Abstract: Systems and methods that regulate range of access to personal information of a mobile unit's owner. The access control component can designate granularity for access levels and/or a spectrum of access modes—(as opposed to a binary choice of full access or no access at all). Such access can be based on a spectrum and/or discrete trust relationship between the owner and user of the mobile unit. A profile definition component can exploit an owner's trust relationships to designate levels of security. The profile definition component can further define a profile based on a set of applications, such as entertainment mode, browser mode, and the like.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for analyzing data that includes security threat information. One of the methods includes identifying intelligence types that each categorizes a subset of data, associating, for each of the intelligence types, each of the subsets of data, which are categorized by the respective intelligence type, with the respective intelligence type, determining rules for a third party that each indicate that the third party should receive data associated with particular types of potential security threats and priority information for the data, determining, for each of the potential security threats indicated in the rules, a group of the subsets that include information associated with the respective potential security threat, assigning, for each subset in each of the groups, a priority to the respective subset using the priority information, and providing the determined subsets to the third party using the respective priorities.

Abstract: Examples of techniques for authenticating mobile applications are described herein. A method includes receiving, at a first server, a key pair and a policy file associated with a mobile service on a second server, the policy file includes a plurality of security objects to be authenticated, a plurality of computing devices to authenticate the security objects, and an order of authentication. The method includes distributing the key pair and the policy file to a security device. The method also includes receiving, at the first server, an authentication request from a mobile application. The method further includes creating an authenticity challenge as specified in the policy file and sending the authenticity challenge with a response to the mobile application.

Abstract: A method, system, and computer program product for detecting malicious code insertion in data are provided in the illustrative embodiments. At an application executing using a processor and a memory in a data processing system, a script that has been inserted in a mix of code and content is detected. A content-related portion is removed from the script to form a remaining script structure, the content-related portion referring to the content in the mix. From the remaining script structure, a code construct is selected and replaced with an alphanumeric string to form a normalized construct. Whether the normalized construct matches, within a tolerance, a second normalized construct in a corpus of normalized scripts is determined. Responsive to the normalized construct matching the second normalized construct within the tolerance, a conclusion is drawn that the script is malicious.

Abstract: A method, system, and computer program product for detecting malicious code insertion in data are provided in the illustrative embodiments. At an application executing using a processor and a memory in a data processing system, a script that has been inserted in a mix of code and content is detected. A content-related portion is removed from the script to form a remaining script structure, the content-related portion referring to the content in the mix. From the remaining script structure, a code construct is selected and replaced with an alphanumeric string to form a normalized construct. Whether the normalized construct matches, within a tolerance, a second normalized construct in a corpus of normalized scripts is determined. Responsive to the normalized construct matching the second normalized construct within the tolerance, a conclusion is drawn that the script is malicious.

Abstract: A system for privacy screen-based security comprises an input interface and a processor. The input interface is configured to receive authentication information. The processor is configured to, in the event authentication is determined to be successful, provide a privacy access screen, wherein the privacy access screen provides access to a set of applications or data, and determine whether to automatically transition to a new privacy screen, wherein the transition to the new privacy screen is automatic under a specific set of circumstances.

Abstract: A mobile device may be associated with a vehicle for verification of software updates. The mobile device may be configured to receive a message including an encryption key with which a software update for the vehicle is encrypted, provide a user interface requesting user verification of installation of the software update, and responsive to receipt of the user verification, provide the encryption key to the vehicle to allow the vehicle to decrypt the software update. An update server may be configured to send a software update encrypted using an encryption key to a vehicle, receive a request from the vehicle requesting that the encryption key used to encrypt the software update be provided to a mobile device associated with the vehicle for verification of software updates, and send the encryption key to the mobile device responsive to the request.

Abstract: A method and system are provided for automatic wireless connection to a digital device in a portable terminal, wherein information about the portable terminal is acquired. The information about the portable terminal is commonly used for automatic wireless connection to the digital device. A state of a Wireless Local Area Network (WLAN) is checked and activated, and the WLAN is set to an Ad-hoc mode. A Service Set Identifier (SSID) of the WLAN is set using the acquired portable terminal information, a security key of the WLAN is set using the acquired portable terminal information, and an Internet Protocol (IP) address of the WLAN is automatically set using the acquired portable terminal information.

Abstract: A digital rights management (DRM) method for protecting emails can apply different protection policies to different components of an email such as the message body and the attached digital files. While an email application of the client encrypts the entire email document including both the message and the attachments, a plugin module on the client obtains user input regarding the DRM policies to be applied to individual attachments and then transmits the encrypted email along with the information about the DRM policies for the individual attachments to a digital rights management server. The server first decrypts the entire email document, then applies the user-specified DRM policies to the attachments individually. The server re-composes an email and attaches the individually protected attachments, and transmits the email to the exchange server.

Abstract: An information processing method of convenience and an information processing system are disclosed. In some embodiments, the system includes acquiring a 1st attribute information from a person with a personal digital assistant that contains a 2nd attribute information; acquiring the 2nd attribute information from two or more personal digital assistants; comparing the acquired 1st attribute information with the acquired 2nd attribute information to form countervalue information; and storing the countervalue information in the personal digital assistant of the person from which the 1st attribute information was acquired.

Abstract: In a general aspect, shared secrets for lattice-based cryptographic protocols are generated. In some aspects, a public parameter (a) is obtained, where the public parameter is an array defined for a lattice-based cryptography system. A first secret value (s) and a second secret value (b) are obtained. The first secret value is a second array defined for the lattice-based cryptography system, and is generated based on sampling an error distribution. The second secret value is a third array defined for the lattice-based cryptography system, and is a product of the first and second arrays (b?as). A public key ({circumflex over (b)}) is then generated by applying a compression function to the second secret value (b), and the public key is sent to an entity. A shared secret (?) is then generated based on information received from the entity in response to the public key.

Abstract: A system and method for with an inmate in a privileged communication are disclosed. a communication system includes a portal subsystem that determines whether a communication should be monitored, or not, based on received information, including access information, from a first communication device. Based on the determination, the communication system bypasses a monitoring subsystem and stores and/or transmits the communication to a second communication device by way of a non-monitoring subsystem.

Abstract: The invention relates to a client computer for querying a database stored on a server via a network, the server being coupled to the client computer via the network, wherein the database comprises first data items and suffix items, wherein each suffix item describes a suffix of at least one first data item of the first data items, wherein for each suffix item a first referential connection exists in the database assigning said suffix item to the at least one first data item comprising the suffix of said suffix item, wherein each suffix item is encrypted with a suffix cryptographic key in the database, wherein each first data item is encrypted with a first cryptographic key in the database, wherein the client computer has installed thereon an application program, the application program being operational to: receiving a search request, the search request specifying an infix search expression, said expression comprising a first wildcard term on the left side of a search criterion and a second wildcard term o

Abstract: Authenticating a user by presenting an authentication instruction to an individual via any computing device output interfaces, the authentication instruction selected from an identity authentication profile, receiving a response to the authentication instruction via any input methods supported by the computing device, the response including content provided through the performance of an action, determining a current action measurement for characteristics associated with the action, and a current content measurement for characteristics associated with the content, where the characteristics are associated with the authentication instruction, determining that each of the measurements matches a corresponding benchmark associated with the authentication instruction to within a predefined tolerance, where the benchmarks are selected from the identity authentication profile and performing the presenting, receiving, and determining steps for each of a predefined number of authentication instructions selected from the

Abstract: A portion of text associated with a message intended for a group of recipients is encrypted at a computing device. The portion of text may include less than an entirety of the message. Access to the portion of text may be restricted for a first subset of the group of recipients and allowed for a second subset of the group of recipients.

Abstract: Systems and methods for evaluation of events are provided. A user-specific reference baseline comprising a set of temporally-ordered sequences of events. An event of a sequence of events in a current session is received. A determination is made as to whether the event at least partially matches the reference baseline using an attribute of the event and a temporal position of the event within the sequence of events in the current session.

Abstract: An electric system including a first wireless apparatus, a display apparatus and a second wireless apparatus is provided. A first information is encrypted to be a first encrypted information and sent wirelessly by the first wireless apparatus. The display apparatus includes a display unit and a wireless communication unit electrically connected to the display unit. The wireless communication unit receives the first encrypted information and cause the display unit to display a first representative information corresponding to the first encrypted information. The first representative information and the first encrypted information are different. The second wireless apparatus reads the first encrypted information by the wireless communication unit, and the first encrypted information is decrypted to be the first encrypted information by the second wireless apparatus.

Abstract: An improved technique involves analyzing a system configuration upon a system boot and sending the configuration to a system configuration database that provides configuration details for enabling features of a software package. Such configuration details take the form of configuration parameters having values that may include, for example, an amount of RAM installed in the system, or the operating system used. The configuration database stores values of these parameters in a persistent store and makes these values available to the system when a software package is launched. At this point, the system accesses the database and obtains the values of the configuration parameters. The system uses these values to determine whether to activate particular features of the software package.

Abstract: Methods, systems, and computer program products for preventing sharing of sensitive information through code repositories are provided herein. A method includes detecting one or more items of sensitive information in a check-in associated with a given user in a shared version management system; automatically refactoring the one or more items of sensitive information in the check-in by externalizing the one or more items of sensitive information as an encrypted file; and upon acceptance by the user of one or more changes to the check-in, automatically (i) decrypting the encrypted file using one or more code repository credentials associated with the given user, and (ii) incorporating the one or more items of sensitive information into the check-in.

Abstract: An information processing apparatus determines, in response to acceptance of an edit of a file including a plurality of setting items, whether or not the information processing apparatus supports a version corresponding to the plurality of setting items included in the file. In the case of determining that the information processing apparatus supports the version, the information processing apparatus displays an edit screen of the file on a display unit of the information processing apparatus. In the case of determining that the information processing apparatus does not support the version, the information processing apparatus displays the edit screen of the file on the display unit of the information processing apparatus, using edit screen data for a display process by a network device that supports the version.