Abstract: In some embodiments, techniques for data security may include encoding and decoding unreadably encoded data, such as data encrypted with a public key or tokenized. In some embodiments, techniques for data security may include distributing an encrypted private key. In some embodiments, unreadable data may be encrypted and/or decrypted using time-varying keys. In some embodiments, techniques for data security may include combining information and a policy, and encoding the combined information and policy, wherein encrypting the combined information and policy is performed using a public key, or via tokenization. In some embodiments, techniques for data security may include receiving data, wherein the data has been encoded, decoding the data, determining a first datum and a second datum, wherein the first datum and the second datum are associated with the decoded data, and determining a policy, wherein the policy is associated with the first datum.

Abstract: One embodiment relates to a computer-implemented method for role discovery in access control systems. User accounts are selected according to a predetermined algorithm. For each selected user account, a new role is created covering a set of permissions including all permissions which the user account needs but is not yet covered by another role that the user account has. The new role is given to the user account so that all permissions needed by the user account are covered. Any additional user accounts which still need the set of permissions covered by the new role are also found, and the new role is given to these additional user accounts, if any. Other features, aspects and embodiments are also disclosed.

Abstract: In a composite system that includes a main system that operates with a main program and a plurality of sub-systems that operate both with sub-programs and under the control of the main system attachably and detachably connected with each other via a predefined bus, the main system transfers each fragment of divided target data to the sub-system, and the sub-system includes a receiving buffer that can read and write the fragment of data received from the main system temporarily. An encrypting process can be executed with the main system and the sub-system regardless of the size of target data to be encrypted, the size of memory in the sub-system, and data transfer capability between the main system and the sub-system even if the size of the target data in the main system is bigger than the size of the receiving buffer in the sub-system.

Abstract: Systems, apparatus, methods, and computer program products are provided for determining a user's authentication requirements/credentials for a specific network access session based on the current location of the user in comparison to predetermined boundaries of location that have altered authentication requirements, in the form of, increased or decreased authentication requirements/credentials that differ from the standard authentication requirements.

Abstract: A secure appliance for use within a multi-tenant cloud computing environment which comprises: a) a policy enforcement point (PEP); b) a hardened Operating System (OS) capable of deploying applications; and c) at least one application capable of hosting services and application program interfaces (APIs).

Abstract: A system and method for generating a notification of privacy settings difference is disclosed. A request is received. A first set of privacy settings is received from a first social network, and a second set of privacy settings is received from at least one other social network. The first set of is compared to the second set. A difference between the first set and the second is detected, and a notification is generated. The notification includes an indication that a difference was detected. The notification is sent for display to the user. In one embodiment, the notification allows the user to request to view, or edit, the first set of privacy settings. In one embodiment, the notification sends the user to a webpage on the first social network where the first set is typically displayed and/or edited. In another embodiment, the notification displays the first set and/or receives the edits.

Abstract: A method for resetting a network password of a first user initiated by a second user is provided. The method comprises a system receiving a request from the second user to reset the password of the first user, wherein the first user is associated with the network. After receiving the request, verification that the second user has a hierarchal relationship to the first user, and that the second user has an active status in the network is completed. After the verification, the network password of the first user is then reset. A notification about resetting the network password is sent to a mobile communication device associated with the first user. Contact information of the second user is found in a data store based on an identification of the second user in the request; another notification is sent about resetting the network password to a communication account of the second user.

Abstract: Methods, systems, and products verify identity of a person. A signature, representing the presence of a device, is acquired. The signature is compared to a reference signature. When the signature favorably compares to the reference signature, then the identity of a user associated with the device is verified.

Abstract: An input device may be in communication with an application processor, wherein the input device may be configured to receive an input and the application processor may be configured to translate the input to a received template. A secure element may be in communication with the application processor and configured to receive the received template from the application processor. The secure element may include a matcher and an enrolled template database. The matcher may be configured to compare the received template from the application processor with an enrolled template within the enrolled template database and return a match status based on the comparison.

Abstract: Systems and methods of detecting emergent behaviors in communications networks are disclosed. In some embodiments, a method may include decomposing a plurality of data packets into a plurality of component data types associated with a candidate alert representing a potential security threat in a network. The method may also include retrieving, from a database, a count for each of a plurality of historical data types matching at least a subset of the component data types, each of the counts quantifying an amount of data of a corresponding historical data type previously detected in the network in a given time period. The method may further include calculating a score that indicates a discrepancy between an amount of data in each of the subset of the component data types and the counts for each corresponding historical data type in the same time period, and handling the candidate alert based upon the score.

Abstract: A computer platform and method for managing secure data transactions between user accounts on a server, based on the respective locations of mobile user devices related to the user accounts, where the user devices create a secured mobile communication cloud between themselves to ensure secure data communications.

Abstract: A system and method for adjusting privacy protection for a user in a plurality of applications is disclosed. A privacy protection request is sent to a user device. In one embodiment, the request is displayed on user device in the form of a pop-up window. In another embodiment, the request is displayed in a privacy settings area. The privacy protection request includes a plurality of protection levels. Once a protection level is selected the protection level is sent back and received by the system. Privacy settings are adjusted according to the selected privacy protection level based on information stored in a master template. In some embodiments, the privacy protection level is translated to associated privacy settings. Once the privacy settings have been adjusted, the privacy settings are applied to a plurality of online applications associated with the user based on the privacy protection level selected.

Abstract: A computer-implemented method to generate a key to provide access to a software product, where the product key is embedded with product information, such as product title, distribution channel, geographic region of sale or other product data.

Abstract: Systems, apparatus, methods, and computer program products are provided for determining a user's authentication requirements/credentials for a specific network access session based on the current location of the user in comparison to known boundaries of location associated with the user, such as the user's residence, place of business or the like. As such, the present invention serves to expedite the process for authenticating a user who desires to gain access to a network service, such as a banking application or the like.

Abstract: An extensible configuration system to allow a website to authenticate users based on an authorization protocol is disclosed. In some embodiments, the extensible configuration system includes receiving an identifier for an authentication provider; and automatically configuring a website to use the authentication provider for logging into the website.

Abstract: A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user's position or department), behavioral attributes, and other criteria.

Abstract: Methods for code protection are disclosed. A method includes using a security processing component to access an encrypted portion of an application program that is encrypted by an on-line server, after a license for use of the application program is authenticated by the on-line server. The security processing component is used to decrypt the encrypted portion of the application program using an encryption key that is stored in the security processing component. The decrypted portion of the application program is executed based on stored state data. Results are provided to the application program that is executing on a second processing component.

Abstract: A method of validating that a user is human. A user question is generated using a computerized device. The user question is output to a user. A user response to the user question is received from the user. The user response is validated as having been provided by a human.

Abstract: Various embodiments utilize hardware-enforced boundaries to provide various aspects of digital rights management or DRM in an open computing environment. Against the backdrop of these hardware-enforced boundaries, DRM provisioning techniques are employed to provision such things as keys and DRM software code in a secure and robust way. Further, at least some embodiments utilize secure time provisioning techniques to provision time to the computing environment, as well as techniques that provide for tamper-resistant storage.

Abstract: Aspects of the disclosure relate generally to using a primary and secondary authentication to provide a user with access to protected information or features. To do so, a computing device may generate depth data based on a plurality of images of a user. The computing device may then compare the generated depth data to pre-stored depth data that was generated based on a pre-stored plurality of images. If authentication is successful, the user may be granted access to features of the computing device. If authentication is unsuccessful, then a secondary authentication may be performed. The secondary authentication may compare facial features of a captured image of the user to facial features of a pre-stored image of the user. If authentication is successful, then the primary authentication may be performed again. This second time, the user may be granted access if authentication is successful, or denied access if authentication is unsuccessful.