Abstract: Method(s) and system(s) for providing an optimal trade off point between privacy of a private data and utility of a utility application thereof are described. The method includes quantifying privacy content of a private data associated with a user based on uniqueness of information in the private data, where the private content comprises sensitive information about the user. The method further includes determining a privacy-utility trade off point model based on analytical analysis of the privacy content, a privacy requirement of the user, and a utility requirement of third party to which the private data is disclosed, where the privacy-utility trade off point model is indicative of optimal private data sharing technique with the third party. Furthermore, the method also includes identifying privacy settings for the user based on risk appetite of the third party, utilizing the determined privacy-utility tradeoff point model.

Abstract: Systems, apparatus, methods, and computer program products are provided for determining a user's authentication requirements/credentials for a specific network access session based on the current location of the user in comparison to known boundaries of location associated with the user, such as patterns of movement or the like. As such, the present invention serves to expedite the process for authenticating a user who desires to gain access to a network service, such as a banking application or the like.

Abstract: An information processing apparatus that controls a display to display a first user interface including a first input field configured to receive identification information and a second input field configured to receive a public key; and controls transmitting identification information received at the first input field and a public key received at the second input field to another information processing apparatus for registration at the another information processing apparatus.

Abstract: Technologies for preventing software-based side-channel attacks are generally disclosed. In some examples, a computing device may receive a cryptographic program having one or more programming instructions for performing a key handling operation and may add one or more programming instructions for performing an anti-attack operation to the one or more programming instructions for performing the key handling operation. The computing device may transmit the resulting cryptographic program with the anti-attack operation to an execution device. The execution device, such as a cloud computing system, may execute the cryptographic program, thereby causing execution of the anti-attack operation. The execution of cryptographic program may prevent a side-channel attack by masking the number of key performance events that occur.

Abstract: Systems and methods provide a storage media on a portable physical object associated with a set of credentials that enables access to a set of computing resources associated with a set of Web services. In some embodiments, information including a set of credentials is prepackaged onto the storage media of the portable physical object. A pre-activated subscription to the set of Web services in a distributed system is provisioned. Access to the set of Web services is enabled when the portable physical object is coupled with a computing device and the set of credentials is authenticated. In some embodiments, the portable physical object is purchased by a user on a prepaid basis without requiring the user to register an account with the set of Web services, allowing the user to remain anonymous with respect to interaction with the set of Web services.

Abstract: A method and system for securing group communication in a Machine-to-Machine (M2M) communication environment including a plurality of Machine Type Communication (MTC) groups, wherein each of the plurality of MTC groups includes a plurality of MTC devices. The method includes generating a unique group key for securing communication with MTC devices associated with an MTC group in an M2M communication environment, securely providing information on the unique group key to the MTC devices associated with the MTC group, and securely communicating at least one broadcast group message with the MTC devices using the unique group key information.

Abstract: A digital file is associated with a security attribute related to watermarking criteria. The digital file content is encrypted, and may not be decrypted by a receiving computer unless the watermarking criteria is met. The receiving computer may decrypt only the encrypted portion of the security attribute unless the watermarking criteria are continuously met at the receiving computer. Improved security and reduction of pirating of the digital content is therefore provided.

Abstract: The subject disclosure is directed towards a technology by which data is securely distributed using a homomorphic signature scheme and homomorphic network coding signature schemes. A homomorphic signature scheme for signing the data is based upon binary pairing with standard prime order groups. Sets of data are signed based upon dividing a larger block of data into smaller blocks, and separately signing each smaller block. The smaller blocks may be distributed to nodes of a network topology that are configured for network coding. In one alternative, the homomorphic signature scheme protects against changes to the block identifier. Proof data may be provided independent of a random oracle, may be provided by providing parameters for verification in a Groth-Sahai proof system, or may be provided by providing parameters for verification independent of a Groth-Sahai proof system.

Abstract: Systems, methods, and apparatuses for comparing firewall policies are described. In one aspect, a system includes a first gateway configured to implement a first firewall having a first policy, a second gateway configured to implement a second firewall having a second policy, and a computing device configured to compare the first policy with the second policy to determine whether the first policy matches the second policy. The first firewall and the second firewall may be implemented with different technologies and/or on different platforms. The computing device may operate as, or execute, a firewall comparison tool to parse raw firewall configuration data from the different firewalls and generate data structures with a common format so that the firewall policies may be compared.

Abstract: In embodiments of restricted execution modes, a mobile device can display a device lock screen on an integrated display device, and transition from the device lock screen to display a shared space user interface of a shared space. The transition to display the shared space user interface is without receiving a PIN code entered on the device lock screen. The mobile device implements a restricted execution service that is implemented to activate a restricted execution mode of the mobile device, and restrict access of a device application to device content while the restricted execution mode is activated. The restricted execution service can also allow a shared device application that is included in the shared space access to the device content while the restricted execution mode is activated.

Abstract: Disclosed are a security processing system and method for HLS transmissions. An aspect of the invention provides a content key conversion device connected over a network to a content proxy device configured to provide encryption key information to a content operating device for a content received from a content provider device of an external network. The content key conversion device includes: a reception part that receives a double encryption key of a content from the content proxy device; an interface part that receives key decryption information corresponding to the double encryption key from an encryption key provider device of an external network; a decryption part that decrypts the double encryption key of the content using the key decryption information and thereby converts the double encryption key to an encryption key; and a transmission part that transmits the encryption key converted by the decryption part to the content proxy device.

Abstract: Example embodiments of the present invention relate to a method, an apparatus and a computer-program product for friendly man-in-the-middle data stream correlation. An example method includes receiving a data stream transmitted from a source intended for a destination. A contextual analysis of portions of the data stream then may be performed, with respective portions of the data stream being correlated according to the contextual analysis.

Abstract: A system for processing network traffic includes a hardware-accelerated inspection unit to process network traffic in hardware-accelerated inspection mode, and a software inspection unit to process the network traffic in software inspection mode. The software inspection unit processes a connection in in the software inspection mode at least for a consecutive predetermined number of bytes of the connection. The connection may be transitioned to the hardware-accelerated inspection mode if the connection is determined to be clean.

Abstract: A first device may receive a first session token from a second device; determine that the first session token is expired or invalid; provide a security input to the second device to cause the second device to generate a first hash value of the security input using a key corresponding to a key identifier (ID); receive the key ID and the first hash value from the second device; generate a second hash value using the key corresponding to the key ID; determine that the first hash value matches the second hash value; and establish a session with the second device based on determining that the first hash value matches the second hash value.

Abstract: A secure appliance for use within a multi-tenant cloud computing environment which comprises: a) a policy enforcement point (PEP); b) a hardened Operating System (OS) capable of deploying applications; and c) at least one application capable of hosting services and application program interfaces (APIs).

Abstract: Systems and methods of redundancy for real time communications are disclosed. One such system includes a first device and a second device, where the first device includes a redundant tunneled services element (RTSE) and the second device includes a redundant tunnel services control function (RTSCF). The RTSCF is in communication with the RTSE and is operable to establish a redundant secure tunnel to the RTSE. The RTSE is operable to redundantly convey a first stream of media packets over the redundant secure tunnel to the RTSCF. The RTSCF is operable to redundantly convey a second stream of media packets over the redundant secure tunnel to the RTSE.

Abstract: A pairwise distance computation transforms first and second signals using an absolute distance preserving mapping, such that a k-norm distance between the first mapped signal and the second mapped signal represents an absolute distance between the first signal and the second signal. The absolute distance preserving mapping maps an element of a first or a second signal to a vector having a size equal to a cardinality of the finite alphabet of the signals. The absolute distance preserving mapping determines a position N of the element in an ordered sequence of symbols of the finite alphabet and determines values for each of N elements of the vector as a fractional power 1/k of positive increments in the finite alphabet. The values for subsequent elements of the vector are determined as zero.

Abstract: A universal hash function calculation device includes a message register sequentially outputs a message of which the bit number is a prime number and of which the length is such that the smallest primitive root when the bit number is set as the modulo is 2, outputting said message one bit at a time. A cyclic key register cyclically permutates a key having the same number of bits as the message, and sequentially outputs a cyclic key vector obtained as a result of the cyclical permutation. On the basis of the sequentially-output cyclic key vector and a message bit that is sequentially output one bit at a time, a logical product calculation unit outputs the cyclic key vector when the message bit is 1, and outputs an all-zero vector having the same bit number as the cyclic key vector when the message bit is 0. A cumulative sum calculation unit accumulates calculation results having the same number as the output bit number and calculates the exclusive disjunction.

Abstract: A method and system implements storing one or more encrypted electronic documents and document information associated therewith, organizing the one or more electronic documents to facilitate access by a user; and enabling remote secure access to the one or more electronic documents through a user device. The one or more electronic documents are a copy of one or more physical documents or a copy of documents that is not a physical document. The document information of an electronic document includes information on a location of the physical document. The electronic document(s) and the document information are stored in a separate storage databases.

Abstract: Methods and apparatus are disclosed to reduce processor demands during encryption. A disclosed example method includes detecting a request for the processor to execute an encryption cipher determining whether the encryption cipher is associated with a byte reflection operation, preventing the byte reflection operation when a buffer associated with the encryption cipher will not cause a carryover condition, and incrementing the buffer via a shift operation before executing the encryption cipher.