Abstract: Wireless pairing is automatically performed based on purchase. By providing a unique identifier of a cellular customer, a wireless device may be automatically paired to a residential wireless network. A central database, for example, may store networking credentials associated with residential wireless networks. When the cellular customer purchases the wireless device, a server may query the central database for a cellular telephone number associated with the cellular customer. The server may thus retrieve the networking credentials that are associated with the cellular telephone number.

Abstract: A method and system for evaluating and enforcing a data flow policy at a mobile computing device includes a data flow policy engine to evaluate data access requests made by security-wrapped software applications running on the mobile device and prevent the security-wrapped software applications from violating the data flow policy. The data flow policy defines a number of security labels that are associated with data objects. A software application process may be associated with a security label if the process accesses data having the security label or the process is in communication with another process that has accessed data having the security label.

Abstract: Provided is a document managing apparatus that can eliminate the complexity of operation related to designation of confidential information, and yet reliably prevents leakage of confidential information. First, a receiving circuit receives target files from a client terminal. Therefore, a file managing circuit manages, of the received target files, a file that is designated as confidential, having been subjected to output restriction, as a confidential designated file. In addition, the file managing circuit manages a file that is not designated as confidential, as a user file. In addition, the file analyzing circuit compares the user file with the confidential designated file. If the content of the user file is similar to the content of the confidential designated file at a rate equal to or higher than a certain value (for example, 80%), the file analyzing circuit applies output restriction to the user file.

Abstract: An apparatus includes an aggregation module that is associated with a first network core and that is operatively coupled to a second network core and a third network core. The aggregation module is configured to receive a first copy of an access point license that authorizes access to a network via an access point and the second network core. The aggregation module receives the first copy of the access point license from the second network core in response to an installation and validation of the access point license on the second network core. The aggregation module is configured to send a second copy of the access point license to the third network core that authorizes a device to access the network via the access point and via the third network core in accordance with the access point license and in response to a failure of the second network core.

Abstract: A method for routing IP packets with IPSec AH authentication is disclosed. The method includes locating overlay edge routers between private domains and their associated NAT routers. Outbound packets from a source private domain are modified by its overlay edge router to include IPSec AH authorization data computed using IP source and destination addresses that match a packet's final source and destination IP address upon final NAT translation immediately prior to delivery to a host of a destination private domain.

Abstract: Methods and systems for authenticating a user are described. In some embodiments, an authentication request including biometric information collected from a user is received. The user may be authenticated using a first authentication system by comparing characteristics generated from the biometric information with characteristics of previously collected biometric information. The biometric information collected from the user during the authentication request may be used to automatically enroll the user into a second authentication system.

Abstract: A method and system self encrypts a disk storage device. Given a plurality of data storage devices, the system establishes an encryption key for the plurality of data storage devices. The system locally stores the encryption key in a piecewise manner throughout the plurality of data storage devices such that the encryption key is rendered undeterminable with less than a threshold subset of the plurality of data storage devices. This results in the plurality of data storage devices being self encrypting. Upon an increase or decrease in the plurality, the system resplits the encryption key and locally stores the resulting pieces throughout the changed (increased/decreased) plurality of data storage devices. This renders the encryption key undeterminable with less than a new or revised threshold each time the plurality is changed.

Abstract: A communication apparatus includes a communication unit that connects with an external device in a one-to-one relationship, the external device storing certificate information required for connection with a network; an acquisition unit that acquires the certificate information from the external device connected with the communication unit; and a connection request unit that sends a request for connection with the network to a communication management device, the request including the certificate information acquired by the acquisition unit, so that the communication management device determines whether to permit the connection with the network in response to the request received from the communication apparatus.

Abstract: Embodiments contemplate techniques and devices for allocating IP addresses for MTC devices, transmitting and receiving SMS using the allocated IP addresses. The MTC device may be allocated with an IP address without activating a packet data protocol (PDP) context. In addition, after the IP address has been allocated, SMS messages may be transmitted from and to MTC devices using the IP address.

Abstract: Embodiments of the invention broadly described, introduce systems and methods for enabling the searching of encrypted data. One embodiment of the invention discloses a method for generating a searchable encrypted database. The method comprises receiving a plurality of sensitive data records comprising personal information of different users, identifying one or more searchable fields for the sensitive data records, wherein each searchable field is associated with a subset of the personal information for a user, generating a searchable field index for each of the one or more searchable fields, and encrypting the sensitive data records using a database encryption key.

Abstract: In an embodiment, a computing system, such as a monitoring computer, receives a request from a user to monitor an account of the user with an online service provider. The request may include personal information and user preferences for one or more protective actions. The system periodically monitors external data sources for indications of changes to personal information associated with the account, and detects changes or attempted changes to personal information associated with the account. The system may determine risk levels associated with detected changes or attempted changes, and transmit a notification to the user via a communication channel selected based on the determined risk level and/or the user preferences. The system may also initiate protective actions, so that further unauthorized access to the account may be prevented.

Abstract: A method, device and system for establishing plural modes of operation on a mobile device, including: associating each application on the mobile device with one of a plurality of modes; and restricting access to data on the mobile device to only a subset of applications based on the mode associated for the each application. A system includes connection of an untrusted device to a trusted device and restricting data access for restricted data to a subset of trusted applications on the untrusted device.

Abstract: A new enrollee device is configured for a communication network using an electronic device and a network registrar. The new enrollee device is a headless device that lacks a first user interface for configuring the new enrollee device for the communication network. The electronic device obtains, at a sensor, sensor information that is indicative of a device key associated with the new enrollee device. The electronic device determines the device key based on the sensor information. The device key is provided to the network registrar to cause the network registrar to configure the new enrollee device for the communication network.

Abstract: Execution of an obfuscation application may cause a computing device to translate bits of a hashed value according to a sparse bit selection pattern, the sparse bit pattern including a translation of bits of the hashed value into reordered bit unit groupings sized according to a numeric base of a digit cypher; and generate an obfuscated value using the translated bit unit groupings of the hashed value as indices into the digit cypher, the digit cypher including a mapping of the indices to output values in the numeric base. The obfuscation application may further cause the device to receive a target value to be obfuscated in data records received from a data source, hash the target value using a hashing module to create the hashed value, in some cases truncate the hashed value, and replace the target value in the data records with the obfuscated value.

Abstract: An authority delegate system, including a server system which provides a service to a device having an application, and an authorization server system which performs authorization processing to delegate user authority in the service to a usage source of the service, includes a management unit, and a providing unit. The management unit identifies authority of the application, in accordance with having received a request to register the application as the usage source, and manages the identified authority, and an identifier of the application, in an associated manner. The providing unit provides the service, in a case where an authorization operation has been performed to permit delegating of the user authority to the application transmitting a request to use the service, and an authority which the application uses is included in authorities associated with the identifier of the application.

Abstract: According to an embodiment, a quantum key distribution device includes a key sharing unit, a correcting unit, a compressor, and a controller. The key sharing unit is configured to generate a shared bit string by using quantum key distribution performed with another quantum key distribution device via a quantum communication channel. The correcting unit is configured to generate a corrected bit string through an error correction process with respect to the shared bit string. The compressor is configured to generate an encryption key through a key compression process with respect to the corrected bit string. The controller is configured to perform a restraining operation in which the total number of bits of encryption keys generated per unit time by the compressor is smaller than the total number of bits of the encryption keys generated per unit time by the compressor in the case of not performing the restraining operation.

Abstract: Methods and apparatus for preventing unauthorized access to online content, including in particular streaming video and other media, are provided. In various embodiments, techniques are provided to authorize users and to authenticate clients (e.g., client media players) to a content delivery system. The content delivery system may comprise a content delivery network with one or more content or “edge” servers therein. The requesting client is sent a program at the time of content delivery. The program may be embedded in the content stream, or sent outside of the stream. The program contains instructions that are executed by the client and cause it to return identifying information to the content delivery system, which can then determine whether the client player is recognized and, if so, authorized to view the content. Unrecognized and/or altered players may be prevented from viewing the content.

Abstract: A processor includes an input-circuit and a Simon block cipher. The Simon block cipher includes a data transformation circuit, a constant generator, and a key expansion circuit. The data transformation circuit includes logic to shift content of data storage registers. The key expansion circuit includes logic to determine a round key based upon an input symmetric key and data input, a previous round key, and a value from the constant generator. The constant generator includes logic to output a successive one of a list of constants each clock cycle, and to store the outputted constants in storage units. The number of storage units is less than the size of the list of constants.

Abstract: A method, computer readable medium and apparatus for obtaining cellular network load information in a secure manner are disclosed. For example, the method receives the cellular network load information, where the cellular network load information is encrypted. The method then decrypts the cellular network load information using a decryption key and performs a task responsive to the network load information that is decrypted.

Abstract: An improved technique involves providing protection of secrets by splitting the secret into secret shares and providing tokens for each secret share. Along these lines, a terminal splits a secret such as a credit card number into shares. The terminal then transmits each share to a separate and distinct token server. Each token server, upon receiving a secret share, generates a corresponding token and sends that token to an application server. In some cases, when a user at the application server requires access to the secret, the application server sends each token to the token server form which the token was generated. The token servers each send, in return, a secret share to the application server. The application server combines the secret shares to recover the secret.