Abstract: Electronic publications are increasingly replacing physical media but to date standards have evolved to mimic these physical media. Accordingly it is beneficial to provide electronic publication software systems and/or software applications to enable new paradigms that provide consumers, authors, publishers, retailers, and others with new models for releasing digital content from editorial and authorship viewpoints; new models for providing digital rights management with licensing, re-assignable rights and the ability to issue sub-rights or issue partial licenses with predetermined validity; new models for publishers to release revised editions, errata, new additions, etc; engaging social network type collaborative behavior within work and private environments with associated content (annotations) to the original release content; and supporting discussion and information dissemination within a wide variety of environments from education to business to book clubs etc.

Abstract: A verifiable, redactable log, which, in some embodiments, may contain multiple hash values per entry in order to sever confidentiality of a log from verifiability. Logs may be verified using recalculation of hashes and verification of trusted digital signatures. In some embodiments, the log may be divided into segments, each signed by a time server or self-signed using a system of ephemeral keys. In some embodiments, log messages regarding specific objects or events may be nested within the log to prevent reporting omission. The logging system may receive events or messages to enter into the log.

Abstract: A method for updating drivers. The method may include transmitting a connection request from a first computer to a second computer. The method may include creating a connection handshake in the first computer in response to the transmitted connection request, whereby the connection handshake includes client credentials and driver information. The method may include transmitting the created connection handshake from the first computer to a second computer. The method may include determining the first computer is authorized to connect to the second computer based on the client credentials. The method may include determining a first version level of a first plurality of drivers associated with the first computer is a lower version level than a second version level of a second plurality of drivers associated with the second computer based on the driver information. The method may include transmitting a driver update. The method may include installing the driver update.

Abstract: The present invention is directed to a method, apparatus and computer-readable medium for utilizing a shared computer system. The method includes receiving, utilizing at least one interface, an access request associated with a potential user for access to a secure data processing center. The method may also include processing, utilizing at least one processor, the access request. The system may also include determining, based on the processed access request, a classification of the potential user with respect to one or more potential or actual access rights to be associated with the potential user for accessing the secure data processing center. In the method, the determined classification of the potential user is that the potential user is at least one of a non-user, an eligible user, a limited user and an authorized user of the secure data processing center.

Abstract: When tenants migrate data from on-premises archiving solutions to a hosted service, tenants should maintain just enough data for compliance purposes and dispose of data that is no longer needed to reduce overall liability and compliance risk exposure. Embodiments are directed to providing selective import of data to a hosted service through a security and compliance system associated with the hosted service to reduce overall liability and compliance risk exposure. Data, usage pattern and security/compliance policies associated with a tenant of the hosted service may be analyzed. A model for importing tenant data may be created based on the analysis. A suggestion may be presented to the tenant based on the model, where the suggestion includes a filter for importing tenant data. In response to receiving a confirmation to implement the suggestion, the filter may be applied to the tenant data as it is imported to the hosted service.

Abstract: A vehicle-to-vehicle communication system includes a controller programmed to digitally sign each of a plurality of basic safety messages (BSMs) using a private key and broadcast each of the BSMs via the transceiver at respective transmit power levels according to a predetermined power level sequence that is defined by one or more values generated from the private key.

Abstract: Examples for distributed and secure storage of a data block amongst a network of nodes are presented. An example embodiment may involve logically partitioning the network of nodes into non-overlapping zones, each zone containing a subset of the nodes and generating a private key for use within a particular zone. The embodiment may further involve encrypting the data block with the private key, partitioning the data block as encrypted into sub-blocks, and distributing the sub-blocks amongst a subset of the nodes that is within the particular zone. The embodiment may also involve using a secret sharing process to divide the private key into a number of shares equivalent to a number of nodes in the particular subset of the nodes and distributing the shares of the private key amongst the particular subset of the nodes, such that each node therein receives exactly one of the shares of the private key.

Abstract: The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates Beyond 4th-Generation (4G) communication system such as Long Term Evolution (LTE). In accordance with an aspect of the present disclosure, a method of transmitting data in a device to device communication system is provided. The method includes determining whether a security feature is applied to one or more packet data convergence protocol (PDCP) data units, configuring the one or more PDCP data units based on the determined result, and transmitting the one or more PDCP data units to one or more receiving user equipments (UEs).

Abstract: A method for halting malware includes: monitoring plural file system events with a system driver to detect an occurrence of a file system event having a predetermined file type and log event type; triggering a listening engine for file system event stream data of a file associated with the detection of the file system event, the file system event stream data indicating data manipulation associated with the file due to execution of a process; obtaining one or more feature values for each of plural different feature combinations of plural features of the file based on the file system event stream data; inputting one or more feature values into a data analytics model to predict a target label value based on the one or more feature values of the plural different feature combinations and agnostic to the process; and performing a predetermined operation based on the target label value.

Abstract: An event interface system facilitates the creation of a blockchain object and deployment of the blockchain object on a blockchain. The system also provides an interface between events that may affect the blockchain object and the blockchain object stored on the blockchain. Additionally, the system can monitor a state of the blockchain object and control interactions with the blockchain object and updates to the blockchain object according to the determined state.

Abstract: In some aspects, a method for mediation of a screenshot capture by a client application based on policy includes identifying, by a client application on a client device, a policy for mediating one or more screenshots of content displayed via the client application. An embedded browser within the client application accesses a network application of one or more servers. The method further includes intercepting, by the client application, a request to capture a screenshot of at least a portion of the network application being displayed, determining, by the client application, one or more mediation actions to perform on the screenshot responsive to the policy, performing, by the client application, the one or more mediation actions on the screenshot, and providing, by the client responsive to the request, the screenshot resulting from the one or more mediation actions.

Abstract: Systems, methods, and computer-readable media are disclosed for the dynamic, real-time detection and clustering of emerging fraud patterns. Example methods may include determining an expected account registration volume and an actual account registration volume during a same period of time. Certain methods may include determining an abnormal fluctuation in account registration volume based on a difference between the expected account registration volume and the actual account registration volume during the period of time. Certain methods may include generating subsets of account registrations received during the period of time based on one or more shared characteristics. Certain methods may include generating an account cluster based on the subsets of account registrations. Certain methods may include sending the account cluster to a bulk closure system.

Abstract: Methods and devices for generated and handling an alert are described. In one aspect, an electronic device includes an input interface and an output interface. The electronic device also includes a memory storing an application and a processor coupled to the input interface, the output interface and the memory. The processor is configured to generate a selectable alert on the output interface while the electronic device is in a device lock mode. The selectable alert is associated with the secure application. The processor is also configured to, while the electronic device is in the device lock mode, receive, from the input interface, a signal representing a command to activate the selectable alert. The processor is also configured to, responsive to receiving the command to activate the selectable alert, execute a secure event in the secure application while the electronic device remains in the device lock mode.

Abstract: A computing device including a processor, memory, and instructions, interfaces with a key management system (KMS) that provides encryption keys using an Oblivious Pseudorandom Function (OPRF). The device obtains, based on a type of encryption key being requested, a public key of a public-private key pair. The device creates an Oblivious Key Access Request (OKAR), including a blinded value associated with a requested encryption key. The OKAR is transmitted to the KMS, and a response is received. The response includes a blinded OPRF output, which yields an OPRF output as a result of being subjected to an unblinding operation. The OPRF output is validated using the public key, either directly or via a challenge, and in response to a positive validation, the OPRF output is used as a final key, or an intermediary key used to derive the final key.

Abstract: An access control method, system, and a switch, pertains to the field of network technologies. The access control method includes receiving, by an authentication device, a packet from an access device, where the packet includes a virtual local area network (VLAN) identifier, and authenticating, by the authentication device based on the VLAN identifier and a preconfigured correspondence using an authentication method corresponding to the VLAN identifier, a terminal device sending the packet, where the correspondence includes a mapping from a plurality of VLAN identifiers to at least two authentication methods. Hence, the authentication method of the terminal device is determined based on the VLAN identifier such that different authentication methods may be used for terminal devices in different VLANs. Therefore, an access manner is flexible.

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

Abstract: A computing device includes a layering engine configured to direct workspace data to data storage, with the data storage including at least one persistent layer and a non-persistent layer. A policy engine cooperates with the layering image and is configured to determine if the workspace data is to be stored in the at least one persistent layer or the non-persistent layer based on a storage policy.

Abstract: An apparatus, method, system and computer-readable medium are provided for provisioning a user equipment device (UED). The UED may be configured to receive a generic configuration and (dynamically) derive settings specific to the UED that would otherwise have been received in the configuration. The UED may execute one or more applications to derive the settings specific to the UED. A first application may enable the UED to dynamically learn a fully qualified domain name (FQDN) and IP address of a node. A second application may enable the UED to generate authentication credentials for the UED. A third application may enable the UED to determine a port or ports that are authorized for service and a port or ports that are not authorized for service. A fourth application may enable the UED to determine a number associated with the UED.

Abstract: The present invention relates to a method for authenticating a user for services, by means of a mobile phone, comprising: receiving, by a server from a service, a request to authenticate a user, assigning an unique access number by the server, presenting the access number from the server to the user via the service, receiving, by the server by means of a terminal device that services the access number, information about a call performed by the user to the access number, the information containing at least the access number and the user's MSISDN, performing, by the server, a basic authentication of the user, comprising at least reading the user's MSISDN and the access number, transferring the result of the basic authentication from the server to the service. The invention also relates to a system authenticating a user, USER, by means of a mobile device.