Abstract: A method implemented in a computing system hosting a three-dimensional virtual reality world. The computer system stores a set of searchable records, each having: a searchable hash of at least a portion of personally identifiable information; and an encrypted identity, decryptable using an encryption key generated based at least in part on the searchable hash and a global key. In response to a search request identifying at least a portion of personally identifiable information as a search criterion, the computer system generates a hash of the search criterion, and finds a matching searchable record that has a searchable hash equal to the hash computed from the search criterion. An encryption key is computed based on the global key and the matched searchable record to decrypt an encrypted identity of a user having at least the portion of personally identifiable information that is the search criterion in the search request.

Abstract: An information processing apparatus includes a registration unit, a display control unit, a login processing unit, and a restricting unit. The registration unit registers, as user information about a user who can log into the apparatus, user identification information for identifying the user as well as a display name displayed instead of the user identification information. When a list of user information registered is displayed, the display name as for a user whose display name has been registered and the user identification information as for a user whose display name is not registered is displayed. When the display name or the user identification information displayed is selected, login processing is executed through which a user corresponding to the thus selected name or information can log into the apparatus. The restricting unit restricts registration of the display name so that identical names are not displayed on the list of user information.

Abstract: Systems, devices or methods provide for control of sensitive data in a computer system that includes at least one central server communicatively-coupled to a plurality of client computers. A particular method relates to the execution of software code on the at least one central server to monitor data communications of the plurality of client computers for sensitive data. A subset of the data communications is restricted when sensitive data is detected. Configuration data is provided to each of the plurality of client computers. Software code is executed on each of the plurality of client computers to detect accesses to sensitive data by one or more applications running on a client computer. Actions of the one or more applications running on a client computer are monitored to determine whether or not a trigger event has occurred. In response to determining that the trigger event has occurred, a notification is sent.

Abstract: A method includes accessing genomic data of from a genomic database; generating, by a processor, a first hash by probabilistically and irreversibly encrypting a first portion of the genomic data encoding the first genomic sequence, the first hash projecting the first portion into reduced dimensions such that the first portion of the genomic data encoding the first genomic sequence becomes statistically improbable to recover outside the first processor; generating, by the processor, a first cryptogram by deterministically and reversibly encrypting a second portion of the genomic data encoding the first genomic sequence; generating, by the processor, a look-up table by using at least the first cryptogram as a key and the first portion of the genomic data encoding the first genomic sequence as the value, and transmitting data encoding the first hash and the first cryptogram to one or more processors that are different from the first processor.

Abstract: A method and a system for encrypting data by a data protection system are provided. The data protection system may receive one or more dataset and calculate the number of binary digit ‘1’ in each byte of the one or more dataset. Further, it may determine a slot value for each byte of the one or more dataset based on location of the each byte in a table of the plurality of tables. And, it may identify a pattern index for the each byte based on the location of the each byte in the one or more slots and generates an encrypted byte for the each byte of the one or more dataset. The data protection system may further decrypt the encrypted dataset by receiving one or more encrypted byte.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for storing a plurality of stored fingerprints, wherein each of the stored fingerprints is associated with a respective software environment and a respective mobile device; receiving from a first mobile device a first fingerprint of a first software environment in the first mobile device; determining whether the stored fingerprints include less than a threshold amount of fingerprints identical to the first fingerprint; based on a determination that the stored fingerprints include less than the threshold amount of fingerprints identical to the first fingerprint, determining that the first software environment is a compromised software environment; and performing a corrective measure.

Abstract: A processing device comprises a processor coupled to a memory and is configured to identify a plurality of mobile application market sites accessible over a network, and to extract features from each of the mobile application market sites. Health scores are computed for respective ones of the mobile application market sites based on the corresponding features extracted from those mobile application market sites. One or more proactive measures are initiated to prevent one or more mobile devices from downloading mobile applications from any of the mobile application market sites having computed health scores below a specified threshold. The mobile application market sites may be identified as respective alternative mobile application market sites relative to a known primary mobile application market site. The alternative mobile application market sites may comprise respective alternative mobile application stores.

Abstract: Provided are a method and device for acquiring a message certificate in a vehicle networking system. The method comprises: receiving, by a Background Control Center (BCC), a privilege certificate request instruction sent by an On-Board Unit (OBU); generating and sending, by the BCC, a write control instruction to the OBU, receiving, by the BCC, an application grant request instruction sent by the OBU, the application grant request instruction being used for applying for use of a privilege certificate already written in the OBU to the BCC; and determining, by the BCC, the valid time for the OBU to use a designated privilege certificate, generating an application control instruction according to the determined valid time, and sending the generated application control instruction to the OBU, the application control instruction being used for indicating that the OBU uses the designated privilege certificate within the valid time.

Abstract: Provided is a communication apparatus (121) that securely manages passwords for utilizing a server apparatus. A generator (203) generates a random table having the same number of rows and the same number of columns as a password table associated with a server name specified in an authentication request received by a receiver (202). An acceptor (205) accepts a key from a user to whom the random table is presented by a presenter (204). An identification unit (206) identifies, from the key and the random table, the user's of selection order of elements in the table. An acquirer (207) selects and arranges elements in the password table in the identified selection order, thereby acquiring a password. An output unit (208) displays the acquired password on a display or transmits the acquired password to the server apparatus, thereby allowing the user to utilize the server apparatus.

Abstract: Methods and systems are provided for hardware-based pattern matching. In an embodiment, an intrusion-prevention system (IPS) identifies a full match between a subject data word comprising subject-data blocks and a signature data pattern comprising signature-data blocks. The IPS receives the subject data word via a network interface, and thereafter makes a partial-match determination that two or more but less than all of the subject-data blocks respectively match the same number of the signature-data blocks stored in partial-match hardware with respect to both value and position. Thereafter, the IPS makes a full-match determination that all of the subject-data blocks respectively match all of the signature-data blocks stored in the IPS's full-match hardware with respect to both value and position. The IPS then stores an indicator that the full-match determination has been made, and may carry out one or more additional intrusion-prevention responses as well.

Abstract: The embodiments of the present invention relate to apparatuses in the form of a first network unit and a device, and also relates to a method for enabling protection of a bootstrap message in a device management network system. The method comprises: receiving at the first network unit, a request to bootstrap the device; transmit a request for a bootstrap key, to a second network unit; receiving a message comprising the bootstrap key and further comprises trigger information and transmitting the trigger information to the device to trigger generation of the bootstrap key internally in the device. Thereafter a protected bootstrap message can be transmitted to the device from the first network unit, and when the device verifies and/or decrypts the bootstrap message, device management (DM) sessions can start between the device and the first network unit.

Abstract: A system and method for using a Service-Provider password to simulate F-SSO functionality. A processor receives from an F-SSO Identity Provider authentication data for a user who has requested access to a secured service. The service is managed by an F-SSO Service Provider that does not offer F-SSO functionality for that service. Upon receiving the data, the processor redirects the user to an SU-F-SSO portal of the Service Provider, which uses the received authentication data to authenticate the user. The processor sends the user an on-demand password and, when the user uses that password to sign on, the processor matches the entered password with a stored copy of the password that was sent to the user. If they match, the processor grants the user access to the requested service. In some embodiments, the on-demand password may be a single-use password or may be sent to the user via an out-of-band communication.

Abstract: New techniques are disclosed for protecting a token seed in a multifactor authentication system. A personal identification number is used to derive a fixed share, and the token seed is split, using a secret sharing technique, into a set of three shares made up of the fixed share, a remote share, and a local share, such that the token seed can only be reconstructed using any two of the three shares. The remote share is stored on a remote authentication server, and an encrypted version of the local share is stored on the user device. The remote share may be encrypted by performing a key wrapping operation on the remote share using the local share, and then storing the encrypted version of the remote share on the remote authentication server. The token seed, fixed share, remote share and local share may then be deleted from the user device.

Abstract: A technique is provided for controlling a secure registration for a service provided by a web server from a communication terminal in a telecommunications network. The technique includes a web server that saves a dynamically generated code matching the terminal's IP address and transmits a message containing the code to an e-mail address. This address is provided by the user in response to the terminal's connection to the web server. The server transmits to the terminal an application capable of generating an automated test to tell computers apart from humans. The answer provided by the user is encrypted with the terminal's IP address and the code contained in the message transmitted to the e-mail address, and is directly transmitted by the application to the server, which decrypts it and compares it with an expected answer to enable access to the web server if the decrypted answer matches the expected answer.

Abstract: Various devices, methods, systems, and computer readable storage are provided for tokenizing data. In some examples, credit card numbers are tokenized using a pre-generated token map and absent the use of a networked database that stores a relatively large quantity of credit card numbers in a central location. The token map may be generated by a token map generator such that the token map can be used by a tokenizer to replace a portion of an account number with a token, and by a detokenizer to replace the token with the original portion of the account number. A pre-parser and parser may also be used to locate an account number and/or token in a message received over a network.

Abstract: Securing a virtual machine to be executed on a host machine is accomplished by authenticating, by the virtual machine during an initial boot routine, an identity of the host machine. If the identity does not match a predetermined value, then authenticating the identity of the host machine fails and data associated with the virtual machine is deleted.

Abstract: A system, device, and method for providing policy-based secure cloud booting include a mobile computing device and a web server. The mobile computing device determines a remote boot address specifying the location of a boot resource on the web server. The mobile computing device opens a secure connection to the web server and maps the boot resource to a local firmware protocol. The mobile computing device executes the boot resource as a firmware image using the local firmware protocol. The boot resource may be a compact disc or DVD image mapped through a block I/O protocol. The boot resource may be a remote file system mapped through a file system protocol. The remote boot address may be configured using a manageability engine capable of out-of-band communication. The remote boot address may be determined based on the context of the mobile computing device, including location. Other embodiments are described and claimed.

Abstract: Described are methods, systems, and apparatus, including computer program products for provision of cross-device identifiers. A cross-device ID is assigned by a computing entity matching system on a first domain to a browser and to one or more computing entities. A request for a webpage is sent by the browser to a server on a second domain. The webpage, including cross-device ID retrieval instructions, is received by the browser. The cross-device ID retrieval instructions are executed to send a request to the computing entity matching system including a matching system ID. The cross-device ID is determined based on the matching system ID. Cross-device ID storage instructions, including a distributed cross-device ID, are sent by the computing entity matching system. The cross-device ID storage instructions are executed by the browser. A request for a webpage, including the distributed cross-device ID, is sent by the browser to the server.

Abstract: A method of obtaining, in an electronic circuit, at least one first key intended to be used in a cryptographic mechanism, on the basis of at least one second key contained in the same circuit, the first key being stored in at least one first storage element of the circuit, the first storage element being reinitialized automatically after a duration independent of the fact that the circuit is or is not powered. Also described are applications of this method to encrypted transmissions, usage controls, as well as an electronic circuit implementing these methods.

Abstract: Aggregate statistics are securely determined on private data by first sampling independent first and second data at one or more clients to obtain sampled data, wherein a sampling parameter substantially smaller than a length of the data. The sampled data are encrypted to obtain encrypted data, which are then combined. The combined encrypted data are randomized to obtain randomized data. At an authorized third-party processor, a joint distribution of the first and second data is estimated from the randomized encrypted data, such that a differential privacy requirement of the first and second is satisfied.