Abstract: A secret communication method with a self-authentication capability is provided, which comprises steps of dividing a secret message into a plurality of secret segments; converting each of the secret segments into (k+1) shares, wherein k is a positive integer; embedding the shares into a media carrier; selecting every k shares among the (k+1) ones to compute (k+1) copies in value; and checking if the (k+1) copies in value are the same. If the (k+1) copies in value are the same, then the secret message is shown. Otherwise, at least one mark will be utilized to replace the secret message while the part of the secret message which is not falsified can still be correctly shown. By employing the method, the integrity and fidelity of the hidden secret message can thus be verified, thereby achieving a new covert communication process performing both information hiding and self-authentication capability.

Abstract: Recording, analyzing and categorizing of user interface input via touchpad, touch screens or any device that can synthesize gestures from touch and pressure into input events. Such as, but not limited to, smart phones, touch pads and tablets. Humans may generate the input. The analysis of data may include statistical profiling of individual users as well as groups of users, the profiles can be stored in, but not limited to data containers such as files, secure storage, smart cards, databases, off device, in the cloud etc. A profile may be built from user/users behavior categorized into quantified types of behavior and/or gestures. The profile might be stored anonymized. The analysis may take place in real time or as post processing. Profiles can be compared against each other by all the types of quantified behaviors or by a select few.

Abstract: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Data to be transmitted is received from a user computer. The data includes one or more characters. The data is replaced with a token representative of the data. The token is transmitted to the destination computing device over a network.

Abstract: A method and an apparatus for protecting data carried on an Un interface between a eNB and a relay node are disclosed. Three types of radio bearers (RBs) are defined over the Un interface: signaling radio bearers (SRBs) for carrying control plane signaling data, signaling-data radio bearers (s-DRBs) for carrying control plane signaling date; and data-data radio bearers (d-DRBs) for carrying user plane data. An integrity protection algorithm and an encryption algorithm are negotiated for control plane signaling data on an SRB, control plane signaling data carried on an s-DRB, and user plane data carried on a d-DRB. With the respective integrity protection algorithm and encryption algorithm, the data over the Un interface can be protected respectively. Therefore, the security protection on the Un interface is more comprehensive, and the security protection requirements of data borne over different RBs can be met.

Abstract: Embodiments of the present invention provide an approach for protecting visible data during computerized process usage. Specifically, in a typical embodiment, when a computerized process is identified, a physical page key (PPK) is generated (e.g., a unique PPK may be generated for each page of data) and stored in at least one table. Based on the PPK a virtual page key (VPK) is generated and stored in at least one register. When the process is later implemented, and a request to access a set of data associated the process is received, it will be determined whether the VPK is valid (based on the PPK). Based on the results of this determination, a data access determination is made.

Abstract: A computer generates a modified list of search terms by adding synonyms of the search terms and terms that are related to the search terms to a list of search terms. The computer removes frequently used words from the modified list of search terms. The computer responds to a determination that a user has authorization to view a field of a document by adding to the modified list of search terms an encrypted version of a search term included in a list of search terms. A search using the modified list of search terms returns a result that identifies the document as a search result when either the unencrypted or the encrypted version of the search term is found in a list of index terms associated with the first document.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer-readable storage medium, and including a method for managing privacy rights of a user related to the delivery of content. The method comprises providing a global privacy management interface that presents a selection tool for enabling a user to review privacy options and interests. The privacy options and interests include controls for presenting a list of identifiers that are associated with the user and interests associated with those identifiers. Each identifier is associated with a requesting source having been used by the user to access content. The interface enables de-selection of individual interests on a per-identifier or global basis. The method further comprises determining, in a server system, content to deliver to the user in view of the privacy selections.

Abstract: Video media subscribers attempt to circumvent embedded ads in downloads by modifying the media files to render only the content feature. A media program is defined as an integrated set of media files including the requested content feature and the accompanying promotional materials. Media files associated with a particular content feature are stored as an integrated whole, and security tokens computed on selected random portions of the collection of media files that define the media program (content feature and interspersed ads). A hash engine computes a security token on selected blocks of the media files. The security tokens and corresponding metadata are stored in a secure repository. Before rendering the content feature, the hash values are recomputed on the downloaded media program; and compared to the corresponding locations from the stored hash values and metadata.

Abstract: Embodiments of systems, apparatuses, and methods to enable a value-added storage service of a storage system coupled to a client are described. In some embodiments, a system establishes a secure root of trust for the client. In addition, the system establishes a secure tunnel between an application of the client and a storage system of the client. Furthermore, the system securely downloads a license for the value-added storage service to the storage system and provides the license from the storage system to an application via the secure tunnel.

Abstract: In a key management system, a RFID tag decrypts a first key encrypted by a master key and stores the decrypted first key to a service key storage region, then decrypts a second key encrypted by the first key in a third party server, then, encrypts the decrypted second key by the master key and transmits the second key encrypted by the master key to an application of a mobile information terminal, and then decrypts the encrypted second key returned from the application and stores the decrypted second key to the service key storage region.

Abstract: A computer-implemented method for collecting thief-identifying information on stolen computing devices may include (1) receiving an indication that a computing device has been stolen, (2) detecting an attempt by a thief of the stolen computing device to access a user account of the thief via the stolen computing device, (3) collecting, based at least in part on detecting the attempt by the thief of the stolen computing device to access the user account of the thief via the stolen computing device, information capable of identifying the thief, and (4) reporting, to a remote computing device, the information capable of identifying the thief. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: There are provided methods and apparatus for adaptive reference filtering. An apparatus includes an encoder for encoding at least one picture. The encoder performs adaptive filtering of at least one reference picture to respectively obtain at least one filtered reference picture, and predictively codes the at least one picture using the at least one filtered reference picture. The at least one reference picture is a picture wherein at least one sample thereof is used for inter-prediction either of subsequent to the at least one sample being applied to an in-loop filter or in an absence of the at least one sample being applied to an in-loop filter.

Abstract: An approach is provided for determining a likelihood of an attack on a first computer system of a first business. Characteristics of the first business and a second business are determined. The second business has a second computer system currently or recently under attack. The characteristics include respective industries, sizes, geographical locations, types of sensitive data, and security vulnerabilities associated with the first and second businesses or first and second computer systems, an address of traffic through a device in the first computer system, and an address of an entity responsible for the attack on the second computer system. Based on a similarity between the characteristics of the first and second businesses, a likelihood that the entity responsible for the attack on the second computer system will attack the first computer system of the first business is determined.

Abstract: A method of processing digital content according to a workflow. The digital content is received and information for the workflow is checked to decide if a processing device is authorized to process the content, the workflow imposing that the digital content be processed in a process chain comprising at least two nodes, wherein the processing device is authorized to process the content if it corresponds to the node that according to the process chain is the next node to process the digital content. If the processing device is authorized to process the content, the digital content is processed and the information for the workflow is updated. Also provided is a system.

Abstract: Technologies for improving platform initialization on a computing device include beginning initialization of a platform of the computing device using a basic input/output system (BIOS) of the computing device. A security co-processor driver module adds a security co-processor command to a command list when a security processor command is received from the BIOS module. The computing device establishes a periodic interrupt of the initialization of the platform to query the security co-processor regarding the availability of a response to a previously submitted security co-processor command, forward any responses received by the security co-processor driver module to the BIOS module, and submit the next security co-processor command in the command list to the security co-processor.

Abstract: An example method includes receiving a message related to a bearer or an Internet Protocol (IP) flow, the message includes an extension indicating whether an Internet Protocol security (IPsec) feature is designated for the bearer or the IP flow. The method further includes mapping a communication flow to the bearer or the IP flow, and applying the IPsec feature to the bearer or the IP flow. In other embodiments, the method can include communicating the extension to a next destination, and updating a security policy to indicate that the bearer or the IP flow is designated for the IPsec feature. In yet other embodiments, an Internet Key Exchange (IKE) is used to establish a security association for a serving gateway associated with the communication flow. The extension is provided at an IP flow level or at a bearer level such that network traffic is designated for the IPsec feature.

Abstract: An automated technique for constructing and updating protection scope is described. Preferably, the protection scope is MAC-address based. According to this technique, one or more packet processing units (PPUs) execute a MAC address learning algorithm to gather a list of MAC addresses. Packet processing units typically are one of: a kernel module residing on the hypervisor, a virtual appliance running a packet processing engine, and a software agent running on a virtual machine and that processes packet flows between and among associated virtual machines. Each of the one or more PPUs is provisioned to collect a set of MAC addresses; the PPUs exchange their lists, and the lists are then merged into a merged list from which a current protection scope is then generated. Each entry in the protection scope preferably contains information indicating which PPU is available to protect the MAC address associated with that entry.

Abstract: An approach is provided for controlling access to local storage medium. A request is detected from an operating system for accessing a local storage medium. An intermediary agent selectively grants access to the local storage medium according to an access policy, wherein the intermediary agent is distinct from the operating system.

Abstract: Described are various embodiments of a system and method in which device-identifying data can be used to uniquely recognize and optionally track and report on device activity at one or more hotspot locations by way of the creation and management of a device profile uniquely associated with such devices and stored in a network accessible knowledge base.

Abstract: A cloud-based broker service may be provided for computing devices in a distributed computing environment. The broker service may aggregate user accounts and user account credentials utilized for accessing online services by the computing devices. The broker service may monitor a context of the computing devices associated with the user accounts. The broker service may then utilize the context, data associated with the user accounts and data associated with the user account credentials to automate tasks and/or provide alerts associated with the data.