Abstract: A system and method for securely storing, retrieving and sharing data using PCs and mobile devices and for controlling and tracking the movement of data to and from a variety of computing and storage devices.

Abstract: A computer-implemented method to provide voice-over-internet protocol (VoIP) credentials to a device may include receiving, at a system, first credentials from a device. The method may also include authenticating the device using the first credentials and after authenticating the device, obtaining, at the system, a device identifier for the device based on the first credentials. The method may further include establishing a connection between the system and a VoIP system configured to provide VoIP services and after establishing the connection, providing, from the system, the device identifier to the VoIP system. The method may also include receiving, at the system, VoIP credentials for the device. In some embodiments, the VoIP credentials may be configured to authenticate the device with the VoIP system such that the device is able to receive the VoIP services from the VoIP system. The method may further include providing the VoIP credentials to the device.

Abstract: A system, method and computer program product are provided for sending information extracted from a potentially unwanted data sample to generate a signature. In use, information is extracted from a portion of a sample of potentially unwanted data. Further, the information is sent to generate a signature.

Abstract: Approaches utilize image information to not only identify a user, but also verify that the user is actually a physical person and not a false representation of that user. For example, a computing device can utilize image information with a facial recognition process in order to verify an identity of a current user of the device. A fingerprint or other verification metric can be generated from the image information and can be used to verify that the user is actually a physical human user instead of a representation (e.g., photo) of a human user. The fingerprint can include a number of cues, such as a shape of the face, a stereo disparity signature of the face, facial feature movement, as well as a presence of a human pulse. The cues can be combined and utilized for authenticating a user into the device as well as for verifying that the user is actually a physical person and not a false representation of that user.

Abstract: Systems and methods for securing or encrypting data or other information arising from a user's interaction with software and/or hardware, resulting in transformation of original data into ciphertext. Generally, the ciphertext is generated using context-based keys that depend on the environment in which the original data originated and/or was accessed. The ciphertext can be stored in a user's storage device or in an enterprise database (e.g., at-rest encryption) or shared with other users (e.g., cryptographic communication). The system generally allows for secure federation across organizations, including mechanisms to ensure that the system itself and any other actor with pervasive access to the network cannot compromise the confidentially of the protected data.

Abstract: An electronic device receives data associated with at least one biometric detected by a sensor of a remote control device. The biometric may be at least one fingerprint, retinal scan, facial image, and/or any other biometric. A profile for a user associated with the data is determined out of a number of possible profiles based on the data. The electronic device is then configured in one or more ways according to the determined user profile. Such configuration may include any way that the electronic device may be personalized and/or otherwise altered. In this way, an electronic device may provide a personalized experience for a number of different users without burdening and/or annoying the respective users.

Abstract: The present invention is notably directed to a method for enabling a computer (101) to boot from a user trusted device (10), the user trusted device (10) comprising a connection interface (12) enabling connection (S2) with said computer (101), the method comprising: enabling (S3) said computer (101) to start booting from the user trusted device (10) upon connection (S2) of the user trusted device with said computer (101) via said connection interface (12); instructing a processor (105) of the computer (101) to execute (S7) virtualization sensitive code and issue (S8) completion data upon completion of execution, which completion data depends on the virtualization sensitive code and its execution by the processor (105); determining (S9-S14), based on said completion data, whether the execution was not performed in a virtualized environment; and enabling (S15) said computer (101) to complete booting from the user trusted device (10) upon determining that the execution was not performed in a virtualized environm

Abstract: A method for operating a mobile device, not assigned to a motor vehicle, via an electronic device with a display and operator control device of the motor vehicle is made available. The program has program parts for a user interface and for operator control sequences which are assigned a digital certificate. The user interface comprises fixed areas for displaying variable contents. The program parts are transmitted together with the digital certificate to the electronic device of the motor vehicle and are carried out when the certificate is successfully checked. The transmission of data without protection by a digital certificate is restricted to the variable contents for display in the fixed areas of the user interface.

Abstract: An encryption device comprises: a storage module for pre-storing an encryption key which is necessary for encryption processing; a pre-processing function unit which applies a pre-processing function to plaintext which converts an input value which in general may possibly not have a uniform distribution to an output value which has a uniform distribution; and an encryption unit which outputs encrypted text which is obtained by encrypting by order-preserving encryption, using the encryption key, the plaintext to which the pre-processing function is applied, and in which an order is maintained. This pre-processing function adds an arbitrarily selected random number to a value which is obtained by inputting an input value into a cumulative probability distribution function of an integer set with which the input value is associated, and treating same as an output value.

Abstract: Events are securely packaged and transmitted from peripherals of terminals and from secure input/out modules (SIOMs) of terminals. The events are collected and mined in real time for security risk patterns and dynamic remedial actions are pushed back down to the terminals, peripherals, and SIOMs.

Abstract: A computer implemented method, server computer and computer program for securely storing a data file via a computer communication network. The method includes: providing a computer device of a user with code for providing a unique user name for the user; asking the user for a password; generating an asymmetric key pair for the user having one public key and one private key; encrypting the private key via the hash of the password; generating a file-specific symmetric key specific for the data file; encrypting the data file via the file-specific symmetric key; encrypting the file-specific symmetric key via the public key of the user; where the code is executed by a web browser on the computer device. The server is then receiving the encrypted data file, the encrypted file-specific symmetric key, the encrypted private key of the user and the public key of the user from the computer device.

Abstract: Disclosed are system and method for distributing antivirus records to user devices. An exemplary method includes collecting, by a server, statistics on the use of antivirus records; calculating a coefficient of effectiveness of each antivirus record based on the statistics; identifying one or more most effective antivirus records whose coefficients of effectiveness exceed a predetermined effectiveness threshold; identifying one or more less effective antivirus records whose coefficients of effectiveness do not exceed the predetermined effectiveness threshold; transmitting identified most effective antivirus records to a plurality of user devices for storage in antivirus databases of the user devices; receiving, from the user devices, one or more less effective antivirus records removed from the antivirus databases of the user devices; and storing the received less effective antivirus records in an antivirus database of the server if said antivirus records were not in the antivirus database of the server.

Abstract: A method for authenticating a user seeking access to first and second resources that have different authentication levels. The method includes receiving a primary token that is associated with a first authentication event of the user and authenticates the user to access the first resource, and receiving a first request to access the second resource. The method further includes receiving first credentials of the user. The method further includes, responsive to validating the first credentials, generating a second authentication event, associating the second authentication event with the primary token, and issuing a first secondary token that authenticates the user to access the second resource.

Abstract: A method begins with a managing unit establishing an access policy that designates, for a first group of user devices, a first read time window and a first write time window. The method continues with a storage unit receiving an access request from a user device. The method continues with the storage unit determine whether the access request is received within the first read time window or whether the access request is received within the first write time window. The method continues with the storage unit generating a read response that includes encoded data slices when the access request is a read request and is received within the first read time window. The method continues with the storage unit processing the write request to store encoded data slices when the access request is the write request and is received within the first write time window.

Abstract: A request, from a requester, is received to view user information on a user's personal site associated with a user. A relationship is determined between the requester and the user. User information is provided to the requester based on the requester's relationship to the user.

Abstract: Solution for autonomously securing the use of a portable drive with a computer network. A data store is written and maintained that contains entries corresponding to a plurality of portable drives initialized for use with the computer network, each entry corresponding to at least one identifiable drive. Events are monitored as they occur on the computer network involving use of each of the plurality of portable drives. Predefined security policy determination criteria is applied, which can include drive mobility assessment criteria and drive content sensitivity criteria, to determine a drive-specific security policy for each one of the plurality of portable drives. A set of at least one policy enforcement action is executed that corresponds to a determined drive-specific security policy in response to detected usage activity for each one of the plurality of portable drives.

Abstract: Disclosed is an authentication system and method. The authentication system according to one embodiment of the present disclosure comprises a transceiver for receiving an authentication request including a client-side OTP and encoded account information from a client, and transmitting the result of the authentication performed in accordance with the authentication request to the client; a decoder for decoding the encoded account information so as to compute the account information of the client and an authentication request time; a server-side OTP generator for generating a server-side OTP using the computed account information of the client and authentication request time; and an authenticator for comparing the client-side OTP included the authentication request and the server-side OTP in order to authenticate the client.

Abstract: Embodiments are directed toward transparent denial of service protection. Instruction set information that references a seed file may be communicated to a client computer. A network packet key may be generated based on the instruction set information or encrypted and provided by a server. A client computer may generate a client network packet key based on the instruction set information provided by the network computer and a seed file installed on the client computer. The client computer may include the client network packet key the one or more network packets that it is sending to the network computer before they are provided to the network computer. A packet rule that includes the network packet key may be generated and installed in a packet inspection engine. If network packets are received, the packet inspection engine compares the network packet key to the network packets using the packet rule.

Abstract: The various aspects provide a system and methods implemented on the system for generating a behavior model on a server that includes features specific to a mobile computing device and the device's current state/configuration. In the various aspects, the mobile computing device may send information identifying itself, its features, and its current state to the server. In response, the server may generate a device-specific lean classifier model for the mobile computing device based on the device's information and state and may send the device-specific lean classifier model to the device for use in detecting malicious behavior. The various aspects may enhance overall security and performance on the mobile computing device by leveraging the superior computing power and resources of the server to generate a device-specific lean classifier model that enables the device to monitor features that are actually present on the device for malicious behavior.

Abstract: Systems and methods of the present invention provide for one or more server computers communicatively coupled to a network and configured to: receive a request for the change key from a registrant of the domain name; generate the change key comprising a random string not stored on the server computer; identify the timeout period within the database; transmit the change key to: a contact for the registrant; and a domain name registry; determine whether the change key is received by the server computer during the timeout period; and if so, update the domain name.