Abstract: A method of interpreting a rule and a rule-interpreting apparatus for rule-based security apparatus, and an apparatus implementing the method. The method includes the following steps: designating a suspicious timeslot; if any packet does not present in the designated timeslot, capturing current incoming packets or capturing other incoming packets in the designated timeslot next time; automatically associating the packets in the designated timeslot to form at least one traffic flow corresponding to a connection or call; analyzing the at least one traffic flow to select at least one suspicious target traffic flow; and outputting the at least one selected suspicious target flow.

Abstract: A user can have media files associated with a user account in a shared resource environment, enabling the user to access those files from multiple devices and locations. Instead of uploading each file, a process can scan the files to determine corresponding copies already stored to the shared resource environment, which can be associated with the user account without uploading another copy. In cases where encryption or other protection prevents the content of a file from being verified, a fingerprint of unencrypted records of the file can be generated and compared against an index of fingerprints for previously encountered files. If the fingerprint matches information stored for a media file, and the fingerprint meets at least one validity criterion, a copy of the media file can be associated with the user account even though the user's copy cannot be read, or potentially even played, by a component of the environment.

Abstract: Devices and methods for masking and unmasking sensitive data, based on a standard cryptographic algorithm defining a ciphering algorithm, and a deciphering algorithm using more resources than the ciphering algorithm are described. The masking of sensitive data is done by applying the deciphering algorithm to the sensitive data to obtain masked sensitive data. The unmasking of the masked sensitive data is done by applying the ciphering algorithm to the masked sensitive data to obtain sensitive data in plain form.

Abstract: A system and methods for authenticating a user for access to a system input terminal that includes an infrared imager, a user input terminal, and a processing section including a plurality of processing instructions operable to perform image capture for wrist areas of a user in proximity to an input terminal or other structures requiring authentication and comparison to determine access or deny access. An aspect of an embodiment of the invention permits initial and frequent authentication that reduces or eliminates user action to perform such authentication. Also provided are user interfaces, and additional authentication sections operable with the infrared imager. Alternative embodiments of the invention include a mobile embodiment as well as an embodiment-including a sensor positioned with respect to a user in an operational position where the user is performing a task in relation to an input terminal or structure requiring authentication (e.g. a keyboard).

Abstract: A method, system and computer program product for session completion through co-browsing is claimed. The method can include establishing a content browsing session between a first computing device and a content server serving access to content to the first computing device and maintaining state data for the content browsing session. A co-browsing arrangement of the content can be created as between the first computing device and a second computing device and at least a subset of the state data can be cloned for use by the second computing device during co-browsing of the content. Thereafter, a modified form of the subset of the state data can be received from the second computing device resulting from the co-browsing of the content by the second computing device and the modified form of the subset of the state data can be provided to the first computing device for use during the content browsing session.

Abstract: Techniques, systems, and devices are disclosed for performing secure cryptographic communication. One disclosed technique includes transmitting information that identifies a group key from a first device to a second device. The technique further includes, in the first device, using the group key to encrypt an input vector, transmitting the encrypted input vector, encrypting privacy-sensitive information using a device key, an encryption algorithm, and the input vector, and transmitting the encrypted privacy-sensitive information to the second device.

Abstract: A system may receive a request to access user sponsored media content (“media content”), the request including a digital token (“token”), the media content being associated with a user sponsored account (“account”), and the account being associated with unused data from a mobile communications service plan, where the account and the mobile communications service plan are associated with a user. The system may identify token information included in the token. The system may compare the token information with stored token information. The system may determine that the token is valid based on the token information matching the stored token information. The system may provide access to the media content based on the token being valid. The system may provide information to cause data charges, for traffic flow associated with access to the media content, to be charged against the unused data associated with the account.

Abstract: Methods and systems for authenticating a user device employ a database of global network latencies categorized and searchable by location and calendar date-time of day usage, providing network latency by geography and by time. The database is constructed using voluminous daily data collected from a world-wide clientele of users who sign in to a particular website. Accuracy of the latency data and clock skew machine identification is made practical and useful for authentications using a service provider-proprietary, stable reference clock, such as an atomic clock, so that internal clock jitter of a service provider performing authentications does not affect the network latency time and clock skew identification of user devices. Increased authentication confidence results from using the database for correcting network latency times and user device signatures generated from the clock skew identifications and for cross checking the authentication using comparisons of initial registration to current sign in data.

Abstract: A method includes a computer device receiving a set of images for at least one user; the computer device receiving unique visual clue inputs from the at least one user for each image of the set of images; the computer device receiving drawing gesture inputs from the at least one user for each image of the set of images; and the computer device using the visual clue and drawing gesture inputs to create passwords to provide a locked access point for at least one device.

Abstract: Authenticating a client device to a service to allow the client device to access a resource provided by the service. A client device obtains a secondary credential that is associated with a primary credential and that is generated as being usable by a particular set of devices including the client device to indirectly gain access to the service through the primary credential. While outside of an enterprise network, the client device requests access to the service, including sending the secondary credential to an enterprise gateway. Based at least on sending the secondary credential to the enterprise gateway, the client device receives a resource from the service. The resource is received based at least on the enterprise gateway having forwarded the primary credential to the service after verifying that the secondary credential is valid and that the client device is in the particular set of client devices.

Abstract: There is provided an information processing device including a secret key generator that generates a secret key from a random number received from an external device that provides a service, and a given value, a public key generator that generates a public key on the basis of the secret key by using a function identically set in a plurality of the services, a transmitter that transmits the public key to the external device, and an authentication processor that conducts authentication with the external device using the secret key.

Abstract: A method and apparatus for easily restricting a use right and improving use convenience in a mobile terminal are provided. The method includes displaying a profile list for selecting a set operation mode of the mobile terminal from the displayed profile list; setting an operation mode of the mobile terminal as the selected operation mode, when the set operation mode is selected from the displayed profile list,; and displaying a screen associated with the selected operation mode, wherein the set operation mode includes an open mode to use all functions of the mobile terminal and a limited mode to use only set functions.

Abstract: A computer implemented system, method and a computer program product for ahead of time delivery of electronic content, have been provided. A file policy specifying a time period in which the electronic content is to be rendered accessible to a subscriber, is created. The electronic content is embedded with the file access policy, and subsequently encrypted. The encrypted electronic content is transmitted ahead-of-time to a network enabled device accessible to the subscriber. The encrypted electronic content is decrypted subsequent to the authentication of the subscriber. The electronic content is made accessible via the network enabled device only in the event that the current time stamp received from a time server is within the time period specified by the file access policy.

Abstract: Methods and systems are provided for validating a signature in a multi-tenant environment. A server or other computing device that is part of a distributed network may request a certificate collection from an identified tenant store. The requested certificate collection may be loaded in a virtual store that is accessible by the server or other computing device. The sever or other computing device may then access one or more certificates from the virtual store to validate a signature.

Abstract: An approach for addressing (e.g., preventing) detected network intrusions in a virtualized/networked (e.g., cloud) computing environment is provided. In a typical embodiment, users may group components/systems of an environment/domain according to a range of security sensitivity levels/classifications. The users may further configure rules for responding to security threats for each security sensitivity level/classification. For example, if a “highly dangerous” security threat is detected in or near a network segment that contains highly sensitive systems, the user may configure rules that will automatically isolate those systems that fall under the high security classification. Such an approach allows for more granular optimization and/or management of system security/intrusion prevention that may be managed at a system level rather than at a domain level.

Abstract: Methods and systems for securely accessing content irrespective of the security of the environment in which the content is being accessed are described herein. In some embodiments, a mobile computing device may determine whether secure enterprise content is being accessed on a mobile computing device. In response to determining that a private user device (e.g., virtual reality or augmented reality headwear/eyewear), is communicatively coupled to the mobile computing device, the mobile computing device may prevent the secure content from display on the mobile computing device and instead generate the secure enterprise content for presentation in an unencrypted form on the private user device.

Abstract: A user-wearable device includes a housing and a band that straps the housing to a portion of a user's body (e.g., wrist). One or more skin contact sensors in and/or on the housing can sense biometric information of a user wearing the device. An authentication module performs or receives results of an authentication determination that compares the sensed biometric information to baseline biometric information to determine whether they match. An on-body detector uses one or more of the sensors to determine whether the device is being worn by a user. After a user is authenticated based on a match between the sensed and baseline biometric information, the authentication module continually concludes that the user is authenticated for at least a period of time, without an additional comparison between sensed and baseline biometric information, if the on-body detector detects that the user-wearable device is still being worn by the user.

Abstract: Embodiments of the present invention include a method for providing a secure domain name system (DNS) for machine to machine communications. In one embodiment, the method includes storing policy information for machine to machine communications in a global DNS registry database server. The method further includes communicating the policy information for machine to machine communications from the global DNS registry database server to a machine DNS registry server located in an Internet service provider (ISP) network, wherein a control signaling gateway located in the ISP network is configured to utilize the policy information for machine to machine communications to allow only registered controllers associated with a machine to communicate with the machine.

Abstract: A security management capability enables migration of individual security rules between storage/application locations. The migration of a security rule may include selection of a location at which the security rule is to be applied and migration of the security rule to the selected location at which the security rule is to be applied. The selection of the location at which the security rule is to be applied may be performed based on security rule policies and/or security rule location selection information. The security rule is migrated from a current location (e.g., a location at which the security rule is currently applied, a management system, or the like) to the selected location at which the security rule is to be applied. In this manner, a fluid security layer may be provided. The fluid security layer may be optimized for one or more of security level, performance, cost, or the like.

Abstract: A display system for displaying a document includes a tablet terminal and a head mounted display device (HMD). The tablet terminal includes a display device which does not display confidential information that a third party is not allowed to browse, but displays non-confidential information that the third party is allowed to browse with regard to the document. The HMD includes a glasses-type display unit which does not allow the third party to browse, but allows a HMD user to browse, a communication unit which receives the confidential information, and a video camera for capturing the non-confidential information displayed on the display device. The glasses-type display unit, based on the captured non-confidential information, displays the received confidential information so that the received confidential information is visually recognized by the HMD user in a state of being aligned with the non-confidential information displayed on the display device.