Abstract: Real-time busyness information is for a public place is computed in a privacy-sensitive way, and provided for display in relation to historical busyness information. An aggregate amount of real-time location information available for a particular public place is measured (410), and used to determine (420) whether the public place is privacy-qualified. If the public place is privacy-qualified, real-time busyness information is computed (440) for the public place based on the real-time location information. Further, it is determined (450) whether the computed real-time busyness information is accuracy-qualified, based on a comparison of the real-time busyness information to historical busyness information. If both qualifications are met, the real-time busyness information is output (470) for display or to another application.

Abstract: A secure data broker includes a public network interface, an authorization module, a database interface, and an encryption module. The public network interface is configured to receive a database query and authorization information from a client device over a secure connection and return a response to the database query to the client device over the secure connection. The authorization module is configured to authorize the client device based on the authorization information, which was issued to the client device by the public safety platform. The database interface is configured to submit the database query to a secure database in response to the authorization of the client device and to receive the response to the database query from the secure database. The encryption module is configured to encrypt the response to the database query using a broker key.

Abstract: The innovation disclosed and claimed herein, in one aspect thereof, comprises systems and methods of authenticating customers and service agents. The innovation receives a connection request to connect a customer and a service agent. The customer is authenticated for the service agent by matching biometric data of the customer to previously stored biometric data using a biometric recognition algorithm. The service agent is authenticated for the customer by matching a unique identifier to a previously stored unique identifier. A confirmation notification is generated and sent to the service agent and the customer to confirm the authentications. A connection is established between the customer and the service agent according to the authentications and the connection request.

Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

Abstract: A biometric token is generated for a user and provided to a user-operated device. A pre-staged transaction is defined by a user and the user supplies the token for association with the pre-staged transaction. Subsequently, a user visits a transaction terminal and a new candidate token is generated from biometric attributes of the user. The candidate token is matched to the token associated with pre-staged transaction to authenticate the user and the pre-staged transaction is processed at the transaction terminal as a completed transaction.

Abstract: Concepts and technologies disclosed herein are directed to vehicle-to-everything (“V2X”) certificate management. According to one aspect of the concepts and technologies disclosed herein, a system can receive a CRL from a security credential management (“SCM”) system. The CRL can identify one or more certificates that have been determined to be invalid, such as when the certificate(s) has expired. The certificate(s) can be utilized by a vehicle for secure communications, including vehicle-to-vehicle (“V2V”) and vehicle-to-infrastructure (“V2I”) (collectively V2X). The system can format the CRL as a cell broadcast message. The system can then create a cell broadcast request directed to a cell broadcast center (“CBC”). The cell broadcast request can include the CRL formatted as the cell broadcast message. The system can send the cell broadcast request to the CBC to instruct the CBC to broadcast the CRL as the cell broadcast message.

Abstract: Embodiments of the invention provide systems, computer program products, and methods for a network operational decisional engine (NODE) to allow individual users to set resource distribution constraints on various accounts over a number of different networks. By providing a centralized user interface and storing and tracking user configuration and account data, the invention recognizes and filters resource distribution requests based on operational decisions as specified by users in order to provide increased control over the authorization or denial of resource distribution requests. The NODE provides the ability to proactively control resource distribution constraints before requests for resource distribution are initiated, and allows for tailored operational decisions to be easily implemented based on a wide range of user-defined criteria.

Abstract: An interconnection network is provided for managing data transfer between a plurality of nodes of an integrated circuit. The interconnection network has at least one transmission path originating from an upstream location of the interconnection network, each transmission path being arranged to transmit data blocks from the upstream location to an associated downstream location within that transmission path. Digest generation circuitry is used to generate digests for data blocks, and fault detection circuitry provided in association with the upstream location is arranged to determine presence of a fault condition in the interconnection network. The digest generation circuitry is arranged to generate an upstream digest for a given data block at the upstream location, and to generate a corresponding downstream digest for the given data block at the associated downstream location.

Abstract: Authentication is performed on a plurality of links of a computing environment. One node requests generation of a shared key by a key server coupled to the one node. The one node obtains the shared key and an identifier of the shared key and sends the identifier from the one node to another node. A message encrypted with the shared key is sent from the one node to the other node via one link of the plurality of links. The one node receives via the one link an indication that the other node decrypted the encrypted message using the shared key obtained by the other node. The sending the encrypted message and the receiving the indication that the other node decrypted the encrypted message are repeated on one or more other links of the plurality of links using the shared key previously obtained.

Abstract: Described herein are various methods of securing a computer system. One or more methods include starting a security process after basic functionality on a computer is initiated at startup. The security process performs one or more reviews, such as audits, of the computer to verify that there have not been unauthorized changes to the computer, such as to any settings or executable files.

Abstract: A system and method that distinguishes between logos and other categories of images, such as natural images, cartoon images, and computer-processed or generated images (“concept images”). The system receives a query image, which may, for example, be intended to be evaluated by an image search and comparison engine to identify matches to a catalog of images. The system evaluates characteristics of the query image, such as the gray-levels in the image, the edge crossings in the image, and the gradient magnitudes in the image, to identify whether the image is a logo. Based on identifying the image is a logo, the logo query image may be excluded from being evaluated by the image search and comparison engine.

Abstract: The present invention provides a system and method for conditionally selecting biometric modalities for biometric authentication at authentication run time. The system and method employ programmatic logic to identify which biometric modalities to use for authenticating a user. The software module for selecting biometric modalities includes, a plurality of rules or conditional logic for selecting one or more biometric modalities required to authenticate a user requesting a secure action.

Abstract: A method, apparatus and computer program product for displaying a web page. Metadata describing a web page is received by a client data processing system. The metadata defines what the web page looks like without content for the web page. The content needed for the web page based on the metadata is identified by the client data processing system. The content for the web page is obtained by the client data processing system. The web page using the metadata and the content is created by the client data processing system without using a markup language. The web page on a graphical user interface on the client data processing system is displayed by the client data processing system.

Abstract: In a network that includes a client, a server and one or more proxy entities that intercept network traffic between the client and the server, a computer-implemented method is provided including: establishing trust with a permissioned distributed database; computing hashes from packet payloads of network traffic originated, intercepted or received; storing the hashes to the permissioned distributed database so that the permissioned distributed database maintains hashes computed from packets of the network traffic originated, intercepted or received by the client, server and the one or more proxy entities; and validating the hashes by comparing, with each other, the hashes stored to the permissioned distributed database by the client, server and the one or more proxy entities to determine whether any packet payload of the network traffic was modified in transit.

Abstract: A controller of an information handling system (IHS) performs a method to detect tampering with functional components of IHS. Following a last authorized configuration change of locally-available information handling resources, a unique code is generated and stored with a time-stamped system log entry in a system memory. Prior to transit, a system management audit (SMA) log snapshot is generated and provided to an audit device for separately conveying to a recipient of the IHS. In response to powering up at least the controller of the IHS after transit, a current SMA log snapshot is obtained that includes a current SMA log entry and a current unique code. Access by an audit device is provided to the current SMA log snapshot to enable comparison to the SMA log snapshot created prior to transit for identifying whether there has been tampering with the IHS.

Abstract: Methods and systems for efficiently capturing snapshots of a computing application or environment over time and transferring the snapshots to an integrated data management and storage system are described. A snapshot agent may detect that one or more electronic files associated with the computing application or environment are greater than a threshold file size and in response perform an incremental backup optimization in which the snapshot agent may identify files that have been touched since a previous snapshot by accessing file system metadata (e.g., last modified timestamps) or utilizing a tracking agent to detect potential file changes that have occurred since the previous snapshot was captured. The snapshot agent may then generate fingerprints for data blocks of the touched files, which may reduce the total number of fingerprints needing to be generated to identify the changed data blocks corresponding with a current snapshot to be transferred.

Abstract: A settlement system includes a mobile terminal including a plurality of payment means for performing the payment process, and a reader/writer including an acquisition unit that sequentially inquires to the mobile terminal about each of a plurality of acceptable payment means and accepting a payment with one payment means specified among payment means confirmed to be present by the settlement acquisition unit by using a settlement unit corresponding to the one payment means, the mobile terminal further including a storage means that stores limitation information, and the reader/writer further includes a limitation information acquisition means that acquires the limitation information stored in the storage means, and an electronic money type narrowing down unit that stops inquiries by the acquisition unit when presence of payment means limited by the limitation information acquired by the limitation information acquisition means is confirmed by the acquisition unit.

Abstract: An authentication and encryption computer system is disclosed including processing devices, a network interface, and a data store. The authentication and encryption system is configured to maintain in the data store content common to a plurality of entities and content independently specified by each of the plurality of entities. The system is configured to receive a content request from an application executing on a mobile device, the content request comprising a secure access code corresponding to an entity, and the content request encrypted by the mobile device. An interface, comprising the content common to the plurality of entities, is customized to include content independently specified by the entity, wherein the content independently specified by the entity comprises a token value. A user request for an item presented via the interface is received and the token value is transferred to the entity.

Abstract: Techniques are described for wireless communication. A method of wireless communication at a transmitting wireless device includes generating a first Message Authentication Code (MAC) for a data packet based at least in part on a first security key used to communicate with a receiving wireless device; generating a second MAC for the data packet based at least in part on a second security key used to communicate with a relay user equipment (UE), in which the relay UE is included in a data routing path between the transmitting wireless device and the receiving wireless device; and transmitting the data packet to the relay UE with at least the first MAC and the second MAC.

Abstract: Data from browser requests is added to a vector. If explicit identification information (username, cookie data, etc.) is present, the vector is associated with a pre-existing user record, which is then updated. If not, candidate user records may be identified according to correspondence with values in the vector. This may include comparing hashes of one or more values to identify similarities. Candidate vectors may be eliminated by identifying inconsistency in OS, device, and browser information. Probability assigned to each candidate vector may be adjusted, e.g., reduced, in response to inconsistency in other data relating to a browser, device, or of a more global nature, e.g. time zone, user attributes, etc. Records associated with different devices may be associated with one another by evaluating hashes of data values submitted by a user on the different devices. Where the hash values of two records intersect, they may be merged with one another.

Abstract: Operating upon encrypted data with a particular data scope. A base encryption key is established and associated with the particular data scope, and then stored in a base encryption key store. That base encryption key store might be managed by an application or service that stores base encryption keys for multiple data scopes. A proxy encryption key acts as a kind of proxy for the base encryption key. The proxy encryption key may be used for frequent operations on encrypted data within the particular data scope. Thus, the principles described herein act as a frequency amplifier that allows key-based operations upon the particular data scope to be performed at much higher frequencies than otherwise would be possible by operating directly using the base encryption key.

Abstract: A computer-implemented method for tokenless authentication of a paying consumer during a payment transaction uses a computing device having a processor and a memory. The method includes receiving a plurality of biometric data sets for a plurality of consumers. Each biometric data set includes at least a biometric image of a consumer and an associated payment account identifier. The method also includes receiving, from a first biometric input device communicatively coupled to the processor, a first biometric image of the paying consumer including an iris image. The method further includes determining a payment account associated with the paying consumer based on at least the first biometric image and the plurality of biometric data sets. The method also includes authenticating use of the payment account by the paying consumer for a payment transaction at the retail location by comparing the first biometric image to the plurality of biometric data sets.

Abstract: An iris biometric recognition module includes technology for capturing images of an iris of an eye of a person, whether the person is moving or stationary. The iris biometric recognition technology can perform an iris matching procedure for, e.g., authentication or identity purposes, by comparing a digital iris image to a reference iris image and, if the digital and reference iris images match, authenticating a person as authorized to access a first device and transmitting a wireless communication from the first device to a second device.

Abstract: Transmitting filesystem changes over a network is disclosed. A hash of data comprising a chunk of directory elements comprising one or more consecutive directory elements in a set of elements sorted in a canonical order is computed at a client system. One or more directory elements comprising the chunk are sent to a remote server in the event it is determined based at least in part on the computed hash that corresponding directory elements as stored on the remote server are not identical to the directory elements comprising the chunk as stored on the client system.

Abstract: A processor-implemented method for authenticating a login without a password. The method includes: receiving a request to authenticate a login, the request including a user identifier and excluding a password; based on the user identifier, identifying a device to be used to authenticate the login; and in response to determining that a login confirmation message has been received from the identified device, authenticating the login.

Abstract: A user permission check system with less CPU throughput while ensuring non-repudiation is provided. In order to solve the above-described problem, in the present invention firstly, a MAC function that does not require a CPU to have high processing power is utilized. Additionally, a message is encrypted with a plurality of secret keys and the plurality of keys are distributed to a plurality of servers to make them have the keys in order to ensure validity of the message as a proof of non-repudiation. Subsequently, each server proves the validity of the message within its own range and the validity of the message is ensured by aggregating these individual results, thereby implementing the non-repudiation.

Abstract: A container designed to contain a fluid medicament and adapted to cooperate with a delivery device for delivering the fluid medicament comprises an electrically operable sensor system for measuring at least one physical or chemical parameter value related to the container and/or fluid medicament therein, wherein the sensor system comprises an optical receiver designed to receive optical radiation energy and to transform said optical radiation energy into electrical energy for operating the sensor system.

Abstract: Technology, implemented in digital hardware, software, or combination thereof, for completing Secure Hash Algorithm (SHA-2) computation with generating one new hash value at each clock cycle is described. The technology includes: using synchronous logic to store the computed values every alternate clock and combinational logic to process multiple rounds of SHA in each clock; completing hash calculation in unrolled modes; using efficient adders for most 32-bit adders to improve performance.

Abstract: A mobile device may perform authentication with an authenticating entity. The mobile device may comprise a plurality of sensors and a processor. The processor may be configured to: receive an authentication request from the authenticating entity requesting authentication information; and determine if the authentication request satisfies predefined user privacy preferences. If so, the processor may be configured to: retrieve the authentication information from at least one sensor to form a trust vector in response to the authentication request and to command transmission of the trust vector to the authenticating entity for authentication.

Abstract: Disclosed are a method, server, client and system for verifying a verification code. The method includes: sending a verification picture to a client according to a verification request from the client; acquiring from the client voice information that is input by a user according to the verification picture; and processing the voice information and performing verification according to acquired voiceprint information and/or text information. The server includes a sending module, an acquiring module and a verifying module. The client includes a receiving module, an acquiring module and a sending module. The system includes a server and a client. It may be effectively distinguished as whether the verification code is submitted by the user or by others, such that the problem of manual coding is effectively solved, and the operating cost of the server side is reduced and the overhead is saved.

Abstract: An authorized user obtains a packaging license that grants permission to use a particular recording device to generate multimedia content in accordance with specified license terms. The packaging license includes a content key that is used to encrypt the multimedia content at the point of capture on the recording device. The encrypted multimedia content can be transmitted via unsecure channels (for example, via electronic mail) to a networked content repository or an intended recipient. For playback, an authorized user obtains a playback license that grants permission to decrypt and playback the multimedia content using a particular playback device. An authorization server and a key management server are used to manage which users are entitled to receive a license, and to define the terms of the granted licenses. A record of the granted authorizations and licenses is maintained, thereby allowing access to a given content item to be audited.

Abstract: A method and system for management access tokens is described. Access tokens for accessing third-party resources are stored and managed in a token repository. An access token may be obtained from a third-party resource. Once a user has authorized the system to access a third-party resource and unless that authorization is revoked, the user is not required to reauthorize the system in a pending or any subsequent interactive session, regardless of which shard of the system and third-party resource the user is connected to. The system can also use the authorization to execute scheduled requests for accessing or obtaining data from the third-party resource.

Abstract: A user mode control method and system based on iris recognition for mobile terminal are provided. When the mobile terminal receives an operation instruction of a user to start a display screen, iris feature data of the current user are scanned. The iris feature data of the current user are matched with iris feature data of users collected in advance, and the corresponding user mode is started when the match succeeds. The user mode control method and system prevents a stranger from accessing private data, and greatly improves security of the user data.

Abstract: An authentication request is generated when a user of a client device attempts to initiate a user session with an application managed by a service provider. An authentication response is generated based on credentials received from the user. The authentication response includes an assertion on behalf of the user. A delivery resource locator for the assertion is rewritten to a resource locator of a proxy in order to redirect the assertion to the proxy. The authentication response is sent to the client device together with the resource locator of the proxy in order to cause the client device to send the assertion to the proxy that decodes the re-written resource locator and sends the assertion to the service provider.

Abstract: An encryptor/decryptor, an electronic device including the encryptor/decryptor, and a method of operating the encryptor/decryptor are provided. The method of operating the encryptor/decryptor includes distributing an input plaintext stream to a plurality of encryption/decryption cores by pieces of plaintext data; performing a first operation by a first encryption/decryption core from among the plurality of encryption/decryption cores; and encrypting the plaintext data to ciphertext data or decrypting the ciphertext data to the plaintext data by each of the plurality of encryption/decryption cores by using a result of performing the first operation in the first encryption/decryption core.

Abstract: Exemplary embodiments of the present invention include a computer-implemented method, comprising: establishing, at a computing device on a network, a communication connection with a setup access point; generating a token identifier, wherein the token identifier includes identification data corresponding to the computing device; transmitting the token identifier; transmitting a query, wherein the query includes a request to establish a new communication connection with the setup access point when the communication connection is terminated; and receiving a communication including a response to the query, wherein the response indicates that a new communication connection has been established with the setup access point, and wherein the new communication connection is established using the token identifier.

Abstract: [Object] To reduce the trouble of the authentication process necessary for cooperation between a plurality of devices or network services. [Solving Means] An information processing apparatus includes a communication unit, a storage unit, and a controller. The communication unit communicates with a first device, a second device, and a service on a network, the service having a resource on a user of the first device. The controller controls the communication unit so that the communication unit transmits, based on a request for obtaining an access right to the resource from the first device and permission information representing permission by the user with respect to the obtaining of the access right, a request for issuing an access token to the service, the access token representing the access right, and receives, from the service, the access token issued by the service.

Abstract: The present invention provides a device and a method in a device for authenticating the device for use in a network. The method includes requesting a first security context for use in securing a first type of communication, where as part of requesting the first security context, a second security context is jointly requested for use in securing a second type of communication. The first security context is then received and used to provide secure access and communication via the first type of communication. The second security context is then received and used to provide secure access and communication via the second type of communication.

Abstract: Methods and systems are provided for the exchange of digital cash employing protocols for various entities to separately certify the validity of the parties, values and transactions while maintaining the anonymity of the buyer or user of the digital cash. Encrypted connections are established allowing various parties to enter into transactions to buy, sell, exchange and recover digital cash using a secure method that protects the personal information and identity of the user. The parties exchange tokens for other value in a transaction of financial settlement between themselves and wherein they are the only parties with knowledge of the amount and description of the transaction and in this way mimics a traditional cash transaction.

Abstract: A method of formatting data for transmission to another party including the step of incorporating in the data a flag indicative of the absence of data for authentication of the sender. An authentication tag length is also included to permit variable length tags to be used.

Abstract: In response to reception of a request, an authorization server system identifies authorization based on first authorization information received by a reception unit along with the request. The authorization server system gives at least some of the identified authorization to an application, and issues second authorization information for identifying the given authorization.

Abstract: To provide enhanced operation of virtualized computing systems, various systems, apparatuses, methods, and software are provided herein. In a first example, a method of operating a computing system to control access to data resources by virtual machines is provided. The method includes receiving an access token and an instantiation command from an end user system. Responsive to the instantiation command, the method includes instantiating a virtual machine identified by the instantiation command using the access token as user data for the virtual machine during instantiation. The method also includes, in the virtual machine, executing a security module responsive to instantiation that transfers the access token for delivery to an authorization system, receiving credentials responsive to the access token, and accessing a data resource using the credentials.

Abstract: Secure authentication may be facilitated using a biometric-enabled transitory password authentication device. Exemplary implementations may facilitate secure payments and/or authentication via an application running on a user computing platform (e.g., a mobile device) simultaneously coordinating with both a server and the authentication device, which may act in some respects as an external hardware token. Exemplary implementations may rely on combining three parameters to establish a three-factor based approach to authentication in a fraud-free manner for digital wallets, third-party software, and/or other purposes. The three-factor based approach to authentication may require something the user possesses (e.g., the authentication device), something the user is (e.g., a biometric identifier such as a fingerprint), and something the user knows (e.g., an image or numeric based pin used to unlock the authentication device).

Abstract: A tool for credential validation using multiple computing devices. The tool select at least one challenge question. The tool selects two or more user owned devices, wherein selecting the two or more user owned devices includes querying a database for each user owned device associated with a user account. The tool presents the at least one challenge question to the two or more user owned devices. The tool determines whether the at least one response received from the two or more user owned devices is a correct response relative to the at least one challenge question.

Abstract: Disclosed are various embodiments for a token management application. A data block tokenization call to a data layer service fails when a data store is unavailable. The token management application issues a temporary data token to the service calling the data layer service. The token management application completes the data block tokenization call on behalf of the service to obtain a valid data token. The valid data token is then communicated to services having the temporary data token.

Abstract: An apparatus and a method for displaying information required to be secured in a wireless communication terminal are provided. The method includes recognizing generation of notification information of one or more processes activated in a first operation mode among a plurality of operation modes including the first operation mode and a second operation mode; and notifying a user of a part of the notification information when a current operation mode is the second operation mode.

Abstract: A wireless server access control system comprising a wireless server generating a local wireless communications network, the wireless server having a processor and a plurality of redundant data memory devices. A first wireless device coupled to the wireless server through the local wireless communications network. An access control system operating on the wireless server, the access control system configured to generate a user control on a user interface of the first wireless device to allow a user to permit or deny access to the processor and the data memory devices of the wireless server by a second wireless device through the local wireless communications network.

Abstract: Techniques and mechanisms to detect and compensate for drift by a physically uncloneable function (PUF) circuit. In an embodiment, first state information is registered as reference information to be made available for subsequent evaluation of whether drift by PUF circuitry has occurred. The first state information is associated with a first error correction strength. The first state information is generated based on a first PUF value output by the PUF circuitry. In another embodiment, second state information is determined based on a second PUF value that is output by the PUF circuitry. An evaluation of whether drift has occurred is performed based on the first state information and the second state information, the evaluation including determining whether a threshold error correction strength is exceeded concurrent with a magnitude of error being less than the first error correction strength.

Abstract: Various embodiments of the invention allow to take advantage of the natural statistical variation of physical properties in a semiconductor device in order to create truly random, repeatable, and hard to detect cryptographic bits. In certain embodiments, this is accomplished by pairing mismatch values of PUF elements so as to ensure that PUF key bits generated thereform remain insensitive to environmental errors, without affecting the utilization rate of available PUF elements.

Abstract: A method for internet communication is presented. An identifier is embedded in an internet-accessible computer readable medium, and an internet address is embedded in the internet-accessible computer readable medium in a relation to the identifier. The identifier is located to provide an identifier location, and the internet address is located based on the identifier location.