Abstract: Techniques for managing stored information in an implantable medical device system using multiple user accounts are described. An implantable medical device system may provide a general user account and a set of authenticable user accounts. In some examples, the general user account does not require a user of a programmer in an implantable medical device system to enter user identity information to manage information stored in the implantable medical device system. The general user account may be permitted to perform a subset of actions available to an authenticable user account. In some examples, an authenticable user account may rollback changes made to the stored information by the general user account. An authenticable user account may also be able to synchronize changes made to the stored information across all or some of the user accounts.

Abstract: A system communicates a client application and a web application and receives configuration data operable within the web application and the client application. The system distributes the configuration data to the client application and the web application. The distributed configuration data is then used to configure the client application and the web application.

Abstract: The present disclosure provides a method of creating a unique passcode for a computer system with graphics which enhance a user's episodic memory. Disclosed systems and methodology further relate to passcode authentication in response to prompting an individual to enter a passcode via display of images.

Abstract: A communication network is defended using a distributed infrastructure that leverages coordination across disparate abstraction levels. At each node computing device comprising a communication network, a stored event list is used to detect at least one node event which occurs at a machine code level and is known to have the potential to interfere directly with the internal operation of the node computing device. The at least one node event is one which is exclusive of an event within a network communication domain. In response to detecting the at least one node event at one of the plurality of network nodes, an optimal network-level defensive action is automatically selectively determined by the network. The network level defensive action will involve a plurality of network nodes comprising the communication network.

Abstract: Network security and robustness is analyzed by developing correlations among network maliciousness observations to determine attack susceptibility. Network traffic is analyzed at the autonomous system (AS) level, among connected Internet Protocol (IP) routing prefixes, to identify these observations. The traffic is monitored for any of a number of specified mismanagement metrics. Correlations among these metrics are determined and a unified network mismanagement metric is developed, indicating network susceptibility to potentially malicious attack.

Abstract: A security control platform receives a virtual machine starting request message that is from user equipment and forwarded by a management platform, where the virtual machine starting request message includes an identifier of a virtual machine that needs to be enabled and user information; invokes a third-party trusted platform to determine that the virtual machine starting request message is initiated by the user equipment according to an instruction of an authorized user; and performs authentication on the user information, and based on successful authentication, invokes the third-party trusted platform to decapsulate the virtual machine that needs to be enabled. It is ensured that other user equipment (including the management platform) cannot obtain a key of the third-party trusted platform, which enhances security of management control on the virtual machine, and thereby enhances security of a cloud computing platform.

Abstract: A method of identifying and authenticating a network user includes receiving a first network layer packet from a first user entity. The first network layer packet may include first unique identification information unique to the first user entity and independent of a first network address associated with the first network layer packet. The method further includes verifying, at a network layer of a network, that the first network layer packet is from the first user entity based on the first unique identification information.

Abstract: Methods and apparatus for collection and processing of data relating to users of a content-delivery network. In one embodiment, the content delivery network is a cable or satellite or HFCu network, and the apparatus includes an architecture for routinely harvesting, parsing, processing, and storing data relating to the activities of the users (e.g., subscribers) of the network. In one variant, at least portions of the data are anonymized to protect subscriber privacy.

Abstract: A method and system for controlling online user account using a mobile device. The method includes receiving an option to lock an online account of a user from a service provider. The computer-implemented method also includes locking the online user account by using a mobile device. Further, the computer-implemented method includes initiating a user action at a later point of time. Furthermore, the computer-implemented method includes receiving an alert to unlock the online user account in order to perform the user action and obtaining an unlock password from the service provider. Moreover, the computer-implemented method includes unlocking the online user account with the unlock password by using the mobile device and performing the user action subsequent to the unlocking, thereby controlling the online user account using the mobile device. The system includes a computing device, a web browser, a service provider and a mobile device.

Abstract: Methods may display a URI of a resource. Methods may determine the presence of a non-public data element in the URI. Methods may generate a random number in response to the determination of the presence of the non-public data element. Methods may compute a resultant number based on the exclusive or of the random number and the non-public data element. Methods may substitute the resultant number for the non-public data element in the URI. Methods may transmit the URI and the random number to a server. Methods may receive a resource from the server, in response to the transmission of the URI and the random number to the server. Methods may compute the non-public data element using the random number and the resultant number. Methods may substitute the non-public data element for the resultant number in the URI. Methods may re-determine the URI of the resource.

Abstract: Techniques and tools for quantum key distribution (“QKD”) between a quantum communication (“QC”) card, base station and trusted authority are described herein. In example implementations, a QC card contains a miniaturized QC transmitter and couples with a base station. The base station provides a network connection with the trusted authority and can also provide electric power to the QC card. When coupled to the base station, after authentication by the trusted authority, the QC card acquires keys through QKD with a trust authority. The keys can be used to set up secure communication, for authentication, for access control, or for other purposes. The QC card can be implemented as part of a smart phone or other mobile computing device, or the QC card can be used as a fillgun for distribution of the keys.

Abstract: A secret sharing apparatus generates, from secret data, a plurality of pieces of shared data from which the secret data is able to be restored. The secret data includes a plurality of pieces of divided data which does not include a random number. The secret sharing apparatus includes a shared data generating section which performs an XOR operation between the pieces of divided data and generates the plurality of pieces of shared data which includes the result of the XOR operation between the pieces of divided data.

Abstract: Methods may display a URI of a resource. Methods may determine the presence of a non-public data element in the URI. Methods may generate a random number in response to the determination of the presence of the non-public data element. Methods may compute a resultant number based on the exclusive or of the random number and the non-public data element. Methods may substitute the resultant number for the non-public data element in the URI. Methods may transmit the URI and the random number to a server. Methods may receive a resource from the server, in response to the transmission of the URI and the random number to the server. Methods may compute the non-public data element using the random number and the resultant number. Methods may substitute the non-public data element for the resultant number in the URI. Methods may re-determine the URI of the resource.

Abstract: A mobile secret communications method based on a quantum key distribution network, comprises the following steps: a mobile terminal registering to access the network and establishing a binding relationship with a certain centralized control station in the quantum key distribution network; after a communication service is initiated, the mobile terminals participating in the current communication applying for service keys from the quantum key distribution network; the quantum key distribution network obtaining addresses of the centralized control stations participating in service key distribution during the current communication, designating a service key generation centralized control station according to a current state indicator of each centralized control station; the service key generation centralized control station generating service keys required in the current communication and distributing the keys to the mobile terminals participating in the current communication.

Abstract: A method, system and computer-usable medium are disclosed for automatically deploying a network security policy based on virtual network topology in a dynamic software defined network (SDN) comprising: providing a flow control interface in a dynamic SDN wherein the flow control interface receives virtual network topology, operational endpoints, and policy to apply to the operational endpoints; responsive to receiving an SDN change indication, identifying changes to enforcement points for an SDN change corresponding to the SDN change indication; and, providing enforcement points affected by the SDN change with a policy reflecting the SDN change.

Abstract: Provided is a method for transmitting signed data and an electronic signature token, the method comprising: an electronic signature token obtaining a signing request data packet comprising data to be signed; signing the data to be signed to obtain signed data; obtaining a preset first transmitting strategy, and obtaining first data to be transmitted according to a part of the signed data and the first transmitting strategy, and transmitting the first data to be transmitted; after obtaining the signing request data packet, extracting and outputting the key information of the data to be signed; obtaining a confirmation instruction for the outputted critical information of the data to be signed; after obtaining the confirmation instruction, obtaining a preset second transmission strategy, and obtaining second data to be transmitted, according to a remaining part of the signed data and the second transmission strategy, and transmitting the second data to be transmitted.

Abstract: Methods and apparatus for collection and processing of data relating to users of a content-delivery network. In one embodiment, the content delivery network is a cable or satellite or HFCu network, and the apparatus includes an architecture for routinely harvesting, parsing, processing, and storing data relating to the activities of the users (e.g., subscribers) of the network. In one variant, at least portions of the data are anonymized to protect subscriber privacy.

Abstract: A computerized method for obtaining collaboration with an object of a computerized system, comprising receiving at an owner party that owns the object a request from a requesting party employing a requesting mechanism of the computerized system to collaborate the object with a recipient party, providing by the owner party a decision to the recipient party whether to grant the recipient party to collaborate with the object, and registering, in a data construct of the computerized system, data comprising a status indicative of the decision, thereby providing for the computerized system to determine whether to allow the recipient party to collaborate with the object, wherein the method is performed on an at least one computer of the computerized system configured to perform the method, and an apparatus for performing the same.

Abstract: A system providing a service to a service receiving apparatus includes a management information storage that stores management information including service identification information, user authentication information of a user, and device authentication information of the service receiving apparatus that are associated with each other; an authentication information receiving unit that receives, as authentication information, at least one of user authentication information and device authentication information from the service receiving apparatus; an authentication unit that performs authentication by referring to the management information storage based on the received authentication information; an obtaining unit that obtains process target data from an external service based on an entry request from the service receiving apparatus that has been successfully authenticated; and a conversion unit that converts the obtained process target data into output data with a data format that the service receiving appar

Abstract: Two processing elements in a single platform may communicate securely to allow the platform to take advantage of the certain cryptographic functionality in one processing element. A first processing element, such as a bridge, may use its cryptographic functionality to request a key exchange with a second processing element, such as a graphics engine. Each processing element may include a global key which is common to the two processing elements and a unique key which is unique to each processing element. A key exchange may be established during the boot process the first time the system boots and, failing any hardware change, the same key may be used throughout the lifetime of the two processing elements. Once a secure channel is set up, any application wishing to authenticate a processing element without public-private cryptographic function may perform the authentication with the other processing element which shares a secure channel with the first processing element.