Abstract: An example communication system comprises a media access control (MAC) scheduler in a cable network, and a full band transceiver. The MAC scheduler implements a two-dimensional transmission-reception (T-R) coordination scheme among a plurality of cable modems in the cable network. According to the T-R coordination scheme, the cable modems are categorized into interference groups, such that no cable modem of any one interference group transmits upstream in a frequency range simultaneously as another cable modem in the same interference group receives downstream in the frequency range, facilitating full duplex communication in the cable network across the frequency range. The full band transceiver implements an adaptive interference cancellation scheme, which suppresses at a receiver of the respective component, a signal transmitted by a transmitter of the respective component.

Abstract: Biometric information from an initial sample is used to generate a biometric template for a user. The biometric template is split into multiple template shares using a polynomial secret sharing scheme, such that at least some threshold number of the resulting template shares must be combined to reconstruct the biometric template. After the biometric template is split, the resulting template shares are distributed to multiple components in the system, such as a server, and/or one more user devices, and the original copy of the biometric template is destroyed. To subsequently verify the identity of the user, the threshold number of template shares are obtained and combined to reconstruct the user's biometric template, and the reconstructed template is compared with biometric information extracted from one or more subsequently collected biometric samples. If there is a match between the reconstructed biometric template and the extracted biometric information, the user's identity is verified.

Abstract: A secure chat client is described that allows users to exchange encrypted communications via secure chat rooms, as well as one-to-one communications. In particular, the secure chat client allows users to create, configure, and manage secure chat rooms. Furthermore, the secure chat client provides users with the ability to recover secure messages when they obtain a new device or otherwise lose communications.

Abstract: A system and associated methods for encrypting data are disclosed. In at least one embodiment, a key manager is located in memory on an at least one computing device and configured for creating and managing an at least one encryption key to be used for encrypting the data. An at least one key file is also located in memory on the at least one computing device and is associated with an at least one authorized user. The key file contains a key field comprising a pseudo random string of bytes and a unique hash value used to associate the key file to the user. A set of base characters are randomly selected from the key field, such that the base characters are a subset of the key field. An encryption key is generated by inputting the base characters into an encryption algorithm. The data is encrypted using the encryption key.

Abstract: A gateway turns encrypted PS data traffic on the Iub interface into clear IP packets so that WAN stream de-duplication and other optimization can be performed to eliminate the transfer of repetitive data across the Iub interface, thereby increasing the throughput between the NodeB and the RNC of the WCDMA network. The gateway pulls PS data traffic out from Iub without disturbing the signaling and CS traffic. The bifurcated PS data traffic is redirected to the GTP I/O port of the gateway where the stream de-duplication is applied. Deployment of the gateway is transparent to the WCDMA network. No network reconfiguration is required to deploy the gateway on the Iub interface.

Abstract: In one embodiment, a method includes accessing a first instance of content to be uploaded to a server, generating a second instance of the content from the first instance, automatically uploading to the server the second instance of the content, and automatically uploading to the server the first instance of the content in response to occurrence of a pre-determined upload condition. The first instance has a first file size and the second instance has a second file size that is smaller than the first file size. The upload of the second instance makes the content available for access at least in part by one or more second users at an immediate point in time. The upload of the first instance of the content makes the content available for access by the second users in an original version.

Abstract: Described herein is a method and system for hierarchical wireless video with network coding which limits encryption operations to a critical set of network coding coefficients in combination with multi-resolution video coding. Such a method and system achieves hierarchical fidelity levels, robustness against wireless packet loss and efficient security by exploiting the algebraic structure of network coding.

Abstract: An ad-marketplace system manages an exchange for advertisement opportunities from a plurality of content brokers. Each advertising opportunity can include one or more attributes that describe advertisement slots during a broadcast of a data stream. The ad-marketplace system can receive one or more bids for an advertising opportunity associated with a media stream, and can select a matching bid from an advertiser for the advertising opportunity. Each bid can specify one or more advertising requirements that are to be satisfied by the advertising opportunity. When the ad-marketplace system selects the matching bid, the ad-marketplace system establishes a contract between the media broker, and places an initial payment from the advertiser in escrow. The ad-marketplace system can provide a payment to the media broker after confirming that a set of consumers have consumed the advertisement.

Abstract: A watermark generator for providing a watermark signal as a sequence of subsequent watermark coefficients based on a stream of subsequent stream values representing discrete valued data includes a differential encoder. The differential encoder is configured to apply a phase rotation to a current stream value of the stream values representing the discrete valued data or to a current watermark symbol, the current watermark symbol corresponding to a current stream value of the stream values representing the discrete valued data, to obtain a current watermark coefficient of the watermark signal. The differential encoder is configured to derive a phase of a previous spectral coefficient of a watermarked signal which is a combination of the host signal and the watermark signal, and to provide the watermark signal such that a phase angle of the phase rotation applied to the current stream value or the current watermark symbol is dependent on the phase of the previous spectral coefficient of the watermarked signal.

Abstract: An apparatus and method are described for executing hash functions on a processor.

Abstract: Data received through a proxy for a service is analyzed for compliance with one or more data policies, such as one or more data loss prevention policies. When data satisfies the criteria of one or more data policies, the data is manipulated at the proxy prior to transmission of the data to the service. In some examples, the manipulation of the data includes encryption.

Abstract: A dynamic notary system having one or more processors, and one or more non-transitory computer readable medium coupled to the one or more processors with at least one of the computer readable medium being local to the one or more processors. The one or more non-transitory computer readable medium stores computer executable instructions, that when executed by the one or more processors cause the one or more processors to: (1) verify a notary with user identification information stored on the at least one computer readable medium local to the one or more processors, (2) retrieve a document to be notarized from the one or more non-transitory computer readable medium, (3) receive a signatory's electronic signature, (4) receive the notary's electronic signature, (5) apply a notary seal to the document, and (6) lock the document in an unchangeable format.

Abstract: A system includes a key repository and a network node. The key repository is configured to generate a private key and a public key of the network node, to communicate the private key and the public key to the network node, to verify whether the network node is authorized to operate on a network, to generate a first message indicating whether the network node is authorized to operate on the network, to encrypt the first message using the public key, and to communicate the encrypted first message to the network node. The network node is configured to decrypt the encrypted first message using the private key, to generate a second message based on the first message, to encrypt the second message using the private key, and to record the encrypted second message to a ledger.

Abstract: This disclosure is directed to techniques and systems to enable customers to make secure electronic payments to entities (e.g., merchants, vending machines, etc.). The entities may be at brick-and-mortar locations or other locations where the entities are “offline” and may not readily receive payments from customers that have payment accounts stored and managed by a host. In various embodiments, a customer may direct the host to transfer a payment to a merchant after the customer and merchant exchange a code that includes a payment instruction. The code may be used in place of usernames, passwords, or other personal information and may be difficult for others (e.g., bystanders, etc.) to intercept. After the exchange of the code, the customer may authorize the host to a transfer payment to the merchant based on the payment instruction.

Abstract: Systems, apparatuses, and methods for implementing a parallel Huffman decoding scheme are disclosed herein. A system with a plurality of execution units receives a Huffman encoded bitstream. The system partitions the encoded bitstream into a plurality of chunks. Each execution unit is assigned to decode a separate chunk of the encoded bitstream as well as an extra portion of an adjacent chunk. With this approach, the decoding of the bitstream overlaps for a programmable amount of data at each chunk boundary since each execution unit, excluding the first execution unit decoding the first chunk of the bitstream, will likely decode a certain number of symbols incorrectly at the beginning of the chunk since the chunk boundaries will not be aligned with symbol boundaries. The system determines, from the decoded extra portion at each chunk boundary, where incorrectly decoded ends and where correctly decoded data begins for each decoded chunk.

Abstract: Methods, systems, and devices are described for the prevention of network peripheral takeover activity. In some embodiments, peripheral devices may implement an anti-takeover mechanism encrypting messages and transmitting unencrypted decryption keys for a limited period of time. Anti-takeover peripheral devices may transition from a plain operational mode, to a decryption key transmission mode, to a secure mode based on pre-defined triggering events, commands, or timers. Random decryption key values may be generated by peripheral devices and transmitted to listening devices for later storage and retrieval by the listening device. Decryption keys may be stored in remote data stores for later retrieval by anti-takeover aware controller devices.

Abstract: A method for accessing a remote computer system may include obtaining a private key, storing the private key in a file system owned by a root account, disabling login access to the root account from user accounts, installing a secure application with root execution privileges, mounting, via the secure application, the file system, obtaining, via the secure application, the private key from the file system, and accessing, via the secure application and over a network, the remote computer system using the private key.

Abstract: A user interface may be designed to receive conflicting data from multiple data sources during a merger of legacy computer systems. The interface automatically validates the conflicting data against each other to generate a final data set for review. Summary information for each data set can be displayed in a single interface such that the summary data sets are individually selectable and provide an overview of the data merger process for each data set. By drilling down through the summary data, the user interface can display individual data sets where data conflicts can be resolved, missing data can be provided, and duplicate data can be eliminated. When the merger process is complete, the interface can translate the data set into a standardized format that can be exported to form generation modules to generate, for example, a welcome letter based on the translated data set.

Abstract: According to an embodiment, a communication device is connected to another communication device through an optical communication path to generate an identical cryptographic key shared among the communication devices. The communication device includes a key sharing unit, a key distilling unit, a measuring unit, and a varying unit. The key sharing unit is configured to generate a shared bit string through quantum key distribution with the another communication device. The key distilling unit is configured to generate the cryptographic key from the shared bit string by a key distillation process. The measuring unit is configured to measure an error rate occurring in a photon string transmitted and received via a photon communication channel. The varying unit is configured to vary, based on the error rate, a communication function by applying a limitation on the optical data communication of an optical data communication channel or by releasing the limitation.

Abstract: In various embodiments an arithmetic logical unit array is provided, which may include: at least two data registers for storing data, a plurality of fixed instruction registers for storing machine code instructions, and at least one programmable instruction register for storing instruction data being representative for a machine code instruction. A selection circuit of the arithmetic logical unit array may be configured to select one of the machine code instructions from the fixed instruction registers or the machine code instruction represented by the instruction data. An arithmetic logical unit of the arithmetic logical unit array may be configured to apply an operation in accordance with the machine code instruction selected by the selection circuit to the data stored in the data registers.

Abstract: A method for scheduling a management operation on devices in a home network is provided. The method includes identifying at least one device among a plurality of devices in a home network to schedule the management operation by a management server; obtaining log information from the at least one device identified by the management server; determining nature of the management operation on the at least one device identified by the management server; and scheduling the management operation on the at least one device identified by the management server in response to the determined nature and the obtained log information.

Abstract: A cryptographically-enabled RFID tag stores a primary secret key and derives secondary keys from the primary key. A secondary key may be derived by combining the primary key with one or more other parameters using one or more algorithms. The tag uses a derived secondary key to encrypt or electronically sign a tag response sent to a verifying entity. The verifying entity does not know the derived secondary key, but knows the tag primary key and the parameters and algorithms used to derive the secondary key and can derive all of the potential secondary keys. The verifying entity can then attempt to authenticate the tag or tag response by trying potential secondary keys.

Abstract: A system and method for efficiently obtaining user configuration information for a given device. Multiple devices are deployed in an environment and may be storage appliances. A directory service and an authentication service may be used to determine whether a login session attempt on a deployed device is successful. An identity and access manager (IAM) is used to for this determination and to communicate with the directory service and the authentication service. A device of the one or more of the deployed devices does not store user configuration information. Responsive to an attempted login by a user, the device mimics the existence of the user and generates a request for directory lookup and authentication for the user which is conveyed to an external device. If a positive response is received in response to the request, the user is permitted to login to the device and a session is created for the user.

Abstract: A computer implemented method and system comprising receiving a data packet from a network source, extracting source and destination data from the received data packet, determining a user from the extracted source and destination data from the received data packet. If a label does not exist for the extracted source and destination data from the received data packet, creating a label for the data packet, the label comprising the extracted source data and historic source data for the determined user, calling a chaotic function with the label for the received data packet. If the chaotic function returns false, calling an alternative function for an output with the label for the received data packet. If the chaotic function returns true, capturing the output of the chaotic function, and updating the label with the output of the chaotic function or with the output of the alternative function.

Abstract: A method and system for providing personalized and confidential data management and sharing services to the subscriber are disclosed. The method includes enabling an individual to register with a personalized and confidential data management and sharing system to become a subscriber. The subscriber may enter personalized and confidential data and designate recipients to receive personalized and confidential data and upload photographs of the recipients. The method includes determining the existence of the subscriber by tracking the visiting/login history of the subscriber at regular intervals, transmitting communication messages to the personalized digital account of the subscriber upon identifying the subscriber not logging in to the subscriber account and establishing a voice call with the contact number of the subscriber and/or the affiliates to confirm the demise/existence of the subscriber.

Abstract: A communication security system includes a secure communication application module and a chip module. The communication security system is installed in a mobile device. Accordingly, the communication security system of the present invention allows mobile devices of users to encrypt and decrypt communication data between the users. A communication security method includes the steps of generating keys, requesting a key exchange by a first mobile device, receiving a key exchange by a second mobile device, receiving a key exchange by the first mobile device, activating a key by the second mobile device, activating a key by the first mobile device, and starting secure communication between the first and second devices. Thus, the encrypted communication can avoid theft and unauthorized falsification.

Abstract: A method, system, and computer program product for managing an object related to a plurality of groups of users is disclosed. The method, system, and computer program product include utilizing identifiers of objects so that a requesting user can submit an object-request for access to the object utilizing a chosen identifier of the user. The method, system, and computer program product may work on a number of collaborative systems, file sharing mediums, or operating systems.

Abstract: The present disclosure provides methods, systems, and media for allowing access to quantum ready and/or quantum enabled computers in a distributed computing environment (e.g., the cloud). Such methods and systems may provide optimization and computational services on the cloud. Methods and systems of the present disclosure may enable quantum computing to be relatively and readily scaled across various types of quantum computers and users at various locations, in some cases without the need for users to have a deep understanding of the resources, implementation or the knowledge that may be required for solving optimization problems using a quantum computer. Systems provided herein may include user interfaces that enable users to perform data analysis in a distributed computing environment while taking advantage of quantum technology in the backend.

Abstract: A permission management method, apparatus, and terminal. The permission management method includes obtaining an installation package of a first application program, where the installation package carries a first certificate and permission request information of the first application program, determining, according to the permission request information, a first permission that the first application program requires during running, where the first permission is a system administrator permission of a system, and granting the first permission to the first application program according to the first certificate of the first application program. In this way, the first permission that the first application program requires during running is granted to the first application program.

Abstract: A concealed data matching method for a computer including: registering a first concealed vector obtained by concealing registered data and key data based on a first random number and a linear combination of row vectors of a determination matrix; acquiring a second concealed vector; calculating a remainder vector indicating a remainder obtained by dividing the difference between the first concealed vector and the second concealed vector; determining the similarity between the registered data and the matching data based on the remainder vector; extracting the key data from the remainder vector if it is determined they are similar; calculating an inter-vector distance between the registered data and the matching data; and determining the similarity between the registered data and the matching data based on the magnitude of the inter-vector distance.

Abstract: An encryption apparatus includes a setting generator configured to generate an increasing function parameter regarding a predetermined one-way increasing function and a secret key necessary for encryption, and an encryptor configured to generate a first order-preserving encryption area regarding a plaintext using the one-way increasing function where the increasing function parameter is applied, generate a second encryption area regarding the plain text using the secret key, and generate a ciphertext by concatenating the generated first encryption area and the generated second encryption area.

Abstract: A method of transferring files in a data-processing network using a current node within the network includes reading an outbound content and outbound characteristics of an outbound file. An outbound message is created having outbound strings including a first set of the outbound strings representing the outbound characteristics and a second set of the outbound strings representing the outbound content. The outbound message is sent to a receiver node within the network. An inbound message is received from a sender node within the network. The inbound message has inbound strings including a first set of the inbound strings representing inbound characteristics and a second set of the inbound strings representing inbound content. An inbound file having the inbound content is stored, and the inbound characteristics are applied to the inbound file.

Abstract: A system includes first signal processing circuitry to transmit a signal including a plurality of data streams over a link. The first signal processing circuitry generates a plurality of composite data streams by overlaying at least one first data signal of the plurality of data signals in a first data layer with at least one second data signal of the plurality of data signals in a second data layer. Second circuitry processes the plurality of composite data streams to associate with each of the plurality of composite data streams a function to provide minimization of a time-bandwidth product of the plurality of composite data streams to enable transmission of each of the plurality of composite data streams on the link at a same time.

Abstract: A fiber optic encryption method is provided. The method includes transmitting an initial security key to a laser receiver apparatus over an out of band (OOB) signaling channel of a plurality of channels of a laser transmitter apparatus. The OOB signaling channel is secured based on the initial security key resulting in a secure OOB signaling channel. A secure bundle is generated. The secure bundle includes the secure OOB signaling channel and a group of channels and associated transmission frequencies. Data is transmitted via the secure bundle and it is determined if any channels do not transmit the data.

Abstract: A method for transmitting a control signal, performed by a wireless device. The method according to one embodiment includes allocating resource elements (REs) for a control channel; and transmitting the control signal through the Res. Each RE in the REs for the control channel is associated with one out of two antenna ports. The two antenna ports are included in a plurality of antenna ports used for transmitting demodulation reference signals (DM RS).

Abstract: A system for integrating modules of computer code may include a sandbox validator for receiving a first module and verifying that the first module complies with one or more sandbox constraints. A computing device may execute the first module within a runtime environment. A module integrator may operate within the runtime environment for receiving a request from the first module to access a service provided by a second module and only allowing the first module to access the service when the first module is authorized to access the service according to a service authorization table. The sandbox validator may ensure the first module correctly identifies itself when requesting a service provide by another module and that the first module includes runtime policing functions for non-deterministic operations. A service authorizer may generate an authorization policy for the first module, which is sent to the computing device along with the first module.

Abstract: A method and system for connecting an Internet of Things (IoT) hub to a wireless network. One embodiment of the method includes establishing a secure communication channel between an IoT hub and an IoT service through a client device using a first secret; generating a second secret on the client device and transmitting it to the IoT hub; encrypting a wireless key using the second secret to generate a first-encrypted key and transmitting it to the IoT service; encrypting the first-encrypted key using the first secret to generate a twice-encrypted key and transmitting it to the IoT hub over the secure communication channel; decrypting the twice-encrypted key at the IoT hub using the first secret to generate the first-encrypted key and decrypting it using the second secret to generate the wireless key usable to establish a secure wireless connection between the IoT hub and the local wireless network.

Abstract: Systems, methods, and non-transitory computer-readable medium are provided to secure data centers and cloud computing. A method receives network identifiers for functions, requests a network key for each function, allocates network interfaces, requests a virtual network interface controller allocation, requests a network key for each cloud function, receives storage identifiers for functions, requests a storage key for each cloud function, allocates virtual storage disks, requests a storage interface controller allocation, requests a storage key for each cloud function. Methods secure migration of a virtual machine from a source to a target server. A server includes multiple cores where each core is dedicated to a compute function and a unique key encrypts data of each compute function. A non-transitory computer-readable medium encodes programs that execute the above methods.

Abstract: A method for sending and receiving a data through multiple communication paths and an apparatus for receiving a data through multiple communication paths. A method for receiving a data through multiple communication paths by an apparatus for receiving a data includes receiving at least t (here, 0<t=n and n and t are natural numbers) of n shares generated from one unit data by a threshold encryption scheme by an apparatus for sending a data and sent through multiple communication paths on a network; and recovering the unit data using the at least t shares. According to exemplary embodiments of the present invention, data may be sent and received while ensuring confidentiality, integrity, and availability.

Abstract: Security is increased in quantum communication (QC) systems lacking a true single-photon laser source by encoding a transmitted optical signal with two or more decoy-states. A variable attenuator or amplitude modulator randomly imposes average photon values onto the optical signal based on data input and the predetermined decoy-states. By measuring and comparing photon distributions for a received QC signal, a single-photon transmittance is estimated. Fiber birefringence is compensated by applying polarization modulation. A transmitter can be configured to transmit in conjugate polarization bases whose states of polarization (SOPs) can be represented as equidistant points on a great circle on the Poincaré sphere so that the received SOPs are mapped to equidistant points on a great circle and routed to corresponding detectors.

Abstract: Disclosed are various examples for facilitating distribution of security codes for a two-factor authentication scheme or one-time passwords. Security codes can represent one-time passwords or shared secrets used to seed one-time password algorithms. The security codes can be sent through restricted communications channel to a client device. Rather than using an insecure communication link such as SMS for communication of security codes, the security codes can be sent through the restricted communications channel to reduce the possibility of leakage of the security codes.

Abstract: Methods and systems are provided for managing access to a client account related (CAR) resource. When a privilege-constrained (PC) application requests access to an individual client account, a single use authorization (SUA) code is created that is associated with the individual client account. The SUA code is routed to, and returned from, the privilege-constrained (PC) application to authenticate the PC application. The PC application, once authenticated, receives a permitted action token that identifies a limited set of privileges that the PC application is authorized to perform in connection with the CAR resource. The PC application provides the permitted action token to an access service. The access service limits access, by the PC application, to the CAR resource based on the permitted action token.

Abstract: A system, computer-readable storage medium storing at least one program, and a computer-implemented method for facilitating deduplication of operations to be performed is presented. An operation to be performed is received. A mapping function is applied to at least one parameter of the operation to produce a mapping value in a target mapping space, the target mapping space being partitioned between target servers in a set of target servers proportional to resource capacities of the target servers in the set of target servers. A target server in the set of target servers whose portion of the target mapping space includes the mapping value is identified. The operation is issued to the target server.

Abstract: A method of printing comprising, at an imaging device, receiving a print-by-reference print request and an encryption key from a mobile device, transmitting the print-by-reference print request and the encryption key to a print service, receiving encrypted print content from the print service, receiving a decryption key from the mobile device, decrypting the encrypted print content, creating decrypted print content, and printing the decrypted print content. A method of printing content requested from a mobile device, comprising receiving a print request and encrypted print content, receiving a decryption key from the mobile device, decrypting the encrypted print content, and printing the decrypted print content.

Abstract: The claimed subject matter includes techniques for storing, retrieving and sharing files. An example system includes a key generator module to generate a secret key. The example system also includes a symmetric encryption module to encrypt raw data by symmetric encryption using the secret key. The example system further includes an asymmetric encryption module to encrypt the secret key and symmetric encryption information by asymmetric encryption using a public key to produce a key block. The examples system also further includes a schema module to generate a ciphertext file with predefined schema including asymmetric encryption information, the key-block, and the encrypted raw data. The example system also includes a storage module to send the ciphertext file including the encrypted raw data to a server for storage.

Abstract: A power transmitting device includes a processor circuit. The processor circuit receives messages, such as advertising messages and/or scan response messages, from power receiving devices. The messages include device specific data that pertains to the corresponding power receiving devices that transmitted the messages. The device specific data includes, for example, data pertaining to the hardware, firmware, charging state, and/or device state of the corresponding power receiving device. The processor circuit selects one of the power receiving devices based in part on the device specific data contained in the messages. The processor circuit initiates a wireless power transfer connection to the selected one of the power receiving devices.

Abstract: Embodiments of the present application disclose a method for providing a terminal identifier to a terminal. During operation, a security server receives a registration information set from the terminal, in which the registration information set includes multiple pieces of equipment information from the terminal. The security server then generates a terminal identifier based on the multiple pieces of equipment information in the registration information set. The security server then returns the terminal identifier to the terminal.

Abstract: A client updates a display of a user interface associated with a state-based client-server application in accordance with a client-side cache. The server supplies data for a new state and additional data for one or more subsequent states that possibly follow the new state if appropriate one or more operations are performed. When a client request is generated that indicates an operation that causes the application to transition to the new state, the client updates the display in accordance with the data that corresponds to the new state from the client-side cache, if available from the client-side cache. The new state data is available since the server has previously supplied the new state data.

Abstract: Systems and methods of correlating accounts among a plurality of network assets using account lateral movement data is presented in the context of network security. In one embodiment a plurality of authentication audit logs are received from a plurality of assets; the plurality of authentication audit logs are correlated; and a notification is generated based on a comparison of correlation results and a database of permitted account associations.

Abstract: A server backup method and a backup system using the server backup method are provided. The server backup method includes continuously collecting a plurality of dirty pages during a running operation and determining a backup start time point according to a quantity of the collected dirty pages. The server backup method also includes suspending the running operation according to the backup start time point and executing a backup snapshot operation to generate a data backup snapshot corresponding to the dirty pages, and executing a backup transmission operation to transmit the data backup snapshot.