Abstract: Within a secure messaging environment, a determination is made that a request to send a message has been generated by a user. A message protection policy configured to process the message within the secure messaging environment is identified. The message protection policy specifies that, within the secure messaging environment, a secured digital certificate, other than a user-assigned digital certificate of the user, is configured with an associated private key to digitally sign the message on behalf of the user. Based upon the message protection policy, a determination is made to digitally sign the message using the private key of the secured digital certificate. The message is signed on behalf of the user using the private key of the secured digital certificate.

Abstract: In aspects of enhanced network access-control credentials, a network access device includes a network interface for data communication with network-connected devices via a network. The network access device implements an access control manager that receives a network access request from a requesting device to access the network, where the network access request includes authentication credentials. The access control manager can then modify the network access request to generate a modified network access request, and initiate communication of the modified network access request to an authentication server that authenticates the requesting device to the network based on the modified network access request.

Abstract: A computer-implemented method for assessing Internet addresses may include (1) identifying an Internet Protocol address, (2) identifying a plurality of files downloaded from the Internet Protocol address, (3) generating an aggregation of security assessments that relates to the Internet Protocol address and that may be based at least in part on a security assessment of each of the plurality of files, (4) determining a trustworthiness of the Internet Protocol address based at least in part on the aggregation of security assessments and (5) facilitating a security action based at least in part on the trustworthiness of the Internet Protocol address. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Methods for preventing the transmission of sensitive information to locations outside of a secure network by a person who has legitimate access to the sensitive information are described. In some embodiments, in order for an end user of a computing device to establish a secure connection with a secure network and access data stored on the secure network, a client application running on the computing device may be required by the secure network. The client application may monitor visual cues (e.g., facial expressions and gestures) associated with the end user, detect suspicious activity performed by the end user based on the visual cues, and in response to detecting suspicious activity may perform mitigating actions to prevent the transmission of sensitive information such as alerting human resources personnel or requiring authorization prior to sending information to locations outside of the secure network.

Abstract: Example embodiments of the systems and methods of multidimensional encrypted data transfer disclosed herein also introduce novel and unobvious methods to store and access information. In example embodiments of the systems and methods of multidimensional encrypted data transfer disclosed herein, a multidimensional data structure is developed. For example, at least one additional dimension is added to a 2D data structure. Data may be encoded within multiple facets. Example embodiments of the multidimensional encoding include non-limiting examples of stacking or providing images or tiles in a very short period of time and moving a 3-dimensional object in space. In one example application, a number of distinct 2D data structures are presented over a time period in a .gif file.

Abstract: The invention describes a system, method and computer product to regulate user access to websites. The system receives a URL request by a user corresponding to a website that the user wishes to access. Thereafter, the system determines the associated group of the user and the associated category of the website. Subsequently, a message to be displayed to the user is determined based on the associated group of the user and the associated category of the website. The message is included in a block page and then displayed to the user.

Abstract: Method and implementations for providing a secure data storage service in a cloud computing environment are generally disclosed. The method comprises: partitioning a data resource into data particles, assigning logic groups to the data particles, assigning physical storage groups to the data particles, and/or storing each physical storage group at corresponding storage resource, receiving a request for the data resource, determining whether the request for the data resource is valid, and if the request is valid, transmitting the data particles of the data resource to the client. The method enables improved security for accessing data, and also improves the user experience in cloud computing environments.

Abstract: A system and method of sending an e-mail message associated with a wireless device is provided. A request to forward or reply to an original e-mail message is sent from the wireless device to a server. The request contains one or more recipients and includes a message identifier of an original e-mail message. A portion indicator is provided for retrieving portions of the original e-mail message identified by the message identifier. An e-mail message is sent to the one or more recipients comprising any added user text and the one or more retrieved portions of the original e-mail message such that text of the original message that the user may not be aware is not forwarded to new recipients.

Abstract: A mobile communication device registers for data communication through a mobile communication network with a packet-based network. The device may or may not have a mobile device number, and registers using a fully-qualified-domain-name (FQDN) uniquely identifying the device in a domain-name-system (DNS) of the packet-based network. A packet-data-network gateway assigns a packet-based address for the device, and generates a request for registering the address with the FQDN in a DNS server. Alternatively, the device generates the packet-based address based on a received portion of the address, retrieves the FQDN from an identity module, and sends a DNS-Update message to the DNS server including the address and FQDN. Again alternatively, a DNS server receives an encrypted DNS update message including a FQDN and a packet-based address, and decrypts the message prior to registering the address and FQDN in a DNS database.

Abstract: An image processing apparatus includes a processor configured to assign image data a first restriction to restrict a first operation on the image date and a second restriction to restrict a second operation on the image data, an output unit configured to output the image data with the first restriction and second restriction, a restriction information storage unit configured to store therein a preset first password to allow the first operation and a preset second password allow the second operation, an entry unit configured to prompt a user to enter a new first password to allow the first operation and a new second password to allow the second operation, and a selector configured to allow the user to select the preset passwords or the new passwords to be used for the assignment of the first restriction and the second restriction to the image data by the processor.

Abstract: Disclosed are various embodiments providing a portable wireless communication device that includes a secure element configured to route a set of input/output (I/O) channels to host processing circuitry of a mobile communication device. The secure element includes an application executable by the secure element, the application being configured to obtain a policy via an I/O channel of the set of I/O channels. The application is further configured to prevent the host processing circuitry from accessing data corresponding to at least a portion of the set of I/O channels according to the policy.

Abstract: A first network device is configured to receive information regarding a quality of service application that is part of an application stored on a device. The first network device is configured to further receive a request for a network to apply the level of quality service to the application stored on the device. The first network device is configured to further send an authorization request to the second network device. The first network device is configured to further receive an authorization result from the second network device. The first network device is configured send a first message to a third network device and receiving a response from the third network device that the level of quality of service is applied to the information; and send a message to the provider that the level of quality of service is applied to the information.

Abstract: A mobile communications device may include a near field communications (NFC) device, an input device configured to generate a memory wipe command, a memory, and a memory controller coupled with the NFC device, the input device, and the memory. The memory controller may be capable of receiving secure data from a provisioning server to the memory, receiving wiping instruction data from the provisioning server to the memory for wiping the secure data from the memory, and wiping the secure data from the memory based upon the memory wipe command and the received wiping instruction data.

Abstract: In various example embodiments, a system and method for providing policy-based authentication is provided. In example embodiments, a request to access and sign a document is received from a device of an intended signer. A policy assigned to the intended signer is determined. Based on the policy, a determination is made whether an authentication mechanism is applicable to the intended signer. In response to the determining that the authentication mechanism is applicable to the intended signer, the intended user is required to perform the authentication mechanism. The intended user is provided access to view and sign the document based on the intended user satisfying the authentication mechanism.

Abstract: A sever receives data from a sender to be dispatched to a recipient. Before dispatching the data to the recipient the server sends a message to the sender's email address requesting a response which will confirm the sender's authorship of the data. Upon receiving the confirmation about sender's authorship of the data, the server transmits the data together with an identification of the sender to the recipient.

Abstract: A protection relay installed at a power system and a network system including the protection relay are disclosed, the protection relay storing a security level of a plurality of systems or a plurality of source addresses, instructing whether to short-circuit a power by checking a security level of a data-transmitting system based on a security level stored in a security level setting device, or instructing whether to short-circuit a power by comparing the source addresses included in the data with the plurality of source addresses.

Abstract: A method and apparatus for secured data transmission is provided. The base station determines a first precoding matrix based on channel information of an eavesdropper. The base station determines a second precoding matrix and a third precoding matrix. The base station generates the secure data by precoding first user data for a target user with the first precoding matrix and the second precoding matrix. The base station transmits the secure data signal to the target user. The second precoding matrix is determined based on the first precoding matrix and the first channel information. The third precoding matrix is determined based on the first channel information and the second channel information.

Abstract: An improved technique employs knowledge-based authentication (KBA) based on data stored in a mobile apparatus. The mobile apparatus collects data from sources including email data, web browsing data, accessed YouTube video data, and GPS location data recently stored in the mobile apparatus. From such data, the mobile apparatus builds questions and stores the questions on a database on the phone. Upon receiving a request to access a resource stored in the mobile apparatus from a user, the mobile apparatus selects questions at random and ranks them according to a policy accessible to the mobile apparatus. The mobile apparatus presents the highest-ranked questions to the user. The mobile apparatus grants or rejects access to the resource based on an authentication result that the mobile apparatus generates from answers to the questions submitted by the user.

Abstract: A system, methods, and apparatus for validating communications in an open architecture system are disclosed. In an example embodiment, a method includes selecting transactional information to transmit from a server to a communicatively coupled client device based on a request from the client device, selecting presentation information corresponding to the transactional information to transmit from the server to the client device, transmitting at least one message including the presentation and transactional information from the server to the client device, determining a prediction as to how the client device will render the transactional information based on the presentation information, receiving a response message from the client, and responsive to information in the response message not matching the prediction, providing an indication there is a malicious application affecting communications between the server and the client device.

Abstract: Application-driven interceptor module enables offline playback of Digital Rights Management (DRM) protected content to work in a same way as online playback. Communications with the DRM module are intercepted by the application-driven interceptor that is aware of the client device's network connection status. When the interceptor application determines that the client device is offline, requests for the protected content, and license/key to the protected content may then be managed by the interceptor application. In one embodiment, the interceptor application may retrieve requests for the key/license from a locally protected data store, and provide the key/license to the DRM module. In this manner, the DRM module may be unaware that its messages are being intercepted, and may then operate the same, unaware of whether or not the client device is online or offline.