Abstract: A clipboard in an electronic system protects sensitive data by copying data into a clipboard of an electronic system as an entry and selectively blocking access to the sensitive data. An entry protect status is associated with a clipboard entry that is arranged to store copied data that is sensitive. The entry protect status is changed to indicate the entry protect status is set to block access to the copied data. Access to the copied data for which the entry protect status has been changed is selectively blocked.

Abstract: A first Bluetooth terminal having a short range communication module that is set as an anchor searches for a peripheral Bluetooth terminal and transmits information of the found Bluetooth terminal to a place management server. The place management server updates place information of a user of the found Bluetooth terminal to place information of the first Bluetooth terminal and transmits the updated place information to the found Bluetooth terminal.

Abstract: A method and system of personalizing a mobile phone over a wireless network is provided. The method is fast, reliable, and eliminates the need for an uninterrupted online connection to a host server in order to achieve successful download of user information. With the method and system, a mobile phone can be personalized for various purposes, such as for conducting financial transactions.

Abstract: Systems and techniques are provided for controlling requests for resources from remote computers. A remote computer's ability to access a resource is determined based upon the computer's operating environment. The computer or computers responsible for controlling access to a resource will interrogate the remote computer to ascertain its operating environment. The computer or computers responsible for controlling access to a resource may, for example, download one or more interrogator agents onto the remote computer to determine its operating environment. Based upon the interrogation results, the computer or computers responsible for controlling access to a resource will control the remote computer's access to the requested resource.

Abstract: Embodiments are directed towards employing a transaction room in a digital transaction service to provide participants controlled access and editing of a document. In response to a trigger, a first copy of the document is created. The first copy of the document may be provided to a recipient for review such that the first copy is non-editable by the participants, while the document is editable in the transaction room. The document may be prepared for electronic signature such that, when the document has changed after the first copy was provided for review, a second copy of the document is created and tagged for signature; and when the document has not changed after the first copy was provided for review, the first copy may be tagged for signature. Tagging a document copy for signature may include pre-tagging the document for signature based on signing roles of the recipients.

Abstract: In one embodiment, techniques are shown and described relating to quarantine-based mitigation of effects of a local DoS attack. A management device may receive data indicating that one or more nodes in a shared-media communication network are under attack by an attacking node. The management device may then communicate a quarantine request packet to the one or more nodes under attack, the quarantine request packet providing instructions to the one or more nodes under attack to alter their frequency hopping schedule without allowing the attacking node to learn of the altered frequency hopping schedule.

Abstract: System and methods are provided for performing deep packet inspection of data packets. An example system includes a packet forwarding component and a virtual machine component. The packet forwarding component is configured to receive data packets for transmission and to select one or more of the data packets based at least in part on a first set of rules for deep packet inspection. The virtual machine component is configured to perform deep packet inspection on the selected data packets according to a second set of rules to determine whether the selected data packets are allowed for transmission. The packet forwarding component is further configured to transmit the selected data packets when the selected data packets are allowed for transmission after the deep packet inspection.

Abstract: Disclosed are a system and method of performing secure computations on a protected database. Embodiments of the method provide, in a secure processor, a database of cryptographically hashed values based on a database of cleartext values, receive a cryptographically hashed query value as input into the secure processor wherein the query value is a hash of a cleartext value that corresponds to a cleartext query, perform a comparison operation within the secure processor to determine the presence of the hashed query value within the database of cryptographically hashed values and provide the results of the comparison operation to an external interface of the secure processor, wherein the contents of the database of cryptographically hashed values and the comparison operations are encapsulated within the secure processor and unexposed externally therefrom.

Abstract: The present invention provides a method and system for configuring constraints for a resource in an electronic device. The method includes identifying context of use/access of a resource and implementing permissions/constraints as per the identified context. The method includes identifying an existing work environment of a resource by capturing information through an application program interface (API), identifying constraints for the resource with respect to the identified work environment from a constraint specification file for the resource which contains constraint details for all work environments, and either configuring the identified constraints for the resource, or modifying the identified work environment for the resource and configuring corresponding constraints for the resource.

Abstract: A system and method for sharing network resources; the system comprising at least one network switch, at least one computing device comprising at least one network connection and at least one storage device containing software capable of initializing and maintaining: (i) a management local area network (MLAN) comprising a virtual or physical firewall; and (ii) a plurality of client virtual local area networks (VLANs), wherein each client VLAN comprises a virtual firewall and a plurality of network resources.

Abstract: Various aspects are discussed, for example, a method is described for authentication of devices in a wireless network involving NFC (Near Field Communication), wherein a device periodically switches its mode from a read mode, in which it is able to receive authentication data from one or more other devices, to a write mode, in which it sends out authentication data to the one or more other devices, according to a random time slot scheme. The device authenticates itself after having received authentication data from another device during the read mode, and the device switches permanently its mode to the write mode after being authenticated.

Abstract: An approach is provided for authorizing one or more services from service providers in a communications network. The approach includes receiving a request from a first service provider, the request having an associated primary token and a secondary token identifier, the secondary token identifier relating to resources of a second service provider. Based, at least in part, on the secondary token identifier, a secondary token is identified; and then the secondary token is sent to the first service provider, wherein the first service provider and the second service provider belong to different trust domains and the first service provider can use the secondary token to access resources of the second service provider.

Abstract: A first computing device receives a first request from a client computing device, wherein the first request includes a markup language request. The first computing device transmits the first request to a second computing device, wherein the second computing device services the first request. The first computing device receives the serviced first request, wherein the serviced first request includes a manifest tag. The first computing device caches the serviced first request. The first computing device transmits the serviced first request to the client computing device.

Abstract: The disclosed embodiments provide a system that facilitates interaction between a client and a web application. During operation, the system identifies a request that lacks a session identifier from the client to the web application. Next, the system obtains a client identifier associated with the client from the request. If a cached session identifier is found for the client identifier, the system adds the cached session identifier to the request. Finally, the system forwards the request to the web application.

Abstract: The present invention relates to a system and method for controlling a network access of a network packet on the basis of a thread which is inserted into a process through code injection. The network access control system according to the present invention comprises: a process inspecting unit for detecting a code injection-based thread included in a process; and a network monitoring unit for performing network filtering so as to detect a network packet having access to a network, and, if a communication subject of the detected network packet is the code injection-based thread, blocking the traffic of the detected network packet.

Abstract: A short-range communication tag includes a transmitter, a clock circuit providing a clock value and a memory containing a unique identification value. The tag further includes a processor which generates encryption keys with a period of K seconds and combines the unique identification value with the encryption key, according to a predetermined encryption method, to generate an obfuscated unique identification value. The tag further includes a short-range transmitter to transmit the tag identification value.

Abstract: Apparatus, systems, methods, and related computer program products for synchronizing distributed states amongst a plurality of entities and authenticating devices to access information and/or services provided by a remote server. Synchronization techniques include client devices and remote servers storing buckets of information. The client device sends a subscription request to the remote serve identifying a bucket of information and, when that bucket changes, the remote server sends the change to the client device. Authentication techniques include client devices including unique default credentials that, when presented to a remote server, provide limited access to the server. The client device may obtain assigned credentials that, when presented to the remote server, provide less limited access to the server.

Abstract: A system is provided for managing protected data resources. The system includes a resource server configured to store the protected data resources and an authorization module coupled to the resource server and configured to store access protocols. The authorization module further is configured to receive a service request from a user via a client module, evaluate the service request based on the access protocols, and send an access token to the client module if the user satisfies the access protocols.

Abstract: The present invention filters access points presented to a user and locks onto an access point. The present invention includes an access point filtering unit and an access point locking unit. The access point filtering unit determines the access points that are accessible by a client device and then filters them to present only the access points that are acceptable to under a security policy in force. The access point locking unit has a plurality of operating modes and can lock onto a user selected access point, a security policy prescribed access point, or the access point with the best signal profile. The present invention also includes several methods such as: a method for filtering access points for presentation to the user, a method for locking onto an access point selected by the user, a method for locking onto an access point with the best signal profile, and a method for locking onto an access point prescribed by a security policy for a given location.

Abstract: A method comprises the following steps. Entity-generic user records are created for a plurality of users associated with a plurality of entities by analyzing entity-specific user records for the plurality of users, wherein the entity-generic user records comprise respective sets of entitlements for the plurality of users. Entity-generic asset records for assets associated with the plurality of entities are created by analyzing entity-specific asset records for the plurality of assets, wherein the entity-generic asset records comprise respective sets of permissions for accessing the plurality of assets. An entity-generic user record for a given user is utilized to determine whether the given user has access to a given asset by comparing the set of entitlements in the given entity-generic user record with the set of permissions in an entity-generic asset record for the given asset.

Abstract: In one embodiment, a method includes determining, by an edge router, a plurality of prefixes reachable by the edge router, each prefix indicating a range of Internet Protocol (IP) addresses. The method further includes grouping, by the edge router, the plurality of prefixes into one or more groups, wherein each group is associated with a particular repair edge router and the prefixes in each particular group are reachable by both the edge router and the particular repair edge router associated with the particular group. The method further includes communicating instructions, from the edge router to a core router, to send data packets associated with the prefixes in each particular group to the particular edge router associated with the particular group if the edge router becomes unreachable.

Abstract: Systems and methods of detecting copying of computer code or portions of computer code involve generating unique fingerprints from compiled computer binaries. The unique fingerprints are simplified representations of the compiled computer binaries and are compared with each other to identify similarities between the compiled computer binaries. Copying can be detected when there are sufficient similarities between at least portions of two compiled computer binaries.

Abstract: A method is provided in one example embodiment and includes receiving a message that offers use of a first mobile device as a mobile hotspot for enabling access to a local network; generating a Service Set Identification (“SSID”) and a password for the mobile hotspot; and providing the SSID and the password to the first mobile device. The method further includes receiving a request from a second mobile device to access the local network using the mobile hotspot; and providing the SSID and the password to the second mobile device via a second mobile device in accordance with rules that govern access to the local network via the mobile hotspot.

Abstract: Techniques are disclosed for render documents that are in proprietary formats in a browser or mobile device. In one embodiment, a method comprises converting a plurality of resources in a document file into a plurality of files that are native to a browser. The method further comprises creating a style sheet based on the document file, wherein an aggregate of the plurality of files together with the style sheet are configured to cause the browser to render an appearance of the document file. The method further comprises generating, based on the document file, an invisible layer to be laid on the appearance, wherein the invisible layer enables actions to be performed on the document file. Among other advantages, embodiments disclosed herein provide the convenience of viewing and accessing documents regardless of whether a software or plug-in therefor is installed.

Abstract: Disclosed is a method 101 to be used on collected network data flow 116 associated with a network 100; the method 101 includes: an anomaly-detection operation 103 including: (A) obtaining the collected network data flow 116; and (B) performing an iterative principal component analysis on the collected network data flow 116 to detect an anomaly associated with the collected network data flow 116. The method may be used in a server and a network, and may also be implemented as a non-transitory computer-readable media. A corresponding system for detecting the anomaly in the network flow data is also provided.

Abstract: A method, non-transitory computer readable medium, and apparatus that monitor one or more capacity related factors of one or more servers providing one or more services to one or more client computing devices to obtain one or more values. An adaption factor for at least one of the one or more client computing devices is determined based on the one or more obtained values for the one or more monitored capacity related factors and one or more adaption rules. The adaption factor may further be determined based on obtained user profile information. The determined adaption factor to adapt operation of the one or more provided services at the at least one of the one or more client computing devices is provided.

Abstract: A processing device causes a plurality of storage servers to create tenant identifiers for a tenant of a multi-tenant distributed file system that is distributed over the plurality of storage servers, the plurality of storage servers having underlying local file systems that interface with the multi-tenant distributed file system. The processing device maps the tenant to the tenant identifiers. The processing device assigns a global storage quota to the tenant. The processing device divides the global storage quota into a plurality of local storage quotas and assigns a local storage quota of the plurality of local storage quotas to each storage server of the plurality of storage servers.

Abstract: A method, device, and non-transitory computer readable medium for determining and representing one or more authentication requirements for at least one valid service flow of one or more information centric network (ICN) based services. This technique involves capturing service specification and storing it in a repository. Then, one or more possible service flows are generated and represented based on the nature of contents, delivery options and preferred architecture. This representation is again modified based on the trust level among functional entities and authentication scope which are inferred from the service specification. The final representation of the service flow shows only the valid inter-connections and operations among functional entities and the service flow is constrained by authentication requirement.

Abstract: In one embodiment, providing, by a client device, device information and key data over a network to a server device, the device information uniquely identifying the client device; generating a device key, by a device key generation logic, at the server device based on the device information; receiving a module from the server device, the module comprising a bound content key and the device key generation logic, wherein the bound content key is encrypted by the device key at the server device; and processing protected content using the module.

Abstract: Disclosed is an image forming apparatus, which makes it possible to easily control various kinds of functions. The apparatus is provided with an apparatus controlling firmware that controls a default display screen, and a Web display screen application program that controls a customizable display screen according to a process being separate from another process for the apparatus controlling firmware. The Web display screen application program has a function for calling one of default display screens as a designated default display screen, while the apparatus controlling firmware has a function for accepting a screen calling instruction.

Abstract: Methods and systems for authenticating a user device employ a database of global network latencies categorized and searchable by location and calendar date-time of day usage, providing network latency by geography and by time. The database is constructed using voluminous daily data collected from a world-wide clientele of users who sign in to a particular website. Accuracy of the latency data and clock skew machine identification is made practical and useful for authentications using a service provider-proprietary, stable reference clock, such as an atomic clock, so that internal clock jitter of a service provider performing authentications does not affect the network latency time and clock skew identification of user devices. Increased authentication confidence results from using the database for correcting network latency times and user device signatures generated from the clock skew identifications and for cross checking the authentication using comparisons of initial registration to current sign in data.

Abstract: A message including a digital signature is received at a processor. It is determined whether a specific authorized certificate issuer is configured for a message originator within a data protection policy. In response to determining that the specific authorized certificate issuer is configured for the message originator within the data protection policy, it is determined whether a message originator certificate used to generate the digital signature is issued by the configured specific authorized certificate issuer.

Abstract: Requests for access to Web service resources are evaluated based on the type of request that is received. Requests are not granted unless sufficient proof of authentication is provided to grant that request. An authentication service evaluates one or more factors to determine whether or not to authenticate the client. After being authenticated by the authentication service, proof of authentication is provided to the Web service, which grants access to the Web service resource.

Abstract: Embodiments of systems, apparatuses, and methods for securely transferring data between a storage system and an agent are described. In some embodiments, a system establishes a tunnel between the storage system and the agent. The system further securely transfers the data between the storage system and the agent using the tunnel. In one embodiment, the tunnel uses an action and results mailbox to transfer the data. In another embodiment, the tunnel is based on a trusted send facility.

Abstract: Provided is a method of generating a scientometric model that tracks the emergence of an identified technology from initial discovery (via original scientific and conference literature), through critical discoveries (via original scientific, conference literature and patents), transitioning through Technology Readiness Levels (TRLs) and ultimately on to commercial application. During the period of innovation and technology transfer, the impact of scholarly works, patents and on-line web news sources are identified. As trends develop, currency of citations, collaboration indicators, and on-line news patterns are identified. The combinations of four distinct and separate searchable on-line networked sources (i.e., scholarly publications and citation, worldwide patents, news archives, and on-line mapping networks) are assembled to become one collective network (a dataset for analysis of relations).

Abstract: Described in an example embodiment herein is an apparatus, comprising a communication interface and authentication logic coupled with the wireless interface. The authentication logic authenticates with at least one neighboring device forming a trust relationship with the at least one neighboring device. The authentication logic obtains via the communication interface data representative of a user associated with a user device. The authentication logic sends a challenge to the user device, via the communication interface, the challenge requesting data associated with the user associated with the user device. The authentication logic receives a response to the challenge via the user interface and validates the response to the challenge. The authentication logic provides data to the at least one neighboring device indicating that the user associated with the user device has been authenticated, to enable access to the functionality and/or resources of the at least one neighboring device.

Abstract: A trust propagation system is disclosed that propagates trust data based on established trust relationships. The trust system may automatically propagate trust data between parties A and C based on trust relationships with a common party B. Trust data may include authentication data such as biometric data, encryption data, passwords, etc. that may be used to conduct exclusive communications.

Abstract: In some embodiments, a method comprises displaying a pre-registration invitation on a first digital device connected to a wireless network, determining one or more wireless network identifiers associated with the wireless network, generating a pre-registration code request, the request including the one or more wireless network identifiers, providing the pre-registration code request to a virtual network server, the server generating a pre-registration code in response to the pre-registration code request, the pre-registration code associated with the one or more wireless network identifiers, receiving the pre-registration code, providing a registration request from a second digital device, the registration request comprising the pre-registration code, and provisioning an account based on the registration request and the wireless network identifiers, the wireless network identifiers identified based on the pre-registration code.

Abstract: A computer implemented method to handle events based on historic actions. An event-handler receives an event, wherein the event has an associated event-type. The event-handler records the event to an event-action history table. The event-handler determines a history associated with the event by reading the event-action history table. The event-handler looks up a row entry in an action table based at least in part on the event-type, wherein the row entry comprises an action. The event-handler executes at least one instruction of the action. The event-handler records the event and action data to the event-action history table.

Abstract: Systems and methods for providing a multi-pane display of programs being viewed by a plurality of social contacts include storing a user identifier for a user; storing an association of the user identifier with user identifiers for each of the plurality of social contacts of the user; receiving, from the plurality of social contacts of the user, program identifier data representing programs currently being viewed by the social contacts or previously viewed by the social contacts; and providing display data in a multi-pane display.

Abstract: An approach is provided for automated user authentication for a priority communication session. An authentication platform receives a session request for establishing a priority communication session over a data network between a user device and a service platform. The authentication platform determines network information and device information associated with the session request and the user device, respectively. The authentication platform further determines user history information regarding one or more prior communication sessions of a user of the user device. The authentication platform authenticates the user based on the network information, the device information, and the user history information for establishing the priority communication session.

Abstract: A first request for a bundle resource can be sent to a first location. A first response can be received that identifies a second location. The first response can be analyzed to identify the second location. A second request and a third request can be created for a metadata resource and for an artifact resource. The second request can be sent to the second location. The third request can be sent to a third location. A second response and a third response can be received. The second response can comprise the metadata resource. The third response can comprise the artifact resource. The second response can be evaluated to determine the metadata resource. The third response can be evaluated to determine the artifact resource. The bundle resource can be created.

Abstract: In setting where a number of entities share a common resource and where those entities wish to exclude unauthorized individuals yet desire partitioned access for a set of individuals from each entity, a system integrates a plurality of sets of authorized credentials from a plurality of entities using networking techniques to allow partitioned access to common resources shared by those entities.

Abstract: A system and method for connecting to a peripheral device utilizes a near field communication (“NFC”) enabled remote control to acquire a rotating access pin that is transmitted to an NFC enabled computing device in order to establish a connection between the computing device and the peripheral device.

Abstract: Embodiments of systems and methods for providing anonymous cloud encryption are provided. One embodiment of a method for providing anonymous cloud encryption includes communicating an anonymizing token to a key broker. Additionally, the method may include communicating at least one encryption key associated with the anonymizing token to the key broker. The method may also include conducting a secure anonymous transaction with a cloud service using at least one of the encryption keys associated with the anonymizing token.

Abstract: Systems and methodologies are described that effectuate establishment of an IPSec tunnel for utilization in a wireless communication environment. IPSec establishment procedures on home base stations can be used to establish IPSec tunnels between home base stations situated on open access sectors of wireless communication environments and packet data interworking function components positioned at the contiguity of secured segments of the wireless communication environments. Moreover, high rate packet data point-to-point protocol challenge-handshake authentication protocols can be directed through the IPSec tunnels to facilitate authentication of access terminals associated with the home base stations in order to facilitate further communications with components dispersed within secure areas of wireless communication environments.

Abstract: The disclosure discloses a network access method, apparatus and system. The method includes: a network side determines that a first User Equipment (UE) requests to use the account of a second UE for access; the network side determines that the account of the second UE is successfully authenticated; the network determines that the user to which the second UE belongs allows the first UE to access the network side by the account of the second UE; and the first UE accesses the network side. The disclosure can ensure the security of the master user.

Abstract: In some embodiments, an apparatus includes a network device configured to receive an anomaly database of a first image that stores a set of differences between the first image and a base image. The network device is configured to compare the anomaly database of the first image with an anomaly database of a second image storing a set of differences between the second image and the base image to determine if the first and second images include at least one incompatible critical feature or incompatible non-critical feature. The network device is configured to send a signal associated with a first action if the first and second images include the at least one incompatible critical feature. The network device is configured to send a signal associated with a second action different from the first action if the first and second images include the at least one incompatible non-critical feature.

Abstract: Embodiments of the present disclosure help protect network devices from unauthorized access. Among other things, embodiments of the disclosure allow full access to application servers and other network devices that a client is allowed to access, while preventing all access (or even knowledge) of network devices the client is not allowed to access.

Abstract: Provided are systems and methods for performing network-based digital data software switching between geographically dispersed subject computing devices, to obtain full access to digital data from the non-transitory computer-readable media of geographically dispersed computing devices such that the entire physical or logical media from each device is fully accessible to one or more user computers on the Internet. This is achieved via network-based digital data software switching systems that may be implemented on public or private networks. The data software switching system may be implemented on a private network for use by a private entity, or it may be achieved via a “cloud computing” model whereupon the user obtains, from a public network such as the Internet, the use of both dedicated and shared resources to engage the data software switching capability.