Abstract: Disclosed are examples of systems, apparatus, methods and computer program products for generating or updating cross-community streams. A plurality of communities can be maintained on behalf of a plurality of member organizations. Members of each community can have access to a corresponding set of records. One or more selections operable to assign one or more records to one or more cross-community streams can be displayed in a user interface on a display of a device of a first user. A first request from the first user to assign a first set of one or more records to a first cross-community stream can be processed. The first cross-community stream can be generated or updated.

Abstract: Systems and methods of the present disclosure facilitate managing information technology (IT) infrastructure. The system can include a server configured to retrieve data records for first and second IT assets, each asset comprising at least one of a computing device, a software application, an end user, a business unit, a piece of networking hardware, or an agreement for an IT service. The server can select a template comprising a relationship between the first and second data records. The system can include a link generator configured to generate a different relationship, absent from the template, between the first and second data records. The system can include a search engine configured to identify third and fourth IT assets that satisfy the second relationship, determine an indices of completeness for the third and fourth IT assets, and rank the third and fourth IT assets based on the indices to generate an ordered list.

Abstract: A system and method of evaluating one or more cybersecurity vulnerabilities to establish a priority metric for each of the one or more cybersecurity vulnerabilities, the method including: constructing a cybersecurity attack schema for each of the one or more cybersecurity vulnerabilities; determining, for each of the plurality of malicious actions of each of the one or more cybersecurity vulnerabilities, one or more resource metrics; obtaining, for each of the one or more cybersecurity vulnerabilities, one or more final resource metrics based on evaluating each of the one or more resource metrics; obtaining, for each of the one or more cybersecurity vulnerabilities, an impact metric that is indicative of a degree of damage that can be caused by the cybersecurity vulnerability; and calculating, for each of the one or more cybersecurity vulnerabilities, a cybersecurity priority level based on the impact metric and the one or more final resource metrics.

Abstract: A system for identifying data of interest from among a multiplicity of data elements residing on multiple platforms in an enterprise, the system including background data characterization functionality characterizing the data of interest at least by at least one content characteristic thereof and at least one access metric thereof, the at least one access metric being selected from data access permissions and actual data access history and near real time data matching functionality selecting the data of interest by considering only data elements which have the at least one content characteristic thereof and the at least one access metric thereof from among the multiplicity of data elements.

Abstract: A result of application of a test to information about a user (U) is securely transmitted between a source of information (A) and a destination of information (B) via an intermediary device (C). The source of information can be, for example, a database of personal data, and the destination of information (B) a server of a service provider performing services depending on an age limit. The intermediary device (C) minimizes the information that is made available to the source (A) and the destination (B) about the purpose of the test and the underlying data. To this end, the intermediary device (C) executes a secure comparison protocol with the source (A), whereby the encrypted result is additionally blinded, for example, with a blinding that comes from the user. The intermediary device (C) decrypts the blinded encrypted result, so that a blinded result is left. The destination B removes the blinding, preferably on the basis of blinding information of the user.

Abstract: A communications system includes a plurality of recipient processors located at geographically remote locations with respect to each other and connected for communication with an information provider processor, over the communications network. The provider and recipient processors may comprise respective computers coupled for communication on the Internet or WWW. The provider processor is capable of providing information form any suitable source, by communicating such information over a communications network. However, access to the information by the recipient processors is controlled, based on the geographic location or region of the recipient processors. Each recipient processor is operably associated with a positioning system for providing geographic location information corresponding to the location or region in which the positioning system is located, such as a global positioning system GPS.

Abstract: A method in a system for providing information about an association between an IP address of a UE and an ICCID of a SIM card used in the UE in a first security domain to an entity in a second security domain. The system comprises a MME, an HSS and a PDN-GW. The method comprises the MME retrieving at least the ICCID and optionally an IP address for the UE from the HSS, and sending the ICCID and optionally the IP address towards the PDN-GW. The method comprises the HSS receiving a request from the MME, and sending the ICCID and optionally the IP address to the MME. Still further, the method comprises the PDN-GW receiving the ICCID and optionally the IP address, if no IP address is received then the PDN-GW assigning an IP address, associating the IP address with the ICCID and informing the entity in the second security domain about the association between the IP address and ICCID in the first security domain.

Abstract: In one embodiment, a method includes detecting a request from a user agent of a client computing device of a user to access a communication network through the router; and automatically redirecting the user agent from a first network resource to second network resource. The first network resource is configured to authenticate the user to provide access to the communication network. The second network resource is configured to authenticate the user to provide access to a particular domain of the communication network. The method also includes providing to the user agent access to the particular domain of the communication network if the second network resource successfully authenticates the user.

Abstract: A database for location or geographic based services is secured by requiring location based requests to include a unique identifier that identifies the location as well as an authorization identifier associated with the location. The authorization identifier is information that is obtained by being physically present at the location, such as information from access points that are at the location or a position fix when present at the location. The authorization identifier may be non-unique but relatively time-invariant, making such information easily crowdsourced, but difficult to obtain unless physically present at the location. For example, the authorization identifier may be an SSID or a Beacon Frame, or a hash thereof from one or more devices at the location or a position fix.

Abstract: It is an object of the present invention to provide a communication system that makes it possible to designate, from among a plurality of first network nodes managed by a management device, a first network node that will acquire operation information on a second network node managed by another management device. A communication system according to the present exemplary embodiment includes a plurality of first network nodes, a management device managing the plurality of first network nodes, and a second network node managed by another management device different from the management device, wherein the management device selects, from among the plurality of first network nodes, a designated network node that will acquire operation information on the second network node, and the designated network node acquires operation information from the second network node and transmits the operation information to the management device.

Abstract: The present disclosure provides in some aspects a method for positioning by a positioning access point, and an apparatus, system and access point for the same. A positioning system includes an AP including a positioning AP for delivering a positioning WLAN signal containing a dedicated positioning information and a telecom AP for delivering a telecom WLAN signal; database for storing an identification information of the access point and a location information belonging to the AP and matching the identification information; terminal for communicating with the AP; and WLAN-based positioning server responsive to a positioning request from the terminal for comparing a parameter of a WLAN signal received from the terminal with an identification information of the positioning AP on a priority basis, and when there is a match of information, granting the location information of the relevant access point the highest priority to determine the location of the terminal.

Abstract: Systems, methods, and programs for generating an authorized profile for a text communication device or account, may sample a text communication generated by the text communication device or account during communication and may store the text sample. The systems, methods, and programs may extract a language pattern from the stored text sample and may create an authorized profile based on the language pattern. Systems, methods, and programs for detecting unauthorized use of a text communication device or account may sample a text communication generated by the device or account during communication, may extract a language pattern from the audio sample, and may compare extracted language pattern of the sample with an authorized user profile.

Abstract: A computer-implemented method for selectively authenticating a request based on an authentication policy is described. A request is received from a client. A determination is made as to which authentication threshold is applied to the request based on an authentication policy. The request is authenticated if the authentication threshold is satisfied. The authentication threshold is modified if the request is not successfully authenticated.

Abstract: An evaluation server is disclosed. The server comprises a processor, a memory, and an application stored in the memory. The application receives a request from an enterprise new accounts sever to predict the trustworthiness of an account applicant. The application then accesses a plurality of mobile communication service provider data stores that comprise information on mobile communication service provisioning events, wherein these events comprise at least one of voice mail redirect events of the mobile communication device, changing out of the mobile communication device for other mobile communication devices events, payment history, and adding international calling service events. The application then generates a confidence report about the trustworthiness of the account applicant based on the information found in the plurality of data stores. The application then transmits the confidence report to the enterprise server.

Abstract: A wireless computing device includes an antenna that is configured to transmit and receive wireless signals. The wireless computing device comprises a transmitter component that causes a first wireless signal to be transmitted to a wireless access point via the antenna, wherein the first wireless signal comprises a request for a location proof, wherein the request for the location proof comprises data that identifies the wireless computing device, and wherein the location proof comprises data that is indicative of a geographic location of the wireless access point. The system also includes a receiver component that receives, via the antenna, a second wireless signal from the wireless access point, wherein the second wireless signal is received by the receiver component subsequent to the transmitter component causing the first wireless signal to be transmitted to the wireless access point.

Abstract: Novel tools and techniques are provided for lawfully intercepting communications. In some embodiments, a lawful intercept application might be provided on a cloud computing system. The lawful intercept application might include an application programming interface (“API”) to exchange data with a plurality of different communication building blocks of different types. Communication intercept data associated with a particular communication between a lawful intercept subject and other parties may be received with the lawful intercept application. The communication intercept data may then be provided from a delivery function of the lawful intercept application to a collection function. In some cases, the collection function might be part of the lawful intercept application, might be located at a government facility separate from the cloud computing system, or might be two collection functions, one of which is part of the lawful intercept application and the other of which is located at the government facility.

Abstract: Systems, methods, and computer-readable media for identifying and managing wireless devices that are performing tethering services are described. The system may include a database and server. The database stores records of services subscribed by wireless devices in a wireless network. The server may poll the database to generate a list of wireless devices that are not subscribed to a tethering service. In turn, the server receives notification messages from each wireless device that is tethering at least one other network element. The wireless devices are identified as unauthorized by the server when the notification message indicates existence of a configured network address translation table at the wireless device and the wireless device is located on the list of wireless devices that are not subscribed to the tethering service.

Abstract: A mobile terminal that may be able to access a wireless communication network and a control method thereof are provided. The mobile terminal includes: a wireless communication unit configured to access a wireless communication network; a detection unit configured to detect a connectable wireless communication network through the wireless communication unit; and a controller outputting icons each corresponding to one or more wireless communication networks detected by the detection unit to a locked screen displayed in a locked state in which inputting of a control command with respect to an application is limited, releasing the locked state when selecting of any one of the output icons is detected, and controlling the wireless communication unit to access a wireless communication network corresponding to the selected icon.

Abstract: A system and method for embedding data is provided. The method comprises dividing the host data set into a plurality of blocks, wherein each block comprises a plurality of elements, generating a pattern connecting the elements of each block; and embedding data on the elements of block based on the pattern.

Abstract: A method for composing an authentication password associated with an electronic device is implemented by a password composing system including a display, a receiving unit, and a processing unit. In the method, the display is configured to display a start point, and a plurality of displayed paths. The receiving unit is configured to detect a set of user-input movements of a contact point at the display. The processing unit is configured to determine whether the user-input movements conform with a predefined valid user-input gesture, store a plurality of codes corresponding to the valid user-input gestures, and to compose the authentication password according to valid ones of the series of the user-input movements.

Abstract: A device management method, is disclosed in which available features on a slave mobile device are managed (monitored or controlled) by a slave manager module commanded by a master device through secure messages exchanged between the two devices using respective electronic messaging capabilities on the two devices. Selection of the features of the slave mobile device to be controlled or monitored is facilitated on the master device through a master manager module resident thereon. The features that are controlled or monitored may comprise any user-accessible feature incorporated or installed on the slave mobile device and user access to the feature may be prevented according to at least one criterion, such as date of use, time of day of use, number of times of use, originator and recipient. User access to the feature may be prevented access to the user-accessible feature when usage limitations for the feature have been reached.

Abstract: Systems and methods are described for enabling users to model security resources and user access keys as resources in a template language. The template can be used to create and update a stack of resources that will provide a network-accessible service. The security resources and access keys can be referred to in the template during both stack creation process and the stack update process. The security resources can include users, groups and policies. Additionally, users can refer to access keys in the template as dynamic parameters without any need to refer to the access keys in plaintext. The system securely stores access keys within the system and allows for templates to refer to them once defined. These key references can then be passed within a template to resources that need them as well as passing them on securely to resources like server instances through the use of the user-data field.

Abstract: A motion-based authentication method is operative in a mobile computing device having a display interface and that includes an accelerometer. Normally, the device software includes a locking mechanism that automatically locks the display interface after a configurable timeout. The authentication method operates to un-lock the display interface (and thus allow the user access to the device) by movement of the device in a predetermined series of physical movements and without display-based entry of a password or other access code on the display itself. In this manner, the user can un-lock the device without display-based entry of a password (on the display itself) by simply holding the device and performing the necessary movement(s) to generate the unique code.

Abstract: Obfuscating a message, in one aspect, may include detecting sensitive information in a message to be broadcast into public or quasi-public computer network environment; replacing the sensitive information in the message with a representation that preserves general aspects of the sensitive information and a user interface element, the user interface element for enabling a viewer of the message to request access to details of the sensitive information; and transmitting the replaced message for broadcasting into the public or quasi-public computer network environment. De-obfuscating the message, in one aspect, may include authenticating one or more viewers or receivers of the message and based on the authentication, presenting details associated with the sensitive information.

Abstract: A method of maintaining a version counter indicative of a version of memory content stored in a processing device. The method comprises selectively operating the device in a first or second mode. Access to the first mode is limited to authorized users and controlled separately from access to the second mode. In the first mode at least an initial integrity protection value is generated for cryptographically protecting an initial counter value of said version counter during operation of the processing device in the second mode; wherein the initial counter value is selected from a sequence of counter values, and the initial integrity protection value is stored as a current integrity protection value in a storage medium. In the second mode, a current counter value is incremented to a subsequent counter value; wherein incrementing includes removing the current integrity protection value from said storage medium.

Abstract: In an exemplary embodiment content of a data message to be sent on a control channel is determined, and a selection is made between ciphering and not ciphering the data message based on the determined content. By example if from the content it is determined that that the data message is a SMS message, ciphering is selected and the control channel is a SACCH; else ciphering is not selected. Such a determination may be made by checking a service access point identifier for a data block comprising the data message. A data message within a data block received on the control channel is determined to be ciphered or not ciphered using only information within the data block, and the received data message is processed according to the determination. In another embodiment the FACCH is selected for sending the message if it is a SMS, and ciphering is selected for all data blocks sent on the FACCH.

Abstract: A network device is configured to receive information from a number of different types of data collection devices. The information may relate to operation of devices in a network and communications in the network. The network device is configured to further analyze the information and determine that an issue exists relating to operation of the network. The network device is configured further to send a message to a policy device based on determining that the issue exists relating to the operation of the network. The policy device may generate or change a rule or policy associated with the operation of the network, based on the message, to instruct one or more other network devices to change the operation of the network.

Abstract: A mobile telecommunications network and method of operation that includes establishing a first user plane connection between a telecommunications device registered with the network and a network gateway device of the network via a first access point; providing the telecommunications device with a token using the first user plane connection; establishing a second user plane connection between the telecommunications device and the network gateway device via a second access point by using the token information to validate the telecommunications device; and, subsequent to establishment of and corresponding to the second user plane connection, establishing a control plane connection between the telecommunications device and the network gateway device via the second access point.

Abstract: A terminal identification method is provided which enables two-way communications between terminals and a network while identifying terminal IDs and protecting privacy. Also, authentication method and system are provided which require no complicated calculating process, less steps and smaller amount for wireless communications, and less power consumption. A server and terminal share a hash function and an initial value determined for each terminal, calculate the same temporary ID by hashing the initial value the same number of times with the hash function, and identify the terminal using the calculated temporary ID. The server and the terminal also hold a common hash function and authentication information, acquire an authenticating communication parameter from communication parameters temporarily common during communication, and generate an authentication key using the authentication information, the authenticating communication parameter, and the hash function.

Abstract: Device authentication is based on the ability of a human to synchronize the movements of his or her fingers. A pairing procedure for two wireless devices may thus involve a synchronization test that is based on the relative timing of actuations of input devices on each of the wireless devices. In some aspects a synchronization test involves determining whether actuations of user input devices on two different wireless devices occurred within a defined time interval. In some aspects a synchronization test involves comparing time intervals defined by multiple actuations of user input devices on two wireless devices.

Abstract: A service request is received and associated with a subscriber id. Profile information is accessed for the source of the service request. A copy of the profile information is stored in a network element employed by the source of the service request to access the network.

Abstract: An authentication method and system provides for a user requesting authentication where the authentication request includes Personally Identifiable Information (PPI) such as geolocation data. The user's device requesting authentication alters or encrypts the PII in order to prevent the PII's unintentional discovery by third parties or to comply with jurisdictional requirements for the safeguarding of PII. The receiving party saves the altered or encrypted PII for later use. In order to use the PII and perform calculations for authentication, the receiving party requests a trusted third party with knowledge of the methodology or key used to alter or encrypt the PII to perform calculations on the original values of the PII without saving the PII. The trusted third party returns a computed value to the receiving party where it is used to determine whether the user will be authenticated.

Abstract: Disclosed is a data processing apparatus providing a predetermined function by executing a program for the data processing apparatus, including a first storage unit that stores encoded execution starting data for starting execution of the program; a first decode key storage unit that stores a first decode key capable of decoding the encoded execution starting data; a start up unit that obtains the first decode key from the first decode key storage unit when turning on the power is accepted and decodes the encoded execution starting data by the first decode key to start executing the program; and an authentication confirmation unit that sends a request for authentication to an external apparatus after the start up unit starts executing the program and starts providing the predetermined function when obtaining an authentication result indicating the apparatus is authenticated from the external apparatus.

Abstract: A method for detecting unauthorized or unsecured access points is disclosed. At least one node of a computer network having a wireless network interface is identified. At least one of the identified nodes is requested to scan for detectable wireless access points. A listing of identified wireless access points is utilizing information gathered through at least one of the scans. An inventory of authorized wireless access points is formulated. The listing is compared to the inventory to identify unauthorized wireless access points. Also, security information may be gathered and analyzed for identified wireless access points.

Abstract: A method of and system for digital rights management, in which access to a piece of content is granted in accordance with a license owned by a license owner to a client who is a member of a domain. This requires successfully verifying that a membership relation exists between the client and the domain as reflected in a first state variable, and that an association relation exists between the license owner and the domain as reflected in a second state variable. Both relationships are revoked by executing an online protocol between the parties in the relationship after which both remove the corresponding state variable. The domain controller propagates the state administration relating to the domain is propagated to the client so that the client can update its state administration.

Abstract: The successful authenticating of a Network Access Identifier (NAI) process is enabled by an authenticating method and a mobile terminal for a Code Division Multiple Access (CDMA) EVolution to packet Data Optimized (EVDO) network.

Abstract: A technique that enables a portable device to be automatically associated with a plurality of computers. Information that a computer can use to authenticate a portable device and establish a trusted relationship prior to creating an association with the portable device is created and stored in a data store that is accessible by a plurality of computers and is associated with a user of the portable device. When a computer discovers such a portable device with which it is not yet associated, the computer can identify a user logged into the computer and use information identifying the user to retrieve authentication information that is device independent and is expected to be presented by the portable device to authenticate it and allow automatic association.

Abstract: A computationally implemented method includes, but is not limited to: determining that a computing device that was presenting an item has been transferred from a first user to a second user; and presenting, via the computing device, one or more highlighted portions of the item, the one or more highlighted portions being highlighted in response, at least in part, to said determining. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.

Abstract: A networked computer device can be customized to contain provisioning and/or authorization logic in its firmware or the firmware of one of its subcomponents. The computer device is thus configured to provision itself from a provisioning server that is identified within the firmware, and to periodically query an operations authority for continued authorization to operate with the received provisioning. Upon failure to receive authorization, the firmware may implement various security measures, such as storage protection, boot protection, communications protection, and so forth. The firmware may also implement remote reporting, to assist an investigator when a device has been lost or stolen.

Abstract: The present invention relates to communications, and in particular though not exclusively to forming a secure connection between two untrusted devices. The present invention provides a method of securely connecting a first device (A) to a second device (B) using a third party authentication server (AS) coupled to the second device, the first device and the authentication server both having first device shared secret data (SSDa) and the second device and the authentication server both having second device shared secret data (SSDb).

Abstract: A computationally implemented method includes, but is not limited to: determining that a computing device that was presenting an item has been transferred from a first user to a second user; and presenting, via the computing device, one or more highlighted portions of the item, the one or more highlighted portions being highlighted in response, at least in part, to said determining. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.

Abstract: Examples of embodiments provide systems and methods for varying the functions of an electronic device according to a physical relationship (e.g. the distance) between the electronic device and the primary user (e.g., owner) of the electronic device. The device may measure the distance using a wireless signal from a secondary device carried by or associated with the primary user. In some embodiments, the electronic device may change its functions based on its environment, in combination with the distance between the electronic device and the primary user. Environmental factors may include the device's location, the device's velocity, and the date and time of day.

Abstract: Secure access to a wireless network access can be provided in a system where wireless devices access a wireless network through a wireless access point (WAP). For example, a plurality of pre-shared keys (PSKs) may be generated and distributed to the WAP and the wireless device. The wireless device may automatically rotate an active one of the plurality of PSKs, while the WAP receives one or more rotation signals identifying the active one of the plurality of PSKs. The wireless device and the WAP may encrypt information relating to the active one of the PSKs within communications between them, thus securing the communications.

Abstract: One embodiment of the present invention provides a system that associates a digital certificate with an enterprise profile. During operation, an identity store receives a digital certificate from a client. Next, the identity store searches for a mapping rule which determines if an enterprise profile is associated with the digital certificate, wherein the enterprise profile facilitates in identifying user capabilities. If a mapping rule is found, the identity store executes the mapping rule to determine if an enterprise profile is associated with the digital certificate. If so, the enterprise profile, which is associated with the digital certificate, is returned to the client.

Abstract: An authentication apparatus includes: a database section that stores a password; an entry section through which a password is entered; a storage section that stores an entered password which is entered through the entry section; an authentication section that authenticates whether the password and the entered password match with each other; and a determining section that determines whether or not a re-entered password is to be subjected to an authentication processing performed by the authentication section when the re-entered password is entered through the entry section after the authentication section determines that the password and the entered password do not match with each other.

Abstract: When transmitting position/time information calculated by means of a GPS function to a server apparatus, authentication is carried out with the server apparatus. The position/time information may be certified as legitimate measured by a portable apparatus with a GPS reception function employed by a user. When transmitting information related to the position and the time acquired from a portable phone terminal having the GPS function and a network function by means of the GPS function to the server apparatus, authentication is carried out between the portable phone terminal and the server apparatus. The position/time information is transmitted to the server apparatus, only if the server apparatus is authenticated as a legitimate counterpart for connection.

Abstract: An image forming apparatus includes: an authentication unit that can execute a login process and a logout process; an operation unit that receives an instruction for the logout process from the user; a user attribute storage unit that stores the identification information of a non-logged-out user; a determination unit that determines whether a logged-in user, who is a user for whom the login process is executed by the authentication unit, is the non-logged-out user, based on the identification information stored in the user attribute storage unit; and a forced logout processing unit that, in a case in which the logged-in user is determined to be the non-logged-out user by the determination unit, instructs the authentication unit to execute the logout process when a predefined particular process among the plurality of processes is executed and completed by the processing unit.

Abstract: Techniques for identity-based Peer-to-Peer (P2P) Virtual Private Networks (VPN's) are provided. First and second principals authenticate to a trusted third party. The first principal subsequently requests a P2P VPN with the second principal. The second principal is contacted on behalf of the first principal and permission is acquired. The first and second principals are then sent commands to directly establish a P2P VPN communication session with one another.

Abstract: A method and system is provided to analyse receiver indicia of location for a set of at least one receivers to determine whether a receiver has an erroneous indicator of location. The embodiment may take further steps to confirm whether or not inappropriate usage has occurred. The method and system includes identifying a first indicia of location for a set of one or more receivers, identifying a second indicia of location for one or more receivers from the set, and determining if the first and second indicia of location are mutually inconsistent. Indicia of location include indicators of receiver location, inventory state, communication path and definition on systems. The method and system may optionally include action to report or correct the location error.

Abstract: In order to solve the problem in that information relating to a specific purpose can be saved in the internal memory of a mobile apparatus on which a permanent memory is mounted while information relating to other purpose cannot be saved in the internal memory of the apparatus, the purpose of each telephone call is distinguished by sending a non-telephone type notice before transferring the call and thus the user can determine whether the call should be saved or not.