Abstract: A data statistics method and an apparatus thereof, the method comprises: receiving, by a first processor of the cooperative data party, data identifiers corresponding to pieces of first data for the data statistics and corresponding encrypted data from the statistical data party; determining, by the first processor, an identifier intersection according to data identifiers corresponding to pieces of second data of the cooperative data party and the received data identifiers corresponding to the pieces of first data; performing, by the first processor, statistical processing on encrypted data corresponding to common data identifiers in the identifier intersection to obtain encrypted statistical values; and sending, by the first processor, the encrypted statistical values to a second processor of the statistical data party to enable the second processor to perform decryption on the encrypted statistical values and obtain the statistical values.

Abstract: The web cookie data specifying a web cookie associated with an encoded domain is received. An identifier of an original domain corresponding to the encoded domain is determined. The web cookie data is stored in a stored web cookie in a manner that associates the web cookie data to the original domain but the stored web cookie is scoped to a domain scope that includes the encoded domain.

Abstract: A management device includes a storage management unit configured to store, in a storage unit in accordance with a priority, a plurality of pieces of transmission data having corresponding time information among a plurality of pieces of transmission data generated by dividing a plurality of pieces of content data each encoded for a channel.

Abstract: An agent application executing on a client device retrieves an execute command from a command queue managed by a server and retrieves certificates and configuration settings for establishing a virtual private network (VPN) connection. An enrollment application resident on the client device executes in response to the execute command to modify a network setting of a network interface card (NIC) of the client device and establish a VPN connection with a domain controller located within the corporate domain using the certificate and configuration settings. The enrollment application further transmits a request over the VPN connection to the domain controller to join the corporate domain, wherein a corporate account in a directory service is established for the client device; reverts back to the prior network setting of the NIC and terminates the VPN connection and reboots the client device.

Abstract: A system incorporates a managing server executing software on a processor, game servers serving video games, a plurality of network-connected mobile computerized appliances in use by persons to play games served by the game servers; and software executing on processors of the computerized appliances. Software at the computerized appliances provides interactive interfaces, enabling a first player launch a chat session through the managing server with one or more other players, enabling any one of the players in a chat session to associate a game served by one of the one or more game servers with the chat session, and enabling players in the chat session to enter the game associated with the chat session, and to leave the game and return to the chat session.

Abstract: The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates Beyond 4th-Generation (4G) communication system such as Long Term Evolution (LTE). The various embodiments of the present invention disclose a method of secured transmission and reception of discovery message in device to device (D2D) communication system. According to one embodiment, a transmitting user equipment (UE) receives a ProSe group key (PGK) from a Prose function to perform a D2D communication in a D2D public safety group. The transmitting UE then derives a ProSe traffic key (PTK) using the PGK for transmitting data packets in the D2D communication. Using the PTK, the transmitting UE further derives a Prose integrity protection key (PIK) for securing a discovery message to discover one or more receiving UEs. The transmitting UE transmits the integrity protected discovery message using the derived PIK to the receiving UE.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for secure data transmission using natural language. One of the methods includes: obtaining sensitive information for a user; obtaining a natural language key for the user, wherein the natural language key for the user includes one or more natural language tokens; generating decoding data for the sensitive information for the user, wherein generating the decoding data comprises: for each place in the sensitive information for the user: assigning a respective one of the natural language tokens in the natural language key for the user to the value at the place, and generating one or more respective dummy natural language tokens for each value of the respective set of possible values for the place other than the value at the place; and providing the decoding data for use in decoding the natural language key into the sensitive information.

Abstract: Systems and methods for automating client-side synchronization and discovery of public keys and certificates of external contacts include a key synchronizer at a client device. The key synchronizer obtains, from the client device, an external contact associated with an external domain outside of a local domain of the client device and then identifies, based on the external domain, a public key registry outside of the local domain. The key synchronizer obtains, from the public key registry, a registry-supplied public key or digital certificate for the external contact and then stores the registry-supplied key as a locally-stored key in the local key store such that the client device can obtain and apply the locally-stored key to secure an email targeting the external contact as a recipient of the email.

Abstract: A method is provided that protects electronic Identity information based on key derived operation. The method includes using an electronic Identity server to send an application derived identifier of the application and user electronic Identity code to a host security module that randomly generates an application master key, encrypts the application derived identifier with the application master key, and gets an application encryption key. The host security module encrypts the user electronic Identity code with the application encryption key, and gets an encryption document. The electronic Identity server codes the encryption document and an application identity code, and gets an application electronic Identity code. The electronic Identity server uses the application electronic Identity code as the user identifier.

Abstract: Systems, devices and automated processes detect piracy of broadcast television signals through selective delay of decrypted code words that are used to render satellite or other received television signals. Smart cards or similar access control hardware are programmed to selectively delay delivery of cryptographic code words based upon the identity of the receiver device. The delayed delivery of the code words produces intentional glitches in the content rendered by the receiver, thereby allowing viewers of the rendered content to ascertain the identity of the device.

Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

Abstract: Various methods for detecting a man-in-the-middle (MITM) during HTTPS communications are disclosed including, in some aspects, establishing a TCP connection for the retrieval of a web page from a domain name using an alternate IP address that is different from the IP address of the target domain where receipt of the target web page in response to a HTTP GET message indicates that a MITM is present, using a domain name as the SNI in a TLS connection and an alternate domain name in a HTTP GET message where receipt of a target web page of the alternate domain name indicates that a MITM is present, and generating an alternate domain name using a domain generation algorithm and using the generated alternate domain name as the SNI in the TLS message where receipt of a certificate for the generated alternate domain name indicates that a MITM is present.

Abstract: The method comprising: a) receiving, by an encoding module computer device (103), from a user (100), a message (101) including a content to be encoded; b) generating, by the encoding module (103), a generated encoding (104) of the content of the provided message (101) using encoding information (112); c) sending, by the encoding module computer device (103), the generated encoding (104) to a reception module computer device (106) and verifying, by the reception module computer device (106), that the generated encoding (104) corresponds to the encoding of the content of the message (101) by using a generated verification information (105) and public information (107), wherein the at least one code (102) having a cryptographic relationship with the public information (107) and the message (101), and the public information (107) and the message (101) having a cryptographic or a public relationship.

Abstract: A digital rights management (DRM) method for an intelligent operating system comprises: acquiring a play list of media data to be played and encrypted media data; inquiring and acquiring one or more DRM application modules, wherein the DRM application module contains an identifier of a trusted application module; requesting DRM authorization by the DRM application module from a DRM server, judging a content permission and acquiring an encrypted content encryption key (ECEK) and transmitting the ECEK to a TEE; after judging that the content permission is legitimate; decrypting the ECEK acquired by the trusted application module which is in the TEE and corresponds to the trusted application module identifier to acquire a content encryption key (CEK), and decrypting the encrypted media data by using the CEK; and storing the decrypted media data in a security cache region for decoding and outputting.

Abstract: A first service submits a request to a second service on behalf of a customer of a service provider. The request may have been triggered by a request of the customer to the first service. To process the request, the second service evaluates one or more policies to determine whether fulfillment of the request is allowed by policy associated with the customer. The one or more policies may state one or more conditions on one or more services that played a role in submission of the request. If determined that the policy allows fulfillment of the request, the second service fulfills the request.

Abstract: Operational facets of a compressor are controlled from a remotely-located computer. Data from the compressor is automatically collected at a first data store every first time increment of a first time period. Portions of the data from the first data store are automatically collected at a second data store every second time increment of each first time period. The second time increment is greater than the first time increment, and the portions of the data are collected for a second time period which is greater than the first time period. Successful verification of user authentication data collected at the computer causes automatic generation of an image of application icons at the computer to enable the computer as an input device for controlling the compressor and selections of routines available at an analytics visualization generator that uses data from the second data store.

Abstract: Provided is an electric pipette system, including: an operating condition receiving milt configured to receive an operating condition of a manipulation operation to foe occur next; a suction/discharge operating unit configured to perform at least any one of a suction operation and a discharge operation of a liquid by an electric pipette based cm the operating condition; an information collecting unit configured to collect various types of information during the suction operation or the discharge operation of the liquid; and an information recording unit configured to record the information.

Abstract: Static analysis is applied to unrecognized software objects in order to identify and address potential anti-sandboxing techniques. Where static analysis suggests the presence of any such corresponding code, the software object may be forwarded to a sandbox for further analysis. In another aspect, multiple types of sandboxes may be provided, with the type being selected according to the type of exploit suggested by the static analysis.

Abstract: A zombie server can be detected. Detecting a zombie server can include receiving, at a server, network traffic and calculating a percentage of the network traffic as being productivity software layer 7 protocols every first time interval. Detecting a zombie server can also include marking the server as a zombie server based on the percentage every second time interval and processing the network traffic at the server to perform a number of actions by the productivity software.

Abstract: Systems and methods for secure team-based communication on existing wireless mesh networks are disclosed. In an example network with multiple network nods, a headend system designates a first network node and a second network node as a sub-group of nodes, generates a sub-group encryption key that is unique to the sub-group of nodes, and transmits the sub-group encryption key and the sub-group node list and to the first node and the second node. The first node encrypts an application layer message with the sub-group encryption key and sends the message to the second node. The second node decrypts the application layer message with the sub-group encryption key and performs an action based on the message.

Abstract: A method in the embodiments of the present invention includes: when the wearable device receives an instruction of a user or an electronic device, obtaining, by the wearable device, an image that includes access information of a Wi-Fi network; and analyzing, by the wearable device, the image, obtaining the access information of the Wi-Fi network, and sending the access information of the Wi-Fi network to the electronic device, so that the electronic device accesses the corresponding Wi-Fi network according to the access information of the Wi-Fi network; or sending, by the wearable device, the image to the electronic device, so that the electronic device accesses the corresponding Wi-Fi network according to the image. The present invention is applied to a procedure of accessing a wireless network.

Abstract: An optimized approach to whitelisting includes, at a domain name service server, determining whether a first domain and a second domain resolve to a same Internet Protocol (IP) address, and in response to a request from a domain name service proxy as to whether the first domain resolves to an IP address shared by another domain, notifying the domain name service proxy that the first domain resolves to an IP address shared by another domain. The method further includes the domain name service proxy receiving from the domain name service server a response that indicates that the first domain resolves to an IP address shared by another domain, and storing, in memory, the IP address and an indication that the IP address is shared by another domain. A data flow associated with a shared IP address is subjected to further scrutiny even if the IP address is on a whitelist.

Abstract: A computing system controls access between components. A token issuer issues an access token to a requesting component, that is requesting access to a requested service component, based at least in part on an access policy. The requesting component sends the token to the requested service component, which includes a token authentication module that validates the access token and authorizes the requesting component to access a requested service component, and receives the authorization to access the requested service component.

Abstract: A method and system for managing an electronic mail. A command list of a communication electronic mail transmission protocol is partitioned into command sub-lists using recursive parameters appearing in the command list prior to the partitioning of the command list. Each recursive parameter is a command that is repeated in respective command sub-lists as a result of the partitioning. Each command sub-list includes at least one command pertaining to a receiver or sender of the electronic mail. Each command sub-list is individually selectable for subsequent use of the at least one command in a subsequently selected command sub-list in implementing the electronic mail. A selection of at least one of the command sub-lists viewable in a user interface is received. Each command of the at least one command specifies a respective aspect of how to implement the electronic mail in a subsequent implementation of the electronic mail.

Abstract: A remote user sends a user request to a relay server that, in turn, forwards the user request (modified or unmodified) through a reverse session-origination (RSO) tunnel to an on-premises network client. In other words, while the user requests flow from outside the client network to the client network, the requests of the delivery protocol for the tunnel flow in the reverse direction, i.e., from the client network toward the relay server and/or the remote user. A server agent, executing client side, generates delivery-protocol requests so that the server can wrap user requests in delivery-protocol responses. In addition, the server agent unwraps user requests and forwards them to their intended destination in the client network. To minimize any time the server would have to wait for a delivery-protocol request, the server agent can generate dummy requests whenever no delivery-protocol request is pending at the server.

Abstract: Disclosed embodiments relate to decentralized and scalable trust among a plurality of decentralized applications. Techniques include receiving, at a first decentralized application, a signature associated with a first public key, receiving data representing one or more permissions specified by a trusted root application and signed by the trusted root application, signing a second public key associated with a second decentralized application, signing data representing one or more permissions specified by the first decentralized application, and providing the signature associated with the second public key and the signed data representing one or more permissions specified by the first decentralized application, in order to thereby provide trust between the first decentralized application and the second decentralized application.

Abstract: Disclosed are a method and apparatus for implementing security of broadband bus architecture in industrial internet field. The security of the access process can be guaranteed by encrypting data transmitted between the bus terminal and the bus controller; the operation of the entire system can be prevented from threat of abnormal data by performing security detection on the acquired data; it can be easy to treat abnormal conditions of the transport rule by the bus controller by monitoring and reporting the transport rule of the data flow over the bus by a bus terminal; and the reliability of the transmission process may be improved by interleaving the to-be-sent data at the bus controller and the bus terminal; the time delay of the data transmission resulting from the addition of the interleaving processes can also be reduced to have high transmission rate.

Abstract: A communication apparatus that transmits a challenge code on the basis of a received request signal and performs authentication of an authentication target apparatus transmitting the request signal on the basis of the challenge code and a response code generated on the basis of the challenge code includes a control unit configured to perform a predetermined fail-safe process when a request signal is received a set number of times or more from the authentication target apparatus before completion of the authentication after the transmission of the challenge code.

Abstract: An electronic device displays a messaging user interface of a messaging application, including a conversation transcript of a messaging session between a user of the electronic device and at least one other user, and an application affordance. While displaying the messaging user interface, the device detects an input that activates the application affordance. In response to detecting the input that activates the application affordance, the device concurrently displays a launch icon for an application store and a plurality of launch icons for interactive applications. The device detects an input that activates the launch icon for the application store; in response to detecting the input that activates the launch icon for the application store: the device ceases to display the messaging user interface, and displays an application store user interface, including display of at least one interactive application available for download to the electronic device.

Abstract: A user device may request access to a service provided by an application server. The application server may request that an identity server authenticate the user device. The identity server may have a network authentication system assist with the authentication of the user device. Once authenticated by the network authentication system, the application server may be informed and may grant the user device access to the requested service. Additionally, the identity server may help determine whether the user device is a security threat by comparing user information from the network authentication system with user information from the application server. Additionally, the network authentication system may provide the application server with user information to enable the application server to automatically register the user device for a particular service.

Abstract: An application server sends a public key from an asynchronous key-pair to a user system to encrypt a user encryption secret that forms part of a first encryption key. The application server uses a second encryption key provided by a key derivation server to encrypt a private key from the asynchronous key-pair. The application server then deletes the second encryption key to prevent decryption of the user encryption secret received from the user system. The application server receives the encrypted user encryption secret from the user system and sends a request to the key derivation server to re-encrypt the user encryption secret. The key derivation server uses a key encryption secret to generate the second encryption key and decrypt the private key. The key derivation server uses the decrypted private key to decrypt the user encryption secret and then re-encrypts the first encryption secret to prevent decryption by the application server.

Abstract: Techniques described herein leverage a trusted entity within a domain to enable devices to establish trust with one another so they can securely discover each other and connect to one another. In various examples discussed herein, a device is configured to provide trust information to, and/or receive trust information from, the trusted entity. The trust information may include, for example, a public key of an encryption key pair, a certificate signed by the trusted entity proving authenticity, and/or a hash function and a hash seed used to compute a series of results that form a hash chain. The device may use the trust information to discover another device and to connect to the other device securely and automatically (e.g., with no user involvement or limited user involvement). Moreover, the device may use the trust information to dynamically change a MAC address being used to communicate with the other device.

Abstract: According to an example embodiment of the present invention, there is provided an apparatus (110) comprising a receiver (114) configured to receive at least part of a key in scrambled form, and at least one processing core configured to descramble the at least part of the key and to apply the key in a cryptographic procedure, the descrambling being based at least in part on at least one environmental condition.

Abstract: A method for controlling access to at least a portion of a building includes providing a temporal model identifying relationships between a first set of access control events based on times at which the first set of access control events occurred, providing a spatial model identifying relationships between a second set of access control events based on locations associated with the second set of access control events, providing a user model identifying patterns of user behavior based on a third set of access control events, receiving a fourth set of access control events comprising time data, and location data, and user data associated with the access control events, and determining whether to generate alarms responsive to receiving the fourth set of access control events using the temporal model, the spatial model, and the user model.

Abstract: The present disclosure provides a method and a server apparatus for delivering content based on content-aware using a neural network. A server apparatus for content delivery is provided, including a content clustering unit for clustering multiple contents provided from a content provider based on a similarity; a training unit for training a cluster-wise content reconstruction model by using contents contained in each cluster in accordance with a result of clustering performed by the content clustering unit; a storage unit for storing the multiple contents and the cluster-wise content reconstruction model; and a transmission unit for transmitting content requested by a user and a content reconstruction model corresponding to a cluster containing the content requested to a user terminal.

Abstract: An authentication application may securely communicate with a secure gateway using encryption based on an identifier of the plugin. The authentication application may authorize the plugin based on the identifier. The plug-in may receive biometric information and a unique device identifier. The authentication application may authenticate the user for use of the authorized plugin based the biometric information and the unique device identifier. The plug-in may receive a request to issue a new electronic card via the secure gateway. The plug-in may receive, responsive to sending the request via a secure communication channel with the secure gateway, the electronic card information issued to the device via the secure gateway. The plug-in may automatically add, responsive to receiving the electronic card information, the electronic card information into a mobile payment application of the device using the electronic card information.

Abstract: A method includes receiving, from a requesting device, an access request for at least one security alert encoded data slice of a set of security alert encoded data slices. A security alert message is dispersed storage error encoded into the set of security alert encoded data slices and stored in a set of storage units of a dispersed storage network (DSN). The set of storage units further stores a plurality of sets of encoded data slices, which corresponds to a data object that is dispersed storage error encoded. The method further includes, based on the access request for the at least one security alert encoded data slice, identifying the requesting device as an unauthorized DSN device. The method further includes initiating a security response protocol within the DSN.

Abstract: Technologies for providing hardware resources as a service with direct resource addressability are disclosed. According to one embodiment of the present disclosure, a device receives a request to access a destination accelerator device in an edge network, the request specifying a destination address assigned to the destination accelerator device. The device determines, as a function of the destination address, a location of the destination accelerator device and sends the request to the destination accelerator device.

Abstract: The present invention is a method of managing a neighbor table in a communication apparatus. The method includes the steps of the communication apparatus maintaining a neighbor table comprising a plurality of neighboring table entries corresponding to respective neighboring nodes being communication nodes in communication range of the communication apparatus. Upon determination that the neighbor table capacity has reached a threshold, replacing a first neighbor table entry corresponding to a first neighboring node from the neighbor table by a new neighbor table entry corresponding to a new neighboring node based on the determination that the new neighboring node is a communication partner.

Abstract: According to one embodiment, a communication apparatus is provided. The communication apparatus receives first content including first additional information from a first terminal, generates second additional information, adds the second additional information to second content, and transmits the second content to a second terminal. The second additional information includes an authentication code unique to blocks in the second content and the communication apparatus and a signature unique to the authentication code. The communication apparatus generates receipt information and transmits the receipt information to an external apparatus when a transmission source of the first content is verified to be the first terminal based on the first additional information.

Abstract: Access to sensitive information in a database can be restricted to improve security and enable efficient auditing. A security engine receives a request from a requesting entity to access data in the database and determines that the requested data includes sensitive information. In response to the requesting entity being authorized to access the data, the security engine retrieves the requested data from the database and modifies the retrieved data by modifying metadata of the retrieved data to include a tag indicating that the retrieved data includes sensitive information. The security engine provides the modified data to the requesting entity and modifies a data access log to identify each attempted access to the modified data. When sensitive data is requested, an interface can include an obscuring element, requiring a user to manually select the element to view the data, enabling the logging of the explicit access request by the user.

Abstract: In one example of the disclosure, an encrypted document and an encryption key for decrypting the encrypted document are received from a computer. Presence data for a printer is received via a first wireless network. A user instruction to print the encrypted document at the printer is received. A credential is received from the printer via the first wireless network, where the credential for communication with the printer via a second wireless network with greater bandwidth than the first wireless network. The encrypted document and the encryption key are sent to the printer, where the printer is to utilize the encryption key to decrypt the encrypted document and is to print the document following decryption.

Abstract: A method of encrypting information on an electronic device includes displaying information associated with an application running on the electronic device, receiving, via the application running on the electronic device, an input to initiate an encrypted camera application that is separate from the application running on the electronic device, initiating the encrypted camera application, determining an identity profile having an associated key, receiving an input from the encrypted camera application to collect image data with the camera, receiving image data from an image sensor of the camera, encrypting the image data utilizing the key associated with the determined identity profile to generate encrypted image data, adding the encrypted image data to a document associated with the application running on the electronic device.

Abstract: A device provides a one-time proof of knowledge about a one-time signing key to a server without revealing the one-time signing key by computing a hash as a hash function from the one-time signing key, and transmitting, to the server, the computed hash, an identity associated with the electronic device and a hash path of the hash. The server receives the message from the device and checks whether the hash corresponds to a one-time signing key for a root hash included in a public certificate associated with the identity, checks whether an index corresponding to the hash path from the one-time signing key to the root hash corresponds to a correct time slot, and determines it to be proven that the device is in possession of the correct one-time signing key when the checks are fulfilled.

Abstract: Systems and methods which provide secure queries with respect to encrypted datasets are described. Embodiments provide privacy-assured similarity join techniques operable with large-scale encrypted datasets. A privacy-assured similarity join technique of embodiments enables a storage system to answer similarity join queries without learning the content of the query dataset and the target dataset. One or more secure query schemes may be implemented in accordance with a privacy-assured similarity join technique herein. For example, embodiments may utilize an individual similarity query scheme, a frequency hiding query scheme, and/or a result sharing query scheme. A particular secure query scheme of the foregoing secure query schemes may be utilized to address different considerations with respect to security, efficiency, and deployability with respect to various applications and scenarios with different requirements.

Abstract: A method for use in a distributed storage network (DSN) includes receiving, by a performance unit, access requests from a distributed storage (DS) processing unit. The access requests identify one or more storage units to which access is requested. The performance unit determines that at least a first storage unit is associated with a status level that fails to satisfy a threshold value associated with the access requests, and that at least a second storage unit is associated with a status level that does satisfy the threshold value. For the at least a first storage unit, the performance unit facilitates execution of an alternative approach to processing an access request corresponding to the first storage unit, and for the at least a second storage unit facilitates execution of a standard approach to processing an access request corresponding to the second storage unit.

Abstract: A method, non-transitory computer readable medium, and security management apparatus that retrieves source code for a web page requested by a client device. A script is injected into the source code and the source code is sent to the client device. The script is configured to encrypt an attribute of an input field, remove event listeners from the input field, and insert decoy input fields into the source code. An HTTP message is received from the client device following submission of data via the input field. The message comprises the data, the encrypted attribute of the input field, and an attribute of each of the decoy input fields. The HTTP message is modified by decrypting the encrypted attribute, replacing the encrypted attribute with the decrypted attribute, and removing the decoy input field attributes. The modified HTTP message is sent to the web server device.

Abstract: In a computing device, when a user requests to carry out an operation, the device determines the type of operation requested and the time period since the user was last authenticated. The operation is enabled only if the determined time period does not exceed a threshold for the requested operation.

Abstract: A method and system are provided for improved distributing of a complete software image to all electronic devices of a certain type or model while using encryption to limit its use to specific ones of those devices. In the method, the entire software image is encrypted with a global key and the encrypted software image is distributed to all devices which have the capability of running that software. The global software decryption key for decrypting the software image is uniquely encrypted for every device that is authorized to use the software and the encrypted global software key is distributed to those devices from a field or factory provisioning server across a point-to-point connection.

Abstract: Embodiments herein include, for example, a method that includes signing onto an secure communications system; sending a communication message; and transmitting every messages to all devices in a device group, before displaying any message sent or received.