Abstract: Message(s) are received from each one of multiple proxy servers, which are anycasted to the same IP address, that indicate source IP addresses of packets that are received that are directed to that same IP address. These proxy servers receive the packets as result of domain(s) resolving to that same IP address, and a particular one of the proxy servers receives the packets as a result of an anycast protocol implementation selecting that proxy server. Based on these message(s) from each of the proxy servers, a determination of the likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers is determined. A message is transmitted to each of the proxy servers that indicates which source IP addresses of packets are not likely to be legitimately received at that proxy server.

Abstract: A flexible aes instruction for a general purpose processor is provided that performs aes encryption or decryption using n rounds, where n includes the standard aes set of rounds {10, 12, 14}. A parameter is provided to allow the type of aes round to be selected, that is, whether it is a “last round”. In addition to standard aes, the flexible aes instruction allows an AES-like cipher with 20 rounds to be specified or a “one round” pass.

Abstract: Systems and methods for authenticating a user are provided. A user specifies one or more items for authentication and provides images of the one or more items. When the user opens up a mobile application, a camera on the mobile device is activated and takes a picture of an item in its field of view. If the picture matches one of the images of the items, the user is authenticated.

Abstract: A control panel may prevent access to one or more aspects of the control panel based at least in part on one or more security parameters. The security parameters may include a default locked status and a takeover locked status. The default locked status may prevent a user or other personnel from accessing the software, code, or other intellectual property on the control panel while still allowing the user to interface with the security and/or automation system. The takeover locked status may prevent any access or use of the control panel. To protect the automation system and the automation system provider, it may be desired to use a unique identifier to unlock at least one or more aspects of the control panel. The unique identifier may be loaded onto an external storage device which the control panel may automatically recognize.

Abstract: As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.

Abstract: Managing data security on a mobile device. Data associated with a mobile device is received; the data includes an identification (ID) of the mobile device and a location of the mobile device relative to one or more location sensor devices. A path is determined, relative to the one or more location sensor devices, through which the mobile device has traveled. An electronic security key is communicated to the mobile device based on determining that the path corresponds to a defined path associated with the mobile device.

Abstract: Enabling an authenticated user to access content associated with an authenticated user as though the authenticated user had a selected user relationship with the authenticated user. The user relationship may comprise a relationship degree, a relationship category, a relationship rating, and/or the like. An invitation to join an electronic service, such as an online social network, is sent to the unauthenticated user at an address known to the authenticated user. The invitation includes a time-limited token, such as a URL, that includes an invitation identifier, which relates the invitation to the authenticated user content. The token may be encrypted in the invitation. The unauthenticated user returns the token as a request to preview the authenticated user content without first becoming an authenticated user of the electronic service. If the token is still valid, access is granted. The unauthenticated user may also request to establish a connection with the authenticated user.

Abstract: Disclosed are techniques for securely sharing a content item. The techniques comprise receiving an authorization grant. The techniques also comprise utilizing the authorization grant to obtain an access token. The access token includes credentials for enabling access to a content item. The techniques further include requesting one of an encryption or decryption key from a key management system. The one of the encryption or decryption key facilitates encryption or decryption operations in connection with the content item. The techniques still further comprising performing an encryption or decryption operation in connection with the content item. The one of the encryption or decryption operation is performed using the corresponding one of the encryption or decryption key.

Abstract: Techniques for authenticating a user may be described. In particular, a network-based document may be provided to a computing system of a user. The network-based document may include code and an identifier of another network-based document. The code may be configured to, upon execution, determine whether the other network-based document was accessed prior to providing the network-based document to the computing system. The other network-based document may be accessible to the user based on an identifier of the user. An indication that the other network-based document was accessed may be determined. For example, the indication may be received from the computing system based on an execution of the code at the computing system. The user may be authenticated based on the indication.

Abstract: System, method, and device for providing services on a network. The device comprises a security assessor and a service provider unit. The security assessor is connected to the network and is configured to identify rights of an entity on the network. The service provider unit is connected to the network and the security assessor. The service provider unit comprises a discovery unit, an interaction unit, and an interest unit. The discovery unit identifies content available on the network. The interaction unit identifies interactions of the entity on the network. The interest unit identifies interests of the entity based on the identified interactions and the identified content. The service provider unit provides services to the entity on the network, based on the rights of the entity, and at least one of the identified content and the identified interests of the entity.

Abstract: An indication is received that a user has initiated an access to a website hosted by a service provider. Access to the website requires an authorization of a user identification associated with the user and a password associated with the user. A token is requested. The token provides access to an application programming interface. The token is received. The token is stored by the service provider.

Abstract: Decoding an encoded video stream may include generating, by a processor in response to instructions stored on a non-transitory computer readable medium, a decoded video for presentation to a user, and outputting the decoded video. Generating the decoded video may include receiving an encoded video stream, generating a decoded constructed reference frame by decoding an encoded constructed reference frame from the encoded video stream, generating a decoded current frame by decoding an encoded current frame from the encoded video stream using the decoded constructed reference frame as a reference frame, and including the decoded current frame in the decoded video such that the decoded constructed reference frame is omitted from the decoded video.

Abstract: A method of delivering digital audio and video content and a HDCP source device are disclosed herein. In one embodiment the method includes: (1) receiving an encryption key from a potential receiver of the digital audio and video content, (2) authenticating the potential receiver is an HDCP compliant device and (3) in addition to the authenticating, verifying the potential receiver is a trusted device for receiving the digital audio and video content.

Abstract: Aspects of the invention can log a user into a primary device in a more efficient manner. For example, aspects of the invention may eliminate the need for the user to supply user credentials directly to a primary device. Instead, the companion device recognizes relevant primary devices located proximate to the companion device and automatically initiates a user login to the primary device without user intervention. Aspects of the invention can automatically login a user to known and unknown primary devices.

Abstract: Implementations described and claimed herein provide encryption in the data path. In one implementation, login parameters from a primary data center are obtained. The login parameters include an identification of a destination device. An encryption key corresponding to the destination device is received. A write command including data for writing to the destination device is received from the primary data center. The data is encrypted inside a firewall of the primary data center using the encryption key. The encrypted data is routed over a data path to the destination device. As such, the data is secure during transmission over the network to the destination device.

Abstract: In one embodiment, a method for securing data on a semi-trusted server is implemented on a computing device and includes: receiving at least a current session key from a user device for use during a current session, where the current session key is suitable for encrypting data and for decrypting data encrypted with the current session key, decrypting communications received from the user device during the session with said session key, encrypting with the session key at least one of communications to be sent to said user device and personal data generated during the session, storing the encrypted personal data, and discarding the current session key upon completion of the session, thereby limiting possible access to the stored encrypted personal data other than during the session. Related apparatus and methods are also described.

Abstract: Authentication of a device through a constructed authentication token. Components of an authentication key are distributed across at least a device and a server, diminishing a likelihood that an individual account is compromised by an attack.

Abstract: A mobile device may include an authenticator and a processor. The authenticator may store a first secret corresponding to a second secret stored on a server and generating a key based upon the first secret. The processor may embed the key in data communicated to the server to request access from the server.

Abstract: An information processing apparatus includes a policy acquisition unit configured to acquire a policy on disclosure of information on a target user; a collection unit configured to collect attributes that may be related to the target user from public information disclosed on a network to create an attribute set related to the target user; and a determination unit configured to determine whether or not the attribute set satisfies the policy.

Abstract: In one embodiment, a method includes initiating at a client application at a client device, a single sign-on authentication with a security device, receiving at the client application, a session identifier and location of a web portal for the single sign-on authentication from the security device, and passing the session identifier and location of the web portal from the client application to a browser installed at the client device, for use by the browser in performing the single sign-on authentication at the client device. An apparatus and logic are also disclosed herein.