Abstract: Access by a mobile station to a femto access point (FAP) of a wireless communication system is controlled by an enforcement point in response to mobile station authorization data provided from a storage point that is remote from the FAP. The authorization data is provided in response to FAP authentication data. The authentication data may include a FAP identifier and a message authenticator that the FAP generates by hashing shared secret information. The storage point may provide the authorization data in response to determining that the message authenticator is a hash of the shared secret information.

Abstract: A confidentiality preserving system and method for performing a rank-ordered search and retrieval of contents of a data collection. The system includes at least one computer system including a search and retrieval algorithm using term frequency and/or similar features for rank-ordering selective contents of the data collection, and enabling secure retrieval of the selective contents based on the rank-order. The search and retrieval algorithm includes a baseline algorithm, a partially server oriented algorithm, and/or a fully server oriented algorithm. The partially and/or fully server oriented algorithms use homomorphic and/or order preserving encryption for enabling search capability from a user other than an owner of the contents of the data collection. The confidentiality preserving method includes using term frequency for rank-ordering selective contents of the data collection, and retrieving the selective contents based on the rank-order.

Abstract: In overview, the various embodiments provide methods implemented by a processor executing a DASH client on a receiver device for determining when, in view of a change in the receiver device's resources (e.g., bandwidth, battery power, etc.), to cancel or abandon downloading the current segment at the current representation and restart download of the current segment at a different representation to meet one or more performance objectives and/or optimizations related to the change in the receiver device's resources. In various embodiments, the receiver device processor may perform a cost-benefit analysis to determine whether switching representations during the ongoing download of the current segment will benefit the performance of the receiver device, and the receiver device processor may switch representations in response to determining that switching representations would improve the performance of the receiver device.

Abstract: A method of operating a computer system includes: obtaining, at the computer system, verification-input information associated with each of multiple hardware components of the computer system; cryptographically processing, at the computer system, the verification-input information to obtain a cryptographic result; and determining, at the computer system, whether to allow or inhibit, depending upon a comparison of the cryptographic result with a verification value, further operation of at least one of the hardware components.

Abstract: Methods and apparatuses are provided for facilitating access controls for digital objects stored within a peer-to-peer overlay network. A privacy-preserving method is provided for matching identities between a first peer node and a second peer node in a peer-to-peer network. Such identity matching may be used, for example, to ascertain whether the first peer node should provide access to certain digital object stored in the peer-to-peer overlay network. Rather than providing its identities in an unprotected format, the second peer may provide its identities to the first peer node in a concealed representation so as to prevent the first peer from learning about non-matching identities. Such concealed representation may be a data structure that cryptographically conceals one or more identities of the second peer node or a user of the second peer node within a shared data space of the data structure.

Abstract: Methods and apparatuses are provided for facilitating group access controls in peer-to-peer or other similar overlay networks. A group administrator may create a group in the overlay network and may assign peer-specific certificates to each member of the group for indicating membership in the group. A group member peer node can access data objects in the overlay network using its respective peer-specific certificate to authenticate itself as a group member. The authentication is performed by another peer node in the network. The validating peer node can authenticate that the group member is the rightful possessor of the peer-specific certificate using a public key associated with the peer node to which the peer-specific certificate was issued. The validating peer node can also validate that the peer-specific certificate was properly issued to the group member using a public key of the apparatus that issued the peer-specific certificate.

Abstract: A method for controlling flash memory is described. The method includes selecting a new forward error correction (FEC) parameter set that provides more redundancy than a current FEC parameter set. The method also includes coding source information bits, using the new FEC parameter set, during write operations to a first corrupted page in the flash memory. The method further includes mapping the first corrupted page and at least one additional corrupted page in the flash memory to a single logical page with an expected page size.

Abstract: Methods and systems are described for verifying the source and integrity of a media presentation description (MPD) defined by the Dynamic Adaptive Streaming over HTTP (DASH) protocol. A streaming client receives an MPD from an MPD publisher. The MPD can include addresses associated with one or more media servers and/or advertising servers. The streaming client can receive from the MPD publisher at least one of a digital signature, cryptographic key, and certificate information associated with the MPD. The streaming client can verify the legitimacy of the MPD by verifying the digital signature using the received cryptographic key. The streaming client may use the certificate information to verify the MPD. The streaming client can prevent playing the media associated with the MPD if the MPD is not legitimate. The legitimacy of servers associated with addresses in the MPD may also be verified using authentication information for servers stored in the MPD.

Abstract: Methods and systems are described for verifying that advertising content has been downloaded by a client. When a streaming client requests advertising content from an advertising server, the streaming client receives one or more verifiers from the advertising server. The streaming client sends information associated with the verifiers to a media server. The media server is configured to validate streaming of the advertising content to the streaming client based on the information associated with the verifiers.

Abstract: A client device includes one or more processors configured to send a plurality of probe requests for segments of media data to a server device, wherein the server device provides the media data using a live streaming service, analyze responses to the plurality of probe requests to determine a left edge and a right edge of a segment availability window, and send a request for a segment within the segment availability window based on the determined left edge and the determined right edge of the segment availability window, in accordance with the live streaming service.

Abstract: A method, apparatus, and/or system for execution prevention is provided. A state indicator for a first subset of a plurality of memory pages of executable code in a memory device is set to a non-executable state. A state indicator for a second subset of the plurality of memory pages is set to an executable state, where the second subset of the plurality of memory pages includes indirection stubs to functions in the first subset of the plurality of memory pages. Upon execution of an application, a function call is directed to a corresponding indirection stub in the second subset of the plurality of memory pages which modifies the state indicator for a corresponding function in the first subset of the plurality of memory pages prior to directing execution of the called function from the first subset of the plurality of memory pages.

Abstract: A client device presents streaming media and includes a stream manager for controlling streams, a request accelerator for making network requests for content, a source component coupled to the stream manager and the request accelerator for determining which requests to make, a network connection, and a media player. A process for rate estimation is provided that will react quickly to reception rate changes. The rate estimator can use an adaptive windowed average and take into account the video buffer level and the change in video buffer level in a way so to guarantee that the rate adjusts fast enough if there is a need, while keeping the windowing width large (and thus the measurement variance) large. A guarantee might be that when a rate drop or rise happens, the estimator adjusts its estimate within a time proportional to a buffer drain rate or buffer fill level.

Abstract: Disclosed is an apparatus and method to detect vehicle theft. In one embodiment, a processor may be configured to execute instructions to: receive a vehicle detection signal from a vehicle detector; determine whether a vehicle is present or absent based upon the vehicle detection signal; establish an authentication credential after the vehicle is determined to present; and validate the authentication credential to indicate validated parking. If the vehicle is determined to be absent and an authentication credential to un-park the vehicle has not been validated, a notification action may be transmitted to appropriate personnel to indicate that the vehicle has been moved or un-parked without proper authentication.

Abstract: Embodiments enable HTTP servers to pass incomplete and/or corrupted files in response to file requests from clients. In the various embodiments, HTTP servers may be enabled to generate status codes identifying that an incomplete version of a file is being returned in response to a file request. In an embodiment, an HTTP server may be enabled to determine the ability of a client to handle incomplete versions of files.

Abstract: Methods and apparatuses are provided for facilitating data access controls in peer-to-peer or other similar overlay networks. A peer node storing a data object may receive a request for access to the stored data object, and may locate in the network an access control list associated with the data object using a routing mechanism included in the data object. The peer node may determine whether the requested access is authorized based on the access control list, and may grant or deny access based on the determination. A peer node storing an access control list may receive a request from a peer node storing a data object for information relating to access controls associated with the data object. The peer node storing the access control list may then send the requested information relating to the access controls associated with the data object.

Abstract: A method, apparatus, and/or system for execution prevention is provided. A state indicator for a first subset of a plurality of memory pages of executable code in a memory device is set to a non-executable state. A state indicator for a second subset of the plurality of memory pages is set to an executable state, where the second subset of the plurality of memory pages includes indirection stubs to functions in the first subset of the plurality of memory pages. Upon execution of an application, a function call is directed to a corresponding indirection stub in the second subset of the plurality of memory pages which modifies the state indicator for a corresponding function in the first subset of the plurality of memory pages prior to directing execution of the called function from the first subset of the plurality of memory pages.

Abstract: A method of operating a computer system includes: obtaining, at the computer system, verification-input information associated with each of multiple hardware components of the computer system; cryptographically processing, at the computer system, the verification-input information to obtain a cryptographic result; and determining, at the computer system, whether to allow or inhibit, depending upon a comparison of the cryptographic result with a verification value, further operation of at least one of the hardware components.

Abstract: Methods and apparatuses are provided for facilitating access controls for digital objects stored within a peer-to-peer overlay network. A privacy-preserving method is provided for matching identities between a first peer node and a second peer node in a peer-to-peer network. Such identity matching may be used, for example, to ascertain whether the first peer node should provide access to certain digital object stored in the peer-to-peer overlay network. Rather than providing its identities in an unprotected format, the second peer may provide its identities to the first peer node in a concealed representation so as to prevent the first peer from learning about non-matching identities. Such concealed representation may be a data structure that cryptographically conceals one or more identities of the second peer node or a user of the second peer node within a shared data space of the data structure.

Abstract: A method of position clustering includes maintaining a set of clusters by storing a rectangular boundary of each cluster in the set of clusters, a centroid within each cluster, and a number of the points within each cluster. The method further includes adding a point to a cluster in the set of clusters when the cluster bounds the point by adjusting the rectangular boundary of the cluster, the centroid within the cluster, and the number of the points within the cluster.

Abstract: Methods and apparatuses are provided for facilitating group access controls in peer-to-peer or other similar overlay networks. A group administrator may create a group in the overlay network and may assign peer-specific certificates to each member of the group for indicating membership in the group. A group member peer node can access data objects in the overlay network using its respective peer-specific certificate to authenticate itself as a group member. The authentication is performed by another peer node in the network. The validating peer node can authenticate that the group member is the rightful possessor of the peer-specific certificate using a public key associated with the peer node to which the peer-specific certificate was issued. The validating peer node can also validate that the peer-specific certificate was properly issued to the group member using a public key of the apparatus that issued the peer-specific certificate.