Abstract: Systems and methods for monetizing the reproduction of digital media content for the rights-holders of the digital media content. Embodiments of the present disclosure relate to determining whether a user of a media content item has a license to reproduce the media content item. In one embodiment, the media content item may be reproduced when the user is licensed. The user is prompted to select to acquire a license to reproduce the media content item or to decline the license to reproduce the media content item when the user is not licensed. Further embodiments determine whether a user may receive a license when the user wishes to acquire a license. In an embodiment, the user is declined a license when not approved for the license.

Abstract: An account management system establishes a facial template for a user based on an image. The user computing device, signed into a payment application at the merchant location, receives an identifier from a merchant beacon device to transmit to the account management system, which transmits payment tokens based on payment account data and facial templates to the merchant POS device for each user signed in at the merchant location. The merchant POS device identifies the user by comparing a captured image of the user against the received facial templates and transmits the payment token to an issuer system. At a later time, the account management system receives, from a user computing device, a subsequent user image and generates a subsequent facial template. If the difference of the subsequent facial template is less than a threshold from the existing facial template, the subsequent facial template is associated with the user account.

Abstract: An account management system establishes an account for a user. The user enters user account information into the account and the account management system establishes a facial template for the user based on an image of the face of the user. The user requests to change user account information at a merchant POS (POS) device. The merchant POS device captures a facial image of the user and transmits the image the account management system, which generates a facial template and compares the generated facial template against the existing facial template associated with user account. If the generated facial template is less than a threshold difference from the existing facial template, the user may update user account information at the merchant POS device, which communicates the updated user account information to the account management system. The account management system associates the updated user account information with the user account.

Abstract: Various methods and systems are provided for autonomous management for a managed service identity. A first token request, for a secret, is generated at a managed service. The secret supports authenticating the managed service for performing operations in a distributed computing environment. The first token request includes an identity identifier of the managed service. The first token request is communicated to a credentials manager which is associated with a secrets management service (“SMS”) that can be utilized to store, renew and distribute secrets in the distributed computing environment. Based on communicating the first token request to credentials manager, the token is received, via the credentials manager, from the secret token service. The token is received based in part on the credentials manager generating a second token request for the token and communicating the second token request and a secret associated with the managed service to the secret token service.

Abstract: The embodiments herein relate to an IoT device, a method performed in the IoT device, a network device and a method performed in the network device for securing communication of the IoT device roaming from a home network to a visited network. The method comprising: receiving a request from the IoT device to set up a VPN tunnel; acknowledging the setting up of the VPN tunnel, and routing data received from the IoT device destined for an IoT service provider via the VPN tunnel. This way the encryption/decryption processes are handled by the visited network.

Abstract: Disclosed are various examples for single-sign on by way of managed mobile devices. For example, an identity provider service can receive a request for an identity assertion from an application executed in a client device. The identity provider service can then detect a platform associated with the client device. A response to the request can be sent based at least in part on the platform, where the response requests authentication by a management credential. Data generated by the management credential is received from the client device, and the management credential is determined to be valid for the identity assertion. The identity assertion is then sent to the client device in response to determining that the management credential is valid for the identity assertion.

Abstract: An application security management system and an edge server which enable an application developed by an application developer to be executed only in a state that matches a security risk reported by the developer are provided. In an application security management system, an evaluation management server that manages evaluation of an application developed by an application developer and executed by an edge server registers the application and an access report list related to the usability of a function of the edge device and/or the accessibility of processing data of the edge device after evaluation in an application DB. A distribution management server system that manages distribution of the evaluated application notifies a user who issued a purchase request of the access report list upon receiving the purchase request for the application and distributes the application and the access report list to the edge server when authorization data is received only.

Abstract: A method and system for processing information from a control panel in a building management system validates programming data of the control panel and then a monitoring station responding to the information from the control panel if its programming data was validated. A server system can be used for this validation. The proposed system can provide a lightweight system for validation to avoid problems arising from incorrectly configured panels sending false alarms to monitoring stations.

Abstract: Systems and methods are described herein for graphically representing an information management system based on the characteristics of within the system. The systems and methods interface with various components of the system (e.g., administrative components, index components, and so on) to identify data having certain characteristics (e.g., personal data), and generate or render information (e.g., a heat map or other visual display) that represents areas or locations within the system storing the data. Thus, the systems and methods, in some embodiments, generate or create a data-specific view into the information management system.

Abstract: The invention provides a file storage method, a file search method and a file storage system based on public-key encryption with keyword search. The method comprises: receiving a user file storage request sent from a data possessor, acquiring access control attribute information for access to a user file, security level parameters and a keyword set of the user file, generating a file attribute vector of the user file by means of the access control attribute information and the keyword set, acquiring a public-secret key pair used for encrypting the file attribute vector from a pre-generated key space, encrypting the file attribute vector by means of a public key in the public-secret key pair to obtain a ciphertext corresponding to the file attribute vector, and transmitting the ciphertext corresponding to the file attribute vector and a ciphertext of the user file to a preset storage server.

Abstract: A system and method for communication between a building management system control panel and a monitoring station are disclosed. Examples of building management systems include fire alarm systems and security systems. The monitoring station and the control panel establish an encrypted channel between each other. The monitoring station and the control panel then transmit status information over the encrypted channel. In examples, the status information includes alarm information sent from fire control panels, intrusion information sent from security panels, and operational information of the panels and/or monitoring station, in examples.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-generation (5G) communication system for supporting higher data rates beyond a 4th-generation (4G) system with a technology for internet of things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method of a terminal according to the present disclosure includes: transmitting connection request messages for network slices, which are networks constructed for each service, to a network; receiving response messages including identifiers of the network slices from a base station; and generating security contexts for each network slice based on at least one of the identifiers of the network slices and tokens generated during an authentication process with a third party.

Abstract: Techniques for managing access control policies are described herein. According to one embodiment, access control policies (ACPs) and access control rules (ACRs) are downloaded from a management server to a network access device (NAD) over the Internet, where the network access device is one of a plurality of network access devices managed by the management server over the Internet. In response to a request from a network client device for entering a network, a device type of the network client device is detected and an ACP identifier is determined based on the device type using the ACRs An ACP is selected from the ACPs based on the ACP identifier and enforced against the network client device. At least the selected ACP is reported to the management server to distribute the selected ACP to other network access devices.

Abstract: One embodiment of the present invention provides a system for facilitating storage encryption and decryption. During operation, the system receives a first request to encrypt data which is to be stored on a remote device, wherein the first request indicates the data. The system updates a key based on a dynamic key refreshment protocol. The system determines a key label for the updated key. The system encrypts the data based on the updated key, and transmits the encrypted data and the key label to the remote device, thereby facilitating secure encryption and decryption of data on the remote device.

Abstract: Methods and systems for a networked computing system are provided. One method includes detecting that a processor executable, policy decision point (PDP) has not responded to a request for accessing data associated with a storage system; predicting a response to the request using a machine-learned, request-response association maintained by a processor executable training device; and presenting the predicted response to a processor executable, policy enforcement point (PEP) for granting access to the data and denying access to the data, based on the predicted response.

Abstract: A predicate-based row level security system is used when workers build or split an analytical data store. According to one implementation, predicate-based means that security requirements of source transactional systems can be used as predicates to a rule base that generates one or more security tokens, which are associated with each row as attributes of a dimension. Similarly, when an analytic data store is to be split, build job, user and session attributes can be used to generate complementary security tokens that are compared to security tokens of selected rows. Efficient indexing of a security tokens dimension makes it efficient to qualify row retrieval based on security criteria.

Abstract: Systems and methods for monetizing the reproduction of digital media content for the rights-holders of the digital media content. Embodiments of the present disclosure relate to determining whether a user of a media content item has a license to reproduce the media content item. In one embodiment, the media content item may be reproduced when the user is licensed. The user is prompted to select to acquire a license to reproduce the media content item or to decline the license to reproduce the media content item when the user is not licensed. Further embodiments determine whether a user may receive a license when the user wishes to acquire a license. In an embodiment, the user is declined a license when not approved for the license.

Abstract: Systems and methods for monetizing the reproduction of digital media content for the rights-holders of the digital media content. Embodiments of the present disclosure relate to determining whether a user of a media content item has a license to reproduce the media content item. In one embodiment, the media content item may be reproduced when the user is licensed. The user is prompted to select to acquire a license to reproduce the media content item or to decline the license to reproduce the media content item when the user is not licensed. Further embodiments determine whether a user may receive a license when the user wishes to acquire a license. In an embodiment, the user is declined a license when not approved for the license.

Abstract: A method and apparatus for providing fallback data services over a Wi-Fi network is described. A request to enable access to new data sessions for wireless terminals in a zone covered by a Wi-Fi network node is received upon failure of 3GPP radio in that zone. When a request for a new data session from a WT is received, the MAC address of the WT is added to a list of authorized users. The MAC address of the WT is sent to Wi-Fi network nodes of adjacent zones such that the WT can have continuous service as it moves between zones. When a Wi-Fi network node currently serving the WT receives an indication that the WT data session is terminated, a message is sent from the Wi-Fi network node currently serving the WT, to nodes of adjacent zones to remove the MAC address of the WT from the list of authorized users.

Abstract: This disclosure describes an automated process of discovering characteristics needed to integrate a web-based application to a web portal, such as a reverse proxy. This process eliminates the need for application owners and security analysts to manually discover the information needed for the on-boarding process. To this end, application-specific information is determined by monitoring network traffic flows in and out of the application, user authentication and authorization event data, and the like. An application discovery engine analyzes the discovered data, preferably against a set of patterns and heuristic-based rules, to discover or identify the one or more application characteristics. A set of configuration data is then generated, and this configuration data is then used to integrate the application into the web reverse proxy and, in particular, by specifying the configuration needed to “board” the application.