Abstract: A zero-trust network and methods of using same are disclosed. The network includes a plurality of nodes, some of which are user devices, such as mobile phones, some of which are computer servers. One or more of the nodes includes a directory system. When a server receives an access request by a user device or other node, the directory system is notified of the request. The directory system will contact a number of randomly selected nodes, and if any one of the nodes does not recognize the requesting device, the requesting device will be denied access. If every queried node is able to authenticate the requesting device, the directory system creates a session for the first device to access the server. The directory system can grant access by providing the server and device reciprocating keys. After the session ends, the accessed node is assigned a new identifier.

Abstract: Concepts and technologies are described herein that involve non-native device authentication. According to one aspect disclosed herein, a method can include receiving an authentication credential at a computing device from an authorizer. The computing device can be non-native to the authorizer and native to an authorizee that the authorizer is attempting to provide authorization for access to content associated with the authorizer. The method can also include generating an authentication request directed to an authentication system. The authentication request can include the authentication credential. The method can also include sending the authentication request to the authentication system. In response to the authentication request, the computing system can receive an indication that the authorizer is authenticated to authorize the authorizee for access to the content associated with the authorizer. The method can also include accessing, by the computing device, the content associated with the authorizer.

Abstract: A method is provided in one example embodiment and includes communicating a message from a network element to a remote data plane element in order to request a data plane resource for hosting a session for a particular subscriber. The remote data plane element is designated to host a data plane function for a particular mobile network subscriber and the data plane resource comprises at least one of memory space and processor allocation. The method further includes discovering nodes capable of supporting the control plane functions; discovering nodes capable of supporting the data plane functions for the session; and performing a system-specific internal configuration to support separation of the data plane functions and the control plane functions.

Abstract: A communicating apparatus receives at least (i) email data which is encrypted by a content encryption key, (ii) the content encryption key which is encrypted by a public key of the communicating apparatus, and (iii) a public key certificate of the communicating apparatus. The communicating apparatus decrypts the encrypted content encryption key by a private key corresponding to the public key certificate of the communicating apparatus and decrypts the email data by the decrypted content encryption key. And the communicating apparatus prints at least the email data and the public key certificate of the communicating apparatus.

Abstract: A data communication apparatus that is capable of improving operability when inputting authentication information. An authentication unit accepts authentication information inputted when a user logs in to the data communication apparatus and authenticates the user based on the accepted authentication information. A designation unit designates a file transmission destination that is inputted by the authenticated user. A transmission unit transmits a file to the transmission destination inputted. A registration unit registers the transmission destination of the file. A control unit prohibits registration of the authentication information at the time of registration of the transmission destination of the file when the accepted authentication information is used for file transmission, and permits registration of the authentication information at the time of registration of the transmission destination of the file when the inputted authentication information is not used for file transmission.

Abstract: An apparatus comprising: a memory; at least one processor operatively coupled to the memory, configured to: execute a plurality of platforms that are different from each other in at least one of type and version, each of the platforms being associated with one or more respective applications; and perform an operation including at least one of deleting a first platform, installing a second platform, deleting a first application from one of the platforms, and installing a second application in one of the platforms.

Abstract: According to one embodiment is a string processor configured to output a biased output string having a first output value and a second output value. The string processor is given an unbiased input string of at least two input values. The string processor has a processing unit and a memory device, the memory device stores a code-word set. The code-word set has a plurality of code-words, each code-word having at least one input value, and each output value has at least one corresponding code-word. The processing unit is configured to: compare a comparison string to the code-word set, wherein the comparison string includes an input from the input string; and assign an output value to the output string when the comparison string matches a code-word. The assigned output value is that to which the matched code-word corresponds.

Abstract: A system includes reception, at a server and in a first browser session, of a request from a client for a token to access a first software service, determination of a token stored in a server memory of the server and associated with the first service and the client, determination, at the server, of whether a validity period of the token is within a predetermined period of expiration, and, if it is determined that the validity period of the token is within a predetermined period of expiration, transmission of a request for a new token to access the first software service from a token provider associated with the first service, reception of the new token from the token provider, and provision of the new token to the client in the first browser session.

Abstract: A portable computing device captures imagery from a screen of a second computer, decodes information steganographically-encoded in the screen display, and uses the decoded information to establish a secure session with the second computer. Such technology enables a help-desk staffer to interact with a client's desktop computer, without touching the keyboard of the desktop computer, and without interrupting the client's work. A great many other features and arrangements are also detailed.

Abstract: Methods, apparatuses, and storage mediums are provided for acquiring a legitimate installation package the field of computer technology. The method includes: acquiring characteristic information of a first installation package; sending the characteristic information to an authentication server; receiving a differential package fed back by the authentication server; and combining the differential package with the first installation package to obtain a legitimate installation package. The present disclosure solves the problem in the prior art that a user can only download a legitimate installation package of an application again to re-install the application when the user finds that malicious codes are implanted in an installed installation package of the application.

Abstract: A method for identifying malware is provided. The method includes performing a static analysis of a plurality of files and for each file of the plurality of files, determining in the static analysis whether the file includes an application programming interface (API). For each file, of the plurality of files, found to have an application programming interface, the method includes determining in the static analysis whether the application programming interface is proper in the file and alerting regarding an improper application programming interface when found in one of the plurality of files. A scanner for detecting malware is also provided.

Abstract: The invention relates to a transparent proxy as well as methods of caching and providing encrypted data content at the transparent proxy. In a first aspect of the present invention, a method of providing requested encrypted data content at a transparent proxy in a communications network is provided. The method comprises receiving from a client an encrypted identifier indicating the requested encrypted data content at the proxy, identifying the encrypted data content from the received encrypted identifier, determining whether the client is authorized to access the encrypted data content, and if so providing the requested encrypted data content to the client.

Abstract: One embodiment provides a system that facilitates a secure encryption proxy in a content centric network. During operation, the system receives, by an intermediate router from a content-consuming computing device, a first interest that includes a first name, signaling information encrypted based on a signaling key, and an inner interest encrypted based on an encryption key. The inner interest includes a name for a manifest that represents a collection of data. The intermediate router does not possess the encryption key. The system generates one or more interests for the data represented by the manifest. The system transmits to the content-consuming computing device a content object received in response to a generated interest, wherein the intermediate router transmits the responsive content object without receiving a corresponding interest from the content-consuming computing device, thereby facilitating reduced network between the content-consuming computing device and the intermediate router.

Abstract: Social messages sent or posted by users of a social networking service are collected. Compromised social networking accounts are identified from the collected social messages. Keywords indicative of compromised social networking accounts are extracted from social messages of identified compromised social networking accounts. The keywords are used as search terms in a search query for additional social messages. Additional compromised social networking accounts are identified from search results that are responsive to the search query.

Abstract: Systems, devices and methods for storage, delivery, receipt, and/or other handling of an item in an electronically controllable storage receptacle are disclosed. The disclosure provides features for keyless access to the storage receptacle by use of user access information, such as a PIN or bar code. Further, features are disclosed for receiving and/or transmitting data related to the recipient and the item to facilitate the various handling actions of the item.

Abstract: Aspects of the subject disclosure are directed towards protecting machines, such as virtual machines in a cloud datacenter, from receiving unwanted traffic, and also reducing bandwidth by eliminating redundant data transmissions. In one aspect, an agent intercepts packets from a source, and determines whether the destination is allowed to receive packets from the source, based upon a communication group membership. The agent also may drop packets based upon malware/fraud signatures. The agent also attempts to reduce bandwidth by replacing redundant content with identifiers (e.g., hashcodes), which a destination machine uses to rebuild the original content. A destination-side agent may perform the same or similar communication group membership and malware/fraud signature filtering operations, and reassemble redundancy-reduced content from received identifiers as needed.

Abstract: From a record of a packet in a Domain Name System (DNS) communication between a DNS client and a DNS server, an input feature is constructed. Using the packet, a metadata item supporting the input feature is computed. Using a processor and a memory to execute a trained cognitive classification model, and by supplying the input feature and the supporting metadata item as inputs to the cognitive classification model, a transmission of the packet is classified as malicious use of DNS tunneling between the DNS client and the DNS server. From the cognitive classification model, a classification of the packet as malicious, and a confidence value in the malicious classification are output. By generating a notification, the DNS client is caused to cease the malicious use of the DNS tunneling.

Abstract: Outage detection in a cloud based service is provided using usage data based error signals. Usage data is collected from component of the cloud based service or client devices of the cloud based service based on customer actions on the cloud based service. The usage data is aggregated and normalized to generate an error signal from errors generated from a component of the cloud based service. An outage is detected from the error signal. An alert that includes information associated with the outage and one or more customers impacted by the outage is generated.

Abstract: A method of storing data from a whiteboard application executed on a computing system including an interactive display device is provided. The method comprises storing, in a memory of the computing system, whiteboard data input to the whiteboard application in response to user interaction with the interactive display device, displaying a login selector on the interactive display device, upon detecting actuation of the login selector, identifying the user based on credentials of the user; and in response to identifying the user, (i) retrieving previews of stored whiteboard files from a user account in a cloud-based storage system corresponding to the identity of the user, (ii) displaying the previews on the interactive display device, and (iii) uploading the whiteboard data as a whiteboard file from the memory of the computing system to the user account.

Abstract: An information processing apparatus including a message generating unit that generates N sets of messages based on a multi-order multivariate polynomial set F=(f1, . . . , fm) defined on a ring K and a vector s that is an element of a set Kn, a first information selecting unit that inputs a document M and the N sets of messages to a one-way function that selects one piece of first information from among k (where k?3) pieces of first information in response to a set of input information, and selects N pieces of first information, a second information generating unit that generate N pieces of second information, and a signature providing unit that provides a verifier with the N pieces of first information and the N pieces of second information as a digital signature.