Abstract: A method for displaying notification information on an electronic device is disclosed. The method includes: receiving notification information in a lockscreen state; determining a user type of a user to view the notification information; determining a display mode of the notification information according to the user type; and displaying the notification information on the electronic device according to the display mode.

Abstract: A processor-based method to defeat file and process hiding techniques in a computing device is provided. The method includes generating one of a path permutation, a symlink, or an address, for a path to open or obtain status of a tool or function in a library in a mobile computing device and making an open or status call for the tool or function, using the one of the path permutation, symlink or address. The method includes avoiding a pattern match and blocking, by an injected library, of the open or status call, the avoiding being a result of making the open or status call using the path permutation, symlink or address.

Abstract: A controlling method for a portable information capture device includes controlling the portable information capture device to run in a relay station mode or a workstation mode via a wireless connection by using a mobile device, when the portable information capture device runs in the relay station mode, receiving a media data of the portable information capture device via the wireless connection by using the mobile device, and when the portable information capture device runs in the workstation mode, transmitting a connection data to the portable information capture device via the wireless connection by using the mobile device, so as to cause the portable information capture device using the connection data to build a connection with a relay station.

Abstract: The invention relates to a method for masking an item among a plurality of items displayed on a touchscreen terminal, the method being such that it has, following an action (300) by a user, steps of display (301) of a masking symbol associated with an item at a first location; of detection (302) of contact with the screen on a non-masked item; of continuous movement (303) of the masking symbol on the item in correlation with movement of the contact detected on the screen and of masking of that portion of the item that is situated between the masking symbol and the first location; and of masking (304) of the whole of the item when the masking symbol is at a second location and the contact is no longer detected. The invention likewise relates to a device and a terminal that implement this method.

Abstract: According to an implementation, a host computing device receives, from a first computing device, a data collection request of a first user. The data collection request indicates a data point (whose characteristics are defined in a mark-up language schema) that is to be the subject of the data collection and identifies a second user as provider of a value for the data point. The host computing device notifies the second user of the data collection request and receives, from a second computing device, a request of the second user for the data point to be assigned a plurality of categories. In response to the request of the second user, the host computing device extends the mark-up language schema to characterize the plurality of categories within the mark-up language schema.

Abstract: Systems and methods for filtering aircraft messages are provided. In one embodiment, the method can include receiving a message including a plurality of data fields containing data associated with the message. The method can include accessing a set of configuration data. The set of configuration data can include a set of data identifying one or more potential message structures and one or more parameters. The parameters can include one or more conditions for processing the data fields. The method can include determining a message structure of the message based at least in part on the data fields and the first set of data identifying one or more potential message structures. The method can include processing the message based at least in part on the message structure and the parameters. The method can include generating a filtered message that is based at least in part on the processed message.

Abstract: A method for allowing a computer to boot from a user trusted device is provided. The computer includes a long-term data storage device storing operating system (OS) services. The user trusted device is connectable to the computer and stores a boot loader detectable and executable by a firmware of the computer, an OS loader designed to load an OS of the computer, and one or more crypto drivers designed for allowing access to the OS and data stored encrypted on the data storage device. The method comprises letting the boot loader be executed to cause to transfer the OS loader from the user trusted device to the computer and executing the transferred OS loader to cause to execute the one or more crypto drivers for the OS and the data stored encrypted on the data storage device to start the OS services and complete booting of the computer.

Abstract: According to one embodiment of the present invention, a system for protecting data determines a desired duplication rate based on a level of desired anonymity for the data and generates a threshold for data records within the data based on the desired duplication rate. The system produces a data record score for each data record based on comparisons of attributes for that data record, compares the data record scores to the threshold, and controls access to the data records based on the comparison. Embodiments of the present invention further include a method and computer program product for protecting data in substantially the same manners described above.

Abstract: The present invention is directed to a method of calculating the results of a moving k-nearest query and safe exit locations in a road network, and more particularly to a method and apparatus that receive a request from a client terminal and provide the results of a k-nearest query, a safe zone and safe exit locations together. In the present invention, a query is processed in a server, a request for a query from a querying user and the location information of the querying user are received from an LBS, the location information of the querying user is anonymized and then the query request is transferred to the server, and query results corresponding to the anonymized location information of the querying user are received from the server and then transferred to the querying user, thereby protecting the location information of the querying user.

Abstract: An example apparatus to collect distributed user information for media impressions and search terms includes means for collecting first and second identifiers based on use of an application that does not employ cookies, the first identifier identifying at least one of a device or a user of the device to a first database proprietor that stores first user information associated with the first identifier, and the second identifier identifying the at least one of the device or the user of the device to a second database proprietor that stores second user information associated with the second identifier, and means for sending identifiers to: send the first identifier to a first server associated with the first database proprietor, send the second identifier to a second server associated with the second database proprietor, and send to a data collection server at least one of a media identifier indicative of media accessed via the application at the device or a search term used via the application at the device.

Abstract: A method for controlling device triggering in a mobile communication system includes registering a default urgent level of a terminal when the terminal is connected, receiving a device trigger register including urgent level information transmitted from an application server, and setting the received urgent level in a packet filter, and comparing, upon reception of a downlink data packet from the application server, a default urgent level and an urgent level of the application server to determine whether to transmit a downlink data notification. The method further includes receiving a device trigger register including wait time information transmitted from an application server, and then setting the received wait time in the packet filter, and buffering during the wait time upon reception of the downlink data packet from the application server, and then determining a downlink data notification transmission upon expiration of the wait time.

Abstract: A system and method for mobile peer authentication and asset control. The system and method may be configured to authenticate peer users across any digital network and platform and may allow users to independently control access to content they share with others across the same platforms from their computing devices. Senders may anonymously verify other mobile users according to device, location, behavior, and knowledge contexts, and may independently control or monetize shares with one or more of those peers in real-time across any social, messaging, or electronic communication network, either by value or by reference.

Abstract: A system that includes a storage volume comprising a plurality of regions. The system also includes a plurality of nodes to receive transactions related to the storage volume from one or more client computers and execute the transactions. Each node is designated as an owner of one region of the plurality of regions. Each one of the plurality of nodes includes a ticket dispenser for dispensing tickets that ensure that the transactions that are actively being executed have exclusive access to a storage object identified in the transaction.

Abstract: Some embodiments relate to a device that transmits/receives encrypted communications with another device. A first device, such as a smart phone or smart watch, may generate a message associated with a certain data class, which may determine the security procedure used in the communication of the message. The first device may establish an encryption session for the purpose of communicating the message to a second device. Prior to sending the message, the first device may wait until encryption credentials are accessible according to certain conditions, which may be determined at least in part by the data class of the message. Similarly, after receiving the message, the second device may not be able to decrypt the message until encryption credentials are accessible according to certain conditions, which may be determined at least in part by the message data class.

Abstract: The invention relates to a method and a device for the control of a locking mechanism (2) by a user (5) by means of a mobile terminal (1) comprising a user interface (4), means for establishing a local data connection (3) and means for establishing a connection to a network (6), in particular the Internet, wherein the locking mechanism (2) can be connected to the local data connection (3), wherein an identity provider (7) that can be connected to a network (6) and an authorization entity (8) that can be connected to a network (6) are provided, and wherein the mobile terminal (1) is designed to log in to the identity provider (7).

Abstract: A device identification is generated for a programmable device. A security key is generated to protect a content of the programmable device. A device birth certificate is generated with the device identification and the security key. The programmable device is programmed with the device birth certificate at time of manufacture of the programmable device.

Abstract: To provide a technique for appropriately managing the log of a change of state of an electronic device, an electronic device including a wireless communication unit, detects, via the wireless communication unit, wireless communication from a terminal existing on the periphery of the electronic device; detects a change of state of the electronic device. The electronic device generates a first log that associates identification information corresponding to information included in the wireless communication with the detected change of state, generates a second log that associates identification information used to identify a user specified based on the login operation with the detected change of state, and stores the first log and the second log.

Abstract: Data access sharing may be provided. Requests may be received to display an data item associated with a list of data items. Upon determining whether a property of the data item is restricted by an access control policy, the property may be modified prior to rendering a display of the data item.

Abstract: Computer implemented methods and systems are provided for providing customized web pages that are customized for each user. A database can store first entries each being configured to store user information for each user, and second entries each being configured to store an identifier and customized content for each user (or alternatively a way to retrieve such customized content). A tree-like data structure is stored in cache and includes nodes that each store an identifier that refers to one of the second entries. After log in, the server system retrieves user information associated with the particular user and uses it to retrieve a particular identifier stored by a particular node. Using a corresponding one of the second entries that includes the particular identifier, particular customized content for the particular user can be retrieved and sent to a user system where it is used to display a particular customized web page for that particular user.

Abstract: Various embodiments provide confidentiality-based file hosting by automatically directing assets in a shared workspace to appropriate storage locations. The storage location can be determined by comparing a security level that is associated with an asset to security levels of multiple possible storage locations. If a security level of the asset is changed in the shared workspace, the asset is automatically directed to an appropriate storage location based on the changed security level. This can include directing the asset to either a more secure or a less secure storage location.

Abstract: In order to provide secure user access to a device or service on a remote network, upon receipt of a request to access the device or service on a portal on a central server, a request is sent to a probe application installed on the remote network to establish a secure link to the central server. A message is then sent to the user directing the user to initiate a specific session request to the central server. The session request is cross connected to the probe application installed on the remote network over the secure link to establish a secure tunnel to the probe application. A secure user session is set up through the secure tunnel to the device or service via the probe application.

Abstract: In accordance with examples disclosed herein, a filter table for Media Access Control (MAC) chaining contains mappings between signature addresses, service functions, and management functions, to identify corresponding service function chains. The filter table is to store statistic information about the packet. A controller is to uniquely identify a management function corresponding to the signature address, and modify tables of packet signature addresses usable to modify the packet to cause the packet to be forwarded to the management function. The controller is to update the statistic information about the packet.

Abstract: Functionality is disclosed herein for providing a resource monitoring environment that restricts access to computing resource data in a service provider network. The resource monitoring environment processes requests to access computing resource data, and denies requests not signed or authorized by a customer of a service provider network or other entity. Access to the computing resource data includes access to non-obfuscated data and/or access to encrypted computing resource data encrypted by way of a public encryption key held by a customer of the service provider network or other entity instead of a requestor of the computing resource data.

Abstract: The disclosed computer-implemented method for digitally enforcing computer parental controls may include (i) identifying a parental-control policy that controls a user's computer usage in some way, (ii) determining that the user is using a primary device, which is configured to restrict its usage according to the terms of the parental-control policy, to access a secondary device, which is not configured to restrict its usage according to the terms of the parental-control policy, and (iii) restricting, in response to the determination, the user's access to the secondary device according to the terms of the parental-control policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: For efficient authorization settings in a computing environment, user access permissions are created or modified by mapping, granting, and/or limiting access to resources by resource type, and using checkboxes for controlling user access for individual resources and for mapping one of a multiplicity of icons to control a type of user access and control over the individual resources.

Abstract: Trusted executable images are run in a controlled environment, such as a dynamic malware analysis platform. For each trusted executable image, a corresponding baseline import-load signature is generated. This can be done by applying a cryptographic hash function to the specific instructions which resolve imports and/or load libraries, and their operands. Sample programs are run in the controlled environment and tested for maliciousness. Any executable image run by a given sample program in the controlled environment is identified, and an import-load signature of the executable image when run by the sample program is generated. The import-load signature of the executable image when run by the sample program is compared to the corresponding stored baseline import-load signature for the same executable image. The sample program is adjudicated as being benign or malicious based on at least the results of the comparison.

Abstract: The invention relates to a method for managing on-street parking spaces. The method includes querying, by a unit of a vehicle, vehicle sensors about the occupancy status of a parking space around the vehicle, the setting up of a communication channel between the unit and a remote server, the authentication of the unit with the server, the sending of a message with a public encryption key by the server to the unit, the encryption of the geolocation data and the occupancy status, the sending of the encrypted data to server, the decryption by the server of the received encrypted data, the comparison of the geolocation data received with a database containing referenced parking spaces and the update in the database of the occupancy status of referenced parking spaces.

Abstract: The disclosed technology provides systems and methods for filtering information based on a set of properties. The information consists of a set of items that the user is interacting with, such as documents, presentations, audio and video files, and the like. The properties can be specified by the user (by, for example, putting a set of items in lists and folders), based on actions taken by users in the system (such as commenting on, or liking, or viewing an item), or can represent a variety of other characteristics. Related properties can also be grouped together. Furthermore, the disclosed techniques provide mechanisms for automatically identifying useful properties and providing an indication of those useful properties to a user to use in narrowing results.

Abstract: A system may receive a query configured to access a column in a data table. The data table may be in a flat file in a big data storage format. The system may detect the language type of the query and validate the query against the syntax of the language type. The system may also validate an access permission for data in the data table. The access permission may be stored in a permissions database. The system may generate a temporary table including the column with the temporary table configured to support the language type. The system may execute the query against the temporary table to generate a query result based on the temporary table as though it were the underlying data table. The system may enforce column-level or row-level access permissions by excluding columns or rows from the temporary table.

Abstract: In a method of controlling sharing of an object between entities in a distributed system, a processor will identify an object and generate an access control list (ACL) for the object so that the ACL includes a list of clauses. Each clause will include a blessing pattern that will match one or more blessings, and at least one of the clauses also may include a reference to one or more groups. Each group represents a set of strings that represent blessing patterns or fragments of blessing patterns. The processor may generate each clause of the ACL as either a permit clause or a deny clause to indicate whether an entity or entities that have a blessing matched by the blessing pattern are permitted to access the object. The processor will save the ACL to a data store for use in responding to a request to access the object.

Abstract: A method and system are performed by a processor of an audio-visual device according to instructions stored in a memory of that device that determines identity of a content medium based upon attributes associated with it and a set of user-defined settings associated with the content medium. The processor identifies a set of source-defined settings for configuring the device and selects one set of user-defined settings or the set of source-defined settings for configuring the audio-visual device. In addition, the processor determines if preexisting attributes exist that if it has to override the set of user-defined settings. It then configures one of the set of user-defined or overrides the settings. All channels from a particular network provider utilize the same set of user-defined settings, including channels that have not been visited by a user and future channels that have not yet been created.

Abstract: Methods and apparatus for monitoring a portable device are disclosed herein. An example method includes connecting to a portable device using a shell. Whether the shell has an elevated privilege on the portable device is verified. In response to detecting that the shell does not have the elevated privilege, the elevated privilege is gained. A packet capturer is installed on the portable device using the elevated privilege, the packet capturer to capture packets to produce media exposure data, the elevated privileges to enable the packet capturer to capture packets after disconnection of the shell from the portable device.

Abstract: This disclosure concerns homomorphic encryption for database querying. Numerical values are encrypted using keys and random numbers to produce a ciphertext. The ciphertext is homomorphic and is comprised of two or more sub-ciphertexts. Queries based on addition, average and multiplication operations can be performed without decrypting the numerical values relevant to the query. Each sub-ciphertext is stored in a single record and in separate attributes. There is disclosed methods of encrypting and decrypting, creating a suitable table, querying such a database and updating such a database.

Abstract: A content distribution network includes first and second controllers, and multicast enabled routers. The first controller is configured to select a multicast channel for distributing content, to determine that the content has a geographic restriction associated with a restricted area in the content distribution network, to link an exclusion policy for the content to the multicast channel while the multicast channel provides the content, and to deny a request for the content from a client system within the restricted area based on the exclusion policy. The second controller is configured to distribute the exclusion policy to the multicast enabled routers including a first router configured to store the exclusion policy, and to ignore a multicast join message from the client system within the restricted area based on the exclusion policy.

Abstract: Disclosed are various embodiments for detecting malicious activities by imported software packages. A monitoring service determines that untrusted code executing in at least one computing device has invoked a privileged operation. A context in which the privileged operation is invoked is identified. The monitoring service determines whether the context and the privileged operation corresponds to an expected behavior of the untrusted code based at least in part on a past behavior profile of the untrusted code. An action is performed in response to determining that the context and the privileged operation do not correspond to the expected behavior.

Abstract: A system and method for communicating secure, privatized data stored on a first user device with a second user device requesting access thereto includes initiating a timed access gate for receiving verification of authenticating credentials from the second user device, after the first user credentials associated with the first user device are verified. If the second user device is verified within the predetermined period of time, an authentication handshake between the first user device and the second user device is completed. On completion of the handshake, a communication channel is opened for transmitting the first user's privatized data between the first user device and the second user device.

Abstract: A system and method of loss prevention using a pair of ID tags is disclosed. The user or owner of the protected object can dynamically create a security perimeter by using key ID tag and object ID tag pair. An object ID tag is either embedded in or attached to a protected object. A key ID tag, which is in a handheld device, has protection to prevent unauthorized scan. The object ID tag information can only be obtained from key ID tag using preprogrammed algorithm. The area security system will be armed after reading and validating a key ID tag scanned by the user. If anyone takes protected object with object ID tag out of the area without proper key ID tag authentication, alarm will be triggered.

Abstract: The apparatus disclosed herein, in various aspects, includes a digital asset, and an amulet that comprises an encrypted self-validating string. The amulet may be external to the digital asset. The apparatus may include a manager that cooperates securely with the digital asset and cooperates securely with the amulet to control access to the digital asset as specified by the amulet. In some aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through shared memory in process space. In other aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through a RAM drive in memory, the RAM drive at least partially hidden from an operating system of the computer. In yet other aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through a virtual machine accessible only by said apparatus.

Abstract: Techniques for determining potential sharing of private data are described herein. The techniques may include identifying content having computer readable access rules associated with a private domain of a social network, and identifying private data of the content. A potential share of the content outside of the private domain is detected and a search of the potential share to determine whether the potential share is associated with the private data is performed. The techniques may also include detecting a match between the potential share and the private data.

Abstract: Techniques for determining potential sharing of private data are described herein. The techniques may include identifying content having computer readable access rules associated with a private domain of a social network, and identifying private data of the content. A potential share of the content outside of the private domain is detected and a search of the potential share to determine whether the potential share is associated with the private data is performed. The techniques may also include detecting a match between the potential share and the private data.

Abstract: An example method to monitor usage of a device includes collecting first and second identifiers based on use of an application that does not employ cookies, the first identifier identifying at least one of the device or a user of the device to a first database proprietor, and the second identifier identifying the at least one of the device or the user of the device to a second database proprietor; sending the first identifier to a first server associated with the first database proprietor, sending the second identifier to a second server associated with the second database proprietor; and sending to a data collection server at least one of a media identifier indicative of media accessed via the application at the device or a search term used via the application at the device.

Abstract: A content delivery provider may stream an application to each of a plurality of computing devices. The content delivery provider may transmit an offer to download the application to each of the plurality of computing devices, after a first initial display interval. The provider may receive a number of positive user interactions with the offer after the first initial display interval, and a total number of positive user interactions with the offer. The provider may automatically adjust the initial display interval by a factor proportional to a desired first-display quantile divided by the number of positive user interactions after the first initial display interval. The application may be streamed to a second computing device, and the offer to download the application transmitted to the second computing device, after the adjusted initial display interval.

Abstract: The present disclosure provides a method, apparatus and system for readily and conveniently getting network access for a smart device. The method for network access for a smart device includes receiving, by a server comprising a processor and a non-transitory storage medium, a first identification identifying a wireless access point and a first terminal identifier; receiving a second identification identifying a smart device and a second terminal identifier; associating the wireless access point with the smart device if the first terminal identifier corresponds to the second terminal identifier, and sending the second identification for the associated smart device to the wireless access point. The wireless access point provides network access authentication information to the smart device so that the smart device can get access to a network provided by the wireless access point with the network access authentication information.

Abstract: As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.

Abstract: A method for routing object data that defines a 3-dimensional (3D) object to a 3D printer includes receiving the object data at a server and determining, by the server, object attributes associated with the object defined by the object data. The server searches a database that stores 3D printer attributes for one or more 3D printers capable of printing objects that possess the determined object attributes. If one or more capable printers are identified, the server communicates a list that identifies the one or more capable printers to a user.

Abstract: Network traffic is monitored, and activities concerning posting images to sharing sites are detected. Detected activities can be attempts to login to sharing sites, or attempts to post images. Privacy concerns associated with sharing images on target sites are identified. In the case of detecting a successful attempt to login to a known sharing site, the site is scanned for the privacy settings in effect for the user, and it is determined whether the settings are below a given threshold. Another example of a privacy concern is detecting an attempt to post an image to an unknown site. When a privacy concern is detected, the user is warned, and prompted to indicate whether images are to be posted to the target site anyway. Attempts to post images to sites that are subject to privacy concerns are processed according to received user directives (e.g., blocked or allowed).

Abstract: A method for use in a distributed storage network (DSN) including a plurality of distributed storage (DS) units includes receiving, at a DS unit, a rebuilding request indicating that the DS unit is to provide an encrypted partial slice to a requesting DS unit included in the DS network. Key pairing requirements associated with the rebuilding request are determined, and an even number of key pairing entities are selected based on the key pairing requirements. The even number of key pairing entities being fewer than a decode threshold number of key pairing entities. The DS unit generates shared secret keys corresponding to each of the even number of key pairing entities, uses those keys to generate an encrypted partial slice, and transmits the encrypted partial slice to the requesting DS unit in accordance with a rebuilding topology.

Abstract: Various systems described herein facilitate storage of files in various formats. A client device can generate a request for a particular file or content. The client device can submit a request with various request parameters. A file service can identify an appropriate file in an appropriate format. The appropriate file in the appropriate format can be provided to the client device in response to the request.

Abstract: This disclosure provides for implementing a firmware security interface within a field-programmable gate array (FPGA) for communicating between secure and non-secure environments executable within the FPGA. A security monitor is implemented within the programmable logic of the FPGA as a soft core processor and the firmware security interface modifies one or more functions of the security monitor. The modifications to the security monitor include establishing a timer “heartbeat” within the FPGA to ensure that the FPGA invokes a secure environment and raising an alarm should the FPGA fail to invoke such environment.

Abstract: A system, method, and computer program product for implementing a phishing assessment that includes a phishing server that implements one or more phishing assessments; the phishing server: identifies legitimate target domain names to be used in the phishing assessment, generates one or more pseudo domain names and pseudo web pages, where the pseudo domain name are visually similar to an identified target domain name and the pseudo web page includes one or more characteristics and attributes of a legitimate web page.