Abstract: A method for hash perturbation with queue management in data communication is provided. Using a first set of old queues corresponding to a first hash function, a set of data packets corresponding to a set of session is queued. At a first time, the first hash function is changed to a second hash function. A second set of new queues is created corresponding to the second hash function. A data packet is dequeued from a first old queue in a set of old queues. A second data packet is selected from a second queue in the set of old queues. A new hash value is computed for the second data packet using the second hash function. The second data packet is queued in a first new queue such that the second packet is in position to be delivered first from the first new queue.

Abstract: Various embodiments can enable a content item associated with a sharer account of a content management system to be shared with a recipient account of the content management system. The content item can be analyzed to determine at least some information about the content item, which can include one or more properties associated with the content item, one or more representations of one or more content portions present in the content item, or any combination thereof. A communication can notify the recipient account that the sharer account has shared the content item with the recipient account. The communication can further comprise the determined information about the content item, which can include the one or more properties and/or the one or more representations of the content portions. This information can enable the recipient to make a better decision regarding whether or not to accept the share invitation.

Abstract: The disclosure herein describes an intelligent chat system. During operation, the system monitors content provided by participants of an online chat, and automatically obtains, from a data source, additional information based on the monitored content. The system then presents the obtained additional information to the chat participants without the need for the chat participants to request the additional information.

Abstract: Described herein are devices and techniques for automatically determining in a presence-enabled messaging service, the presence status of at least one subscriber identified in a user's list of user contacts, and for filtering subsequent transmission of related network messages (packets) responsive to each user contact's presence status. In preparation for the real-time text exchange between such messaging (e.g., IM or chat) subscribers, an initializing user requests presence status for all user contacts. An association of presence status formed in response to replies to the user probe. Such associations can be stored as a data structure, such as a Bloom filter, a hash table, a list, or the like. Subsequent presence messages (e.g., broadcasts, probes) from the initialized user are filtered, in response to the associated contact status. For example, subsequent presence messages are only sent to those user contacts believed to be online.

Abstract: The disclosed embodiments relate a messaging system, such as an email system, a text-messaging system or an instant-messaging system, that enables a user to save a message attachment to an online content management system (for example, to their Dropbox™). The system receives a call from a messaging system associated with the user to save a message attachment to the online content management system, wherein the call includes a link to the message attachment. In response to the call, the system commences downloading the message attachment to the online content management system. While the message attachment is downloading, the system provides a selection interface to enable the user to select a destination for the message attachment within the online content management system. After the user selects the destination and after the message attachment finishes downloading, the system saves the message attachment to the selected destination in the online content management system.

Abstract: In some embodiments, techniques for electronic messaging may include receiving an email message; receiving an interaction with a user interface relating to the email message; extracting an email address associated with the email message; determining that the email address matches an entry in a whitelist; and responsive to receiving the interaction with the user interface relating to the email message and to determining that the email address matches the entry in the whitelist, removing the entry from the whitelist.

Abstract: Systems, method sand computer program products for facilitating the automatic deletion of received emails after a user-selectable time period has elapsed are disclosed. In various embodiments, email messages contain a header field referred to as an “Expiration Time” header field that dictates the length of time the email will reside in a designated Inbox prior to its automatic deletion by an email server. The server is able to automatically delete the received email as long as the email is residing in a folder that is synched to the server. A user receiving the email has access to the Expiration Time Header field and can modify its value if desired and allowed by the sender. The user can move the retrieved email to a folder that is not synched to the server, thus preventing the email from being automatically deleted by the server.

Abstract: A method and system for the efficient creation and management of an e-mail distribution list. The method includes receiving, from a first sender, a first e-mail message directed to an e-mail address comprising a list name. An e-mail distribution list is created comprising a distribution list name, wherein the distribution list name is the list name of the e-mail address. The first sender is added as a first subscriber to the distribution list. A second e-mail communication directed to the e-mail address is received and the second sender is added as a second subscriber to the e-mail distribution list in view of the second e-mail communication.

Abstract: An exemplary method includes a media content discovery system 1) receiving a message addressed to a personalized destination within a media content consumption service, the message having originated outside of the media content consumption service, 2) posting information associated with the message to the personalized destination within the media content consumption service for access by a user from within the media content consumption service, 3) receiving a request provided by the user from within the media content consumption service to access the information posted to the personalized destination, and 4) providing, within the media content consumption service in response to the request, a personalized user interface that presents the posted information. Corresponding systems and methods are also disclosed.

Abstract: Embodiments of the present invention address deficiencies of the art in respect to instant messaging and real-time communications systems and provide a method, system and computer program product for automated partner list management in a real-time communications system. In one embodiment, a real-time communications data processing system can include a real-time communications server, a history log configured to record user interaction records for different users of the real-time communications server, a set of partner lists for the different users, and partner list management logic coupled to each of the real-time communications server and history log. The partner list management logic can include program code enabled to remove individual ones of the different users from a single one of the partner lists which individual ones of the different users meet at least one configurable criteria.

Abstract: A message distribution system comprising an analytics system to receive an inquiry with qualifiers to generate an estimate of the number of mobile devices associated the with qualifiers, wherein the qualifiers comprise at least one characteristic associated with at least one of a mobile device, a mobile device user, or a mobile device owner, generating an estimate of the number of mobile devices associated with the qualifiers at a future time which may receive messages, and transmit the estimate of the number of mobile devices to a common campaign system. The system comprises a common campaign system to provide the qualifiers for selection, transmit the inquiry with the qualifiers to at least the analytics system to receive an estimate of the number of mobile devices associated with the qualifiers, and receive the estimate of the number of mobile devices associated with the qualifiers.

Abstract: A method of forwarding selected passages from an electronic document being displayed on an electronic reader to a designated recipient. The method includes electronically selecting a passage from the electronic document, and automatically associating metadata with a selected passage upon selection by the user. The method also includes storing the selected passage together with the associated metadata in a file in the memory of the electronic reader. The method further includes electronically checking the selected passage for compliance with special requirements, the special requirements including a designated size of the selected passage, the special requirement of the designated size of the selected passage being of a variable size designated by the user based on user preference. The method also includes electronically transmitting the stored selected passage and associated metadata from the electronic reader to a designated recipient after completion of the electronic checking by the electronic reader.

Abstract: While each node in a cluster of nodes sources connections with the same IP if each node allocates a port on this IP independently, there may be port clashes. Also, the return traffic is not guaranteed to hit the originating node. These issues are addressed by allocating a port in such a way that the response traffic hashes back to the originating node. A good hash is chosen such that the ports are equally divided among the nodes. When a node leaves, the other nodes take over the port range used by this node. When a node joins, the node takes back its share of ports.

Abstract: A method of detecting a content desired to be detected includes receiving electronic data at a first host, determining a checksum value using the received electronic data, sending the checksum value to a processing station, the processing station being a second host that is different from the first host, and receiving a result from the processing station, the result indicating whether the electronic data is associated with a content desired to be detected. A method of detecting a content desired to be detected includes receiving electronic data at a receiving station, and determining whether the received electronic data is associated with a content desired to be detected, wherein the receiving station does not include content detection data for identifying the content desired to be detected.

Abstract: A method, system and apparatus for authenticating a communication request sent from a client computing device. The communication request is initially blocked by a firewall preventing delivery to a server. A first logging event corresponding to the communication request is created. The communication request and the logging event are stored in a firewall. The server is notified of the first logging event. The communication request corresponding to the first logging event is authenticated. A port in the firewall is enabled if the communication request is authenticated.

Abstract: First and second nested virtual private networks share a common rekey service. A first key server generates first cryptographic keys and policies for use by gateways of the VPN to encrypt and decrypt data packets. The key server establishes a connection with a second key server to generate second cryptographic keys and policies independently of the first key server for use by encryption units of a second VPN that is nested with and operates independently of the first VPN. The first key server refreshes the first cryptographic keys in the first VPN gateways using a common rekey service, and cooperates with the second key server to refresh the second cryptographic keys in the second VPN encryption units using the common rekey service.

Abstract: Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service to create and configure computer networks that are provided by the configurable network service for use by the users. Secure private access between a computer network provided for a user by the configurable network service and one or more other remote computing systems of the user (e.g., a remote private network) may be enabled in various ways. For example, a user may programmatically invoke an API provided by the configurable network service to obtain assistance in establishing remote access from a remote location to a provided computer network of the configurable network service, such as to establish a VPN connection from the remote location to the provided computer network using hardware and/or software supplied to the remote location in response to the API invocation.

Abstract: A device may verify whether pinholes in a perimeter protection device are open and may determine pinhole opening and closing delays. The method for determining the pinhole opening delay may include sending a stream of packets for passing through the pinhole in the network perimeter protection device. The packets in the stream may be sent at known time intervals. The method may include receiving one or more of the packets in the stream, wherein the received packets passed through the pinhole. The pinhole opening delay may be based on an indication of the position of the first one of the packets received in the stream and the known time intervals. The pinhole closing delay may be based on the number of packets having passed through the pinhole, after sending a session termination message, and the known time intervals.

Abstract: A system uses multi-level encoding where each symbol of a plurality of symbols represents more than one bit of information in a user data symbol stream for transfer using a multilevel transmission channel. The user data symbols are represented in a digital bitwise form such that each symbol is presented as a plurality of bits and each bit is subject to a different probability of error. An error correction procedure is applied based on the different error probability that is associated with each bit in the plurality. The channel can be configured to support a mosaic tile structure, each tile containing a channel symbol such that a selected tile has a collective error probability that is different from other tiles. Customized coding can be applied to the tile structure to allocate a selected amount of error correction power to the selected tile based on an overall available correction power.

Abstract: A secure end-to-end communication system is implemented via one or more security processing devices. In one embodiment, a method includes: loading, by a key manager, a first set of keys into a security device; encrypting first data with the first set of keys using the security device; and sending, over a network, the encrypted first data to an external site or a mobile device. The method may further include: requesting the encrypted data from the external site or mobile device; receiving, over the network, the encrypted first data; and decrypting the received encrypted first data with the first set of keys using the security device.

Abstract: A mechanism is provided for secure data storage in a distributed computing system by a client of the distributed computing system. A gateway device intercepts a data file from at least a portion of stream data during transmission. If the destination of the data file is the storage, the gateway device selects a set of analysis algorithms to determine whether the data file comprises sensitive data.

Abstract: A network device comprises a storage device storing an application program for a secure communications service, and at least one processor configured to execute the application program for the secure communications service so as to enable the network device to send a request to look up a network address of a second device based on an identifier associated with the second device, receive an indication that the second device is available for the secure communications service, the indication including the requested network address and provisioning information for a secure communication link, connect to the second device over the secure communication link, using the received network address of the second device and the provisioning information for the secure communication link, and communicate at least one of video data and audio data with the second device using the secure communications service via the secure communication link.

Abstract: A method includes sending an open request to a directory server for a first key, the first key being a trusted key wrapped in a public key. The open request includes an authentication request value that identifies the open request as a verified setup directory service, the public key, an email address and a specified out-of-band communication channel. The directory server sends a first reply after generating the first key, which first reply is sent directly back with a first half of the first key offset by a unique value and wrapped using the public key. The second reply is sent via email to the email address, which second reply includes a second half of the first key offset by the first half of the first key. The third reply is sent to the out-of-band channel, which third reply includes the unique value.

Abstract: A method and apparatus is provided for establishing a Global System for Mobile communications (GSM) call through an Unlicensed Mobile Access (UMA) Network by enabling Voice over IP (VoIP) access into a GSM network from various IP-enabled mobile device terminals and a mechanism to authenticate and use such terminals without any change to the UMA or GSM network.

Abstract: Methods and credential systems for use in controlling access to a computer system are disclosed. One example method includes receiving a request for a temporary single-factor credential associated with a user account, modifying the user account to allow single-factor authentication to permit access to the computer system, issuing the temporary single-factor credential, wherein the password includes a lifetime, disabling the temporary single-factor credential, when the lifetime ends, such that access to the computer system via the temporary single-factor credential is terminated, and modifying the user account associated to require multi-factor authentication for access to the computer system.

Abstract: An authenticating method of communicating connection between a terminal and a gateway apparatus, the method including transmitting authentication information and first intrinsic identification information that is intrinsic identification information of the terminal from the terminal to the gateway apparatus and requesting the authentication; authenticating the communicating connection by using at least one of the first intrinsic identification information and the authentication information; and when the authenticating is successful, generating at least one authentication key by using at least one of the first intrinsic identification information and second intrinsic identification information that is intrinsic identification information of the gateway apparatus, thereby increasing communication security between the terminal and the gateway apparatus.

Abstract: The subject disclosure relates to a method for initiating an accelerated desktop session between a client and a remote. In some aspects, the method includes steps for intercepting a remote desktop connection request, connecting to a network gateway, based on the remote desktop connection request and initiating a first connection with a remote server via the network gateway using a first communication protocol. In certain aspects, the method further includes steps for receiving a token from the remote server, sending the token from a client device to the remote server or a proxy to authenticate the client device and initiating a second connection with the remote server, via the proxy, wherein the second connection is initiated using a second communication protocol. A client device and computer-readable medium are also provided.

Abstract: A method for alerting Internet content providers of the age or other personal information of a computer user, which includes receiving a reverse DNS lookup query from an Internet content provider; and providing the age information of the computer user, in addition to a host name, from a reverse map zone file in response to the request. The personal information may be used by the content provider to select appropriate content for the requesting host, for example for complying with content restrictions. A system of alerting an Internet content provider of the age or other personal information of a computer user is also provided.

Abstract: The invention enables a client device that does not support IEEE 802.1X authentication to access at least some resources provided through a switch that supports 802.1X authentication by using dynamic authentication with different protocols. When the client device attempts to join a network, the switch monitors for an 802.1X authentication message from the client device. In one embodiment, if the client fails to send an 802.1X authentication message, respond to an 802.1X request from the switch, or a predefined failure condition is detected the client may be deemed incapable of supporting 802.1X authentication. In one embodiment, the client may be initially placed on a quarantine VLAN after determination that the client fails to perform an 802.1X authentication within a backoff time limit. However, the client may still gain access to resources based on various non-802.1X authentication mechanisms, including name/passwords, digital certificates, or the like.

Abstract: A method and apparatus for sharing content by selecting a device with which the content is to be shared and performing authentication by using a device which is being called. The method of sharing content of a first device includes: performing authentication of a remote access service for sharing the content with a second device based on a call connection state between the first device and the second device; remotely accessing the second device according to a result of the authentication; and sharing the content based on the remote access.

Abstract: Methods, apparatus and systems are provided for programming a vehicle module. An exemplary vehicle includes a first module, a gateway module communicatively coupled to the first module, and an update module communicatively coupled to the gateway module. The update module is configured to provide authorization information and programming data to the gateway module. The gateway module is configured to verify that programming of the first module is authorized based at least in part on the authorization information and provide the programming data to the first module after verifying that the programming of the first module is authorized.

Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.

Abstract: An information processing device including a controller configured to accept a selection of a service from among a plurality of services including a first service and a second service, control a display unit to display an authentication screen, when accepting a selection of the first service, control a communication unit to transmit authentication information input on the authentication screen displayed in response to acceptance of the selection of the first service, to a first external device configured to perform authentication for the first service, store into a storage the authentication information transmitted to the first external device, and when accepting a selection of the second service and determining that the authentication information is stored in the storage, control the communication unit to transmit the authentication information stored in the storage, to a second external device configured to perform authentication for the second service.

Abstract: Methods, systems, and media for providing access control for a computing device are provided. In some implementations, methods for providing access control for a computing device are provided, the methods comprising: receiving a first request to authenticate the computing device from a first sender device; authenticating the computing device based at least in part on the first request; transmitting a session identifier and a session key to the first sender device; receiving an application identifier associated with the sender device from the computing device; determining, using a hardware processor, whether a sender application executing on the sender device is valid based at least in part on the application identifier; and transmitting the session key to the computing device in response to determining that the sender application is valid.

Abstract: A method and system for collecting, aggregating, and displaying type specific content in an inbox like view are described. An inbox manager collects information about data objects that are stored locally and stored remotely. This information may be stored as inbox information on a local computing system. Using the inbox information, the inbox manager creates an inbox view of merged inbox items from the local data objects and the remote data objects. The inbox view is configured to display the inbox items as being merged into a single view regardless of where the respective data objects are stored.

Abstract: A system and a method for single-sign-on (SSO) in a virtual desktop infrastructure (VDI) environment are disclosed. The system includes a VDI service server configured to provide a virtual desktop environment to a user terminal according to a request from the user terminal, and a VDI authentication interworking gateway configured to receive VDI environment information of the user terminal from the VDI service server and carry out delegated user authentication for a target system in the virtual desktop environment using the VDI environment information.

Abstract: A user device stores first authentication information used to grant access to a resource associated with a first application, and configuration information relating to a second application. The user device receives an authentication request from the second application requesting second authentication information. Based on the configuration information relating to the second application, the user device determines whether the first authentication information contains some or all of the requested second authentication information. The user device generates an authentication response to the authentication request, using the first authentication information, and sends the authentication response to the second application in order to permit access to a resource associated with the second application.

Abstract: A method and apparatus for providing radio communication with an electronic object in a local environment are disclosed. For example the method receives via a mobile endpoint device of a user at least one first digital certificate associated with the local environment from a trusted source, and a second digital certificate from the electronic device deployed in the local environment via a wireless connection. The method then authenticates the electronic device using the at least one first digital certificate and the second digital certificate.

Abstract: Systems and methods disclosed herein relate to the protection of a plurality of protected personas on a protected network that may be isolated from a telecommunication service provider's network that supports a portable electronic device. The plurality of personas may be generated by the owners and/or administrators of the network on which the personas reside. Activating a persona on a device, whether that device is owned and maintained by the business or businesses affiliated with the protected network, enables access to a plurality of data on the business's network and restricts access to at least some of the capabilities and functionality of the device available under the original persona. Data created or modified while the protected persona is activated on the device may not be accessed while the original persona is active and may be uploaded dynamically or manually to the protected network.

Abstract: A method for authentication includes receiving a log-in request at a first client computer, and capturing user information with the request. The method includes capturing an image of the user, and sending a request for authentication, including the user information and image, to an authentication server. The method includes determining a representative user based on the user information, and determining an authorizing agent responsible for authorizing the representative user. The method includes sending the authentication request to a client computer associated with the authorizing agent, and providing verified identification information of the representative user along with the request so that the authorizing agent can perform authentication of the requesting user based on the user information, the captured image, and the verified identification information.

Abstract: Image scanning and encoding technologies can be utilized to authenticate devices to virtual desktops and to transfer virtual desktop sessions between devices. One device (e.g., PC or laptop) may encode certain information into an image that is displayed on a display screen, while another mobile device equipped with a digital camera (e.g., mobile phone or tablet) can be used to scan the image on the display screen. Once the image is scanned, it can be decoded by the mobile device to get the information encoded in the image (e.g., device ID, session ID, etc.). The information obtained from the image can be used to authenticate a device or to transfer a virtual desktop session between the devices.

Abstract: A method and system for providing security against phishing attacks. The method can include receiving a login ID from a client, and providing an encrypted commitment to the client. The method can also include receiving a one-time password (OTP) from the client, and validating the OTP. The method can also include sending a commitment key, to be authenticated by the client, receiving a static password from the client and authenticating the client. Embodiments of the invention are directed to a system for providing security against phishing attacks. The system can include one or more servers configured to receive a login ID from a client, and provide an encrypted commitment to the client. The processors can be configured to receive a one-time password (OTP) from the client, validate the OTP, send a commitment key, to be authenticated by the client, receive a static password from the client and authenticate the client.

Abstract: A method is provided for generating a soft token by which attributes of a user may be authenticated. A request to generate the soft token is transmitted from an electronic device of the user to a service provider computer via a first secure connection. After receiving the request, the service computer generates a one-time password, records the password as a session identifier, and transmits the password to the electronic device. The password is output by the electronic device via a user interface. The user enters the password into a user computer system, from where it is transmitted, via a second secure connection, to the service computer system. If the recorded password agrees with the received password, one or more attributes are read from an ID token of the user and a corresponding soft token is generated and transmitted to the electronic device or user computer system.

Abstract: A distributed passcode verification system includes devices that each have a hardware secret and that are each able to perform a limited number of verifications using their hardware secrets. Passcode verifiers receive passcode information from a passcode information manager. The passcode information provides information usable, with a hardware secret, to verify passcodes provided to a verifier.

Abstract: Embodiments are directed to a system and method for authenticating a user of a client computer making a request to a server computer providing access to a network resource through an authentication platform that issues a challenge in response to the request requiring authentication of the user identity through a reply from the client computer, determining one or more items of context information related to at least one of the user, the request, and the client computer, and determining a disposition of the request based on the reply and the one or more items of context information. The reply includes a user password and may be provided by an authorizing client device.

Abstract: Systems, methods, and program products for providing secure authentication for electronic messages are disclosed. A method may comprise generating an asymmetric private key based at least in part upon an invariant biometric feature vector derived from an input biometric reading. The private key may be further based at least in part upon a user password. The resulting private key may not be stored but rather may be generated when required to authenticate an electronic message, at which time it may be used to provide a digital signature for the electronic message. The private key may be deleted after use. The private key may be regenerated by inputting both a new instance of the biometric reading as well as a new instance of the password.

Abstract: According to one embodiment, there is provided an authentication apparatus, including: a communication unit, a verifier and a connection configuration checker. The communication unit receives a message related to network access authentication on a first communication apparatus, the message including an address of the first communication apparatus and more than zero address of an authentication relay. The verifier verifies an authenticity of the first communication apparatus in response to receipt of the message by the communication unit. The connection configuration checker identifies a first destination to which the first communication apparatus intends to connect, on the basis of the address of the first communication apparatus or the address of the authentication relay included in the message when verification succeeds, and determines whether to authorize connection by the first communication apparatus to the first destination or not.

Abstract: Systems and methods are disclosed for providing, generating, and managing profiles. Such systems and methods may be implemented to control access to a function of a web server or site based on a level of trust associated with a user or device profile. According to one exemplary method, session information associated with a request to access a function of a web server is identified. At least one processor determines whether the request is associated with a trusted device profile based on the at least the session information. Access to the requested function is provided when the request is associated with a trusted device profile.

Abstract: In an embodiment, content may be encrypted by a first device using a dual hash chain technique, where the first device maintains a forward hash chain and a second device maintains a backward hash chain, and content keys for encrypting content are derived using values of the forward and backward hash chains. The second device may not have knowledge of a seed used to generate the forward hash chain, and therefore may be unable to generate the content keys, reducing a likelihood that the encrypted content becomes compromised. Additionally, embodiments provide for techniques for using proxy re-encryption (PRE) to re-encrypt content, such that the encrypted content may be provided to and decrypted by a requesting device without knowledge of the forward and backward hash chains. Additionally, embodiments provide techniques for distributing encrypted content to a requesting device with fine-grained access control.

Abstract: The disclosed system and method enhances security of people, organizations, and other entities that use what has been termed “social media.” Recent trends have shown that information posted to social media may cause tremendous damage to individuals and other entities. This includes information that was posted deliberately or unintentionally, including social security numbers, financial data and other sensitive information. Further, information that previously may have been viewed as innocuous, such as location data, has caused harm on certain occasions and may need to be protected. The disclosed system provides a novel method of screening, identifying, and preventing certain information from being posted on social media and other public locations. In addition, the disclosed system and method improves security by motivating people to use security software by offering rewards for its use.