Abstract: A system and method for preventing illicit use of a telephony platform that includes enrolling a plurality of accounts on a telecommunications platform, wherein an account includes account configuration; at a fraud detection system of the telecommunications platform, receiving account usage data, wherein the usage data includes at least communication configuration data and billing configuration data of account configuration and further includes communication history of the plurality of accounts; calculating fraud scores of a set of fraud rules from the usage data, wherein at least a sub-set of the fraud rules include conditions of usage data patterns between at least two accounts; detecting when the fraud scores of an account satisfy a fraud threshold; and initiating an action response when a fraud score satisfies the fraud threshold.

Abstract: One embodiment includes a method for offering a protection policy for a mobile device, the method comprising the steps of providing an application, conducting a test of the mobile device, calculating the risk of protecting the mobile device, and offering an protection policy. The application is configured to operate on the mobile device and to test at least one function of the mobile device. The test is conducted by the application and verifies at least one function of the mobile device through the application. The risk of protecting the mobile device is based upon at least one result of the test. The protection policy for the mobile device is based upon the calculated risk, has a cost, and is offered for purchase to a user of the mobile device.

Abstract: A storage device capable of performing high-speed link startup and a storage system including the storage device are disclosed. A link startup method of the storage device includes receiving a line-reset signal from a host through a line connected to an input signal pin of the storage device, comparing a length of the received line-reset signal with a first reference time, and performing a link startup operation in a high-speed mode or a low-speed mode between the storage device and the host according to a comparing result.

Abstract: Systems and methods for authenticating a user requesting access to a resource in a cloud-computing system. The methods comprise, by a resource service: receiving an access request for accessing a resource associated with the resource service from a computing device associated with a user, determining context information corresponding to the access request, and using the determined context information for identifying an authentication protocol for authenticating the user. The authentication protocol includes at least one authentication scheme. The methods further comprise generating an authentication challenge and transmitting the authentication challenge to the computing device. The authentication challenge includes an initial token and authentication parameters corresponding to the identified authentication protocol.

Abstract: Techniques are described for delivering subscriber information of a subscriber of a wireless carrier network to an authorized partner. The techniques include receiving, from a requesting entity device, a request for subscriber information of a subscriber, the request comprising a public Internet Protocol (IP) address of a user device associated with the subscriber, determining whether the requesting entity device is associated with an authorized partner based at least on one or more credentials associated with the requesting entity device, in response to determining that the requesting entity device is associated with the authorized partner, routing the request to at least one subscriber database of a plurality of subscriber databases to obtain the subscriber information using the public IP address of the user device, and transmitting the subscriber information of the subscriber to the requesting entity device.

Abstract: One embodiment provides a method, including: receiving, at an information handling device, a request to print a document; analyzing, using a processor, content of the document; determining, based on the analyzing, a printing characteristic of the content, wherein the printing characteristic comprises at least one of: a simplex printing characteristic and a duplex printing characteristic; establishing, based on the printing characteristic, a printer setting for printing the document. Other aspects are described and claimed.

Abstract: A method for managing hardware within a computing system. The method includes at least one computer processors identifying a plurality of field-replaceable units (FRUs) within a computing system that respectively include a non-volatile memory device. The method further includes determining a status corresponding to a FRU of the identified plurality of FRUs. The method further includes responding to determining a non-functional status of the FRU of the identified plurality of FRUs, by determining a response related to the non-functional FRU. The method further includes initiating an action on the computing system based on the determined response related to the non-functional FRU.

Abstract: The techniques described herein facilitate proactively discovery of remote micro-services by spreadsheet applications, e.g., Microsoft Excel®. In an implementation, a method of operating a spreadsheet application to proactively discover remote micro-services based on credential information is disclosed. The method includes identifying the credential information associated with a user of the spreadsheet application responsive to detecting a micro-service updating event and proactively discovering one or more micro-services that are available to the user of the spreadsheet application through a cloud service platform based on the credential information. The method further includes persisting a list including the one or more micro-services that are available to the user of the spreadsheet application based on the credentials.

Abstract: A method for requesting a credential associated with token in a multiple token layer environment is disclosed. A tokenization certificate serves to validate the identity of a credential requestor and provide information about the requestor's authorization for de-tokenizing a token. Also, a public key in the tokenization certificate is used to encrypt the credential for secure transmission to the requestor.

Abstract: An implantable pulse generator (IPG) that generates spinal cord stimulation signals for a human body has a programmable signal generator that can generate the signals based on stored signal parameters without any intervention from a processor that controls the overall operation of the IPG. While the signal generator is generating the signals the processor can be in a standby mode to substantially save battery power.

Abstract: Data can be protected in mobile and payment environments through various tokenization operations. A mobile device can tokenize communication data based on device information and session information associated with the mobile device. A payment terminal can tokenize payment information received at the payment terminal during a transaction based on transaction information associated with the transaction. Payment data tokenized first a first set of token tables and according to a first set of tokenization parameters by a first payment entity can be detokenized or re-tokenized with a second set of token tables and according to a second set of tokenization parameters. Payment information can be tokenized and sent to a mobile device as a token card based on one or more selected use rules, and a user can request a transaction based on the token card. The transaction can be authorized if the transaction satisfies the selected use rules.

Abstract: A client and server negotiate a secure communication channel using a pre-shared key where the server, at the time the negotiation initiates, lacks access to the pre-shared key. The server obtains the pre-shared key from another server that shares a secret with the client. A digital signature or other authentication information generated by the client may be used to enable the other server to determine whether to provide the pre-shared key.

Abstract: An access token is synchronized across multiple trusted devices when one of the trusted devices obtains an authorization grant from a resource owner, and uses the authorization grant to obtain the access token. The access token is synchronized with other trusted devices indicated in a trusted device list, by securely transmitting the access token to each of the trusted devices indicated in the trusted device list other than the first device. A second trusted device may then access the protected resource, using the access token originally obtained by the first device, without having to request the authorization grant from the resource owner to obtain a new access token.

Abstract: A method for requesting a credential associated with token in a multiple token layer environment is disclosed. A tokenization certificate serves to validate the identity of a credential requestor and provide information about the requestor's authorization for de-tokenizing a token. Also, a public key in the tokenization certificate is used to encrypt the credential for secure transmission to the requestor.

Abstract: A client and server negotiate a secure communication channel using a pre-shared key where the server, at the time the negotiation initiates, lacks access to the pre-shared key. The server obtains the pre-shared key from another server that shares a secret with the client. A digital signature or other authentication information generated by the client may be used to enable the other server to determine whether to provide the pre-shared key.

Abstract: Data can be protected in a centralized tokenization environment. A request to tokenize sensitive data is received by an endpoint. A token for use in tokenizing the sensitive data is identified. A token certificate store is queried for a token certificate associated with the identified token. The token certificate can include a token status and use rules describing a permitted use of the token. Responsive to the token certificate store storing the queried token certificate, the endpoint tokenizes the sensitive data using the identified token if the token status indicates the token is available, and subject to the use rules included in the token certificate being satisfied. The token certificate is updated based on the tokenization of the sensitive data with the identified token and stored at the token certificate store.

Abstract: A unit for recording operating information of an electronically commutated motor (ECM) is described. The unit includes a system controller communicatively coupled to an ECM. The system controller includes a processing device configured to control the unit. The unit also includes a memory device communicatively coupled to the system controller. The memory device is configured to receive and store ECM operating information provided by the processing device.

Abstract: A security assembly for protecting a device including first and second security wraps fitted to the device. The first security wrap covers a first area of the device. The second security wrap partially overlaps the first security wrap and covers a second area of the device. Each of the first and second security wraps has a security screen having a pair of screen terminals and a conductive track extending between the screen terminals A conductive structure is disposed in an overlapping area between the first and second security Wraps and coupled to the first screen terminals of the first security screen and to the second screen terminals of the second security screen.

Abstract: Method for activation and storing traces generated by a mail processing device, comprising the following steps: connection of a storage apparatus on the mail processing device, activation of a traces generation module in the mail processing, temporary storage of selected traces in a circular buffer of the mail processing device, continuous transfer of the selected traces from the circular buffer to the storage apparatus, and when the traces generation is completed, deactivation of the traces generation module in the mail processing device.

Abstract: According to some embodiments, a method and apparatus are provided to receive, at a central security manager located on a computer network, first network information from a first network resource associated with a first network perspective and receive, at the central security manager, second network information from a second network resource associated with a first network perspective. The first network information and the second network information are aggregated. A potential attack to the network is determined and a defensive measure is implemented in response to the potential attack to the network.

Abstract: A unit for recording operating information of an electronically commutated motor (ECM) is described. The unit includes a system controller communicatively coupled to an ECM. The system controller includes a processing device configured to control the unit. The unit also includes a memory device communicatively coupled to the system controller. The memory device is configured to receive and store ECM operating information provided by the processing device.

Abstract: A storage control device includes a first rewriting section, a second rewriting section, and a first retry control section. The first rewriting section performs first rewrite to rewrite other of two binary values into a memory cell in which one of the two binary values is written. The second rewriting section performs second rewrite to rewrite the one of the two binary values into the memory cell in which the other of the two binary values is written. The first retry control section causes the memory cell that has undergone the first rewrite to be subjected to the second rewrite followed by the first rewrite again if an error occurs during the first rewrite.

Abstract: A computer program can be statically analyzed to determine an order in which client side workflows are intended to be implemented by the computer program. A virtual patch can be generated. When executed by a processor, the virtual patch can track web service calls from a client to the computer program, and determine whether the order of the web service calls from the client to the computer program correlate to the order in which client side workflows are intended to be implemented by the computer program. If the order of the web service calls from the client to the computer program do not correlate to the order in which client side workflows are intended to be implemented by the computer program, an alert can be generated.

Abstract: A computer program can be statically analyzed to determine an order in which client side workflows are intended to be implemented by the computer program. A virtual patch can be generated. When executed by a processor, the virtual patch can track web service calls from a client to the computer program, and determine whether the order of the web service calls from the client to the computer program correlate to the order in which client side workflows are intended to be implemented by the computer program. If the order of the web service calls from the client to the computer program do not correlate to the order in which client side workflows are intended to be implemented by the computer program, an alert can be generated.

Abstract: Processing of masked data using table lookups is described. A mask is applied to input data to generate masked input data. The mask and the masked input data are used in combination to locate an entry in a lookup table. The entry corresponds to a transformed version of the input data.

Abstract: Electronic messages may be processed using a stamp authority by receiving an electronic message, identifying a stamp associated the message, determining if the stamp is valid, and, if the stamp is determined to be valid, distinguishing the message from messages with which a valid stamp is not identified.

Abstract: Technologies are generally described for data filtering for communication devices. In one example, a method of receiving data from a data source on a communication device is disclosed. The method includes determining, at the communication device, a domain name of the data source. The method also includes determining, at the communication device, one or more communication networks the communication device is connected to. The method further includes processing, at the communication device, the domain name for acceptance based on the one or more connected communication networks. The method also includes receiving the data from the data source, at the communication device, if the domain name is accepted.

Abstract: In a method and an arrangement for provision of at least one secured service via a security module of a franking machine for at least one procedure for data processing that is executed in a data processing device that can be connected with the franking machine, the procedure requests a secured first service from the security module in a request step; and the security module provides the first service in a provision step subsequent to the request step. The security module verifies an authorization to request the first service via the procedure in a verification step preceding the provision step.

Abstract: There is provided a method and system for producing a label that can be applied onto a mailpiece. An exemplary method comprises providing a data service via a network node, the data service being performed in a provider server of a service provider. The exemplary method also comprises performing a one-time printing of the label via a control program, such that an intelligent document is transmitted from the provider server via a network to a user client, the one-time printing being done if a network connection exists between the user client and the provider server, and if, on the basis of a query to the provider server, it has been ascertained that that label had not been printed before. The exemplary method additionally comprises transmitting a message from the user client to the provider server when the label is printed for the first time. The exemplary method further comprises logging the printing in the provider server in response to the message.

Abstract: In a system including a postage printing device and a data center, wherein the postage printing device and the data center have a first set of keys for use in requesting and downloading a plurality of postage data records from the data center for use in printing postal indicia, a method of securely transferring the postage printing device and any postage value stored therein from a first user to a second user. According to the method, a new set of keys for requesting and downloading postage data records is generated, any current postage value stored in the printer device is securely transferred to the second user using the new keys and some of the first set of keys, and the first set of keys is zeroed, thereby protecting the first user from any potential theft or fraud of postage funds on the part of the second user.

Abstract: Electronic messages may be processed using a stamp authority by receiving an electronic message, identifying a stamp associated the message, determining if the stamp is valid, and, if the stamp is determined to be valid, distinguishing the message from messages with which a valid stamp is not identified.

Abstract: Processing of masked data using table lookups is described. A mask is applied to input data to generate masked input data. The mask and the masked input data are used in combination to locate an entry in a lookup table. The entry corresponds to a transformed version of the input data.

Abstract: A sensor is paired with an emitter, such as in a postage metering machine, and the sensor is calibrated for ambient light conditions. Ambient light is measured with a sensor while the emitter is unpowered. If the measured ambient light is less than a current trip level (voltage level at the sensor), then a current level of light is measured with the sensor while the emitter is powered. If the measured current level of light exceeds the current trip level, then the signal output from the sensor indicates that an object such as an envelope awaiting postage to be printed thereon is present at the sensor. The current trip level may be determined by measuring light at the sensor when the emitter is on and adding some voltage margin to it, but if the sensor is blocked during this calibration a default threshold is used as the current trip level.

Abstract: An intrusion detection system (IDS) comprises a network processor (NP) coupled to a memory unit for storing programs and data. The NP is also coupled to one or more parallel pattern detection engines (PPDE) which provide high speed parallel detection of patterns in an input data stream. Each PPDE comprises many processing units (PUs) each designed to store intrusion signatures as a sequence of data with selected operation codes. The PUs have configuration registers for selecting modes of pattern recognition. Each PU compares a byte at each clock cycle. If a sequence of bytes from the input pattern match a stored pattern, the identification of the PU detecting the pattern is outputted with any applicable comparison data. By storing intrusion signatures in many parallel PUs, the IDS can process network data at the NP processing speed. PUs may be cascaded to increase intrusion coverage or to detect long intrusion signatures.

Abstract: A system for resource sharing for document production. Available resources are determined for performing at least one document production task. The capacity of an available resource is determined. A task is selecting to send to the resource based at least partly on its availability. An identifier is associating with a set of task data, which can include document data and insertion data. The identifier can be used to track the progress and completion of the task. The task can be sent to the resource for processing. The completed task is received from the resource.

Abstract: An apparatus, system, and method are disclosed for authenticating users through multiple communication channels. The authentication method of the present invention may be used to supplement password systems or replace password authentication, effectively enabling secure sharing, auditing, delegation, and revocation of authority.

Abstract: In a method and an apparatus for exchanging customer data of a franking machine, a data processing device is in communication with a first memory that is permanently connected therewith, and is also in communication with a security module for implementing security-relevant services associated with franking. The data processor stores user data in the first memory that are predetermined by a user. A second memory is connected to the data processor in a manner allowing the second memory to be readily detached. The data processor stores the user data in the second memory for data backup.

Abstract: In a method for data backup of a franking machine in which, in a data backup step, a connection is established between the franking machine and a remote data center via a communication network, data stored in the franking machine are transmitted to the data center as backup data in a transmission step, and the backup data are stored in the data center in a storage step. The backup data include user-definable configuration data of the franking machine that are definable by the user of the franking machine for configuration of the franking machine.

Abstract: In a method and arrangement for variable generation of cryptographic securities of communications in a host device, for cryptographic security of a communication for a first purpose a first signature is used and for cryptographic security of a communication for a second purpose a second signature is used, the signatures being differentiated from each other by the type of their generation. A cryptologic module has a number of logic circuits and a changeover switch and is arranged externally of the postal security device and is connected at its output with an information input of the postal security device that has a logic circuit that applies a digital signal algorithm to the output signal supplied by the output in order to generate a signature.

Abstract: A franking machine is described including a unit for generating franking data and a unit for printing data connected to the data generating unit and adapted to receive franking data therefrom, the printer unit including at least one member for printing data, wherein the franking machine includes additional means for wireless communication between the print member and the data generating unit to enable identification of the print member by the data generating unit.

Abstract: In a mail franking system including a central secure metering device (PSD 20) connected to a remote credit reloading server (26) and a plurality of local franking management modules (22-1 to 22-N) each including a local secure metering device (28-1 to 28-N) and connected to said central secure metering device via a user's local area network (LAN), there is provided a method wherein a franking session is opened, each of the local franking management modules books a predetermined franking value from a central secure metering device so as to perform secure frankings up to the limit of this value and at the end of session each of these modules transmits its consumed franking value to the central device which is then debited by an overall franking value equal to the sum of the franking values consumed by each of the local modules.

Abstract: The present invention includes apparatus and methods for printing and verifying postage stamps on demand via a personal postage stamp printer. The indicium by which the stamp is printed includes a color stripe and a data field including authentication data that corresponds to the color stripe. To authenticate the stamp, the authentication data in the data field is read and compared with authentication data extracted from the color stripe.

Abstract: A method, carrier server and system are provided for shipping a package wherein a shipper can arrange for shipment of a package, simply through an interactive contact with the carrier, without the need for the shipper to use official carrier documentation or forms. In particular a shipper may contact a carrier using any communication device, such as a cellular telephone, standard landline telephone, personal digital assistant (PDA), personal computer (PC), laptop, or other wired, wireless or optically-based device, in order to communicate shipping information to the carrier and, in response, receive a unique easy identifier. Thereafter, the shipper need only associate the easy identifier with the package, for example by simply hand writing the identifier on the package, and either deposit the package at the closest drop off box or carrier facility, or leave the package to be picked up by a carrier vehicle that has been, or will shortly thereafter be, dispatched fort the purpose of picking up the package.

Abstract: The present invention comprises a method, computer program product, and system for risk management. The present invention includes calculating a statistic of loss per unit time, the statistic being a product of a site loss parameter and a loss given a loss-basis event. The site loss parameter is a site casualty parameter and/or a site economic parameter, while the loss-basis event is a casualty-basis event and/or an economic-basis event, non-limiting examples of which include an earthquake, flooding, wind, and blast pressure.

Abstract: A method and system for authenticating an item by using a security marking. The security marking is provided on the item with an OVD ink capable of absorbing light in a visible wavelength range to appear visibly black and producing a red fluorescent emission under ultraviolet excitation. Under visible light illumination and ultraviolet excitation, a visible image and a fluorescent image are obtained from the security marking using image scanners. The images are compared to find a substantial match with each other. The security marking can be a postage indicium, a barcode, a symbol, a message or an image. The item to be authenticated can be a mailpiece, a banknote, a tag, a ticket, a document, an identification card, or the like.

Abstract: A mail piece verification system for processing a mail piece having associated therewith mail piece data includes an incoming mail processing center, an outgoing mail processing center located downstream from the incoming mail processing center and a data center in operative communication with the incoming mail processing center and the outgoing mail processing center. The incoming mail processing center receives the mail piece, obtains the mail piece and uploads the mail piece data to the data center. The data center performs a verification check on the mail piece data and downloads instructions based upon the verification check to the outgoing mail processing center. The outgoing mail processing center uses the instructions to process the mail piece.

Abstract: A method and system for securely transferring the personality of a postage meter system to a replacement postage meter system at a non-secure location includes the steps of connecting a security tool to the postage meter system at the non-secure location and the tool retrieving data from the postage meter system. The tool signs the retrieved data. The tool is connected to a data center and the tool transmits the signed data to the data center. The data center validates the signature and content of the retrieved data and the data center signs replacement adjusted data and transmits the signed replacement adjusted data from said data center to the tool at non-secure location. The tool sends the signed replacement adjusted data to the replacement postage meter system and the replacement postage meter system validates and installs the signed replacement adjusted data in the postage meter system at the non-secure location.

Abstract: A system and method for transferring an asset, or assets, from a first depreciation book to a second depreciation book possibly in different currencies. In particular a method for automatically transferring an asset from a first depreciation book to a second depreciation book with the steps of: gathering asset information from the first depreciation book including original currency for the asset; gathering details of transfer including new currency for the asset and date of transfer; determining the financial treatment of the asset; determining a translation rate between the original currency and said new currency based on the date of transfer; computing financial parameters for the asset in the new currency; retiring the asset from the old depreciation book and creating the asset in the new depreciation book; creating journal entries for the transfer. All of these steps are generally performed while maintaining an audit trail of the transfer.

Abstract: Digital franking notes generated in customer systems and comprise cryptographic information that is used for verifying the postage indicia in local payment assurance systems. A data key used for generating the postage indicia is generated in a value transfer center and transmitted via a central payment assurance system to the local payment assurance systems, which import the key in order to verify franking notes generated using the key. The local payment assurance systems notify the value transfer center of successful key imports. After a successful import, the value transfer center issues a data key to the customer systems and postage indicia are verified by decrypting the contained cryptographic information in the local payment assurance systems.

Abstract: In a method and apparatus for dependable transmission of data from a data center to terminal equipment, particularly transmission of fee schedule table data to a postage-calculating scale or postage meter machine, new postage fee schedule table data are offered at the data center for future postage calculation. In a first communication between the data center and the terminal equipment, a request for postage fee schedule table data is formed at the terminal equipment and is communicated to the data center, and the data center receives the request and transmits the requested new service data to the terminal equipment, and the terminal equipment receives and stores the new service data.