Abstract: A method of sharing content by using a personal cloud device and an electronic device and a personal cloud system using the method are provided. The method includes connecting to a personal cloud device configured to share the content with another electronic device, if a new first content is added to a set first folder, determining an upload condition of the electronic device, and if the upload condition satisfies a set condition, transmitting the first content to the personal cloud device. Accordingly, a user is able to share contents between a plurality of electronic devices by using a personal cloud device in real time.

Abstract: In accordance with an embodiment, described herein is a system and method for supporting web services in a multitenant application server environment. The system comprises a domain with a plurality of partitions, wherein each partition can include one or more web services, and a web services inspection language (WSIL) application. A partition-aware managed bean server can include managed beans for generating addresses of web services deployed to each partition, wherein the generated addresses can be retrieved by the WSIL application in that partition for use by clients in accessing the web services. The system can further include a web service security manager that can secure web services in each partition, by attaching security policies to each web service endpoint and enforcing the security policies on requests directed to that web service endpoint.

Abstract: Techniques for tagging packets within a network fabric. An authentication device for a network fabric receives a first packet originating from a source device, in transit to a destination device, corresponding to a first network flow. User identification information corresponding to an authenticated user of the source device is inserted into a Network Services Header of the first packet. Embodiments receive a second packet that corresponds to the first network flow at the authentication device, the second packet including service identification information within a Network Services Header of the second packet that identifies a service type of the network flow. Upon receiving a third packet for the first network flow, the authentication device inserts the user identification and the service identification information into a Network Services Header of the third packet.

Abstract: Embodiments of the present invention include a method for providing a secure domain name system (DNS) for machine to machine communications. In one embodiment, the method includes storing policy information for machine to machine communications in a global DNS registry database server. The method further includes communicating the policy information for machine to machine communications from the global DNS registry database server to a machine DNS registry server located in an Internet service provider (ISP) network, wherein a control signaling gateway located in the ISP network is configured to utilize the policy information for machine to machine communications to allow only registered controllers associated with a machine to communicate with the machine.

Abstract: A system and method to secure information displayed on the screen of a computing device is provided in which an image to be displayed is algorithmically distorted and thereafter displayed on a display device. To properly view the image, a user must use decoding eyewear which will correct for the applied distortion. The displayed image is thereby rendered unviewable to casual observers and passers-by.

Abstract: Preserving privacy related to networked media consumption activity. Source privacy zones are defined and associated with privacy standards. Privacy standards include frequency criteria governing the storage of datasets including information associated with networked media consumption activity collected from the source privacy zone. Transaction requests including a networking protocol address are received over a network from a client device at a target location by a networked privacy system. The source privacy zone associated with the client device is identified. Using the networking protocol address to access characteristics having characteristic value(s), a dataset can be created including associating the networked media consumption activity with the characteristic and characteristic value(s). The dataset is pre-processed to comply with the privacy standards. The networking protocol address is discarded.

Abstract: A policy arbitration system manages the fundamental communications and isolation between executable components and shared system resources of a computing device, and controls the use of the shared resources by the executable components. Some versions of the policy arbitration system operate on a virtualized mobile computing device to dynamically compile and implement policy rules that are issued periodically by multiple different independent execution environments that are running on the computing device. Semi-dynamic policy changes allow for context enabled policy changes that enforce the desired system and component “purpose” while simultaneously denying the “anti-purpose”.

Abstract: A method for secure cryptographic communication includes transmitting information that identifies a group key from a first device to a second device. The method further includes, in the first device, using the group key to encrypt an input vector, transmitting the encrypted input vector, encrypting privacy-sensitive information using a device key, an encryption algorithm, and the input vector, and transmitting the encrypted privacy-sensitive information to the second device.

Abstract: An approach for addressing (e.g., preventing) detected network intrusions in a virtualized/networked (e.g., cloud) computing environment is provided. In a typical embodiment, users may group components/systems of an environment/domain according to a range of security sensitivity levels/classifications. The users may further configure rules for responding to security threats for each security sensitivity level/classification. For example, if a “highly dangerous” security threat is detected in or near a network segment that contains highly sensitive systems, the user may configure rules that will automatically isolate those systems that fall under the high security classification. Such an approach allows for more granular optimization and/or management of system security/intrusion prevention that may be managed at a system level rather than at a domain level.

Abstract: Computationally implemented methods and systems include monitoring one or more properties of a device configured to carry out one or more services, determining one or more services that require access to a particular portion of the device, said determining at least partly based on the monitored one or more properties of the device, and facilitating presentation, to the device, of the determined one or more services that require access to the particular portion of the device, and are configured to be carried out by the device, wherein the one or more services are presented along with a request for access to the particular portion of the device. In addition to the foregoing, other aspects are described in the claims, drawings, and text.

Abstract: The invention provides an easy to use credential management mechanism for multi-factor out-of-band multi-channel authentication process to protect payment credentials without the risk of malware and skimming attacks. When opened, the secure payment application generates a multi-dimensional transitory key. The user authenticates the multi-dimensional transitory key and validates the secure payment application, triggering an out-of-band outbound mechanism. The portable mobile device invokes the authentication server and the authentication server authenticates the user based on the authenticated transitory key. After authentication, the merchant is allowed access to the payment credentials to complete the transaction. The process of the invention includes an authentication server, a secure payment application to generate an authentication vehicle or an embodiment (i.e. multi-dimensional transitory key) and handle incoming requests, and a portable communication device with a smartphone application.

Abstract: The invention provides an easy to use credential management mechanism for multi-factor out-of-band multi-channel authentication process to protect user access to online portals. When opened, the client processing application generates a multi-dimensional code. The user scans the multi-dimensional code and validates the client processing application and triggers an out-of-band outbound mechanism. The portable mobile device invokes the authentication server to get authenticated. The authentication server authenticates the user based on shared secret key and is automatically allowed access to the online portal. The process of the invention includes an authentication server, a client processing application to generate an authentication vehicle or an embodiment (i.e. multi-dimensional bar code) and handle incoming requests, secret keys and a portable communication device with a smartphone application.

Abstract: The invention provides an easy to use credential management mechanism for multi-factor out-of-band multi-channel authentication process to protect a large number of documents without the need to remember all the document passwords. When opened, the secure document application generates a multi-dimensional code. The user scans the multi-dimensional code and validates the secure document application and triggers an out-of-band outbound mechanism. The portable mobile device invoices the authentication server to get authenticated. The authentication server authenticates the user based on shared secret key and is automatically allowed access to the secure document. The process of the invention includes an authentication server, a secure document application to generate an authentication vehicle or an embodiment (i.e. multi-dimensional bar code) and handle incoming requests, secret keys and a portable communication device with a smartphone application.

Abstract: Technologies for secure personalization of a security monitoring virtual network function (VNF) in a network functions virtualization (NFV) architecture include various security monitoring components, including a NFV security services controller, a VNF manager, and a security monitoring VNF. The security monitoring VNF is configured to receive provisioning data from the NFV security services controller and perform a mutually authenticated key exchange procedure using at least a portion of the provisioning data to establish a secure communication path between the security monitoring VNF and a VNF manager. The security monitoring VNF is further configured to receive personalization data from the VNF manager via the secure communication path and perform a personalization operation to configure one or more functions of the security monitoring VNF based on the personalization data. Other embodiments are described and claimed.

Abstract: A method for implementing a third party application in a micro-blogging service is provided, in which upon reception of a first request for presenting a media message provided by a third party media source, a micro-blog server obtains login information of a user and configuration information corresponding to the third party media source, converts the login information to authorization information, generates a second request for presenting the media message provided by the third party media source, and transmits the second request to a third party application server; the third party application server extracts the media message corresponding to the second request from the third party media source through a micro-blog open platform, by using the authorization information of the user and the configuration information corresponding to the third party media source, and presents it for the user.

Abstract: Systems and methods are provided for providing a computer-based test to be taken at a computer. A determination is made as to whether a geolocation of the computer is within an approved geolocation range. A determination is made as to whether a time at which the computer-based test is to be provided to the computer is within an approved time range. A hardware profile of the testing center is compared to an expected hardware profile of the testing center. Biometric data of a test center administrator is compared to expected biometric data of the test center administrator, and a confidence score is modified based on results of the comparison. If the confidence score meets or exceeds a threshold, the computer-based test is provided to the computer over a network. If the confidence score is less than the threshold, the computer-based test is prevented from being provided to the computer.

Abstract: An authentication system, an authentication device, and an authentication method are provided. The authentication system includes a mobile device and an authentication device. The mobile device includes a storage unit, and a code-for-authentication generator. The authentication device includes an output device configured to output the prescribed code to be used for generating the code for authentication, an input device configured to obtain the code for authentication output from the mobile device, an authenticator generation unit, and an authentication processing unit configured to determine whether the user at the mobile device is authenticated. The authentication device includes an output device, an input device, and processing circuitry. The authentication method performed by the authentication device includes outputting, reading, and determining whether the user at the mobile device is authenticated.

Abstract: The determination of a unique user is discussed in response to receiving a dataset comprising multiple user identifiers (IDs). In some cases the user IDs may be of a different type. User IDs may be compared directly to determine whether they correspond to a unique user. Network transactions and attributes associated with those network transactions may be compared to determine a probability of whether two user IDs correspond to a unique user. Network transactions and attributes associated with those network transactions may also be compared to determine that two user IDs do not correspond to a unique user.

Abstract: An identity federation and security token translation module and method for operable engagement with a web application or an internet information service (IIS). A first server includes computer-executable instructions defining the identity federation and security token translation module for managing and facilitating a creation of a custom security principal object for a user requesting access to the web application. A data cache stores the custom security principal object in a non-transitory computer readable media. The identity federation and security token translation module may be changed without making changes to the web application or the IIS.

Abstract: This disclosure relates generally to identity management, and more particularly to systems and methods for managing performance of identity management services. In one embodiment, a processor-implemented identity management performance control method is disclosed. The method may include receiving, via one or more hardware processors, an identity management architecture specification. The method may also include identifying, via the one or more hardware processors, a plurality of identity management attributes for the identity management architecture specification. The method may include selecting, via the one or more hardware processors, measurement criteria based on a target environment for implementing the identity management architecture. The method may include calculating, via the one or more hardware processors, an attribute measurement quotient for the plurality of identified identity management attributes using the selected measurement criteria.