Abstract: A computer-implemented method for detecting illegitimate out-of-band authentication attempts may include 1) identifying a text message that includes a confirmation code for an out-of-band authentication procedure, 2) detecting an attempt to access the text message, 3) determining that the attempt to access the text message was configured to avoid user participation, and 4) performing, in response to determining that the attempt to access the text message was configured to avoid user participation, a remediation action that addresses an illegitimate out-of-band authentication attempt that includes the attempt to access the text message. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for secure cryptographic communication comprises transmitting information that identifies a group key from a first device to a second device. The method further comprises, in the first device, using the group key to encrypt an input vector, transmitting the encrypted input vector, encrypting privacy-sensitive information using a device key, an encryption algorithm, and the input vector, and transmitting the encrypted privacy-sensitive information to the second device.

Abstract: A non-transitory computer readable medium may include executable instructions which, when executed by a processor, cause the processor provide for a repository of digital content and to create a first license based on the digital content. The instructions further cause the processor to transmit the first license and the digital content to a non-destructive testing (NDT) device, and wherein the digital content is configured to be executed by, used by, or displayed by the NDT device, or a combination thereof, based on the first license.

Abstract: A new approach for a transport protocol for sensor data collection, such as a smart grid is described. In one embodiment of the invention, each server avoids keeping security and communication state per client through the notion of a secure “state-token”. The state token is issued with each server message and is subsequently attached to corresponding client messages delivered to the server. An implementation is provided in which the server encrypts and authenticates the associated session state, and then gives the resulting encryption for the client to temporarily store and return to the server with a next message. In this way, a server does not keep session state after sending the encryption back to a client and can quickly restore session state when the next message from the client arrives.

Abstract: A method, apparatus, and computer program product, responsive to receiving a data from a computing device connected to the computer in a cloud computing system or data center, identifies a criteria associated with the computing device, responsive to identifying the criteria, determines whether the data is authorized for transmission to a storage in the cloud computing system or data center, and responsive to determining that the data is authorized for transmission to the storage, forwards the data to the storage.

Abstract: A computer-implemented method for protecting services may include (1) identifying a service control manager, the service control manager having access to modify a configuration of at least one service, (2) identifying a request from a process for permission to access the configuration of the service, and, in response to the request, (3) authenticating the process based on at least one attribute of the process, (4) providing an authentication token to the process, (5) intercepting an attempt by the process to access the configuration of the service via the service control manager, the attempt including the authentication token, and, in response to the attempt, (6) validating the authentication token, and, in response to validating the authentication token, (7) allowing the process to access the configuration of the service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A data transmission interface apparatus, communicating with another data transmission interface apparatus through a digital transmission means for transmitting multimedia data, includes a processor for processing multimedia data; and a data converting circuit, coupled to the processor, for converting a plurality of first multimedia data sets generated from the processor into a plurality of second multimedia data sets; and for converting a plurality of first auxiliary data sets into a plurality of second auxiliary data sets. The first auxiliary data set and the second auxiliary data set include closed caption information.

Abstract: A new system for information sharing is described which uses human judgement to accelerate the flow of information, while simultaneously applying brakes to restrict the velocity. This combination results in a system where information is shared judiciously while minimizing the likelihood of information leakage or information overload. A built in monitor allows for the detection over time of sharing characteristics. Information in this system is stored on a server, however, is optionally encrypted in a fashion that makes it impossible for the server to actually see the information. Further innovations are also described including the ability to overlay incentive mechanisms to facilitate appropriate information sharing, and the notion of introducing automated bots into the system to augment human filter based information sharing.

Abstract: This invention relates to an optical star network in which different communities of users, such as different businesses, are provided through use of quantum key distribution (QKD). At least one QKD device is located at the central hub of the star network and communicates with QKD devices at the endpoints to establish a separate quantum key, i.e. a cryptographic key established by QKD, with each endpoint. A separate key manager is provided for each different community and each key manager is arranged to use the appropriate quantum keys for endpoints within that community to deliver the same community key to each endpoint. This community key can be used by for encrypting network traffic between members of the same community with security. Traffic passing through the network switch is encrypted, but the community keys are not delivered via the switch and hence the switch an error in the switch does not compromise security.

Abstract: An encryption key module in a content providing server receives a request to stream electronic media data to the user device. The encryption key module identifies a predefined shared secret key corresponding to a key in a subscriber identity module (SIM) in the user device. The predefined shared secret key is used for encryption of data. The encryption key module encrypts the requested electronic media data based on the shared secret key and provides the encrypted electronic media data to the user device over a wireless network.

Abstract: A method of monitoring levels of security conformity and preparedness of a plurality of network connected computing machines, obtains a report by remotely scanning the machines in segments. The machines might already be connected to commercial security software and a patch dispenser. The report includes definition dates and any files quarantined by the commercial security software, patch-management-software communication present and the patches received. The method uses the report and software (not installed on the scanned machines) to produce a Network Security Scanner for Enterprise Protection output to perform a security-preparedness audit of the scanned machines. The audit non-intrusively ascertains. If the scanned machines conform to user-defined fields and policies, and assists in selective security updating of the machines. The scanning, unrecognized by the scanned machines may be configured to suit their OS, and done periodically as desired. A computer readable medium executing the method is included.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for runtime language-independent sandboxing of software. In one aspect, a system implements an extended Software Fault Isolation (SFI) software sandboxing system configured to provide a user-mode program interface for receiving runtime requests for modifying verifiably safe executable machine code. Requests can include dynamic code creation, dynamic code deletion, and atomic modification of machine code instructions. A runtime modification of a verifiably safe executable memory region is made in response to each received runtime request, and code within the modified memory region has a guarantee of safe execution.

Abstract: A method, system and computer program product related to an authentication security protocol, which associates a unique Abbreviated Session Identifier (ASI) with some application data packets transmitted, for example, from a client to a server. The present technology can be a modified version of the Transport Layer Security (TLS) protocol. A method of authentication comprises an initial setup comprising negotiating a secure network connection between client and server using TLS, providing a unique ASI by the server, associating the ASI with a TLS protocol session identifier, transmitting the unique ASI and the TLS protocol session identifier to the client, and establishing the secure network connection between the client and server. Subsequent data packets transferred between the client and server may include the unique ASI.

Abstract: A method and system for preserving privacy related to networked media consumption activity including: Source privacy zones are defined and associated with privacy standards. Privacy standards include frequency criteria governing the storage of datasets including information associated with networked media consumption activity collected from the source privacy zone. Transaction requests including a networking protocol address are received over a network from a client device at a target location by a networked privacy system. The source privacy zone associated with the client device is identified. Using the networking protocol address to access characteristics having characteristic value(s), a dataset can be created including associating the networked media consumption activity with the characteristic and characteristic value(s). The dataset is pre-processed to comply with the privacy standards. The networking protocol address is discarded.

Abstract: A method responsive to receiving a data from a computing device connected to the computer in a cloud computing system or data center, identifies a criteria associated with the computing device, responsive to identifying the criteria, determines whether the data is authorized for transmission to a storage in the cloud computing system or data center, and responsive to determining that the data is authorized for transmission to the storage, forwards the data to the storage.

Abstract: A new system for information sharing is described which uses human judgement to accelerate the flow of information, while simultaneously applying brakes to restrict the velocity. This combination results in a system where information is shared judiciously while minimizing the likelihood of information leakage or information overload. A built in monitor allows for the detection over time of sharing characteristics. Information in this system is stored on a server, however, is optionally encrypted in a fashion that makes it impossible for the server to actually see the information. Further innovations are also described including the ability to overlay incentive mechanisms to facilitate appropriate information sharing, and the notion of introducing automated bots into the system to augment human filter based information sharing.

Abstract: Method for operating a smart grid including a plurality of smart meters configured to monitor at least one physical measured quantity and to provide measurement results of the at least one physical measured quantity to a central entity, includes the following steps: partitioning the smart grid into groups of smart meters, such that each of the smart meters belongs to exactly one group, all smart meters of one of the groups encrypt their measured value by applying a bihomomorphic encryption scheme and send it to the central entity, one smart meter per group is designated as key aggregator to which all smart meters of that group send their key employed for the encryption, the key aggregator computes the aggregation of all received keys and sends the aggregated key to the central entity, the central entity aggregates all received encrypted measured values and decrypts the aggregation by employing the aggregated key.

Abstract: A method for locally authenticating a vehicle diagnostic tool with a vehicle using a challenge-response authentication scheme includes: receiving a pairing request from the vehicle diagnostic tool; presenting a user with a challenge through at least one of an audio system and an LCD display associated with the vehicle; receiving a response to the challenge from a user; and authenticating the vehicle diagnostic tool if the response from the user is identical to an expected response.

Abstract: Methods and systems for providing access to content are disclosed. The method is performed at least in part at a client computer system having a processor and memory. The method includes executing a host application associated with a first party. In some implementations, the host application is a media player. The method further includes initiating a secure communication channel between the host application and a server associated with the first party. The method further includes executing a supplemental application associated with a second party. The method further includes accessing, with the supplemental application, content licensed to the first party, wherein the licensed content is accessible to the supplemental application via the secure communication channel subject to terms of a licensing agreement. In some implementations, the content is media content, such as music, movies, and the like.

Abstract: A method and circuit for implementing conductive microcapsule rupture to generate a tamper event for data theft prevention, and a design structure on which the subject circuit resides are provided. A polymeric resin containing microcapsules surrounds a security card and a tamper sensor device provided with the securing card. Each microcapsule contains a conductive material. The conductive material of the microcapsule disperses onto the tamper sensor device on the security card responsive to the microcapsule being ruptured to create a change in resistance, reducing the resistance of a security mesh of the tamper sensor device. The microcapsules are more sensitive to pressure than a tamper mesh of the tamper sensor device and therefore rupture first, creating the change in resistance when dispersed onto the tamper sensor device. The resistance change is detected by the tamper sensor device and the security card is disabled to prevent data theft.