Abstract: The disclosed computer-implemented method for capturing input from users to prevent data loss may include (1) intercepting, as part of a data-loss-prevention application, user input intended for a data-processing application that would, if received by the data-processing application, cause the data-processing application to perform an operation on data that may violate a data-loss-prevention policy, (2) upon intercepting the user input, causing the data-processing application to perform an alternative operation on the data that makes the data accessible to the data-loss-prevention application, (3) scanning, while the data-processing application is prevented from performing the operation, the data for compliance with the data-loss-prevention policy, (4) determining, based on a result of the scanning, that the data complies with the data-loss-prevention policy, and (5) causing, in response to determining that the data complies with the data-loss-prevention policy, the data-processing application to perform the

Abstract: The present invention discloses a method and apparatus for detecting an attack on a server.

Abstract: Methods, computer-readable media, systems and apparatuses for firewall policy system are described. The firewall policy system may include a unified format converter, a firewall policy browser, and a firewall policy converter. The firewall policy converter may convert firewall policies between different configuration formats. A first firewall policy may be received in a first configuration format. The first firewall policy may be converted into a second configuration format, and a command to convert the first firewall policy from the second configuration format into a third configuration format may be received. In response to receiving the command, the first firewall policy may be converted from the second configuration format into the third configuration format. The first firewall policy may be outputted in the third configuration format.

Abstract: Methods and devices for storing sent message data are described. The sent message data corresponds to a message sent to a destination by a communication device via a server. The method includes compiling a first portion of the message which has a plurality of components; applying security encoding to the first portion; and storing the first portion. The first portion includes at least one but not all of the plurality of components in the message, and pointers to the components not included in the first portion. A method of verifying sent message data on a communication device is also described.

Abstract: A device receives, from a user equipment (UE), a first request to access a first packet data network (PDN), and receives authentication information from the UE. The device also grants, based on the first request, the UE access to the first PDN when the authentication information authenticates the UE. The device further receives, from the UE, a second request to access a second PDN, and determines whether a re-authentication timer associated with the second PDN has expired before granting the UE access to the second PDN.

Abstract: Client and server computers on a network can be authenticated using a shared secret. During a log-on and authentication process, the server transmits an image to the client. A mobile communication device captures and analyzes the image. If the image contains the shared secret, the mobile device can authenticate the server. The secret in the image can be a geometric relationship between elements of the picture, a mathematical relationship between elements, a particular number or types of elements in the picture, colors of elements, or combinations of the above. A single image may contain multiple shared secrets. The mobile device can readily analyze the image to determine if it contains the shared secret and thereby authenticate the server.

Abstract: In an approach for providing auditable retrieval of privileged credentials in a privilege identity management (PIM) system, a processor invokes a checkout of a PIM credential, based on, at least, a determination that a PIM server cannot be accessed. A processor receives a request to access the PIM credential by a user. A processor receives validation of the request to access the PIM credential and an identity of the user. A processor retrieves the PIM credential from a database, wherein the database stores a plurality of PIM credentials owned by a system owner.

Abstract: A server uses an encryption key to decrypt authentication information thereby facilitating communication with network-accessible applications that may be remotely located from the server. Servers can also use encryption keys to decrypt files containing sensitive data. The encryption key is obtained by a collection of software agents, each providing a portion of information necessary for generating the encryption key. Each software agent performs a respective examination, the results of which determine whether the respective portion of information is valid or not. A complete encryption key can be obtained only when all of the contributing portions of information are valid.

Abstract: Methods, apparatus and articles of manufacture for defending against a cyber attack via asset overlay mapping are provided herein. A method includes determining which of multiple systems within an organization stores each of multiple assets; determining a set of relationships present between the multiple assets across the multiple systems; identifying, upon an attack of a first of the multiple systems, one or more additional systems of the multiple systems vulnerable to the attack based on at least one relationship, from the determined set of relationships, between one or more of the multiple assets stored on the first system and one or more of the multiple assets stored on the additional systems; and automatically prohibiting access to the one or more additional systems storing the one or more of the multiple assets identified based on the at least one relationship with the assets stored on the first system.

Abstract: Methods, systems, and media for inhibiting attacks on embedded devices are provided, in some embodiments, a system for inhibiting on embedded devices is provided, the system comprises a processor that is configured to: identify an embedded device that is configured to provide one or more services to one or more digital processing devices within a communications network; receive a first firmware associated with the embedded device; generate a second firmware that is functionally equivalent to the first firmware by: determining unused code within the first firmware; removing the unused code within the second firmware; and restructuring remaining code portions of the first firmware into memory positions within the second firmware; and inject the second firmware into the embedded device.

Abstract: A method includes a computing system reading a rule file that includes one or more rules having specified paths to methods, such that each method corresponds to one of a sink, source, or sanitizer. The method includes the computing system matching the methods to corresponding ones of sinks, sources, or sanitizers determined through a static analysis of an application. The static analysis determines at least flows from sources of information to sinks that use the information. The method includes the computing system, using the sinks, sources, and sanitizers found by the matching, performing a taint analysis to determine at least tainted flows from sources to sinks, the tainted flows being flows that pass information to sinks without the information being endorsed by a sanitizer. Apparatus and program products are also shown.

Abstract: Systems and methods securely provide media content from a media server to a media client via a network. The media content is segmented to create multiple media segments that are each identified in a playlist, and at least one of the media segments is encrypted using a cryptographic key. The cryptographic key is also identified in the playlist, and the playlist is provided from the media server to the media client via the network. The various media segments and cryptographic keys may then be requested from and provided by the media server using hypertext transport protocol (HTTP) or similar constructs to allow the media client to receive and decrypt the various segments of the media content.

Abstract: An embodiment includes a system having: a display device having a first operating platform; a base device having a second operating platform and being configured to connect with the display device through a hardware connection; the hardware connection including a communication link between the first and second operating platforms; and a server module and a client module; the server module configured to, responsive to selecting an active operating platform, communicate settings of a previously active operating platform via the hardware connection to the client module to maintain continuity of settings after switching active operating platforms. Other embodiments are described and claimed.

Abstract: Systems and methods are provided for responding to a communication received from an individual. An identification score may be obtained for the communication that indicates the likelihood that a claimed identity of the individual is the actual identity of the individual. A verification score for the communication may also be obtained that indicates the likelihood a purported source of the communication is the actual source of the communication. An authentication score for the communication may additionally be obtained that indicates the likelihood the individual has been authenticated. An overall score for the communication may be generated and based on the identification score, verification score, and authentication score. A response to the communication may thus be determined based on the overall score. The response may be a grant or denial of access to one or more services requested by the individual through the communication.

Abstract: A method for containing a threat in network environment using dynamic firewall policies is provided. In one example embodiment, the method can include detecting a threat originating from a first node having a source address in a network, applying a local firewall policy to block connections with the source address, and broadcasting an alert to a second node in the network. In more particular embodiments, an alert may be sent to a network administrator identifying the source address and providing remedial information. In yet other particular embodiments, the method may also include applying a remote firewall policy to the first node blocking outgoing connections from the first node.

Abstract: Methods and systems for DVB-C2 are disclosed and may include receiving data encoded utilizing variable encoding, variable modulation and outer codes via a physical layer matched to a desired quality of service. An error probability may be determined for said received data and retransmission of portions of said data with error probability above an error threshold may be requested. The variable modulation may include single carrier modulation, orthogonal frequency division modulation, synchronous code division multiple access, and/or from 256 QAM to 2048 QAM or greater. The variable encoding may include forward error correction code, which may include low density parity check code.

Abstract: Technologies are provided in embodiments to detect malware. The embodiments are configured to receive an entropy rate of a potentially affected system. The embodiments are further configured to compare the entropy rate to an average entropy rate, and to determine a probability that the potentially affected system is infected with malware. The probability is based, at least in part, on a result of the comparison. More specific embodiments can include the received entropy rate being generated, at a least in part, by a genetic program. Additional embodiments can include a configuration to provide the potentially affected system with a specified time-span associated with the genetic program. The specified time-span indicates an amount of time to observe context information on the potentially affected system. In at least some embodiments, the result of the comparison includes an indicator of whether the entropy rate correlates to an infected system or a healthy system.

Abstract: The present invention discloses methods, devices, and systems for unobtrusively recognizing a user of a mobile device. Methods including the steps of: unobtrusively collecting motion data from the mobile device during normal device usage by monitoring standard authorized-user interaction with the device, without any form of challenge or device-specified action; demarcating the motion data into user motion-sequences based on changes in a motion-state or an elapsed time-period without an occurrence of the changes, wherein the motion-state refers to a placement and speed of the mobile device at a point in time; calculating user motion-characteristics from the user motion-sequences; and generating a motion-repertoire from the user motion-characteristics, whereby the motion-repertoire enables unobtrusive recognition of the user.

Abstract: A method for providing authoritative application-based routing and an improved application firewall, as well as a method for application classification, is described. The first embodiment, which provides a method for authoritative application-based routing, comprises tagging packets with an application identifier, and pushing the tagged packets to the network to enable the application identifier to be used in routing and priority decisions. In the second embodiment, a method for improving application firewall comprises using the application identifier to minimize the amount of processing required by the firewall when analyzing packet information.

Abstract: Media content is provided using metric-apportioning. In accordance with one or more embodiments, remote-user interface circuits are authenticated and remote access is provided to different sets of media content via the interface. For each authenticated interface and a time-based period during which the interface accesses the media content, time-stamped usage data that characterizes use of the media content at the interface is communicated therewith. A usage metric characterizing usage of the media content is apportioned based upon the time-stamped usage data and stored weighting factor data for the media content.