Abstract: Systems and methods for securely uploading a data file are presented. A client generates a symmetric encryption key and an initialization vector; encrypts the data file using the symmetric encryption key and the initialization vector; places an upload request with a server to upload the encrypted data file to a first storage device; receives from the server via the communications network, asymmetric encryption components, a signed data file upload URL accessible by the communications network, and a signed key data upload URL accessible by the communications network; encrypts, using the asymmetric encryption components, the symmetric encryption key and the initialization vector, thereby creating encrypted key information; sends, via the signed data file upload URL, the encrypted data file to the first storage device; and sends, via the signed key data upload URL, the encrypted key information to a second storage device.

Abstract: Methods and systems are provided for controlling the execution of business logic that allows features to be turned on or off at run time for each particular user entity of a plurality of user entities. Prior to run time a library is configured based on an administrator's interaction with an interactive control panel at a computer of the system. For each particular user entity and for each particular code block of an object that comprises a plurality of code blocks each corresponding to a particular feature and having an enabling predicate associated with that particular code block, the library can be configured by defining an on/off state for each feature of that particular code block via an enabling predicate associated with that particular feature. The library can then be cached in a custom settings cache of the system for use at run time.

Abstract: A first DNS server receives, from a client device, a DNS query for a domain name and transmits, to a second DNS server, the DNS query for the domain name. The first DNS server receives, from the second DNS server, an answer to the DNS query that is unsigned. The first DNS server signs the received answer to the DNS query and transmits, to the client device, the signed DNS answer.

Abstract: A process for the processing of user inquiries in a data network saves user data anonymized at first in an independent process with an independent third-party vendor, which can then be accessed by the use of several incremental encryption and anonymization routines in such a way that, on the one hand the provider is not involved in the data exchange and in other respects even the independent third-party vendor does not have access to the user data at any time, albeit with the result that anonymized customer data, especially information about age, sex and partial postal code, can be kept ready in a database for the mobile end device being used.

Abstract: An electronic device for encrypting content and a method thereof are provided. First and second data segments of a content file may be received. The first data segment may be encrypted on the basis of a policy of a content provider providing the content file. The second data segment may be encrypted using an encryption scheme that differs from that used for the first data segment. The second encryption scheme may utilized a different key and/or algorithm than that used in the first encryption scheme.

Abstract: The present invention relates to a method for ensuring functional reliability of components (5), which participate in a charging operation, of the electromobility technology of an actuator (4) which is formed in particular as an electric vehicle or electric charging station, in connection with the charging operation or during a test, wherein at least one of the participating components (5) comprises a module (6) for the implementation of security functions in which a first assigned certificate of a technical test station (3) concerning a means for carrying out a self-diagnosis of the component (5) and a second assigned certificate (11) of a manufacturer (2) are stored, characterized by the following steps to be carried out in the participating components (5): (1a) activating a self-diagnosis, (1b) providing a result of the self-diagnosis of the component (5) with a signature by means of the second assigned certificate (11) of the manufacturer (2), (1c) transmitting to the technical test station (3) the result

Abstract: A system and method for exchanging data among partitions of a storage device is disclosed. For example, data stored in a first partition is exchanged with an application included in the first partition or with a second application included in a second partition. In one embodiment, the second application is associated with a global certificate while the first application is associated with a different platform certificate. A verification module included in the first partition receives a request for data and determines if the request for data is received from the first application. If the request for data is not received from the first application, the verification module determines whether the request is received from the second application and whether the global certificate is an authorized certificate. For example, the verification module determines whether the global certificate is included in a listing of authorized certificates.

Abstract: A device to apply a digital fingerprint to a digital signal comprises a means of intercepting or acquiring a signal, a storage element and a processor for executing computer implemented program code components in the storage element to effect the methods. The methods include transforming a plurality of signal samples onto a discrete orthonormal basis and ranking the transformed samples according to their magnitude. The n largest principal components of the ranked transformed samples are optionally permuted to generate a re-ordered set of principal components, which are then altered by a marking angle. The marked principal components and unmarked non-principal components are converted and combined and applying an inverse of the transform function to the combined principal and non-principal components to generate a fingerprinted digital signal. Methods to prepare the signal for marking, recover the digital fingerprint and verify the distributor and/or recipients of the signal are also disclosed.

Abstract: Provided herein are systems, methods, and software for implementing information management applications. In an implementation, at least a portion of an information management application is embodied in program instructions that include various task modules and a scheduler module. In some implementations the program instructions are written in accordance with a single threaded programming language, such as JavaScript or any other suitable single threaded language. When executed, each task module returns control to the scheduler module upon completing. The scheduler module identifies to which of the plurality of task modules to grant control based at least in part on a relevance of each task module to a user interaction.

Abstract: The present invention relates to the field of anti-counterfeit protection of products. Specifically, the invention is directed to a composite security marking for a physical object, in particular to an anti-counterfeit product marking. In particular, without limitation, such composite security marking can be used in connection with or can form a component of a multi-component security system, in particular of an anti-counterfeit protection system, which is also disclosed herein as part of an overall solution for anti-counterfeit protection. The composite security marking comprises a physical unclonable function, PUF, and a representation of a digital signature or of a pointer indicating a location where said digital signature can be accessed. The digital signature digitally signs a hash value resulting from application of a predetermined cryptographic hash function to data representing a response generated by the PUF in reaction to a challenge of a predetermined challenge-response authentication scheme.

Abstract: A method for exchanging hidden secret messages includes generating a masking message comprising a quick phrase on a sender's mobile device; receiving a secret message and associating it with the masking message; encrypting the masking message; encoding the secret message using invisible symbols and embedding it into the masking message; sending the masking message to a recipient; receiving a response masking message from a recipient's mobile device; copying the response masking message and detecting the secret message by checking a clipboard content; decrypting the response masking message; and decoding the secret message and rendering it on a sender's keyboard screen. The secret message contains an invisible marker inserted after a first symbol of the masking message for detection and decoding.

Abstract: A digital watermarking system and method are disclosed. In one respect, the disclosed digital watermarking includes generating an extracted signal by applying a watermark extractor to an original image, generating a mixed signal by mixing the first signal with a periodic watermark signal using a local weighting factor for the periodic watermark signal that attenuates a strength of the watermark signal in proportion to a pixel luminance level, and replacing the extracted signal in the original image with the mixed signal to generate a marked image, wherein the watermark signal is extractable from the marked image using the watermark extractor.

Abstract: A method, an apparatus, and a computer program product for wireless communication are provided. A method includes transmitting a request to a serving network with a nonce and a signature request directed to a network function of the serving network, receiving a response to the request from the serving network, and authenticating the serving network based on the signature of the network function. The nonce may provide replay protection. The response may include a signature of the network function. The request sent to the serving network may include a radio resource control (RRC) message or a tracking area update (TAU) request. The serving network may be authenticated using a trusted third party to verify a certificate associated with the serving network.

Abstract: Systems for forensic steganography. A server is interfaced with storage facilities that store an object accessible by two or more users, each of which users are associated with respective profiles comprising one or more user-specific attributes. A method detects a user request to view the object. User-specific attributes are encoded into a steganographic message, which is formatted for saving into one or more locations in the object, thus generating a protected object. The protected object is delivered to the requesting user. Encoding, application and formatting techniques are configured to make the steganographic message undetectable by human viewing of the protected object. A web crawler or other policing technique can detect misappropriation in the form of unauthorized dissemination by detecting the presence of the encoded steganographic message embedded in the protected object.

Abstract: A reference verification module identifies content items stored in a content repository that include at least a portion of the content included in a reference content item provided by an entity. The reference verification module classifies the reference content item based on the uneven distribution of the percentages of the identified content items that include each of the claimed portions. Specifically, if the average difference between the percentage of content items that include a given portion and the percentages of the remaining content items is above a threshold, then the reference verification module classifies the reference content item as having a higher than threshold likelihood of including third party content.

Abstract: The invention provides a method and apparatus for the secure electronic signing of electronic documents and data. The method comprises the steps of: obtaining a first digital representation in a high level first data format of the set of application data; generating a second digital representation in a low level second data format of the application data whereby the low level second data format is different from the high level first data format; presenting an analog representation of the set of application data to a user, whereby the second digital representation is a precise and accurate representation of said analog representation; obtaining an indication whether the user approves the analog representation for signing; if the indication indicates that the user approves the analog representation for signing, generating the first digital signature over the second digital representation using a first signature key associated with the user.

Abstract: In one embodiment, it is proposed a signing method delivering a partial signature associated with a message, said partial signature being used in a threshold signing method, the signing method being executed on an electronic device. Such signing method is remarkable in that it comprises signing a hash of said message with a one-time linearly homomorphic structure preserving signature method with a partial secret key, said partial secret key being obtained from an output of a secret sharing scheme, and said signing delivering said partial signature associated with said message.

Abstract: There is provided an information processing apparatus including a key selection section configured to select one out of a plurality of different secret keys, in a public key authentication scheme or a digital signature scheme in which each of the plurality of secret keys exists for one public key registered in a verifier, and a process execution section configured to execute, by using the secret key selected by the key selection section, an authentication process with the verifier by the public key authentication scheme or a digital signature generation process to the verifier by the digital signature scheme.

Abstract: A method, apparatus and computer program product are provided for implementing a location-based records access system. An example of the method includes providing, in a browser sandbox environment executing on a processor, a client interface for interacting with a records server, receiving an indication of an occurrence of an event within the client interface, the indication comprising electronic data sufficient to identify a particular protocol handler application, executing the particular protocol handler application outside of the browser sandbox environment, wherein executing the particular protocol handler application results in execution of a listener, performing a call, by the client interface, to the listener to request a device identifier from the listener, receiving, by the client interface, the device identifier from the listener; and transmitting the device identifier to the records server.

Abstract: A method of verifying a data packet by a data consumer may be provided. The method may include authenticating a first signature in a signature stack of a data packet, where the first signature corresponds to a hashed first content in a content stack, and the first signature is generated at a first network location. The method may additionally include authenticating a second signature in the signature stack of the data packet, where the second signature corresponds to second content in the content stack, and the second signature is generated at a second network location. The second content may include a processed version of the first content and may be generated at the second network location.

Abstract: A device to apply a digital fingerprint to a digital signal comprises a means of intercepting or acquiring a signal, a storage element and a processor for executing computer implemented program code components in the storage element to effect the methods. The methods include transforming a plurality of signal samples onto a discrete orthonormal basis and ranking the transformed samples according to their magnitude. The n largest principal components of the ranked transformed samples are optionally permuted to generate a re-ordered set of principal components, which are then altered by a marking angle. The marked principal components and unmarked non-principal components are converted and combined and applying an inverse of the transform function to the combined principal and non-principal components to generate a fingerprinted digital signal. Methods to prepare the signal for marking, recover the digital fingerprint and verify the distributor and/or recipients of the signal are also disclosed.

Abstract: In an example embodiment, a virtual private network (VPN) connection is established between a client device and an authentication service. Then a request is received from a third-party application on the client device, with the request being for a third-party service. A log-in page is requested from the third-party service, with the log-in page including one or more log-in fields usable to enter credential information. The log-in page is then modified to hide the one or more log-in fields. Credentials corresponding to a user of the client device and also corresponding to the third-party service are then obtained. The modified log-in page is sent to the client device via the VPN connection. A log-in submission is received from the third-party application. The credentials corresponding to the user and to the third-party service are sent to the third-party service to log-in the user to the third-party service.

Abstract: A status notification method for use in a terminal, includes: acquiring usage information of a target apparatus, the usage information including at least each usage duration of the target apparatus; calculating current consumption of the target apparatus according to the usage information of the target apparatus; and generating an alert regarding a current status of the target apparatus after the current consumption of the target apparatus reaches a preset consumption alerting threshold.

Abstract: A method of protecting a network-connected device from an advanced persistent threat cyber-attack is provided. A network-connected device having an operating system, a memory, memory instructions holding executable program instructions, and being communication enabled, is protected from an advanced persistent threat by steps of detecting the advanced persistent threat due to the presence of rogue software in the memory instructions of the network-connected device and locking-down the communications of the network-connected device. The network-connected device may be provided with low-level routines that are correlated to the memory instructions. Detecting the advanced persistent threat may be comprised of authenticating the memory instructions of the network-connected device by using the installed low-level routines.

Abstract: A method and device for selectively securing records in a Near Field Communication Data Exchange Format (NDEF) message in a Near Field Communication (NFC) device are provided. The method includes generating a record by setting a first field to ‘0’ and setting a second field to a predefined value, wherein the record indicates a beginning of at least one record to be secured in the NDEF message; and placing the record in the NDEF message, wherein, at least one record preceding the record is unsecured and at least one record following the record is secured.

Abstract: A threshold encryption system comprising a sender device configured to generate ciphertexts and at least one entity device configured to perform partial decryption of ciphertexts. The system is based on Cramer-Shoup encryption systems and use linearly homomorphic signatures as publicly verifiable proofs of ciphertext validity.

Abstract: A method of storing an amount of data D in association with a device, the method comprising: obtaining a characteristic C of the device; generating error correction data R for the characteristic C, the error correction data R enabling correction of up to a predetermined number of errors in a version of the characteristic C; combining the characteristic C with the amount of data D and an authentication key K to generate storage data P, wherein said combining is arranged so that the amount of data D and the authentication key K are obtainable using the characteristic C and the storage data P; generating a signature using a signature key, the signature being a digital signature of a quantity of data comprising the storage data P, the amount of data D and the authentication key K, wherein the signature key corresponds to a verification key accessible by the device; generating an authentication code for the error correction data R using the authentication key K, wherein the authenticity of the error correction dat

Abstract: According to one embodiment of the present invention, a method of transferring filters for operations in a distributed system comprises generating at each source node a first filter of a first size. The first filter indicates elements of objects that need not be processed for an operation. Each source node generates one more second filters of a second size less than the first size. Each generated second filter is based on a prior generated filter with each location representing a plurality of locations from the prior generated filter. A second filter is transferred from each source node to each of destination node. The elements of the objects to remove for the operation are determined based on the transferred second filters. Embodiments of the present invention further include a system and computer program product for transferring filters in a distributed system in substantially the same manners described above.

Abstract: Various embodiments are disclosed that relate to security of a computer accessory device. For example, one non-limiting embodiment provides a host computing device configured to conduct an initial portion of a mutual authentication session with an accessory device, and send information regarding the host computing device and the accessory device to a remote pairing service via a computer network. The host computing device is further configured to, in response, receive a pairing certificate from the remote pairing service, the pairing certificate being encrypted via a private key of the remote pairing service, and complete the mutual authentication with the accessory device using the pairing certificate from the remote pairing service.

Abstract: According to one embodiment of the present invention, a method of transferring filters for operations in a distributed system comprises generating at each source node a first filter of a first size. The first filter indicates elements of objects that need not be processed for an operation. Each source node generates one more second filters of a second size less than the first size. Each generated second filter is based on a prior generated filter with each location representing a plurality of locations from the prior generated filter. A second filter is transferred from each source node to each of destination node. The elements of the objects to remove for the operation are determined based on the transferred second filters. Embodiments of the present invention further include a system and computer program product for transferring filters in a distributed system in substantially the same manners described above.

Abstract: A base station and wireless device, as well as corresponding methods, for Information Centric Networking (ICN) based communications with radio bearers, to provide a means for using ICN bearers in parallel with standard Packet Data Network (PDN) bearers.

Abstract: A method for gathering and verifying customer information via SMS and in-person representatives are provided. The method may include a business correspondent receiving and verifying customer information in-person; sending the customer information to a data center, via a business correspondent application (BC app), to create a customer account; sending the account information to the customer and the BC app; verifying the account information with the customer; and syncing the BC app with the data center.

Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for active, real-time control of a plurality of devices and associated applications for monitoring and completing one or more targets through an interactive integrated interface. In this regard, the system determines a plurality of devices and applications associated with the user. The system then determines one or more targets of the user based on analyzing device information, application information and user information. The one or more targets are configured to be completed by modifying control factors associated with the devices. The system may then initiate a display of the targets on the interactive integrated interface and enable the user to select suitable targets. Following the selection of targets by the user, the system configures applications and devices associated with the targets to provide information and feedback associated with the selected targets.

Abstract: The described technology provides a capability to perform in-session updates to entitlements associated with a user's access to content served by a web application. The content may be from one or more external servers. The technology provides for automatically detecting changes to entitlements, and without requiring a user of an active session to initiate a new session, updating entitlement data in a memory such that subsequent requests for data made by the client in the same active session are serviced using the updated entitlements.

Abstract: A system for providing a conditional single sign-on, wherein during a first access sequence a connection broker provides a first random number to a device. During a subsequent access period, the device provides encrypted user credentials to the connection broker comprising credentials of a user encrypted by a key K. The key K comprises the first random number combined with a second random number. The device further provides an encryption of the second random number to the connection broker, the second random number encrypted with a first public key held by the computer resource. The connection broker decrypts the first random number and retransmits the encryption of the second random number and the encrypted user credentials to the computing resource.

Abstract: Methods and systems for verifying a user's identity on a computing device using two-factor authentication are described. More particularly, the system utilizes a personal identification number input by a user, together with one or more of a secure browsing feature, a device fingerprint, and a token generator to authenticate the user on the computer.

Abstract: For a plurality of events, event stage information is stored which describes an event observed by an information system when an attack against the information system is underway, a pre-event stage, and a post-event stage. Observed event notice information is received which notifies an observed event observed by the information system. Event stage information is searched for which describes the observed event notified by the observed event notice information. Event stage information is searched for which describes a post-event stage coinciding with a pre-event stage of the event stage information searched for, or a pre-event stage coinciding with a post-event stage of the event stage information searched for.

Abstract: A system and method performs packet analysis in a distributed communication network. Packet processors tap into data packet flow at various points in the distributed network. The packet processors processes data packets from the packet flow and select a set of packets using a packet signature function and packet selection criteria. A packet record is created by each packet processor and sent to other packet processors in the distributed network. The other packet processors add data to the packet record for the same set of packets. The packet records are analyzed to gather comparative data to identify problems in the network.

Abstract: An apparatus comprising: a processor; and a memory including computer program code, the memory and the computer program code configured, with the processor, to cause the apparatus to perform at least the following: compare received biometric face vectors, wherein each received biometric face vector is received from a respective electronic device of a plurality of electronic devices and comprises one or more biometric face values determined from a respective image of a person captured by the corresponding electronic device; and provide for pairing authentication of the plurality of electronic devices if the comparison meets a predetermined similarity criterion.

Abstract: An authentication device may be provided. The authentication device may include a memory configured to store: a first public key; and first data signed using a first private key corresponding to the first public key, the signed data including a second public key. The authentication device may further include a first verification circuit configured to verify the first data using the first public key; and a second verification circuit configured to verify second data using the second public key, the second data signed using a second private key corresponding to the second public key.

Abstract: We propose a method that uses formatting options of Font, Font Size, Font Color, Shading, Font Style, Font Effects, Font Underline, and Character Effects as a part of electronic signature.

Abstract: Embodiments of the disclosure describe systems and methods for selecting a first group of users, which is selected to receive simulated phishing emails as part of a simulated phishing campaign, and adding users to a second group of users based upon those selected users interacting with a simulated phishing email that is part of a simulated phishing campaign; tracking the completion of remediation training related to phishing emails by users in the second group of users and receiving one or more indications that the users in the second group of users have completed remedial training; and automatically adding users, who are members of the second user group, to the first user group, to a third user group, or to a predetermined user group responsive to the one or more indications that the users in the second group of users have completed remedial training.

Abstract: The described method is analogous to handling credentials in the physical world where agents and notary publics affix their attestations using their notary seals. The described method enables a person having a personal identity device and an electronic credential (e-credential) to create a digital seal to affix the owner's identity and attestation to an electronic artifact such as a transaction, document, or e-credential. The e-credential owner cannot repudiate having affixed the attestation to the electronic artifact. This enables other parties, including the e-credential owner, to inspect the digital seal affixed to the electronic artifact to identify the owner and the electronic artifact, verify the digital seal, and thereby obtain objective evidence that the attestation is truthful.

Abstract: A device for reading a message includes a reader to read biometric data of a holder of the medium and a scanner to capture, on a medium, an encoded message having elementary message units. The message includes a noise that consists of marking defects of the message on the medium which are random and unpredictable for each elementary message unit. A noise reducer to reduce the noise of the captured message based on biometric data. A decoder to decode at least one portion of the message in which the noise has been at least partially removed. Preferably, the decoder utilizes redundancies of the message with the noise removed to determine at least one portion of the encoded message.

Abstract: Various embodiments concern mechanisms for facilitating communication between network-accessible platforms for developing, hosting, or running hybrid applications that utilize resources hosted across multiple platforms. Hybrid applications cause messages or “calls” to be passed between the platforms that must be authenticated. For example, when a call is placed by a Heroku platform to a Force.com platform, the call must be authenticated for security purposes. If Heroku has not already been authenticated when the call is submitted, an authentication process is invoked. An event listener can be used to register details regarding the initial callout task, and then register or “fire” an event when the authentication process is successfully completed. Registration of the initial callout task completely separates the authentication process from the resource being invoked. Requests can be completed without requiring further user input using at least some of the details registered by the event listener.

Abstract: The present invention relates generally to digital watermarking. One aspect of the disclosure includes a method comprising: obtaining data representing imagery; using one or more configured processors, analyzing a plurality of portions of the data to detect a watermark orientation component, said analyzing employing a match filter, in which the match filter yields a correlation value for each of the plurality of portions; determining a first portion from the plurality of portions that comprises a correlation value meeting a predetermined value; and directing a watermark decoder at the first portion to decode a plural-bit watermark payload, in which the watermark decoder produces a watermark signature for the first portion, and in which the watermark decoder searches a plurality of areas at or around the first portion to decode the plural-bit watermark payload. Of course, many other aspects and disclosure are provided in this patent document.

Abstract: In an approach for protecting against use of clones of electronic devices, a first sequence value is initialized on the server and an equal second sequence value is initialized on an electronic device. In response to a first login request to the server from a user operating the electronic device, the first and second sequence values are compared. If the values are equal, processing of the login process continues. Otherwise, the login request is rejected. If the login is successful, a next value is computed for the first and second sequence values, and the next first and second sequence values are stored on the server and on the electronic device, respectively.

Abstract: A video receiving apparatus includes a receiver, a first display, an extractor, an information forming controller, a number-of-viewer detector, a communicator, and a display controller, leading to appropriate display of configuration information and associated information of a video content. The extractor extracts a partial content from the video content. The information forming controller forms the configuration information from the partial content. The number-of-viewer detector detects the number of viewers present within a predetermined area. The communicator receives an identifier transmitted from a mobile terminal having a second display. The display controller can selectively display the configuration information on the second display of the mobile terminal identified by the identifier, and displays the configuration information on at least one of the first and second displays based on the number of the viewers and the number of the identifiers.

Abstract: The present invention relates to methods for protecting a data signal using the following techniques: applying a data reduction technique to reduce the data signal into a reduced data signal; subtracting the reduced data signal from the data signal to produce a remainder signal; embedding a first watermark into the reduced data signal to produce a watermarked, reduced data signal; and adding the watermarked, reduced data signal to the remainder signal to produce an output signal. A second watermark may be embedded into the remainder signal before the final addition step. Further, cryptographic techniques may be used to encrypt the reduced data signals and to encrypt the remainder signals before the final addition step.

Abstract: An accessory, an electronic apparatus and a system for accessory certification is disclosed. The accessory comprises an encryption chip, with the encryption chip comprising a first memory module, configured to store a private certification key and a mixed certification key formed at least by combining a public certification key and pseudo keys according to a predetermined rule. The processing module of the electronic apparatus at least extracts the public certification key from the mixed certification key according to an algorithm matched with the predetermined rule when the electronic apparatus and the accessory are forming a physical connection. The processing module uses the public certification key to certify the accessory. In such a manner, the present invention can improve the security level of keys so as to improve the security and reliability for the electronic apparatus to use the accessory.