Abstract: In one embodiment, a method includes determining that media content being viewed by a user comprises a plurality of entities, accessing information indicative of the plurality of entities, and querying a social graph of the social-networking system for social content associated with each of the plurality of entities and one or more other users of the social-networking system. The social graph includes user nodes that are each associated with a particular user of the social-networking system. The method further includes providing at least a portion of the queried social content from the social graph for display along with the information on a display device of the user.

Abstract: Registering a client computing device for online communication sessions. A registration server receives a message that has a push token that is unique to the client computing device and a phone number of the client computing device from an SMS (Short Message Service) transit device, which received an SMS message having the push token from the client computing device and determined the phone number of the client computing device from that SMS message. The registration server associates the push token and the phone number and stores it in a registration data store, which is used for inviting users for online communication sessions.

Abstract: A method of cross-platform messaging including receiving, by a messaging system, at least one initial message having a message format, an initial message layout and data indicative of at least one user associated with the at least one initial message, and before delivery to a destination communication device associated with the at least one user, converting, by the messaging system, an initial message into an adapted message, and facilitating, by the messaging system, delivery of the adapted message to the destination communication device. The adapted message is characterized by, at least, an adapted message layout, and the adapted message layout differs from the initial message layout in a characteristic associated with respective message layout such as number of media objects, a graphical image of a media object, a size of a placeholder related to a media object, and a location of a media object within a respective message layout.

Abstract: A method that incorporates teachings of the subject disclosure may include, for example, determining at a first directory server of a first regional call processing system whether a new name authority pointer associated with a telephone number is within a first geographic region of the first regional call processing system, transmitting the new name authority pointer to a first name server of the first regional call processing system for provisioning the name authority pointer to the first name server responsive to determining that the telephone number is located within the first geographic region, and transmitting the new name authority pointer to a second directory server for provisioning the new name authority pointer to a second name server of a second regional call processing system responsive to determining that the telephone number is not located within the first geographic region. Other embodiments are disclosed.

Abstract: Embodiments described herein relate to systems and methods for local name resolution in network communications. Particular embodiments may enable a device resolution request to include a name that identifies the user device issuing the resolution request. A proxy server may accept the resolution request, and respond with a service internet protocol address that is customized to that user device, such that compatible user devices on the same local area network will each receive a different service IP address. When the proxy server receives traffic on a particular service IP address from a local area network, the proxy server may identify the compatible device even if a network address translation device has adjusted the requesting IP address for the device. Particular implementations may enable acceleration of HTTPS communications by the proxy server, or other such benefits.

Abstract: Systems, methods, and computer-readable media are provided for telephone number provisioning. A user interface configured to provide access to telephony information may be facilitated. The telephony information may be retained in a telephony information repository. Information about a first location may be processed. A region of interest may be determined. A set of telephony information may be processed based on the region of interest. Telephone number inventory corresponding to the region of interest may be determined based in part on the set of telephony information. Telephone number inventory may be categorized according to availability to determine a first set of telephone numbers. Local calling characteristics may be determined. Indication to the user interface of availability of telephone numbers within the region of interest based on the first set of telephone numbers and the local calling characteristics may be caused.

Abstract: A technique is disclosed in which an MN (mobile node) 100 notifies, to a CN (correspondent node), home network connection information indicative of whether or not it is currently in connection with a home network which has allocated its own plurality of HoAs (home addresses), an address of each HA (home agent) and an ID of each HA in a state associated with the plurality of HoAs. Based on the information received from the MN, the CN grasps the home network with which the MN is currently in connection and makes an inquiry about the condition of the HA and sets an appropriate HoA, judged on the basis of the grasping result or the inquiry result, as a destination address of a packet to be transmitted to the MN.

Abstract: An approach is provided for extending remote network visibility for push functionality. An application is transmitted, via a push agent, from a first network to a device of a second network, wherein the device is configured to execute the application. The device is remotely controlled using the application.

Abstract: A method and apparatus for identifying data patterns of a file are described herein. In one embodiment, an exemplary process includes, but is not limited to, receiving a data packet of a data stream containing a file segment of a file originated from an external host and destined to a protected host of a local area network (LAN), the file being transmitted via multiple file segments contained in multiple data packets of the data stream, and performing a data pattern analysis on the received data packet to determine whether the received data packet contains a predetermined data pattern, without waiting for a remainder of the data stream to arrive. Other methods and apparatuses are also described.

Abstract: Systems and techniques for managing local communication between a network access point and a host device. Upon connection by a host device to an access point, a local connection link is established between the access point and the host device. A network connection may be established between the access point and the host device, with the network connection being able to pass through the host device to enable communication with and beyond an access network to which the access point provides a connection. Local messages may be passed between the access point and the host device over the local connection link, separately from and independent of communication that may occur over the network connection.

Abstract: A virtual business mobile device can be provisioned on a personal mobile device, by binding a mobile application for provisioning the business mobile device to a privileged component of a host operating system of the personal mobile device, wherein the binding enables a software virtualization layer and a management service component of the mobile application to execute in a privileged mode. The mobile application is then able to download a virtual phone image for the business mobile device and security-related policy settings relating to use of the business mobile device from a mobile management server, wherein the software virtualization layer is able to launch a virtual machine for the business mobile device based on the virtual phone image. Once the virtual phone image has been downloaded, the management service component initiates a periodic attempt to establish a connection with the mobile management server to comply with the downloaded security-related policy settings.

Abstract: A technique for the secure exchange and verification of data between multiple entities that use compatible business management systems utilizes serializable data transfer objects to transfer business data over a secure communication path. A conversion algorithm transforms a subset of the business data contained within the transfer objects, and the resulting data string is compared to data strings from other objects that are related to the transaction and which were transformed by the same conversion algorithm. If the data strings are not identical, a discrepancy exists. Serializable objects link all data objects relating to a given business transaction. An interface allows users to view and manage data contained in data objects, including discrepancies between compared objects.

Abstract: Methods and apparatuses are presented for securely providing digital streaming data to subscriber devices using encrypted wavelet meshes. A recorded image may be subdivided into three sources of data: light sources, camera angles, and the objects themselves. Each of these sources of data may be considered unique from each other, and the totality of the three sources of data may comprise a complete image. Without one of the sources of data, the image may not be complete. Each of the three sources of data may therefore be characterized as key spaces, wherein encrypting part of or the entirety of even one of these key spaces prevents the complete image from being viewed. Methods and apparatuses are provided for utilizing the concept of encrypting at least a portion of at least one of the three key spaces in order to securely and/or privately transmit image data to subscribers.

Abstract: A method, a system, and a non-transitory storage medium for storing user preferences pertaining to a data encryption service that provides on-demand encryption for data in-flight and at rest; receiving data from a user device; determining whether to invoke the data encryption service based on the data and the user preferences; generating a key to encrypt the data based on determining that the data encryption service is to be invoked; generating a first message that includes the data, the key, and data indicating where encrypted data is to be stored; establishing a secure connection with a device; and transmitting the first message to the device via the secure connection.

Abstract: A computer-implemented method for decrypting, by a browser application, an encrypted portion of a fragment identifier within a uniform resource identifier includes receiving, by a browser application executing on a computing device, from a user, a uniform resource identifier including a delimiter and a fragment identifier, the fragment identifier comprising an encrypted portion. The method includes requesting, by the browser application, from an access control manager, decryption information associated with the fragment identifier. The method includes receiving, by the browser application, from the access control manager, the requested decryption information. The method includes decrypting, by the browser application, the encrypted portion of the fragment identifier with the requested decryption information.

Abstract: A method for controlling access of a user to a secondary system. A primary system receives, from a user system connected to the secondary system, first authentication information comprising an encryption of a random string. The encryption of the random string is a user-specific key. Second authentication information is generated from protected secondary authentication data stored in the primary system. Generation of the second authentication information includes applying the user-specific key to the protected secondary authentication data to generate the second authentication information. The second authentication information is provided to the secondary system to enable access of the user to the secondary system.

Abstract: Embodiments of the invention include methods, systems, and computer-readable media for processing transactions involving sensitive information, such as a credit card number. Embodiments include a first server authenticating a second server based on a security token and determining whether the security token is expired. Based on the results, the first server may request a transaction token associated with sensitive information. The first server may encrypt the transaction token using a public key of the second server. The first server may send the encrypted transaction token as a parameter to a URL, wherein the URL is configured to cause a browser on a client to send, to the second server, a request for the page and the encrypted transaction token.

Abstract: In accordance with one embodiment, a method for securing data is disclosed. The method includes sensing multi-dimensional motion of a body part of a user to generate a multi-dimensional signal; in response to the multi-dimensional signal and user calibration parameters, generating a neuro-mechanical fingerprint; and encrypting data with an encryption algorithm using the neuro-mechanical fingerprint as a key.

Abstract: A security application for a computing device, e.g., a mobile phone, allows generation of a secret according to a unique user input (e.g., user credentials). The secret is stored in a directory such that it is retrievable when the unique user input is received via a user interface of a device on which the security application executes or is coupled with. Responsive to receiving an identifier associated with the secret, the security application prompts, e.g., via a user interface of the mobile phone, entry of the unique user input; and, subsequently, verifies the unique user input. Following such verification, the security application provides the secret for use in encoding a communication with a remote computer-based station. Entry of the user credentials may be required prior to the security application generating the secret, and may be responsive to receipt of an invitation (e.g., from the remote computer-based station) to generate it.

Abstract: An off-host authentication system includes a network. An off-host processing system is coupled to the network and sends an encrypted authentication item through the network in response to validating a user. An authentication information handling system (IHS) is coupled to the network and receives the encrypted authentication item from the off-host processing system through the network, decrypts the encrypted authentication item to produce a decrypted authentication item, validates the decrypted authentication item, and sends an approval message through the network. A directory system is coupled to the network and receives the approval message through the network and, in response, sends a user approval through the network. A host processing system, which is located in a user IHS that includes the off-host processing system and which is coupled to the network, logs a user into the user IHS in response to receiving the user approval through the network.

Abstract: A computer-implemented method performed in a system comprising a first endpoint, the first endpoint comprising at least one central processing unit, a memory, a storage system and a network interface unit, the system being accessible by a user, the method involving: generating a message at the first endpoint for sending to a second endpoint, the message incorporating a message body and a message metadata, the message metadata comprising a secure channel invitation for the second endpoint to securely communicate with the first endpoint, the secure channel invitation being hidden within the message metadata; communicating the message from the first endpoint to the second endpoint; receiving a response message, at a first endpoint, from the second endpoint; and establishing the secure communication channel between the first endpoint and the second endpoint based on the received response message.

Abstract: A method for remotely storing data is provided. The method comprises providing a first data file on a client computer; splitting, on the client computer, the first data file into at least two partial files; encrypting the at least two partial files with an encryption algorithm; distributing the at least two encrypted partial files in at least two remote storage locations; storing information about the at least two storage locations of the at least two encrypted partial files for a later retrieval of the at least two encrypted partial files; and storing decryption information for the decryption of the at least two encrypted partial files on the client computer. Further, a computer software product adapted for executing, when run on a computer, a method for remotely storing data is provided, and a client computer for executing the method for remotely storing data.

Abstract: On-vehicle control units include an attaching section for attaching a message code used to check the validity of the transmission source of communication data, to the communication data. The on-vehicle control units also include an update section for updating a key code and the message code every time communication of communication data has been completed. An authentication section checks communication data and the transmission source thereof on the basis of the result of comparison between the random code obtained by restoring a message code and the random code owned by the on-vehicle control units, which are authorized.

Abstract: Dynamically providing access to files of presently unmapped remote computers, including, responsive to receiving a file access request from a user, displaying a file access Graphical User Interface (‘GUI’) dialog box; receiving, from the user through the file access GUI dialog box, a Uniform Resource Locator (‘URL’) representing a file location on a remote computer, wherein the URL specifies a particular access protocol among a number of available access protocols, a network location of the remote computer, a port number, and a file system path; and accessing, in dependence upon the URL, a file on the remote computer at the file system path through data communications established between a local server module and a remote server running on the remote computer using the particular access protocol, the network location of the remote computer, and the port number.

Abstract: A system, apparatus, method, and machine readable medium are described for enhanced security during registration. For example, one embodiment of a method comprises: receiving a request at a relying party to register an authenticator; sending a code from the user to the relying party through an authenticated out-of-band communication channel; and verifying the identity of the user using the code and responsively registering the authenticator in response to a positive verification.

Abstract: An exemplary system includes a media content processing subsystem configured to provide a first interactive graphical user interface to a display for presentation to a user in response to a transmission of an input command, provide an end interactive graphical user interface to the display for presentation to the user in response to a repeat transmission of the input command, and perform an action corresponding to a selected entry within the end interactive graphical user interface in response to another repeat transmission of the input command. The first interactive graphical user interface corresponds to a first content level within a navigation thread and the end interactive graphical user interface corresponds to an end content level within the navigation thread.

Abstract: A heterogeneous home network (with possibly multiple hops between devices) uses a push button configuration mechanism that ensures only one single new network node device is registered for a single push button key press event and overlapping Push-Button Configuration sessions within the heterogeneous network are prevented by an enhanced mechanism for running Push Button Configuration sessions based on a Push-Button Configuration handshake procedure triggered and initiated by a virtual or physical Push-Button-Event on a new device, which wants to join the heterogeneous network for a user friendly security bootstrapping, in which multiple network node devices in the heterogeneous network belonging already to the heterogeneous network are involved in registering the new device. The Push-Button Configuration handshake procedure is initiated to get a permission information to join the network or to proceed with the Push-Button Configuration or to get a rejection information not to join the network.

Abstract: Disclosed are an authentication device and an authentication method for electronic atomization device based on mobile terminal. The device includes a Bluetooth control module, an information transmission module, an information searching module, an information input module and a comparing and authenticating module. The authentication method includes steps of: building a Bluetooth connection between battery and mobile terminal; sending serial number of the battery to the mobile terminal after atomizer connects with the battery successfully; searching corresponding user identification information according to the serial number of the battery; receiving authentication information entered by user and carrying out an authentication by comparing the authentication information entered by user and the user identification information.

Abstract: The present disclosure discloses a method and a system for determining whether to use a local authentication server. Specifically, a first network device executing a first authentication server receives a request for authentication from a client device. The first network device determines whether the client device was previously successfully authenticated by a second authentication server executing on a second network device within a particular period of time. If so, the first network device attempts to authenticate the client device using the first authentication server. Otherwise, the first network device declines the request for authentication from the client device.

Abstract: A method includes detecting an incoming request from a first application to a second application. The method further includes performing an authentication that involves sending a challenge message to a first application. The challenge message may request an account of information associated with processed transactions between the first application and the second application during a particular period preceding the incoming request, a solution to a high-cost calculation associated with a high level of resource use, or a concatenated sequence of characters located at specific positions of a shared value. The authentication further involves receiving a challenge response to the challenge message from the first application, determining a verified response based on the challenge message, and determining whether the challenge response matches the verified response.

Abstract: A set of authentication server configuration rules are implemented. The authentication server configuration rules utilize regular-expression based commands. A running log of commands entered by every user is maintained for each command is run by the at least one authentication server. A configuration diff command is run each time a session ends. A set of actions of an authentication-server administrator on the authentication server is tracked. The set of actions of the authentication-server administrator is stored in a log. The log includes a username of the authentication-server administrator who generated the log and a time source and a time zone associated of a location of the set of actions. A hash algorithm is run on the log. A portable document format (PDF) formatted the of the log is generated. A list of usernames is generated from a set logs that filled a user-authentication process required to access the authentication server.

Abstract: A processor-implemented method is provided. The method may include providing a content registry with at least one application program interface (API) to manage a plurality of entries stored in the content registry. The method may also include providing access to the plurality of entries by a pre-authorized search engine to the content registry in response to a search requested by an authorized requester.

Abstract: In an embodiment a method is performed by a network access device (NAD). The NAD transfers a first HTTPS request from a client computer (UE) to an identity provider computer (IdP). The NAD transfers, from the IdP, a preceding redirected URL in response to the first HTTPS request, to the UE and configured to cause the UE to redirect to said preceding redirected URL. Over a secure network link, the NAD receives a particular request specifying said preceding redirected URL, from the UE. Responsive to receiving the particular request, the NAD generates a response, comprising a subsequent redirected URL and a session identifier, and configured to cause the UE to redirect to the IdP over an HTTPS connection. The NAD transfers said subsequent redirected URL over the secure network link to the UE. The NAD transfers a second HTTPS request, comprising the session identifier, from the UE to the IdP.

Abstract: Technologies for bootstrapping virtual network functions in a network functions virtualization (NFV) network architecture include a virtual network function (VNF) bootstrap service (VBS) in secure network communication with a VBS agent of a VNF instance. The VBS agent is configured to execute a secure VNF bootstrap capture protocol in the NFV network architecture. Accordingly, the VBS agent can be configured to register with the VBS via secure communications transmitted between the VBS and the VBS agent. The secure communications include transmitting a security quote from a TEE of a platform on which the VNF instance is instantiated and a security credential request to the VBS, as well as receiving a security credential in response to validating the security quote and the security credential request. Other embodiments are described and claimed.

Abstract: In accordance with an embodiment, described herein is a system and method for providing security in a multitenant application server environment. In accordance with an embodiment, per-partition security configuration includes: per-partition security realm (including configuration for authentication, authorization, credential mapping, auditing, password validation, certificate validation, and user lockout); SSL configuration, including keys, certificates, and other configuration attributes; and access control for partition and global resources. An administrator can designate one or more partition users as partition administrators, via grant of roles.

Abstract: Mobile operation is extended to a device. An extension interface comprises a client component within a mobile that is linked to a client component within the device. Extension of mobile operation is secured via delivery of credentials associated with the mobile to the device. Delivery of credentials is temporary and typically spans the period during which mobile operation is extended to the device. Application(s) and content(s) can be conveyed to the device for utilization therein. An emulation component that can reside at least in part on the client component within the device can emulate mobile operation. Client component within the mobile can include at least in part (i) a component that downloads drivers for communication with, and utilization of, the device to which mobile operation is extended, and (ii) a component that can scan for wireless-capable devices to extend mobile service thereto.

Abstract: In one embodiment, an intermediate server receives a request with a secure ID to authorize a software application, transmits the secure ID to a system, receives an access token from the system indicating that the software application has been authorized, evaluates the access token for validity, and transmits a response to the mobile device indicating the software application is authorized.

Abstract: A processor-implemented method is provided. The method may include providing a content registry with at least one application program interface (API) to manage a plurality of entries stored in the content registry. The method may also include providing access to the plurality of entries by a pre-authorized search engine to the content registry in response to a search requested by an authorized requester.

Abstract: A flexible content sharing system may comprise a network based application built on a client device using information from dissociated user experience component (UXC), application logic and execution layer (ALEL), and content distribution system (CDS) payloads. An ALEL engine may communicate a request from the network based application to a CDS module. The CDS module may interface the ALEL engine and a CDS server. The ALEL engine can act as a gate keeper and securely communicates requests from client devices to the CDS server. The CDS server is configured to manage and alert the ALEL of any enterprise policies that may be applicable to the client devices connected to the ALEL engine which, in turn, notifies the client devices to comply with the enterprise policies. The CDS server may synchronize any change made to the content by any of the client devices running network based applications.

Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.

Abstract: A method for authenticating a user seeking access to first and second resources that have different authentication levels. The method includes receiving a primary token that is associated with a first authentication event of the user and authenticates the user to access the first resource, and receiving a first request to access the second resource. The method further includes receiving first credentials of the user. The method further includes, responsive to validating the first credentials, generating a second authentication event, associating the second authentication event with the primary token, and issuing a first secondary token that authenticates the user to access the second resource.

Abstract: Systems and techniques are described for optimizing secure communications. Specifically, a first intermediary and a second intermediary can split-terminate a secure connection handshake or a handshake renegotiation between two computing devices. The first and second intermediaries can then optimize secure communications between the two computing devices.

Abstract: Deploying an encrypted entity on a trusted entity is illustrated herein. A method includes, at a trusted entity, wherein the trusted entity is trusted by an authority as a result of providing a verifiable indication of certain characteristics of the trusted entity meeting certain requirements, receiving an encrypted entity from an untrusted entity. The untrusted entity is not trusted by the authority. At the trusted entity, a trust credential from the authority is used to obtain a key from a key distribution service. The key distribution service is trusted by the authority. The key is used to decrypt the encrypted entity to allow the encrypted entity to be deployed at the trusted entity.

Abstract: Remote sign-out of web based service sessions. As a part of remote sign-out of web based service sessions, a user authentication token is accessed that is used to establish a web based service session and this user authentication token is stored in memory of an authentication server and returned in a cookie to the device. User access and deletion of the user authentication token from memory is accommodated using a device different from that which initially established the web based service session. Upon receipt of a browser request involving the user authentication token, it is determined whether the user authentication token is stored in memory. An access denial indication is provided to a web based service that indicates that the user authentication token is not stored in memory.

Abstract: A method and system for managing an embedded secure element (50) accessible as a slave of the resident applications (App1-3) of a host device of the eSE. The eSE includes an issuer security domain (51), ISD, with which cryptographic keys are associated. The method includes, in an application agent embedded in an OS of the host device: sending (420) the ISD a random value; receiving (435) a cryptogram corresponding to the random value encrypted using a key associated with the ISD; sending (440, 450) the random value and the cryptogram to a first extern entity entered in the application agent. The method includes: sending (455, 4555) the random value and the cryptogram from the first entity to a second external entity; verifying (4556) that the second entity possesses keys associated with the ISD from the cryptogram and the random value.

Abstract: Module (10) for controlling usability of a processing unit (2) of a device (1), the module comprising a modem (11) for communicating with a cellular network, and an access circuit (12) connected to the modem for cellular network authentication and access, which access circuit comprises or is connected to a secure element (12), characterized by a state machine configured to control the device in accordance with one of a plurality of usability states, including at least a normal state and an alert state, wherein operation of the processing unit is inhibited in said alert state.

Abstract: A method includes receiving, by an access control management system, from a first client device, information associated with an encrypted data object. The access control management system receives, from a second client device, a request for the information. The access control management system verifies that a user of the second client device is identified in the received information. The access control management system selects an identity provider, based on a user identifier included in the received information, the user identifier associated with the user of the second client device. The access control management system requests from the selected identity provider, authentication of the user of the second client device. The access control management system sends, to the second client device, the received information. The access control management system stores an identification of at least one of the second client device and the received request for the information.

Abstract: An authentication technique with a teaching phase and authentication phase. In the teaching phase, authentication information is collected for a user in at least two categories, wherein one category relates to measurable physical characteristics of the user, another category relates to communication resources available to the user; and a third category relates to knowledge possessed by the user. In the authentication phase, some of the collected authentication information is used to formulate challenge(s) for presentation to the user. Response(s) to the formulated challenge(s) is/are received from the user and correctness of the received response is determined based at least partially on comparison with at least a portion of the collected authentication information. A correctness metric is calculated for the response(s). The user is authenticated if the correctness metric meets or exceeds a first threshold value.

Abstract: A method and apparatus for providing a lifetime extension to an identity assertion is provided herein. During operation a user will authenticate to an identity management server (also known as an authorization server or an authentication server) to obtain an identity assertion. An identity assertion will be provided upon successful authentication. The lifetime of the identity assertion will be based on whether or not biometric information of the user will be used by the device to which the assertion is being issued to identify the user prior to allowing the use of the identity assertion.

Abstract: Technology for performing continuous authentication of a mobile device utilizes user activity context data and biometric signature data related to the user. A biometric signature can be selected based on the activity context, and the selected biometric signature can be used to verify the identity of the user.