Abstract: A computer implemented system, method and a computer program product for ahead of time delivery of electronic content, have been provided. A file policy specifying a time period in which the electronic content is to be rendered accessible to a subscriber, is created. The electronic content is embedded with the file access policy, and subsequently encrypted. The encrypted electronic content is transmitted ahead-of-time to a network enabled device accessible to the subscriber. The encrypted electronic content is decrypted subsequent to the authentication of the subscriber. The electronic content is made accessible via the network enabled device only in the event that the current time stamp received from a time server is within the time period specified by the file access policy.

Abstract: A method of and system for gate-level masking of secret data during a cryptographic process is described. A mask share is determined, wherein a first portion of the mask share includes a first number of zero-values and a second number of one-values, and a second portion of the mask share includes the first number of one-values and the second number of zero-values. Masked data values and the first portion of the mask share are input into a first portion of masked gate logic, and the masked data values and the second portion of the mask share are input into a second portion of the masked gate logic. A first output from the first portion of the masked gate logic and a second output from the second portion of the masked gate logic are identified, wherein either the first output or the second output is a zero-value.

Abstract: The multimedia method includes reading out information regarding user reactions to content during playback of the content, displaying a history of user reactions according to the information regarding the user reactions, and playing back a portion of content corresponding to a selected time point from the history of the user reactions at which the user reactions occurred.

Abstract: Methods and systems are disclosed for identifying security risks, arising from credentials existing on machines in the networks that enable access to other machines on the networks. Account credentials indications are retrieved from machines in the network, which indicate that credentials for accounts are stored on those machines. Access rights for accounts are collected, describing the access and operation permissions of these accounts on machines in the networks. A correlation is then performed to identify machines that can be accessed by employing credentials of accounts retrieved from other machines in the network.

Abstract: In some implementations, encrypted data (e.g., application data, keychain data, stored passwords, etc.) stored on a mobile device can be accessed (e.g., decrypted, made available) based on the context of the mobile device. The context can include the current device state (e.g., locked, unlocked, after first unlock, etc.). The context can include the current device settings (e.g., passcode enabled/disabled). The context can include data that has been received by the mobile device (e.g., fingerprint scan, passcode entered, location information, encryption key received, time information).

Abstract: Technologies for performing security monitoring services of a network functions virtualization (NFV) security architecture that includes an NVF security services controller and one or more NFV security services agents. The NFV security services controller is configured to transmit a security monitoring policy to the NFV security services agents and enforce the security monitoring policy at the NFV security services agents. The NFV security services agents are configured to monitor telemetry data and package at least a portion of the telemetry for transmission to an NFV security monitoring analytics system of the NFV security architecture for security threat analysis. Other embodiments are described and claimed.

Abstract: A management process for access to secure data includes: storing secure data associated with a first user and authentication data of said first user, managing access to the secure data of the first user, as a function of the authentication data of this first user. The process includes: storing, in the secure data of the first user, a heritage rule and a list of at least one second user and, for each second user of said list, an rule for access to secure data of the first user, storing authentication data for each second user of said list, and when the heritage rule is satisfied, managing access, by said at least one second user, to the secure data of the first user, as a function of the authentication data of the second user and of the rule for access of the second user.

Abstract: A user-wearable device includes a housing and a band that straps the housing to a portion of a user's body (e.g., wrist). One or more skin contact sensors in and/or on the housing can sense biometric information of a user wearing the device. An authentication module performs or receives results of an authentication determination that compares the sensed biometric information to baseline biometric information to determine whether they match. An on-body detector uses one or more of the sensors to determine whether the device is being worn by a user. After a user is authenticated based on a match between the sensed and baseline biometric information, the authentication module continually concludes that the user is authenticated for at least a period of time, without an additional comparison between sensed and baseline biometric information, if the on-body detector detects that the user-wearable device is still being worn by the user.

Abstract: A system, method, and computer program product for storing back-up files using file identicality properties are provided. A system is provided that intercepts file information from files while they are being stored to a back-up system. The files are intercepted with a file gathering interface that is in communication with one or more information source clients. The system includes an indexing engine to index file data contents of the intercepted file, a metadata engine to manage metadata concerning the intercepted file, and a triage engine to manage the file gathering interface, the indexing engine, and the metadata engine. Methods are provided for the interception of files being sent to a back-up system that take advantage of file identicality properties.

Abstract: A computer-implemented method for monitoring programs may include (1) placing a program within an enclave that includes a protected address space that code outside of the protected address space is restricted from accessing, (2) hooking an application programming interface call within the program in the enclave to monitor the behavior of the program, (3) inserting an enclave entry instruction into code outside of the protected address space that the program accesses through the hooking of the application programming interface call, and (4) monitoring the behavior of the program by executing the program within the enclave in an attempt to force the program to use the hooked application programming interface call in order to access data outside the enclave. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An asymmetric-computing type shared key establishing method suitable for cloud computing and IoT has the following advantages. The realization efficiency and the security level are high, and a cryptographic algorithm coprocessor is not needed. The method can be applied to occasions in which the computing capabilities are asymmetric, and attacks from quantum computers can be resisted. Compared with a conventional key exchange protocol such as the Diffie-Hellman key exchange protocol, the method can be more effective between servers and mobile equipment in the security fields as the IoT and cloud computing, and the method can be used in both the electronic environment and the quantum environment. Thus, the asymmetric-computing type shared key establishing method suitable for cloud computing and IoT provided by the invention can be widely applied to the field of information security systems such as network security and e-commerce.

Abstract: Embodiments for anomaly detection on a web client are generally described herein. A processor on the web client is monitored, where a web browser is installed on the web client, with the web browser arranged to render a web page, the web page including content originating from a plurality of origins. A request from the web page to store data on the web client is intercepted, with the request originating from a particular origin of the plurality of origins. The request is analyzed and approved or denied based on the particular origin.

Abstract: A display system for displaying a document includes a tablet terminal and a head mounted display device (HMD). The tablet terminal includes a display device which does not display confidential information that a third party is not allowed to browse, but displays non-confidential information that the third party is allowed to browse with regard to the document. The HMD includes a glasses-type display unit which does not allow the third party to browse, but allows a HMD user to browse, a communication unit which receives the confidential information, and a video camera for capturing the non-confidential information displayed on the display device. The glasses-type display unit, based on the captured non-confidential information, displays the received confidential information so that the received confidential information is visually recognized by the HMD user in a state of being aligned with the non-confidential information displayed on the display device.

Abstract: A display device and a method for controlling the same are disclosed. The method for controlling a display device comprises the steps of displaying a control object in a first private region; moving the displayed control object from the first private region to a public region; moving the control object based on a first moving mode if an object property of the control object is a private property; and moving the control object based on a second moving mode if the object property of the control object is a public property. In this case, the first moving mode may have a moving property of the control object, which is different from that of the second moving mode.

Abstract: Techniques are described for providing customizable sign-on functionality, such as via an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users. The access manager system may maintain various sign-on and other account information for various users, and provide single sign-on functionality for those users using that maintained information on behalf of multiple unrelated services with which those users interact. The access manager may allow a variety of types of customizations to single sign-on functionality and/or other functionality available from the access manager, such as on a per-service basis via configuration by an operator of the service, such as co-branding customizations, customizations of information to be gathered from users, customizations of authority that may be delegated to other services to act on behalf of users, etc.

Abstract: Various communication systems may benefit from physical layer watermarking. For example, active sensing for dynamic spectrum access may be performed using physical layer watermarking, such as watermarking based on channel effects and/or receiver distortion. A method may include, for example, obtaining an original signal to be transmitted to at least one receiver. The method may also include watermarking the original signal with at least one of authentication data or ancillary data to provide an enhanced signal. The watermarking can include a physical layer watermark. The physical layer watermark can be configured to emulate at least one a channel effect or a receiver distortion. The method can further include transmitting the enhanced signal to the at least one receiver.

Abstract: A trusted device includes a secure interface and a host interface, the secure interface being isolated from the host interface by an isolated environment. A user provides a communication to the trusted device via the secure interface. A processor of the isolated environment encrypts the communication and transmits the encrypted communication to a read file of the host interface. A host device connected to the trusted device via the host interface receives the encrypted communication. The host device transmits the encrypted communication to a second host device that is connected to a second trusted device via a second host interface. The second host device transmits the encrypted communication to a write file of the second host interface. A processor in an isolated environment of the second trusted device decrypts the communication and provides the decrypted communication to a second user via a secure interface of the second trusted device.

Abstract: Disclosed herein is a technique for managing one or more electronic Subscriber Identity Modules (eSIMs) on an embedded UICC (eUICC). In particular, the technique involves leveraging the GlobalPlatform™ Specification and/or other telecommunication standards to support the eSIMs on the eUICC. Each eUICC can include an Issuer Security Domain (ISD) owned by a device manufacturer and an eSIM manager that manages the plurality of eSIMs on the eUICC. Notably, binaries of one or more applications shared between different eSIMs can be standardized and stored in a manner that enables each eSIM to utilize the one or more applications (via the eSIM manager) without needing to individually store the binaries. Using this approach, the overall size and complexity of each eSIM can be reduced, which can increase the amount of available memory within the eUICC as well as the overall performance of the eUICC.

Abstract: Distribution of verification of passwords for electronic account. Password verification is distributed (divided) across multiple entities to reduce potential exposure in the event of a server exposure.

Abstract: Certain aspects of the present disclosure relate to user access to an application service that references user account information and previous user action information. One example method may include receiving, via a receiver device, user input information to access an application, the user input information including at least one action request and authorizing the user to access the application. The method may also include storing the user input information as part of a contextual history information record in a database memory, generating a response message to the selected at least one action request based on the contextual history information, and forwarding the response message to the user via a transmitter device.