Abstract: The present invention provides improved techniques that can be used to verify illegitimate non-human users that are accessing content. For example, a method of verifying a non-human user of a computerized device may comprise receiving information identifying a potential non-human user of a computerized device, altering a browser page to be used by the potential non-human user, and verifying whether or not the potential non-human user is an actual non-human user based on a behavior of the potential non-human user with the altered browser page.

Abstract: Systems and methods for watermarking content and authenticating watermarked content are provided. Content is rendered on a display while watermarking information embedded in portions of the content are obtained. The watermarking information is verified to authenticate the content. If the content is not authentic, or is not authenticated within a period of time, the content can be terminated or otherwise blocked from rendering on the display.

Abstract: Processor system with a general purpose processor and a cryptographic processor dedicated to performing cryptographic operations and enforcing the security of critical security parameters. The cryptographic processor prevents exposure of critical security parameters outside the cryptographic processor itself, and instead implements a limited scripting engine, which can be used by the general purpose processor to execute operations that require the critical security parameters.

Abstract: A method and apparatus are provided for initial certification enrollment in a wireless communication system. A first mobile device establishes a first wireless connection with an infrastructure and a second wireless connection with a second mobile device. The first mobile device receives, from the second mobile device, a first certification request that includes a request for a digital certificate for the second mobile device and first biometric data associated with a user of the first mobile device. The first mobile device obtains second biometric data associated with a user of the second mobile device and conveys a second certification request to the infrastructure that includes the request for the digital certificate for the second mobile device and the first and second biometric data. The first mobile device then receives, from the infrastructure, the digital certificate for the second mobile device and forwards, to the second mobile device, the digital certificate.

Abstract: A social networking system maintains a limited user profile associated with a user of the social networking system who does not satisfy one or more criteria for the social networking system to maintain a user profile. The limited user profile includes information describing the user and allows the user to be associated with limited types of interactions with the social networking system. An administrator is associated with the limited user profile and may modify information associated with the limited user profile as well as authorize or deny interactions involving the limited user profile. When the user satisfies criteria for the social networking system maintaining a user profile, the social networking system generates a user profile based on information in the limited user profile and prior interactions involving the limited user profile.

Abstract: Provided are a method, apparatus and system for realizing security detection in a heterogeneous network. UE establishes cross-Evolved NodeB (eNB) double/multiple connections with a MeNB and a LPN in an access network which is a kind of heterogeneous network, the LPN is responsible for data distribution, and the distribution is layered by RB; the MeNB receives a report message from the LPN through a backhaul interface between the MeNB and the LPN, and the report message contains the data count sent/received between the LPN and the UE; and the MeNB transmits CP information with the UE to compare the data counts actually sent/received between the access network and the UE to detect whether there is insertion of an attacker or not.

Abstract: A system and method for delegating permissions to a third party are presented. A request to access a first computing resource of a computer server is received from a first user. The first user is prompted to supply a first authentication credential for access to the first computing resource of the computer server and the first authentication credential is received from the first user. After the first authentication credential is received, a request to access a second computing resource of the computer server is received from the first user. An authentication database is accessed to identify a second user associated with the second computing resource, and a request for a second authentication credential is transmitted to a second user. The second authentication credential is received from the second user. When the second authentication credential is received from the second user, the first user is given access to the second computing resource.

Abstract: An automobile device transmits data to a server in a communication network. The automobile device records the data received from one or more transmitters located in an automobile. The automobile device transmits a random access preamble on an uplink carrier to a base station when a pre-defined condition is met. The automobile device encrypts the data and transmits the encrypted data to a server via a base station.

Abstract: A device may receive a connection request including a digital certificate from an endpoint for establishing a secure connection for a communication, the digital certificate including a digital certificate chain identifying one or more certificate authorities associated with the digital certificate. The device may determine whether the digital certificate is valid based on the digital certificate chain identifying one or more certificate authorities trusted by the device. The device may determine whether the connection request includes a valid token. The device may generate a token based on the digital certificate being valid and an absence of a valid token included in the connection request. The device may associate the token with the digital certificate. The device may distribute the token to the endpoint. The device may establish the secure connection with the endpoint using the token associated with the digital certificate.

Abstract: User-specific data for use with a software service may be stored in an encrypted form, where the encryption and/or decryption keys used are associated with a user's biometric data (that the user voluntarily provides after appropriate disclosure, to protect the user's interest in privacy). When the user uses the software service on a device, the device may receive the user-specific data in an encrypted form, and then may use the biometric data to retrieve or generate the cryptographic key that is used to decrypt the user-specific data. The user-specific data is then decrypted and used on the device with the software service.

Abstract: Aspects of the subject matter described herein relate to a simplified login for mobile devices. In aspects, on a first logon, a mobile device asks a user to enter credentials and a PIN. The credentials and PIN are sent to a server which validates user credentials. If the user credentials are valid, the server encrypts data that includes at least the user credentials and the PIN and sends the encrypted data to the mobile device. In subsequent logons, the user may logon using only the PIN. During login, the mobile device sends the PIN in conjunction with the encrypted data. The server can then decrypt the data and compare the received PIN with the decrypted PIN. If the PINs are equal, the server may grant access to a resource according to the credentials.

Abstract: Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a proxy, implemented within a network gateway device of a private network, monitors remote file-system access protocol sessions involving client computer systems and a server computer system associated with the private network. For each file on a share of the server computer system being accessed by one or more of the client computer systems: (i) a shared holding buffer corresponding to the file is created within a shared memory of the network gateway device; (ii) data being read from or written to the file by the monitored remote file-system access protocol sessions is buffered into the shared holding buffer; and (iii) responsive to a predetermined event, content filtering is performed on the shared holding buffer to determine whether malicious, dangerous or unauthorized content is contained within the shared holding buffer.

Abstract: A system for anonymizing and aggregating protected information (PI) from a plurality of data sources includes a master index server coupled to a data repository. The master index server receives an anonymized records associated with an individual from a plurality of data hashing appliances. The system includes a cluster matching engine that applies a plurality of rules to hashed data elements of the received record for comparing hashed data elements of the record with hashed data elements of a plurality of clusters of anonymized records associated with different individuals stored in the data repository to determine whether the individual associated with the received record corresponds to an individual associated with one of the clusters of anonymized records. When a match is found, the cluster matching engine adds the received record to the cluster of anonymized records associated with that individual.

Abstract: Methods for activating a second application on a user device using a first application already installed and activated on the user device are described. In one embodiment the second application requests activation from the first application. The first application then authenticates a user before providing an activation response. The activation response can be requested from a remote server by the first application on behalf of the second application. The methods improve the ease of activating new software on a user device.

Abstract: A system for performing distributed computing. The system comprises a plurality of compute node resources for performing computations for the distributed computing, a management resource for managing each of the compute node resources in the plurality, and a virtual cloud network. The management resource and the plurality of compute node resources are interconnected via the virtual cloud network.

Abstract: A system and method of erasing data on a data handling device may include providing a device with a data storage element and a biometric characteristic scanning element, scanning a triggering biometric characteristic of a secured user by the scanning element, and storing protected data in a protected storage location on the data handling device. System and method may also include monitoring the scanning element for detection of a biometric characteristic, detecting a biometric characteristic by the scanning element, and determining if the detected biometric characteristic corresponds to the triggering biometric characteristic. If the detected biometric characteristic corresponds to the triggering biometric characteristic, then erasing data in the protected storage location.

Abstract: Systems for instant messaging private tags preferably comprise a parser for parsing an instant message for sensitive data and an encryption engine for encrypting the sensitive data. A modified uuencoder is also preferably included for converting the encrypted sensitive data into a data stream that complies with an XML format. Other systems and methods are also provided.

Abstract: Embodiments described herein provide security for end users of User Equipment (UE) that utilize service chaining for Service Data Flows (SDFs). One embodiment comprises a Policy and Charging Rules Function (PCRF) that determines that a service chain is enabled for a SDF requested by an end user of a UE. The PCRF identifies a service function implemented in the service chain that processes the SDF based on a generic security policy, and identifies a security rule for the end user for filtering the SDF by the service function. The PCRF provides the security rule to the service function for filtering the SDF within the service chain.

Abstract: Methods and systems for securing remotely-operable devices are provided. A security device can receive a plurality of commands to control a remotely-operable device in a remote environment. At least one command in the plurality of commands can include command data that is related to the remotely-operable device. The security device can receive a plurality of responses to the plurality of commands. The security device can process the plurality of commands and the plurality of responses to determine a signature related to an operator that issued the plurality of commands for the remotely-operable device. The security device can determine an identity of the operator based on the signature. The security device can generate an identity report that includes the identity of the operator.

Abstract: A computer uses the information included within a digital certificate to obtain a current date and time value from a trusted extrinsic trusted source and the computer compares the obtained current date and time value to a validity period included in the digital certificate to determine if the digital certificate is expired. The information included within the digital certificate specifying an extrinsic source for the current date and time value can be included in an extension of the digital certificate, and the information can specify a plurality of extrinsic sources.