Abstract: Examples disclosed herein relate to generating communities on a security information sharing platform. Some examples may enable identifying a set of community attributes to be used to generate a community on the security information sharing platform that enables sharing of security information among a plurality of communities. Some examples may enable authorizing a first user to access community-based security information of the community where the first user is associated a set of user attributes that satisfy the set of community attributes. A security indicator may be obtained from the first user of the community. Information related to the security indicator may be obtained from a second user of the community. Some examples may enable including the security indicator and the information related to the security indicator in the community-based security information of the community.

Abstract: A method and apparatus that securely obtains services in response to a request for a service while concealing personally identifiable information (PII) includes a software package having a user identification (ID) and network protection module that runs on a third party system and an anonymizer module that runs on a user system. The user system sends the request for the service via an API that invokes the user ID and network protection module to validate the request. In response to receiving validation, the anonymizer module modifies the request for the service to conceal at least part of the PII and sends the modified request to the service provider. In one embodiment, the third party system may be an application program configured to run on the user system. Thus, no PII or data to identify the unique individual is transmitted to the service provider.

Abstract: A communication control device includes: a device connection unit that is configured to establish connection to a plurality of communication devices; a controller that is configured to control communication between the plurality of communication devices, which is connected to the communication control device by the device connection unit, and a counterpart device via a line; and a memory that is configured to store protection-target information including at least information for communication with the plurality of communication devices connected by the device connection unit.

Abstract: Methods, systems, and apparatuses are described for multi-component asset transfer. A plurality of references can be generated from a manifest of a content asset. A monitoring agent can determine when a content item for the content asset is received and modify the state of the corresponding reference.

Abstract: A method, system, and computer program product allows users to manage brand interaction with other users. In one aspect, a plurality of social user records and a plurality of commercial user records, corresponding to a plurality of social users and a plurality of commercial users, respectively, are stored on a data storage module. A plurality of brand identifiers is also stored on the data storage module, wherein each brand identifier identifies a brand associated with a commercial user. A plurality of social user pages are generated, wherein each social user page displays content based on a social user record belonging to corresponding social user. Each social user page is controllable by the social user to be accessible to a set of selected users of interest to that social user. The content displayed by the social user page is controllable by the social user to maintain the social user's anonymity.

Abstract: There is provided a method for determining a sequence number for transmitting a packet from a first apparatus to a second apparatus as part of a flow of packets, determining a flow identifier for identifying a security association for the flow, wherein the flow identifier is determined in dependence on the sequence number, and transmitting the packet includes transmitting the sequence number and the flow identifier to the second apparatus.

Abstract: A system is described that can perform a method for providing a first mobile network operator system with information relating to configuration data. The configuration data enables management of content and memory allocation for security domain containers of a universal integrated circuit card of a communication device. Security management of the universal integrated circuit card is delegated by providing the configuration data to a second mobile network operator system to enable management of the content and the memory allocation for the security domain containers. The memory allocation is adjusted by the second network mobile operator system according to a second group of services provided to the communication device.

Abstract: Devices in a wireless telecommunication system can implement a blockchain that is distributed among the devices. For example, a base transceiver station of the wireless telecommunication system can receive, from a mobile device, a wireless radio communication that includes information associated with a blockchain transaction. The base transceiver station can convert the information associated with the blockchain transaction into an internet protocol (IP)-based format. The base transceiver station can update the blockchain by propagating the formatted information to other base transceiver stations of the wireless telecommunication system through an IP-based network that is internal to the wireless telecommunication system.

Abstract: A method for managing an application and a terminal, where the method includes launching an application in response to an operation on the application received from a user, wherein a time limit is preset for the application, displaying a notification indicating that a use duration of the application reaches the time limit and a time extension is requested at a predetermined moment before the time limit expires, displaying an interface for an identity authentication after the time extension is selected by the user, and extending the use duration of the application when an identity authentication of the user succeeds. Thus the use duration of the application is manageable and controllable.

Abstract: Concepts and technologies disclosed herein are directed to universal peer-to-peer signaling network virtualization and orchestration. According to one aspect of the concepts and technologies disclosed herein, a universal DIAMETER orchestrator can determine DIAMETER peer nodes to be utilized to handle DIAMETER signaling traffic for a service. The universal DIAMETER orchestrator can allocate transport resources over which a transport connection between the DIAMETER peer nodes can be established. In some embodiments, the universal DIAMETER orchestrator can allocate the transport resources on-demand. The universal DIAMETER orchestrator can allocate DIAMETER resources to provision DIAMETER signaling interfaces to handle the DIAMETER signaling traffic between the DIAMETER peer nodes. In some embodiments, the universal DIAMETER orchestrator can allocate the DIAMETER resources in accordance with a rule to override a traditional DIAMETER routing agent.

Abstract: Disclosed is a chat group management method, including: detecting a message receiving mode corresponding to a chat group; obtaining a degree of interest of a user for chat group messages and an activity degree of the user in the chat group in accordance with a determination that the message receiving mode corresponding to the chat group is a mute-notification receiving mode; determining an importance ranking for the chat group according to the degree of interest and the activity degree; and updating the chat group's position among a plurality of chat groups in accordance with the importance ranking.

Abstract: A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files, and patterns within this event graph can be used to detect the presence of malware on the endpoint. The underlying recording process may be dynamically adjusted in order to vary the amount and location of recording as the security state of the endpoint changes over time.

Abstract: Methods, systems and computer products for ensuring session correctness for subscribing clients connected to a publish-subscribe broker via a gateway having intermittent connectivity with the broker. The gateway is configured to: (1) subscribe to one or more topics of a publish-subscribe service controlled by the broker in response to one or more subscription sessions initiated by one or more subscribing clients connected to the gateway for subscribing to the topic(s), (2) identify session parameters indicative of activity state of each subscription session, (3) reconnecting to the broker following a disconnection period, (4) receiving from the broker one or more messages published on the topic(s) during the disconnection period, the broker correlates each message with message properties, and (5) publish each message to one or more of the subscribing clients based on compliance of the message properties of the respective message with the session parameters of the respective subscription session.

Abstract: In an end user application running on a computer, for the purpose of collaborative modification of shared electronic documents, a graphical user interface is provided that facilitates storing an electronic document in shared storage. This graphical user interface includes a graphical element that conveys information about shared status of the currently accessed electronic document to the end user. Through input devices of the end user computer, an end user can manipulate this graphical element. Certain manipulations of this graphical element instruct the end user computer to store the currently accessed electronic document in shared storage if that electronic document has not yet been stored in shared storage. After the electronic document is stored in shared storage, the graphical user interface facilitates sharing of the electronic document with others. A graphical user interface that allows an electronic document to be quickly shared improves user efficiency and productivity in collaborative authoring.

Abstract: A computer implemented method includes receiving ephemeral digital information from a source user, providing access to the ephemeral digital information to one or more recipient users in accordance with a time decay value associated with the ephemeral digital information, obtaining recipient status data corresponding to one or more of the recipient users, and modifying the time decay value of the ephemeral data to provide a personalized time decay value for at least one of the one or more recipient users based on the recipient status data such that at least one recipient user is able to obtain access to the ephemeral digital information based on their personalized time decay value.

Abstract: A system includes devices, first and second cluster servers, and a global server. The first cluster server updates a second set of parameters for the first device and a first set of parameters for the second device. The second cluster server updates a fourth set of parameters for the third device and a third set of parameters for the fourth device. The global server updates the first set of parameters and the second set of parameters for the second cluster server and updates the third set of parameters and the fourth set of parameters for the first cluster server.

Abstract: Methods and systems for verifying the identity and trustworthiness of a user of an online system are disclosed. In one embodiment, the method comprises receiving online and offline identity information for a user and comparing them to a user profile information provided by the user. Furthermore, the user's online activity in a third party online system and the user's offline activity are received. Based on the online activity and the offline activity a trustworthiness score may be calculated.

Abstract: Methods and apparatus for interfaces to manage direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator selects a target endpoint router at which to establish a physical link to implement the dedicated connectivity, and transmits a response identifying the target endpoint router and including configuration instructions for setting up a physical link for the dedicated connectivity.

Abstract: A method of performing a change of a primary node in a blockchain network includes a backup node of the blockchain network determining that an epoch change needs to be performed, determining a respective weight of the backup node associated with each of three phases of a consensus process in a current epoch, determining a weight sum for the backup node based on the respective weights, sending an EPOCH_CHANGE message to the other network nodes to apply for a new primary node in a new epoch, receiving NEW_EPOCH messages from the other network nodes, determining whether a number of valid NEW_EPOCH messages exceeds a second predetermined threshold, and determining the backup node to be the new primary node in the new epoch in response to determining that the number of valid NEW_EPOCH messages exceeds the second predetermined threshold.

Abstract: A method for controlling access to a shared resource for a plurality of collaborative users includes securely providing, on a storage and device entity, the shared resource. The shared resource is created by a resource owner entity. The method further includes specifying access control rules for the shared resource, translating the access control rules into a smart contract, including the smart contract into a blockchain, and if a second user requests access to the shared resource, performing access decisions for the shared resource by evaluating the smart contract with regard to the access control rules.

Abstract: In accordance with embodiments of the present disclosure, a method may include: (i) retrieving a profile from a management controller of an information handling system, the management controller configured to provide management of the information handling system via management traffic communicated between the management controller and a dedicated management network external to the information handling system, and the profile including data regarding a configuration of the management controller; (ii) comparing the profile to one or more golden profiles to determine whether security of the management controller has been compromised; (iii) responsive to the profile matching a golden profile of the one or more golden profiles, permitting the management controller to continue execution; and (iv) responsive to the profile failing to match a golden profile of the one or more golden profiles, taking remedial action with respect to the management controller.

Abstract: An integrated circuit includes transistor devices, each having a back gate. A controller is connected to the back gate to apply voltages to the back gate, wherein a first mode includes a first voltage for operational threshold voltages for the transistor devices, and a second mode includes a second voltage that enhances threshold voltage variability of the plurality of transistor devices to provide a physically unclonable function (PUF) for chip identification.

Abstract: In various embodiments, the disclosed systems, methods, and apparatuses describe the use of encryption mechanisms (for example, a Kerberos encryption mechanism) to prevent the theft of a device, such as, a network switch (for example, an Ethernet switch) and/or any physical modules (such as, pluggable optics modules) stored therein. In one embodiment, one or more keys can be centralized in the device such as a network device or can be decentralized at a head-end, or stored higher in various layers of the network. In an embodiment, a lack of matching of the various keys associated with the network switch and/or the physical modules and/or packets encrypted and/or decrypted with the keys to one another upon a test, can render the devices such as a network device inoperable and/or may render one or more pluggable optics, a group of such pluggable optics or an entire PCB board or switch comprising one or more pluggable optics and/or physical modules inoperable.

Abstract: The subject matter describes software, devices, networks, and methods to configure a non-cellular interface of a wireless device to establish two or more wireless links in a hybrid of cellular network and a non-cellular network. The advantage of concurrent uses of non-cellular interfaces maximizes the use of computing and communication resources to perform multi-hop communication and to expand the coverage of cellular networks.

Abstract: Secure handsfree proximity-based access control is provided by a system that includes one or more system devices located near different secured resources. Each system device may broadcast a changing unique identifier to user devices in wireless range of the system device. The system may also include an application that runs on each user device, and that obtains a signal strength measurement in response to receiving or detecting a current identifier advertised from a system device. The application may request access to a secured resource over one or more available wireless networks in response to satisfying the signal strength threshold. The system may include an access control unit that authorizes access to the secured resource based on the earliest arriving request, and further based on an identifier of the request matching to the current identifier, and the current identifier not having been previously used to obtain access to the secured resource.

Abstract: An apparatus includes a memory and a hardware processor. The memory stores security restrictions. The processor detects that a user attempted to access a third-party application that does not use the stored security restrictions and communicates the stored security restrictions to the third-party application. The processor also receives a message indicating that the third-party application registered the security restrictions, determines, based on the stored security restrictions, that the user should be granted access to the third-party application, and in response to the determination that the user should be granted access to the third-party application, redirects the user to the third-party application.

Abstract: Systems and/or methods provide a user of a first computing device with the ability to authenticate themselves on a remotely provided process or service using a second computing device on which the user is already authenticated. For example, the techniques of this disclosure provide a user with the ability to securely log into a remotely provided service or application (such as e-mail, cloud computing service, etc.) on a first computing device (e.g., a desktop computer, laptop, tablet, etc.) using a second computing device (e.g., mobile phone) on which the user is already logged into the service or application, without requiring manual entry of authentication information on the first computing device.

Abstract: One aspect of the present disclosure relates to a system that can modulate the intensity of a neural stimulation signal over time. A pulse generator can be configured to generate a stimulation signal for application to neural tissue of an individual and modulate a parameter related to intensity of a pattern of pulses of the stimulation signal over time. An electrode can be coupled to the pulse generator and configured to apply the stimulation signal to the neural tissue. A population of axons in the neural tissue can be recruited with each pulse of the stimulation signal.

Abstract: The disclosed technology provides solutions for performing rapid authentication and authorization for distributed containerized microservices. In some aspects, a process of the technology can include steps for: associating a service type with a set of microservices or service pods, detecting deployment of a first microservice on a first host, and receiving an authentication and authorization state from a first virtual network edge (VNE) of the first host. In some aspects, the process can further include steps for distributing the authentication state to a second VNE on a second host, wherein the authentication state is configured to facilitate authentication of one or more subsequent microservices instantiated on the second host by the second VNE. Systems and machine readable media are also provided.

Abstract: A method implemented by a server includes: sending a link short message (LSM) to a terminal; generating a communication token (C token) based on a link request of the terminal, and determining whether the server has stored another identical C token; when negative, storing the C token, and sending web data and the C token to the terminal; when affirmative, further determining whether a web cookie in the link request contains a browsing token identical to the C token; when affirmative, sending the web data to the terminal; and when negative, sending a verification short message (VSM) to the terminal, and sending the web data to the terminal upon receiving a verification request within a predetermined duration since sending the VSM.

Abstract: Various embodiments include, for example, a wireless device that includes a short-range wireless transceiver to communicate RF signals including a beacon signal to identify the wireless device and to facilitate the association of the wireless device with the plurality of mobile communication devices in proximity to the wireless device. Each corresponding one of the plurality of mobile communication devices includes a mobile communication device processor that executes a student application, downloaded from an app store associated with the operating system of the corresponding one of the plurality of mobile communication devices that facilitates location of the corresponding one of the plurality of mobile communication devices. Attendance data is stored indicating that a student associated each corresponding one of the plurality of mobile communication devices is in a classroom associated with the wireless device. Other embodiments are disclosed.

Abstract: A network apparatus includes: a plurality of network interfaces; a first communication unit configured to communicate with an input and output apparatus in a first network with which a first network interface of the plurality of network interfaces is coupled; a second communication unit configured to communicate with a first device in a second network with which a second network interface of the plurality of network interfaces is coupled; and a third communication unit configured to communicate with a second device in a third network with which a third network interface of the plurality of network interfaces is coupled. When the second communication unit receives data from the second network, the data is transmitted to the first network through the first communication unit without being transmitted to the third network.

Abstract: The present invention is generally directed to a playback device configured to audibly output audio in a multi-network environment. The device may include a network interface to receive audio and/or video data over a plurality of wireless networks; speaker drivers; one or more color indicators associated with wireless networks; a user interface to receive a user's selection of a specific wireless network through a the use of a color indicator; and one or more processors to sign into a selected first wireless network and receive data therefrom, and to audibly output the data received; receive from the user interface a selection of a specific color, the specific color associated with a second wireless network; sign out of the specific wireless network and into the second wireless network; and receive from the second wireless network data, and output the audio via the one or more speaker drivers.

Abstract: In a first embodiment, the “one tap” operation of this disclosure enables a user having a mobile device “one tap” mobile application (or “app”) to log-in to the user's desktop or laptop computer by bringing the user's device in physical proximity to the computer and, while in such proximity, accepting a push notification that is received on the mobile device. In a second embodiment, the user uses the “one tap” functionality to access a cloud-based account that has been set up for the user on a third party web application (e.g., SalesForce.com). The technique seamlessly integrates with third party websites using well-known protocols (e.g., SAML2), and it enables secure cross-origin resource sharing in a highly secure, reliable and available manner. Still another aspect of this disclosure is an enhanced proximity detection routine that is used to facilitate the one tap function when the user's mobile device is moved into proximity with the computer.

Abstract: Techniques are described herein for implementing a presence application server to handle Universal Profile (UP) transfers over roaming. The presence application server may receive a Session Initiation Protocol (SIP) request from a user device. The SIP request can include presence information of the user device, P-Access-Network-Info (PANI), and a subscriber identifier of a subscriber associated with the user device. Based at least on the presence information, the presence application server can determine whether the user device is UP capable. Additionally, the presence application server can determine whether the user device is roaming based at least on the PANI. If the user device is roaming, the presence application server can indicate that the user device is roaming and remove a tuple associated with the presence information indicating the UP capabilities of the user device in a SIP response. Removing the tuple suspends the user device's UP capabilities.

Abstract: In a first embodiment, the “one tap” operation of this disclosure enables a user having a mobile device “one tap” mobile application (or “app”) to log-in to the user's desktop or laptop computer by bringing the user's device in physical proximity to the computer and, while in such proximity, accepting a push notification that is received on the mobile device. In a second embodiment, the user uses the “one tap” functionality to access a cloud-based account that has been set up for the user on a third party web application (e.g., SalesForce.com). The technique seamlessly integrates with third party websites using well-known protocols (e.g., SAML2), and it enables secure cross-origin resource sharing in a highly secure, reliable and available manner. Still another aspect of this disclosure is an enhanced proximity detection routine that is used to facilitate the one tap function when the user's mobile device is moved into proximity with the computer.

Abstract: Malicious activity can be detected and prevented in real-time or otherwise. For example, a system of the present disclosure can receive a request from a user to obtain access to an entity, determine data objects based on the request, and access data-object network definitions corresponding to the determined data objects. The system can also receive a profile for the user indicating behavioral information relating to the user. The system can then determine a likelihood that the request is associated with malicious activity based on (i) the data objects, (ii) the profile, and (iii) the data-object network definitions. The system can allow or deny the user access to the entity based on the likelihood that the request is associated with malicious activity.

Abstract: A Wireless Fidelity (WI-FI) connection method and a mobile terminal for efficiently connecting to hidden access points. X parameters of a target Access Point (AP) are acquired, the X parameters at least includes the target SSID of the target AP, where X is a positive integer. WI-FI scanning is performed according to the X parameters. When the target AP is not found by the scanning, encryption schemes of one or more hidden APs are acquired to get the H encryption schemes, where H is a positive integer. WI-FI scanning is performed according to the target SSID and at least one of the H encryption schemes.

Abstract: A computer implemented method performed by an identity verification computing system includes receiving a request to provide an identity verification of a user via an entity computing system, the request including data associated with a user device associated with the user. A user-level profile associated with the user device is accessed. A user-level token is requested from the user device. The user-level token is associated with the user-level profile. The user-level token is received from the user device, and validated. An identity verification approval is transmitted to the entity computing system.

Abstract: An apparatus, and a method, performed by one or more processors are disclosed. The method may comprise receiving a build request associated with performing an external data processing task on a first data set, the first data set being stored in memory associated with a data processing platform to be performed at a system external to the data processing platform. The method may also comprise generating a task identifier for the data processing task, and providing, in association with the task identifier, the first data set to an agent associated with the external system with an indication of the data processing task, the agent being arranged to cause performance of the task at the external system, to receive a second data set resulting from performance of the task, and to provide the second data set and associated metadata indicative of the transformation.

Abstract: A system that incorporates teachings of the present disclosure may include, for example, a system having a controller to present an overlay to be combined with media content during presentation at each of a plurality of computing devices to illustrate a collection of user-generated comments temporally associated with portions of the media content, wherein the portions of the media content comprise portions of a media on demand presentation in an interactive television network, collect the user-generated comments from the plurality of computing devices, identify target portions of the media content that each satisfy a threshold number of comments and non-target portions of the media content that do not satisfy the threshold number of comments, generate comment groups of the user-generated comments, and provide the comment groups to the plurality of computing devices for presentation in the overlay.

Abstract: In an embodiment, a computer system configured to: generate a first challenge credential to be sent to a client computer; render one or more first dynamic-credential instructions, which when executed by the client computer, cause the client computer to generate a first dynamic credential that corresponds to the first challenge credential; modify a first set of instructions, which define one or more original operations, to produce a second set of instructions, wherein the second set of instructions include the first challenge credential and the one or more first dynamic-credential instructions, and which when executed by the client computer, cause the first challenge credential to be included in the one or more requests sent from the client computer; send the second set of instructions to a second computer.

Abstract: The disclosed computer-implemented method for protecting users may include (i) displaying, through a graphical user interface for a third-party security application executing within an operating system environment, a button for a user to select, (ii) displaying, through the graphical user interface, a prompt that prompts the user to select the button in order to receive a reward, (iii) configuring the graphical user interface such that selecting the button triggers both a conspicuous response that provides access to the reward and a more hidden response that initiates application of a security service to protect the user, and (iv) performing, based on receiving a selection of the button, both the conspicuous response and the more hidden response. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Nested namespaces for selective content sharing. In one embodiment, for example, a computer-implemented method includes the steps of: receiving a request to share a content item with a first set of user accounts held with a content management system; determining a first namespace to which the content item belongs; based on detecting that a second set of user accounts allowed to access the first namespace is different from the first set of user accounts, creating a second namespace nested in the first namespace; associating the first set of user accounts with the second namespace; and based on the first set of user accounts being associated with the second namespace, allowing the first set of user accounts to access content items, including the content item, belonging to the second namespace.

Abstract: In a case of a first function of carrying out a cooperative processing in accordance with an instruction from a user of a multifunction peripheral (10), the user is set as an execution user. In a case of a second function of carrying out a cooperative processing in accordance with an instruction from an application, a user instructed by the application is set as an execution user. Further, in a case where an execution user of a cooperative processing carried out using the first function and an execution user of a cooperative processing carried out using the second function are identical, use history information of the execution user is managed as use history information of a single user. This makes it possible to appropriately manage use history information of a cooperative processing.

Abstract: A technique is provided for establishing a secure access connection with electronic devices. The technique includes receiving a request for establishing the secure access connection, from an electronic device, via an access point associated with the electronic device. The technique further includes dynamically determining at least a local reputation score associated the access point, based on at least a plurality of parameters and pre-defined weights assigned to each of the plurality of parameters. The technique further includes establishing the secure access connection between the host device and the electronic device, via the access point, based on a comparison of an updated global reputation score with a pre-defined threshold. The global reputation score is updated based on the dynamically determined local reputation score.

Abstract: Industrial controller modules are configured with security components that implement backplane-level security protocols, thereby preventing installation of unauthorized modular devices on the backplane of an industrial controller. When a modular device is installed in the controller's chassis and interface with the backplane, security components in the processor module or other supervisory module initiates exchange of authentication data with the modular device via the backplane. The authentication data can comprise one or more security challenges to which the modular device must respond correctly before the modular device is permitted to operate on the backplane. These backplane-level security protocols can prevent installation of rogue modules that may be used to collect proprietary control data or interfere with control processes.

Abstract: Methods, apparatus, systems and articles of manufacture (e.g., physical storage media) to authenticate a first device for access to a first service provider are disclosed. Example methods disclosed herein include sending, by executing a first instruction with a processor at a first service provider, an authentication request from the first service provider to a second service provider. The authentication request is generated in response to an access request from the first device and includes an identification code assigned to the first device by the second service provider. Example methods also include obtaining, at the first service provider, an authentication response from the second service provider. The authentication response is generated by the second service provider in response to the authentication request. Example methods further include, based on the authentication response, granting, by executing a second instruction with the processor, the first device access to the first service provider.

Abstract: System for controlling usability of an electronic device (1), which host device comprises a processing unit (2), the system comprising a first control module (10), connected to the processing unit, said first control module comprising a modem (11) for communicating with a cellular network, and an access circuit (101) connected to the modem for cellular network access, which access circuit comprises a first secure element (12); a second control module (41) comprising a second secure element (411), configured to communicate with the first secure element over a communication link; wherein said access unit is configured to realize a state machine configured to set a usability state dependent on communication between the first secure element and the second secure element, and to control the device in accordance with said usability state.

Abstract: This invention aim to improves the flexibility of data flows management from sensor to cloud, datalake or other system, which can manage the overall data flows within the system and control them dynamically. As a result, it can reduce transmission cost and storage cost properly.