Abstract: Product order and shipping information received via email messages is automatically aggregated for ready user review. Once the user is authenticated, authorization to access their email mailbox is obtained and the email message headers of their emails are analyzed to identify those messages of interest. The bodies of the email messages of interest are parsed to extract the product order and shipping information which is stored and presented for display to the user typically grouped by individual product thus greatly simplifying user review of orders.

Abstract: A preview generating section 104 generates preview forming data within a predetermined data size by extracting at least a part of header information and at least a part of a mail body from an electronic mail obtained by a mail obtaining section 102. A cache section 142 caches the preview forming data. A display section 108 displays a preview list on a display device 68 using the preview forming data cached by the cache section 142. When a preview included in the preview list is selected, a command transmitting section 106 requests a server to transmit the electronic mail identified by the selected preview.

Abstract: Disclosed are a mobile terminal and controlling method thereof, including wireless communication unit configured to transceive mails, touchscreen configured to display at least one first mail previously received through the wireless communication unit, and controller, when a command for a reply or forwarding of the displayed first mail is inputted, displaying a composing window of a second mail including the first mail, the controller, when at least one mail address information included in at least one original text in the first mail is selected from the composing window, automatically setting a mail address matching the selected mail address information as a recipient or carbon copy mail address of the second mail. Accordingly, when a mail address of a recipient or carbon copy of a replied or forwarded mail for a received mail, the mail address can be conveniently set using mail address information included in the received mail.

Abstract: Some embodiments of a method for withdrawal a message include receiving, by a mobile device, an input to send a first message to a first recipient, the first message containing at least one image or video. The mobile device processes the first message for transmittal to the first recipient. In response to detecting a request to withdraw the first message within a timeout period, the mobile device determines that the first message has not been sent from the mobile device and terminates the processing of the first message for sending.

Abstract: A networking activity interactive system includes: a creating module for creating networking activity contents; an interactive module for receiving requests for participating the networking activity and participant data submitted by a user, to ensure only participant data in conformity with the networking activity contents is added to the participant user group of the networking activity, and the user is added to the participant user group; a database for storing the networking activity contents, the participant user group of the networking activity, and the participant reply content volume; and a presenting module for presenting the networking activity content and the participant reply content volume of the networking activity. Furthermore, a non-transitory computer readable recording medium, a client terminal and a server for networking activity interactive are also provided.

Abstract: An interworking function is provided between first and second messaging domains or technologies, when original address/identities of users in the first domain and the second domain are incompatible. Upon receiving from a sender in the first messaging domain a message addressed to a recipient in the second messaging domain, the interworking function provides, for an original sender address or identity received in the message, a new sender address which is valid in the second messaging domain, and inserts the new address in a header field of the message to be forwarded to the recipient in the second messaging domain. Moreover, the interworking function adds the original sender address into the specific header field of the message either as a part of the new sender address or as an attribute.

Abstract: A unified communication application can allow a user to communicate with contacts across multiple electronic communication services. When the user desires to send a message, the communication application can identify a set of candidate account addresses associated with several electronic communication services in response to receiving a partial identifier of an intended recipient. The communication application can present a list including the set of candidate account addresses to the user. In response to receiving a user selection of one of the candidate account addresses, the communication application can determine a sender account from which to send the message.

Abstract: The disclosure proposes a smart conversation method and an electronic device using the same method. According to one of the exemplary embodiments, an electronic device may receive via a receiver a first communication in a first communication type and determining a recipient status. The electronic device may determine a second communication type as an optimal communication type based on the recipient status. The electronic device may convert the first communication into a second communication that is suitable for the second communication type. The electronic device may transmit via a transmitter the second communication in the second communication type.

Abstract: Network architecture supports hosting and content distribution on a global scale. The architecture allows a Content Provider to replicate and serve its most popular content at an unlimited number of points throughout the world. The inventive framework comprises a set of servers operating in a distributed manner. The actual content to be served is preferably supported on a set of hosting servers (sometimes referred to as ghost servers). This content comprises HTML page objects that, conventionally, are served from a Content Provider site. A base HTML document portion of a Web page is served from the Content Provider's site while one or more embedded objects for the page are served from the hosting servers, preferably, those hosting servers near the client machine. By serving the base HTML document from the Content Provider's site, the Content Provider maintains control over the content.

Abstract: Router advertisements containing name information from superordinate subnetworks are received by routers associated with subordinate subnetworks. The router advertisements are supplemented with a topological and/or hierarchical name component associated with the respective router and are distributed inside the respective subordinate subnetwork. Communication terminals independently generate their device name from topological and/or hierarchical name components and a unique name component inside their respective subnetwork.

Abstract: A method of discovering addressing information of one or more upstream devices to respond to specific messages by a second device on behalf of the one or more upstream devices in a network includes acquiring the addressing information in an upstream direction from one or more downstream devices to the one or more upstream devices. The method further includes acquiring the addressing information in a downstream direction from the one or more upstream devices to the one or more downstream devices. The method further includes responding to specific messages using the acquired addressing information about the one or more upstream devices.

Abstract: The present invention is a system and method for an out-of-band network firewall where a firewall, packet-filtering device receives mirrored data packet traffic between a remote host and local host. The out-of-band firewall then will determine if traffic between the remote host and local host should be blocked, and if so then the firewall will send a forged data packet to the remote host and the local host to sever the communication between the hosts. The firewall system may forge a TCP reset packet (RST packet) using the mirrored data packets such that when the TCP reset packet is sent, the hosts will believe that the other respective host is requesting that the connection be reset and terminated. If the firewall receives the mirrored packets from an agent connected to a local host, then the firewall will instruct the agent to block future traffic from the blocked host.

Abstract: Systems and methods for performing a data transfer in a data protection system are disclosed. A user interface is provided that includes a workflow. The workflow is effective to configure a data transfer by identifying the source of the data, the destination of the data, and the data itself. A data control process associated with the data protection system is performed to authenticate the requesting user and determine whether the user is authorized to access the data. The data is transferred in accordance with the data control process of the data protection system.

Abstract: A method, system and apparatus for sharing media content securely and reliably among various computing devices in a private network through media streaming technology is provided.

Abstract: A method, system, and manufacture for securely broadcasting shared folders from one client device to other client devices and synchronizing the shared folders over a local area network. A first client device, associated with a content management system, generates a secure identifier for a shared folder, using a shared secret key that is associated with the shared folder. The first client device announces the secure identifier over a local area network to other client devices on the local area network including a second client device. The first client device receives a synchronization request for the shared folder from the second client device. After authenticating, using the shared secret key, that the second client device has authorization to access the shared folder, the first client device synchronizes the shared folder with the second client device over the local area network.

Abstract: Disclosed herein are techniques for use in fraud detection. In one embodiment, the techniques comprise a method. The method comprises receiving an encrypted current location associated with a user. The method also comprises obtaining an encrypted historical location associated with the user and an encrypted location sensitivity metric that relates to a distance within which locations are considered to be the same. The method further comprises performing an authentication operation based on the encrypted current location, the encrypted historical location and the encrypted location sensitivity metric.

Abstract: Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low-level data model in which data and meta-data are secured uniformly. Synergies between data validation and log-structured storage are exploited.

Abstract: A method includes generating a first sequence of data words for sending over an interface. A second sequence of signatures is computed and interleaved into the first sequence, so as to produce an interleaved sequence in which each given signature cumulatively signs the data words that are signed by a previous signature in the interleaved sequence and the data words located between the previous signature and the given signature. The interleaved sequence is transmitted over the interface.

Abstract: A link is a software abstraction that represents a direct connection between two CoCo nodes. The link layer detects the presence of neighboring devices and establishes links to them. A protocol abstraction layer converts data frames that arrive on network interfaces into packet objects used by the COCO Protocol Suite.

Abstract: An approach is provided for protecting data owned by an operating system on a mobile computing device having multiple operating systems. A map specifying protected data regions for the operating systems is generated. The map is secured with a shared key retrieved from a data structure. Based on the shared key, a tuple specifying the data region is retrieved from the data structure. Based on the map, the shared key, and the tuple, and responsive to a data cleanup activity being performed by a software utility being executed on another, currently running operating system included in the multiple operating systems, a data region included in the protected data regions is determined to be owned by the operating system. Based on the data region being owned by the operating system and specified by the map, the data cleanup activity is blocked from being performed on the data region.

Abstract: A method and an arrangement for providing keys for protecting communication between a terminal (300) and service points in a communication network. A basic key (Ik) is first established with a service control node (304) when the terminal has entered the network. An initial modified key (Ik1) is then created in both the service control node and the terminal, by applying a predetermined first function (f) to at least the basic key and an initial value of a key version parameter (v). The initial modified key is sent to a first service point (302), such that it can be used to protect communication between the terminal and the first service point. When the terminal switches to a second service point (306), the first service point and the terminal both create a second modified key (Ik2) by applying a predetermined second function (g) to the initial modified key, and the first service point sends the second modified key to the second service point.

Abstract: A method for user identification, the method comprising relaying an identifier of an application server user to a database associated with the application server, wherein the relaying is performed via a transaction request from the application server to the database.

Abstract: One or more content providers push data related to: movies, movie products, digital movie content over a network (e.g., a LAN, a WAN, the Internet, or a wireless network) onto an information filling station which, in turn, wirelessly transacts (over a network based on the 802.11b protocol) and transmits any requested data to a portable computer-based device (e.g., laptop, a pen-based computer device, a PDA, a wireless phone, or a pager). The portable device performs financial transactions for: purchasing movie tickets (directly or via auctions), downloading digital entertainment content of interest (e.g., copy of a movie of interest, copy of a movie identified based on a pre-stored profile, copy of soundtrack of a movie of interest), or movie related products. Any purchased digital content is either transferred wirelessly onto the portable device or, optionally, sent on a storage medium to a physical address associated with the profile.

Abstract: The content rendering capability of web browsers can be tested and compared across different web browsers. Testing with respect to restricted content is enabled utilizing a web browser to facilitate authentication. State information acquired by the web browser from a server can be employed to request restricted content for rendering by a number of target web browsers sought to be tested. Subsequently, representations of the restricted content produced by target web browsers can be rendered to a multi-browser display environment, for example.

Abstract: Systems, methods and computer-readable media are disclosed for performing single sign-on processing between associated mobile applications. The single sign-on processing may include processing to generate an interaction session between a user and a back-end server associated with a mobile application based at least in part on one or more existing interaction sessions between the user and one or more back-end servers associated with one or more other mobile applications. In order to establish an interaction session with an associated back-end server, a mobile application may leverage existing interaction sessions that have already been established in connection with the launching of other associated mobile applications.

Abstract: A system for transferring information from a first PI server coupled to a first network to a second PI server coupled to a second network. The system includes a source platform coupled to the first network and in communication with the first PI server, a receive platform coupled to the second network and in communication with the second PI server, and a one-way data link coupling the source platform to the receive platform. The source platform is configured to read transfer configuration information from the first PI server and to dynamically modify the transfer parameters based thereon. The receive platform is configured to, if there is changed database record configuration information, continually store a current predefined portion of the historical information in memory without transferring such information to the second PI server until a user, via a user interface, authorizes the release of such information to the second PI server.

Abstract: A method for providing multimedia data including receiving multimedia data, from a second user; determining user information relating to the second user; defining a first authenticity value based on the user information; determining multimedia data characteristics relating to the multimedia data; defining a second authenticity value based on the multimedia data characteristics; defining a multimedia data authenticity value using the first and the second authenticity value; and maintaining, by the operator, the received multimedia data associated with the multimedia data authenticity value, wherein the multimedia being available for a third user.

Abstract: A content sharing system includes: a server; a first information communication apparatus; and a second information communication apparatus, in which the first information communication apparatus includes a reserve requesting unit which sends to the server a reserve request message for requesting to reserve a sharing space to be newly generated, the reserve request message including first identification information for identifying the second information communication apparatus or the user using the second information communication apparatus, and the server includes: a first storage; and a sharing space generating unit which, upon receiving the reserve request message, generates the sharing space in the first storage, and stores in the first storage the first identification information included in the reserve request message.

Abstract: Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user's interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.

Abstract: A global endpoint may be associated with an organization name and a plurality of directories located in different geographic regions. The global endpoint may be a computing system that hosts a page used by users to access an application or service. A user may be able to access the application or service using already existing credentials. For example, the user may access the application or service using credentials stored and maintained by an entity with which the user is affiliated. Users having credentials stored in different geographic regions may be able to access the application or service via the same global endpoint.

Abstract: The disclosure is generally directed to systems and methods for HTTP header-based authentication. For example, the systems and methods include receiving, at a mobile platform server, a first request message from a client device, the first request message requesting to download an application from the mobile platform server, sending, to the client device, a first response message having a first authentication query within header portions of the first response message, receiving, at the mobile platform server, a second request message having first authentication credentials within header portions of the second request message, sending, to the client device, a second response message having a second authentication query within header portions of the second response message, receiving, at the mobile platform server first device, a third request message having second authentication credentials within header portions of the third request message, and sending, to the client device, the application.

Abstract: An authentication server transmits a random number to and receives a other information from a service provider. Later, the first random number is received from a requester and a provider identifier, the received other information and provider authentication policy requirements are transmitted to the requester. A user identifier and validation information are received from the requester. The received validation information is determined to correspond to the provider authentication policy requirements, and compared with stored user validation information associated with the received user identifier to authenticate the requester. A message, including both the random number and other information, signed with a credential of the requesting user is received and transmitted to the first provider.

Abstract: There is provided an information processing method of an information processing device, including acquiring tag-unique information unique to an IC tag from the IC tag through near field communication, acquiring device-unique information unique to the information processing device, transmitting the acquired tag-unique information and the acquired device-unique information to an outside, and receiving, from the outside, an authentication result of the acquired tag-unique information and a verification result of right information for using the IC tag, which are obtained based on the transmitted tag-unique information and device-unique information.

Abstract: In one general embodiment, a method for determining a controlling entity of a first avatar in a virtual world includes: receiving a request for access to a resource via a first avatar; providing a challenge to the first avatar in response to receiving the request; receiving a challenge response via the first avatar in response to the challenge; determining an identity confidence level based on the challenge response; making an identity determination for a controlling entity of the first avatar based on the identity confidence level; and providing or denying access to the resource based on the identity determination.

Abstract: An information processing apparatus according to the present invention is arranged in a client terminal connected to a server storing data via a network, wherein the information processing apparatus receives requests from one or a plurality of applications in the client terminal and controls transmission and reception of information to/from the server. The information processing apparatus includes an authentication information storage unit for storing authentication information of a user for accessing the server, and a request transmission unit for attaching the authentication information of the user of the client terminal to a request based on the request given by the application of the client terminal, and transmits the request to the server.

Abstract: In a computer-implemented authentication method, a first authentication request from a first machine is received at an authentication server. The first authentication request includes an identification of a second machine that is to provide a requested service. An authentication token including client-specific and server-specific portions is generated at the authentication server, responsive to receiving the first authentication request from the first machine. An authentication identifier and the server-specific portion of the authentication token are transmitted from the authentication server to the second machine, responsive to receiving the first authentication request from the first machine. A second authentication request, including the authentication identifier and both the server-specific and the client-specific portions of the authentication token, is received at the authentication server from the second machine.

Abstract: A control system includes a control device, a controller, a plurality of user mobile devices, and a manager mobile device. An initial first identification information picked up by each user mobile device is sent to the manager mobile device, is authenticated, and is encoded together with a control device identification number corresponding to the control device. Every time a user mobile device is connected to the controller for opening the control device, a holder of the user mobile device is requested to input an instant first identification information. After decoding by a decoding key, the controller identifies whether the instant first identification information is identical to the authenticated initial first identification information and identifies whether the obtained control device identification number is identical to that of the control device. The identification result is used to decide whether the control device should be set to be an open state.

Abstract: Systems and methods for deploying rich internet applications in a secure computing environment. An example computer system comprises: a hardware processor and a run-time environment executing a first rich internet application in a first application container and a second rich internet application in a second application container.

Abstract: One or more methods of translating identity protocols and a device and a system implementing such methods are described herein. One such method comprises configuring a gateway to communicate with a first identity protocol and a canonical representation, with the canonical representation being different than the first identity protocol. The method may further comprise: including the first identity protocol in a first communication between a first computing device and the gateway, and translating at least a portion of the first communication from the first identity protocol to a canonical representation. The gateway may then translate the at least a portion of the first communication from the canonical representation to a second identity protocol and sending the first communication to a second computing device, including the first identity information in the second identity protocol in the communication.

Abstract: The present disclosure includes an exemplary method for controlling access to a third-party server by a mobile terminal. The method comprises: acquiring, at the mobile terminal from a first-party server, login authorization information using which a user of the mobile terminal has logged in the first-party server through a client-side application corresponding to the first-party server, wherein the login authorization information includes a logged-in account; transmitting, to the third-party server, a login request, wherein the login request includes the login authorization information that is to be verified; and receiving authorization for the user to log in the third-party server using the logged-in account included in the verified login authorization information.

Abstract: Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs.

Abstract: The invention relates to an RFID tag, which comprises a receiving means, a first and a second verification means, and a transmitting means. The receiving means is designed to receive a challenge message sent by an RFID reading device. Said challenge message comprises a challenge data set, which has a digital certificate issued for the RFID reading device by a certification authority and signed by means of a private key of the certification authority and which has a request message, and a digital signature at least of the request message, which digital signature is generated by means of a private key of the RFID reading device. The first verification means is designed to verify the digital certificate by means of a public key of the certification authority. The second verification means is designed to verify the digital signature by means of a public key of the RFID reading device.

Abstract: A digital certificate incorporated within a communication is received from a server associated with a host name. Resource records associated with the host name are caused to be queried for a list of certificate authorities. In response to causing the resource records to be queried, the list of certificate authorities is received. A certificate authority is identified within the received digital certificate. The identified certificate authority is compared to the received list of certificate authorities. A determination is made, based on the comparison, that the identified certificate authority is included in the received list of certificate authorities.

Abstract: A system and method provides security features for inter-computer communications. After a user has proved an association with one of several firms, a user identifier of the user that cannot be used to log the user in to a data consolidating system is received by a matching system from the data consolidating system. The validity of the user and the firm is checked at the matching system and, in response to the checking, the user identifier is converted to a different user identifier and the different user identifier is provided to a data providing system by the matching system. The data providing system provides the data of the user in response, and the matching system forwards the data to the data consolidating system.

Abstract: A method for password setting and authentication is provided. The method includes receiving a password setting request and acquiring a reference character string and reference input duration information. The reference input duration information may be associated with a character at a position of the reference character string. The method may further include storing the reference character string and the reference input duration information, receiving a password authentication request, and acquiring an authentication character string input by a user and authentication input duration information. The authentication input duration information may be associated with a character at the position of the authentication character string. The method may further include determining whether password authentication is successful based on the authentication character string, the authentication input duration information, the reference character string, and the reference input duration information.

Abstract: A tokenization system tokenizes sensitive data to prevent unauthorized entities from accessing the sensitive data. The tokenization system accesses sensitive data, and retrieves an initialization vector (IV) from an IV table using a first portion of the sensitive data. A second portion of the sensitive data is modified using the accessed initialization vector. A token table is selected from a set of token tables using a third portion of the sensitive data. The modified second portion of data is used to query the selected token table, and a token associated with the value of the modified second portion of data is accessed. The second portion of the sensitive data is replaced with the accessed token to form tokenized data.

Abstract: A network user is authenticated to another network entity by using a first program to receive user input validation information, and store a user credential. A second program receives information, such as a random number, from the other entity. The first program receives an input transferring the information to it, transmits the information to the authentication server, and receives an identifier of the other entity, other information, and authentication policy requirements from the authentication server. It then transmits the input validation information corresponding to the received authentication policy requirements to the authentication server, and in response receives a request for a user credential. It signs a message, including the transferred information and the received other information, with the stored user credential, and transmits the signed message to the authentication server to authenticate the user.

Abstract: The field of the invention relates to network connected authentication systems, and more particularly to systems and methods that enable authentication of a user using a connected device in the possession of the user. In an embodiment, the system includes a network connected authentication server system communicatively coupled to a network for access by a plurality of user devices to authenticate a plurality of users of one or more third party applications, and a user account database coupled to the network connected authentication server system to store account information including a username for each of the plurality of users.

Abstract: A centralized policy management may allow for one set of credentials to various applications and services offered by a computing resource service provider or other third-party servers. Systems, methods, and computer readable medium can be configured to receive a request to access a first computing system service provided by the computing resource service provider, generate an encrypted data bundle including at least a user identifier and a data type, and transmit the encrypted data bundle to a recipient, wherein the encrypted data bundle is configured to be returned to the one or more computing devices to facilitate access to the first computing system service provided by the computing resource service provider.

Abstract: A method of host-directed illumination for verifying the validity of biometric data of a user is provided that includes capturing biometric data from a user with an authentication device during authentication and directing illumination of the biometric data from a host authentication system during the capturing operation. Moreover, the method includes comparing illumination characteristics of the captured biometric data against illumination characteristics expected to result from the directing operation, and determining that the user is a live user when the illumination characteristics of the captured biometric data match the illumination characteristics expected to result from the directing operation.