Abstract: A computer manages methods for utilizing an index to manage access to data in a dataset stored in one or more file locations in an ETL tool by receiving a request to access a dataset associated with one or more file locations, wherein the dataset is stored in the one or more file locations. The computer queries an index for the one or more file locations associated with the dataset, wherein the dataset has another index for data in the dataset. The computer receives the one or more file locations associated with the dataset. The computer determines to cache the request to access the one or more file locations for the dataset until one or more thresholds are met, wherein the cached request is part of a total number of cached requests.

Abstract: When compressing an arrangement of fixed-length records in a columnar direction, a data compression device carries out data compression aligned with the performance of a data decompression device by computing a number of rows processed with one columnar compression from the performance on the decompression device side, such as the memory cache capacity of the decompression device or the capacity of a primary storage device which may be used by an application, and the size of one record. Thus, while improving compression ratios of large volumes of data, including an alignment of a plurality of fixed-length records, decompression performance is improved.

Abstract: A method for operating an electronic device, and an electronic device, are provided. In the normal operation state of the electronic device, data which is stored in the main storage device of the electronic device is encrypted by a first encryption algorithm prior to being stored in a non-volatile storage device of the electronic device. The method includes the steps of generating snapshot data in the main storage device when the electronic device is entering a hibernation state, allocating space in the non-volatile storage device for storing the snapshot data, and storing the snapshot data in the space without encrypting the snapshot data using the first encryption algorithm.

Abstract: Methods and systems for authenticating and confidence marking e-mail messages are described. One embodiment describes a method of authenticating an e-mail message. This method involves extracting a plurality of e-mail headers associated with the e-mail message, and identifying a sending edge mail transfer agent (MTA). The method then calls for determining if the sending edge MTA is authorized to send the e-mail message.

Abstract: A processor includes an instruction decoder to receive a first instruction to process a secure hash algorithm 2 (SHA-2) hash algorithm, the first instruction having a first operand associated with a first storage location to store a SHA-2 state and a second operand associated with a second storage location to store a plurality of messages and round constants. The processor further includes an execution unit coupled to the instruction decoder to perform one or more iterations of the SHA-2 hash algorithm on the SHA-2 state specified by the first operand and the plurality of messages and round constants specified by the second operand, in response to the first instruction.

Abstract: Embodiments are directed to an IC device comprising a set of N elements, and an interconnect system for enabling communication between the set of elements. Each element of the set of elements is configured according to a first communication plan to receive attestation data of each other element of the set of elements. Upon receiving the attestation data the element may determine whether each of the received attestation data from the other elements match an attestation pattern as defined in the first communication plan. In case the received attestation data match the first communication plan, the element may determine whether the received attestation data is attested by N?1 elements of the set of elements. In case the attestation data is attested by N?1 elements of the set of elements, the element may indicate the presence of the set of elements before the time interval has lapsed.

Abstract: A method and system are disclosed for providing integrated circuit chip cards (e.g. transaction cards) pursuant to an order placed by or on behalf of a card issuer wherein a testing data file is provided in conjunction with prepersonalization data encoding for use in conjunction with subsequent testing of the accuracy of the encoded prepersonalization data. Such testing may be completed prior to personalization data encoding to facilitate the identification of prepersonalization data encoding errors, thereby further facilitating remedial action and reduction of production disruptions.

Abstract: A method generates, in a higher security domain (SD), public and secret keys using a first homomorphic encryption scheme (HES), passes the public key to a first shared security zone (SSZ) between the higher SD and a lower SD and through the first SSZ to a second entity in the lower SD, passes a plain text query from the higher SD to the first SSZ, encrypts the plain text query using a second HES, passes the encrypted plain text query to the second entity, performs an oblivious query to generate an encrypted result, and passes that from the lower SD to a second SSZ located between the higher and lower SDs, passes the secret key from the higher SD to the second SSZ, and decrypts the encrypted result using the secret key to generate a plain text result, and passes the plain text result to the higher SD.

Abstract: Techniques for remote authentication using reconfigurable boson samplers are provided. In one aspect, a method for remote authentication includes the steps of: providing an input photon configuration for an optical transmission network; receiving a response including measured output quantum photon coincidence frequencies from the optical transmission network based on the input photon configuration; comparing the measured output quantum photon coincidence frequencies to output quantum photon coincidence probabilities calculated for the optical transmission network; and verifying the response if the measured output quantum photon coincidence frequencies matches the output quantum photon coincidence probabilities calculated for the optical transmission network with less than a predetermined level of error, otherwise un-verifying the response. A verification system including an optical transmission network is also provided.

Abstract: Disclosed herein is a digital rights management system that includes a storage module that stores a usage right for digital content in a tamper-resistant portion of a memory. The system also includes a flag status module that generates a flag corresponding with a transfer status of the usage right, sets the flag to one of a plurality of transfer statuses, and stores the flag in the tamper-resistant portion of the memory. The transfer statuses include a status indicating a request for the usage right was generated by a device with a usage right recovery mechanism.

Abstract: An apparatus is provided for protecting a basic input/output system (BIOS) in a computing system. The apparatus includes a BIOS read only memory (ROM), an event detector, and a tamper detector. The BIOS ROM has BIOS contents that are stored as plaintext, and an encrypted message digest, where the encrypted message digest comprises an encrypted version of a first message digest that corresponds to the BIOS contents, and where and the encrypted version is generated via a symmetric key algorithm and a key. The event detector is configured to generate a BIOS check interrupt that interrupts normal operation of the computing system upon the occurrence of an event, where the event includes one or more occurrences of a change in system state.

Abstract: Systems and methods for electronic test delivery are described herein. A host computer is in electronic communication with one or more devices over a wireless private network. The host computer is configured to transmit data describing a plurality of test unit components to at least one of the devices. Each of the devices is configured to request from the host computer certain of the data describing the plurality of test unit components that form a test unit, receive the certain data, assemble the certain data, and display the assembled certain data as the test unit. The host computer is further configured to receive data describing one or more responses associated with the test unit from at least one of the devices.

Abstract: Methods and systems for monitoring, analyzing and acting upon voice calls in communication networks. An identification system receives monitored voice calls that are conducted in a communication network. Some of the monitored voice calls may be conducted by target individuals who are predefined as suspects. In order to maintain user privacy, the system selects and retains only voice calls that are suspected of being conducted by predefined targets. The techniques disclosed herein are particularly advantageous in scenarios where the network identifiers of the terminal used by the target are not known, or where the target uses public communication devices. In accordance with the disclosure, context-based identifiers such as speaker recognition or keyword matching are used.

Abstract: Techniques to facilitate temporary escalation of access privileges for a control program associated with a machine system in an industrial automation environment are disclosed. In at least one implementation, a request is received from a user for a temporary access level increase to utilize protected functions of the control program. An encrypted string is generated comprising a temporary password authorized to access the protected functions of the control program. The encrypted string is provided to the user, wherein the user provides the encrypted string to an administrator and the administrator authenticates the user for the temporary access level increase, decrypts the temporary password, and provides the temporary password to the user. A login request is received from the user with the temporary password, and the temporary access level increase is responsively granted to allow the user to utilize the protected functions of the control program.

Abstract: A chipset and a host controller, including a storage host controller for a storage device and an encryption and decryption engine that is implemented by hardware. The storage host controller analyzes a write command to obtain write command information, and provides the write command information and write data to the encryption and decryption engine. The encryption and decryption engine combines a data drive key with the write command information to encrypt the write data and provides the encrypted write data to the storage host controller to be written into a storage device via a communication port.

Abstract: Embodiments of the present application disclose a method for providing a terminal identifier to a terminal. During operation, a security server receives a registration information set from the terminal, in which the registration information set includes multiple pieces of equipment information from the terminal. The security server then generates a terminal identifier based on the multiple pieces of equipment information in the registration information set. The security server then returns the terminal identifier to the terminal.

Abstract: Data received through a proxy for a service is analyzed for compliance with one or more data policies, such as one or more data loss prevention policies. When data satisfies the criteria of one or more data policies, the data is manipulated at the proxy prior to transmission of the data to the service. In some examples, the manipulation of the data includes encryption.

Abstract: One embodiment provides a system that facilitates encrypted-domain aggregation of data in a star network. During operation, the system receives a set of ciphertexts, representing respective encrypted polynomial shares, of an input value from each participant in a plurality of participants. Each ciphertext in the set of ciphertexts is associated with a specific participant in the plurality of participants. The system computes an encrypted partial value for each participant by aggregating in the encrypted-domain a respective ciphertext associated with that participant received from the plurality of participants and sends a message comprising the encrypted partial value to that participant. This encrypted partial value is encrypted based on a public key of a corresponding participant. The system receives a decrypted partial value from each participant and computes a target value based on a set of decrypted partial values received from a set of participants in the plurality of participants.

Abstract: Messages sent on behalf of a user through an intermediary service message are assigned a unique sender address including unique message identification data unique to each message being sent. The unique sender address further includes message delivery system domain data identifying the actual domain of the intermediary service. The unique message identification data is also mapped to a user routing address. The unique sender address is then used to populate the “From” field of the message. Consequently, any message response sent to the “From” field of the message can be automatically analyzed to identify the user identification data in the unique sender address and automatically mapped to the user notification routing address. A notification of the response message can then be automatically relayed to the user using the user notification routing address.

Abstract: A system and method for using a Personal Identification Number (“PIN”) to authenticate payment transactions via a mobile device coupled to a reader device is described. The reader device may be modified to not only read and encrypt first identification information from a payment medium such as a magnetic strip of a payment card, but also receive a PIN from the mobile device and encrypt the PIN. The mobile device may be configured to prompt for and receive the PIN. The PIN may be communicated to the reader device for encryption. The mobile device may receive the encrypted first identification information and encrypted PIN and communicate the encrypted data to an adaptive payment server that decrypts the encrypted data for processing the payment transaction. The system may be used to securely process PIN-based payment transactions using a mobile device that is communicably coupled to a reader device.

Abstract: A first photon in single-photon state is created when one of two photons created by parametric down conversion of a pump light is detected at a first detector. The first photon is divided into two components by a polarization beam splitter, and the first component is sent to a sender while the second component is sent to a receiver, with information that one of the two photons is detected. The sender selects whether he measures the first component or not according to the signal that he wants to transmit to the receiver. The second component of the first photon and a probe light enter into the second nonlinear optical medium. The receiver detects the phase modulation of the probe light caused by the interaction with the second component using homodyne detection during a first span after he receives the information from the first detector.

Abstract: A system and method for detecting a first network of compromised computers in a second network of computers, comprising: collecting Domain Name System (DNS) data for the second network; examining the collected data relative to DNS data from known comprised and/or uncompromised computers in the second network; and determining the existence of the first network and/or the identity of compromised computers in the second network based on the examination.

Abstract: A method, computer-readable storage device and apparatus for customer owned encryption at a centralized storage server are disclosed. For example, the method receives a data file for storage and a customer owned encryption method from the customer, applies the customer owned encryption method to the data file at the centralized storage server to create a customer encrypted data file, deletes the customer owned encryption method from the centralized storage server and applies a general encryption method to the customer encrypted data file, wherein the general encryption method is applied to all data files stored in the centralized storage server.

Abstract: The disclosure describes approaches for protecting a circuit design for a programmable integrated circuit (IC). A black key is generated from an input red key by a registration circuit implemented on the programmable IC, and the black key is stored in a memory circuit external to the programmable IC. The programmable IC is configured to implement a pre-configuration circuit, which inputs the black key from the memory circuit and generates the red key from the black key. A ciphertext circuit design is decrypted into a plaintext circuit design by the programmable IC using the red key, and the red key is erased from the programmable IC. The programmable IC is reconfigured with the plaintext circuit design.

Abstract: Techniques described herein may be used to encrypt a telephone call between users. User devices (e.g., smart phones) may be connected to encryption relay devices that operate as relays between headsets worn by the user and the user devices. As information passes from the headset toward a corresponding user device, an encryption relay device may encrypt the information before the information reaches the user device so that the user device transmits encrypted call information to the other user participating in the call. When encrypted information is received, and travels from the user device to the headset, the encryption relay device may decrypt the information before it reaches the headset. Thus, the techniques described herein provide an end-to-end encryption solution to telephone calls.

Abstract: Data received through a proxy for a service is analyzed for compliance with one or more data policies, such as one or more data loss prevention policies. When data satisfies the criteria of one or more data policies, the data is manipulated at the proxy prior to transmission of the data to the service. In some examples, the manipulation of the data includes encryption.

Abstract: A system, medium and method of performing dictionary compression is disclosed. A first data segment received at a receiver device (RD) from a transmiter device (TD) is selected A global bloom filter of the TD is queried to determine if the RD has a stored copy of a first plurality of content data bytes and corresponding first identifier and data length information for the first data segment. A first encoded data packet is prepared and sent which includes the first identifier and data length information without the first plurality of content data bytes. The RD utilizes the received first identifier and data length information to retrieve the first plurality of content data bytes associated with the first data segment from the RD's data store and decodes the first data segment to include the first plurality of content data bytes.

Abstract: A system and process are disclosed for providing users with page previews during page loading events, such that the delay experienced before the display of page content is reduced. The previews may include screenshots of the pages or of portions thereof, and may be generated periodically and cached by the system for delivery to user devices. The process of generating and delivering the previews via the Internet or some other network may be implemented partly or wholly within an intermediary system that sits logically between the user devices and content servers. The process may be used with existing browsers without the need for any browser modifications, or may be used with a “preview-aware” browser that includes special program code for providing page previews.

Abstract: Described herein are various technologies pertaining to constructions of a password-based authentication protocol that are configured to allow a user to register with and authenticate to an online service without the online service receiving a password or a deterministic function of the password of the user. When registering with an online service, a client computing device establishes a cryptographically strong random secret and stores an encryption of such secret with a data storage device. The storage device also never receives the password or a deterministic function of the password. When the user wishes to authenticate to the online service, the user employs her password to retrieve the encrypted secret from the storage device, decrypts such secret, and utilizes the decrypted secret to answer a cryptographically strong challenge provided to the user by the online service upon the online service receiving a username pertaining to such user.

Abstract: Provided an information processing apparatus including a number generation unit configured to generate numbers used in coefficients of terms included in a pair of multi-order multivariate polynomials F=(f1, . . . , fm), using a predetermined function, from information shared between entities executing an algorithm of a public-key authentication scheme or a digital signature scheme that uses a public key including the pair of multi-order multivariate polynomials F, and an allocation unit configured to allocate the numbers generated by the number generation unit to the coefficients of the multi-order multivariate polynomials for which the pair of multi-order multivariate polynomials F are included in constituent elements.

Abstract: A server system maintains data indicative of credentials held by multiple different users. Each of the credentials has been issued by a credential granting authority that is separate from an entity that operates the server system. The server system receives selection data that indicates how credential data of a first user is to be made available to other users. Based on the selection data, the server system stores availability data that indicates how credential data of the first user is to be made available to the other users. The server system also maintains a location of a mobile computing device associated with the first user and, based on the availability data and the location, provides, to at least a second user, information about at least one credential held by the first user in association with an indication of the location.

Abstract: In an embodiment, a processor includes a hardware accelerator to receive a message to be processed using the cryptographic hash algorithm; store a plurality of digest words in a plurality of digest registers; perform a plurality of rounds of the cryptographic hash algorithm, where the plurality of rounds is divided into first and second sets of rounds; in each cycle of each round in the first set, use W bits from the first digest register for a first function and use N bits from the second digest register for a second function; in each cycle of each round in the second set, use W bits from the second digest register for the first function and use N bits from the first digest register for the second function. Other embodiments are described and claimed.

Abstract: A computer-implemented method for encrypting binary data may include encoding raw binary data in Base64 format to generate Base64 binary data. The Base64 binary data may be encrypted, by a computer processor, using format-preserving encryption to generate Base64 ciphertext. The Base64 ciphertext may be validatable by a Base64 validator.

Abstract: Methods and apparatuses, including computer program products, are described for establishing select routing of proprietary digital content. A server computing device prepares a package of digital content, where the digital content includes proprietary content and non-proprietary content. The server segregates the package of digital content into proprietary content and non-proprietary content, and assigns a content identifier to each item of proprietary content. The server transmits the proprietary content to a computing device of a digital content management service. The server receives a notification of acceptance of the proprietary content from the computing device of the digital content management service and a notification of acceptance of the non-proprietary content from a second remote computing device. The server presents an accepted package of digital content on the first remote computing device, where the accepted package comprises accepted proprietary content and accepted non-proprietary content.

Abstract: Disclosed are various embodiments for facilitating a payment to an owner of a media file for enabling the consumption of the media file. In one embodiment, a jukebox service transmits a plurality of media files to a plurality of users for consumption, wherein the media files are served up from a plurality of cloud drives associated with the users. A license service determines whether the consumption comprises at least one of a download, a purchase and an execution of the media files. Then, the license service facilitates a payment to the owner of the media files if a payment is owed to the owner. In one embodiment, the payment owed to the owner may be based on the type of consumption of the media files.

Abstract: An authentication system for providing an authentication service for a user accessing the same through a communication network includes a seed server for managing a user seed value related to each user identification information, a one time password (OTP) generation device provided in a user's mobile terminal, the OTP generation device generating a user OTP by using at least one portion previously defined in an IP address dynamically assigned to the mobile terminal by a mobile communication operator and a user's user seed value, and an authentication server for, if a user authentication request is received, generating an OTP corresponding to the user OTP by using the at least one portion previously defined in the IP address dynamically assigned to the mobile terminal and the user seed value related to the user identification information, and comparing the user OTP with the corresponding OTP, thereby authenticating the user.

Abstract: Computational methods and systems that collect operational data from an intelligent controller to identify information, or correct information, about a device and system controlled by the intelligent controller are disclosed. Computational methods and systems use a set of operational data and information known about other devices and systems controlled by similar intelligent controllers to process the operational data and generate information, or correct information, about the device and system.

Abstract: A method provides secure communication between a first module and a second module within a vehicle communication network. A first anti-replay counter is provided within the first module, and a second anti-replay counter is provided within the second module. A message is transmitted from the first module to the second module over the vehicle communication network. The message includes a partial counter including only a portion of the contents of the first anti-replay counter, and the message is authenticated based on the partial counter.

Abstract: A communications system includes first signal processing circuitry for receiving a plurality of input data streams and applying a different orthogonal function to each of the plurality of input data streams. Second signal processing circuitry processes each of the plurality of input data streams having the different orthogonal function applied thereto to locate a first group of the plurality of input data streams having a first orthogonal function applied thereto onto a carrier signal and locates a second group of the plurality of input data streams having a second orthogonal function applied thereto onto the carrier signal. A transmitter transmits the carrier signal including the first group of the plurality of input data streams having the first orthogonal function applied thereto and the second group of the plurality of input data streams having the second orthogonal function applied thereto over a plurality of communications links from a plurality of transmitting antennas.

Abstract: A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension.

Abstract: The embodiments herein provide a system and method to enable a single sign-on into a plurality of thick-client applications through an external application. The system includes an authentication module for authenticating the user credentials for the plurality of thick-client applications received by a receiving module. The authenticated user credentials for the plurality of thick-client applications is stored in a data based and encrypted with an encryption module. The plurality of thick-client applications is launched with a launching module. A display module is provided to display the user credentials for launching the plurality of thick-client applications.

Abstract: Methods, systems, and computer readable media for rapid filtering of opaque data traffic are disclosed. According to one method, the method includes receiving a packet containing a payload. The method also includes analyzing a portion of the payload for determining whether the packet contains compressed or encrypted data. The method further includes performing, if the packet contains compressed or encrypted data, at least one of sending the packet to an opaque traffic analysis engine for analysis, discarding the packet, logging the packet, or marking the packet.

Abstract: A low power video hardware engine is disclosed. The video hardware engine includes a video hardware accelerator unit. A shared memory is coupled to the video hardware accelerator unit, and a scrambler is coupled to the shared memory. A vDMA (video direct memory access) engine is coupled to the scrambler, and an external memory is coupled to the vDMA engine. The scrambler receives an LCU (largest coding unit) from the vDMA engine. The LCU comprises N×N pixels, and the scrambler scrambles N×N pixels in the LCU to generate a plurality of blocks with M×M pixels. N and M are integers and M is less than N.

Abstract: A method for searching encrypted data includes identifying, with a client, a plurality of values within a predetermined search range in a search index stored within a memory of the client, each value in the plurality of values being present in a plaintext representation of at least one encrypted file in a plurality of encrypted files stored in a server. The method further includes generating and transmitting at least one search query to the server through a data network, and receiving, with the client, at least one response from the server through the data network, the response including the encrypted keyword corresponding to the value in the plurality of values and an identifier of at least one file in the plurality of encrypted files stored on the server that includes the value.

Abstract: A handheld wireless device makes a request for service from a server of a business on a global network, the request originating from the wireless device is automatically routed to the closest server of the business that is geographically closest to the location of the wireless device as determined by a GPS function in the device, or by a router server in the wireless network based on the group of cell towers being connected to by the wireless device, or based on the location of the wireless device in a global telephone network database, for faster access to the service and a response there from.

Abstract: An embodiment of the present invention is directed to methods, systems and apparatuses enabling location sharing group formation and the tracking of group members. Groups may be bound by a geographical area that circumscribes the boundary of a location sharing group. Active members of a location sharing group may become active based on their relative location to the geographical area defining the location sharing group. The geographical area may be static, mobile or change size and shape based on parameters forming the location sharing group. Alerts may be generated informing members of the location sharing group of the entry or exit of members from the location sharing group. Active members of a location sharing group may share location information with other members of the location sharing group. A radius or other shape may identify a geographical area for location sharing between members.

Abstract: A method of performing time-shift function and television receiver having a tuner and a personal video recorder for storing broadcast programs of at least one channel enables a broadcast program of a currently tuned channel to be continuously and efficiently stored to enable time-shifting, regardless of an interruption by switching channels or changing input sources or even in the case of an inadvertent power-off condition.

Abstract: An apparatus and method are described for adjusting a scan interval or scan width of a BTLE device. For example, one embodiment of a method comprises: placing a Bluetooth Low Energy (BTLE) device of an IoT device into a low power or sleep state; waking the BTLE device from the low power or sleep state in response to a specified schedule or set of conditions; attempting to establish a connection between the BTLE device and a BTLE device of an IoT hub using a first scan width and/or scan interval; dynamically adjusting the first scan width and/or scan interval to a second scan width and/or scan interval, respectively, based on a randomly-selected value if a connection is not established after a specified time period; and reattempting to establish a connection between the BTLE device of the IoT device and the BTLE device of the IoT hub using the second scan width and/or scan interval.

Abstract: A method includes accessing genomic data of from a genomic database; generating, by a processor, a first hash by probabilistically and irreversibly encrypting a first portion of the genomic data encoding the first genomic sequence, the first hash projecting the first portion into reduced dimensions such that the first portion of the genomic data encoding the first genomic sequence becomes statistically improbable to recover outside the first processor; generating, by the processor, a first cryptogram by deterministically and reversibly encrypting a second portion of the genomic data encoding the first genomic sequence; generating, by the processor, a look-up table by using at least the first cryptogram as a key and the first portion of the genomic data encoding the first genomic sequence as the value, and transmitting data encoding the first hash and the first cryptogram to one or more processors that are different from the first processor.

Abstract: A Home Subscriber Server for handling IP Multimedia Subsystem subscriptions comprises means for maintaining associations between public user identities and Service Profiles, where two or more public user identities can be associated with a common Service Profile, and means for identifying to a network node all public user identities that are associated with a common Service Profile.