Abstract: A method and system of physically solving the charge, mass, and current density functions of organic molecules using Maxwell's equations and computing and rendering the physical nature of the chemical bond using the solutions. The solutions can be used to solve the dipole moments in molecules or induced dipole moments between species that in turn can be used to solve condensed matter parameters and reaction kinetics. The results can be displayed on visual or graphical media. The display can be static or dynamic such that electron motion and specie's vibrational, rotational, and translational motion can be displayed in an embodiment. The displayed information is useful to anticipate reactivity and physical properties. The insight into the nature of the chemical bond of at least one species can permit the solution and display of those of other species to provide utility to anticipate their reactivity and physical properties.

Abstract: Provided is an electronic device. The electronic device includes at least one processor for executing a plurality of operating systems; and a mobile high-definition link (MHL) module. The operating systems include a normal operating system for controlling a content service and a secure operating system for receiving information for controlling digital rights management (DRM) content from the MHL module and controlling a DRM service.

Abstract: Provided is a technology for improving the efficiency and the accuracy of data security. To this end, protection information provided to data is maintained correct even when it becomes necessary to change the necessity/non-necessity to protect the data depending on the content of a process performed on the data. More specifically, primitive data with protection attributes set thereon is read as the original data, and an operation is performed on the original data to generate derived data. Then, whether to make the derived data inherit the protection attributes of the original data is determined on the basis of a content of the operation performed on the original data.

Abstract: An analysis including a comparison is performed of first and second applications and a determination is made regarding whether the first is a counterfeit version of the second application, or vice-versa. Based on the analysis and comparison, and based on an assessment of the first application, an assessment of the second application may be generated.

Abstract: A computer-implemented method of pre-permissioning a computer application is disclosed. The method includes receiving a request from a user to install a software application, identifying one or more computing services required for operation of the software application, presenting the one or more computing services to the user for review, determining whether the user approves installation of the computer application, and installing the application on a computing device assigned to the user if the user approves installation of the computer application.

Abstract: The different advantageous embodiments provide a system for managing license utilization comprising a client system, a number of message transport servers, and a number of license management servers. The client system is configured to generate a number of messages having information about usage associated with a project code or a business unit. The number of message transport servers replicates the number of messages. The number of messages is transmitted to a message transport server in the number of message transport servers. The message transport server receiving the number of messages replicates the number of messages to each message transport server. The number of license management servers has a number of license management services configured to listen for updates from the number of message transport servers. The updates are the number of messages replicated across the number of message transport servers.

Abstract: Disclosed herein are systems, methods, and software for facilitating application licensing. In at least one implementation, license information for an application is identified based at least in part on a developer profile associated with the application and a state of a license for the application identified from at least a portion of the license information. Presentation of the application in accordance with the state of the license for the application can then be initiated.

Abstract: A computer system for dumping a confidential image on a trusted computer system. A trusted computer system loads an encrypted client dumper image key. The trusted computer system decrypts, with a private host key, the encrypted client dumper image key to generate a client dumper image key. The trusted computer system loads an encrypted dumper including a client dump key, in response to determining that the client dumper image key matches a client image key which encrypts a boot image of a current operating system. The trusted computer system decrypts, with the client dumper image key, the encrypted dumper to generate a dumper including the client dump key. The trusted computer system starts the dumper. The dumper generates an encrypted dump by encrypting, with the client dump key, an image to be dumped in the secure logical partition, and the dumper writes the encrypted dump on a client dump device.

Abstract: Disclosed is a method of generating a structure comprising at least one virtual machine, the method comprising: obfuscating a first virtual machine source code, thereby yielding a first obfuscated virtual machine (OVM) source code; associating a processor identifier with the first OVM source code, thereby yielding a processor-specific first OVM source code; compiling the processor-specific first OVM source code, thereby yielding a processor-specific first OVM. Furthermore, a structure generated by said method is disclosed.

Abstract: Disclosed is a two-factor method for protecting access to content, device functionality accounts and the like through portable devices. A master device may facilitate a subordinate device's access to the on-line account by situating the master device in close proximity to the unauthorized user's portable device. Once within close proximity of one another, the devices may exchange information that may eventually allow the subordinate device to access an account, an application or the like.

Abstract: An apparatus and method for a two phase password input mechanism are provided. The method includes resetting a password entry, displaying a password entry screen, inputting a password element of a plurality of password elements, determining whether the entered password is complete, determining whether the entered password is correct when the entered password is complete, and if the entered password is correct, unlocking the mobile device. The plurality of password elements include at least two elements that cannot be observed from a same viewpoint.

Abstract: A secure and transparent digital credential sharing arrangement which utilizes one or more cryptographic levels of indirection to obfuscate a sharing entity's credentials from those entities authorized to share the credentials. A security policy table is provided which allows the sharing entity to selectively authorize or revoke digital credential sharing among a plurality of entities. Various embodiments of the invention provide for secure storage and retrieval of digital credentials from security tokens such as smart cards. The secure sharing arrangement may be implemented in hierarchical or non-hierarchical embodiments as desired.

Abstract: A method for preventing unauthorized access to and/or modification of a page of a device and/or system according to one embodiment includes presenting a question via a graphical user interface; receiving a response to the question; allowing access to and/or modification of the page when the response to the question includes the answer; and not allowing access to and/or modification of the page when the response to the question does not include the answer. An answer to the question includes a characteristic of the device and/or system.

Abstract: A key integrates with a biometric input device. According to an aspect of the present disclosure, a fingerprint scanner may be integral with a spacebar.

Abstract: A client device captures biometric data from a user and stores the biometric data to identify the user. To simplify access to content from a content source, the user identifies the content source to the client device, which identifies authentication information associated with the user by the content source. For example, the user specifies a username and password associated with the content source to the client device. The authentication information is stored in the client device using the user's biometric data. For example, the client device stores the authentication information so it is not accessible unless the client device receives the user's biometric data. When the user subsequently requests access to the content source, the user provides biometric data to the client device, which retrieves and communicates the authentication information to the content source.

Abstract: A biometric identifier is received, from a first credential granting authority, is associated with a user and was collected by the first credential granting authority. The biometric identifier is stored in association with the user and the first credential granting authority. Trust data is accessed and enables determination of whether a second credential granting authority trusts biometric identifiers collected by the first credential granting authority. It is determined that the second credential granting authority trusts biometric identifiers collected by the first credential granting authority based on the accessed trust data. Based on the determination that the second credential granting authority trusts biometric identifiers collected by the first credential granting authority, biometric identification of the user using the biometric identifier collected by the first credential granting authority is performed for the second credential granting authority.

Abstract: The invention relates to a method for generating an identifier for identifying a pair, wherein the pair comprises a cryptographic device and a computer system (1, 2, . . . , i, . . . I), wherein the cryptographic device has a first secret key, wherein a second secret key (118.i) is associated with the computer system, wherein a blocking system (120) for accessing the second secret key of the computer system is provided, wherein the blocking system has a third secret key, and wherein the following steps are carried out for generating the identifier: generating a second public key (116.i) from the second secret key and a third public key (128) associated with the third secret key by means of the blocking system, transmitting the second public key (116.i) to the computer system (i), and generating the identifier from the first secret key and the second public key, using the cryptographic device.

Abstract: Concepts and technologies are described herein for providing enhanced Completely Automated Public Turing tests to Tell Computers and Humans Apart (“CAPTCHAs”). According to some of the concepts and technologies disclosed herein, a CAPTCHA service may be configured to generate CAPTCHAs enhanced with watermarks and/or other enhancements. The CAPTCHA service may provide the enhanced CAPTCHAs to user services, such as Websites, Web services, and other services that utilize or are capable of utilizing CAPTCHAs as a security feature. The watermarks and/or other enhancements may contain information associated with users of the user services so that the enhanced CAPTCHAs are more difficult to break by unauthorized entities, including automated programs such as “bots.” According to other concepts and technologies disclosed herein, a CAPTCHA breaking service is provided.

Abstract: A method performed by a first application in a client apparatus to authenticate a second application in the client apparatus is provided. The method includes, when the first application receives an execution request from the second application, requesting authentication information of the second application from an authentication server, obtaining the authentication information of the second application from the authentication server, and authenticating the second application using the authentication information, wherein the authentication information of the second application is signed with a private key of the authentication server.

Abstract: In order to simplify and reduce the cost of an electronic device, the size of a first non-volatile memory associated with an integrated circuit is significantly reduced. Instead of using the first non-volatile memory, a second non-volatile memory associated with a processor in the electronic device is used to store an embedded operating system of the integrated circuit, as well as associated data and a configuration of the integrated circuit. To reduce the security risks associated with using this remote second non-volatile memory, the first non-volatile memory may store authorization information and anti-replay information. During a secure boot of the integrated circuit, the authorization information is used to verify that the embedded operating system, the data and the configuration are authorized. In addition, the anti-replay information is used to determine that the embedded operating system, the data and the configuration are different than previously received versions of these items.

Abstract: A device authenticates accessories by detecting that an accessory is attached to the device, determining a unique identification (ID) for the accessory, determining, based on the unique ID, if the accessory has been paired to the device, and in response to determining that the accessory has been paired to the device, enable use of the accessory by the device. In response to determining the accessory has not been paired to the device, the devices performs a secondary authentication process on the accessory.

Abstract: Systems and methods for weak authentication data reinforcement are described. In some embodiments, authentication data is received in a request to authenticate a user. In response to detecting weak authentication data, the systems and methods determine whether the user was previously authenticated as a human user. An example embodiment may include initiating an authentication process based on determining that the user was previously authenticated as a human user.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to manage password security. An example apparatus includes an alarm action engine to invoke a provisional transmission block in response to detecting entry of a candidate password, a password linkage monitor to retrieve a list of password hash values associated with previously used passwords, and to compare the list of password hash values to a hash of the candidate password, the alarm action engine to invoke a permanent block of the candidate password when a match condition occurs between the hash of the candidate password and a hash of one of the list of password hash values.

Abstract: A system and method for securely loading data in a cache memory associated with at least one secure processor that performs data processing by using at least one untrusted external memory storing data to be processed, at least one secure internal cache memory to load or store data, and at least one secure cache translator operating as a memory management unit. The secure cache translator stores, into a secure cache digest table, parameters arranged on persistent and variable data pages. The parameters comprise at least a root digest based on node digests calculated on at least one persistent data page according to a Merkle tree structure. The integrity of the data pages is verified during transfers between the secure internal cache memory and the external memory by comparing a calculated root digest with the root digest stored in the secure cache digest table.

Abstract: The present invention relates to a spammer group extraction apparatus and method, which extract spammer groups that interfere with fair trade and unbiased decision making by sending messages aimed at intentionally slandering other companies (other persons, other products, etc.) on social network services. The spammer group extraction apparatus includes a data collection unit for collecting pieces of data corresponding to social network services. A natural language processing unit preprocesses the pieces of data using a natural language processing algorithm based on big data. An abnormal behavior detection unit detects abnormal behavior based on user identifications (IDs) respectively corresponding to pieces of data, preprocessing of which has been completed. A spammer extraction unit extracts a spammer group using a user ID causing the abnormal behavior and an ID of a user group including the user ID.

Abstract: A system and method for managing implementation of policies in an information technologies system receives at least one policy function, at least one refinement template and at least one available policy function from the at least one memory, receives a policy input indicating a high-level policy for the IT system where the policy input is compliant with the at least one policy function and is received in a format that is not machine-enforceable at an enforcement entity of the IT system, based on the received policy input, automatically or semi-automatically generates a machine-enforceable rule and/or configuration by filling the at least one refinement template, where the machine-enforceable rule and/or configuration includes the at least one available policy function and being compliant with the received policy input, and distributes the machine-enforceable rule and/or configuration to the at least one memory of the IT system or another at least one memory to thereby enable implementation of the policies.

Abstract: Systems, methods and machine-readable media for providing a security service are disclosed. The methods include receiving a modification of the application object code to allow the software application to transmit a request for the security service; retrieving the modified application object code corresponding to the software application from memory; receiving, via a processor, the request for the security service from the modified application object code; and providing, via the processor, the security service. The systems and machine-readable media performing operations according to the methods disclosed.

Abstract: In accordance with embodiments of the present disclosure, a method may include generating a master cryptographic key for encrypting and decrypting the one or more variables stored in a non-transitory computer-readable medium accessible to a basic input/output system of an information handling system. The method may also include encrypting the master cryptographic key with a system password, such that the master cryptographic key as encrypted with the system password may be decrypted and used to encrypt and decrypt the one or more variables in response to entry by a user of the system password. The method may further include encrypting the master cryptographic key with an administrator password, such that the master cryptographic key as encrypted with the administrator password may be decrypted and used to encrypt and decrypt the one or more variables in response to entry by an administrator of the administrator password.

Abstract: The disclosed apparatus may include a storage device and a secure counter. The apparatus may also include a tamper-logging component that (1) detects an action that is associated with booting untrusted images from the storage device and, in response to detecting the action, (2) securely logs the action by incrementing the secure counter. Various other apparatuses, systems, and methods are also disclosed.

Abstract: Technologies for improving platform initialization on a computing device include beginning initialization of a platform of the computing device using a basic input/output system (BIOS) of the computing device. A security co-processor driver module adds a security co-processor command to a command list when a security processor command is received from the BIOS module. The computing device establishes a periodic interrupt of the initialization of the platform to query the security co-processor regarding the availability of a response to a previously submitted security co-processor command, forward any responses received by the security co-processor driver module to the BIOS module, and submit the next security co-processor command in the command list to the security co-processor.

Abstract: Intrusion features of a landing page associated with sponsored content are identified. A feature score for the landing page based on the identified intrusion features is generated, and if the feature score for the landing page exceeds a feature threshold, the landing page is classified as a candidate landing page. A sponsor account associated with the candidate landing page can be suspended, or sponsored content associated with the candidate landing page can be suspended.

Abstract: Determining which snapshot deltas tend to occur in: (i) healthy virtual machines (VMs) that have been subject to an attack yet remained healthy, and/or (ii) unhealthy VMs that have apparently been adversely affected by an attack. Snapshot deltas that occur in at least some (or more preferably all) of the healthy VM subset provide information about software changes (for example, updates, configuration changes) that may be helpful. Snapshot deltas that occur in at least some (or more preferably all) of the unhealthy VM subsets provide information about software changes (for example, updates, configuration changes) that may be unhelpful.

Abstract: A method is provided for managing public and private data input by a device such as a mobile handset, a personal digital assistant, a personal computer and an electronic tablet. Method provides for separating public and private data such that public data can be operated on by open operating system and private data is either encrypted while in the open operating environment but can be operated on and used when received by the secure operating environment.

Abstract: A method for client-side cross-domain communication of a browser application executing on a client computing device, wherein said browser application comprises a parent host window retrieving internet game operator specific first content from an internet game operators first domain, wherein said internet game operator specific first content comprises an inner window markup language element retrieving internet game provider second content from an internet game providers second domain, the method comprising the steps of determining that a game related event has occurred when processing said internet game providers second content in said inner window and sending an game event signal as game event data indicative of said determined game related event data from said inner window to said parent host window.

Abstract: In some implementations, a method of managing access to resources in a single device including receiving, from a first resource assigned to a first perimeter, a request to access a second resource assigned to a second perimeter different from the first perimeter. The single device includes the first perimeter and the second perimeter. Whether access to the second resource is prohibited is determined based on a management policy for the first perimeter. The management policy defining one or more rules for accessing resources assigned to the second perimeter including the second resource.

Abstract: Embodiments of the present invention provide a method, system and computer program product for directional optimization of policy statements for a Web service. In an embodiment of the invention, a method for directional optimization of policy statements in a policy document can be provided. The method can include loading a policy document referenced for a Web service, extracting a policy from the policy document, and determining whether the extracted policy is bi-directional or direction agnostic. A single run time presentation for the extracted policy can be created when the extracted policy is direction agnostic. Otherwise, separate run time presentations can be created for each direction of the extracted policy when the extracted policy is bi-directional.

Abstract: In an embodiment, a method includes receiving a request from a controlling user to publish particular content. The method also includes determining at least one topic of the particular content. The method further includes allowing the controlling user to select need-to-know criteria, the need-to-know criteria comprising one or more thresholds relating to a prevalence of the at least one topic in logged conversations of a requesting user. In addition, the method includes allowing a controlling user to select a trust threshold, wherein the trust threshold relates, at least in part, to a quantitative analysis of logged behavior of a requesting user on the communications platform. Further, the method includes generating based, at least in part, on the need-to-know criteria and the trust threshold, a self-service access policy for the particular content. Also, the method includes activating the self-service access policy as to the particular content.

Abstract: Method and system for handling group sharing in distributed data storage environment, to utilize online unexploited storage space and bandwidth of users. Files of a user are cut into pieces which are then distributed among other online users. The original files are stored retrievably. Key Lock Boxes (KLB) are used for storing keys encrypted. With an authentication and key exchange protocol a common group key is generated for encrypting a Master Key Lock Box. The Master KLB represents the root of an oriented tree graph, the nodes of the graph represent KLBs. There is an oriented edge between two nodes when a source KLB (17) contains the key of a target KLB (19). The KLBs (13, 14, 17, 19) contain keys (18, 20) to a subset of files. Starting from said Master Key Lock Box by using the common group key the KLBs (13, 14, 17, 19) are opened until the requested file is reached.

Abstract: Event driven permissive sharing of information is disclosed. In an aspect, user equipment can include information sharing profiles that can facilitate sharing information with other devices or users, such as sharing location information. The information sharing profiles can include trigger values, such that when a target value transitions the trigger value, a permission value is updated to restrict or allow access to sharable information. As such, event driven permissive sharing of information allows for designation of temporary friend information sharing with user-defined triggers.

Abstract: Read data blocks are selectively decrypted and write data bocks are selectively encrypted in an input-output path between an application and a file system driver. If a read data block contains all zeroes, the read data block is not decrypted even though the read data block is a block of an encrypted file. Likewise, if a write data block contains all zeroes, the write data block is not encrypted even though the write data block is a block of an encrypted file. In this manner, the handling of zero blocks of an encrypted file is efficiently processed outside the file system without relying on bitmaps or other data structure maintained by the file system that may inform which blocks contain all zeroes.

Abstract: A kernel receives a request to execute a first process instance from an agent. The first process instance is an instance of a first program. The kernel obtains one or more access control rules related to the agent. The kernel permits execution of the first process instances based on the access control rules. The kernel detects the first process instance attempting to access a second process instance during execution of the first process instance. The second process instance is an instance of a second program currently being executed. The kernel determines whether to grant the first process instance permission to access the second process instances based on the access control rules.

Abstract: A method for protecting a volatile memory against a virus, wherein: rights of writing, reading, or execution are assigned to certain areas of the memory; and a first list of opcodes authorized or forbidden as a content of the areas is associated with each of these areas.

Abstract: Data can be protected in a centralized tokenization environment. A request to tokenize sensitive data is received by an endpoint. A token for use in tokenizing the sensitive data is identified. A token certificate store is queried for a token certificate associated with the identified token. The token certificate can include a token status and use rules describing a permitted use of the token. Responsive to the token certificate store storing the queried token certificate, the endpoint tokenizes the sensitive data using the identified token if the token status indicates the token is available, and subject to the use rules included in the token certificate being satisfied. The token certificate is updated based on the tokenization of the sensitive data with the identified token and stored at the token certificate store.

Abstract: The disclosed embodiments provide a system that processes data. During operation, the system uses a first key to protect a write operation on the data. Next, the system uses a second key to protect a read operation on the data.

Abstract: It is an object to provide an information recording medium with which information symbols can be suitably read. This information recording medium comprises a sheet-form member (33), a plurality of information symbols (18) that are displayed on the surface of the sheet-form member (33) and each have the same information, and an edge line (34) that is provided at one end and/or the other end of the sheet-form member (33) and allows an information reading device which reads the information symbols (18) to recognize the end of the sheet-form member (33).

Abstract: A card reader for use with a card may include a card insertion part formed with an insertion port into which the card is inserted; and a magnetic head provided in the card insertion part and structured to contact with the card. A magnetic gap in a straight shape may be formed at a tip end of the magnetic head where the card is to be contacted. When a forming direction of the magnetic gap formed in the straight shape is a gap direction, the gap direction may be inclined with respect to a first direction perpendicular to an inserting direction of the card when viewed in a thickness direction of the card inserted into the insertion port.

Abstract: A system and computer program product are provided for remotely controlling a supply of power to a plurality of electrical appliances. In response to attaching a plug of a first electrical appliance of a plurality of electrical appliances to a first socket of the one or more sockets connected to a main power supply, a control system activates a transceiver at a first of the first socket and the plug; stimulates, via the transceiver, a tag at a second of the first socket and the plug to determine a unique identifier of the tag. The control system receives the unique identifier of the tag from the transceiver and uses the unique identifier to activate/deactivate the transceiver which connects/disconnects the main power supply from the first electrical appliance.

Abstract: A system and method of determining the location of a RFID reader is disclosed. The system comprises a first RFID reader, and at least one other RFID reader, and a processor. The RFID readers associate unique RFID tag information with at least one antenna that reads the information. The processor receives RFID data from the first RFID reader and the at least one other RFID reader and determines the location of the first RFID reader relative to the at least one other RFID reader based on the association of unique RFID tag information with at least one antenna of at least two readers.

Abstract: A reader-enhancing device is proposed which enables an in situ upgrade of readers having limited processing capabilities. The reader-enhancing device includes an emulation module that is capable of generating an output which emulates a first type of credential when the reader-enhancing device receives an input that is not in a format used by the first type of credential. The output generated by the emulation module enables the reader to respond to the input even though the input is not in a format natively supported by the reader.

Abstract: A multi-tenant, RFID system that may be Cloud based or run on a local area network (LAN) for distributed RFID devices and RFID applications. The RFID system a central abstraction and translation layer between RFID devices installed in geographically diverse locations and applications. RFID devices initiate communication to a Cloud or LAN network over to send events and receive commands. RFID applications can receive RFID tag data, device health, and requested and derived events from the RFID system to automatically run processes based on the provided data. Applications manage RFID devices and settings in the RFID system using command and configuration interfaces.