Abstract: An image processing apparatus is provided, including a user input interface to input biometric information of at least one user, a processor to process image data to be displayed as an image and to provide a preset service to authenticate a personal identification (ID) and the group ID of a user group including users corresponding to personal IDs, and a controller to specify a personal ID corresponding to biometric information of an input through the user input interface, and to select and authenticate the group ID corresponding to specified personal IDs from the storage when multiple personal IDs are specified. The controller derives interest of the multiple users corresponding to the respective specified personal IDs in the image and selects the group ID corresponding to a personal ID of a user determined to have a high interest.

Abstract: A communication device and method for authentication of a message being transmitted from the communication device. The method includes receiving, by a messaging utility, content of a message provided for transmission from the communication device. Based on a determination that the message requires user authentication before the message is transmitted to a recipient, the method further includes selecting, based on contextual data, one or more biometric capturing components of the communication device; triggering at least one selected biometric capturing component to capture a corresponding biometric input from a user of the communication device; and transmitting the message when the biometric input as belonging to an authorized user of the communication device. In one embodiment, a clearinghouse service authenticates a biometric input from a user of the communication device in order to certify the user and/or the message.

Abstract: Wireless power transfer between power transmitters and power receivers may be established by a digital ping phase during which the wireless power transmitter applies a power signal and waits for a valid response message from the power receiver. The response message may include an identification code and a checksum byte used by the power transmitter to validate the identification code. When a valid response is received, the power transmitter transitions to a power transfer phase.

Abstract: A network and related methods for transmitting processes in a network secretly and securely is described. The network use keys, through path-key establishment and a key pool bootstrapping, to ensure that packets are transmitted and received properly and secretly in the presence of one or more adversarial nodes.

Abstract: Methods, systems, and computer-readable storage media for proxy re-encryption of encrypted data stored in a first database of a first server and a second database of a second server. Implementations include actions of receiving a first token at the first server from a client-side computing device, providing a first intermediate re-encrypted value based on a first encrypted value and the first token, transmitting the first intermediate re-encrypted value to the second server, receiving a second intermediate re-encrypted value from the second server, the second intermediate re-encrypted value having been provided by encrypting the first encrypted value at the second server based on a second token, providing the first encrypted value as a first re-encrypted value based on the first intermediate re-encrypted value and the second intermediate re-encrypted value, and storing the first re-encrypted value in the first database.

Abstract: The present disclosure provides methods, systems, and media for allowing access to quantum computers in a distributed computing environment (e.g., the cloud). Such methods and systems may provide optimization and computational services on the cloud. Methods and systems of the present disclosure may enable quantum computing to be relatively and readily scaled across various types of quantum computers and users at various locations, in some cases without the need for users to have a deep understanding of the resources, implementation or the knowledge that may be required for solving optimization problems using a quantum computer. Systems provided herein may include user interfaces that enable users to perform data analysis in a distributed computing environment while taking advantage of quantum technology in the backend.

Abstract: A system in which a file system may operate on a volume in which the logical address extent of the volume is divided into multiple tiers, each tier providing storage having a distinct trait set by mapping the logical addresses of the volume to appropriate underlying storage systems. A volume system exposes the volume to the file system in a manner that the file system itself has awareness of the tiers, and is aware of the trait sets of each tier. The file system may thus store file system namespaces (such as directories and files) into the tiers as appropriate for the file system namespace. A provisioning system may also be provided and be configured to provision the volume to include such tiers, and if desired, to extend the tiers.

Abstract: Methods, apparatus, and systems for personalizing a software token using a dynamic credential (such as a one-time password or electronic signature) generated by a hardware token are disclosed.

Abstract: Methods, apparatus, and systems for personalizing a software token using a dynamic credential (such as a one-time password or electronic signature) generated by a hardware token are disclosed.

Abstract: Safety systems and methods for production environments are disclosed. Safety systems include at least one sensing device configured to detect presence of an unauthorized human and/or an authorized human at least partially within a defined safety zone, and a controller configured to automatically alter at least one aspect of the production environment responsive to the presence of the unauthorized human and/or the authorized human. Safety methods include detecting presence of an unauthorized human and/or an authorized human at least partially within a defined safety zone, and automatically altering at least one aspect of the production environment responsive to the detecting.

Abstract: A system, apparatuses and methods are provided to download and process data and other content streamed over a wide area network using one or more dynamically fetched, material specific, data handlers (e.g., download assistants). A download assistant fetches a data stream from a remote location and processes the streamed data iteratively using buffers and multi-threaded processes through the decoder (e.g., codec), allowing source material-specific processing of the data as it is streamed from one or more download sources as well as content-indifferent and platform-indifferent decoding. To minimize versioning issues, payload construction for secure delivery is simplified to packing and encrypting a directory tree containing any number of files or other digital media into an archive and, when needed, dividing a payload into multiple files or archives with a descriptor that lists the archives.

Abstract: According to an embodiment, a quantum key distribution device includes a key sharing unit, a correcting unit, a compressor, and a controller. The key sharing unit is configured to generate a shared bit string by using quantum key distribution performed with another quantum key distribution device via a quantum communication channel. The correcting unit is configured to generate a corrected bit string through an error correction process with respect to the shared bit string. The compressor is configured to generate an encryption key through a key compression process with respect to the corrected bit string. The controller is configured to perform a restraining operation in which the total number of bits of encryption keys generated per unit time by the compressor is smaller than the total number of bits of the encryption keys generated per unit time by the compressor in the case of not performing the restraining operation.

Abstract: A device includes a memory and a processor coupled to the memory. The processor is configured to execute a management program, an application program, and a first security module. The management program presents a first list associated with the first security module to a user that includes a first item that represents the application program. The application program is executed in a security mode that is governed by the first security module when the first item is selected.

Abstract: A communications system and method includes first circuitry for receiving plurality of data streams and processing the plurality of data streams to associate with each of the plurality of data streams a orthogonal function to cause each of the plurality of composite data streams to be mutually orthogonal to each other on a link to enable transmission of each of the plurality of data streams on the link at a same time. Quantum key processing circuitry generates a secret key for transmission to second circuitry using a quantum key generation process and for encoding the plurality of data streams for transmission on the link using the generated secret key. Third circuitry transmits the encoded plurality of data streams on the link.

Abstract: Systems and methods to detect malicious executable files having a script language interpreter by combining a script emulator and a machine code emulator. A system includes an analyzer configured to convert a script into pseudocode and monitor an emulation process of the pseudocode, a script emulator configured to sequentially emulate the pseudocode and write emulation results to an emulator operation log, and a machine code emulator configured to emulate the pseudocode if a transition from pseudocode to machine code is detected by the analyzer, such that the analyzer can analyze the emulator operation log to determine if the executable file is malicious.

Abstract: A method and system for providing selective protection of data exchanged between user equipment (UE) and network is disclosed. The selective protection is applied to a packet, a bearer or an access point name for secure exchange of data between the UE and the network. The network decides to apply selective protection based on configuration of network, configuration of UE, load in the network, battery power availability of UE, type of application running on UE. Further, the UE can request for selective protection based on the type of application running on UE and the battery level availability of the UE. The selective protection is either enabled or disabled dynamically by the network. Further, various mechanisms for applying selective protection for each bearer, each packet and each Access Point Name (APN) are disclosed. Additionally, the method for identifying a secured and a non secured bearer has also been disclosed.

Abstract: Disclosed are various embodiments for generating a network identifier that is based on a media item. A network identifier system processes a media item. The network identifier system generates a network identifier that is based on the media item. The network identifier system broadcasts the network identifier that was generated.

Abstract: Some embodiments provide a program that synchronizes a keychain stored on a device with a set of other devices. The keychain includes a set of keychain items. The program receives (1) a list of keychain items for updating the keychain stored on the device and (2) data representing the keychain items specified in the list of keychain items. For each keychain item in the list of keychain items, the program updates the keychain stored on the device with the data that represents the keychain item.

Abstract: A system and method of deauthorizing a computer-based licensed product. During the deauthorization process, an end user device transmits an encrypted character string (i.e., the Proof Of Removal Code), including a Transaction ID, to a licensing authority. The licensing authority receives the Proof Of Removal Code from the end user device and decrypts the Transaction ID using a decryption key associated with a product for which the end user is seeking deauthorization. The licensing authority compares Transaction IDs and produces a Deauthorization number, which is sent to the end user device. Each product is associated with a different decryption key resulting in a different Deauthorization number being produced for each product based on the same Transaction ID. Thus, the same identical Transaction ID can be decrypted into as many different Deauthorization numbers as there are products.

Abstract: An apparatus for preventing replay attacks and a method for preventing replay attacks are provided in this invention, wherein the apparatus for preventing replay attacks comprises: an acquisition unit for, when a request for operating a digital content is received, acquiring current location information of a set of placeholder files; a determination unit for determining whether the current location information is consistent with recorded location information of the placeholder file; a protection unit for, when inconsistent as determined by the determination unit, wherein there is a correspondence between the digital content and the set of placeholder files.

Abstract: In an example, an audio stream such as a voice call or live-streaming service may have mixed therein a user identification, which may identify the user as an authorized participant in the audio stream. For example, a user may identify himself to a smart phone, and then initiate a call with his bank. The smart phone may mix a user identification into the voice stream. A receiving device at the bank may demix the identification, and determine that the user is authorized to call about this account. In another example, identification may be used for DRM purposes, to identify a user as a legitimate participant in an audio stream. When a user is not authorized, an appropriate action may be taken, such as dropping the user, degrading the quality of the audio stream, or providing a notification that the user is not authorized.

Abstract: Managing requests for acquiring resources in a computing environment. A first request to acquire resources is received. Whether the resources have been pre-acquired is determined. If the resources have not been pre-acquired, a token registering interest of a first thread in the first request is subscribed to. If the acquisition of the resources is not successful, whether a prior synchronous request has been initiated by a thread for the first request is determined. If a prior synchronous request has not been initiated, a synchronous request is initiated to acquire the resources. If the resources have not been pre-acquired for a second received request, an interest is registered of a second thread in the first request using the token. If the acquisition of the one or more resources is successful, a thread is notified of the successful acquisition, and the interest of the second thread is unregistered in the first request.

Abstract: An approach for providing a framework to maintain continuous access to web content bookmarked in a browser, the framework comprising web content storage, change detection and change notification. Embodiments of the present invention create and store a snapshot of bookmarked web content with a version number in a repository and the snapshot is replaced by a new snapshot whenever bookmarked web content is updated, while access to previously versioned snapshots is maintained. Change detection comprises automatically subscribing to content update notification services provided by a web content provider and receiving updates, comparing the content of a most recent snapshot with the web content available from the content provider and detecting a change to the bookmarked URL. Keywords from a snapshot can be used to relocate web content at a new URL and a web browser user is notified whenever a change to bookmarked web content is detected.

Abstract: A Customizable Storage Controller (CSC) is a software defined storage device controller, a replacement for the ASIC storage controller approach that has been used up to now. The differences from the current storage controllers are that the CSC software will need to be protected from unauthorized modification and provides an excellent place to add additional storage management functionality. The CSC type of storage controller is a good place to integrate the F+ Storage Firewall storage protection technology, fitting the needs of the CSC as well as protecting stored data from unauthorized access. This portion of the larger patent disclosure provides the design of a CSC both with a software version of a F+ Storage Firewall, as well as an improved (more secure) CSC designed with a security co-processor and locked firmware.

Abstract: A system and method which dynamically generate proxy connections in a communication system. A client computer system has a processor that is coupled by a communications path including at least one proxy connection to a first target server. An algorithm for dynamically generating proxy connections is stored in machine readable storage. The algorithm is implemented by the processor causing the client computer system to execute generating an additional one of the proxy connections in response to receiving a request and to generate a program identifier which identifies the additional proxy connection. The processor determines if the program identifier is a unique program identifier. If the program identifier is not unique, the processor changes the identifier to render it a modified program identifier so that it is unique and stores the program identifier or the modified program identifier to a configuration file at the client computer system.

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

Abstract: A processor is described that includes one or more processing cores. The processor includes a memory controller to interface with a system memory having a protected region and a non protected region. The processor includes a protection engine to protect against active and passive attacks. The processor includes an encryption/decryption engine to protect against passive attacks. The protection engine includes bridge circuitry coupled between the memory controller and the one or more processing cores. The bridge circuitry is also coupled to the protection engine and the encryption/decryption engine. The bridge circuitry is to route first requests directed to the protected region to the protection engine and to route second requests directed to the non protected region to the encryption/decryption engine.

Abstract: One embodiment is described of a method performed by a computing device for renewing a remote token. The method includes (a) receiving an activation code from the remote token across a network, the activation code including an identification of the token, (b) verifying that the activation code was cryptographically generated with reference to a one-time passcode (OTP) generated by the identified token using an initial key assigned to the token, and (c) in response to verifying, negotiating a new key with the token, the new key to be assigned to the token for use in producing OTPs in the future. Related computer program products, systems, and apparatuses are also described.

Abstract: One embodiment provides a system that facilitates secure communication between a sending device and a receiving device. During operation, the system receives, at the receiving device, a benign message sent over a communication channel from the sending device. Next, the system computes a digest from the benign message by hashing the benign message. The system then queries a cover message server with the computed digest to determine whether the benign message indicates that an encrypted message is available at a secure message server. Subsequently, the system obtains the encrypted message from the secure message server, responsive to determining that the benign message indicates that the encrypted message is available at the secure message server.

Abstract: A communication apparatus performs encryption on data transmitted from another communication apparatus by using first or second cryptographic algorithm, or performs decryption on the data that has been encrypted using the first or second cryptographic algorithm, by using one of the first and second cryptographic algorithms used for the encryption, where the second cryptographic algorithm provides a higher security level than the first cryptographic algorithm. The communication apparatus includes an encryption unit configured to perform, upon receiving the data including a cryptographic class identifying a parameter to be used for performing the encryption or the decryption, the encryption or the decryption by using one of the first and second cryptographic algorithms, based on the cryptographic class.

Abstract: A method for assembling authorization certificate chains among an authorizer, a client, and a third party allows the client to retain control over third party access. The client stores a first certificate from the authorizer providing access to a protected resource and delegates some or all of the privileges in the first certificate to the third party in a second certificate. The client stores a universal resource identifier (URI) associated with both the first certificate and the third party and provides the second certificate and the URI to the third party. The third party requests access to the protected resource by providing the second certificate and the URI, without knowledge or possession of the first certificate. When the authorizer accesses the URI, the client provides the first certificate to the authorizer, so that the client retains control over the third party's access.

Abstract: A telephony communication setup request sent from a telephony device to an element of an IP telephony system includes a first encrypted code that is generated using one or more data items that are specific to the telephony device. The element of the IP telephony system receiving the setup request obtains the same data items locally and creates a second encrypted code. If the second code matches the first encrypted code, the telephony device and/or the setup request are authenticated, and the element of the IP telephony system proceeds to setup the requested telephony communication.

Abstract: Systems, methods, and other embodiments associated with generating transient identifiers are described. According to one embodiment, an apparatus includes a memory device that stores a primary identifier that is unique to the apparatus. The primary identifier correlates with a displayed identifier of the apparatus that is used by a remote device to initiate communications with the apparatus. The apparatus includes identifier logic configured to generate a secondary identifier in response to receiving an association request that includes the displayed identifier when the apparatus is in a bootstrap mode. The bootstrap mode is a state of the apparatus when the apparatus is initializing and will accept a new association. The association request is a wireless communication that initiates establishing secure communications.

Abstract: A method and apparatus is provided for transmitting a cell broadcast message in a mobile communication network comprising in a message control node receiving a initiation request identifying a first message payload segment to be transmitted, determining an authentication group for which the first message payload segment is intended and determining a first encryption key associated with the determined authentication group. The first message payload segment is encrypted using the first encryption key. A message payload is aggregated comprising the encrypted first message payload segment and at least a second message payload segment. The cell broadcast message comprising the aggregated message payload for message broadcast is transmitted within at least a part of the communication network. A method and apparatus is also provided for decrypting a cell broadcast message at a mobile terminal.

Abstract: A method for securely transmitting packets on a wireless link is disclosed. This method advantageously uses a type II HARQ protocol. In a first step, a first version of a packet is transmitted, so that the receiver cannot decode it. The receiver generates a couple of public and private keys, and sends back to the transmitter a negative acknowledgment as well as the public key. The transmitter then transmits a second version of the packet, encrypted using the public key. The receiver tries to decode a combination of the first and the second versions of the packet. In case of success, a positive acknowledgment is transmitted to the transmitter and, in case of failure, the retransmission process is iterated.

Abstract: Methods and systems are disclosed for identifying security risks, arising from credentials existing on machines in the networks that enable access to other machines on the networks. Account credentials indications are retrieved from machines in the network, which indicate that credentials for accounts are stored on those machines. Access rights for accounts are collected, describing the access and operation permissions of these accounts on machines in the networks. A correlation is then performed to identify machines that can be accessed by employing credentials of accounts retrieved from other machines in the network.

Abstract: A device creates a list of permanent evolved packet system (EPS) mobility management (EMM) failure events associated with the device, where the list includes information associated with one or more permanent EMM failure events encountered by the device. The device stores the list of permanent EMM failure events, provides an attach request message to an access network, and receives, from the access network, a reject message as a response to the attach request message. The device performs a power cycle based on receiving the reject message, and erases, based on the power cycle, a forbidden public land mobile network (PLMN) list and a forbidden tracking area list maintained by the device. The device repopulates the forbidden PLMN list and the forbidden tracking area list with information included in the list of permanent EMM failure events.

Abstract: A method of deleting log records may include identifying a plurality of log records generated during a time period, for each identified log record, determining whether a delete request associated with the log record has been made, and, in response to determining that a delete request has not been received, identifying a unique identifier associated with the log record, searching a user activity table for an entry having a key table index associated with the unique identifier, where the entry is associated with a timestamp, using the key table index and the timestamp to identify a key associated with the unique identifier and the timestamp from a key table, encrypting at least a portion of the log record with the identified key to generate an encrypted value, and storing the encrypted value as an entry in the log record database that is associated with the identified log record.

Abstract: A communication apparatus performs encryption on data transmitted from another communication apparatus by using first or second cryptographic algorithm, or performs decryption on the data that has been encrypted using the first or second cryptographic algorithm, by using one of the first and second cryptographic algorithms used for the encryption, where the second cryptographic algorithm provides a higher security level than the first cryptographic algorithm. The communication apparatus includes an encryption unit configured to perform, upon receiving the data including a cryptographic class identifying a parameter to be used for performing the encryption or the decryption, the encryption or the decryption by using one of the first and second cryptographic algorithms, based on the cryptographic class.

Abstract: A method for the secure exchange of data over an ad-hoc network implementing an Xcast broadcasting service and an associated node are disclosed. The method includes providing a security graph for the network and a communication graph for the network, routing a data item between the sender node sending the data and each receiver node receiving the data along a secure route on the security graph. The method also includes generating, between one relay node and a subsequent relay node of the secure route, an appropriate message, containing the data protected in accordance with a security association shared between the relay node and the subsequent relay node. The method further includes routing the message from the relay node to the subsequent relay node along a communication route on the communication graph.

Abstract: A network and related methods for transmitting processes in a network secretly and securely is described. The network use keys, through path-key establishment and a key pool bootstrapping, to ensure that packets are transmitted and received properly and secretly in the presence of one or more adversarial nodes.

Abstract: A system, a controller, and methods are described herein for enabling a user of a user device while located in a visited local area network (e.g., their friend's local area network) to remotely access a device which is located within a home local area network (e.g., their household local area network).

Abstract: Methods and systems for monitoring, analyzing and acting upon voice calls in communication networks. An identification system receives monitored voice calls that are conducted in a communication network. Some of the monitored voice calls may be conducted by target individuals who are predefined as suspects. In order to maintain user privacy, the system selects and retains only voice calls that are suspected of being conducted by predefined targets. The techniques disclosed herein are particularly advantageous in scenarios where the network identifiers of the terminal used by the target are not known, or where the target uses public communication devices. In accordance with the disclosure, content-based identifiers such as speaker recognition or keyword matching are used.

Abstract: Example methods and systems for content-based association of a device to a user are presented. In an example method, data corresponding to each of a plurality of items of content stored within a user device are accessed. A device identifier for the user device is generated based on the data. The device identifier is transmitted from the user device to a service device to associate the user device with a user.

Abstract: System and method for agentless computing system configuration management in networked environments. A configuration management service may be implemented as a service on a network with a standard network interface. A client may communicate with the service to specify a configuration for a target system, for example through a browser interface. The specified configuration may be stored by the service. The service may generate a package according to the specified configuration. The package may be delivered to the target system via the network. The package may then install the configuration, for example, one or more software, data, or other digital components, on the target systems in accordance with the specified configuration. The clients may request that the service verify and/or update the installed configuration on the target system. The service may, in response, generate an update package for the installed configuration. Target systems may include computer systems and virtual machines.

Abstract: Methods, systems, and computer-readable storage media for selecting columns for selecting encryption to perform an operator during execution of a database query. Implementations include actions of determining a current encryption type of a column that is to be acted on during execution of the database query, the column storing encrypted data, determining a minimum encryption type for performance of the operator on the column, selecting a selected encryption type based on the current encryption type, the minimum encryption type, and a budget associated with the column, and performing the operator based on the selected encryption type.

Abstract: This invention provides a clock control circuit, which can be added to any pipeline-processor to solve timing problems arising from variations due to process outcome and environmental conditions. Critical instructions are detected (instructions that exercise critical paths) in conjunction with environmental sensing (such as process, temperature and voltage). This information is used to control cycle stealing.

Abstract: The invention relates to the technical field of information, and disclosed in the present invention are a key negotiation method and apparatus according to the SM2 key exchange protocol. The method is implemented as follows: two negotiation parties both calculate a parameter W according to the minimum positive integer value in the permissible values of X which enable an inequality n?2X to hold, and perform key negotiation with the opposite negotiation party according to the parameter W.

Abstract: A communication process is provided for sending a qubit message between Alice and Bob using a quantum channel for obviating a faked-state attack by Eve. The qubit message is composed of ensemble bits and transmitted as a plurality of photons into the quantum channel. Each photon has a corresponding bit value. The process includes: Alice preparing three uniformly random bit strings each of length 4N to produce strings R (raw key), P (bit basis) and U (unitary operation), and Bob preparing two uniformly random bit strings of the same length to produce strings M (bit basis) and V (unitary operation). Alice broadcasts P, applies her unitary operation and records a first weak measurement to the photons for transmission. Meanwhile Bob broadcasts M, applies his unitary operation and records both a second weak measurement and a strong measurement to the photons.

Abstract: The imager and controller of an information apparatus images the back face of another information apparatus to acquire the manufacturing number of the other information apparatus corresponding to the two-dimensional bar code provided on the back face of the other information apparatus and acquire visible light information corresponding to blinking of light emitted by the light emitter arranged on the back face of the other information apparatus. Furthermore, the controller controls the imager so as to be able to image the two-dimensional bar code and the light emitted by the light emitter.