Abstract: A display system for an excavating machine allowing an upper swing body including a work implement to swing about a predetermined swing central axis. The display system includes a processing unit that obtains target swing information indicating an amount of swing of the upper swing body, based on information including a direction of a tooth edge of the bucket, information including a direction orthogonal to a target plane indicating a target shape of a work object, and information including a direction of the swing central axis, and displays an image corresponding to the obtained target swing information, the amount of swing being required for the tooth edge of the bucket to face the target plane, and the direction of the tooth edge of the bucket being determined based on information about a current position and posture of the excavating machine.

Abstract: Improved techniques and systems for delivery and acquisition of digital assets are disclosed. The techniques and systems are especially suitable and useful for delivering digital assets (e.g., media assets) that are available for acquisition and electronic delivery from online stores to electronic devices. In accordance with one aspect, when a digital asset is acquired form an online store via an electronic device associated with a user, the digital asset can be arranged for delivery to a number of other of electronic devices also associated with the user. It will be appreciated that the digital asset can be delivered and acquired without requiring explicit user input or instruction in accordance with another aspect. Other aspects of the techniques and systems include customization of configuration and user interfaces that are provided to facilitate acquisition of digital assets in a more efficient manner.

Abstract: According to one embodiment, a content distribution method includes: generating a security identifier associated with content; storing the security identifier to be associated with metadata related to the content; providing the content and the security identifier to a receiving entity; and receiving a metadata request from the receiving entity, wherein the metadata request corresponds to the metadata related to the content.

Abstract: An approach for facilitating sharing of postal services is disclosed. In some implementations, a request to authorize access for a first account to one or more postal services of a second account may be received. The authorization request may include a first identifier associated with the first account and a second identifier associated with the second account. A message may be generated based on the first identifier, the second identifier, and/or other information. The generated message may be provided to a cryptographic platform. An integrity code associated with the first account and the second account may be received from the cryptographic platform in response to providing the generated message. The integrity code may be configured to enable the first account to access the one or more postal services of the second account.

Abstract: An example of information processing system includes a storage device; and an information processing device for performing near field communication with the storage device. The storage device includes a storage unit storing application data usable in a predetermined application program and shared data usable in an application program regardless of whether the application program is the predetermined application program. The information processing system receives an instruction regarding data read and/or data write from/to the storage device from an application program to be executed by the information processing device. Under the condition that the instruction is from the predetermined application program, the application data is passed to the predetermined application program. Regardless of whether the instruction is from the predetermined application program, the shared data is passed to the application program that issued the instruction.

Abstract: A protected graphics module can send its output to a display engine securely. Secure communications with the display can provide a level of confidentiality of content generated by protected graphics modules against software and hardware attacks.

Abstract: A system for controlling an access authorization and/or driving authorization for a vehicle includes at least one mobile communication device and a control unit in the vehicle that receives and checks authorization data sent from the mobile communication device. The mobile communication device has a data carrier for storing the authorization data. The data carrier has at least one protected storage region for the storage of the authorization data. A database server transfers encrypted authorization data to the data carrier for storage in the protected storage region.

Abstract: A system for detecting phishing includes a phishing detection system that generates census of login pages received in different computers of different end users. An end user computer receives a login page and retrieves census information of the login page, such as from the phishing detection system. The census information indicates a number of different end users who employed the login page to log into their respective online accounts. The end user computer reports the census information to the end user of the end user computer. The end user computer reports the census information in numerical, graphical, or other format. The census information of the login page allows the end user to make an informed decision on whether or not to use the login page.

Abstract: There is provided an information processing device including a public key setter that sets a public key corresponding to a public-key authentication scheme in an access area defined as a given area of an object of access, and a device authentication processor that authenticates access to the access area against a secret key paired with the public key.

Abstract: A computerized method, system for, and computer-readable medium operable to: retrieve program details data about at least one media program. Retrieve social media posts involving the at least one media program. Match the retrieved program details data with the retrieved social media posts to find matching locations. Store time offset data corresponding to the matched locations within the at least one media program into at least one micropost. Rank the at least one media program by the number of microposts corresponding to the at least one media program. Present the at least one media program, each of the at least one media program with at least one micropost, wherein the at least one micropost comprises a link to the original social media page hosting the social media post and a video deeplink that plays a time off-set video, the time off-set video starting from the stored time offset data.

Abstract: Calculating fingerprints for each one of a multiplicity of alignment combinations of fixed-size deduplication data blocks and comparing each of the fingerprints to stored deduplicated data fingerprints in a lookup database for determining a preferred deduplication data block alignment. A deduplication data block comprises each of the fixed-size deduplication data blocks.

Abstract: Methods, systems, and computer programs encoded on a computer storage medium, for distributing content are disclosed, including receiving a request for a content item to be stored for presentation with content of a first application when a client device is offline; in response, generating and transmitting data that causes the client device to store the content item for presentation with the content of the first application when the client device is offline; determining that a second application is installed; determining that the content item is able to be presented with content of the second application when the client device is offline; and in response, generating and transmitting analytics instructions that cause the client device to detect presentation of the content item with each of the first application and the second application and submit data specifying whether the content item was presented with the first application or the second application.

Abstract: A system, method, and computer-readable storage medium having processor-executable instructions recorded thereon is provided for distributing transactional advertisements from a distribution site over a network to online publishers. Transactional data items are rendered by the online publishers, with control elements provided from the distribution site, to control use of the transactional data items on the user terminal.

Abstract: Embodiments for enterprise-specific functionality watermarking and management are provided. A request, originated in response to an attempt to perform an enterprise function on a client device, can be received by at least one computing device over a network, where the enterprise function is associated with a remotely-stored compliance rule. At least one watermark template can be identified from a plurality of available watermark templates based at least in part on the enterprise function, and a communication can be generated that, when received by the client device, authorizes the client device to: perform the enterprise function where at least one resource is generated or modified, and apply the at least one watermark template to the at least one resource such that performing the enterprise function complies with the compliance rule.

Abstract: In one embodiment, a method includes a request that is obtained by a call center system from a customer. The method also includes identifying a first set of experts that includes at least a first expert suitable for, or capable of, processing the request. The first expert is offline with respect to the call center system. An offer task is created and provided to the first set of experts. The offer task identifies the request and initiates the scheduling of a callback to address the request.

Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. Signaling methods are used to notify virtual machine instances of serialization events in order to prevent keying material from being stored persistently.

Abstract: In a general aspect, a method can include navigating, by a browser of a client system, to an online service and detecting, by the browser, access to the online service. The method can further include determining, by a login module of the browser, an association between the online service and a user-application account included in the browser, the association being included in a list of trusted services included in the login module. The method can also include providing, by the browser to the online service, a username and password for authentication by the online service and receiving, by the browser from the online service, an authenticated credential corresponding with the username and password. Responsive to receiving the authenticated credential, the method can still further include logging into the user-application account, by the login module, using the authenticated credential.

Abstract: A trust control management method for security, operable on a computer system generates a unique Trust ID value by combining user-defined values with hardware-specific values associated with the user's computer system and storing the Trust ID value in a memory register physically associated with the hardware of the computer system. A Trust Control Suite (TCS) operable with a server OS/hypervisor maintains a database of user-defined values and hardware-specific values for computer systems clustered in a trusted computing pool. An attestation procedure is performed by the trust control server combining the user-defined values with the hardware-specific values from its database and comparing it to the user-stored Trust ID value stored in the memory register associated with a user's computer system. Depending on whether it is a match or mismatch, the TCS can determine if it is a trusted computer or not, and can take appropriate alerts and policy actions.

Abstract: A system makes it possible to use services offered by a plurality of servers different from one another is realized with the use of a common API. The system includes a plurality of service-offering servers, a client that uses services offered by the plurality of service-offering servers, and an interchange server that performs intermediary processing when the client uses a service. The client performs communication with the interchange server while using a common API when using any service among a plurality of services offered by the plurality of service-offering servers. The interchange server uses a unique API, which is unique to the service-offering server that offers the service selected by the client, to execute a processing sequence that is unique to the service-offering server.

Abstract: The embodiments relate to a method and a test system for testing integrity of property data of a device using a testing device within a network, the devices and their respective property data within the network, such as all the measurement or control device distributed inside an industrial automation system, being taken into account in order to simplify testing of a large number of devices. The various property data are tested for an identity and are labelled, and calculations, which are carried out by the testing device for testing purposes, are initiated on the basis of the labelling. By taking other devices in the system into account, security requirements may be fulfilled during testing and the computational effort for the testing device may also be reduced.

Abstract: Disclosed are various embodiments for functionality watermarking and management. A computing device, such as a user device, can identify a request to perform a function of the computing device where at least one resource is generated. A data store can be queried to identify at least one watermark template from a plurality of available watermark templates and a compliance rule based at least in part on the function of the computing device requested to be performed. A device profile describing a state of the computing device can be generated and communicated to a compliance server over a network. The computing device can obtain an authorization received from the compliance server to permit the performance of the function based at least in part on the device profile.

Abstract: A method, device, and system for conducting trusted payment transactions including establishing a trust relationship between a first mobile computing device and a second mobile computing device. The first mobile computing device may initiate a payment transaction with a point-of-sale device, communicate with the second mobile communication device to retrieve payment information from the second mobile communication device, and complete the payment transaction with the point-of-sale device using the payment information. The second mobile computing device is configured to verify the user and identity of the first mobile computing device prior to providing the payment information. Communications between the mobile computing devices may be encrypted using pre-determined encryption techniques.

Abstract: A monitoring system for a user terminal, wherein the user terminal comprises at least one application for controlling a user transaction or interaction process of the user terminal, the user transaction or interaction process comprising providing content data to a hardware device of the user terminal and outputting the content data to the user by the hardware device, and the monitoring system comprises monitoring means for monitoring the content data and determining a state of the user transaction or interaction process from the content data.

Abstract: One example method for securing data on untrusted devices includes the steps of identifying, by a first process, a command in a command queue, the command from a second process and comprising an action on secure data; determining whether the command is permitted based on the action and a user credential; and responsive to determining the command is not permitted, removing, by the first process, the command from the command queue.

Abstract: Here, we have the following examples: (1) Integrating the NID functionality in to the small foot-print of an SFP Module, with one or more of the features below: a) Mounting a NID SoC IC to an existing SFP Printed Circuit Board (PCB); b) Using the power from the SFP module, without requiring separate external power; c) NID SoC having only 2 ports, each with its own MAC and possibly PHY layer; d) NID SoC having an embedded microprocessor, RAM and ROM; e) Running a Web portal or other remote login and management software on the NID SoC; f) Miniaturizing the NID to make it cheaper, with reduced cost of inventory, shipment, and installation; and/or g) Supporting one or more (multiple of/ many) functions in NID SoC, e.g., OAM or Shaping. (2) Building the NID functionality in a Dongle. Many other examples, configurations, applications, and variations are provided.

Abstract: Provided is a server including: a user authenticating unit that authenticates, using an access token, a user of a user device; a token receiving unit that receives an access token from the user device; and a determination information transmitting unit which, when the access token is received, transmits determination information that enables a determination as to whether or not a remaining time until a time of expiration of the access token is less than a predetermined threshold, to the user device, wherein the user authenticating unit issues a new access token with an updated time of expiration when an issuance request for an access token which is transmitted by the user device having received the determination information is received.

Abstract: An example of information processing system includes a storage device; and an information processing device for performing near field communication with the storage device. The storage device includes a storage unit storing application data usable in a predetermined application program and shared data usable in an application program regardless of whether the application program is the predetermined application program. The information processing system receives an instruction regarding data read and/or data write from/to the storage device from an application program to be executed by the information processing device. Under the condition that the instruction is from the predetermined application program, the application data is passed to the predetermined application program. Regardless of whether the instruction is from the predetermined application program, the shared data is passed to the application program that issued the instruction.

Abstract: A system and method for the dynamic categorization of heterogeneous, regulated enterprise information assets. In one embodiment of the invention a system includes a computer network controlled by an enterprise and a database including a plurality of enterprise data entities. A user interface, through which a plurality of enterprise users may access the enterprise data entities, is also used by the plurality of users to assign user-defined categories to the enterprise data entities. The user interface is configured to enable a plurality of the users to access and assign additional user-defined categories to enterprise data entities having user-defined categories previously assigned by other users.

Abstract: The invention provides Users of Retail Payment and Identification instruments with the ability to review transaction details and approve transaction by capturing UVM in User controlled environment and Issuers of these instruments with the ability to positively authenticate Users in Issuer controlled environment. The invention accounts for real time legacy or non-legacy processing systems to provide an authorization request from POA to Issuer Host. The invention introduces two UPAAS components—User Gateway and User Application. The UPAAS User Gateway is implemented in an Issuer controlled environment enabling interface between Issuer legacy Host and UPAAS User Applications. The UPAAS User Application can be implemented on any device supporting communication protocol such as TCP/IP without any hardware changes enabling the User to login to UPAAS User Gateway, review and approve or decline a specific transaction in real time by entering UVM, such as PIN, for User authentication purposes.

Abstract: An encryption processing method executed by a computer, the method includes converting a first vector using a first polynomial representation to acquire a first polynomial; converting an expression using a second polynomial representation to acquire a second polynomial, the expression being obtained based on a second vector and a random number corresponding to the first vector; converting the random number using at least one of the first polynomial representation and the second polynomial representation to acquire a random number polynomial; encrypting the first polynomial, the second polynomial, and the random polynomial using a homomorphic encryption scheme to acquire the encrypted first polynomial, the encrypted second polynomial, and the encrypted random polynomial; and collating the first vector and the second vector using the encrypted first polynomial, the encrypted second polynomial, and the encrypted random polynomial.

Abstract: A cloud data encryption and security system includes a central computing authority and a network of computing devices. At least some of the computing devices are pod computing devices physically hosted by an operator. The pod computing devices include a central processing unit and a computer readable storage media in data communication with the central processing unit. Data is encrypted in the computer readable storage media so that the owner can access the data but the operator cannot access the data.

Abstract: A method for granting trusted applications (SP1_WL) of a Service Provider (SP1, SP2)access to applications (appSP1.1, appSP1.2; appSP2.1) of that Service Provider (SP1, SP2) that have been stored in a secure element (SE) comprises: the Service Provider (SP1, SP2) transmits a request (REQ1) for granting access to its applications to a Trusted Service Manager (TSM); the Trusted Service Manager (TSM) generates an access right code (AC1) and transmits it to both the Service Provider (SP1, SP2) and a service manager (SM) in the secure element (SE); the Service Provider (SP1, SP2) generates the trusted application (SP1_WL), provides it with the access right code (AC1) and sends it to the secure element (SE); the trusted application (SP1_WL) connects to the service manager (SM) with the access right code (AC1) whereupon the service manager (SM) grants the wallet (SP1_WL) access to the applications (appSP1.1, appSP1.2; appSP2.1).

Abstract: A social networking system allows entities to delegate actions performed on behalf of the entity to social networking system users by assigning one or more roles to social networking system users. Roles may be assigned based on information associated with the entity by the social networking system. Different roles are associated with sets of permissions specifying actions a user associated with a role is authorized to perform on behalf of the entity via the social networking system. Certain permissions of a role associated with the user may be associated with additional users by the user. A persona including a subset of information associated with a user by the social networking system may be created for a user assigned a role, allowing the user to limit information accessible to additional users connected to the persona.

Abstract: A method of three-level hosting infrastructure provides a server computer accessible to users through hosts. The hosting infrastructure includes hosting resources used by the server computer for the benefit of at least a first host. The first host then uses the hosting resources of the server computer and also hosts one or more other hosts, who may use the hosting resources through the first host. The method enables one host to be included into another host. The method enables received content at the hosting infrastructure to be hosted by two or more hosts.

Abstract: Method and system for delivery of personal search services and advertising. The method includes collecting information from the user about the user's personal search engine, including, but not limited to digital content data sources, link crawl depth of those digital content data sources, and time interval to refresh the index of the digital content data sources created. In one embodiment of the present invention users do not pay a fee in return for allowing the provider to present advertising to the user as the user uses the invention. In another embodiment, advertisers purchase advertising display services from the provider to be displayed to specific users.

Abstract: Deploying an encrypted entity on a trusted entity is illustrated herein. A method includes, at a trusted entity, wherein the trusted entity is trusted by an authority as a result of providing a verifiable indication of certain characteristics of the trusted entity meeting certain requirements, receiving an encrypted entity from an untrusted entity. The untrusted entity is not trusted by the authority. At the trusted entity, a trust credential from the authority is used to obtain a key from a key distribution service. The key distribution service is trusted by the authority. The key is used to decrypt the encrypted entity to allow the encrypted entity to be deployed at the trusted entity.

Abstract: Detection of fraud in financial transactions is facilitated. A financial transaction is initiated by a user, and based on the financial transaction, information is obtained by an electronic device of the user. Using the information, the electronic device evaluates a set of rules personalized for the user; the set of rules to be used to determine whether the financial transaction is to be approved for the user. The electronic device provides an initial indication, based on the evaluating, of whether the financial transaction is to be approved.

Abstract: An example of information processing system includes a storage device; and an information processing device for performing near field communication with the storage device. The storage device includes a storage unit storing application data usable in a predetermined application program and shared data usable in an application program regardless of whether the application program is the predetermined application program. The information processing system receives an instruction regarding data read and/or data write from/to the storage device from an application program to be executed by the information processing device. Under the condition that the instruction is from the predetermined application program, the application data is passed to the predetermined application program. Regardless of whether the instruction is from the predetermined application program, the shared data is passed to the application program that issued the instruction.

Abstract: Concepts and technologies are described herein for providing enhanced Completely Automated Public Turing tests to Tell Computers and Humans Apart (“CAPTCHAs”). According to some of the concepts and technologies disclosed herein, a CAPTCHA service may be configured to generate CAPTCHAs enhanced with watermarks and/or other enhancements. The CAPTCHA service may provide the enhanced CAPTCHAs to user services, such as Websites, Web services, and other services that utilize or are capable of utilizing CAPTCHAs as a security feature. The watermarks and/or other enhancements may contain information associated with users of the user services so that the enhanced CAPTCHAs are more difficult to break by unauthorized entities, including automated programs such as “bots.” According to other concepts and technologies disclosed herein, a CAPTCHA breaking service is provided.

Abstract: An IP multimedia gateway (IMG) receives content sharing service profiles generated by a service manager for communication devices that are coupled to the IMG. Content and/or content information that is received for communication to a first device, is communicated to other devices in response to a request. Content sharing profiles comprise permissions, group members, user preferences, device capabilities and security profiles. Content streams communicated to the first device may be shared with a second device based on the profiles. The second device may share additional streams with the first device. The first device or other devices may communicate the request. The content may be received from a service manager network device. The IMG and a communication device that may display the content may be integrated in a set-top-box or digital TV. Login access is enabled to devices for requesting content. Cooperation with other IMGs may enable discovery and/or content communication.

Abstract: One example method for securing data on untrusted devices includes the steps of identifying, by a first process, a command in a command queue, the command from a second process and comprising an action on secure data; determining whether the command is permitted based on the action and a user credential; and responsive to determining the command is not permitted, removing, by the first process, the command from the command queue.

Abstract: Systems and methods for an information repository search system are disclosed. The system receives search criteria from users and associates the search criteria with source information. The source information identifies sources via which the search criteria are being received. The system further maintains counts of instances for the plurality of search criteria in association with the respective source information.

Abstract: Techniques are disclosed for managing a digital certificate enrollment process. A certificate assistant on a server is configured to encode certificate enrollment data in a barcode graphic, such as a quick response (QR) code. A mobile phone application can then scan the barcode graphic using a camera to recover and transmit the enrollment data to a certificate authority. Doing so allows a system administrator (or other user) to complete the certificate enrollment process in cases where the server is blocked from connecting to a certificate authority (CA) directly, e.g., because the server is behind a firewall blocking any outbound network connections from being initiated.

Abstract: A method, device and system for establishing plural modes of operation on a mobile device, including: associating each application on the mobile device with one of a plurality of modes; and restricting access to data on the mobile device to only a subset of applications based on the mode associated for the each application. A system includes connection of an untrusted device to a trusted device and restricting data access for restricted data to a subset of trusted applications on the untrusted device.

Abstract: Information is shared between processing entities that each have a corresponding private data area by placing data corresponding to information for a first one of the private data areas for a first one of the processing entities directly into a second one of the private data areas for a second one of the processing entities without placing the data in an intervening shared data area and without directly invoking a system administrator-like entity. In addition, these private data areas can be pre-populated with a plurality of directories that each have a one-to-one correspondence to a particular predetermined information recipient and then providing a link to a given one of the recipients as corresponds to a given one of the directories when information is placed in that directory to provide the corresponding predetermined information recipient with at least read access to the information.

Abstract: Embodiments of the invention are directed to a system, method, and computer program product for generating a response to a client request. The system typically including a memory, a processor and a module configured to receive a request associated with a service from a client; initiate the presentation of a first user interface, wherein the first user interface enables a user selection of one or more template types; initiate the presentation of a second user interface based on at least a user selection of one or more template types, wherein the second user interface enables a user selection of one or more templates associated with the selected template type; receive a client progress from the user based on at least the selection of the one or more templates to generate a response, wherein the response reflects the status of the request; and transmit the response to the client.

Abstract: Two approaches are provided for distributing trust among certificate authorities. Each approach may be used to secure data in motion. One approach provides methods and systems in which a secure data parser is used to distribute trust in a set of certificate authorities during initial negotiation (e.g., the key establishment phase) of a connection between two devices. Another approach of the present invention provides methods and systems in which the secure data parser is used to disperse packets of data into shares. A set of tunnels is established within a communication channel using a set of certificate authorities, keys developed during the establishment of the tunnels are used to encrypt shares of data for each of the tunnels, and the shares of data are transmitted through each of the tunnels. Accordingly, trust is distributed among a set of certificate authorities in the structure of the communication channel itself.

Abstract: An assignment sharing device includes an assignment-related information storage unit configured to store assignment-related information including assignment information, challenger identification information, assignment approval information, and assignment achievement status information; an assignment information receiving unit configured to receive the assignment information and so forth; an assignment-related information accumulating unit configured to accumulate the assignment information and so forth as a single piece of assignment-related information; an assignment information transmitting unit configured to transmit corresponding assignment information to a challenger; an assignment approval receiving unit configured to receive assignment identification information identifying an assignment approved by the challenger; an assignment approving unit configured to set assignment approval information; and an assignment result information receiving unit configured to receive assignment result information, whi

Abstract: The present invention relates to an information processing system, an information processing apparatus and method, and a program in which the purchase of content can be facilitated. When a device to which content data is downloaded and a device for giving an instruction to purchase the content data are different, a purchase form for purchasing the content data is sent to the device for giving an instruction to purchase the content data. The user ID and password are input into the purchase form, and the device to which the content data is downloaded is determined by the user ID. If the device to which the content data is downloaded cannot be specified because the user registers a plurality of devices, a destination determination form for specifying the device to which the content data is downloaded is sent. The content data is then distributed to the device indicated in the destination determination form. The present invention is applicable to a server for executing processing concerning content data.

Abstract: A vehicle control system is provided that is able to identify a particular driver from other potential drivers, monitor various vehicle functions, and determine if the identified driver repeatedly performs the same behavior upon activation of the car. When the control system determines that the identified driver repeats the same behavior each time the car is activated, the controller learns that behavior and associates it with the identified driver so that the learned behavior can be automatically performed, without driver interaction, when the driver is identified and the car is activated.