Abstract: Certain embodiments described herein are generally directed to checking packets at a hardware tunnel endpoint. In some embodiments, an encapsulated packet is received at a hardware tunnel endpoint. It is determined if an inner source media access control (MAC) address is associated with an outer source internet protocol (IP) address of the encapsulated packet based on a mapping of MAC addresses of virtual computing instances to IP addresses of tunnel endpoints stored at the hardware tunnel endpoint. If it is determined the inner source MAC address is not associated with the outer source IP address, the packet is dropped.

Abstract: A mobile device, an authentication device and authentication methods thereof are provided. The mobile device displays a QR code on its display panel, and continuously transmits a wireless signal carrying a hardware serial number of the mobile device. The QR code stores service data including an identification code assigned to the mobile device and the hardware serial number of the mobile device. The authentication device captures the QR code from the mobile device and determines whether there is a received wireless signal carrying the hardware serial number of the mobile device. If there is a received wireless signal carrying the hardware serial number of the mobile device, the authentication device determines that the QR code passes authentication.

Abstract: The present invention relates to methods for protecting a data signal using the following techniques: applying a data reduction technique to reduce the data signal into a reduced data signal; subtracting the reduced data signal from the data signal to produce a remainder signal; embedding a first watermark into the reduced data signal to produce a watermarked, reduced data signal; and adding the watermarked, reduced data signal to the remainder signal to produce an output signal. A second watermark may be embedded into the remainder signal before the final addition step. Further, cryptographic techniques may be used to encrypt the reduced data signals and to encrypt the remainder signals before the final addition step.

Abstract: Disclosed are a fingerprint identification system and a fingerprint identification method and a display device capable of simplifying operations of starting an application by a user. The fingerprint identification system includes: a fingerprint identification region arranged on a touch screen to acquire an input fingerprint; a fingerprint verification module connected with the fingerprint identification region to verify whether the input fingerprint is a fingerprint of a user and to unlock the touch screen if it is determined that the input fingerprint is the fingerprint of the user; an application start control module connected with the fingerprint identification region and the fingerprint verification module respectively to obtain a finger press direction from the input fingerprint and start an application corresponding to the finger press direction when the input fingerprint is the fingerprint of the user.

Abstract: Generally described, aspects of the present disclosure relate to for managing the configuration and security policies of hosted virtual machine networks. Hosted virtual machine networks are configured in a manner such that a virtual machine manager component can establish service manifests that correspond to information required by the virtual machine network from a user/customer. The virtual machine manager component can also publish in the service manifests contractual information, such as security risk assessments, that are deemed to have been provided and accepted by the user/customer in instantiating virtual machine networks. If the processed service manifest information remains valid, a substrate network process requests or independently instantiate services or components in accordance with the configuration information and security risk information included in the processed service manifest.

Abstract: A system that includes a routing device and a proxy server in a private network. The routing device is configures itself to route data traffic for a network device within a private network using private links. The routing device forwards an access request requesting access to a destination address in a public network from the network device to the proxy server. The proxy server determines whether the access request satisfies a set of access rules and generates an access request response. The routing device forwards the access request response from the proxy server to the network device. The routing device configures itself to route data traffic between the network device and the destination address using public links in response to receiving an access approval message. The routing device communicates data traffic between the network device and the destination address using public links.

Abstract: According to an embodiment, a management apparatus manages pieces of information held by a plurality of devices. The apparatus includes storage, one or more processors, and a transmitter. The storage stores therein the pieces of information held by the devices. The processors generate a list of inspection values indicating the pieces of information stored in the storage. The processors generate determination information for determining, in a state where the list is concealed, whether a provided value is included in the list. The transmitter transmits the determination information to the respective devices.

Abstract: A system and method for network recording and speech analytics wherein a recording system receives media exchanged between first and second communication devices during a telephony call. The media is received by the recording system over a wide area network. The recording system bridges a media path between the first and second communication devices, and replicates media exchanged in the media path for storing the replicated media in a mass storage device. The recording system further captures metadata associated with the call, and stores the captured metadata in association with the stored media. The stored media and metadata may then be provided to a requesting device over the wide area network. The recording system may also be configured to analyze the call recording along with the associated metadata for detecting key words or phrases and/or triggering actionable events.

Abstract: A method for issuing digital credentials includes assigning a digital credential to a user account maintained by the digital content delivery system; receiving, from a mobile computing device associated with the user account, a first request for the digital credential; in response to receiving the first request: determining whether a current location of the mobile computing device is within a predetermined geographic distance of the selected exhibitor location, and determining whether a remaining amount of time until a scheduled start time of the selected scheduled presentation is less than a threshold amount of time; and in response to determining that either the current location of the mobile computing device is outside of the predetermined geographic distance of the selected exhibitor location or the remaining amount of time until the scheduled start time of the selected scheduled presentation is greater than the threshold amount of time, denying the first request.

Abstract: This present disclosure relates to systems and methods for providing a data plane processing tool chain for processing packets that can use OSI layers 4 and above in the data plane without using a hypervisor. The disclosure has multiple processing capabilities, including: packet filtering, resolving DNS packets, generating packets, packet forwarding, performing DNS look up, time-stamping DNS packets, writing packets to disk, load-balancing, and protecting against DDOS attacks.

Abstract: Systems and methods for encryption and authentication are disclosed. A system receives a document request over a network from a first computer system, the document comprising a plurality of fields configured to receive input data. The document is transmitted to the first computer system. Context data and the document, including field input data, are received from the first computer system. An encryption key is generated and used to encrypt the document field input data and the context data. A payload is generated including the encrypted document field input data, the encrypted context data, and a non-encrypted identifier linked to the key. The payload and an image of the document are provided to a second computer system. The document image is viewable using a portable document format viewer. A decryption key request including the identifier linked to the key is received. The decryption key is provided to the second computer system to decrypt the encrypted field input data and the encrypted context data.

Abstract: The disclosed computer-implemented method for data visualization may include (i) identifying a data set that includes data entities and relationships between the data entities, (ii) dividing the data entities into groups, (iii) responding to a request to display the data set within a graphical user interface by portraying the data set as concentric rings, each given ring portraying a corresponding group and portraying data entities within the corresponding group as arcs of the given ring, (iv) receiving an input within the graphical user interface to select a data entity within a group by selecting an arc corresponding to the selected data entity of a ring corresponding to the group, and (v) determining that a subset of data entities within an additional group are related to the selected data entity and highlighting the subset of data entities within an additional ring. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A proxy server is implemented between a user computer and the Web. The user accesses an IAM service and selects a cloud service. The proxy server intercepts the login form from the user, stores the identifier and password, and replaces the identifier and password. The proxy server allows the form to continue to the IAM service which registers the cloud service. Later, the user accesses the IAM service and selects the cloud service. The IAM service returns a login form for the cloud service with the identifier and password and redirects the user's computer to the cloud service. The proxy server intercepts the form and replaces the identifier and password with the correct identifier and password. The proxy server then allows the form to continue to the cloud service. The user is then authenticated by the cloud service and receives a Web page from the cloud service indicating logged in.

Abstract: Providing an electronic message includes constructing a first digital signature of the message and a personal secret known only to a sender of the message, constructing a second digital signature of the first digital signature and the message, and sending to a receiver the message, the first digital signature, and the second digital signature. The personal secret may be initially generated by the sender. The personal secret may be a pseudo-random number. The receiver may archive the message, the first signature, and the second signature. In response to a challenge, the message and the first and second signatures sent with the message may be compared using first and second signatures reconstructed by the sender. In response to at least one of the message and the first signature not matching, the message may be repudiated. Otherwise, the message may be validated. The sender may be a cell phone.

Abstract: A computing device includes an interface configured to interface and communicate with a dispersed storage network (DSN), a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory. The processing circuitry is configured to execute the operational instructions to perform various operations and functions. The computing device receives (e.g., via the DSN and from a first other computing device) a storage request that is based on data object. The computing device extracts a remote address (associated with the first other computing device) from the storage request. The computing device processes the storage request to determine whether any principals are associated with the storage request, wherein the principals include DSN system entities.

Abstract: An encryption circuit includes a fundamental vector generation circuit configured to generate a random number sequence for serving as a fundamental vector based on an initial vector, an image mask generation circuit configured to generate an image mask with a mask value set for each pixel in a region to be encrypted smaller than a frame size of the image, based on the fundamental vector and coordinate information for specifying the region to be encrypted, and an XOR operation circuit configured to compute an exclusive OR between each mask value of the image mask and each pixel value of the image data to generate encrypted image data.

Abstract: Encryption keys for an enterprise are stored at a perimeter device such as a gateway, and rules are applied at the network perimeter to control whether and how these keys are used for cryptographic processing of communications passing through the perimeter device. The encrypted status of communications, e.g. whether and how files are encrypted with the encryption keys, may also be used to assist in selecting appropriate security handling and routing of the communications.

Abstract: This disclosure describes methods and systems for a biometric identity management system capable of being deployed incrementally one organization at a time, and also reversibly, such that any organization can unsubscribe at any time. A biometric processing engine can perform biometric matching between records from a first database and a second database, whereby the databases have been established independently of each other. Each record comprises a biometric record and a corresponding identifier unique across databases. If a biometric record of a first record and a biometric record of a second record are from a same individual, the first record comprising a first unique identifier and the second record comprising a second unique identifier are linked. Using the first or second unique identifiers, access to information about the individual linked to both the first record in the first database and the second record in the second database is provided.

Abstract: A system and method provides security features for inter-computer communications. A user identifier of the user that cannot be used to log the user in to a data consolidating system is received by a matching system from the data consolidating system. The validity of the user is checked at the matching system and, in response to the checking, the user identifier is converted to a different user identifier and the different user identifier is provided to a data providing system by the matching system. The data providing system provides the data of the user in response, and the matching system forwards the data to the data consolidating system.

Abstract: Embodiments for secure data storage that include systems and methods that receive, from a second system maintained by a second entity, a data payload to be stored by the system; secure the data payload at a first time; store the secured data payload; receive a request for access to the data payload; and provide certification, corresponding to a second time subsequent to the first time, that the data payload has not been altered since the first time.