Abstract: Determination of a quantified identity using a multi-dimensional, probabilistic identity profiles is contemplated. The quantified identity may be used to authenticate a user entity provided to a point-of-sale device or other interface associated with identity requester in order to verify the corresponding users as who they say they are. The user identity may be determined initially as a function of user inputs made to the identity requester and/or as a function of wireless signaling exchange with devices associated with the user.

Abstract: The presently disclosed subject matter includes, inter alia, a separation module being operatively connectible to a network device operable to facilitate data communication in a communication network, the separation module being configured to control data communication in the communication network, the separation module being assigned with a network-id associating the separation module with a given network environment; the separation module being further configured to tag a data packet received by the network device from a first direction, in order to associate the data packet with a given network environment; and determine whether a tag, associated with a data packet received by the network device from a second direction, is compatible with the assigned network-id, and if it is, remove the tag from the data packet and allow transmission of the data packet.

Abstract: Deploying policy configuration across multiple security devices through hierarchical configuration templates is disclosed. In some embodiments, deploying policy configuration across multiple security devices through hierarchical configuration templates for configuring a plurality of security devices includes receiving at a first security device a hierarchy of templates from a central management server, in which the hierarchy of templates includes configuration information for a group of security devices, and in which the first security device is included in the group of security devices; and reconciling on the first security device's configuration information included in the hierarchy of templates and device specific configuration based on local configuration information, in which the first security device performs an object level reconciliation to maintain device configuration consistency.

Abstract: Denial-of-service attacks are prevented or mitigated in a cloud compute environment, such as a multi-tenant, collaborative SaaS system. This is achieved by providing a mechanism by which characterization of “legitimate” behavior is defined for tenant applications or application classes, preferably along with actions to be taken in the event a request to execute an application is anticipated to exceed defined workflow limits. A set of application profiles are generated. Typically, a profile comprises information, such as a request defined by one or more request variables, one or more “constraints,” one or more “request mappings,” and one or more “actions.” A constraint is a maximum permitted workload for the application. A request mapping maps a request variable to the constraint, either directly or indirectly. The profile information defines how a request is mapped to a workload to determine whether the request is in policy or, if not, what action to take.

Abstract: A communications device provides a biometric reader to authenticate users onto the communications device based on a single biometric input. The communications device maintains a local copy of the strong authentication credentials, such as a user identification and password, and the biometrics which were previously input by users of the communications device. Then, rather than requiring re-entry of the strong authentication credentials to authenticate (or re-authenticate) these users onto the communications device, the communications device is able to authenticate the users based on the input of the appropriate biometric. When a biometric input is received, the communications device identifies the locally stored strong authentication credentials that is associated with the input biometric, and uses the locally stored strong authentication credentials to authenticate the user.

Abstract: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host.

Abstract: Improvement of the security of communication is facilitated. A server receives from an on-vehicle device, encrypted data obtained by encrypting ECU information using key information (111-1#C), and identification information (112-1#C). Thereafter, the server determines from the identification information (112-1#C), whether identification information of a next key to be used after identification information (112-1) is stored. The server determines that the identification information of the next key to be used after the identification information (112-1) is not stored, and obtains key information (111-2#S) and identification information (112-2#S) to identify key information (111-2) as the next key. The server encrypts the key information (111-2#S) and the identification information (112-2#S) using key information (111-1#S), and transmits encrypted data and identification information (112-1#S) to the on-vehicle device.

Abstract: Methods, systems, and apparatus for managing labeling privileges. In one aspect, a method includes receiving label data defining a label to be associated with an image of a first user in a photograph, the first user identified by a first user identifier and the label data associated with a submitting user identifier; accessing data defining labeling privileges for the first user identifier, the labeling privileges being for second users identified by respective second user identifiers, and the labeling privileges defining, for each second user, a labeling privilege for the second user to label an image of the first user in a photograph; determining whether the submitting user identifier is included in the second user identifiers; in response to determining that the submitting user identifier is included in the second user identifiers: determining the labeling privileges for the user identified by the submitting user identifier, and processing the label accordingly.

Abstract: Customers accessing resources or services in a multi-tenant environment can obtain assurance that a provider of that environment will honor only requests associated with the customer and will reject any requests that might have been tampered with or otherwise falsely generated. Various endpoints or interfaces can be used, which can be located in the multi-tenant environment, in a customer environment, or in a separate location. These endpoints or interfaces can sign unsigned requests, or otherwise increase the credentials of a signed request, on behalf of a customer. In some embodiments, additional metadata can be added that can increase the authentication level of the requests. Such an approach can enable a customer to provide or delegate access to the resources without exposing the credentials outside a secure environment.

Abstract: Embodiments of the present invention address delivery of content, including advertising, in an online or networked digital environment. Undesirable content or content that needs to be removed from the digital environment may be eliminated through invocation of a ‘kill switch’ that terminates further delivery of the aforementioned content. The ‘kill switch’ may also eliminate certain instantiations of that content already delivered to end-user client devices. In order to lessen the need for termination of content following delivery to the digital environment, content developers and content providers may view content scheduled for delivery in digital environment ‘mock ups’ prior to actual delivery. Content developers and content providers, too, may control certain attributes related to content scheduled for delivery to further obviate post-delivery termination or modification.

Abstract: A system that incorporates teachings of the present disclosure may include, for example, a digital video recorder (DVR) having a controller to record video content supplied by a media communication system, establish a threshold for utilization of a memory resource of the DVR, detect a utilization of the memory resource that exceeds the threshold, generate a notice describing the utilization of the memory resource at or after the time the threshold was exceeded, identify a communication identifier associated with a portable communication device, transmit the notice to the portable communication device according to the identified communication identifier, and receive a response message from the portable communication device that includes one or more instructions to manage the memory resource of the DVR. Other embodiments are disclosed.

Abstract: An encrypted cached content system includes a user IHS, a content provider IHS, and a caching IHS. The caching IHS includes a caching engine that is configured to receive a content request from the user IHS. The caching engine generates a user-side key using content identifying information in the content request, and forwards the content request to the content provider IHS over a network as a content partial information request. In response to receiving a content partial information response from the content provider IHS over a network, the caching engine generates a content-provider-side key using header information in the content partial information response. The caching engine performs a hashing operation on the content request using a combination of the user-side key and the content-provider-side key to produce a hashed content request, and uses the hashed content request to retrieve content from the cache.

Abstract: A virtual machine system that restricts use of confidential information only to the case where an authentication has resulted in success. The virtual machine system includes first virtual machine, second virtual machine, and hypervisor. The first virtual machine includes: storage unit storing confidential information; and authentication unit configured to perform authentication and notify the hypervisor of result of the authentication. The second virtual machine uses virtual device that is virtualized storage device. When having received authentication result indicating authentication success from the authentication unit, the hypervisor enables the second virtual machine to access, as substance of the virtual device, storage area storing the confidential information, and when not having received the authentication result indicating the authentication success from the authentication unit, the hypervisor disables the second virtual machine from accessing the storage area storing the confidential information.

Abstract: A method of transmitting a document from a computing device to a printing device using a document server comprising, at the server, receiving user credentials from a user of an authorized computing device, receiving encrypted data defining the document from the authorized computing device, receiving information indicating the intended recipients of the data, receiving user credentials from an authorized printing device, and delivering the encrypted data to an authorized recipient.

Abstract: Provided is a re-encryption system. The re-encryption system includes a replacement key generation unit. The replacement key generation unit receives a master key owned by a manager, an allowable decryptor set before change, and an allowable decryptor set after change. The re-encryption system generates and outputs a replacement key to convert a ciphertext which can be decrypted with a secret key of a decryptor belonging to the allowable decryptor set before change to a ciphertext which can be decrypted with a secret key of a decryptor belonging to the allowable decryptor set after change.

Abstract: A method of securing user credentials in a remote repository is provided. In accordance with one embodiment, there is provided a method comprising generating a first private key and a first public key pair from a registered password; generating a second private key and a second public key pair; generating a storage key from the second private key and the first public key; encrypting a set of credentials using the storage key; creating a encrypted credential signature from the encrypted set of credentials and the first private key; and storing the encrypted set of credentials, the encrypted credential signature, and the second public key in the remote repository.

Abstract: A display device and a method for controlling the same are disclosed.

Abstract: Denial-of-service attacks are prevented or mitigated in a cloud compute environment, such as a multi-tenant, collaborative SaaS system. This is achieved by providing a mechanism by which characterization of “legitimate” behavior is defined for tenant applications or application classes, preferably along with actions to be taken in the event a request to execute an application is anticipated to exceed defined workflow limits. A set of application profiles are generated. Typically, a profile comprises information, such as a request defined by one or more request variables, one or more “constraints,” one or more “request mappings,” and one or more “actions.” A constraint is a maximum permitted workload for the application. A request mapping maps a request variable to the constraint, either directly or indirectly. The profile information defines how a request is mapped to a workload to determine whether the request is in policy or, if not, what action to take.

Abstract: An authentication method is provided which is capable of performing message authentication within an allowable time regardless of the magnitude of the number of messages and performing message authentication high in accuracy within a range for which the allowable time allows. Upon transmission by wireless communications with another mobile or a fixed station, a message authentication code of communication data and a digital signature are generated (S200 and S300). The generated message authentication cod and digital signature are transmitted with being added to the communication data. Upon reception, whether authentication should be done using either one of the message authentication code and the digital signature included in received information is determined according to its own state for the authentication (S400 and S500). This state includes, for example, a load state of a central processing unit or the like that performs an authentication process.

Abstract: Described herein are methods, systems, and software for encrypting and erasing data objects in a content node. In one example, a method of operating a content node that caches content divided into one or more data objects includes encrypting the one or more data objects using separate encryption keys for each of the one or more data objects, the separate encryption keys comprising a common portion shared by the one or more data objects and an individualized portion unique to each data object. The method further provides receiving a purge request to erase at least one data object and, responsive to the purge request, erasing at least one of the common portion or the individualized portion for the at least one data object based on the purge request.