Abstract: Systems and methods for authenticating applications that access web services. In one embodiment, a web service gateway intercepts a request for a web service from an application, and determines if the application is authorized by a service provider based on information provided in the web service request. If the application is authorized, then the web service gateway identifies a profile for an end user that initiated the web service using the application, and determines if the web service is allowed for the end user based on the profile. If the web service is allowed for the end user, then the web service gateway determines that the application is authenticated, converts the web service request to a protocol used by a server that provides the web service, and transmits the web service request to the server.

Abstract: A secure mechanism for performing a network boot sequence and provisioning a remote device may use a private key of a public key/private key encryption mechanism to generate a command by a server and have the command executed by the device. The command may be used to verify the authenticity of the remote device, and may be used to establish ownership of the device. After authenticity and, in some cases ownership is established, bootable software may be downloaded and executed. The remote device may be provisioned with software applications. One mechanism for performing the initial encrypted commands is through a Trusted Platform Module. In many embodiments, the public key for the initial encrypted communication may be provided through a trusted second channel.

Abstract: Techniques are provided for adaptive routing of authentication packets in a network, such as a wireless mesh network. At an authenticated device in the network, an authentication packet is received over the network from a device that is seeking authentication. The authentication packet is encapsulated for transmission in Layer 3 packets over an Internet Protocol (IP) tunnel to an authenticator device associated in the network. Similarly, for an authentication packet encapsulated in Layer 3 packets from the authenticator device over the IP tunnel, the authentication packet is decapsulated from the Layer 3 packets and transmitted over the network to the device seeking authentication.

Abstract: In general, techniques are described for provisioning layer two access in computer networks. A network device located in a public network comprising an interface and a control unit may implement the techniques. The interface establishes a session with a mobile device. The control unit requests security state data identifying a security state of the mobile device via the established session. The interface receives a mobile device identifier and the security state data from the mobile device via the session. The mobile device identifier identifies the mobile device. The control unit publishes the security state information to a database such that the security state information is associated with the mobile device identifier.

Abstract: In a method for providing a one-time password for a user device belonging to a user, which password is intended to register the user device with a server, the server generates the one-time password using a cryptographic operation on the basis of a unique use identifier and transmits the password to the user device. The method provides a service provider with the possibility of tying additional conditions for registration to the one-time password and thus increases the flexibility of the service provider when configuring the services offered by the latter and increases security against manipulation.

Abstract: The disclosed embodiments provide a system that secures a network. During operation, the system obtains a request for a resource from a client connected to the network. Next, the system uses a domain name from the request to obtain one or more properties associated with the domain name and assesses a level of risk associated with the domain name based on the one or more properties. Finally, the system processes the request based on the assessed level of risk.

Abstract: In a system and method of controlling a wireless communication module in communication with an electronic device, when a manufacturer certificate, a wireless device credential, and a user credential each meet a respective first, second and third validity criteria, an encryption value is generated, and the encryption value is used to generate a cryptographic hash value. The cryptographic hash value is used to enable a device to communicate with a communication network.

Abstract: A system and method for quality assured analytical testing is disclosed. A user is prompted by the system questions which relate to an analytical test to be conducted or an analytical instrument to be employed. Input received by the system from the user is evaluated to determine to which degree the inputs are correct. The user is certified if the determined degree is above a preset threshold. Next, the user is prompted by the system for a user identification and if the user is a certified user, access is provided to a testing routine of the analytical instrument.

Abstract: A method of arming or disarming a building security system includes transferring an electronic security credential file from an authorizing environment to a mobile computing device. The electronic security credential file is read by the mobile computing device to extract authentication data. The authentication data is transmitted from the mobile computing device and received at the building security system. Within the building security system, the authentication data is used to verify that a user of the mobile computing device is authorized to communicate with the building security system. The mobile computing device is enabled to communicate with the building security system only if the electronic security credential file has been used to verify that a user of the mobile computing device is authorized to communicate with the building security system.

Abstract: In a first embodiment of the present invention, a method for operating a presence server in a home network is provided, the method comprising: receiving a request for presence information; sending an event notification to all subscribed control points informing them of the request for presence information; receiving an action from one of the subscribed control points accepting or rejecting the request for presence information; and if the action received from the one of the subscribed control points accepts the request for presence information, causing presence information regarding the one of the subscribed control points to be sent to the entity that sent the request for presence information.

Abstract: Mechanisms are provided for performing centralized control of application sessions across a distributed computing environment comprising a plurality of application servers. A request to perform an application session control operation to control the application sessions associated with a specified user account identifier across the plurality of application servers in the distributed computing environment is received. A plurality of application instances upon which to perform the requested application session control operation are identified. An application session control request is transmitted to a plurality of session control clients associated with the application instances on the plurality of application servers of the distributed computing environment.

Abstract: A microblog server receives sharing information required for sharing a microblog message transmitted by a microblog client. Generate a microblog data packet according to the sharing information, and transmit the microblog data packet to an instant messaging (IM) client, such that the IM client displays the microblog message to be shared according to the microblog data packet.

Abstract: An apparatus for electronic signature verification, including a grouping unit to group, into at least one group, a plurality of kernels included in an application to which electronic signature verification is to be performed, and an electronic signature verification unit to perform electronic signature verification with respect to the at least one group.

Abstract: A method begins with a processing module receiving a data retrieval request and obtaining a real-time indicator corresponding to when the data retrieval request was received. The method continues with the processing module determining a time-based data access policy based on the data retrieval request and the real-time indicator and accessing a plurality of dispersed storage (DS) units in accordance with the time-based data access policy to retrieve encoded data slices. The method continues with the processing module decoding the threshold number of encoded data slices in accordance with an error coding dispersal storage function when a threshold number of the encoded data slices have been retrieved.

Abstract: There is provided a system for regulating access and managing distribution of content in a network, such as the Internet. The system includes communication gateways, installed at a subscriber site, internet control points, installed remotely, and various network elements installed throughout the network. The communication gateways and network elements operate in conjunction with the internet control points to restrict or allow access to specified Internet sites and to manage efficient distribution of content such as music, video, games, broadband data, real-time audio and voice applications, and software to subscribers.

Abstract: There is provided a method and system for securely coupling and transferring data between devices. In a preferred embodiment, the devices may comprise two devices, a transferring device and a receiving device, and both devices are mobile devices. Embodiments of the present invention allow the wireless transfer of data such as contacts, photo images, video files, or other data from one device to another device, without need for special hardware or cabling.

Abstract: A system for, and method of, generating a plurality of proxy identities to a given originator identity as a means of providing controlled access to the originator identity in electronic communications media such as e-mail and instant messaging.

Abstract: Transfer of data between at least one supervisory control and data acquisition (SCADA) device and an advanced metering infrastructure (AMI) device via a wireless communication network is facilitated. The data is used for monitoring and/or controlling the AMI device. A protocol conversion of the data is performed to facilitate transfer of the data between the SCADA device and the AMI device as data packets via a packet data network gateway and a wireless communications network.

Abstract: In one embodiment, a method includes receiving a request to access a shared device. The request may include data uniquely identifying a first user of the social-networking system. The first user may be represented by a first user node in a social graph associated with the social-networking system, and wherein the social graph comprises a plurality of user nodes and a plurality of edges connecting the user nodes. The method may further include determining that a social-networking account for each of one or more second users of the social-networking system was compromised, wherein each of the second users previously accessed the shared device. Each of the second users may be respectively associated with second user nodes in the social graph. The method may further include sending, to the shared device, a message indicating that the social-networking accounts for the second users were compromised.

Abstract: Techniques for multi-protocol peer-to-peer connection are described. An apparatus may comprise a discovery component to discover a remote device using a first protocol, and receive discovery information from the remote device, the discovery information including protocol information. The apparatus may comprise an authentication component to authenticate the remote device. The apparatus may comprise a connection component to establish a peer-to-peer connection with the remote device using a second protocol based on the protocol information. Other embodiments are described and claimed.

Abstract: A method, non-transitory computer readable medium, and apparatus for providing a tool menu based upon a document displayed on an endpoint device are disclosed. For example, the method opens the document requested by a user in the endpoint device, detects one or more portions of the document that require data entry, determines a type of data entry that is required for the one or more portions of the document that are detected to require data entry, detects one or more configuration settings of the endpoint device and displays one or more tools selected from a plurality of tools on the tool menu based upon the type of data entry that is required for the one or more portions of the document and the one or more configuration settings of the endpoint device.

Abstract: Disclosed herein are systems, methods, and software for facilitating application licensing. In at least one implementation, license information for an application is identified based at least in part on a developer profile associated with the application and a state of a license for the application identified from at least a portion of the license information. Presentation of the application in accordance with the state of the license for the application can then be initiated.

Abstract: A system and method for managing communication. The system and method applying to but not limited to settop boxes (STBs) and other devices used to interface services. The management including any number of features and processes associated with achieving Quality of Service (QoS) across different domains and according to network limitations associated with the same.

Abstract: A lightweight solution enables the exchange of multimedia information in a secure manner. Exchanged cryptographic material can be used to encipher multimedia message-oriented communications between devices. This lightweight solution can be used by common off the shelf devices such as smartphones, tablets, feature phones, or special purpose machine to machine devices for private communications, such as command and control, location services, video, audio, electronic attachments, etc. using insecure voice or data communication paths, such as MMS.

Abstract: A system and method identifies mobile applications that can have an adverse effect on a mobile device or mobile network. In an implementation, a server monitors behavioral data relating to a mobile application and applies a model to determine if the application has an adverse effect or has the potential to cause an adverse effect on a mobile device or a network the mobile device may connect to. A mobile device may monitor behavioral data, apply a model to the data, and transmit a disposition to the server. The server may aggregate behavioral data or disposition information from multiple devices. The server may transmit or make available the disposition information to a subscriber through a web interface, API, email, or other mechanism. After identifying that an application may have an adverse effect, the server may enact corrective actions, such as generating device or network configuration data.

Abstract: A method and system for detection of intrusion in networked control systems, is provided. The method includes generating an operating model of a system being controlled. The operating model of the system comprises a relationship between a plurality of components in the system defined by a plurality of parameters. Further, the method includes calculating an estimated value of at least one parameter for at least one component in the system. The operating model is used to calculate the estimated value of the at least one parameter. Furthermore, the method includes measuring a latest value of at least one parameter at a predefined interval. The method also includes triggering an alert for intrusion for the at least one component based on an analysis of at least one of the latest value and the estimated value of at least one parameter.

Abstract: A relay device includes a memory and a processor coupled to the memory. The processor executes a process including storing association relationship information in which a session identifier for identifying a session established between a server and a client by a program running on the server is associated with a server identifier for identifying the server. The process includes determining whether a session identifier contained in a message received from a distributing device is contained in the association relationship information stored at the storing. The process includes selecting a relay system used when the received message is transferred to the server in accordance with a program that has established a session indicated by the session identifier contained in the message. The process includes transferring the message by using the relay system selected at the selecting.

Abstract: Techniques for ranking a set of vulnerabilities of a computing asset and set of remediations for a computing asset, and determining a risk score for one or more computing assets are provided. In one technique, vulnerabilities of computing assets in a customer network are received at a vulnerability intelligence platform. Breach data indicating set of breaches that occurred outside customer network is also received. A subset of the set of vulnerabilities that are most vulnerable to a breach is identified based on the breach data. In another technique, multiple vulnerabilities of a computing asset are determined. A risk score is generated for the computing asset based on the vulnerabilities. In another technique, multiple remediations associated with a risk score and multiple vulnerabilities are identified. The remediations are ordered based on the remediations that would reduce the risk score the most if those remediations were applied to remove the corresponding vulnerabilities.

Abstract: A computer implemented method and apparatus comprises detecting a file content update on a first client computer system, the file to be synchronized on a plurality of different types of client computer systems in a plurality of formats. The method further comprises associating a security policy with the file, wherein the security policy includes restrictions to limit one or more actions that can be performed with the file, and synchronizing the file to a second client computing system while applying the security policy to provide controls for enforcement of the restrictions at the second client computer system.

Abstract: Techniques for providing data in dynamic account and device management are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for providing data in dynamic account and device management. The system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to identify a user device to be managed. The one or more processors may be configured to transmit a request for delegate authority to manage the user device. The one or more processors may be configured to receive delegate authority to manage the user device. The one or more processors may be configured to provide network access to the user device. The one or more processors may also be configured to manage the user device and monitor data communicated to and from the user device.

Abstract: In one embodiment, a capable node in a low power and lossy network (LLN) may monitor the authentication time for one or more nodes in the LLN. The capable node may dynamically correlate the authentication time with the location of the one or more nodes in the LLN in order to identify one or more authentication-delayed nodes. The node may then select, based on the location of the one or more authentication-delayed nodes, one or more key-delegation nodes to receive one or more network keys so that the key-delegation nodes may perform localized authentication of one or more of the authentication-delayed nodes. The capable node may then distribute the one or more network keys to the one or more key-delegation nodes.

Abstract: A method and apparatus for generating a password in real time by creating at least one password map during creation of an account associated with a user, and generating and providing a random password hint sequence grid to the user in real time, authenticating the user for accessing the account using a password created by the user, where the password is created by the user using the random password hint sequence grid and the at least one password map.

Abstract: Disclosed herein is a technique for securely provisioning access control entities (e.g., electronic Subscriber Identity Module (eSIM) components) to a user equipment (UE) device. In one embodiment, a UE device is assigned a unique key and an endorsement certificate that can be used to provide updates or new eSIMs to the UE device. The UE device can trust eSIM material delivered by an unknown third-party eSIM vendor, based on a secure certificate transmission with the unique key. In another aspect, an operating system (OS) is partitioned into various sandboxes. During operation, the UE device can activate and execute the OS in the sandbox corresponding to a current wireless network. Personalization packages received while connected to the network only apply to that sandbox. Similarly, when loading an eSIM, the OS need only load the list of software necessary for the current run-time environment. Unused software can be subsequently activated.

Abstract: Systems and methods for secure control of a wireless mobile communication device are disclosed. Each of a plurality of domains includes at least one wireless mobile communication device asset. When a request to perform an operation affecting at least one of the assets is received, it is determined whether the request is permitted by the domain that includes the at least one affected asset, by determining whether the entity with which the request originated has a trust relationship with the domain, for example. The operation is completed where it is permitted by the domain. Wireless mobile communication device assets include software applications, persistent data, communication pipes, and configuration data, properties or user or subscriber profiles.

Abstract: A method of using a mobile terminal to implement cloud searching is provided. The method includes receiving, by the mobile terminal, searching conditions inputted by a user; executing, by the mobile terminal, local searching; and detecting whether networking is executed. If networking is executed, the method includes detecting, by the mobile terminal, whether the local stores user account information; and connecting to a cloud server when the local of the mobile terminal stores the user account information. If networking is not executed, the method includes returning local searching results. The method further includes transmitting, by the mobile terminal, the searching conditions to the cloud server; and executing, by the cloud server, cloud searching according to the searching conditions; and returning searching results to the mobile terminal.

Abstract: Provided are techniques for controlling access to computing resources comprising generating a first fingerprint corresponding to a first executable file; storing the fingerprint in a non-transitory computer-readable storage medium; receiving a request to execute a second executable file on a computing system; generating a second fingerprint corresponding to the second executable file; determining whether or not the first fingerprint matches the second fingerprint; and, in response to determining that the first and second fingerprints match, executing the executable file on the computing system; and, in response to determining that the first and second fingerprints do not match, preventing the executable file from executing on the computing system.

Abstract: A system for an electronic authentication client and a processing method thereof, and a system for electronic authentication and a method thereof are disclosed.

Abstract: Embodiments of the present invention provide a method, a device and a communications system for network convergence, which can support a charging manner of a network to which an access user belongs. The method for network convergence includes: after authentication of an access user is successful, receiving, by a second gateway, a PDN connection establishment message corresponding to the access user, where the message carries an access user identifier and is sent by a first gateway, the first gateway is a gateway of a first network in which the access user is currently located, and a service borne by the PDN connection corresponding to the access user includes a network side service of the access user in the first network; and initiating, by the second gateway, according to the access user identifier, a charging procedure corresponding to the access user.

Abstract: The technology includes a method for a computing device (console) to restrict transferring information to others on the Internet. A user does not have to explicitly make a choice of having the console restrict the transferring of information to an external computing device because the technology determines that such information cannot be transferred. When an application is loaded, a NSAL is read to determine whether the application will communicate with an external computing device. A NSAL may include authorized network addresses that an application may communicate with when executing on a computing device. When the NSAL does not include any network addresses, there is no need to obtain consent from a user regarding transferring the information externally because the application does not have the capability to do so. When one or more network addresses are includes in a NSAL, consent from a user is obtained.

Abstract: Automatic identification and authentication of a user of a mobile application entails receiving from the wireless communications device a unique device identifier and an e-mail address corresponding to the wireless communications device, associating a registration identifier with the unique device identifier and the e-mail address, generating an authentication token, and communicating the authentication token and the registration identifier to the wireless communications device.

Abstract: A technique for providing a prediction as to whether a resource will be accessible to a user is described. The technique can involve comparing asserted membership in a wireless realm with membership records. Advantageously, a user can be made aware of the likelihood of access to a resource before attempting to reach the resource.

Abstract: Systems and methods are provided for handling a malicious computer-related security event that occurs at central network access points of the Internet involving networks of autonomous and different internet service providers. A system includes a non-signature based security event detection software system operating on a first computer connected to a first network of a first internet service provider, where the non-signature based security event detection software system detects the security event by examining runtime state of the first computer. A security event management software system operates on a processor-based platform and has access to security event detection results generated by the non-signature based security event detection software system.

Abstract: Systems and methods for controlling communication systems for the hearing impaired are disclosed. A portable communication device requests control over a plurality of communication devices. The portable communication device connects to and controls the plurality of communication devices. The portable communication device includes a user interface that enables a user to transfer a call from a first communication device to a second communication device.

Abstract: A method may also include receiving from each of one or more of potential peer information handling systems a connection request comprising a peer minimum acceptable security level for the peer information handling system. The method may additionally include comparing the peer minimum acceptable security level to a security level of the information handling system. The method may further include completing a peer-to-peer connection between the information handling system and the peer information handling system if the minimum acceptable security level is not higher than that of the security level of the information handling system.

Abstract: A device receives a request to authenticate an end user of a user device based on a requested use of an application by the user device, and communicates with an authentication client, provided in the user device, to perform an authentication requested by the request. The device also generates a response to the request based on the communication with the authentication client, where the response indicates that the end user is or is not authenticated to use the application. The device further provides the response to an application server device hosting the application.

Abstract: A recommendation engine for identity management is disclosed. A data store including an identity management access database is provided. Suggested access entitlement operations for potential identities of a listing of identities on which to perform access entitlement operations are generated. Suggested access entitlement operations for the potential identities of the listing of identities on which to perform access entitlement operations are offered through a user interface.

Abstract: A method for detecting an IP address. An access router releases the routes of a detected IP address via a first interface and a second interface, and sets the priority of the route released via said first interface lower than that of the route released via said second interface. After having received by said access router a WEB request by the user via said first interface, the method comprises searching a session record corresponding to said WEB request; establishing by said access router the session record corresponding to said WEB request when the corresponding session record is not found, and returning a redirecting message taking said detected IP address as the re-directed destination IP address; and after having received by said access router via said second interface the message taking said detected IP address as the destination IP address, determining that the user who sent said message is an illegal user.

Abstract: A system and method are provided for identifying inappropriate content in websites on a network. Unrecognized uniform resource locators (URLs) or other web content are accessed by workstations and are identified as possibly having malicious content. The URLs or web content may be preprocessed within a gateway server module or some other software module to collect additional information related to the URLs. The URLs may be scanned for known attack signatures, and if any are found, they may be tagged as candidate URLs in need of further analysis by a classification module.

Abstract: Methods, devices, and systems are disclosed for simulating a large, realistic computer network. Virtual actors statistically emulate the behaviors of humans using networked devices or responses and automatic functions of networked equipment, and their stochastic actions are queued in buffer pools by a behavioral engine. An abstract machine engine creates the minimal interfaces needed for each actor, and the interfaces then communicate persistently over a network with each other and real and virtual network resources to form realistic network traffic. The network can respond to outside stimuli, such as a network mapping application, by responding with false views of the network in order to spoof hackers, and the actors can respond by altering a software defined network upon which they operate.

Abstract: Method for monitoring an online identity of a user on a network is described. In one example, data exchanged between a browser client on a device associated with the user and the network is monitored. Creation or use of an online identity by the user is detected within the data. The online identity is associated with a host site. The host site may be any of a plurality of point of presence sites. A notification of the online identity is generated for presentation to a custodian of the user. The notification may then be sent to the custodian.