Abstract: A system, method and apparatus are provided for secure e-mail message attachment optimization. Content attached to e-mail messages may not be suited to the resource constraints of the destination wireless device. In secure e-mail messages, the message may be signed and/or encrypted. A wireless server can determine resource parameters associated with a destination wireless device, such as display resolution, memory capacity, processor speed, and wireless interface constraints and re-scale the attached content to be optimized for delivery and presentation on the wireless device.

Abstract: Methods and systems are disclosed for providing approaches to authenticating and authorizing client devices in enterprise systems via a gateway device. The methods and systems may include passing, by a computing device to an enterprise device, a request transmitted by a client device for access to an enterprise resource, and transmitting, by the computing device, authentication credentials associated with the client device with a request for authorization information associated with the enterprise resource.

Abstract: In representative embodiments, a rule-based certificate cryptographic key material comprising containing a rule set defining validity conditions is associated with cryptographic key material assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is compliant or non-compliant with the rule set. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is non-compliant with the rules and reinstating the validity of the cryptographic key material when the entity becomes compliant. A rules compliance service determines the validity of the cryptographic material in part using updates sent by the entity. Entities can delegate the update to a delegate device. Encryption can be used to preserve privacy.

Abstract: One embodiment describes a computing system that includes a boot device. The boot device includes nonvolatile memory that stores startup routine instructions and a first pointer, in which the first pointer identifies a first one or more memory addresses in the nonvolatile memory where at least a portion of the startup routine instructions are stored, and a microcontroller that retrieves the startup routine instructions from the nonvolatile memory using the first pointer and determines whether the startup routine instructions are corrupted before executing any portion of the startup routine instructions. The computing system further includes a central processor communicatively coupled to the boot device, in which the central processor executes the startup routine instructions to initialize the computing system when the microcontroller determines that the startup routine instructions are not corrupted.

Abstract: There is a method of generating a token required to transfer an access authority to a cooperating system to a cooperation asking system. In this method, a refresh token is issued to update a token without confirmation to a user after a valid period of a token has expired. When information which is required to update a token is leaked, an unintended system updates a token, and the cooperating system is illicitly used. For this reason, a unit for invalidating the leaked refresh token is required. An access management service stores a refresh token issued at the time of first authorization processing linked to tokens re-issued when a series of token is issued using refresh tokens. Then, upon designation of the refresh token issued first, all refresh tokens linked to the refresh token issued first are invalidated.

Abstract: A security monitor processing server is disclosed. The server comprises a plurality of processors, a memory, and a security monitor application that, when executed by a first processor checks for a message that requests establishment of a secure communication link between a different server and the server directed to it by the different server. The application sends a request to an operating system (OS) to suspend functionality of the other processors except for the first processor. The application sends a request to the OS to suspend a process executing on the first processor. The application conducts a communication session with the different server. The application, responsive to completion of the communication session sends a request to the OS to allow the other processors to resume functionality. The application sends a request to the OS to resume execution of the suspended process on the first processor.

Abstract: The disclosed apparatus may include a storage device and a secure counter. The apparatus may also include a tamper-logging component that (1) detects an action that is associated with booting untrusted images from the storage device and, in response to detecting the action, (2) securely logs the action by incrementing the secure counter. Various other apparatuses, systems, and methods are also disclosed.

Abstract: A computer establishes normal activity levels of a factor associated with an application, system, network, or computing environment. The computer receives rules prescribing the trust levels assigned to users or devices during normal and abnormal activity levels exhibited by the factor. The computer monitors the activity level exhibited by the factor and determines whether the activity is normal or abnormal. If the computer determines that the factor is exhibiting abnormal activity, the computer modifies the trust level of associated users and devices according to the rules. The computer continues to monitor the activity of the factor until the computer determines that normal activity levels of the factor have returned, at which point the computer modifies the trust level of associated users or devices according to the rules.

Abstract: Provided are a method, a system, and a computer program product in which a secondary storage controller copies a file stored in a primary storage controller. The secondary storage controller performs an anti-virus scan on the copied file. A result of the anti-virus scan is transmitted to the primary storage controller.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a cyber-attacker. An end-user device (a desktop computer, a laptop computer, a smartphone, a tablet, or the like) interacts and communicates with a server of a computerized server (a banking website, an electronic commerce website, or the like). The interactions are monitored, tracked and logged. User Interface (UI) interferences are intentionally introduced to the communication session; and the server tracks the response or the reaction of the end-user to such communication interferences. The system determines whether the user is a legitimate human user; or a cyber-attacker posing as the legitimate human user. The system displays gauges indicating cyber fraud scores or cyber-attack threat-levels.

Abstract: The present disclosure describes methods, systems, and computer program products for providing secure identity propagation in a cloud-based computing environment. One computer-implemented method includes receiving, from a user, a first security response message, transmitting, to the user in response to receiving the first security response message, a second security response message, wherein the second security response message comprises a Token Granting Token (TGT), receiving, from a cloud application, a Service Token (ST) request, wherein the ST request comprises the TGT, verifying the ST request based on the TGT, generating, in response to the verifying, a ST, wherein the ST is used to validate an access request to access a backend system, and transmitting the ST to the cloud application.

Abstract: A display device and a method for controlling the same are disclosed. The method for controlling a display device comprises the steps of displaying a control object in a first private region; moving the displayed control object from the first private region to a public region; moving the control object based on a first moving mode if an object property of the control object is a private property; and moving the control object based on a second moving mode if the object property of the control object is a public property. In this case, the first moving mode may have a moving property of the control object, which is different from that of the second moving mode.

Abstract: Embodiments are directed to revoking user sessions using signaling. In one scenario, an identity platform operating on a computer system receives an indication indicating that a user's login account has been compromised, where the user's login account has an associated login session and corresponding session artifact that is valid for a specified amount of time. The identity platform generates a signal indicating that the login session is no longer trusted and that the user is to be re-directed to the identity platform to re-authenticate and renew the session artifact and provides the generated signal to various relying parties including at least one relying party that is hosting the login session for the user.

Abstract: Embodiments are directed to systems, methods and computer program products for sorting mobile banking functions into authentication buckets. Embodiments determine, for each of a plurality of mobile banking functions, a corresponding authentication buckets, where each authentication bucket corresponds with a level of authentication.

Abstract: In representative embodiments, a rule-based certificate cryptographic key material comprising containing a rule set defining validity conditions is associated with cryptographic key material assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is compliant or non-compliant with the rule set. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is non-compliant with the rules and reinstating the validity of the cryptographic key material when the entity becomes compliant. A rules compliance service determines the validity of the cryptographic material in part using updates sent by the entity. Entities can delegate the update to a delegate device. Encryption can be used to preserve privacy.

Abstract: An access permissions management system including a hierarchical access permissions repository including access permissions relating to data elements arranged in a data element hierarchy, wherein some of the data elements have only access permissions which are inherited from ancestral data elements, some of the multiplicity of data elements are prevented from having inherited access permissions and thus have only unique access permissions which are not inherited and some of the data elements are not prevented from having inherited access permissions and have not only inherited access permissions but also unique access permissions which are not inherited, some of which unique access permissions possibly being redundant with inherited access permissions, and an access permissions redundancy prevention engine operative to ascertain which of the unique access permissions are redundant with inherited access permissions and not to store the unique access permissions which are redundant with inherited access permiss

Abstract: Embodiments of the present disclosure disclose a data synchronization method, system and apparatuses thereof. The data synchronization method includes the following processes: sending, by a client, a data characteristic verification message carrying one or multiple data characteristics for data in a client database, to a server; comparing, by the server, the one or multiple data characteristics carried in the data characteristic verification message with the data characteristics for the data in a server database; determining, by the server, the data to be synchronized based on a result of the comparing and sending the client a data characteristic verification response carrying information indicating the determined data to be synchronized. The method, system and apparatus thereof provided by the embodiments of the present disclosure can reduce the amount of data to be transmitted in data synchronization, and improve the efficiency of data synchronization.

Abstract: A compute instance of a virtual computing service (VCS) is assigned first and second cryptographically verifiable identities (CVIs) within respective namespaces. A cryptographic key pair associated with the first CVI includes a non-transferable private key managed by a secure key store which does not permit the private key to be copied. The VCS enables the instance to use the private key for asserting the CVIs. In response to a first identity query, the instance indicates the first CVI. In response to a second identity query, the instance indicates the second CVI.

Abstract: A system that incorporates teachings of the present disclosure may include, for example, a non-transitory computer-readable storage medium, which operates in a mobile device server and has instructions to obtain a software application, store a first pairing key in a memory of the mobile device server where the first pairing key is generated by a device of a service provider in response to a review of the software application for compliance with a policy of the service provider, and execute a web server application at the mobile device server that is operable to detect a media resource center operably coupled with a media device, establish communications with the media resource center and transmit the first pairing key to the media resource center to enable at least a portion of services that are associated with the software application and that utilize the media device. Other embodiments are disclosed.

Abstract: Provided are an authentication method and an apparatus for the method. An authentication method includes generating, at a terminal, an identifier (ID)-based secret key using an ID of a user of the terminal and key generation factors exchanged with a server, encrypting, at the terminal, a password of the user using a symmetric key encryption algorithm taking the generated secret key as a symmetric key, and requesting authentication for the terminal user by transmitting the encrypted password to the server, and receiving, at the terminal, a response to the authentication request from the server.

Abstract: Methods and systems for behavioral profiling, and in particular, utilizing crowd-managed data architectures to store and manage that profile, are described. In some embodiments, a method includes observing behavioral characteristics of user interactions during a current session with the user through one of a plurality of channels. Variations between the behavioral characteristics of the user interactions observed during the current session and a behavioral profile previously developed based on prior usage patterns of the user through the plurality of channels are identified, in real-time or near real-time.

Abstract: Methods, systems, and apparatuses, including computer programs encoded on computer-readable media, for receiving a write request that includes data and a client address at which to store the data. The data is segmented into the one or more storage units. A storage unit identifier for each of the one or more storage units is computed that uniquely identifies content of a storage unit. A mapping between each storage unit identifier to a block server is determined. For each of the one or more storage units, the storage unit and the corresponding storage unit identifier is sent to a block server. The block server stores the storage unit and information on where the storage unit is stored on the block server for the storage unit identifier. Multiple client addresses associated with a storage unit with the same storage unit identifier are mapped to a single storage unit.

Abstract: Embodiments of a system and method for establishing secure communications between devices via a wireless network are generally described herein. In some embodiments a device may transmit a public use credential to a second device to establish a secure device-to-device communication session. In some embodiments a device may prompt a user to provide a network-specific credential or utilize a public use credential to establish a communication session with an access point. In some embodiments a communication module in a device may automatically establish a connection with an access point utilizing a public use credential in response to a previously established relationship with the access point. In some embodiments a plurality of devices may establish unique encrypted communication connections with an access point utilizing an identical public use credential. In some embodiments an access point may provide a certificate identifying the access point to a device utilizing a public use credential.

Abstract: A computer-implemented method performed in a computerized system incorporating a central processing unit, a localization signal receiver and a memory, the computer-implemented method involving: receiving at least one localization signal using the localization signal receiver; measuring a strength of the received localization signal; using the central processing unit to extract a key from the received localization signal; determining a location based at least on the measured strength of the received localization signal; and validating the determined location using the extracted key. The localization signal may be provided by one or more beacons, such as iBeacons, which may be placed at various locations within a building. The key may be randomly generated and periodically transmitted to the beacons to prevent replay attacks. A ticket issued by a near field communication (NFC) device may be used for additional location validation to prevent tunneling and collusion.

Abstract: A method for obtaining a secure connection between a first server and a client. The method may comprise establishing a secure communication session between a second server and the client, wherein the second server is trusted by the first server, and the second server is configured to authenticate the client. The client may receive a client token, wherein the client token contains data associated with the first server, the second server, the client, and a digital signature. Then, the client may request secure communication access to the first server, wherein the request includes transferring the client token to the first server. Finally, the client may receive a grant of secure communication access to the first server based on authentication of the client by the first server, wherein the authentication is based on the client token validating the client and the digital signature validating the client token.

Abstract: A method is provided for using obtaining a reproducible device identifier from a physically unclonable function. An authentication device may receive a first physically unclonable function (PUF) dataset from the electronic device, the first PUF dataset including characteristic information generated from a physically unclonable function in the electronic device. The authentication device may then identify a pre-stored PUF dataset corresponding to the electronic device. Authentication of the electronic device may be performed by correlating the pre-stored PUF dataset and the first PUF dataset for the electronic device, wherein such correlation is based on a pattern or distribution correlation the pre-stored PUF dataset and the first PUF dataset. Because such correlation is performed on datasets, and not individual points, systematic variations can be recognized by the correlation operation leading to higher correlation than point-by-point comparisons.

Abstract: Trust between entities participating in an upgrade or enablement/disablement process is established and, to facilitate this remotely and securely, a highly tamper resistant point of trust in the system that is being produced is used. This point of trust enables a more efficient distribution system to be used. Through either a provisioning process or at later stages, i.e. subsequent to installation, manufacture, assembly, sale, etc.; the point of trust embodied as a feature controller on the device or system being modified is given a feature set (or updated feature set) that, when validated, is used to enable or disable entire features or to activate portions of the feature.

Abstract: A symmetric PGP encrypted communications path is provided in which the recipient may be identified with only publicly available information. Data to be encrypted is encrypted at the object level. Encryption keys for both the transmitter and receiver are sent to a security server. Data received from the transmitter includes intended receiver ID. The receiver includes its actual ID. The received ID and the actual ID are sent to the security server for authentication. If authentication succeeds, the security server sends a session key to the receiver, and the receiver can use its own key to decrypt data. The system reacts to authentication failure by disabling decryption in the receiver and may also take countermeasures.

Abstract: Leveraging an established authenticated session in obtaining authentication to a client application includes receiving a request for access to a client application requiring authentication of a requestor and determining whether there exist characteristics of leverageable authentications corresponding to established sessions having an authenticated state at a time of the determination. When the determination reveals characteristics of at least one leverageable authentication corresponding to an established session, and attempt is made to obtain access for the requestor to the client application based on the at least one leverageable authentication, and the requestor is provided with a notification related to the 1 attempt to obtain access for the requestor to the client application.

Abstract: Techniques are described for enabling principals to inject context information into a credential (e.g. session credential). Once the credential has been issued, any arbitrary principal is allowed to inject context information into the existing credential. The injected context is scoped to the principal that made the injection. Subsequently, at authentication time, when the credential is used to request access to a particular resource, the system can verify whether the principal that made the injection is trusted and if the principal is deemed trusted, the context information can be applied to a policy that controls access to one or more resources, or can alternatively be translated into some context residing in a different namespace which can then be applied to the policy. In addition, the system enables arbitrary users to insert additional deny statements into an existing credential, which further restrict the scope of permissions granted by the credential.

Abstract: A method of managing the sensitive data of a mobile terminal and an escrow server for performing the method are disclosed. In the method of managing the sensitive data of a mobile terminal, an escrow server receives a request for registration from a mobile terminal, a user key is generated in response to the request for registration, a user virtual folder adapted to store the sensitive data of the mobile terminal is generated, encrypted sensitive data is received from the mobile terminal if the mobile terminal determines to store the sensitive data in the escrow server, and the encrypted sensitive data is re-encrypted and stored in the user virtual folder.

Abstract: An electronic device and a method thereof for releasing lock using an element combining color and symbol are provided. In the method, at least two groups including at least two elements combining color and symbol are displayed. One element included in each of the at least two groups is allowed to be sequentially selected at least one time. When it is determined that a sequence of the sequentially selected elements is the same as a set sequence, a lock of the electronic device is released.

Abstract: Disclosed is a bidirectional authorization system, including a first service provision subsystem configured to acquire a first temporary credential of the first service provision subsystem and a second temporary credential of a second service provision subsystem, respectively, send the second and the first temporary credential to the user terminal and the second service provision subsystem, respectively, send the second authorization credential returned by the user terminal to the second service provision subsystem to exchange for a second access token and acquire the second service resources; a second service provision subsystem configured to modify the first temporary credential and send it to the user terminal, send the first authorization credential returned by the user terminal to the first service provision subsystem to exchange for a first access token, and acquire the first service resources; and a user terminal configured to authorize the received second and first temporary credentials, respectively,

Abstract: A control chip for controlling a player with a multimedia playback function and a data processing function is provided. The control chip includes: a multimedia playback module, being adapted to drive the multimedia playback function, configured to generate multimedia playback information associated with multimedia data that has been played; a data processing module, being adapted to drive the data processing function, configured to generate data processing information associated with data that has been processed; and a data protection module, configured to control at least one of the multimedia playback module to stop the multimedia playback function and the data processing module to stop the multimedia playback function according to the multimedia playback information and the data processing information.

Abstract: Methods, media, and servers are provided for maintaining persistent sessions for a network device and providing quick authorization to a user of the network device. The network server maintains persistent sessions with network devices based on a usage profile associated with the network devices. The persistent sessions are maintained during time periods when the network device experience peak transaction activity. Additionally, during these time periods, the network device may provide quick authorizations to users of the network device. Quick authorizations allow a transaction to complete on the network device without waiting for authorization if the user is identified as a returning user.

Abstract: A method is described that includes securing authorization for a control module to conduct a test using a plurality of test modules running on a plurality of virtual machines. The method further includes registering the plurality of test modules with the control module to conduct the test. Authorization of the control module is extended to the test modules by securely communicating authorization and instructions to a first set of the registered test modules to send test stimulus to a device under test. Similarly, the authorization is extended to the test modules by securely communicating authorization to and receiving test result data from a second set of the registered test modules, wherein the test result data is responsive to the test stimulus sent to the device under test. The first and second sets of registered test modules can overlap or be the same test modules.

Abstract: Described herein are techniques related to shielding data in transit and in memory. A method and system for shielding data in transit and in memory may include using a transformation knowledge key (TKK). For shielding data in transit, the TKK is configured to include a splitting algorithm component that is configured to split a message into N segments of shielded data and route the N segments via M communications paths, where M and N are integers greater than 1. For shielding data in memory, the memory is segmented into M memory blocks. The splitting algorithm component of the TKK is configured to split data into N segments of shielded data and store the N segments of shielded data in the M memory blocks. The TKK is reused to unshield and reconstruct the original message or the data from the N segments of shielded data.

Abstract: A method and an apparatus for connection establishment are provided. The method includes receiving a registration request and a connection request that are sent by a client based on a service, generating a policy instruction for the service according to service information carried in the registration request when the service is registered successfully according to the registration request, feeding back the policy instruction to the client, instructing the client to adjust, according to the policy instruction, the on-off state of the connection between the server and the client and established for the service, establishing, the connection between the server and the client for the service, and adjusting, based on the policy instruction, the on-off state of the connection to solve a problem in the prior art that a large amount of electricity is consumed by the client.

Abstract: A method, system and computer program product are disclosed that facilitates exchange multifunction job security using IPv6 Neighbor Discovery, which can include generating a print job on a first node, the first node having a first software module and a first IP filter configured to capture neighbor solicitation messages and sending a neighbor solicitation request with the at least one security option to a second nod. Capturing the neighbor solicitation request via a second IP filter on the second node; validating a digital certificate and decrypting a first encrypted job identifier associated with the neighbor solicitation request using a second software module on the second node. Sending a neighbor advertisement to the first node, the neighbor advertisement including a second encrypted job identifier for the print job and capturing the neighbor advertisement from the second node with the first IP filter, and processing the job on the first node.

Abstract: The subject disclosure is directed towards providing a computing device with access to key that depends on the current software version, e.g., the software version of a security processor. If the software is compromised, another key becomes available with release of each new (non-compromised) software version. Keys for future versions cannot be derived, while keys for earlier versions can be derived from the current key. A secure boot process uses a secret to generate a first key, after which access to the secret is turned off. The first key is used with key blob data to compute a second key used for data decryption (and encryption) as needed. The key blob data may be global for all devices, and/or device specific; a hash stick comprising a set of derivable keys may be used at manufacturing time to generate the device-specific key blob data.

Abstract: Provided is a vehicle network authentication system such that processing by a vehicle control device can be smoothed while security of communication using dummy data is maintained. A vehicle control device as an authenticating entity is provided with an authentication unit that allocates authority in accordance with the amount of authentication of data for authentication transmitted from a vehicle control device as an authenticated entity. The vehicle control device includes an authentication data generation unit that generates the data for authentication, a data division unit that divides the generated data for authentication, and a dummy data addition unit that adds dummy data as data that is transmitted to a vehicle network together with the data for authentication.

Abstract: A first request from a client using a first protocol is translated into one or more second requests by a servicer using a second protocol through a virtual request using the first protocol. A client may use parameters of the first protocol to pass virtual request components to the servicer. A format agreement between the client, servicer and/or authentication service may allow the servicer and/or authentication service to translate the virtual request components over the first protocol to one or more second requests using the second protocol. Virtual request components may prove the authenticity of the virtual request received by the servicer to an authentication service. Once satisfied the virtual request is valid, the authentication service may issue a credential to the servicer to send the one or more second requests to an independent service. Virtual requests may be included in various protocols, including credential-based protocols and certificate exchange-based protocols.

Abstract: The first mobile device determining that the first mobile device is lost and the first mobile device, in response to determining that the first mobile device is lost, activating a secure mode on the first mobile device. The first mobile device making the first mobile device discoverable to other mobile devices. The first mobile device electronically binding to a second mobile device. The first mobile device sending information relating to the first mobile device to the second mobile device. The first mobile device receiving an indication that the first mobile device is no longer lost. The first mobile device, in response to receiving the indication that the first mobile device is no longer lost, unbinding from the second mobile device.

Abstract: In a client-server environment providing hosted services, an application service server receives from a client a first request for hosted services associated with a user-specified domain name. If the server does not provide hosted services for that domain name, the server designates the first request as pending and provides a limited set of the hosted services in association with the first request. The server provides a complete set of the hosted services requested in the first request if it can be established that a first user associated with the first request has appropriate authority to make administrative changes for the network domain designated by the domain-name. In some embodiments, the server denies the first request and cancels the limited services if it is not shown within a predetermined period of time that the first user has the appropriate authority.

Abstract: The present invention uses Server-based Certificate Validation Protocol (SCVP) to validate the public key digital signature certificate of an email signer (or the public key encryption certificate of an email recipient) by using a modified SCVP server such that a trustworthiness indicator based on certificate policies is included in an SCVP server response that maps the certificate policies asserted in the public key certificate of the email signer (or email recipient(s)) to graphically represent the degree of trust that can be attributed to the identities bound to public key certificates containing one or more certificate policies. The graphical representation of a trust level may appear directly in an email client and is based on the level of trust attributable to the binding between the public key distributed via a public key certificate (for signing or encryption) and the identity/attributes of the “subject” or “entity” contained in that certificate.

Abstract: Systems and methods are presented for dynamically controlling role-based access to enterprise applications. The access includes both a user's ability to access a requested functionality (hereinafter referred to as “features”) in an enterprise applications, as well as the user's ability to access the specific data (and request filtering of the data) within the enterprise applications. The systems and methods provide dynamic control by utilizing a number of separate tables for identifying each element (user, role and feature), with join-tables used to define, on an active/customized basis, the association of each user with respect to a particular role (user_role join-table) and association of each feature with the listing of roles (feature_role join-table). The join-tables and specific element tables may be modified during runtime to modify any of the associations or listings.

Abstract: A technique that binds encryption and decryption keys using a UID, a UDID, and a Pswd to a client mobile device in an enterprise. In one example embodiment, this is achieved by creating a new user account using the UID and the DPswd in an inactive state and communicating the UID and the DPswd to an intended user using a secure communication medium by an administrator. The intended user then logs into a cryptography key management system using the UID and the DPswd via a client mobile device. The UDID associated with the client mobile device is then hashed to create a H(UDID). The H(UDID) is then sent to the cryptography key management system by a local key management application module. The H(UDID) is then authenticated by the cryptography key management system. An encryption/decryption key is then assigned for the client mobile device.

Abstract: Systems and methods for controlling access to multiple applications on a computing device are provided. One embodiment of a system includes an access device configured to: receive a request to access a first application and a device identifier; authenticate the user using a user credential associated with the user and store the device identifier in association with a login identifier in response to authentication of the user. The access device can be further configured to receive a request to access a second application and the device identifier. The access device can allow access to the second application based on the previous authentication of the user.

Abstract: An approach for providing value-based resource management and admission control is described. A value-based platform may receive a request from a user or a service provider to access an asset, a service, or a combination thereof. The value-based platform may further apply a policy rule to account information associated with the user to determine a user value score. The value-based platform may also generate prioritization information for admitting the user to the asset, the service, or a combination thereof based on the user value score.

Abstract: A method uses web servers to promulgate information from one server to another, instead of promulgating the information by the user to each server individually. A first server receives a first request for promulgating web-information from a user, locally promulgates the web-information, and sends a second request to at least one second website server to instruct the second website server to locally promulgate the web-information. The selection of the second server is done according to a preset configuration file which includes a relationship mapping between the first website server and the second website server. The relationship mapping may provide the user information related to the second website server based on the user information related to the first website server. The present disclosure further discloses a communication apparatus and a communication system.