A network node may include one or more processors. The one or more processors may receive a message that is associated with one or more signatures and one or more second signatures. The one or more signatures may have been validated by a particular node. The one or more processors may determine that the particular node is a trusted node. The network node may be configured not to validate signatures that have been validated by a trusted node. The one or more processors may determine that the one or more signatures have been validated by the particular node. The one or more processors may sign or provide the message, without validating the one or more signatures, based on determining that the one or more signatures have been validated by the particular node.

The present disclosure involves systems and computer implemented methods for protecting portions of electronic documents. An example method includes receiving a request for access to an electronic file having sections, at least one section encrypted using a first key based on a first password. A second key is generated in response to receiving a second password, wherein the second key is generated based on the second password. The second key is compared to the first key. If the second key is identical to the first key, the least one section of the electronic file encrypted using the first key is decrypted using the second key. The electronic file is then presented such that the section(s) previously encrypted using the first cryptographic key is made visible. If the second key is not identical to the first, the electronic file is presented with the encrypted section(s) obscured.

Systems and methods for detection of attacks on a communication authentication layer of an in-vehicle network, including determining, by at least one network node, at least one attack attempt on the communication authentication layer of the in-vehicle network, wherein the determination is carried out by identifying anomalies in at least one of messages, data and metadata directed to the communication authentication layer, and selecting, by the at least one network node, a response corresponding to the determined attack attempt from at least one of modification of parameter values corresponding to a security protocol, a failsafe response, and rejection of messages identified as anomalies.

Connectionless data transfer is disclosed. Authentication of a device and network node may be performed when data is sent from the device to an application server of an application service provider via a selected network. The transfer of data may take place in an absence of an existing device context between the network node interacting with the device and the core network through which the data travels. State management overhead and signaling overhead may be reduced by use of the exemplary aspects disclosed herein. For example, the device does not need to perform an authentication and key agreement (AKA) procedure to transfer the data and an existing (or pre-existing) device context need not be maintained at the core network.

A batch rights objects (ROs) acquisition method and system is provided to enable a mobile terminal to acquire multiple rights objects in a batch processing manner. A rights object acquisition method according to an embodiment of the present invention includes transmitting a rights object request message requesting one or more rights objects of content objects from a mobile terminal to a rights issuer; creating, at the rights issuer, a rights object response message containing at least one of rights objects indicated by the rights object request message and at least one signature in response to the rights object request message; and transmitting the rights object response message from the rights issuer to the mobile terminal.

A method includes receiving, at a control node of a cloud computing network, a first enterprise policy specific to the first enterprise and a second enterprise policy specific to the second enterprise, and managing communications between at least one user device of the first enterprise and the at least one enterprise application hosted on behalf of the first enterprise based on the first enterprise policy. The method also includes managing communications between at least one user device of the second enterprise and the at least one enterprise application hosted on behalf of the second enterprise based on the second enterprise policy.

A system is described for controlling an actuating unit that restricts physical access such as a motorized garage door actuator unit. The system comprises a mobile wireless communication device, an electro-mechanical access control security device, and a receiving unit controlling the electro-mechanical access control security device, the receiving unit paired with the mobile wireless communication device for receiving user input for activating the electro-mechanical access control security device via a peer-to-peer communication directly with the mobile wireless communication device, and a pre-authorization of communication of the receiving unit with the mobile wireless communication device, the mobile wireless communication device receiving the pre-authorization from a central security server.

A system and method for processing entitlement rights are disclosed. The method, in one aspect, provides for storing content at a first time, receiving a request for playback of the content at a second time, and processing a user right associated with the content to authenticate the user right in response to the request for playback, wherein the user right is authenticated based upon a state of the user right at the first time.

Disclosed are various embodiments for controlling access to data on a network. Upon receiving a request comprising a device identifier and at least one user credential to access a remote resource, the request may be authenticated according to at least one compliance policy. If the request is authenticated, a resource credential associated with the remote resource may be provided.

Embodiments of the present invention include a method for providing a secure domain name system (DNS) for machine to machine communications. In one embodiment, the method includes storing policy information for machine to machine communications in a global DNS registry database server. The method further includes communicating the policy information for machine to machine communications from the global DNS registry database server to a machine DNS registry server located in an Internet service provider (ISP) network, wherein a control signaling gateway located in the ISP network is configured to utilize the policy information for machine to machine communications to allow only registered controllers associated with a machine to communicate with the machine.