Abstract: The invention relates to a system comprising: a first computerized system, or emitter, connected to a communication network; a second computerized system, or receiver, connected to said network; and a server connected to said network. Said server operates as a trusted third party for electronic transactions, is adapted in such a way as to offer a custody service and to vouch for the existence and content of an electronic document sent by the emitter, and communicates with a timestamping entity. The invention also relates to a method according to which the system is used to send a notification and/or contracting request for a receiver and an associated electronic document, from an emitter to said server, and to allow the receiver to securely access said document stored in a repository of the server, the transaction executed being traceable from beginning to end, and repudiation in the origin and destination avoided.

Abstract: Data is encrypted such that multiple keys are needed to decrypt the data. The keys are accessible to different entities so that no single entity has access to all the keys. At least one key is managed by a service provider. A customer computer system of the service provider may be configured with executable instructions directing the orchestration of communications between the various entities having access to the keys. As a result, security compromise in connection with a key does not, by itself, render the data decryptable.

Abstract: A computer system deploys monitoring agents that monitor the status and health of the computing resources. An analysis engine aggregates and analyzes event information from monitoring agents in order to support self-configuration, self-healing, self-optimization, and self-protection for managing the computer resources. If the analysis engine determines that a computing resource for a software application is approaching a critical status, the analysis engine may issue a command to that computing resource in accordance with a selected policy based on a detected event pattern. The command may indicate how the computing resource should change its behavior in order to minimize downtime for the software application as supported by that computing resource. The computer system may also support a distributed approach with a plurality of servers interacting with a central engine to manage the computer resources located at the servers.

Abstract: A user device generates a social graph-based user certificate that conveys a trust level to other users of the social network. A user certificate for a user is obtained, the user having a user public key and corresponding user private key. A plurality of potential signers is identified within one or more social networks. The certificate is then sent to the identified plurality of potential signers. One or more signed versions of the user certificate may be received from at least some of the plurality of potential signers. The user device may assign a signer weight to each signed version of the user certificate, each corresponding signer weight associated with the signer of each signed version of the certificate. The user certificate, the user signature, one or more signed versions of the user certificate, and the user-assigned signer weights are distributed to one or more recipients.

Abstract: A frictionless multi-factor authentication system and method (“FMFA system”) that facilitates verification of the identity of a website user, registrant or applicant. The FMFA system reduces or removes the burden on the user by eliminating the additional manual second step traditionally required by two-factor authentication methods, and replacing the second step with an automated authentication step based on the location of a mobile device that is associated with the user. The FMFA system may be utilized for authenticating users to access sensitive data on online accounts, applications and websites, download files, perform online transactions, store information through websites or data stores, or the like. The FMFA system allows registration information obtained from a previously-registered user to authenticate the user on subsequent visits or logins to the website.

Abstract: A system for application usage continuum across client devices and platforms includes a first client device configured to execute a first instance of an application and a second client device configured to execute a second instance of the application. The first client device is configured to receive an indication to transfer operation of the first instance of the application running on the first client device to the second instance of the application on the second client device. The first client device is further configured to generate state information and data associated with execution of the first instance of the application on the first client device and cause the state information to be sent to the second client device to enable the second instance of the application on the second client device to continue operation of the application on the second client device using the state information from the first client device.

Abstract: Techniques are provided for obtaining header information from a packet configured for real-time communications transport over a network. The header information is used to monitor network performance of one or more secure portions of the network. The packet is encrypted using a security protocol and encapsulated using a transport protocol to produce a transport packet for transmission over the network. The transport packet header information is inserted into the transport packet prior to transmission over the network. The header information is used by a downstream network device or network analyzer to determine performance metrics for the network without decrypting the encrypted packet.

Abstract: A key identifier for an encryption key repository is stored with customer data on a logical device. When the customer data is compressible, the key identifier is stored in space freed by compressing the customer data. When the customer data is not compressible, a portion of the customer data is copied to a key record in the key repository identified by the key identifier, and the key identifier overwrites the copied customer data.

Abstract: Methods, systems, and computer-readable media for granting application permissions and providing notifications of API activity are provided. An example method may include processing a request to install an application that requires API calls by the application. The method may further include determining an authoring entity of the application, and determining whether the authoring entity is certified by one or more trusted entities. In addition, the method may include allowing an installation of the application when the authoring entity is certified by at least one trusted entity.

Abstract: In a storage system, a storage apparatus has an encryption key generator and an encryption processor that encrypts data to be recorded in a storage region using an encryption key from the encryption key generator, and is able to change an encryption key for each divided region set in the storage region. A control apparatus has a logical volume setting unit that requests the encryption processor to set an individual divided region for each storage region set as a logical volume in the storage region of the storage apparatus and a data erasure processor that requests the encryption processor to change the encryption key used for encryption in the divided region corresponding to the logical volume to be erased.

Abstract: Methods, systems, and computer-readable media for granting application permissions and providing notifications of API activity are provided. An example method may include receiving a first API call by an installed application. The method may further include determining a sensitivity level of the received first API call. The method may further include when the determined sensitivity level of the received first API call is associated with a restricted API classification, determining whether an author of the installed application is an authorized author, and when the author of the installed application is determined to be an authorized author, allowing the received first API call access to its associated API.

Abstract: A computer-implemented method for detecting malicious email attachments may include (1) identifying a shortcut file received as an attachment to an email, wherein the shortcut file is configured to open a target file, (2) analyzing the shortcut file to identify at least one attribute of the shortcut file, wherein the attribute comprises information about the shortcut file useful for determining whether text accurately characterizes the shortcut file, (3) identifying accompanying text in the email that characterizes the attachment, and (4) determining that the attachment is malicious by comparing the attribute of the shortcut file with the accompanying text in the email that characterizes the attachment and, based on the comparison, determining that the accompanying text does not accurately characterize the shortcut file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: To identify whether a content item is prohibited, a content management system can generate a content item fingerprint for the content item and then compare the generated content item fingerprint to a blacklist of content item fingerprints for prohibited content items. If the generated content item fingerprint matches any of the content item fingerprints included in the blacklist, the content management system can determine that the content item is prohibited. The content management system can deny requests to share prohibited content items and/or requests to assign prohibited content items to a user account on the content management system. The content management system can generate the content item fingerprint using the content item as input in a fingerprinting algorithm that was used to generate the content item fingerprints on the blacklist.

Abstract: Server-assisted secure function evaluation (SFE) is performed with input consistency verification for two parties that want to evaluate a function. The server computes a garbled circuit corresponding to the function. A predefined bit of the 0-secret of wire i in the garbled circuit is set to a random bit bi and a predefined bit of the 1-secret of wire i in the garbled circuit is set to bi. The server communicates with each party using an Oblivious Transfer (OT) to provide encrypted versions of the respective inputs of each party. Each party receives the encrypted wire secret of the other party and the garbled circuit for computation of a respective output and stores the predefined bit of a wire of interest of the other party. A given party can verify input consistency by the other party over at least two executions by comparing the values stored by the given party for the at least two executions with corresponding values obtained from the server.

Abstract: A system for provisioning an output device, may include a processor; a memory; and a records display program. The records display program may be executed by the processor to maintain an indication of availability dates and times of one or more output devices connected to the network; to receive an output device invitation indicating a first output device to reserve at a meeting conducted over a conferencing system; to determine whether the first output device is available for reservation during a date and time period of the meeting; and to communicate to the first output device activation information indicating that the first output device is to become active at a first predetermined date and time related to the date and time period of the meeting and login information including a first credential for the first output device to use for logging into the conferencing system for the meeting.

Abstract: A method may comprise maintaining by a computer system connected to a network an indication of availability dates and times of one or more output devices connected to the network. The computer system may receive an output device invitation indicating an output device to reserve for a meeting conducted over a conferencing system and determine whether the output device is available for reservation during a date and time period of the meeting. The computer system may be communicating over the network to the output device activation information indicating that the output device is to become active at a predetermined date and time related to the date and time period of the meeting and login information including a credential for the output device to use for logging into the conferencing system for the meeting.

Abstract: A method for de-identification of visual media data, including: merging a sequence of images from a set of visual media data into an averaged image; bounding portions of the averaged image that are determined to be relatively fixed, wherein each bounded portion is identified by a corresponding position in the averaged image; generating a template comprising the bounded portions and the corresponding position for each bounded portion in the averaged image; and de-identifying the sequence of images by obfuscating content in the bounded portions.

Abstract: A visual media de-identification system is described. The system includes an image merger and a de-identifying engine. The image merger is configured to merge a sequence of images from a set of visual media data into an averaged image. The de-identifying engine is configured to: bound portions of the averaged image that are determined to be relatively fixed, wherein each bounded portion is identified by a corresponding position in the averaged image; generate a template comprising the bounded portions and the corresponding position for each bounded portion in the averaged image; and de-identify the sequence of images by obfuscating content in the bounded portions.

Abstract: Provided is a user authentication method including reproducing sound data of which a sound source in a first position of a space around a user is virtually localized using a Head-Related Transfer Function (HRTF) of the user toward the user, acquiring a second position of the space around the user, the second position being estimated by the user who has listened to the reproduced sound data as a position of the sound source; and authenticating the user according to a coincidence between the first position and the second position.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.