Abstract: A bus communicates bits in parallel between a transmitter and receiver. A selected set of bits has its bits scrambled. Scrambling the bits includes assigning two or more bits of the selected set of bits to atypical lanes of the bus. By scrambling the bits, the order in which the bits of the selected set of bits are ready by a processer are obscured. The set of bits is transmitted to the receiver with one or more delays. The delays are on one or more of the lanes of the bus. The delays indicate the order of the bits. The receiver is configured to use the delays to identify the order of the bits and unscramble the set of bits.

Abstract: A mobile App using biometric encryption and decryption for privacy and security having both authentication and recognition functions. It utilizes the built-in camera of the mobile device to provide facial images for authentication purposes. It further includes a secured data communication system for conveniently sending and receiving data on the mobile devices. The secured data communication system also utilizes biometric encryption and decryption technology for granting permissions to access the data communication system. The biometric encryption is implemented by using a selective biometric feature and optimized biometric feature detection and tracking methods. Different biometric feature authentication methods are optimized for use on various mobile platforms, such as, Android, iOS, Windows and others. Data encryption and decryption are achieved by using selected biometric feature vectors as cryptographic keys.

Abstract: To realize a configuration to output content to a medium and to use the content stored in the medium under control of the use of content. A content-output-device outputs an encrypted content and an encryption key to be applied to the using process to the medium, and a management server generates a media ID verification value based on a media ID that is an identifier of the medium and transmits the value to the medium. The medium stores the encrypted content, the encryption key, and the media ID verification value in a storage unit. A reproduction device loads the medium and calculates a verification value based on the media ID acquired from the medium, and executes a reproducing process of the encrypted content stored in the medium by data processing to which the encryption key is applied on condition that a matching process performed between the verification value and the media ID verification value stored in the medium is established.

Abstract: Systems and methods are disclosed for performing location-based authentication using location-aware devices. One method includes: receiving an access request comprising authentication credentials and a first location from a first location-aware device; receiving a second location from a second location-aware device associated with the authentication credentials; and upon determining that the first location and second location are within a pre-determined distance, authenticating the authentication credentials.

Abstract: Described herein is a system and method for supporting an identity management provider in a cloud computing environment. In accordance with an embodiment, an identity management (IDM) provider can provide an identity store (e.g., LDAP directory) configuration for use by a cloud platform (e.g., CloudLogic) service. In accordance with an embodiment, the IDM provider can centrally manage one or more identity store configurations, and supply a particular configuration to the orchestration engine when a service is being provisioned, so that the service can then be launched with an appropriate identity store. This allows a platform administrator to specify identity store configurations once and in one place, instead of having to create an identity store configuration for each service.

Abstract: A computer-implemented method for de-identifying data by creating tokens through a cascading algorithm includes the steps of processing at least one record comprising a plurality of data elements to identify a subset of data elements comprising data identifying at least one individual; generating, with at least one processor, a first hash by hashing at least one first data element with at least one second data element of the subset of data elements; generating, with at least one processor, a second hash by hashing the first hash with at least one third data element of the subset of data elements; creating at least one token based at least partially on the second hash or a subsequent hash derived from the second hash, wherein the token identifies the at least one individual; and associating at least a portion of a remainder of the data elements with the at least one token.

Abstract: A device may receive a network address and a signature. The network address may be associated with a sponsored data campaign, and the signature may be generated based on a security key and based on the network address. The device may perform a validation operation on the signature to validate that the network address is associated with the sponsored data campaign. The validation operation may be performed based on the security key. The security key may be obtained based on a key identifier. The device may selectively permit or deny access to content associated with the network address based on a result of the validation operation.

Abstract: In one aspect, relates to a system and method of seamlessly encrypting data files before uploading them to a public cloud storage system by providing an encrypted drive system (EDS) that forms a security layer around existing cloud storage services to provide enhanced protection to data. The EDS also provides a convenient interface to specify data protection policies across connected cloud storage applications. The EDS implements standard functionalities like accessing, search and sharing directly on the encrypted data using secure indexing and querying of encrypted data. The EDS is able to guarantee a much higher level of security for data in the cloud without the user having to compromise on the features of the various applications.

Abstract: The disclosed computer-implemented method for determining malicious-download risk based on user behavior may include (1) identifying a set of users that are at high risk for malicious downloads and a set of users that are at low risk for malicious downloads, (2) determining a high-risk pattern of download behavior that is shared by the set of high-risk users and that is not shared by the set of low-risk users, (3) analyzing download behavior of an uncategorized user over a predefined time period in order to categorize the download behavior as high-risk or low-risk, and (4) categorizing the uncategorized user as a high-risk user in response to determining that the download behavior of the uncategorized user falls within a predefined similarity threshold of the high-risk pattern of download behavior. Various other methods, systems, and computer-readable media are also disclosed. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A request to establish a VPN connection between a customer data center and a set of resources of a provider network is received. A new isolated virtual network (IVN) is established to implement a virtual private gateway to be used for the connection. One or more protocol processing engines (PPEs) are instantiated within the IVN, and a respective VPN tunnel is configured between each of the PPEs and the customer data center. Routing information pertaining to the set of resources is provided to the customer data center via at least one of the VPN tunnels, enabling routing of customer data to the set of resources within the provider network from the customer data center.

Abstract: A method for securing data in a storage grid is provided. The method includes generating a storage key from key shares of at least two storage clusters of a storage grid having at least three storage clusters and generating a grid key from the storage key and an external secret. The method includes encrypting data with the grid key to yield once encrypted data and encrypting the once encrypted data with the storage key to yield twice encrypted data. The method includes storing the twice encrypted data in a first storage cluster of the storage grid and storing the twice encrypted data in a second storage cluster of the storage grid, wherein at least one method operation is performed by a processor.

Abstract: A processing device comprises a processor coupled to a memory and is configured to obtain data characterizing login events for multiple user identifiers. The data associated with a given one of the user identifiers is processed to generate a login profile for a corresponding user, and likelihood statistics are generated for respective ones of multiple time bins based on the login profile. Data characterizing one or more additional login events for the given user identifier is obtained, and a confidence measure is generated for a given one of the additional login events based on one or more of the likelihood statistics and a time bin associated with the given additional login event. The confidence measure is compared to a threshold and an alert relating to the given additional login event is generated and transmitted to a security agent. The processing device may be implemented in a network security system.

Abstract: A user of a mobile device is authenticated in a manner that enables the user access to a credential that has been issued by a credential-issuing organization. One or more keys are identified that are associated with the credential and that enable access to one or more physical resources associated with the credential-issuing organization. A physical orientation of the user's mobile device is determined. A display arrangement of one or more control icons that enable usage of the one or more keys is determined based on a physical orientation of the one or more physical resources relative to the determined physical orientation of the mobile device. The one or more control icons are displayed in accordance with the determined display arrangement.

Abstract: A computer of a data processing system includes a software encryption engine and path circuitry that initially provides one or more paths for conveying data of storage I/O requests to and from a storage device, the paths including an encrypting path having a hardware encrypting component. According to a failover technique, in a first operating state, (a) the data of the storage I/O requests is conveyed via the encrypting path with encryption and decryption of the data being performed by the hardware encrypting component, and (b) monitoring is performed for occurrence of an event indicating that the hardware encrypting component has become unavailable for encrypting and decrypting the data of the storage I/O requests.

Abstract: Disclosed are various examples of providing analog security for digital data. Content is split into a plurality of framelets. A first framelet is sent to a first client device. A second framelet is sent to a second client device. When the first and second client devices are oriented such that the first and second framelets are aligned in a particular manner, the content is made viewable to a user.

Abstract: A system and method for exchanging identity information and for correlating protected data across independent data systems connected through a network is disclosed. The system contains connectors in communication with protected data systems which house the protected data. Edge servers in communication with the connectors store correlation data sets that correlate protected data records using permanent tokens generated by the connectors. Root servers in communication with the edge servers store identity correlations generated by the root servers and propagated to the edge servers. Data identifiers used in the protected data system are correlated with distinct data identifiers used in the edge and root servers. The correlations are propagated throughout the edge servers so that each data system can transfer data to another data system without using the protected data identifiers.

Abstract: A system and method for exchanging identity information and for correlating protected data across independent data systems connected through a network is disclosed. The system contains connectors in communication with protected data systems which house the protected data. Data is correlated between the protected data systems through coincident authentication of both systems by a user. Messages are exchanged which allow the identity exchange system to correlate data based on a session identifier from an authenticated session on one of the protected data systems.

Abstract: Methods and systems of authenticating electronic identification (ID) documents may provide for receiving a decryption key and an encrypted ID document from a certificate authority server at a mobile device, wherein the encrypted ID document includes a read only document having a photograph of an individual. Additionally, the decryption key may be applied to the encrypted ID document to obtain a decryption result in response to a display request. The decryption result can be output via a display of the mobile device, wherein the encrypted ID document can be sent to a challenge terminal if a challenge request is received.

Abstract: The present invention is directed to a method and an apparatus for use in a wireless communication system, specifically, the method is directed to perform a ProSe discovery procedure by a first ProSe-enabled UE in a cellular communication system, the method comprising: encrypting a payload of a discovery signal by using a private key of the first ProSe-enabled UE; adding a public key of the first ProSe-enabled UE to the payload of the discovery signal; and transmitting the discovery signal including the payload and the public key of the first ProSe-enabled UE to one or more second ProSe-enabled UEs, wherein the public key of the first ProSe-enabled UE is used for the one or more second ProSe-enabled UEs to decrypt the payload of the discovery signal.

Abstract: Contextual information associated with a mobile device can be automatically acquired using various sensors on the device. Based on the contextual information and an access control policy associated with an application on the mobile device, a level of access to the application can be determined. An entity may be identified, authenticated and authorized to gain full access, varying degree of restricted access or no access to the application based on the access control policy. Different applications may be provided different levels of access based on the access control policy associated with each application.