment, the user is normally used to. Then a custom virtual keyboard that includes a designed UP interfacing objects is created, for adding inputs that are associated with classification and modification in the data item in the form of a hidden tag tot the content of the data item.