Abstract: There is described an RF communication device, the device comprising (a) a data memory for storing data, (b) an RF interface (112) for RF communication with an external RF device (130), (c) a host interface (111) for communication with a host device (120), (d) a host access memory unit (214, 215) comprising host interface access control data, the host interface access control data defining host access rules for accessing data in the data memory through the host interface (111), and (e) a host access control unit for, based on the host interface access control data, controlling access to data in the data memory through the host interface (111). There is also described a system and a method.

Abstract: A “Data Transfer Tool” extracts, labels and stores user data or information that may be confined within application silos during user interaction with arbitrary apps. The Data Transfer Tool enables sharing of this otherwise siloed data shared across and between authorized apps. The Data Transfer Tool provides a task-centric approach to define and extract structured and semantically meaningful information from source applications by providing multiple semantic models that are individually tailored to particular source apps. The Data Transfer Tool applies an accessibility API or the like of the OS in combination with the semantic model for the source app to scrape user entered or selected data or information from the source app. The Data Transfer Tool enables and creates new user experiences and increases user efficiency when interacting with various apps by making the scraped data or information available to subscribing destination apps approved to receive that data or information.

Abstract: Systems, methods, and protocols for sensory memes are disclosed. Such a system can include: a computer processor and a sensory module configured to execute on the computer processor to enable the computer processor to: receive, from a first computing device, a sensory meme including multiple sensory signals, the sensory meme defined based on instructions from a first user; provide the sensory meme for playback by a second computing device, the playback involving concurrent output of the sensory signals, the second computing device receiving user input in response to playback of the sensory meme; receive a request from the second computing device after playback of the sensory meme; and provide content to the second computing device in response to the second request.

Abstract: Hierarchical case model access roles and permissions are described. A system creates, for a child node associated with a parent node in a case model, a reference to a case role associated with the parent node. The system assigns another set of access permissions to the reference. . The system determines access to the child node based on the set of access permissions in response to a request associated with the case role to access the child node.

Abstract: A residential key may be programmed by a computer with access rights information. A lock device may receive the access rights information from the residential key. The lock device may store and utilize the access rights information if the lock determines that the residential key is authorized to update the lock device.

Abstract: A retail environment having retail terminals with data entry point devices selectively encrypts input received by the data entry point devices and passes the encrypted data to a security module. The selective encryption is based on whether or not sensitive or confidential information, such as a personal identification number (PIN) associated with a debit card, is being input. To prevent hacking of the software of the retail terminal, content destined for display on the retail terminal is authenticated prior to display. In this manner, the retail terminal may be assured that confidential information is input only when desired, and thus may be encrypted only as needed.

Abstract: Provided are electrocardiogram (ECG)-based authentication and training. An authentication method includes generating a feature vector of an ECG obtained from an entity or a person based on a dictionary, classifying the ECG through a classifier based on the feature vector, and performing authentication based on a classification result.

Abstract: A method to protect a media content encrypted by a media content key, said method being carried out by a security module embedded into a reception device and connected to a consumption device, comprising: receiving an encrypted media content, encrypted by a media content key; receiving a message, being encrypted by a personal key of the security module, containing the media content key; decrypting the message by the personal key to retrieve the media content key; decrypting the encrypted media content by the media content key; generating a current local key; encrypting a portion of the media content by the current local key, said portion defining a chunk; transmitting the current local key to the consumption device; transmitting the encrypted chunk to the consumption device; repeating the previous four steps for different chunks of the media content and modifying the current local key for the different chunks.

Abstract: A frictionless multi-factor authentication system and method (“FMFA system”) that facilitates verification of the identity of a website user, registrant or applicant. The FMFA system reduces or removes the burden on the user by eliminating the additional manual second step traditionally required by two-factor authentication methods, and replacing the second step with an automated authentication step based on the location of a mobile device that is associated with the user. The FMFA system may be utilized for authenticating users to access sensitive data on online accounts, applications and websites, download files, perform online transactions, store information through websites or data stores, or the like. The FMFA system allows registration information obtained from a previously-registered user to authenticate the user on subsequent visits or logins to the website.

Abstract: Methods and apparatuses are provided for binding a device and a terminal. In the method, the terminal acquires a binding password from a smart home device in a local area network. The terminal transmits a binding request for binding with the smart home device to the server, where the binding request includes a binding password and a user login Identifier (ID). A binding relationship between the user login ID and the smart home device is established by the server when the binding password in the binding request matches with a binding password stored in a server.

Abstract: Methods, systems, and computer-readable media for granting application permissions and providing notifications of API activity are provided. An example method may include processing a request to install an application that requires API calls by the application. The method may further include determining an authoring entity of the application, and determining whether the authoring entity is certified by one or more trusted entities. In addition, the method may include allowing an installation of the application when the authoring entity is certified by at least one trusted entity.

Abstract: An information handling system includes a trusted platform module (TPM) and a storage device, the TPM provides boot authentication for the information handling system such that, during a pre-boot phase, the TPM can access a platform configuration register (PCR). During a first instance of the pre-boot phase, the information handling system provides a public/private key pair including a public key and a private key, stores the private key to an encrypted storage of the TPM, seals the private key in the encrypted storage to the PCR, and stores the public key to the storage device. During an operating system phase that is after the first instance of the pre-boot phase, the information handling system retrieves the public key from the storage device, encrypts transfer data using the public key, and stores the encrypted transfer data to the storage device.

Abstract: A method provides secure communication between a first module and a second module within a vehicle communication network. A first anti-replay counter is provided within the first module, and a second anti-replay counter is provided within the second module. A message is transmitted from the first module to the second module over the vehicle communication network. The message includes a partial counter including only a portion of the contents of the first anti-replay counter, and the message is authenticated based on the partial counter.

Abstract: A virtual machine monitoring method and a system thereof are provided. The virtual machine monitoring method includes: detecting at least one hardware resource of an electronic device and storing corresponding hardware configuration data, detecting display information of the electronic device and storing corresponding display configuration data, connecting a server and receiving image data therefrom, establishing a virtual machine based on the image data, configuring the at least one hardware resource on the virtual machine based on the hardware configuration data, setting a display image on the virtual machine based on the display configuration data, and clearing the image data to end the virtual machine, so as to provide a user-friendly interface and achieve corporate data security.

Abstract: Methods for notification of application permissions are provided. In one aspect, a method includes receiving a first application programming interface (API) call by an installed application on a device, determining a sensitivity level of the received first API call, determining whether an author of the installed application is an authorized author by determining whether a Secure Sockets Layer (SSL) certificate used to deliver binary code to the device during the process of installing the application is owned by a trusted entity or has been validated by a trusted entity when the determined sensitivity level of the received first API call is associated with a restricted API classification, and allowing the received first API call access to its associated API when the author of the installed application is determined to be an authorized author.

Abstract: The present invention relates to methods, systems and apparatus for mitigating denial of service attacks. One exemplary embodiment in accordance with the invention is a method of operating a communication system including the steps of receiving at a first device packets of a first packet flow; sending, from the first device, control information to a switch through which packets of the first packet flow pass or to a control device which controls the switch, the control information including a mask corresponding to a range of expected packet values to be used for determining which packets in the first packet flow should be dropped.

Abstract: Systems and methods for authorizing a session between a browser and a terminal server are disclosed. According to an aspect, a method includes receiving, from a browser, a request to initiate a session with a terminal server. The method also includes storing identification of the terminal server and session information. The method includes associating a claim identifier with the stored identification and session information. The method further includes communicating the claim identifier browser. The method also includes receiving the claim identifier from a terminal server. The method also includes using the claim identifier received from the terminal server to verify that the terminal server is authorized to initiate the session with the browser. The method further includes in response to verifying that the terminal server is authorized to initiate the session with browser, notifying the terminal server of authorization to initiate the session with browser.

Abstract: Systems and methods may include monitoring data input to and output from an application on a mobile device. Such systems and methods may include storing meta-data, which describes a behavior of the data input to and output from the application, on the mobile device. Such systems and methods may include determining whether a behavior of the application is anomalous based on the meta-data stored on the mobile device. Such systems and methods may include providing detailed data, which includes the data input to and output from the application, to another device in response to determining that the behavior of the application is anomalous based on the meta-data stored on the mobile device.

Abstract: Communications in social networking environment are monitored and patterns of sharing a communication are identified. The patterns of sharing are compared to one or more criteria. A first probability of false information in the communication is determined. Responsive to determining the first probability of false information in the communication exceeding a first threshold, an additional validation of the communication is performed. A second probability that the communication contains false information is determined based on the additional validation. Responsive to determining that the second probability indicative of the communication containing false information exceeds a second threshold, an action to reduce dissemination of the communication may be performed.

Abstract: The disclosed computer-implemented method for detecting potentially illegitimate wireless access points may include (1) detecting an attempt by the computing device to automatically connect to a wireless access point that resembles a known wireless access point whose geographic location is stored by the computing device, (2) identifying a current geographic location of the computing device, (3) determining that the current geographic location of the computing device is beyond a certain distance from the geographic location of the known wireless access point, and then (4) determining, based at least in part on the determination that the current geographic location of the computing device is beyond the certain distance from the geographic location of the known wireless access point, that the wireless access point is potentially illegitimate. Various other methods, systems, and computer-readable media are also disclosed.