Abstract: Shaving systems are disclosed that include a replaceable shaving assembly and a cartridge connecting structure for connecting the shaving assembly to a handle. In preferred implementations, the cartridge connecting structure has a magnetic portion configured to help draw the cartridge onto the handle and retain the cartridge in place when the razor is not in contact with the skin, and a mechanical engagement that provides the necessary retention forces required to keep the system intact during shaving.

Abstract: The present disclosure generally relates to displaying information related to a physical activity. In some embodiments, methods and user interfaces for managing the display of information related to a physical activity are described.

Abstract: A technique smartly manages user information. The technique involves receiving, using an input device, an input value from the user during a user transaction. The technique further involves applying, using electronic circuitry, an algorithm to generate a token on behalf of the user. The algorithm is arranged to provide tokens in a non-reproducible manner to prevent discovery of input values based on the tokens. The technique further involves associating the token value with the input value and collecting user information and associating the user information with the token during a time range which includes periods of transaction inactivity and further transaction activity by the user. Along these lines, the technique is capable of implementing mutually exclusive token states (e.g., “active”, “inactive”, “deactivated” and “compromised”) to smartly coordinate and maintain certain user information.

Abstract: A processing device comprises a processor coupled to a memory and is configured to obtain a credential associated with a particular access control interval, to determine an application programming interface (API) key based at least in part on the credential, and to utilize the API key in an API key enrollment protocol. The obtaining, determining and utilizing are repeated for one or more additional instances of the API key enrollment protocol corresponding to respective ones of one or more additional access control intervals. The processing device illustratively comprises a service requester device configured to carry out at least a portion of a given instance of the API key enrollment protocol with a service provider device. The API key may comprise, for example, the credential itself, or a function of the credential and other information. The credential may comprise, again by way of example, an intermediate value of a hash chain.

Abstract: A method of securely operating a computerized system includes forming a connection to a user-removable physical security device (PSD) which is uniquely paired with the computerized system and which stories cryptographically secured data required for performing a protected function on the computerized system. The PSD may be realized as a USB or similar peripheral device containing security-related data and potentially security processing capability as well. The protected function could be decrypting of encrypted data encryption keys used to encrypt/decrypt user data for example. A user who has an established association with the PSD (e.g. by some preceding registration process) is authenticated, resulting in activation of the PSD on the computerized system. Upon such activation of the PSD, the computerized system engages in a security operation using the cryptographically secured data from the PSD to enable the protected function to be performed under control of the user on the computerized system.

Abstract: A technique provides wireless communications security. The technique involves providing a mobile wireless communications apparatus (e.g., a smart phone) having DLP circuitry, and configuring the DLP circuitry to perform DLP scanning operations. The technique further involves conducting, after the DLP circuitry is configured to perform the DLP scanning operations, wireless communications sessions (e.g., a mobile phone calls) between the mobile wireless communications apparatus and external devices (e.g., wireless access points) while the DLP circuitry performs the DLP scanning operations. In some arrangements, the DLP circuitry is configured by a user to (i) allow only authorized apps to send sensitive information and/or (ii) block retransmission of the sensitive information (e.g., in the event an application containing spyware attempts to send the sensitive information to an attacker after the user has completed a legitimate transaction).

Abstract: A technique provides hardware security module (HSM) operability which is performed in a computing device. The technique involves running, by processing circuitry of the computing device, a virtual machine monitor to provide a virtual machine environment. The technique further involves running, by the processing circuitry, a security module VM within the virtual machine environment. The security module VM is configured to perform HSM operations on behalf of a set of other VMs. The technique further involves imposing, by the processing circuitry, a requirement that all access between the security module VM and the set of other VMs occur through the virtual machine monitor to isolate and protect the security module VM against tampering.

Abstract: A computer-implemented technique processes a potentially sensitive item of data (e.g., data which may be either a credit card number or a token having a similar format). The technique involves, after the potentially sensitive item of data is properly received within a physical memory location, generating a token result which indicates whether the potentially sensitive item of data satisfies a valid-token requirement. The technique further involves preserving the potentially sensitive item of data in an unaltered form within the physical memory location when the token result indicates that the potentially sensitive item of data satisfies the valid-token requirement. The technique further involves replacing the potentially sensitive item of data within the physical memory location with a token when the token result indicates that the potentially sensitive item of data does not satisfy the valid-token requirement.

Abstract: An improved technique for granting access to a complex datum maps a single user token representing a user onto a set of data group tokens, each data group token providing access to a data group stored on a storage medium. The improved technique combines the centralization of the complex datum while providing the security of tokenization and will lower the risk of a rogue third party gaining unauthorized access to the user's records stored across the data groups.

Abstract: A technique of imposing access control policies is presented. The technique comprises receiving a token which is associated with a datum by a tokenization server. The technique also includes generating an access control result based on at least a portion of the token. The technique further includes imposing a first access control policy which includes refraining from sending an access request to the tokenization server when the access control result has a first value and a second access control policy which includes sending an access request to the tokenization server, the access request being constructed and arranged to request access to the datum when the access control result has a second value which is different from the first value.

Abstract: A key management server in a storage area network (SAN) provides encryption keys for source and destination storage objects and also associates destination storage objects with source storage objects. When a source object is to be replicated, a replication facility in a storage system of a new destination object requests the key management server to associate the destination object with the source object and assign the data encryption key of the source object or a new data encryption key to the destination object. For recovery of the source object, a replication facility in the storage system of the source object obtains information from the key management server about the replica associated with the source object for replicating data from the destination object back to the source object.

Abstract: A technique of protecting a datum within a set of sensitive data is presented. In this technique, the datum includes a first set of bits satisfying a first set of constraints, and a computer receives the set of sensitive data from an authorized client. The technique involves producing a token corresponding to the datum, the token including a second set of bits distinct from the first set of bits, the second set of bits satisfying a second set of constraints, the second set of constraints being a superset of the first set of constraints. The technique further involves storing the datum and the corresponding token. The technique further involves sending the token to the authorized client, the authorized client enabled to perform, using the second set of bits, a verification that the token satisfies the second set of constraints, the verification being performed apart from the database.

Abstract: An improved technique for granting access to a complex datum maps a single user token representing a user onto a set of data group tokens, each data group token providing access to a data group stored on a storage medium. The improved technique combines the centralization of the complex datum while providing the security of tokenization and will lower the risk of a rogue third party gaining unauthorized access to the user's records stored across the data groups.

Abstract: Exactly-once semantics in a transaction processing system are provided by queuing requests for data base transactions on a "task queue" and assigning a unique identification number to each request or "task" placed on the queue. When a requested transaction is performed, the task identification number is written into the data base when the data base is updated at the end of the transaction. To ensure that the updates are made exactly once in the event of a partial system failure or "crash", the data base is read to obtain any preexisting task identification number before any updates are made. If a match occurs between the identification number of the current task and any preexisting task identification number, the requested transaction is terminated without performing any current updates. Automatic recovery with exactly-once semantics therefore occurs as the result of resumed servicing of the task queue.