Abstract: A method for protecting encoded data from algebraic manipulation includes receiving a data word s?Kd to be protected, randomly selecting two integers a ?{0, . . . , q?1} and b ?{0, . . . , ?q?1}, finding a point (?, ?) on a Hermitian curve over a field Fq that corresponds to the randomly selected integers (a, b) from a mapping (a, b)(?, ?)=(ua, ua?q+1z+vb), where u a := { 0 if ? ? a = 0 , ? 1 a - 1 otherwise , ? V b := { 0 if ? ? b = 0 , ? 2 b - 1 otherwise , and z is an element of the field Fq of unit trace, and where ?1 is a fixed primitive element of the field Fq and ?2 is a primitive element of a field F?q?Fq, and calculating a sum fs(?, ?)=?id+1?jd+1+?k=1d?ik?kjk for a set of d+1 integers pairs I ={(ik,jk)}k=1d+1, where the encoded word is a triple (s, (?, ?),fs(?, ?)).

Abstract: Apparatus and method for providing data security through cascaded encryption. In accordance with various embodiments, input data are encrypted in relation to a first auxiliary data value to provide first level ciphertext. The first level ciphertext are encrypted using a second auxiliary data value associated with a selected physical location in a memory to produce second level ciphertext, which are thereafter stored to the selected physical location. In some embodiments, migration of the stored data to a new target location comprises partial decryption and re-encryption of the data using a third auxiliary data value associated with a new target physical location to produce third level ciphertext, and the storage of the third level ciphertext to the new target physical location.

Abstract: A wireless communications system that regularly executes verification between an electronic key and an immobilizer ECU, and sends and receives deletion request signals unrelated to verification, between the electronic key and the immobilizer ECU. The sending and receiving of deletion request signals is executed at intervals between the regularly executed verifications.

Abstract: A method begins by a dispersed storage (DS) processing module dividing data into a plurality of data segments, encoding a data segment using a dispersed storage error encoding function to produce a set of encoded data slices, and generating slice names for each encoded data slice to produce a plurality of slice names. When a subset of encoded data slices of the set of encoded data slices is to be encrypted, the method continues with the DS processing module generating a master key, selecting a portion of the slice names for the subset of encoded data slices to produce a subset of selected slice name portions, generating a subset of encryption keys, encrypting the subset of encoded data slices using the subset of encryption keys to produce a subset of encrypted encoded data slices, and outputting the subset of encrypted encoded data slices to a dispersed storage network (DSN).

Abstract: An electronic device obtains a device password associated with the new enrollee device to be configured for a communication network. The device password is provided to a network registrar to cause the network registrar to configure the new enrollee device for the communication network. The network registrar performs an enrollment process based upon the device password and provides feedback to the electronic device to indicate whether or not the new enrollee device was successfully added to the communication network. Alternatively, when an electronic device detects the presence of a new enrollee device to be configured for the communication network, the electronic device generates a device password for the new enrollee device and provides the device password to the new enrollee device and to the network registrar, thereby causing the network registrar to initiate an enrollment process for the new enrollee device based upon the device password.

Abstract: A method and system for securing data transmitted between a client device and a server by obtaining input text at an intermediate module, processing the input text to obtain processed text, and transmitting the processed text to the server. Embodiments of the invention include securing data between a client device and a server by processing the input text at the intermediate module by applying an order-preserving transformation, the order-preserving transformation comprising: generating order information based on the input text, the order information indicative of a relative order of the input text within a set of possible input texts according to a collation rule.

Abstract: A policy is established comprising a condition having a multiphase attribute of a multiphase transaction. Phase specific policies are established for each phase in which the multiphase attribute may become known. The multiphase transaction is evaluated according to the phase specific policies at each phase of the multiphase transaction in which the multiphase attribute may become known until a policy decision of the policy is determined.

Abstract: A system including a time stamp module, an encryption module, and a packet generator module. The time stamp module is configured to generate a time stamp for a packet. The encryption module is configured to encrypt data using the time stamp and a security key. The packet generator module is configured to generate the packet. The packet includes (i) the time stamp in a header portion of the packet, and (ii) the encrypted data in a payload portion of the packet.

Abstract: Embodiments of the invention broadly described, introduce systems and methods for enabling the searching of encrypted data. One embodiment of the invention discloses a method for generating a searchable encrypted database. The method comprises receiving a plurality of sensitive data records comprising personal information of different users, identifying one or more searchable fields for the sensitive data records, wherein each searchable field is associated with a subset of the personal information for a user, generating a searchable field index for each of the one or more searchable fields, and encrypting the sensitive data records using a database encryption key.

Abstract: A compliance application automatically produces certification controls by translating framework controls. The framework controls are common certification controls used in production of the certification. The application retrieves framework controls including metadata from a compliance framework data store. Metadata of the framework controls map the framework controls to the certification. In addition, the application retrieves certification parity data associated with the metadata. Certification controls are produced based on the framework controls and the certification parity data. A view of the certification including the certification controls is provided to a customer requesting the certification.

Abstract: A device (D) is intended for determining potential interests of users (U1-U3) that are clients of at least one network operator, each user being associated to a profile defining at least his interests. This device (D) comprises i) a tracking means (TM) arranged for analyzing the profile of at least one user (U1) to determine new real interest(s) it contains and for storing an identifier representative of a determined new real interest of this user (U1) in correspondence with a first date at which it has been considered as a new real interest into his profile, and ii) a recommendation means (RM) arranged for analyzing the first dates of a user (U1) to determine a time ordered sequence of interests preceding a determined new real interest, and for comparing this determined user interest sequence to at least one other sequence of interests of at least one other user (U2) to predict at least one potential future interest for this user (U1), to be introduced into his profile.

Abstract: Provided are a platform authentication strategy management method for trusted connection architecture (TCA), and the trusted network connection (TNC) client, TNC access point and evaluation strategy service provider for implementing the method in the TCA. In the embodiments of the present invention, the platform authentication strategy for the access requester can be configured in the TNC access point or the evaluation strategy service provider, and the platform authentication strategy for the access requester configured in the evaluation strategy service provider can be delivered to the TNC access point. Moreover, a component-type-level convergence platform evaluation strategy can be executed in the TNC access point or the evaluation strategy service provider, to ensure that the realization of the TCA platform authentication has good application extensibility.

Abstract: A policy distribution server provides, on a subscription basis, policy updates to effect desired behaviors of network intermediary devices. The policy updates may specify caching policies, and may in some instances, include instructions for data collection by the network intermediary devices. Data collected in accordance with such instructions may be used to inform future policy updates distributed to the network intermediary devices.

Abstract: Techniques are described for implementing a cloud computer system to facilitate communication between a computing device (e.g., a mobile computing device) and enterprise computer systems. In certain embodiments, the cloud computer system may receive, from a computing device, a request for a service provided by an enterprise computer system. The cloud computer system may determine security authentication of a user for the requested service. A security protocol may be determined for a requested enterprise computer system and a security token may be generated for the request according to the determined security protocol. The request may be sent to the requested enterprise computer system. In some embodiments, security authentication for a request to an enterprise computer system may be determined based on previous authentication. The cloud computer system may be configured to communicate with several different enterprise computer systems according to their supported protocols (e.g.

Abstract: Methods are provided that include receiving a request to couple a first client device to a communication session, wherein the request includes user identification information. The method may include determining a number of client devices coupled to the communication session and comparing the number of client devices coupled to the communication session to a maximum number of client devices to determine whether the maximum number of client devices are coupled to the communication session. The method may also include when the maximum number of client devices are coupled to the communication session, determining whether a user associated with the first client device is a preferred user based on at least the user identification information and when the user is the preferred user, coupling the client device associated with the preferred user to the communication session.

Abstract: A method, computer readable medium and apparatus for obtaining cellular network load information in a secure manner are disclosed. For example, the method receives the cellular network load information, where the cellular network load information is encrypted. The method then decrypts the cellular network load information using a decryption key and performs a task responsive to the network load information that is decrypted.

Abstract: According to an embodiment, a communication apparatus includes a security control unit. The security control unit establishes first and second secure communication channels to a first server which manages communication security keys and second server which provides a service regarding a smart meter, respectively when operation to the smart meter is started, performs mutual authentication with the first server and acquire a first key from the first server via the first secure communication channel, and relays mutual authentication with the first server and acquisition of a second key from the first server via the first secure communication channel for the smart meter.

Abstract: A computing system, comprising includes a first central processing unit (CPU) and a second CPU coupled with the first CPU and with a host processor. The second CPU and the host processor may both request the first CPU to generate keys that have access rights to regions of memory to access specific data. The first CPU may be configured to, in response to a request from the second CPU, generate a unique key with a unique access right to a region of memory, the unique key usable only by the second CPU, not the host processor.

Abstract: A method for managing a transcoder pipeline includes partitioning a memory with a numbered region; receiving an incoming media stream to be transcoded; and atomically loading, using a security central processing unit (SCPU), a decryption key, a counterpart encryption key and an associated region number of the memory into a slot of a key table, the key table providing selection of decryption and encryption keys during transcoding. The atomically loading the decryption and encryption keys and the associated numbered region ensures that the encryption key is selected to encrypt a transcoded version of the media stream when the media stream has been decrypted with the decryption key and the transcoded media stream is retrieved from the associated numbered region of the memory.

Abstract: A method and apparatus are for automatically accessing a social network account that provides member information about each of a plurality of social network members. The member information about at least one of the social network members, denoted as a particular member, includes a network detection portion and a security portion. The network detection portion is retrieved from the social network for at least the particular member. A detection is made that the wireless device is within range of a secure wireless network associated with the particular member. The detection uses the network detection portion of the particular member as an input. The security portion of the member information of the particular member is retrieved from the social network. The security portion is used to derive access credentials for the secure wireless network. The derived access credentials are used to securely access the secure wireless network.