Abstract: A method of providing a restricted set of application programming interfaces includes decrypting, by a secure object information reader executing on a computing device, an encrypted data object using information associated with the encrypted data object to generate a decrypted data object, the information received from an access control management system. The method includes intercepting, by a kernel driver executing on the computing device, from a process executing on the computing device, a request to access the decrypted data object. The method includes identifying, by the kernel driver, using the information associated with the encrypted data object, a usage requirement restricting a set of operations available to the process in accessing the decrypted data object. The method includes providing, by the kernel driver, to the process, a restricted set of application programming interfaces with which to interact with the decrypted data object, as permitted by the restricted set of operations.

Abstract: Architecture for providing pre-authenticated information from an endpoint for subsequently authenticating a device and/or user associated with the previously-authenticated information. A pre-authentication module of the architecture can be a trust component as part of an application that facilitates the utilization of user information and/or endpoint information in a media session protocol message to replace information that would otherwise be gathered via a dialog. In the context of IP-based voice communications, a call can be made from a client that is pre-authenticable, and no longer requires that an IP-based telephone interact with the phone user to facilitate sign-on.

Abstract: The invention relates to a method for providing a computerized system which is protected from malicious programs coming from an external source, the method comprises the steps of (a) secretly, and in a manner unknown to authors of external programs, modifying one or more essential elements at the protected system in a manner which causes all running programs to fail, unless they are subjected to a compatible modification which enables them to run properly; and (b) modifying each program at the computerized system which is known to be benign in order to comply with said modification of one or more essential elements, thereby to enable it to be executed properly.

Abstract: For multi-node encryption, a method communicates communication data from a first upstream node to a first downstream node in response to the first upstream node initiating secure communication with the first downstream node. The method further generates a downstream node nonce from communication data exchanged with the first downstream node. The method generates a first downstream message transformation as a function of the downstream node nonce. The method receives a request encrypted with the first downstream message transformation through the first downstream node. The method communicates the upstream message transformation encrypted with the first downstream message transformation through the first downstream node to the destination node in response to the request. In addition, the method generates a tunnel transformation at the destination node as a function of one or more upstream message transformations and the first downstream message transformation.

Abstract: A system and method for obtaining an authorization key to use a product utilizes a secured product identification code, which includes a serial number and at least one code that is generated based on a cryptographic algorithm.

Abstract: According to an embodiment, a communication control device includes an acquisition unit, first and second authentication units, an output unit, and a connection permission unit. The acquisition unit acquires first authentication information for authenticating a communication device during initialization, via a first communication unit, from a terminal device that acquires and decodes encoded first authentication information. During initialization, the first authentication unit executes a connection authentication of the communication device via a second communication unit, based on the first authentication information. When the authentication is successful, the output unit encrypts second authentication information different from the first authentication information, and output the encrypted second authentication information to the communication device.

Abstract: The invention relates to a method and system for watermarking in a content providing system having multiple parties. A first party system selects a first party watermark by selecting a watermarked copy of at least one first content element of the content elements. A second party system selects a second party watermark by selecting a watermarked copy of at least one second content element, different from the at least one first content element, of the content elements. Watermarked content is delivered to an end user device, the watermarked content containing the watermarked copy for the first content element selected by the first party system and the watermarked copy for the second content element selected by the second party system such that the watermarked content contains the first party watermark and the second party watermark.

Abstract: Data can be serialized in such a manner as to facilitate later delta encoding, even when the serialization is performed using a lossy compression algorithm or an algorithm in which portions of the serialized data are encoded relative to other portions which may be modified. This can be achieved by approaches including preserving keyframe information across modified versions of a file, duplicating information from a previously created compressed file when serializing a later version, or adding change information showing differences between versions of a file during the serialization process.

Abstract: Methods and apparatus are provided for securing device-to-device communications. A method can comprise: at an access network apparatus, obtaining from a core network apparatus and storing a first key shared between a first user equipment and the core network apparatus for device-to-device communications of the first user equipment; receiving from a second user equipment, a request for generating a second key for a device-to-device communication between the first user equipment and the second user equipment; in response to the request, generating the second key based on the first key and security parameters; and sending the second key to the second user equipment.

Abstract: Disclosed are systems and method for generating a set of antivirus records to be used for detection of malicious files on a user's devices. An exemplary method includes maintaining, by a server, a database of malicious files; generating, by the server, at least one antivirus record for each malicious file; calculating an effectiveness of each antivirus record by determining how many different malicious files were detected using each antivirus record; generating a set of most effective antivirus records; and transmitting, by the server, the set of most effective antivirus records to a client device.

Abstract: Improved methods and systems for granular opportunistic locking mechanisms (oplocks) are provided for increasing file caching efficiency. Oplocks can be specified with a combination of three possible granular caching intentions: read, write, and/or handle. An oplock can be specified with an identifier that indicates a client/specific caller to avoid breaking the original oplock due to an incompatibility from other requests of the same client. An atomic oplock flag is added to create operations that allow callers to request an atomic open with an oplock with a given file.

Abstract: A method for encrypting a database includes the following step. Keywords in the database are encrypted to obtain encrypted search tags for the keywords. A table of reverse indices is generated for the encrypted search tags. A table of cross keyword indices is generated. A method for searching in an encrypted database includes the following steps. A search is formulated as a conjunct of two or more atomic search queries. One of the conjuncts is selected as a primary atomic search query. Search capabilities are generated for a secondary atomic search query using the primary atomic search query and the secondary atomic search query. Such methods mask query data and the actual composition of the database to reduce computation complexity and privacy leakage.

Abstract: The redaction process/system operates on temporarily captured/saved audio file during an agent-customer-call center (CC) call. Voice-based audio data is captured and processed by monitoring data input from CC-agent into a defined data field (field in a CC-agent-presented form). The redact process generates a start-record time based upon initial data input into the field and further generates an end-of-recording (“EOR”) time for the field. The audio file is filtered and segments are permanently saved audio data (A-data) bounded by the start-record and EOR times. Thereafter, all stored audio data is deleted (preferably crypto-shredded) except the saved A-data to substantially eliminate retrieval of initially stored audio data. An IVR process can be used to trigger record ON/OFF instructions. Audio file segments can be trimmed with precursive and successive time periods to move the start and end times of the audio segments. System Operator sets time-trim periods.

Abstract: Systems and methods provide for scaling and management of a gateway. In one embodiment, a method includes: in response to a request from a client device, establishing, by a computer system implementing a gateway to a private network, a network tunnel between the client device and the gateway; and after establishing the network tunnel, starting a separate firewall service with a separate set of firewall rules on the computer system for selectively blocking and allowing network traffic between the client device and one or more network devices in the private network.

Abstract: The invention is a method for loading data into a portable secure token comprising a plurality of security domains. A first security domain comprises a first administration agent and a second security domain comprises a second administration agent. A remote application server comprises a first data to be provided to the second administration agent. A syndication server, which is distinct from the remote application server, contains a list which comprises a reference to the first data. The list is sent in response to a polling request that is sent by the first administration agent. This list is comprised in a polling response which is sent by the syndication server.

Abstract: Described is a method of assigning a network address to a trap, the network address being a dark address of a virtual private network. The network traffic destined for the network address is monitored and a classification of the network traffic is determined. After the classification, a predetermined response is executed based on the classification of the traffic.

Abstract: A method of sharing secure content in a group may include receiving a one-time pad (OTP) key. The method may include encrypting content using the OTP key. The encrypting may include generating intermediate codes from the content and the OTP key. The encrypting may also include adding a first common constant to each of the intermediate codes to generate a corresponding encrypted code that includes a predetermined number of digits. The method may include sending encrypted content that includes encrypted codes corresponding to the intermediate codes.

Abstract: A method in a User Equipment (UE) of an Evolved Packet System (EPS) establishes a security key (K_eNB) for protecting Radio Resource Control/User Plane (RRC/UP) traffic exchanged with a serving eNodeB. The method comprises sending a Non-Access Stratum (NAS) Service Request to a Mobility Management Entity (MME), the request indicating a NAS uplink sequence number (NAS_U_SEQ). The method further comprises receiving an indication of the NAS_U_SEQ of the NAS Service Request sent to the MME, back from the MME via the eNodeB. The method further comprises deriving the K_eNB from at least the received indication of the NAS_U_SEQ and from a stored Access Security Management Entity-key (K_ASME) shared with said MME.

Abstract: A mechanism is provided for sensor sharing control dynamically. One or more sensor use permissions are received from one or more sensor provider terminals. For each sensor use permission, a sensor use permission is recorded in an authorization policy thereby forming a set of authorization policies. A use request is recorded for sensor use request information received from a sensor user terminal in a request policy. A search is performed for any authorization policy in the set of authorization policies that matches the request policy. Responsive to identifying the authorization policy that matches the request policy, a list of sensors included in the sensor use permissions of an authorization policy that matches the request policy is created. The list of sensors is transmitted to the sensor user terminal, where the search is performed again dynamically when the request policy or one of the set of authorization policies is changed.

Abstract: A convenient, easy to use ubiquitous secure communications capability can automatically encrypt and decrypt messages without requiring any special intermediating security component such as gateways, proxy servers or the like. Trusted/secure applications for the mobile workforce can significantly improve productivity and effectiveness while enhancing personal and organizational security and safety.

Abstract: System and method embodiments are provided for content encryption in a key/value store. The embodiments include encrypting both the key and value of client data blocks for storage so that the data can be retrieved reliability without compromising the key. An embodiment method includes obtaining a key from a data block comprising the key and a value, encrypting the key using a deterministic encryption algorithm with an encryption key to map the key to a cypher text in a one-to-one mapping, and encrypting the value using a second encryption algorithm to randomly map the value to a second cypher text. Encrypting both the key and the value provides more protection to the client data instead of encrypting only the value and leaving the key vulnerable without encryption. The encrypted key can also be protected from unauthorized access and from the owner of the database or the storage system.

Abstract: A data selection method for reducing the decoding computational complexity of a vehicle-to-X communication system. The communication unit is used to transmit and receive vehicle-to-X messages, wherein the vehicle-to-X messages each include at least one useful data portion and at least one header data portion, wherein the at least one header data portion in each case is transmitted in uncoded form, and wherein the at least one useful data portion in each case is transmitted in coded form. The received vehicle-to-X messages are weighted into at least two categories on the basis of the at least one header data portion in each case, wherein the at least one useful data portion in each case is decoded on the basis of the weighting.

Abstract: Methods and systems for delivering a segmented content item from a server to a first and second device are provided. A first key is used to encrypt the segmented content item into a first plurality of encrypted segments and a second key is used to encrypt the segmented content item into a second plurality of encrypted segments. The first and second keys are different. The first plurality of encrypted segments is delivered to the first device, and the second plurality of encrypted segments is delivered to the second device.

Abstract: A system includes a server connectable to a client, the server configured to allow the client to acquire a message of an index designated by the client among N messages held by the server where N is an integer of two or more. The server includes a classification unit configured to classify the N messages into M classified messages by contents of the messages; a message encryption unit configured to encrypt each of the M classified messages; a message provision unit configured to provide the M encrypted classified messages to the client; and a key sending unit configured to send the client, by oblivious transfer, a message key for decrypting the classified message corresponding to the message of the index designated by the client.

Abstract: Provided is an information reconciliation method in a quantum key distribution system between a transmitter and a receiver, which includes receiving a parity bit from the transmitter through a quantum channel, correcting an error of a receiver quantum key by using the received parity bit, and removing a residual error of the receiver quantum key through an open channel by using a cascade protocol to harmonize the receiver quantum key with a transmitter quantum key, wherein the parity bit is generated at the transmitter by using turbo codes. This method may enhance quantum key generation efficiency.

Abstract: Provided is a remote terminal device having an industrial versa module eurocard bus (VMEbus) structure and including a main module that receives control logic information of a field device from an input/output module, and a programmable logic controller (PLC) function module that receives the control logic information from the main module, performs a logic corresponding to the control logic information, and outputs a result of the performed logic. The PLC function module includes a dual port RAM including a plurality of memory areas, and a PLC chip that reads the control logic information written on one of the plurality of memory areas, performs the logic corresponding to the read control logic information, and outputs the result of the performed logic to another one of the plurality of memory areas.

Abstract: An apparatus and computer-implemented method comprise providing an algorithm to a client device comprising a processor, a memory, and a user interface comprising a display and an input mechanism, displaying on the display a supported document comprising a supported data item data item, receiving an instruction for the supported data item to associate supporting document information to the supported data item, providing a data entry mechanism at which the supporting document information can be specified, receiving the supporting document information; and attaching the supporting document information in a persistent manner to the supporting data item.

Abstract: According to this disclosure, a proxy server is enhanced to be able to interpret instructions that specify how to modify an input object to create an output object to serve to a requesting client. Typically the instructions operate on binary data. For example, the instructions can be interpreted in a byte-based interpreter that directs the proxy as to what order, and from which source, to fill an output buffer that is served to the client. The instructions specify what changes to make to a generic input file. This functionality extends the capability of the proxy server in an open-ended fashion and enables it to efficiently create a wide variety of outputs for a given generic input file. The generic input file and/or the instructions may be cached at the proxy. The teachings hereof have applications in, among other things, the delivery of web content, streaming media, and the like.

Abstract: Embodiments regard security descriptors for record access queries. An embodiment of a method includes: receiving a record access query, the query regarding records for a certain one or more users, groups, or both at a certain access level; searching one or more sharing tables of entities in a computing environment for security descriptors, each security descriptor being associated with a set of one or more users, groups, or both having access to one or more records of a set of records at an access level; identifying any security descriptors in the one or more sharing tables that relate to the certain one or more users, groups, or both with at least the certain access level; and searching the one or more records associated with each of the identified security descriptors according to the record access query.

Abstract: Systems, methods, and non-transitory computer readable media are provided for maintaining local virtual states pending server-side storage across multiple devices and users and intermittent network connections. In exemplary embodiments, content added by a user to his or her account locally on a user device may be displayed, and all interactivity therewith may be facilitated, as if the content had already been created on the content management system. In content management system applications that support shared virtual spaces, changes made by the user from his or her user device to the shared virtual space (including creation of a new shared virtual space) may be displayed locally as soon as the change has been made, not waiting for the information to be transmitted to the server or its state to be made consistent with that of the mobile device.

Abstract: A non-transitory computer-readable storage medium may comprise instructions stored thereon that, when executed by at least one processor, are configured to cause an intermediary server to at least receive, from a first client device, a first login request via a first browser installed on the first client device, the first login request identifying a user account, receive, from a third-party server, a message request, the message request including an identifier and indicating a browser application or a browser extension, map the identifier to the user account, determine whether the user account has installed the browser application or browser extension, and if the user account has installed the browser application or browser extension, send a first message to the first browser based on the message request.

Abstract: A trusted device includes a secure interface and a host interface, the secure interface being isolated from the host interface by an isolated environment. A user provides a communication to the trusted device via the secure interface. A processor of the isolated environment encrypts the communication and transmits the encrypted communication to a read file of the host interface. A host device connected to the trusted device via the host interface receives the encrypted communication. The host device transmits the encrypted communication to a second host device that is connected to a second trusted device via a second host interface. The second host device transmits the encrypted communication to a write file of the second host interface. A processor in an isolated environment of the second trusted device decrypts the communication and provides the decrypted communication to a second user via a secure interface of the second trusted device.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method and an apparatus of a server in a communication system are provided. The method includes receiving identifier information of a user equipment (UE), obtaining, if an error is detected for a first authentication key corresponding to the identifier information, information on a second authentication key for authenticating the UE, and authenticating the UE based on the information on the second authentication key.

Abstract: Provided is a certificate issuing system including a client terminal and a server device. The client terminal derives a first hash value from a first random number using a unidirectional function, generates a secret key and a public key of the client terminal, and transmits the first hash value and the public key of the client terminal to the server device. The server device receives the first hash value and the public key of the client terminal from the client terminal, stores the first hash value, authenticates the client terminal on the basis of the stored first hash value and the derived first hash value, generates a client certificate on the basis of the public key of the client terminal and a secret key of the server device when the authentication succeeds, and transmits the client certificate to the client terminal.

Abstract: Media content is managed by defining a list of authorized recipients in a network accessible security information repository, recording media content at a client device, obtaining the list of authorized recipients at the client device, associating at least one of the authorized recipients with the media content, and transmitting the media content along with information identifying the at least one of the authorized recipients associated therewith from the client device to a network accessible media repository for storage therein. The media content includes audio, video, and/or image content.

Abstract: Technologies for providing electronic security to a first network are disclosed. The system may include a user equipment, a gateway device configured to mediate communication between a first network and a second network for the user equipment, and an electronic security device communicatively coupled to the gateway device. The electronic security device may include a gateway interface module configured to assume an identity associated with the gateway device, a network interface module configured to present the identity to the second network, and a traffic inspection module configured to monitor traffic without substantially affecting a topology of the first network, wherein the electronic security device is configured to identify undesirable traffic; and implement a security policy.

Abstract: The present invention relates to a vehicle communication system and method used when transmitting and receiving driving information of a vehicle to and from surrounding vehicles. According to the present invention, a host vehicle may transmit and receive driving information to and from its surrounding vehicles to find out information about a position, a speed, a driving direction, etc., thereby decreasing traffic accident risk. However, transmission and reception of the driving information may not be smoothly performed depending on surrounding communication conditions. The present invention provides a communication congestion control device and method for smoothly performing data transmission and reception between vehicles depending on surrounding conditions, by setting a time frame variably depending on surrounding communication conditions and transmitting data on the basis of the changed time frame.

Abstract: A system and method are disclosed for one-stop shopping for health-care services and related needs. The one-stop shopping system and method provide objective information for the system enrollee to assess and decide on health-care insurance and services. The system and method provide this objective information in a way that is easily accessible by system enrollees in an economical and rapid manner.

Abstract: An example of the present invention is a method of transmitting encrypted user data to a mobile terminal in a wireless telecommunications network. The method comprises sending to the mobile terminal a data packet. The data packet comprises both an identifier of encryption information to be used in recovering encrypted user data, and user data encrypted using the encryption information.

Abstract: A graphical user interface includes objects for controlling privacy settings specific to particular user data corresponding to charitable giving. Graphically depicted sharing zones each represent a privacy setting. An information container represents particular user data. The user may drag and drop the information container between sharing zones to control privacy of the user data represented by the information container.

Abstract: A system, a method, and an apparatus are disclosed. In an embodiment, a system includes a host processor with a communications unit, a memory coupled to the communications unit, and a coprocessor coupled to the communications unit. The memory may include at least a first area and a second area. The coprocessor may be configured to request access to the first area of the memory via the communications unit. The communications unit may be configured to verify an identity of the coprocessor, and grant access to the first area of the memory responsive to a positive identification of the coprocessor.

Abstract: Embodiments of the present invention include a method for configuring a femtocell. In one embodiment, the method includes identifying a cellular device within near-field communication range of the femtocell. The method identifies a carrier network associated with the cellular device and automatically configures the femtocell to operate on the carrier network associated with the cellular device.

Abstract: Technologies for utilizing trusted messaging include a local computing device including a message client and a local trusted message module established in a trusted execution environment. The local trusted message module performs attestation of a remote computing device based on communication with a corresponding remote trusted message module established in a trusted execution environment of the remote computing device. The local trusted message module further exchanges, with the remote trusted message module, cryptographic keys in response to successful attestation of the remote computing device. The message client forwards outgoing messages to the local trusted message module and receives incoming messages from the local trusted message module.

Abstract: An image forming apparatus having a firmware update technology that realizes updating of firmware using an encrypted file and reduces a downtime using a differential update. When a first update instruction to perform an update using a first firmware including an encrypted plurality of files is accepted, a content list file is downloaded from an external apparatus, an update file to be updated is identified based on the content list file, and the identified update file is further downloaded from the external apparatus. Then, the update file is decrypted and installed in the image forming apparatus. When a second update instruction to perform an update using a second firmware including an encrypted plurality of files and content list files is accepted, the second firmware is downloaded in a single batch from the external apparatus. Then, the second firmware is decrypted, and the plurality of files is installed in the image forming apparatus.

Abstract: A device and its operations are described herein. In some examples, the operations can include executing a first application within a first operating system domain of a device, the first application associated with at least a first activity view. The operations can further include detecting user input associated with the first application. The user input is associated with activating a second activity view of a second application. The operations can further include determining that the second application corresponds to a second operating system domain of the device. The operations can further include establishing a first proxy link within the first operating system domain that corresponds with a second proxy link within the second operating system domain. The first proxy link is associated with causing the second proxy link to invoke the second activity view of the second application within the second operating system domain.

Abstract: The present system and method pertain to the detection of malicious software and processes such as malware. A cloud security policy system receives hashes and behavioral information about applications and/or processes executing on user devices. The cloud security policy system records this information and then evaluates the trustworthiness of the hashes based on the information received from the user devices to provide a security policy for the applications and/or processes. The security policy is sent from the cloud security policy system to user devices to be applied by the user devices.

Abstract: Described are a system and method for presenting security information about a current site or communications session. Briefly stated, a browsing software is configured to receive a certificate during a negotiation of a secure session between a local device and a remote device. The certificate includes security information about a site maintained at the remote device. The security information is displayed to a user of the browsing software in a meaningful fashion to allow the user to make a trust determination about the site. Displaying the security information may include presenting a certificate summary that includes the most relevant information about the certificate, such as the name of the owner of the site and the name of the certificating authority of the certificate.

Abstract: Disclosed herein is a method for enforcing policy compliance on a device that includes detecting a compliance action associated with an electronic device. The compliance action initiates verification that the electronic device is in compliance with a policy. The method also includes sending configuration information for the electronic device to a compliance authenticator in response to the compliance action. The compliance authenticator verifies that the configuration information complies with a policy. Further, the method includes receiving an authentication certificate in response to the compliance authenticator verifying the configuration information complies with the policy. The authentication certificate expires after a predetermined period of time.

Abstract: The present invention provides methods, devices and systems for using and invoking an Oauth API.

Abstract: An on-vehicle apparatus transmits first license request information to content to be purchased, to a server, and receives content data, to which a first license issued by the server based on the first license request information is added, from the server. The server transmits the content data, to which the first license is added based on the first license request information, to the on-vehicle apparatus, transmits second license request urging information to a communication terminal based on driving end notification information, and issues a second license to the content data based on the second license request information. The communication terminal transmits driving end notification information to the server based on determination that driving of a vehicle having the on-vehicle apparatus mounted thereon is ended, and transmits second license request information according to the second license request urging information to the server.