Abstract: A system enables intermediary communication components to carry out cross enterprise communication. At a first sending enterprise the system comprises: a processor executing code to: receive a signed encrypted message from a sender within a first enterprise; validate the sender; decrypt the message; encrypt the message for receipt by a second enterprise; sign the encrypted message by the first enterprise; and send the re-signed re-encrypted message to a second enterprise. At the second receiving enterprise, the system comprises a processor executing code to: receive a signed encrypted message from a first enterprise; validate that the first enterprise is the sender; decrypt the message; encrypt the message for receipt by recipients at the second enterprise; sign the encrypted message by the second enterprise indicating that the message is from the first enterprise; and send the re-signed re-encrypted message to the recipients of the second enterprise.

Abstract: A method and system of enabling slave software applications from a portable device via a vehicle interface system. The vehicle includes a first communication channel for exchanging data communications between the portable device and the vehicle interface system and a second communication channel configured to transmit video to the vehicle interface system. A mutual authentication is performed between the portable device and the vehicle interface system using the first communication channel based on identifying the portable device as an entity authorized to execute approved slave software applications. The portable device is authenticated over the second communication channel for verifying that the portable device is the authorized entity to transmit video over the second communication channel. The video is transmitted to the vehicle interface system over the second communication channel conditioned upon a successful authentication of the portable device over the second communication channel.

Abstract: The embodiments of the present invention relate to apparatuses, in terms of a client device (110) and a server (120) and to methods in the client device (110) and in the server (120) respectively for enabling a user to consume content provided by a content provider. According to the method in the client device (120) the method comprises: assembling a request for rights for consuming a content and indicating in the request which content to consume; determining if an upgrade key, associated with the content, is present in the client device; including, in such a case, in the request, an identifier of the upgrade key that is associated with the content, sending the request to the content provider; receiving, a response comprising an encrypted rights object; decrypting the encrypted rights object and starting to use the rights object for consuming the content.

Abstract: An access control method for a wireless client in a wireless communication system is disclosed. The access control method comprises receiving a distinguish signal from a wireless key distributor when the wireless client approaches the wireless key distributor; activating a application unit of the wireless client upon reception of the distinguish signal, wherein the application unit is associated with the distinguish signal; sending an access information request to the wireless key distributor; receiving access information from the wireless key distributor; configuring the wireless client with the access information; and using the access information to access a wireless access appoint.

Abstract: A number of wireless networks are established by a network device, each wireless network having an identifier. Requests are received from client devices to establish wireless network sessions via the wireless networks using the identifiers. Network privileges of the client devices are segmented into discrete security interfaces based on the identifier used to establish each wireless network session.

Abstract: A method may include authenticating a node over layer 2 in a network based on authentication rules; sending a node authentication code to the node; and providing layer 3 network access based on the node authentication code.

Abstract: Methods and systems for authenticating a user device employ a database of global network latencies categorized and searchable by location and calendar date-time of day usage, providing network latency by geography and by time. The database is constructed using voluminous daily data collected from a world-wide clientele of users who sign in to a particular website. Accuracy of the latency data and clock skew machine identification is made practical and useful for authentications using a service provider-proprietary, stable reference clock, such as an atomic clock, so that internal clock jitter of a service provider performing authentications does not affect the network latency time and clock skew identification of user devices. Increased authentication confidence results from using the database for correcting network latency times and user device signatures generated from the clock skew identifications and for cross checking the authentication using comparisons of initial registration to current sign in data.

Abstract: Distribution of network processing load among a set of packet processing devices is improved by employing means for eliminating, controlling, or otherwise affecting redundant packet processing operations. In one embodiment, at least two packet processing devices are present, both capable of processing data packets flowing therethrough, such as, inspecting, detecting, and filtering data packets pursuant to one or more filters from a filter set. Redundancy is controlled by providing or enabling either or both of the packet processing devices with capability for detecting during its said inspection of said data packets that, for example, one or more filters had been previously executed on said data packets by the other packet processing device, and then not executing the previously-executed filters on said data packets.

Abstract: Described in detail herein are systems and methods for managing connections in a data storage system. For example, the systems and methods may be used to manage connections between two or more computing devices for purposes of performing storage operations on the data of one of the computing devices. The data storage system includes at least two computing devices. A first computing device includes an unauthorized connection data structure and a connection manager component. The connection manager component receives a connection request from a second computing device. If the second computing device is not identified on the unauthorized connection data structure, the connection manager component can request that an authentication manager authenticate the second computing device and/or determine whether the second computing device is properly authorized. If so, the connection manager component can allow the second computing device to connect to the first computing device.

Abstract: A payment processing system for accepting manually-entered payment-card numbers. Rather than entering a payment-card account number into an application module, the card number is instead captured and stored within a tokenizer prior to being sent to the application module. The tokenizer then returns a random token to the calling application as a pointer to the original payment-card number. The token has no algorithmic relationship with the original payment-card number, so that the payment-card number cannot be derived based on the token itself. Since the token is not considered cardholder data, the token may be used in an application module without the module or its connected hardware from being subject to regulatory standards compliance. Some embodiments involve browser-based schemes, and some embodiments involve PIN-entry device-based schemes.

Abstract: Systems and methods for managing a data incident are provided herein. Exemplary methods may include receiving data breach data that comprises information corresponding to the data breach, automatically generating a risk assessment from a comparison of data breach data to privacy rules, the privacy rules comprising at least one federal rule and at least one state rule, each of the rules defining requirements associated with data breach notification laws, and providing the risk assessment to a display device that selectively couples with the risk assessment server.

Abstract: Techniques are described for device locking with activity preservation at a specified level within a multi-level hierarchy of device states. Such locking enables a user to share a device with another user while specifying a particular level of access to the device, such as access to a particular class of applications, a specific application, or a specific task within an application. Determination of the authorized activity may be based on a currently active application, or on the particular user gesture. The level of functionality made available may be based on the number of times a user gesture is repeated. Gestures may include a selection of a hardware or software control on the device, issuance of a voice command, and the like.

Abstract: Systems and methods are described which provide handling and secure routing of an article of content in accordance with a code or instruction set identifier embedded in or associated with the article of content. In one aspect, the invention provides a content handling system that comprises a digital data store containing a plurality of instruction sets, each defining a content handling workflow. The system further includes a content handling engine in communication with the store, wherein the content handling engine identifies a code associated with an article of content and executes workflow processing in accordance with an instruction set associated with the code. In various embodiments, an article of content comprises digitally encoded information (e.g., containing one or more of text, image, audio, video, data, and PACS data) and/or information otherwise convertible to digital format (e.g., printed matter, images, film, and audio recordings).

Abstract: Operations or functions on a device may require an operational certificate to ensure that the user of the device or the device itself is permitted to carry out the operations or functions. A system and a method are provided for providing an operational certificate to a device, whereby the operational certificate is associated with one or more operations of the device. A manufacturing certificate authority, during the manufacture of the device, obtains identity information associated with the device and provides a manufacturing certificate to the device. An operational certificate authority obtains and authenticates at least a portion of the identity information associated with the device from the manufacturing certificate and, if at least the portion of the identity information is authenticated, the operational certificate is provided to the device.

Abstract: Trusted e-mail communication may be provided. A message source organization may be validated. When a message is received from the validated message source organization for a recipient organization, a determination may be made as to whether the recipient organization supports an attribution data extension. If so, the message may be transmitted to the recipient organization with an attribution element associated with the message source organization.

Abstract: A number of devices co-located at a geographic location can broadcast and receive tokens. Tokens can be exchanged using a communication link having limited communication range. Tokens that are received by a device can be stored locally on the device and/or transmitted to a trusted service operating remotely on a network. In some implementations, the tokens can be stored with corresponding timestamps to assist a trusted service in matching or otherwise correlating the tokens with other tokens provided by other devices. The trusted service can perform an analysis on the tokens and timestamps to identify devices that were co-located at the geographic location at or around a contact time which can be defined by the timestamps. A group can be created based on results of the analysis. Users can be identified as members of the group and invited to join the group.

Abstract: A data communication apparatus which is capable of preventing reception of undesired data by a destination without increasing the load on a network, etc. Data and a destination thereof are input. A sender ID related to a sender who sends the input data is input. The input data is sent to the input destination. A sender ID for data transmission to the input destination is permitted is stored as a permission ID. The input sender ID is collated with the stored permission ID. Whether to permit data transmission is determined according to the collation result.

Abstract: A method for activating functions of at least one tachograph having a control unit and an interface. The control unit is activated by a program to perform a first group of functions. First, a connection of an external storage medium to the interface of the at least one tachograph is established. The storage medium has at least one instruction for activating a function, which can be read out by the control unit. An authentication between the external storage medium and the control unit also takes place. The function associated with the at least one instruction is activated in such a way that the function is associated with the first group of the control unit. Next, the connection between the external storage medium and the interface of the at least one tachograph is released.

Abstract: A method and system provide dynamic communities of interest on an end user workstation utilizing commercial off the shelf products, with central management and the ability for a users to log on only once (also known as “single sign on” or “SSO”). The software images that make up the virtual machine can be patched and updated with other required changes from a central storage area where the image can be administratively updated just once. A digital signature can be applied to the software images to ensure authenticity and integrity, along with determining whether a software image is up to date.

Abstract: Provided are first monitoring unit 106a for monitoring whether service provision unit 102 has been called by an application, second monitoring unit 107a for monitoring whether a network access request is sent to a network, first access control unit 106b for controlling the network access request of the call detected by the first monitoring unit 106a, based on a security level assigned to the application program that has called the service provision unit, and second access control unit 107b for determining whether the first access control unit 106b has already performed access control on the network access request detected to have been sent by the second monitoring unit 107a, and, if the access control has been performed, controlling the network access request based on a security level assigned to the application program that has sent this network access request.