Abstract: A network node in a distributed network employs a surface immunoglobulin program to monitor other nodes in the distributed network and generate an alert upon detecting a suspicious activity; and pushes a free-antibody program to a requesting node petitioning to access the distributed network. The free-antibody program can include a software agent that monitors the requesting node. The free-antibody program reports detected malware and/or suspicious activity to the surface immunoglobulin program, which can enact countermeasures against the requesting node. The network node's role is based on a hierarchy of trustworthiness levels, wherein it performs at least one of monitoring other nodes, sending alerts when anomalous behavior is detected, transmitting the free-antibody software program to the requesting node, updating defensive programs, participating in consensus-based threat analysis with other nodes, identifying threats, tagging suspicious nodes, and performing countermeasures against identified threats.

Abstract: Methods and apparatus for generating and delivering selected primary content and contextually-related, targeted secondary content to users of a network. In an exemplary embodiment, the network comprises a packet-switched data (e.g., IP) network such as the Internet, and the primary content comprises video or media clips that are user-selectable via a network site or web page. The primary content carries with it descriptive metadata that is accessed by a distribution server and forwarded to a secondary content source. The secondary content source (or its proxy) utilizes the metadata to identify and return contextually-related secondary content such as advertising links. This secondary content is then presented to the user in conjunction with the primary content, such as in a common display window and in a seamless fashion, thereby avoiding distractions to the user associated with generating ancillary windows or other display mechanisms, and providing the user with highly relevant secondary content choices.

Abstract: The present invention provides a communication method in a wireless communication network in which a first wireless terminal establishes a peer-to-peer wireless connection with a second wireless terminal. The first terminal determines whether or not the second wireless terminal is a universal terminal on the basis of information received from the second wireless terminal. The first wireless terminal controls access to a resource in the first wireless terminal by the second wireless terminal after a connection is established in accordance with the result of the determination.

Abstract: Scaling events may be detected for hosting hierarchical data structures. Scaling events may be detected to modify the capacity of a data store for hierarchical data structures to handle changing write workloads, read workloads, or storage capacity. Hierarchical data structures may be moved from one group of storage hosts to another group of storage hosts according to a filtered snapshot that includes the hierarchical data structures to be moved that is provided to the destination storage hosts. Changes made to the hierarchical data structures made at the source storage hosts during the move can be applied to the filtered snapshot so that the hierarchical data structures may be made available at the destination storage hosts inclusive of the changes.

Abstract: Described herein are various technologies pertaining to identifying boundaries of a substring in a log file, wherein the substring is to be extracted from the log file and used to construct a table. An indication is received that a user has selected a beginning boundary of the substring, and the ending boundary of the substring is automatically identified.

Abstract: Disclosed is a method of customizing an appliance. The method includes steps of pre-storing a public key in the appliance; connecting the appliance to an external storage device; and booting up the appliance to automatically proceed with the following customization process: obtaining a customization file from the external storage device; authenticating the customization file with the public key; and executing customization with the customization file if the authentication succeeds.

Abstract: Systems herein allow an email application to manage passcode-based encryption (“PBE”) operations on an operating system (OS) that deletes a user passcode from memory. The email application can utilize a lock safe component that implements OS lifecycle classes. The lock safe component can receive an OS event, such as an activity, fragment, service, or SyncManager event. Before causing the email application to handle the OS event, the lock safe component can check whether the user passcode exists in memory. If it does not, the lock safe component can queue services for later operation once the passcode exists. Likewise, the lock safe component can cause the email application to prompt for the user passcode before a user interface (“UI”) performs activities or fragments, and pass state information to the email application for performing the activities or fragments.

Abstract: A distributed database system may implement reduced transaction I/O. In various embodiments, a plurality of log records may be stored in persistent storage for a plurality of pages of a log-structured storage system. A coalesce operation may be performed for at least some of the plurality of data pages for the log-structured storage system. The coalesce operation may, in some embodiments, coalesce two or more log records for one of the plurality of pages to generate an instance of the page and store the instance of the page to a new location in the persistent storage. Log records for one or more of the plurality of pages may be excluded from the coalesce operation. These excluded log records may not be dependent on a prior version of the page or portion of the page corresponding to the log record. Excluded log records may include one or more of redo records, undo records, or transaction table records.

Abstract: The invention relates to a computer installation for the management of a set of files, comprising a network including a server and a workstation, said installation further comprising a graphical user interface that is adapted to: —display a virtual space (1) as well as a first icon that represents one of said files (A) of the set of files, said first icon being placed within said virtual space (1), —enable a user of said workstation to control, by interaction of the control peripheral with said first icon, the display of a first interactive tool enabling said user to record on said server the existence of a link between said first file and at least another one of said files of the set of files. Computer installation for the management of a set of files.

Abstract: An embodiment of the invention provides a method including accessing a portal pursuant to instructions from a digital media device and identifying the digital media device to the portal to enable the portal to obtain a security code. Information having the security code is received; and, it is confirmed that the security code corresponds to a security key stored in the digital media device. The information is provided to a secure application environment in the digital media device if the security code corresponds to the security key. A copy of the security key is sent to a clearinghouse; and, the security code is received from the clearinghouse. The security code is sent to a provider of the information if the information satisfies a predetermined criteria.

Abstract: The present invention discloses a file downloading method, a server, a download access node, and a distributed storage system, which pertains to the field of communications technologies, and is designed to resolve a problem in the prior art that load on the server increases, and an authentication speed and a response speed for downloading a file are reduced. The file downloading method includes: acquiring, by a server, download permission that is set, and generating an access control list parameter of the download permission; and releasing, by the server, a download link that includes the access control list parameter, so that a terminal acquires the download link and generates a download request that includes the access control list parameter.

Abstract: A method is provided that includes receiving a command for reading out content from a non-transitory recording medium, and identifying first version information indicating a version of a content copyright protection method. The method includes identifying second version information indicating a version of a protocol used in authentication of the host apparatus, and determining whether the authentication is to be approved or not. The method also includes authenticating the host apparatus according to a result of the determination, reading out medium-specific information, and sending the medium-specific information to the authenticated host apparatus. The method further includes reading out the encrypted content and sending the encrypted content to the authenticated host apparatus, wherein the first version information is identified based on disk information that is meta data stored at a beginning of the recording medium formed in a disk shape in the identifying first version information.

Abstract: The environment within which IoT devices are operating is determining based on sets of fingerprints collected from the IoT devices. The set of fingerprints for each respective IoT device contains at least one fingerprint corresponding to a sensed IoT device in communication with the respective IoT device. A similarity score is generated for pairs of IoT devices by comparing their respective sets of fingerprints to identify matching fingerprints. The IoT devices are grouped into a common environment based on the similarity scores. In some embodiments, content is provided over one or more communications networks to a user associated with an IoT device based on the IoT device being grouped into the common environment with one or more other IoT devices.

Abstract: The present invention relates to a token device for securely executing a data transaction. The token device comprises: a secure element; a web server module configured within the secure element and arranged to transmit data messages over a network; a terminal application module configured within the web server module; and an application module configured within the secure element. The terminal application module and the application module are arranged to execute the data transaction protocol as one or more data exchanges therebetween within the secure element, upon receipt of a service request data message, received over the network at the web server module from an authorized remotely located Point of Sale (POS) terminal. The web server module is subsequently arranged to generate a transaction response data message for transmission to the remotely located POS terminal, on successful completion of the transaction protocol.

Abstract: Provided is an image displaying method of a display device. In the image displaying method, a menu screen is displayed, an image output mode is set on the menu screen, code information corresponding to the set image output mode is transmitted to a computer main body, an image corresponding to the set image output mode is received from the computer main body, and the received image is displayed.

Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, An expiration time may be assigned to sensitive data, and expired data and associated tokens may be deleted.

Abstract: A program controller is arranged to automatically authorize or configure or upgrade a program for a customer replaceable card of a system, the controller being arranged to manage the program automatically, according to a licence agreement, and according to a stored history of use of the hardware module. A supplier can track customer changes and enforce more easily different conditions for authorizing the program on, different modules from different sources, having different levels of capability. There can be less interaction with the supplier to get specific authorizations. The history can be stored on the module. It can be used to ease inventory tracking and generate billing information.

Abstract: A device is provided to receive, from a first device, a request for a product or service, determine a first geographic location of the first device, and identify a second device that is located in a geographic region associated with the first geographic location. The second device may be associated with a user that is capable of providing the product or service. The device may provide, to the first device, information regarding a second geographic location of the second device. The information may specify an obfuscated second geographic location without revealing the second geographic location. The device may also receive, from the first device, an instruction to provide the request to the second device, provide the request to the second device, receive an acceptance of the request from the second device, and provide, to the second device, data indicating the first geographic location of the first device.

Abstract: A system and method for identifying mobile users in a site includes: receiving, in real time, data packets from wireless access points; identifying unique device identifications from the received data packets, and time stamping each identified unique device identification; determining repetitive or false unique device identifications in the identified unique device identification; and eliminating the repetitive or false unique device identifications in the identified unique device identification to obtain a plurality of accurate unique device identifications.

Abstract: Disclosed is a content management system comprising: a server; a content database, configured within the server, within which are stored one or more channels, each channel comprising one or more stories, each story comprising a title and one or more files; and one or more user devices connected to the network, each user device being associated with a user, each user device being configured to allow the associated user to view one or more stories from a channel to which the associated user has viewing rights. The title of each story and the names of the files contained in the story are stored obfuscated in the content database, and the files are stored encrypted in the content database.

Abstract: Various examples of the present technology provide a method for remotely controlling zone management of a storage system that comprises generating and initializing a network service for a remote device and a new thread for handing commands from the remote device, determining, for each port of a plurality of ports associated with storage devices of a storage system, a corresponding zone group based at least upon zone IDs of the plurality of ports, setting a zoning configuration parameter corresponding to each group of the plurality of zoning groups using a serial protocol (e.g., SAS management protocol (SMP)), and configuring a zone and port mapping table and a zone permission table based at least upon the zoning configuration parameter.

Abstract: Methods and apparatus relating to observing an internal link via an existing port for System On Chip (SOC) devices are described. In one embodiment, a logic within an SOC device may allow an external logic analyzer to observe communication between a first and second component of the SOC through an existing (e.g., shared and/or non-dedicated) interface. Other embodiments are also disclosed.

Abstract: System and methods for obtaining digital multimedia files from a server based on optically scanned digital rights management information tag imprinted on physical media is described. A greeting card or gift card can be provided with indicia containing a code printed thereon. Then the code can be optically scanned by client device. The code can then be provided by the client device to a remote server for retrieval of multimedia files identified by the code if the code authorizes multimedia file retrieval from the remote server by the client device. Then the client device retrieves multimedia files identified by the code from the remote server following authorization of multimedia file retrieval by the remote server based on the code.

Abstract: A key distributor node for a network includes a memory device with at least one first key, at least one data communication device that can exchange data with first and second access nodes for a terminal integrated wirelessly into the network, at least one processor connected to the memory device and the data communication device, wherein functions are provided for the processor(s) that allow authentication of the terminal at the second access node in response to a key request received by the second access node, a derivation of a second key from the first key, and triggered transmission of the second key through the data communication device to the second access node. Connections to the network's first and second access nodes with security relationships can be provided for the key distributor node when using the first key.

Abstract: Methods and systems are provided for automatically identifying restored availability of multi-channel media distributors for authentication or authorization. For example, during a period of reduced availability for a multi-channel media distributor, the entitlement service diverts some or all requests from reaching the multi-channel media distributor. These requests are for programmers associated with the multi-channel media distributor to provide media content to user devices. The entitlement service subsequently transmits test requests to the multi-channel media distributor. The entitlement service determines that the multi-channel media distributor has authenticated user credentials included in the test requests or has authorized content access based on the test requests.

Abstract: A communication system includes a plurality of communication devices, and a server. The communication devices share a phone number and respectively have an identification data. The server stores a state data corresponding to the phone number. The state data includes an allowable communication state corresponding to each of the identification data. The server allows one of the communication devices to communicate through the server according to the allowable communication state and disallows the other communication devices to communicate through the server. The allowed communication device transmits a command to the server to change the allowable communication state of the state data according to an operation of a user, that one of the disallowed communication devices is allowed to communicate through server instead, and the originally allowed communication device is disallowed to communicate instead.

Abstract: A multimedia content processing device for processing multimedia contents implementing a plurality of virtual machines is provided. The device is able to receive encrypted multimedia content, protected by a content protection system, and provide the multimedia content in decrypted form to a user device, including an access controller authorizing the provision of the decrypted multimedia content to the user device, a first securer for executing security services having a first associated level of security and a second securer for executing services having an associated level of security lower than the first level of security.

Abstract: The present invention is directed to systems and methods which identify fraudulent situations during the transaction phase. In one embodiment, such detection is accomplished by monitoring for situations either outside the range of normal for the general population or outside the range of normal for this particular user. The normal range could be rule driven and, for example, could include size of a given purchase, frequency of purchases, identity of use equipment being utilized for the current transaction, etc. The rule could be relaxed or tightened, at least in part, based on the length of time that the user has been a customer and the user's past payment history. In one embodiment, device ids are used to detect fraudulent users. These device (or software) ids could, for example, be a “fingerprint” of the user's equipment, or a “cookie” previously downloaded to the user that identifies the user to the fulfillment system. In situations where fraud is detected downloading the value to the user is interrupted.

Abstract: A telecommunication carrier may stitch data from multiple sources to support device automation and access control. A state may be assigned to a user of a user device at a telecommunication carrier based on a data stitch of information from multiple data sources. The data sources may include data on a geolocation of the user device. The state may be provided to a rules engine at a remote location via a carrier network of the telecommunication carrier. An indication from the rules engine that the user device is granted or denied access to one or more entities at the location based on the state may be received via the carrier network at the telecommunication carrier. In turn, the telecommunication carrier may provide the indication of the granted or denied access to the user device of the user.

Abstract: A method, a secure device, a system and a computer program product for securely managing user access to a file system. The method includes providing a secure device, where the secure device is protected by design against malicious software or malware and adapted to establish a connection to a server through a telecommunication network establishing a connection between the secure device and the server, receiving at the secure device, through the established connection, data pertaining to a file system identifying files which are at least partly stored outside the secure device, exposing at the secure device the file system to a user, based on the data received from the server, the file system navigable by the user.

Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, access policies define authorizations regarding which entities are able to resolve a token to access the actual sensitive data.

Abstract: A threat-aware microvisor is configured to facilitate real-time security analysis, including exploit detection and threat intelligence, of operating system processes executing on a node of a network environment. The microvisor may be embodied as a module disposed or layered beneath (underlying) an operating system kernel executing on the node to thereby control privileges (i.e., access permissions) to kernel resources, such as one or more central processing units (CPUs), network interfaces, memory, and/or devices, of the node. Illustratively, the microvisor may be configured to control access to one or more of the resources in response to a request by an operating system process to access the resource.

Abstract: A method for a device to set a status of an application, including: acquiring status setting permission information of the application; determining if the acquired status setting permission information indicates that it is permitted to set the status of the application; and setting the status of the application as an inactive status, if it is determined that the acquired status setting permission information indicates that it is permitted to set the status of the application.

Abstract: One embodiment of the present invention sets forth a technique for managing playback of digital content on two or more different playback devices. A playback device designated as a controller is associated with a playback device designated as a playback target. Association is implemented via a local network discovery protocol. The controller issues commands to the target, which then streams digital content directly from a content server. The controller is able to separately stream related digital content for independent, but synchronized playback. Server mediated operations, such as device activation and application installation, are advantageously enabled by explicit association between the controller and the target.

Abstract: Techniques for implementing software licensing in a massive parallel processing environment on the basis of the actual use of licensed software instances are disclosed. In one embodiment, rather than using a license server or a node-locked license strategy, each use of a licensed software instance is monitored and correlated with a token. A store of tokens is maintained within the licensing system and a token is consumed after each instance successfully executes. Further, a disclosed embodiment also allows jobs that execute multiple software instances to complete execution, even if an adequate number of tokens does not exist for each remaining software instance. Once the license tokens are repurchased and replenished, any overage consumed from previous job executions may be reconciled. In this way, token-based licensing can be adapted to large scale computing environments that execute jobs of large and unpredictable sizes, while the cancellation of executing jobs may be avoided.

Abstract: Various aspects of the disclosure relate to configuring and providing policies that manage execution of mobile applications. In some embodiments, a user interface may be generated that allows an IT administrator or other operator to set, change and/or add to policy settings. The policy settings can be formatted into a policy file and be made available for download to a mobile device, such as via an application store or to be pushed to the mobile device as part of a data push service. The mobile device, based on the various settings included in the policy file, may perform various actions to enforce the security constraints that are represented by the policy. The various settings that can be included in a policy are numerous and some examples and variations thereof are described in connection with the example embodiments discussed herein.

Abstract: Techniques for implementing software licensing in a massive parallel processing environment on the basis of the actual use of licensed software instances are disclosed. In one embodiment, rather than using a license server or a node-locked license strategy, each use of a licensed software instance is monitored and correlated with a token. A store of tokens is maintained within the licensing system and a token is consumed after each instance successfully executes. Further, a disclosed embodiment also allows jobs that execute multiple software instances to complete execution, even if an adequate number of tokens does not exist for each remaining software instance. Once the license tokens are repurchased and replenished, any overage consumed from previous job executions may be reconciled. In this way, token-based licensing can be adapted to large scale computing environments that execute jobs of large and unpredictable sizes, while the cancellation of executing jobs may be avoided.

Abstract: The disclosure of the present document can be embodied in a non-transitory computer-readable medium storing instructions that cause one or more processors to perform various operations, including, receiving, from a first client device associated with a user account of a first user, a request for sharing a document. The document is associated with a credential of the first user, and the credential is associated with the user account of the first user. The operations include transmitting, in response to the request, a code associated with the document, and receiving, from a second client device, a request to access the document. The request to access the document includes the code associated with the document. The operations include determining, based on the request to access the document, that the second client device is authorized to access the document, and communicating, to the second client device, a message including information about the document.

Abstract: A system for securely mediating messages between a native application and a browser application on a computing device includes running the browser application and a browser process that controls access by the browser-based application to the native resource. The browser process may use a data file distributed with the native application to allow or deny communications between the browser-based application and the native application. When communications are allowed the browser-based application accesses the native resource via the native application. In one implementation, the browser process may initiate a native messaging host and send communication requests to the native messaging host. The data file may be downloaded with the native application or separately from the native application from a site that distributes the native application or a site controlled by the developer of the native application. The data file identifies browser-based applications allowed to communicate with the native application.

Abstract: Embodiments for preventing data loss and allowing selective data access are provided. In some embodiments, the system and method are configured to receive task protocols and registration requests; determine an allowed list based on the protocols or requests, the list comprising registered data and codes needed to execute a task; allow a user to establish a connection to a device to execute the task on the device; identify data being transferred to and from the device; compare the data being transferred and the allowable list; and determine that at least some of the data being transferred is allowable.

Abstract: One embodiment provides an electronic mobile device comprising one or more mobile applications. Each mobile application has at least one corresponding graphical user interface (GUI) screen for display on the mobile device. The mobile device includes a security system. For each mobile application, the security system maintains corresponding security data, wherein the corresponding security data represents one or more secure components of a corresponding GUI screen. The security system generates a GUI screen for a mobile application based on corresponding security data, wherein each secure component of the UI screen is locked. User access to a locked component of the GUI screen is permitted only after successful user verification.

Abstract: A single still input image is converted into a decomposition video that, when played, appears to be a close facsimile of the input image. Each frame of the decomposition video has a subset of the pixels of the input image that is disjoint from the subset of pixels selected for any other frame. A union of the subsets, represented by each decomposition video frame, contains all the pixels of the input image. To preserve sufficient brightness, a decomposition video generally needs to contain a relatively small number of frames. To achieve effective and efficient blocking, of the content of the input image as it appears in each frame of a decomposition video, the present invention focuses upon a spatial filtering strategy and, preferably, a two-tiered strategy. A first tier focuses upon the obscuring of relatively high frequency spatial frequencies, while a second tier focuses upon the obscuring of relatively low frequency spatial frequencies.

Abstract: A communication terminal is provided with functions to redirect authentication data, make a substitute reply of a password to a biometric authentication part, and transfer the authentication data transmitted after the password to a browser's child process, in order to perform a substitute authentication using the biometric authentication or token, without requiring a user to input the password.

Abstract: During manufacturing a unique encrypted authentication code is created for each product based upon device specific information relating to that product. The unique encrypted authentication code together with the device specific information is stored in a database, and a representation of the unique encrypted authentication code is stored on the product. To determine whether a product in question is authentic, the readable representation of the unique encrypted authentication code is read and sent to a server along with a request for product authentication. The server provides an indication of authenticity of the product in question based upon the unique encrypted authentication code received and the device specific information associated with that unique encrypted authentication code in the database.

Abstract: A memory module determines that the memory module is connected to a memory module connector. The memory module receives the connector ID from the connector and communicates, to the connector, a memory module ID associated with the memory module. A connector-module ID token is generated using the connector ID and the memory module ID. It is determined that the connector-module ID token was not received from the connector within a predetermined time window. Data on the memory module is erased in response to not receiving the connector-module ID.

Abstract: A tethered item is associated with an identifier that uniquely identifies the item, and one or more content processing devices execute obtaining an identifier of the item, and correlating the obtained item identifier with information related to the tethered item.

Abstract: Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL.

Abstract: Systems, apparatus, methods, and computer program products are provided for determining a user's authentication requirements/credentials for a specific network access session based on the current location of the user in comparison to predetermined boundaries of location that have altered authentication requirements, in the form of, increased or decreased authentication requirements/credentials that differ from the standard authentication requirements.

Abstract: In one aspect, a method includes enabling a REST interface to have access to a volume, receiving a request to allow a native file access to the volume and allowing an application to use a native file interface to have access to the volume while preventing the modifications to the volume through the REST interface if the request is received.

Abstract: Disclosed in the disclosure are a rights control method and an apparatus for Digital Living Network Alliance (DLNA). An address/rights recoding unit is expanded at a DLNA apparatus side to record what addresses and corresponding rights; a service control program is expanded at the DLNA apparatus side, and when another DLNA apparatus requires the present DLNA apparatus to provide a service, the address of said another DLNA apparatus and the address/rights recording unit are compared and the rights is found out. Only users with a Media Access Control (MAC) address set as allowed to have related service can be allowed to use the service of the DLNA apparatus of the technology and to obtain Extensible Markup Language (XML) files of the apparatus and the service description. The service of DLNA service points can be flexibly arranged so as to enable different access users to obtain different rights, thus well guaranteeing the security of the multimedia data and the flexibility of the multimedia service management.