Abstract: A method for authorization management in an arrangement having multiple computer systems is disclosed.

Abstract: Methods and apparatuses are disclosed herein for unified tracking data management. An example method is performed at a device with a display and one or more input devices, the method including: displaying a user interface with two or more sets of tracking-data configuration options associated with a plurality of websites, the sets including: a first tracking-data configuration option that, when selected, causes the device to block all of the plurality of websites from storing tracking data; and a second tracking-data configuration option that, when selected, causes the computing device to limit receipt by all of the plurality of websites of information associated with device. While displaying the user interface, the method includes: receiving a selection of the first tracking-data configuration option; and, in response, causing the computing device to block all of the plurality of websites from storing tracking data of at least the first type on the computing device.

Abstract: Methods, systems, and techniques for application isolation by remote-enabling applications are provided. Example embodiments provide an Adaptive Rendering Application Isolation System (“ARAIS”), which transparently and dynamically enables applications to run in an isolated execution environment yet be rendered locally in a manner that minimizes the amount of data to be transferred and the latency caused by expensive computation and/or by overburdening available bandwidth by remoting rendering using draw commands over rendering using pixel pushing or other techniques. In one embodiment, the ARAIS includes an orchestrator server which comprises remoting level determination logic and rules engine, pre-computed graphics libraries, connection support logic, data repositories for objects such as a render cache, whitelists, blacklists, client privileges, and application information, and one or more secure containers running remote application instances.

Abstract: An approach is provided in which an information handling system creates a container that includes security information. The information handling system deploys the container to a container group and, in turn, performs a security-related action based on the security information.

Abstract: Methods, systems, and techniques for application isolation by remote-enabling applications are provided. Example embodiments provide an Adaptive Rendering Application Isolation System (“ARAIS”), which transparently and dynamically enables applications to run in an isolated execution environment yet be rendered locally via a local isolator application having one or more cohesive application-isolation interfaces in a manner that facilitates providing the ARAIS indications of user actions that are otherwise lost and executing functions that are otherwise unavailable during fully secure isolation sessions absent one or more cohesive application-isolation interfaces.

Abstract: Methods, systems and computer program products automatically back-up data. Communication is established among a first device, a second device, and a network-based storage device. Key words associated with uniform resource locators are identified and stored in the network-based storage device. When corruption is detected of the data stored in the first device, the key words are automatically retrieved from the network-based storage device and listed in a user interface displayed at the second device.

Abstract: A system, method, and non-transitory computer-readable storage medium for identifying customization changes have been disclosed. The system comprises a processor and a memory that includes instructions executable by the processor to cause the system to identify a baseline script of a plurality of baseline scripts from a baseline instance that corresponds to a custom script of a plurality of custom scripts from a customized instance. The customized instance is a customized version of the baseline instance. The instructions are executable to cause the system to compare the baseline script to the custom script to identify one or more changes between the baseline script and the custom script, to determine an amount of change using the one or more identified changes, and to generate a graphical user interface that includes an identifier of the baseline script, an identifier of the custom script, and a graphical indication of the amount of change.

Abstract: A method of securely booting a computer system includes executing program code of at least one boot loader to load a kernel; verifying, during loading of the kernel, the program code of the boot loader after at least a part of the program code of the boot loader has been executed; and interrupting the booting if a result of the verifying of the program code of the boot loader indicates a manipulation of the program code of the boot loader.

Abstract: A method for execution by a storage unit of a dispersed storage network includes receiving a slice access request that includes a slice name. A first function is performed on the slice name to produce a bucket file identifier. A second function is performed on the slice name to produce a bucket identifier. A bucket file of a plurality of bucket files is accessed, where the bucket file is identified by utilizing the bucket file identifier. A bucket of a plurality of buckets within the bucket file is accessed, where the bucket is identified by utilizing the bucket identifier. It is determined to modify a number of buckets in the bucket file based on bucket utilization. An attribute of the second function is modified in response, where the attribute is associated with the number of buckets in the bucket file.

Abstract: Systems, techniques, and apparatuses facilitate selecting, defining, controlling, verifying, and auditing privacy-impacting behaviors of devices in alignment with the privacy behavior expectations of individuals and other entities. Techniques and systems, including apparatuses, are presented to facilitate controlling and verifying the privacy behaviors of privacy-impacting devices. Privacy enunciator apparatuses announce the presence of entities in a devices range of action or influence. Techniques and systems for defining and sharing individualized privacy behavior preferences are shown. Techniques and systems are disclosed for privacy preference resolution protocols that allow for the automated or interactive resolution of conflicts that arise between individuals in multi-actor environments or ambiguous contexts. Accountability and audit mechanisms verify the control state of devices with respect to their privacy behavior preference inputs.

Abstract: Technologies for secure content display include a computing device having a display controller and a display. The display includes a self-refresh frame buffer. The computing device establishes a secure, attested communication session between the display controller and the display device. Attestation may be performed using an enhanced privacy identifier key provisioned to the display controller and/or the display by the corresponding manufacturer. The display controller may transmit protected content from a protected audio/video path to the display over the secure communication session. The display controller may transmit a command to the display to disable read back of the self-refresh frame buffer. The display controller may transmit a command to the display to clear the frame buffer. The display controller may transmit a predefined image frame from secure storage to the display. The predefined image frame may be an advertisement or user-defined content. Other embodiments are described and claimed.

Abstract: A method for modular software protection includes steps for receiving, at a server, a license key registered for a software executable installed on a client device and machine fingerprint data generated at the client device, accessing, using the server, stored usage rights data indicated by the license key, the usage rights data specifying a number of client devices on which the software executable is licensed to operate and which features of the software executable are enabled, determining, using the machine fingerprint data received by the server, whether operation of the software executable on the client device would cause the number of client devices on which the software executable is licensed to operate to be exceeded, and creating, in response to the determining step, an encrypted license file for transmission to the client device that defines separate features of the software executable to be enabled on the client device.

Abstract: The invention relates to a method, an apparatus and a computer program product. The method comprises managing data in one or more data repositories by a centralized content management system comprising at least one server, wherein said one or more data repositories are connected to said centralized content management system, and at least one of said one or more data repositories resides on a device that is other than a server of the centralized content management system, wherein the method further comprises receiving by a server of the centralized content management system a request from a mobile client device to access data in a data repository connected to the centralized content management system; and providing the mobile client device with an access to the data repository by the centralized content management system.

Abstract: A device may receive content data from a content provider, the content data including: data identifying content, and data for verifying that the content has not changed. The device may access a blockchain associated with the content data, the blockchain including validation information specifying instructions for validating the content. In addition, the device may perform, based on the validation information, validation of the content to determine a measure of confidence that the content is accurate and store results of the validation in the blockchain as a transaction. Based on the validation results, the device may perform an action.

Abstract: A method for scope-sensitive loading of software resources in web applications. The method includes obtaining, from a web browser, a request for a web application and obtaining a scope of the requested web application. The scope determines required web application functionalities. The method further includes, based on the scope, generating a list of required software resources that implement the required web application functionalities, collecting the required software resources, based on the list of required software resources, and providing the collected required software resources to the web browser.

Abstract: Embodiments are directed to securing data using attribute-based encryption. In an embodiment, a computer system encrypts a portion of data with an attribute-based encryption, including associating the encrypted portion of data with one or more encryption attributes. The computer system sends the encrypted portion of data and the one or more encryption attributes to a data store, which stores the first portion of data along with the one or more encryption attributes. The computer system also defines one or more access controls for the portion of data that include an identity of at least one user permitted to access the portion of data. The attribute-based encryption allows the encrypted portion of data to be provided by the data store upon request by the identified user when the request includes one or more search attributes that are relevant to the one or more encryption attributes.

Abstract: A computer-implemented method improves a computer system's security through use of a simulated digital footprint. One or more processors retrieve a historical digital footprint of a user. The historical digital footprint is a record of past digital data about the user, and describes a pattern of activities of the user. The processor(s) generate a simulated digital footprint for the user. The simulated digital footprint conforms to the pattern of activities of the user, and describes simulated current activities of the user. The processor(s) transmit the simulated digital footprint to the public while a current real digital footprint is being created for the user, such that use of the pattern of activities of the user provides an imperceptible transition from the historical digital footprint to the simulated digital footprint, and where the simulated digital footprint prevents the public from accessing the current real digital footprint of the user.

Abstract: The subject matter of this specification can be implemented in, among other things, a method that includes receiving, by a processing device, one or more first content items for one or more first user accounts of a content sharing system. The method further includes storing the first content items at the content sharing system. The method further includes receiving, by the processing device, a second content item for a second user account of the content sharing system. The method further includes comparing, by the processing device, the received second content item to the stored first content items to determine that the second content item is not exclusive to the second user account. The method further includes restricting a privilege of the second user account for the second content item in response to the determination that the second content item is not exclusive to the second user account.

Abstract: Extracting card information comprises a server at an optical character recognition (“OCR”) system that interprets data from a card. The OCR system performs an optical character recognition algorithm an image of a card and performs a data recognition algorithm on a machine-readable code on the image of the card. The OCR system compares a series of extracted alphanumeric characters obtained via the optical character recognition process to data extracted from the machine-readable code via the data recognition process and matches the alphanumeric series of characters to a particular series of characters extracted from the machine-readable code. The OCR system determines if the alphanumeric series and the matching series of characters extracted from the machine-readable code comprise any discrepancies and corrects the alphanumeric series of characters based on the particular series of characters extracted from the machine-readable code upon a determination that a discrepancy exists.

Abstract: An apparatus maintains a segregated database in a multiple distributed ledger system. The apparatus includes a storage device that stores software instructions for controlling a processor that when executed by the processor configure the processor to: create distributed ledgers, each created distributed ledger being associated with a respective individual profile; maintain a segregated database apart from the distributed ledgers including, for each individual profile, profile balance data; and process a data exchange between exchanging profiles.

Abstract: A device may receive first content data from a content provider, the first content data including data identifying content. The device may generate second content data based on the first content data, the second content data including information that causes content validation to be performed on the content. The device may also provide the second content data to a content validation node, the content validation node being included in a content validation network implementing a blockchain network that includes executable instructions for performing content validation. In addition, the device may obtain, from the content validation network, validation results associated with the content, and provide, to a user device, data that causes display of a validation indicator with the content, the validation indicator being based on the validation results.

Abstract: A system and method for automatic instrumentation of mobile applications is disclosed. Mobile applications are typically executed in mobile runtime environments or operating system that is restricted compared to their conventional counterparts. Those restrictions include features that allow one to examine and modify code of application during the runtime of the application. Those features that are used by instrumentation based monitoring systems dedicated for conventional applications are thus not available for the instrumentation of mobile application. The system and method allows for automatic instrumentation in a static way, either by persistently placing instrumentation code into mobile applications or by persistently adapting mobile applications in a way to perform a static instrumentation on application startup.

Abstract: Exemplary embodiments relate to techniques for managing contact information received in the context of a messaging system. Messages may be received from known contacts which contain user contact records for third parties. Based on the trust relationship with the known contacts, the user contact record is placed in a contact record repository for later retrieval. When another message is received which either references the user contact record or is from the third party referenced in the user contact record, a dialog box is presented offering the user the opportunity to add the user contact record as an address entry in the address book of the device.

Abstract: Embodiments relate to a message processing method and apparatus. A first message is received that is sent by a first device to a second device. A determination is made as to whether the first message is a privacy message. When the first message is a privacy message, a second message is generated according to the first message, where the second message carries a first privacy label. The second message is sent to the second device, so that the second device displays a notification of the second message on a notification screen according to the first privacy label after receiving the second message. After receiving the second message, the second device displays the second message according to whether the second message carries the first privacy label.

Abstract: A system and methods are provided for verifying proof of transit of network traffic through a plurality of network nodes in a network. In one embodiment, each network node reads a first value and a second value from in-band metadata of packet, and generates, using a cryptographic key that is unique to each respective network node, an encryption result based on the first value. An updated second value is generated based on the second value read from the packet and the encryption result. Each network node writes the updated second value to the in-band metadata of the packet, and forwards the packet in the network. In another embodiment, a secret sharing scheme is employed by each network node computes a portion of verification information using a unique share of a secret and based on the packet specific information.

Abstract: A device may receive content data from a content provider, the content data including: data identifying content, and data for verifying that the content has not changed. The device may access a blockchain associated with the content data, the blockchain including validation information specifying instructions for validating the content. In addition, the device may perform, based on the validation information, validation of the content to determine a measure of confidence that the content is accurate and store results of the validation in the blockchain as a transaction. Based on the validation results, the device may perform an action.

Abstract: The automated generation of a unique letter or unique letters using one or more context variables for the letter. The contextual variables may represent author characteristics, audience characteristics, tone, word diversification, letter type, and so forth. Different entropy may be used for each letter to thereby generate a unique letter even if the context for the letters is the same. Nevertheless, each unique letter is suitable for the given context. If desired, the automatically generated letter may be further edited, for example, for grammatical, word choice, or legal content. Thus, the letter may appear to be custom drafted by a human for the context, whereas the letter was entirely or substantially computer-generated.

Abstract: A method, and associated system, for security processing of a request for a resource in a network security system. The request for the resource and a duplicate of request for the resource are forwarded to a first proxy server and a second proxy server, respectively. A first output including the received request, and a second output including the duplicate of the received request, are received from first proxy server and the second proxy server, respectively. A determination is made of whether the first output and the second output differ; if not the received request or the duplicate of the received request is transmitted to a web server for satisfying the request; if so a first alarm is generated and transmission to the web server of the received request and the duplicate of the received request is blocked.

Abstract: A handheld security system includes a set of handheld devices positioned at a group of access points to a secure area. The handheld device includes a set of input/output devices including a text and graphics display, a camera, a local security database and a set of security devices including an RFID reader, a bar code reader, a magnetic stripe card reader and a biometric scanner. The set of handheld devices are communicatively connected through wireless signaling and protocol to one another and to a server operating a global a global security database. The local security database is synchronized to the global security database. A location stack table is continuously updated with security events and monitored for violation of a set of anti-passback rules. An association table associates a set of assets and a set of personnel, allowing for visitor tracking and asset tracking on a schedule.

Abstract: A computer device and respective method provides a primary clipboard accessible from a primary user account, while a sandbox is used to isolate and contain a secondary user account. A secondary clipboard is provisioned and associated with the secondary user account. The computer device, via an agent, intercepts requests from the secondary user account such as for cut, copy or paste type clipboard operations which are ordinarily directed toward the primary clipboard, and satisfies those clipboard operation requests instead by using the secondary clipboard.

Abstract: Techniques disclosed herein relate to a method performed on a computing device in response to a request to identify a segment of memory. The method includes determining a desired sensitivity value for the request and determining a desired trust value for the request. The method also includes producing a memory segment identification result based on the desired sensitivity value and based on the desired trust value.

Abstract: A method implemented by a network element (NE) configured as a streaming client, the method comprising obtaining, via a processor of the NE, a first authorization token for accessing a first media segment located on a content server, embedding, via the processor, the first authorization token in a first content request message for accessing the first media segment located on the content server, sending, via a transmitter of the NE to the content server, the first content request message comprising the first authorization token to request the first media segment, and receiving, via a receiver of the NE from the content server, the first media segment when the first authorization token is valid for accessing the first media segment located on the content server.

Abstract: The disclosed computer-implemented method may include (1) detecting a request from a computing device of a member of an organization in connection with a communication session between the computing device and at least one additional computing device, (2) identifying, within the request, a URL that the computing device is attempting to access, (3) computing a unique identifier that represents the URL, (4) comparing the unique identifier against a database that includes unique identifiers that represent URLs embedded in emails received by members of the organization, (5) determining, based at least in part on the comparison, that the URL was included in an email received by the member of the organization, and then in response, (6) elevating a threat level of the communication session between the computing device and the additional computing device. Various other methods, systems, and apparatuses are also disclosed.

Abstract: A rights-based system is described in which vouchers are employed for creating, managing, distributing, and redeeming rights in digital contexts. A voucher is a digital, possession-based rights representation. An authorization component of the system validates the vouchers and issues corresponding tokens. Access to digital resources is provided in response to presentation of the tokens which are validated by matching voucher refresh values to corresponding values maintained by the system. New refresh values are generated and inserted in the vouchers each time they are redeemed.

Abstract: A method for managing network vulnerabilities may include obtaining image data regarding a software container located on a network element. The image data may describe a software image used to generate the software container. The method may further include determining, using the image data, a software vulnerability of the software image. The method may further include assigning the software vulnerability to a filesystem key. The method may further include generating, using the software vulnerability and the filesystem key, a vulnerability map of a network. The vulnerability map may describe various software vulnerabilities arranged according to various filesystem keys used on the network. The filesystem key may identify data of the software container within a filesystem on the network element.

Abstract: Provided are systems and methods for location-aware security configuration of peripheral devices. In various implementations, a location-aware peripheral device comprises an interface and a configuration engine. The interface may communicatively couple the peripheral device to a computing system. The configuration engine may be configured to, upon powering on in the computing system, detect a characteristic of the computing system. In some implementations, the configuration engine may further select a trust level for the computing system. In some implementations, selecting a trust level may include using the detected characteristic to identify a profile stored on the peripheral device. The profile may describe a pre-determined computing system. The configuration engine may further be configured to program the peripheral device with a configuration that is associated with the selected trust level. The configuration may program a feature of the peripheral device.

Abstract: In a method for analyzing a data set, one or more processors identifying a data set that includes sequences of data points, identifying a sequence of data points in the identified data set, identifying a window of sequences of data points in the identified data set, wherein the window of sequences of data points is defined based on information including one or more of: a defined number of sequences of data points before and after the identified sequence of data points and a defined reference to a feature of the identified data set, retrieving a set of inflection points in the identified data set that are within the identified window of sequences of data points, and determining: a maximum value, a minimum value, or both a maximum and minimum value, based on the retrieved inflection points that are within the identified window of sequences of data points.

Abstract: Embodiments of the present disclosure provide a method, an apparatus, and a system for authenticating a fully homomorphic message, where the method includes: acquiring a message authentication key, where: the message authentication key includes a public key, a first character string, and a second character string; the first character string is a character string that consists of 0 and 1 and has a length of n; the second character string is a character string that consists of 0 and 1 and has a length of n; generating an authentication fingerprint corresponding to each bit of to-be-computed data; sending a computation request to a server; receiving an authentication fingerprint corresponding to the computation result; and performing correctness authentication on the computation result according to the received authentication fingerprint, which effectively reduces an amount of computation in a verification process.

Abstract: This invention is directed to an electronic device with an embedded authentication system for restricting access to device resources. The authentication system may include one or more sensors operative to detect biometric information of a user. The sensors may be positioned in the device such that the sensors may detect appropriate biometric information as the user operates the device, without requiring the user to perform a step for providing the biometric information (e.g., embedding a fingerprint sensor in an input mechanism instead of providing a fingerprint sensor in a separate part of the device housing). In some embodiments, the authentication system may be operative to detect a visual or temporal pattern of inputs to authenticate a user. In response to authenticating, a user may access restricted files, applications (e.g., applications purchased by the user), or settings (e.g., application settings such as contacts or saved game profile).

Abstract: An electronic product can be configured by a method that includes attaching a machine-readable identification (ID) tag containing an ID code to a hardware unit of the electronic product. The ID code is associated with a particular configuration of the electronic product, and can be read or scanned with a mobile device configured to send the ID code to a provider server device. In response to receiving the ID code, the provider server device can send product configuration instructions and a product configuration application to the mobile device. The product configuration instructions can guide a user through a customized series of electronic product configuration operations. The product configuration application can assist the user in performing configuration operations, can provide customized configuration help, and can establish a wireless link between the mobile device and the electronic product, allowing the user to interact with the electronic product.

Abstract: Methods and systems may provide for selecting a hypervisor protocol from a plurality of hypervisor protocols based on a communication associated with a remote agent. The selected hypervisor protocol may be used to conduct a trust analysis of one or more digitally signed values in the communication, wherein a cloud attestation request may be processed based on the trust analysis. Processing the cloud attestation request may involve generating a trustworthiness verification output, a geo-location verification output, etc., for a cloud computing node corresponding to the remote agent.

Abstract: An example information processing system includes a display controller configured to display a screen that includes a plurality of subjects and at least one content generated by a user, the at least one content satisfying a predetermined timing condition for each subject in a display, at least one content for a subject being included in a plurality of contents posted with regard to the subject.

Abstract: The present invention relates to a method of manufacturing an antenna for a radio frequency (RFID) tag. A web of material is provided to at least one cutting station in which a first pattern is generated in the web of material. A further cutting may occur to create additional modifications in order to provide a microchip attachment location and to selectively tune an antenna for a particular end use application. The cutting may be performed by a laser, die cutting, stamping or combinations thereof.

Abstract: A method, and associated system, for security processing of a request for a resource in a network security system. The request for the resource is received from a client device. A duplicate of the received request is created. The received request and its duplicate are forwarded to a first proxy server and a second proxy server, respectively. A first output including the received request, and a second output including the duplicate of the received request, are received from first proxy server and the second proxy server, respectively. A determination is made of whether the first output and the second output differ; if not the received request or the duplicate of the received request is transmitted to a web server for satisfying the request; if so a first alarm is generated and transmission to the web server of the received request and the duplicate of the received request is blocked.

Abstract: A method for use in a dispersed storage network (DSN) operates to output at least a write threshold number of write slice requests to a set of storage units of the DSN and receive write slice responses from the set of storage units. When the write threshold number of favorable write slice responses is received, the method includes generating a corresponding number of commit requests and outputting the number of commit requests to associated storage units corresponding to the write threshold number of favorable write slice responses received.

Abstract: A voice over Internet protocol communication system and method provides infrastructure components as intermediaries between networks, the components include multi-protocol session controllers and a multi-protocol signaling switch as well as a management system. The session controllers process calls and participate in the calls that flow through it. The session controllers process calls that are either at the edge of the network or at the core of the voice over Internet protocol network. The session controllers associate calls with one another in call peers for incoming calls as ingress call peers and for outgoing calls as egress call peers. A centralized database of call routing policies is provided to the session controllers. The session controllers provide cost management, topology hiding, and inter-working, or conversion, of calls from SIP networks to H.323 networks for both voice and video.

Abstract: A method and system transfers the hosting of online services to a virtual asset computing environment from a hardware asset computing environment, according to one embodiment. The method and system transfers a secondary copy of application data to a storage device, and delivers the storage device to a second computing system from the first computing system using a parcel courier, according to one embodiment. The method and system receives, with the second computing system, the secondary copy of the application data from the storage device, and configures virtual assets to execute a second instance of the online services application to enable the second computing system to provide the online services to the multiple users, according to one embodiment. The method and system configures the second computing system as a primary service provider, according to one embodiment.

Abstract: Data files are encrypted based on a key associated with an entity that sets a data protection policy controlling access to the data files. The data protection policy identifies various restrictions on how the plaintext data of the encrypted data in the data files can be used. The data files have corresponding metadata identifying the entity that sets the data protection policy, and processes that are running instances of applications that are allowed to access the plaintext data are also associated with the identifier of the entity. These identifiers of the entity, as well as the data protection policy, are used by an operating system of a computing device to protect the data in accordance with the data protection policy, including having the protection be transferred to other devices with the protected data, or preventing the protected data from being transferred to other devices.

Abstract: According to one embodiment, a method of performing a re-establishment procedure in a mobile communication system includes: receiving at least one packet data convergence protocol (PDCP) control plane data unit; performing an integrity check on the at least one PDCP control plane data unit; identifying an integrity check failure with regard to the at least one PDCP control plane data unit; and performing a re-establishment procedure if the integrity check failure is identified to exist with regard to the at least one PDCP control plane data unit.

Abstract: Methods and systems may provide for selecting a hypervisor protocol from a plurality of hypervisor protocols based on a communication associated with a remote agent. The selected hypervisor protocol may be used to conduct a trust analysis of one or more digitally signed values in the communication, wherein a cloud attestation request may be processed based on the trust analysis. Processing the cloud attestation request may involve generating a trustworthiness verification output, a geo-location verification output, etc., for a cloud computing node corresponding to the remote agent.