Abstract: A data transfer method performed at a proxy server includes intercepting a data request from a client computer that is directed to a target server, encrypting profile information, augmenting the data request by adding the encrypted profile information to the data request, and sending the augmented data request to the target server. A data transfer method that is performed at an information server includes receiving a data request from a proxy server, extracting profile information added to the data request by the proxy server, using the extracted profile information to generate a response, and sending the response to the proxy server.

Abstract: In the presently preferred embodiment of the invention, every time a user submits a form the client software tries to match the submitted information with the stored profile of that user. If a match is discovered, the program tags the field of the recognized data with a corresponding type. The resulting profile can be used after that to help all subsequent users to fill the same form.

Abstract: An apparatus for storing event information relating to operation of an HVAC system includes: (a) at least one memory controller coupled with the HVAC system for receiving the event information; and (b) at least one memory unit coupled with the at least one memory controller. A first memory unit of the at least one memory unit is configured for receiving first selected information of the event information for accessing by at least one of a first party and a second party. A second memory unit of the at least one memory unit is configured for receiving second selected information of the event information for accessing by the second party.

Abstract: A data transfer method performed at a proxy server includes intercepting a data request from a client computer that is directed to a target server, encrypting profile information, augmenting the data request by adding the encrypted profile information to the data request, and sending the augmented data request to the target server. A data transfer method that is performed at an information server includes receiving a data request from a proxy server, extracting profile information added to the data request by the proxy server, using the extracted profile information to generate a response, and sending the response to the proxy server.

Abstract: When installing and maintaining a wireless sensor network in a medical or factory environment, distribution of keying material to sensor nodes (18) is performed by a key material box (KMB) (12), such as a smartcard or the like. The KMB (12) has a random seed stored to it during manufacture, and upon activation performs an authentication protocol with a sensor node (18) to be updated or installed. The KMB (12) receives node identification information, which is used in conjunction with the random seed to generate keying material for the node (18). The KMB (12) then encrypts the keying material for transmission to the node (18), and transmits over a wired or wireless communication link in a secure manner. The node (18) sends an acknowledgement message back the KMB (12), which then updates the nodes status in look-up tables stored in the KMB (12).

Abstract: All metadata relevant to user interface functionality needed to provide a specific unit of business functionality can be stored in one of a plurality of autonomous metadata containers retained on at least one data storage device. After a subset of available business functionality to be provided to a user is determined, a set of the plurality of autonomous metadata containers required to provide the subset of available business functions can be identified. A user interface view can be generated to present a view associated with each of the set of the plurality of autonomous metadata containers, and the generated user interface view can be provided for display to the user. Related systems, articles of manufacture, and computer-implemented methods are described.

Abstract: Systems and methods for cryptographically masking private data are described. The apparatus may include a masking engine to hash private data and a masking values table to provide a masked value using a lookup value derived from the hashed private data. The method my include receiving private data, transforming the private data into a set of masked data items and providing the set of masked data items.

Abstract: Systems and methods for detecting malware in a selected computer that is part of a network of computers. The approach includes inspecting a predetermined set of operational attributes of the selected computer to detect a change in a state of the selected computer. In response to a detected change in state, the selected computer is scanned to create a snapshot of the overall state of the selected computer. The snapshot is transmitted to an analytic system wherein it is compared with an aggregated collection of snapshots previously respectively received from a plurality of computers in the computer network. Based on the comparison, anomalous state of the selected computer can be identified. In turn, a probe of the selected computer is launched to gather additional information related to the anomalous state of the selected computer so that a remediation action for the anomalous state of the selected computer can be generated.

Abstract: An intrusion detection module includes an enclosure and a sensor to detect a predetermined type of intrusion. The module further includes a tamper sensor to detect a tampering attempt. An encryption mechanism is coupled to receive signals from the sensor and tamper sensor and encrypt such signals for transmission to a control panel.

Abstract: A method and system for mutually authenticating an identity and a server is provided in accordance with an aspect of the present invention. The method commences with transmitting a token from the server. Thereafter, the method continues with establishing a secure data transfer link. A server certificate is transmitted during the establishment of the secure data transfer link. The method continues with transmitting a response packet to the server, which is validated thereby upon receipt. The system includes an authentication module that initiates the secure data transfer link and transmits the response packet, and a server authentication module that transmits the token and validates the response packet.

Abstract: A security payload is attached to a received binary executable file. The security payload is adapted to intercept application programming interface (API) calls to system resources from the binary executable file via export address redirection back to the security payload. Upon execution of the binary executable file, the security payload replaces system library export addresses within a process address space for the binary executable file with security monitoring stub addresses to the security payload. Upon the binary executable computer file issuing a call to a given API, the process address space directs the call to the given API back to the security payload via one of the security monitoring stub addresses that is associated with the given API. The security payload then can assess whether the call to the given API is a security breach.

Abstract: A wireless transmit receive unit (WTRU) is configured to receive unciphered and ciphered messages. The unciphered messages include identity requests, authentication requests, non-access stratum (NAS) security mode commands and tracking area update responses. The ciphered messages may come from the NAS and a Radio Resource Controller (RRC). The messages are ciphered using security keys.

Abstract: Provided are a method of and apparatus for estimating a motion vector using the sizes of neighboring partitions, an encoder, a decoder, and a decoding method. The method includes comparing the size of a first neighboring partition located to the left of the current block with the size of a second neighboring partition located above the current block and, if the size of the first neighboring partition and the size of the second neighboring partition are different from each other, estimating a motion vector of the larger one of the first neighboring partition and the second neighboring partition as the motion vector of the current block.

Abstract: A system, method and program product for generating a biometric reference template revocation message on demand. The method includes generating, using a biometric reference template revocation engine, a biometric reference template revocation message and loading the biometric reference template revocation engine onto a secure portable device for generating on demand of the individual the biometric reference template revocation message.

Abstract: This document describes techniques and apparatuses for secure computing in multi-tenant data centers. These techniques permit a client to delegate computation of a function to multiple physical computing devices without the client's information being vulnerable to exposure. The techniques prevent discovery of the client's information by a malicious entity even if that entity is a co-tenant on many of the same physical computing devices as the client.

Abstract: Logic circuitry and corresponding software instructions for performing functions within the FL function of a Kasumi cipher. An RLAX logic circuit includes a bit-wise AND function, a reorder bus, and a bit-wise exclusive-OR function for generating a destination word from corresponding logic functions of portions of first and second operands, in executing an RLAX program instruction. An RLOX logic circuit includes a bit-wise OR function, a reorder bus, and a bit-wise exclusive-OR function for generating a destination word from corresponding logic functions of portions of first and second operands, in executing an RLOX program instruction. Plural instances of the logic circuits can be implemented in parallel, to simultaneously operate upon plural data blocks.

Abstract: A system and a related method are disclosed for authenticating a user of an electronic system. The system, and related method access (a) data relating to a defined interaction with an input device for a purported authorized user, (b) a probability distribution representation for the defined interaction for an authorized user, and (c) a probability distribution representation for the defined interaction for a wide population, from which it can determine value indicative of whether the purported authorized user is the authorized user. The purported authorized user can be authenticated as the authorized user, if the value satisfies a prescribed threshold.

Abstract: Embodiments of the present invention provide a system that facilitates session management between a web application and a Customer Relationship Management (CRM) system. During operation, the system receives, at a proxy, a service call intended for a CRM system. Next, the system modifies a header of the service call to include authentication credentials for the CRM system. The system then determines if an available session token for the CRM system exists at the proxy. If so, the system modifies the header of the service call to include the session token. Next, the system forwards the service call with the modified header to the CRM system. The system then receives a response to the service call, which includes the session token. Upon receiving the response, the system stores the session token at the proxy for a subsequent service call. Finally, the system forwards the response to the web application.

Abstract: Method and apparatus are described wherein, in one example embodiment, a first entity shares a digital file such as a digital image with a second entity, and the first entity and the second entity each use the digital file as a seed to generate identical public/private key pairs using the same key generation procedure, such that both entities hold identical key pairs. The first and second entities may use the key pairs to encrypt, decrypt, or sign and authenticate communications between the entities.

Abstract: Methods and systems for identifying audio and video entertainment content are provided. Certain shortcomings of fingerprint-based content identification can be redressed through use of human-reviewers in a first party's social networking site environment. Access to a copy of a possible fingerprint-based match of user uploaded content is provided to a second party via a queue of an online interface provided by the first party. In response to providing access to the copy of the user uploaded content, manual human assessment data is obtained from the second party through the online interface. The manual human assessment data indicating a result of a comparison of the copy of the user uploaded content and data associated with reference content by one or more human reviewer(s). The manual human assessment data is used in concluding that the reference content corresponds with the user uploaded content.