Abstract: User Authentication A mobile user authentication application is operable to perform one or more of the following operations: ?authenticate a user in a voice call to a telephony service, by passing an authentication code to the telephony service within the voice call [FIGS. 2, 2c]; ?validate a user instruction during a secure messaging session [FIG. 3]; and ?authenticate a user at a physical local service by obtaining a challenge code at that local service, validating the challenge code with a remote authentication service, obtain a confirmation code from the authentication service and presenting the confirmation code for validation at the local service [FIGS. 4, 4a and 4b].

Abstract: Disclosed are various examples for facilitating access to files in a virtual content repository. In one example, a request to access a file is transmitted to a management service. The request includes a first authentication credential for a first user account associated with the management service. Storage plan data is received that identifies a content repository and a second authentication credential for a second user account associated with the content repository. The client device authenticates with the content repository using the storage plan data, and access to the file is provided.

Abstract: Disclosed are various examples for providing a single sign-on experience for managed mobile devices. A management application executed in a computing device receives a single sign-on request from a managed client application executed by the same computing device. The management application determines that the client application is permitted to access a management credential for single sign-on use. The management application provides the management credential to the client application in response to the single sign-on request.

Abstract: Embodiments relate to a wireless communication device of a group of wireless communication devices configured to communicate with a base station, the wireless communication device comprising a transceiver configured to receive a token from the base station and a processor configured to generate a first data structure on the basis of a function of the token and of a key ki of the wireless communication device and a second data structure comprising an identity idi of the wireless communication device, wherein the transceiver is further configured to broadcast the first data structure and the second data structure to the group of wireless communication devices and the base station.

Abstract: A path is secured from one node to another node of the computing environment. The one node obtains a first encryption key and one or more first parameters for transmission of data, and a second encryption key and one or more second parameters for reception of data. A shared key is obtained by the one node from a key server, and the shared key is used to encrypt a message. The encrypted message includes the first encryption key, the one or more first parameters, the second encryption key and the one or more second parameters. The encrypted message and an identifier of the shared key is sent from the one node to the other node, and a response message is received by the one node. The response message at least provides an indication that the other node received the encrypted message and obtained the shared key.

Abstract: A user authorizes cross-platform interlinking or user data. The cross-platforms are mined for user-authorized data. The data is processed into graph data and metrics data. The graph data is presented as an interactive graph interface to a user that responds to user selections/directions to provide user-defined views and levels of detail.

Abstract: Methods and systems for configurable device fingerprinting and/or achieving communications with enhanced security are disclosed herein. In one example embodiment, a method of configurable device fingerprinting includes storing, at a server, first information regarding one or more selected system attributes, and further includes receiving, at the server, a first signal requesting that a first client device be registered and including system information pertaining to the first client device. Also, the method includes extracting, from the system information, relevant portions of the system information corresponding to the one or more selected system attributes, where the server determines a fingerprint of the first client device based at least in part the relevant portions.

Abstract: Identification and control of malicious users on a data storage system is described herein. A data storage system as described herein can include a file tracking component that records identities of users that have made at least one modification to a file stored on the data storage system, resulting in a set of recorded users; a user monitor component that increments respective malware counts associated with respective users of the set of recorded users in response to a malware scan of the file indicating that the file contains malware; and an access control component that restricts usage of the data storage system by a first user of the set of recorded users in response to a malware count associated with the first user exceeding a first threshold.

Abstract: A system for configuring and providing automated access to content based on the access rights of a mobile computing device, the location of a mobile computing device, and the user operating the mobile computing device. The system uses a centralized database and management system to configure and manage access to content. The system determines the information that is relevant when a device and user are physically present at a specific location. The system then facilitates access to content on the mobile computing device for user interaction. Access to information is controlled by the system based on a combination of permissions shared by the mobile computing device, the user, and the current location. In one embodiment, access to content is governed by the spatial proximity of the device to some physical asset. In one embodiment, multiple location checks are performed before content is delivered.

Abstract: A computer-implemented process of remediating device security vulnerabilities is carried out by determining identifications of electronic devices associated with an entity and calculating, for each device, a security cyber-vulnerability score. For instance, the cyber-vulnerability score is calculated by generating a device cyber-vulnerability score based upon known threats and vulnerabilities, generating a device level cyber-vulnerability score by augmenting the generated device cyber-vulnerability score based upon at least one device level parameter, generating an environmental cyber-vulnerability score, and computing an overall cyber-vulnerability score based upon the device level cyber-vulnerability score and the environmental cyber-vulnerability score.

Abstract: A smart remote control system comprises a plurality of gateway devices and a central management device. The central management device includes an authority management module configured to be operable to select a registered account, to establish a management authority over one of the gateway devices for the selected account, and to generate a bar code corresponding to both of the selected account and the management authority. The bar code may be displayed on an electronic device and scanned by another electronic device for validation of the management authority.

Abstract: Systems and methods of managing enrollment of digital identities (e.g., for aeronautical communication) can involve a line-replaceable unit (LRU) in an aircraft establishing a digital identity with a ground-based server by requesting a public certificate from the ground-based server. The LRU may receive a public certificate from the ground-based server. The LRU may validate the public certificate. The LRU may generate, based on validating the public certificate, an enrollment status message indicative of at least one status code from a plurality of predefined status codes associated with a plurality of corresponding actions for the ground-based server. The LRU may transmit the enrollment status message including the at least one status code to the ground-based server, to cause the ground-based server to perform a corresponding action based on the at least one status code.

Abstract: The present invention relates to a communication apparatus including a first execution unit, a second execution unit, and a selection unit. The selection unit selects a first process of setting a wireless parameter in another communication apparatus or a second process of setting a wireless parameter that is set in another communication apparatus in the communication apparatus.

Abstract: Disclosed are various examples for single-sign on by way of managed mobile devices using Kerberos. For example, a certificate is received from a client device. In response, a Kerberos ticket-granting ticket is generated and sent to the client device. A request for a service ticket is later received from the client device. The request for the service ticket can include the ticket-granting ticket. The service ticket is then generated and sent to the client device. Subsequently, the service ticket is received from the client device and a security assertion markup language (SAML) response is sent to the client device in reply. The SAML response can provide authentication credentials for a service provider associated with the service ticket.

Abstract: A method, a device, and a non-transitory storage medium provide for receiving a request to provision a trial service to a user device, wherein the trial service includes providing a premium service to the user device during a trial time period; identifying a class of service provided to the user device, wherein the request is denied when the premium service is provided to the user device; determining whether the user device is eligible to receive the premium service; determining, when the user device is eligible to receive the premium service, whether the user device is eligible to receive the trial service; and provisioning, based on determining that the user device is eligible to receive the trial service, the trial service to the user device.

Abstract: In accordance with the example embodiments of the Invention there is at least a method and apparatus to detect that at least one message received from another network device of a communication network is in response to a prior message using a spoofed source address; based on the detecting, mirror the at least one message; and send to the another network device the mirrored at least one message to cause the another network device to filter out the at least one message in response to the prior message using the spoofed address. Further, there is at least a method and apparatus to receive from a network node signaling associated with at least one message; based on the signaling, detect that the at least one message is in response to a prior message using a spoofed source address; and based on the detecting, filter out the at least one message in response to the prior message using the spoofed source address.

Abstract: Systems and methods for monetizing the reproduction of digital media content for the rights-holders of the digital media content. Embodiments of the present disclosure relate to determining whether a user of a media content item has a license to reproduce the media content item. In one embodiment, the media content item may be reproduced when the user is licensed. The user is prompted to select to acquire a license to reproduce the media content item or to decline the license to reproduce the media content item when the user is not licensed. Further embodiments determine whether a user may receive a license when the user wishes to acquire a license. In an embodiment, the user is declined a license when not approved for the license.

Abstract: According to an embodiment, an information processing device operates while switching between a secure mode and a non-secure mode. The information processing device includes processing circuitry. The processing circuitry is configured to function as a switching unit. The switching unit switches a mode from the secure mode to the non-secure mode at the time when the information processing device is operating in the secure mode.

Abstract: Systems and methods for monetizing the reproduction of digital media content for the rights-holders of the digital media content. Embodiments of the present disclosure relate to determining whether a user of a media content item has a license to reproduce the media content item. In one embodiment, the media content item may be reproduced when the user is licensed. The user is prompted to select to acquire a license to reproduce the media content item or to decline the license to reproduce the media content item when the user is not licensed. Further embodiments determine whether a user may receive a license when the user wishes to acquire a license. In an embodiment, the user is declined a license when not approved for the license.

Abstract: An account management system establishes a facial template for a user based on an image. The user computing device, signed into a payment application at the merchant location, receives an identifier from a merchant beacon device to transmit to the account management system, which transmits payment tokens based on payment account data and facial templates to the merchant POS device for each user signed in at the merchant location. The merchant POS device identifies the user by comparing a captured image of the user against the received facial templates and transmits the payment token to an issuer system. At a later time, the account management system receives, from a user computing device, a subsequent user image and generates a subsequent facial template. If the difference of the subsequent facial template is less than a threshold from the existing facial template, the subsequent facial template is associated with the user account.