Abstract: In some embodiments, a method comprises displaying a pre-registration invitation on a first digital device connected to a wireless network, determining one or more wireless network identifiers associated with the wireless network, generating a pre-registration code request, the request including the one or more wireless network identifiers, providing the pre-registration code request to a virtual network server, the server generating a pre-registration code in response to the pre-registration code request, the pre-registration code associated with the one or more wireless network identifiers, receiving the pre-registration code, providing a registration request from a second digital device, the registration request comprising the pre-registration code, and provisioning an account based on the registration request and the wireless network identifiers, the wireless network identifiers identified based on the pre-registration code.

Abstract: The present disclosure is directed to a system, method, and computer program for detecting and assessing security risks in an enterprise's computer network. A behavior model is built for a user in the network based on the user's interactions with the network, wherein a behavior model for a user indicates client device(s), server(s), and resources used by the user. The user's behavior during a period of time is compared to the user's behavior model. A risk assessment is calculated for the period of time based at least in part on the comparison between the user's behavior and the user's behavior model, wherein any one of certain anomalies between the user's behavior and the user's behavior model increase the risk assessment.

Abstract: Systems and methods are provided in example embodiments for mitigating malicious calls. The system can be configured to receive a function call, determine the location of a memory page that initiated the function call, determine if the memory page is associated with a trusted module, and block the function call if the memory page is not associated with the trusted module. In addition, the system can determine the return address for the function call and block the function call if the return address does not belong to the trusted module. Further, the system can determine a parameter for the function call, determine if the parameter is a known parameter used by the process that called the function, and block the function call if the parameter is not the known parameter used by the process that called the function.

Abstract: Some embodiments provide one or more of systems, methods, software, and data structures to control locations where files may be stored. Some such embodiments include receiving a request to perform a file management function affecting a location where a first file is stored and querying a repository of file management rules as a function of at least one of a file type of the first file, a location where the first file is stored, a destination of where the first file is to be stored, and an identity of a user to retrieve a first set of file management rules. These embodiments further include determining if the destination is an authorized location where the first file may be stored as a function of the first set of retrieved file management rules and preventing the file management function when the determining identifies that the destination is not an authorized location.

Abstract: Generally discussed herein are systems, apparatuses, and methods for secure transfer of content across a security boundary. A system can include a high side domain communicatively coupled to a transfer guard module, the high side domain comprising a high side data repository, a first review module executable by processing circuitry to determine whether a permission level of first content violates a permission level of the high side domain, a second review module executable by the processing circuitry to determine whether second content from the high side data repository includes a permission level that violates a permission level of a low side domain, a first data diode module communicatively coupled between the first review module and the high side data repository, and a second data diode module communicatively coupled between the second review module and the high side data repository.

Abstract: Techniques to facilitate offline access control for an application associated with an industrial automation environment are disclosed herein. In at least one implementation, a a user login prompt for the application is displayed on a display system of a computing system, wherein the user login prompt provides an offline access option for a user to request offline access to the application for a period of time. User login credentials are received along with a selection of the offline access option, which are transferred for delivery to an authentication server, wherein the authentication server authorizes the user for the offline access to the application for the period of time based on the user login credentials. An authentication response is received from the authentication server, wherein the authentication response instructs the application to authorize the user to operate the application for the period of time without requiring authorization from the authentication server.

Abstract: A hosted application gateway server node may be communicatively coupled to backend systems, client devices, and database shards associated with database servers. Through the gateway server node, various services may be provided to managed containers running on client devices such that enterprise applications can be centrally managed. A sharding manager may manage relationships of database items across database shards. Each shard stores a copy of a table representing a split of a relationship. A shard ID mask is included in each item's ID. At query time, the shard ID can be extracted and used to query the correct database. This query routing mechanism allows navigation from one shard to another when multiple items are in a relationship (e.g., share the same resource such as a document). As such, embodiments can eliminate the need for APIs to join in data that span multiple shards.

Abstract: A method, computer-readable storage device and apparatus for encrypting a broadcast message of a base station are disclosed. For example, the method selects an encryption key for the broadcast message and encrypts the broadcast message using the encryption key to create an encrypted broadcast message. The method then transmits an identifier of the encryption key and transmits the encrypted broadcast message over a broadcast channel. A method for decrypting a broadcast message that is encrypted is also disclosed.

Abstract: A system and method of selectively providing encrypted data is provided. Embodiments of the invention may store data in encrypted form on a storage device. Embodiments of the invention may selectively provide encrypted or decrypted data to a requestor of data based on configuration or other parameters. A filter driver or other module or unit may examine a request for, or communication of data from the storage device and may determine if data is to be provided in encrypted or decrypted form. Decrypted data may be provided to a caching system. A filter driver or other module or unit may examine a request for, or communication of data from the caching system. Data provided from the caching system may be selectively encrypted based on configuration or other parameters.

Abstract: In response to a request for launching an application within an operating system of a data processing system, one or more extended entitlements are extracted from the application, where the one or more extended entitlements specify one or more resources the application is entitled to access. One or more security profile extensions corresponding to the one or more extended entitlements are dynamically generated. A security profile specifically for the application is created based on the one or more security profile extensions and a base security profile that has been previously compiled, where the base security profile specifies a list of a plurality of base resources. The application is then launched in a sandboxed operating environment that is configured based on the security profile specifically generated for the application.

Abstract: A tool for administering virtual recognition of a group of users is provided. The group of users may be specifically identified or dynamically generated based on criteria selected by an administrative entity submitting a request to administer virtual recognition. The tool may be configured for generating user and badge recommendations based at least in part on the group of users identified to receive the virtual recognition.

Abstract: A method for determining an encoding used for a sequence of bytes may be provided. The method comprises providing a set of candidate code pages and transforming them into different groups of sequences of bytes, wherein each group of sequences of bytes corresponds to one of the candidate code pages. Thereby each code point is transformed by applying a transformation from one of the candidate code pages to a reference code point value relating to a reference encoding for each code point. The method comprises further separating each of the transformed sequences of bytes into groups of tokens, wherein each group of tokens relates to one candidate code page, and providing an index relating to a text corpus. Furthermore, the method comprises selecting a code page from the set of candidate code pages at least partially based on how many tokens are found in the index.

Abstract: An encryption key management system and method implements enterprise managed encryption key for an enterprise using encryption for cloud-based services. In some embodiments, the enterprise deploys a key agent on the enterprise data network to distribute encryption key material to the network intermediary on a periodic basis. The network intermediary receives the encryption key material from the enterprise and stores the encryption key material in temporary storage and uses the received encryption key material to derive a data encryption key to perform the encryption of the enterprise's data. In this manner, the enterprise can be provided with the added security assurance of maintaining and managing its own encryption key while using cloud-based data storage services. The encryption key management system and method can be applied to ensure that the enterprise's one or more encryption keys do not leave the enterprise's premises.

Abstract: An electronic device is provided including a biometric sensor, a memory, and a processor configured to: initiate a transaction with a server; receive an authentication request from the server; retrieve a biometric template stored in a secure portion of the memory in response to the authentication request; capturing a biometric sample using the biometric sensor; comparing the biometric template with the biometric sample; and transmitting to the server a message indicating an outcome of the comparison.

Abstract: The present disclosure provides a method performed by a user authentication apparatus for authenticating a user of an information processing device. The method includes: visually outputting a code image including predetermined information to allow the information processing device to capture the code image; determining whether an authentication request including the code image and authentication identification information is obtained from the information processing device; and performing a user authentication process based on the authentication identification information after the authentication request is obtained.

Abstract: Embodiments of the present application relate to a method for data communication, a system for data communication, and a computer program product for data communication. A method for data communication is provided. The method includes identifying one or more first users located within a present range of a location of a second user, comparing an authorization code with one or more exchange codes pre-allocated to the one or more first users, and verifying validity of the authorization code, and in the event that, among the one or more exchange codes of the one or more first users within a definite range of the second user location, an exchange code matching the authorization code of the second user exists, and the authorization code of the second user is determined to be valid, performing a data exchange between the second user and the first user.

Abstract: A method for detection and use of device identifiers to enhance the security of data transfers between electronic devices. A first electronic device can transmit access data to a second electronic device. The access data can be associated with a first access code that can be generated based at least in part on data representing a device identifier of the first electronic device. A device identifier can uniquely identify the first electronic device from a plurality of electronic devices. Transferring the access data can involve transforming the first access code into a second access code that can include data representing a device identifier associated with the second electronic device. Transforming the first access code into the second access code can facilitate access to a resource associated with the access data for a second user, but not for a first user.

Abstract: An “AR Privacy API” provides an API that allows applications and web browsers to use various content rendering abstractions to protect user privacy in a wide range of web-based immersive augmented reality (AR) scenarios. The AR Privacy API extends the traditional concept of “web pages” to immersive “web rooms” wherein any desired combination of existing or new 2D and 3D content is rendered within a user's room or other space. Advantageously, the AR Privacy API and associated rendering abstractions are useable by a wide variety of applications and web content for enhancing the user's room or other space with web-based immersive AR content. Further, the AR Privacy API is implemented using any existing or new web page coding platform, including, but not limited to HTML, XML, CSS, JavaScript, etc., thereby enabling existing web content and coding techniques to be smoothly integrated into a wide range of web room AR scenarios.

Abstract: The present disclosure is directed to a system, method, and computer program for tracking user activity during a logon session, including tracking device access and any user account switches during the logon session. In response to receiving an event log for an IT event in the network, the system determines whether to filter the event, associate the event with an existing user logon session, or associate the event with a new user logon session. The system executes one or more rules to determine whether an event represents a user account switch or the continued use of an account by a user currently logged onto the network. If so, the event is associated with an existing logon session. If not, the system determines whether the event satisfies criteria for a new user logon session.

Abstract: A method for encryption of blocks of data is provided including the steps of: encrypting a block of data using a current random number generated for the block of data; encoding the current random number using one or more of a set of previous random numbers, each of the set of previous random numbers having been used to encrypt a previously sent block of data; and transmitting the encrypted block of data with the one or more versions of the encoded current random number, each version for a different one of the previous random numbers.