Abstract: A data-carrying device and methods of authenticating the same are disclosed. The data-carrying device is described as being capable of communicating via the Near Field Communications (NFC) protocol and may have one or more NFC Data Exchange Format (NDEF) records stored in its memory. The data-carrying device also comprises or has the ability to generate a signature that proves the data-carrying device is the authorized device for storing the one or more NDEF records. A data-carrying device that attempts to transmit an NDEF record without a valid signature may be identified as an unauthorized data-carrying device.

Abstract: Applications are stored on removable storage of a mobile device in an encrypted form to provide isolation and piracy protection. In one implementation, each application is encrypted using its own associated encryption key that is generated based on an identifier of the application and a master key that is associated with a trusted platform module of the mobile device. In another implementation, each application is encrypted using two associated encryption keys. One key is used to encrypt binary data associated with the application such as source code, and the other key is used to encrypt application data such as graphics and configuration files. The encryption keys are each generated using the identifier of the application, the master key, and identifiers of the folders where the corresponding data types are stored on the mobile device. The removable storage includes SD cards formatted using the FAT or exFAT file systems.

Abstract: A self-updating system for defending against a cyberattack requests connected devices to solve a problem that is created in a random manner. The problems are created in a manner such that the system can determine whether the client device is being used as part of a cyberattack based on how the client device responds to the problems.

Abstract: Multilevel redirection can be performed in a VDI environment. When a user establishes a second remote session within a first remote session, various redirection techniques can be configured to span both remote sessions so that redirection will be available within the second remote session in the same manner that redirection was available in the first remote session. Therefore, from the user perspective, redirection will occur regardless of whether the user has established a single tier remote session or multitier remote session.

Abstract: Apparatus and methods for managing provision of content to devices in a content delivery network. In one exemplary embodiment, content with a high probability of viewership is sent to consumer premises equipment (CPE) during off-peak periods and stored prior to viewing. An application is utilized to manage decisions related to content provision. The computer program will identify content that is likely to be of interest users associated with respective CPE, and schedule provision of that content in advance of viewing. Then, the system will develop a plan for optimal scheduling of transmission of content to CPEs, often including the use of trickle downloads. The scheduling plan is based collected statistical and historical data on network resource demand to make scheduling decisions. The system allows for the shifting of bandwidth utilization from periods of high demand to those of low demand, and increased performance with regard to user experienced latency.

Abstract: Embodiments of the present application relate to a method, apparatus, and system for providing a security check. The method includes receiving a security verification request sent from a terminal, obtaining first verification element information based at least in part on the security verification request, generating a digital object unique identifier based at least in part on the first verification element information, sending the digital object unique identifier to the terminal, receiving second verification element information from the terminal, and in the event that the first verification element information and the second verification element information are consistent, sending security check pass information to the terminal.

Abstract: Techniques for maintaining an anti-replay counter (ARC) for providing data protection in an integrated circuit are provided. A method according to these techniques includes determining a static baseline value based on an ARC value stored in a programmable read-only memory of the integrated circuit, determining the ARC value based on the static baseline value and a transient component, and storing the ARC value in a volatile memory of the integrated circuit.

Abstract: Determination of a quantified identity using a multi-dimensional, probabilistic identity profiles is contemplated. The quantified identity may be used to authenticate a user entity provided to a point-of-sale device or other interface associated with identity requester in order to verify the corresponding users as who they say they are. The user identity may be determined initially as a function of user inputs made to the identity requester and/or as a function of wireless signaling exchange with devices associated with the user.

Abstract: When attending an event at a venue, the attendee typically presents ticket information that is scanned by a venue scanner. The process associated with scanning can be dispensed with, which can improve attendee experiences, reduce costs associated with managing a venue, as well as other advantages. For example, instead of scanning a ticket at a point of ingress to the venue, a device of the user can self-scan the ticket, and then present indicia that indicates this process has occurred. The indicia can be presented to a guest services representative, who can verify that a valid ticket was redeemed by merely observing the indicia and without scanning.

Abstract: A device may receive or generate a message for routing to a destination on a communication channel. The communication channel may have been established between a source and the destination. The device may perform a first determination of policy information related to at least one of the message, the destination, or the source of the message. The policy information may describe an action for a network device to perform. The device may associate a policy token with the message. The policy token may describe or identify the policy information. The device may provide the message with the associated policy token to the network device on the communication channel to cause the network device to perform a second determination of the policy information based on the policy token, to perform the action described by the policy information, and to provide the message on the communication channel.

Abstract: A method for installation of a secure-element-related service application in a secure element of a user equipment (UE) associated with a subscriber of a telecommunications network includes: transmitting an initial request, transmitting a request to install, receiving token information, transmitting the token information, transmitting an access and/or installation request together with the token information, and establishing a communication link. The secure-element-related service application, when installed within the secure element, is configured to allow the first server entity, together with a UE-related application installed on the user equipment, to provide a service to the subscriber of the telecommunications network.

Abstract: An image forming apparatus includes a first authenticator, a second authenticator, and an apparatus authenticator. The first authenticator is configured to perform first authentication. The second authenticator is configured to perform second authentication. The apparatus authenticator is configured to permit a user who has been authenticated in both the first authentication and the second authentication to use the image forming apparatus, and cancel the permission of use of the image forming apparatus for the user when the authentication of the user is canceled in at least one of the first authentication and the second authentication.

Abstract: The invention relates to an obfuscated program logic of machine executable instructions and a hardcoded cryptographic signing key. The obfuscated program logic further comprising a hardcoded first attribute value wherein execution of the machine executable instructions by the processor causes the obfuscated program logic to receive a request and in response to receiving the request evaluate whether the request is related to the hardcoded first attribute value. In case the request is related to the hardcoded first attribute value, then computing with the hardcoded first attribute value a response to the request and computing with the cryptographic signing key a signature, wherein the signature certifies the request for which the response was computed and certifies the authenticity of the response. Then generating and returning a presentation token comprising the response and the signature, and providing the presentation token to a receiver computer system.

Abstract: An operating method for a one-time password with an updatable seed. The method comprises: a one-time password entering a dormancy mode after being powered on and initialized; being woken up when an interrupt is detected; entering an interrupt processing flow; setting a wakeup flag; entering a key processing flow when a key wakeup flag is set; judging a system state and a key manner; and completing the functions of programming seed data and generating a password according to a judgment result. According to the present invention, on the premise of guaranteeing the security, a user is permitted to program and update seed data in a one-time password, thereby facilitating the use of the user.

Abstract: A system for protecting data managed in a cloud-computing network from malicious data operations includes an Internet-connected server and software executing on the server from a non-transitory physical medium, the software providing a first function for generating one or more security tokens that validate one or more computing operations to be performed on the data, a second function for generating a hash for each token generated, the hash detailing, in a secure fashion, the operation type or types permitted by the one or more tokens, a third function for brokering two-party signature of the one or more tokens, and a fourth function for dynamically activating the one or more signed tokens for a specific time window required to perform the operations permitted by the token.

Abstract: A method for generating and distributing serialized tokens is provided. The method may include receiving a request from at least one client. The method may further include determining whether the received at least one request is a request for generating names and definitions for a group of serialized tokens, deleting a names and definitions, and/or receiving a group of serialized tokens. Additionally, the method may include enabling the at least one client to generate names and definitions for a group of serialized tokens. The method may also include storing the names and definitions on a server. The method may also include deleting the names and definitions from the server. The method may also include formatting and distributing serialized tokens based on the names and definitions for the serialized tokens. The method may further include sending a response to the client based on the received request.

Abstract: A method for performing a digital transaction via a mobile device using a POS system that is connected to a wireless local area network comprising the steps: generation of a unique one-time digital code by the POS system (or by the mobile device of the customer) that is used for initiating the transaction; automatic enabling of network access to the wireless local area network after production of the unique one-time digital code, wherein access to the wireless network is permitted by the digital code; connection of the mobile device to the local area network using the digital code and provision of information from the device to the POS system, after the information has been obtained by the POS system from the mobile device, the POS system provides clearance for the transaction.

Abstract: A universal access method performed by a mobile device includes receiving a signal from a security access point that requests authentication information from the mobile device through near field communication (NFC), selecting one of first authentication information and second authentication information corresponding to the security access point, and transferring the selected authentication information to the security access point through NFC.

Abstract: A secure element, for example an improved SIM card or the like, for a telecommunications terminal, such as a mobile telephone. The secure element may implement a trusted services management application, for example, by executing the trusted services management application on a secure processor. The trusted services management application may manage at least one trusted application to be run by the telecommunications terminal, where trusted applications are used for functions requiring a high level of security such as payment, the supply of “premium” content, which may be certified or guaranteed, or guaranteeing the integrity of the terminal.

Abstract: Identification information for a first account holder at a financial institution is received. The first account holder is authenticated based on the identification information. A second account holder at the financial institution is identified as being known to the first account holder. Inputs are received from the first account holder to configure a message to be displayed to the second account holder. The message is displayed to the second account holder from the first account holder.

Abstract: A hosted service monitoring system detects abuse of a hosted service by monitoring user actions over a period of time. The system will identify an entity, which is a subset of the user actions that share one or more features in common. The system will also identify feature statistics to measure how often the features are associated with the user actions in the entity. The system will project the feature statistics to a vector and use the vector to generate an anomaly score for the entity. The system will determine that the entity is associated with an automated initiator if it generates an anomaly score that exceeds a threshold. Upon determining that the entity that is associated with an automated initiator, the system will cause the hosted service to take an action that will block the automated initiator from accessing the hosted service.

Abstract: Methods, apparatus, systems, storage media, etc., to perform media monitoring for mobile platforms using messaging associated with adaptive bitrate streaming are disclosed. Example methods disclosed hereinto monitor media on a mobile platform include accessing a first uniform resource locator (URL) included in a first message originated by the mobile platform to stream first media according to an adaptive bitrate streaming protocol. Such example methods also include requesting network log information corresponding to the first URL from a service provider providing network access for the mobile platform. Such example methods further include monitoring presentation of the first media on the mobile platform using the network log information.

Abstract: Methods and systems are disclosed for remote monitoring of mobile computing devices. The method and systems can use cloud-type services to monitor the mobile computing devices. The cloud-type services can include a server that is configured to maintain a virtual link between one or more web-based computing devices and the mobile computing devices. So that, even if the mobile computing devices are not communicating with the server, the server can perform one or more actions to maintain the link between the web-based device and the mobile computing device. The cloud-type services can also include a server that authenticates the mobile computing devices, and that sends a link to the mobile computing device if the mobile computing device is authenticated, the link for use by the mobile computing device to connect to a back-end server that is separate from the server.

Abstract: A display card 301 with a user interface for providing one or more services. The card 301 comprises: an external interface 302, 303 for communication with a terminal external from the card 301; a Chip 401 comprising one or more servers for storing one or more applications, wherein the Chip 401 is arranged to communicate with the external interface 302, 303; a user interface 304, 305, 306 for interacting with a user of the card 301; a micro-terminal 402 for controlling the provision of one or more services, wherein the micro-terminal 402 is arranged to communicate with the user interface 304, 305, 306; and the Chip 401 and micro-terminal 402 are arranged to communicate with each other via an internal interface 403 of the Chip 401. Applications include payment cards and passes.

Abstract: Systems and methods are provided for facilitating peer-to-peer payment transactions using mobile devices. According to certain embodiments, a financial account for providing funds for a payment transaction is determined. User input including a payment amount for the payment transaction is received and a QR code that represents the payment amount is generated. The QR code is displayed on the display of a mobile device for purposes of scanning and processing by a second mobile device.

Abstract: A system and method for first changing the encryption key on a self-encrypting disk drive followed by a complete disk wipe. Either process can be separately performed, and they can be performed in any order. In fact, one embodiment of the invention, resets the symmetric key, wipes the disk a predetermined number of times with different predetermined data patterns, and then resets the key a second time. This assures that there is absolutely no way to recover the original key or to read the original plain text data, even if some of it's encrypted values remain on unallocated tracks after wiping. A user can be assured that in milliseconds after starting the wiping process, the entire disk is rendered unreadable and unrecoverable.

Abstract: Methods and systems are provided for non-cryptographic capabilities of a token such as a smartcard to be used as an additional authentication factor when multi-factor authentication is required. Smartcards are configured to generate a transaction code each time a transaction is attempted by the smartcard. The transaction code is dynamic, changing with each transaction, and therefore is used as a one-time password. When a user attempts to access a service or application requiring at least two authentication factors, a secure processor is used to read transaction code from the smartcard. The secure processor establishes a secure communication with the remote computer hosting the service or application. The transaction code can then be encrypted prior to transmission over the public Internet, providing an additional layer of security.

Abstract: A user authentication method with enhanced security is provided. The method includes generating a first common authentication key if a user of the user terminal enters a private password and providing the generated first common authentication key to an authentication server, registering the first common authentication key and user information by matching the first common authentication key with the user information, generating a second common authentication key in real time if the user enters the private password, generating a server authentication key, generating first server authentication information by calculating a one time password (OTP) by using the server authentication key as an operation key, generating a user authentication key, generating first user authentication information by calculating an OTP by using the user authentication key as an operation key, and performing user authentication based on whether the first server authentication is identical to the first user authentication.

Abstract: Technologies for establishing and managing a connection with a power line communication network include establishing a communication connection between an electronic device and a security server. A default device encryption key associated with the electronic device is changed to correspond with a new device encryption key of the security server. Thereafter, the electronic device may only join a power line communication network of a particular security server using a network membership key, which is encrypted with the device encryption key that the particular security server associates to the electronic device. The electronic device contains a circuit interrupt to interrupt a circuit of the electronic device if the electronic device is not able to successfully decrypt the network membership key.

Abstract: Technologies for remote device authentication include a client computing device, an identity provider, and an application server in communication over a network. The identity provider sends an authentication challenge to the client. A capability proxy of the client intercepts an authentication challenge response and retrieves one or more security assertions from a secure environment of the client computing device. The capability proxy may be an embedded web server providing an HTTP interface to platform features of the client. The client sends a resource access token based on the security assertions to the identity provider. The identity provider verifies the resource access token and authenticates the client computing device based on the resource access token in addition to user authentication factors such as username and password. The identity provider sends an authentication response to the client, which forwards the authentication response to the application server.

Abstract: A method for generating and distributing serialized tokens is provided. The method may include receiving a request from at least one client. The method may further include determining whether the received at least one request is a request for generating names and definitions for a group of serialized tokens, deleting a names and definitions, and/or receiving a group of serialized tokens. Additionally, the method may include enabling the at least one client to generate names and definitions for a group of serialized tokens. The method may also include storing the names and definitions on a server. The method may also include deleting the names and definitions from the server. The method may also include formatting and distributing serialized tokens based on the names and definitions for the serialized tokens. The method may further include sending a response to the client based on the received request.

Abstract: An improved method for providing checkpoint background checks is described herein. In one embodiment, the pass control method can comprise collecting data related to the identity of a visitor with a checkpoint computer, transferring the data to a pass control server, querying one or more member profiles using the data, and returning a message to the checkpoint computer. In this method, the member profiles can comprise identity information and one or more flags. The flags can be related to an outcome of a previously performed background check performed using the identity information. The message returned to the checkpoint computer can be related to the flags within any of the member profiles comprising identity information that matches the data.

Abstract: Remote load and update card emulation support may include providing emulation support for an emulated card by executing a command set from command sets that include an encrypted read write command set that uses a secure communication read write (SCRW) key, a plain read write command set that uses a plain communication read write (PCRW) key, and an encrypted read command set that uses a secure communication read only (SCR) key.

Abstract: Systems and methods for self-provisioning of mobile devices are disclosed. An implementation includes determining whether the SIM of a mobile device is associated with a wireless network provider, sending an attachment request to a wireless data network of the wireless network provider when the mobile device is within a coverage area of the wireless data network, receiving an attachment response from the wireless data network of the wireless network provider in response to the attachment request, determining from the attachment response, whether attachment to the wireless data network of the wireless network provider is successful, reviewing an error code provided by the wireless network provider and based on the error code, displaying a user interface allowing a user to provision the SIM for receiving service from the wireless network provider.

Abstract: Various aspects of a system and a method for device authentication are disclosed herein. The system comprises one or more processors in a first communication device. The one or more processors are operable to detect a second communication device within a communication range of the first communication device. The first communication device is in an unlocked state and the second communication device is in a locked state. The first communication device communicates authentication data to unlock the detected second communication device.

Abstract: An embodiment of the invention is directed to a method comprising receiving, at a server computer, information for a portable device that includes a mobile device identifier and storing, by the server computer, the information for the portable device that includes the mobile device identifier in a database associated with the server computer.

Abstract: An approach for authentication is provided. The approach performs identifying, by one or more computer processors, an account attempting to access content. The approach performs identifying, by one or more computer processors, a file including at least authentication information. The approach performs identifying, by one or more computer processors, a location of the authentication information within the identified file. The approach performs identifying, by one or more computer processors, a length of the authentication information. The approach performs identifying, by one or more computer processors, the authentication information in the identified file based at least on the identified location and the identified length of the authentication information.

Abstract: A link is a software abstraction that represents a direct connection between two CoCo nodes. The link layer detects the presence of neighboring devices and establishes links to them. A protocol abstraction layer converts data frames that arrive on network interfaces into packet objects used by the COCO Protocol Suite.

Abstract: Approaches for facilitating spatial and temporal verification of users and/or user devices are disclosed. In some implementations, a user device may be detected within a short wireless communication range. A wireless communication session with the user device may be initiated based on the detection. Information identifying a first integrity-based certificate may be received from the user device during the wireless communication session during a first time period. Information identifying a second integrity-based certificate associated with a second time period may be provided responsive to determining that the first integrity-based certificate is a valid integrity-based certificate associated with the first time period. The second integrity-based certificate may be configured to allow network access for the user device during the second time period.

Abstract: A smart storage device can have a smart-card portion with access control circuitry and integrated memory, a controller in selective communication with the smart-card portion, and a memory device in communication with the controller. The memory device can be separate from the smart-card portion and can store one or more smart-card applications.

Abstract: Described herein are system(s), method(s), and apparatus for embedding personal video recorder functions at the picture level. In one embodiment, there is presented a computer readable medium for storing a data structure. The data structure comprises a picture header and at least one command following the picture header.

Abstract: One embodiment of the invention is a method utilizing a CAPTCHA to generate a human likeness score including blocks: a) receiving a user solution to the CAPTCHA; b) receiving a user interaction pattern descriptive of an interaction undertaken by the user, through a graphical interface of the CAPTCHA, to achieve the user solution; c) determining the accuracy of the user solution; d) comparing the user interaction pattern against an interaction model generated from interaction patterns of previous users; e) calculating the human likeness score based upon the determination of block c) and the comparison of block d), wherein the human likeness score lies within a continuum of human likeness scores.

Abstract: A method and a system is provided for establishing a communications path over a communications network between a personal security device (PSD) and a remote computer system without requiring the converting of high-level messages such as API-level messages to PSD-formatted messages such as APDU-formatted messages (and inversely) to be installed on a local client device in which the PSD is connected.

Abstract: A method for generating and distributing serialized tokens is provided. The method may include receiving a request from at least one client. The method may further include determining whether the received at least one request is a request for generating names and definitions for a group of serialized tokens, deleting a names and definitions, and/or receiving a group of serialized tokens. Additionally, the method may include enabling the at least one client to generate names and definitions for a group of serialized tokens. The method may also include storing the names and definitions on a server. The method may also include deleting the names and definitions from the server. The method may also include formatting and distributing serialized tokens based on the names and definitions for the serialized tokens. The method may further include sending a response to the client based on the received request.

Abstract: Systems and methods for managing credentials distribute the credentials to subsets of a set of collectively managed computing resources. The collectively managed computing resources may include one or more virtual machine instances. The credentials distributed to the computing resources may be used by the computing resources to perform one or more actions. Actions may include performing one or more functions in connection with configuration, management, and/or operation of the one or more resources, and/or access of other computing resources. The ability to use credentials may be changed based at least in part on the occurrence of one or more events.

Abstract: In order to reduce latency and overhead during the device discovery process, operations involved in pairing of two electronic devices may be predefined. In particular, when a user specifies a new electronic device in a list of their electronic devices, a computer provides a notification to these electronic devices. In response to the notification, a given one of the electronic devices generates encryption information and identification information for the given electronic device, and provides this encryption information and identification information to the new electronic device via a network (such as the Internet). Then, the new electronic device generates encryption information and identification information for the new electronic device, and provides this encryption information and identification information to the given electronic device via the network. This pairing information may subsequently facilitate secure wireless communication between the two electronic devices.

Abstract: The embodiment of the present document provides an authentication method, an authentication apparatus and an authentication device. The method includes: a first device determining an authentication preparation parameter; and according to the authentication preparation parameter, the first device transmitting a first authentication control message including a first device identifier stored in the first device to a second device with a second device identifier, controlling the second device to judge whether the first device identifier matches the second device identifier according to the first authentication control message, obtaining a judgment result, and when the judgment result is NO, performing a control operation to disable the second device from reading all or some user data from the first device.

Abstract: The invention relates to a method for activating a portable data carrier (1) in which a first portable data carrier (1) is supplied in an inactive state to a user, after the user has requested the first data carrier (1) with the aid of a second portable data carrier (2) from a central instance, whereby the first and the second data carrier (1, 2) have access to authentication data for mutual authentication. In the method according to the invention a communication connection is set up between the first and the second data carrier (1, 2), via which the first and the second data carrier (1, 2) mutually authenticate each other on the basis of the authentication data and establish a cryptographically secured end-to-end connection. Via this end-to-end connection then the second data carrier (2) activates the first data carrier (1) by transmitting activation data to the first data carrier (1).

Abstract: A data structure defining a presence protocol, a device, a server, a system and method to provide management of presence information as a standalone service as well as part of the instant messaging service of a communication system.

Abstract: A system and method for first changing the encryption key on a self-encrypting disk drive followed by a complete disk wipe. Either process can be separately performed, and they can be performed in any order. In fact, one embodiment of the invention, resets the symmetric key, wipes the disk a predetermined number of times with different predetermined data patterns, and then resets the key a second time. This assures that there is absolutely no way to recover the original key or to read the original plain text data, even if some of it's encrypted values remain on unallocated tracks after wiping. A user can be assured that in milliseconds after starting the wiping process, the entire disk is rendered unreadable and unrecoverable.