Abstract: A method implemented in a computing system hosting a three-dimensional virtual reality world. The computer system stores a set of searchable records, each having: a searchable hash of at least a portion of personally identifiable information; and an encrypted identity, decryptable using an encryption key generated based at least in part on the searchable hash and a global key. In response to a search request identifying at least a portion of personally identifiable information as a search criterion, the computer system generates a hash of the search criterion, and finds a matching searchable record that has a searchable hash equal to the hash computed from the search criterion. An encryption key is computed based on the global key and the matched searchable record to decrypt an encrypted identity of a user having at least the portion of personally identifiable information that is the search criterion in the search request.

Abstract: Embodiment for systems, method and computer program products for transacting a secure retail transaction (SRT). The system comprises a seller device to generate seller information associated with a financial transaction, a unique, one-time-only transaction identification and seller's financial institution data. A buyer device receives a transaction invoice having transaction invoice information and generates encrypted buyer data with the transaction invoice information. The system includes a transaction manager to generate a single transaction data packet comprising encrypted buyer data from the buyer device and the seller information transmitted and establishes a communication session from the buyer to transmit the encrypted transaction data packet to a buyer's financial institution. The buyer's institution sends the transaction packet information to the seller's institution for pairing with the unique, one-time-only encrypted invoice within allotted time established by the seller.

Abstract: An intelligent location based services and navigation hybrid system comprising a client having location based service capability and a server, the system setting a condition for new or updates of a relevant information by the server and/or client, selecting the relevant information for the updates by the server, transmitting the relevant information from the server, receiving the updates of the relevant information by the client, and selecting an operational mode by the client.

Abstract: A processing device comprises a processor coupled to a memory and is configured to identify a plurality of mobile application market sites accessible over a network, and to extract features from each of the mobile application market sites. Health scores are computed for respective ones of the mobile application market sites based on the corresponding features extracted from those mobile application market sites. One or more proactive measures are initiated to prevent one or more mobile devices from downloading mobile applications from any of the mobile application market sites having computed health scores below a specified threshold. The mobile application market sites may be identified as respective alternative mobile application market sites relative to a known primary mobile application market site. The alternative mobile application market sites may comprise respective alternative mobile application stores.

Abstract: Systems, methods, and computer program products to perform an operation comprising monitoring a set of file access requests to a file from an application to obtain permission and identity information related to the monitored requests, wherein the monitoring includes obtaining a runtime stack from the application, determining, based on environment information in the runtime stack, whether a first set of privileges available to the application are greater than a second set of privileges available to a the user of the application, storing the permission and identity information and an indication of whether the first set of privileges is greater than the second set of privileges in a data file, and adjusting the privileges for the user based on the determination.

Abstract: Securing a virtual machine to be executed on a host machine is accomplished by authenticating, by the virtual machine during an initial boot routine, an identity of the host machine. If the identity does not match a predetermined value, then authenticating the identity of the host machine fails and data associated with the virtual machine is deleted.

Abstract: A system, device, and method for providing policy-based secure cloud booting include a mobile computing device and a web server. The mobile computing device determines a remote boot address specifying the location of a boot resource on the web server. The mobile computing device opens a secure connection to the web server and maps the boot resource to a local firmware protocol. The mobile computing device executes the boot resource as a firmware image using the local firmware protocol. The boot resource may be a compact disc or DVD image mapped through a block I/O protocol. The boot resource may be a remote file system mapped through a file system protocol. The remote boot address may be configured using a manageability engine capable of out-of-band communication. The remote boot address may be determined based on the context of the mobile computing device, including location. Other embodiments are described and claimed.

Abstract: Multiple revisions of an encoded data slice are generated, with each revision having the same slice name. Each of the data slices represents the same original data portion, but each is encoded so that no single data slice can be used to reconstruct the original data portion. Appropriate revision numbers are associated with each encoded data slice, and the encoded data slices and associated revision numbers are transmitted for storage in selected storage units of a distributed storage network. If write confirmations are received from at least a write threshold number of storage units, a commit command is transmitted so that the most recently written data slices will be available for access. After a commit command is issued, a current directory used to access the encoded data slices can be sliced, encoded, and stored in the same way as the data slices.

Abstract: A method, non-transitory computer readable medium, and apparatus for establishing a secure communication link between a mobile endpoint device and a networked device are disclosed. For example, the method scans an optical code, wherein the optical code contains configuration information and an encryption key, configures the mobile endpoint device in accordance with the configuration information, sends a request to the networked device to establish the secure communication link, wherein the request is encrypted using the encryption key and receives a confirmation from the networked device that the secure communication link is established between the mobile endpoint device and the networked device once the networked device has authenticated the mobile endpoint device based upon the request, wherein the confirmation is encrypted using the encryption key.

Abstract: A device may receive traffic flow information that includes user device identifiers. The device may receive, from a user device accessing an application associated with a third party service, an authentication request to authenticate the user device with a third party device that provides the third party service. The request may include a session token that identifies a session, an application identifier that identifies the application, and a user device identifier that identifies the user device. The device may determine to authenticate the user device based on whether the user device identifier matches one of the user device identifiers included in the traffic flow information. The device may provide, to the third party device, the session token and an indication of whether the user device has been authenticated to permit the third party device to allow or deny access to the third party service.

Abstract: Certain example embodiments described herein relate to techniques for automatically protecting, or hardening, software against exploits of memory-corruption vulnerabilities. The techniques include arranging a plurality of guard regions in the memory in relation to data objects formed by the application program, identifying an access by the application program to a guard region arranged in the memory as a disallowed access, and modifying the execution of the application program in response to the identifying, the modifying being in order to prevent exploitation of the memory and/or to correctly execute the application program.

Abstract: A hardware and software bundle that can enable computers and mobile phones to communicate small data packages without relying on the internet or the central cellular network infrastructure. The bundle enables users to send text messages and other data. For example, GPS coordinates, multimedia from the situation, accelerometer and other sensor data can all be sent over a decentralized network, enabling enhanced communication and situation response when the central grid is unavailable.

Abstract: A message distribution system replicates a collection of messages across multiple regional data centers. When any of the data centers receives a message for distribution from an authorized publisher, it transmits the message to each of the other data centers so that the collection of messages is immediately replicated among each data center. When any data center determines that a subscriber is connected to it, that data center determines which messages in the data collection the subscriber is authorized to receive, and it automatically sends those messages to the subscriber.

Abstract: As disclosed herein, a computer program product, executed by a computer, includes receiving, from a user, a request for access to a shared system, wherein the request comprises a user identifier and a user password corresponding to the user, and determining privileges corresponding to the shared system using the user identifier. The computer program product further includes requesting, from an identity manager, a shared identifier and a shared password corresponding to the shared system, receiving, from the identity manager, the shared identifier and the shared password, and using the shared identifier and the shared password to enable the user to use the shared system.

Abstract: As disclosed herein a computer system, executed by a computer, includes receiving, from a user, a request for access to a shared system, wherein the request comprises a user identifier and a user password corresponding to the user, and determining privileges corresponding to the shared system using the user identifier. The computer system further includes requesting, from an identity manager, a shared identifier and a shared password corresponding to the shared system, receiving, from the identity manager, the shared identifier and the shared password, and using the shared identifier and the shared password to enable the user to use the shared system.

Abstract: Embodiments of the present disclosure provide a method, computer program product, and system for monitoring a dynamic random-access memory (DRAM) device to detect and respond to a cryogenic attack. A processor receives a set of memory information about a DRAM device. The processor then determines a set of error indicators by processing the memory information using a set of decision parameters. The error indicators are then compared to an attack syndrome to determine if the DRAM is experiencing a cryogenic attack. If the DRAM is experiencing a cryogenic attack, access to the DRAM device is disabled.

Abstract: A system and associated methods for encrypting data are disclosed. In at least one embodiment, a key manager is located in memory on an at least one computing device and configured for creating and managing an at least one encryption key to be used for encrypting the data. An at least one key file is also located in memory on the at least one computing device and is associated with an at least one authorized user. The key file contains a key field comprising a pseudo random string of bytes and a unique hash value used to associate the key file to the user. A set of base characters are randomly selected from the key field, such that the base characters are a subset of the key field. An encryption key is generated by inputting the base characters into an encryption algorithm. The data is encrypted using the encryption key.

Abstract: Various methods for unwanted traffic control in a wireless network are provided. One example method may include detecting an occurrence of unwanted content as indicated by receipt of a complaint about a content item provided by a source device, wherein the complaint may be received from a remote mobile device or generated locally based on a local detection. The example method may further include determining a trust value for the source device based at least on the complaint, determining that the source device is a distrusted device based at least on a comparison between the trust value and a trust threshold value, and causing traffic from the source device to be controlled as unwanted traffic. Similar and related example methods, example apparatuses, and example computer program products are also provided.

Abstract: Included are embodiments for assignment and failover of resources. More specifically, at least one embodiment of a method includes assigning, to a user of an access device (202), at least one primary resource (210, 212). Some embodiments include assigning, to the user of the access device (202), at least one backup resource (210, 212).

Abstract: A secure device enrollment process to enroll a mobile device for access to a service can include receiving an application package including an application used for accessing the service via the mobile device. The application authenticity and the application integrity of the downloaded application are determined. The device integrity of the mobile device is also determined. An automatic enrollment message digest is generated to facilitate enrollment of the mobile device. The enrolment message digest provides an association between the downloaded application, the mobile device, and user identifying information of a user of the mobile device; and is sent to a server associated with a service provider to enroll the mobile device for the service provided by the service provider.