Abstract: A method, apparatus, and computer program product are disclosed for self-service design, scheduling, and delivery of user-defined reports regarding promotions. The method includes receiving, from a user device, a report type and report delivery information. Based on the report type, relevant data regarding the one or more promotions is collected, using which a report is generated. The method then outputs the generated report based on the report delivery information. Optionally, analytical insights, such as trends within the data, sample size, suitability of control data, and indications of statistical significance, are generated and included in the report. A corresponding apparatus and computer program product are also provided.

Abstract: Technologies are generally described for providing rapid data encryption and decryption for secure communication over an open channel with plausible deniability. In some examples, a single bit of information may be encoded by many alternative combinations of bits thus providing high security as well as enabling a single ciphertext to encrypt several different plaintexts of the same length simultaneously. The ability to encrypt several different plaintexts of the same length simultaneously may allow plausible deniability of messages. Encryption speed may be enhanced through accumulation of useful bit sets with desired properties in advance for later use. When the need arises, several plaintexts of the same size may be encrypted into a single ciphertext using accumulated bit combinations corresponding to different secret keys.

Abstract: Techniques are provided for a data security system that includes two mappings: a first mapping that maps a security policy to sensitive type and a second mapping that maps the sensitive type to one or more data sets. The sensitive type indicates a class of sensitive data. Example data sets include columns, tables, tablespaces, files, and directories in a file system. Because a security policy is not tightly coupled to a target data set, the security policy becomes data-agnostic, portable, and reusable. Also, a security policy may be objectless in that, at some point in time, the security policy is not associated with any data set. A security policy may also be multifunctional in that the security policy may include multiple security features or requirements. A security policy may also be exhaustive in that all necessary security requirements prescribed for a data set can be included in the security policy.

Abstract: A system, method, and computer program product are provided for mounting an image of a computer system in a pre-boot environment for validating the computer system. An image of an operating system is mounted in a pre-boot environment of the programmable device. An untrusted component of the operating system is identified that is registered to be automatically loaded or loaded during a boot-up stage of the operating system that is predetermined to be early. The untrusted component is rescheduled to be initiated after loading of at least a portion of a security system on the programmable device.

Abstract: Systems and methods for providing privacy settings for applications associated with a user profile are provided. Exemplary methods include receiving a request from a member of a web-based social network to access a third-party application, providing privacy settings selections to control access to data associated with the installed application, receiving a privacy settings selection from the member, and providing to the third party application information about the user subject to the received privacy settings selections.

Abstract: An application sender can control the distribution and use of an application using an authorization token encapsulating distribution terms submitted by the application sender and the application license specification submitted by a developer of the application. The application sender can access an application store and perform various functions such as selecting one or more applications for use by an application receiver, combining one or more applications into a bundle for use by an application receiver, and/or combining several applications to form a new application for use by an application receiver. The application receiver can utilize the application in accordance with the authorization token generated by the distribution terms.

Abstract: A device and method for an asset protection scheme includes receiving, by a data chunk serving server, a first request for an asset from a client device; transmitting, by the data chunk serving server, a plurality of data chunks to the client device, each of the data chunks corresponding to a portion of the asset; receiving, by a key serving server, a second request for key data from the client device, the key data corresponding to data removed from the asset to create the plurality of data chunks, wherein the plurality of data chunks and the key data correspond to an entirety of the asset; and transmitting, by the key serving server, the key data to the client device.

Abstract: A device receives content that includes embedded authentication code, and provides the content for display. The device generates a request to authenticate the content based on execution of the embedded authentication code, and provides the request to a server device that authenticates the content based on the request. The device receives, from the server device, an indication indicating that the content is authenticated, when the content is authenticated. The indication includes a portion of an identifier associated with the device. The device provides the indication and the portion of the identifier associated with the device for display.

Abstract: Sensitive content is securely shared. A request is received from a first communication device to share sensitive content. The first communication device is associated with an account for a communication service provided by a network provider. A message including a link to the sensitive content is sent to a second communication device associated with a phone number. That message is addressed to the second communication device. An authentication message is received, indicating that the second communication device is associated with the phone number. Responsive to receipt of the authentication message, the sensitive content is made accessible via the second communication device without requiring that the second communication device be associated with an account for the communication service provided by the network provider.

Abstract: This document describes techniques and apparatuses enabling gesture-based authentication without retained credentialing gestures. The techniques are capable of determining an identifier for a credentialing gesture where the identifier can be reproduced on receiving a similar authentication gesture at a later time. The identifier for the credentialing gesture can be encrypted, sent to a secure authentication entity, and then, when an authentication gesture is received, an identifier for the authentication gesture can also be determined, encrypted, and sent to the secure authentication entity. If the secure authentication entity determines that the encrypted identifiers match, the user is authenticated.

Abstract: A computer processor receives rules associated with applications installed on a mobile device, and collects declared intents of the applications prior to execution of the applications. The computer processor generates possible combinations of declared intents of the applications and collects, by an intent proxy during execution, information associated with intercepted intents. The computer processor compares the information associated with each of the intercepted intents to the rules, wherein a match results in a first violation. The computer processor compares the intercepted intents to the possible combinations of the declared intents, wherein the intercepted intents other than the possible combinations of the declared intents results in a second violation. The computer processor displays a risk alert for the applications associated with either or both of the first violation and the second violation.

Abstract: A client credentials data structure, a method of employing the same and a secure client-server communication system employing the data structure or the method. One embodiment of the data structure is associated with a client and includes: (1) a pre-provisioned set of credentials configured to register the client with a server, (2) a standard user set of credentials employable for secure client-server communication, and (3) a re-acquisition token combinable with the pre-provisioned set of credentials to allow the client to re-register the client with the server.

Abstract: A method, performed by a computer device, may include receiving an indication of a distributed denial of service event at a front end system associated with a customer; generating one or more virtual front end systems for the customer, in response to receiving the indication of the distributed denial of service event; and redirecting traffic intended for the customer's front end system to the generated one or more virtual front end systems. The method may further include determining whether resource capacity of the generated one or more virtual front end systems has been reached; and generating an additional one or more virtual front end systems for the customer, in response to determining that the resource capacity of the generated one or more virtual front end systems has been reached.

Abstract: Methods, devices, and computer program products for transmitting and receiving discovery and paging messages in a wireless communication device are described herein. In one aspect, a wireless apparatus operable in a wireless communication system includes a receiver configured to receive a discovery packet from a first device, the discovery packet including a first public key and information advertising a service provided by the first device. The wireless apparatus further includes a processor configured to generate a paging request packet, the paging request packet including a second public key and information indicating interest in the service provided by the first device. The processor is further configured to generate an encryption key based at least in part on the first public key and the second public key and encrypt at least a portion of the paging request packet using the generated encryption key.

Abstract: At least one trickplay source file is generated from original media content. Trickplay view files for rendering particular trickplay view rates are then generated from the trickplay source file.

Abstract: Methods and apparatus for negotiation of data sharing arrangements. A user profile vector comprising user data is defined according to user selections and privacy and cost information relating to the user profile vector are computed. The user profile vector and service provider data requests by service providers are compared, and data sharing arrangements are entered into when a match is identified between the user profile vector and a provider data request. Data collection and sharing is conducted in accordance with the arrangements.

Abstract: A method for secure key agreement among a subset of a plurality of transceivers includes generating a first ordered subset of a plurality of keys k?j, where j=0 to S. Each of the subset of the plurality of transceivers may possess at least one of the plurality of keys k?j from the first ordered subset. Each of the subset of the plurality of transceivers possessing one or more keys k?i, i=1 to S, also possesses at least one key from a second ordered subset of the plurality of keys k?j, j=0 to i?1. A key with index ?0 is designated as a group key. A binary sum of the group key k?0 and a key k?j, where j?0, is transmitted from one or more of the subset of the plurality of transceivers that possesses the group key k?0.

Abstract: To better protect passwords used for authentication or for generating cryptographic keys, methods and apparatuses may store password data on multiple storage devices. For each password, each subset of multiple distinct subsets of a data set may be sufficient to authenticate a trial password or generate a cryptographic key. A first subset enables a quick method for authenticating the trial password or generating the cryptographic key. The first subset may be stored in a distributed manner to make it more difficult to steal. If the first subset is unavailable, then a second subset, which is stored centrally, may be used to authenticate the trial password or generate the cryptographic key, but with a method that is an order of magnitude slower than the quick method. Brute force and dictionary attacks based on the second subset may take much longer than such attacks based on the quick method.

Abstract: A biometric authentication method for a computer system, the computer system comprising: a computer; and an authentication server, the biometric authentication method including steps of: extracting a first feature from the captured biometric information; generating a template polynomial for enrollment; extracting a second feature from the captured biometric information; generating a template polynomial for authentication; generating a correlation function for calculating a correlation between the template polynomial for authentication and the enrolled template polynomial; calculating a correlation value between the template polynomial for authentication and the enrolled template polynomial by using the generated correlation function, and determining based on the calculated correlation value whether or not the biometric information at the time of authentication coincides with the biometric information enrolled.

Abstract: An encrypted database management system includes: a client terminal which includes a column encrypting unit that uses an encrypting key and a group generator to encrypt data of columns indicated by specific labels of externally input tables, and output it, an intra-label projection request unit that generates an intra-label key from encrypting key and label, and outputs it, and an inter-label projection request unit that generates an inter-label projection key from encrypted key, label, and intra-label key; and a database server which includes an intra-label projection unit that generates an intra-label comparison value by the action of label and intra-label key on data of columns of specific labels of encrypted tables, an inter-label projection unit that generates an inter-label comparison value by the action of the inter-label projection key on intra-label comparison value, and an encrypted table natural join unit that conducts natural joining using intra-label comparison value.