Abstract: Collaborative and adaptive threat intelligence. Data collected on a first customer network is received. One or more local models are trained with at least the received data, where the one or more local models are related to security. An amount of data to transmit to a centralized controller is determined based at least on a result of the training one or more local models and the determined amount of data is transmitted to the centralized controller. Result data is received from the centralized controller that is a result of one or more global models trained on the centralized controller using data collected on multiple customer networks including the first customer network. The one or more local models are adjusted using the received result data and the one or more adjusted local models are trained.

Abstract: Various examples relate to detecting vulnerabilities in managed client devices. In some examples, a system determines whether a vulnerability scan of a computing device is required to be performed. The system installs a vulnerability detection component in the computing device in response to determining that the vulnerability scan is required to be performed. The system requests the vulnerability detection component to perform the vulnerability scan of the computing device. The system transmits a result of the vulnerability scan to a remote management service for the computing device.

Abstract: Methods and systems for a scalable solution to behavioral Distributed Denial of Service (DDoS) attacks targeting a network are provided. According to one embodiment, a method to determine the scaling treatment is provided for various granular layer parameters of the Open System Interconnection (OSI) model for communication systems. A hardware-based apparatus helps identify packet rates and determine packet rate thresholds through continuous and adaptive learning with multiple DDoS attack mitigation components. The system can be scaled up by stacking multiple DDoS attack mitigation components to provide protection against large scale DDoS attacks by distributing load across these stacked components.

Abstract: A method and a device for establishing a connection. The method includes the steps of: obtaining, by a group member device of a wireless device group, information about a to-be-connected device and then sending the information to a group owner device of the wireless device group, and/or transmitting, by the group member device, information about the group owner device to the to-be-connected device, where the information about the to-be-connected device and/or the information about the group owner device is used by the to-be-connected device and the group owner device to discover each other; and enabling, by the group member device, the to-be-connected device and the group owner device to share a first password, wherein the first password is used by the to-be-connected device and the group owner device to establish a connection after the to-be-connected device and the group owner device discover each other.

Abstract: A method and system for eliminating contraband in postal mail at a correctional facility comprising a central processing facility and a network of inmate email kiosks and correctional institution staff review stations. The postal mail utilizes scanning stations to create electronic versions of the mail and associates various information about the sender, recipient, mail contents, and institution into a format that is easily reviewable and provides tracking data. The scanned mail may then be made available to the intended inmate and institution staff. Institution staff may also then access the associated information and tracking data.

Abstract: An interposer is provided that is configured to interpose into an application security protocol exchange by obtaining application session security state. The interposer does this without holding any private keying material of client or server. An out-of-band Security Assistant Key Escrow service (SAS/SAKE) is also provided. The SAKE resides in the secure physical network perimeter and holds the private keying material required to derive session keys for interposing into application security protocol. During a security protocol handshake, the interposer sends SAKE security protocol handshake messages and in return receives from the SAKE session security state that allows it to participate in application security protocol.

Abstract: Data aggregation includes receiving, from an electronic device, a plurality of sensor data packets, wherein the plurality of sensor data packets are received from at least one sensor of the electronic device, and wherein each of the plurality of sensor data packets comprise a tag identifying a classification of the sensor data in the sensor data packet, applying a user-specific policy to the plurality of sensor data packets, aggregating the plurality of sensor data packets based on the user-specific policy to obtain aggregated sensor data, and transmitting the aggregated sensor data to a service broker.

Abstract: In an embodiment, a data processing system comprises: one or more processors; one or more non-transitory computer-readable storage media storing sequences of instructions which, when executed by the one or more processors, cause the processor to perform: in a local data service, receiving a request for processing data; identifying one or more local policies applicable to the request; based, at least in part, on the one or more local policies, determining whether the request may be processed locally; in response to determining that the request may not be processed locally, transmitting the request to one or more remote brokers to cause the one or more remote brokers to determine a remote data service configured to process the request.

Abstract: A method for managing security levels on a mobile device includes receiving a capsule including first data; assigning a first data tag to the capsule, the first data tag identifying a security level for the first data; storing the capsule on the mobile device; executing a process on the mobile device, the process associated with an application tag; allowing the process to access the first data when the application tag matches the first data tag, the process for generating second data in response to the first data.

Abstract: A system and method for transmitting data using a data transfer protocol, including receiving, at the first device, a request from the second device, the request containing a transformed identifier, determining an original identifier associated with the transformed identifier, retrieving a response object associated with the original identifier, the response object including one or more identifiers, transforming the response object by transforming each identifier contained in the response object, and sending the transformed response object to the second device.

Abstract: Identifying a behavior of a malware service is disclosed. An interrogation packet is sent to a network communication port of a receiver. The interrogation packet is one of a plurality of predetermined interrogation packets sent to the network communication port. The interrogation packet invites an expected action. The expected action is detected. It is determined that the malware service is potentially is operating.

Abstract: Monitoring across multiple-channels, used by multiple devices, to determine which email messages being sent to a user are solicited by the user. A broad spectrum of network and telephony access records are analyzed to determine whether an email message is likely being sent as a result of legitimate services access by the user.

Abstract: A system and method for securing documents attached to emails is disclosed. The system and method apply security rules to an email as it is being composed to ensure that the security policies have been expressed prior to the email being sent. The security program hooks in to the message object model so that as the message is modified, the security rules are applied to each modification.

Abstract: An authenticating computing device for authenticating a user of a user computing device as a human being. The authenticating computing device comprises a processor configured to receive a request to authenticate a user as human and an identifier associated with at least one of the user and the user computing device. The processor is further configured to retrieve transaction data associated with a payment card account of the user based on the identifier, generate a challenge question based on the transaction data, and generate a plurality of images based on the transaction data. At least one of the plurality of images is a correct image and at least one of the plurality of images is an incorrect image. The processor is further configured to transmit the challenge question and the plurality of images for display on the user computing device.

Abstract: Systems and methods are disclosed for authenticating an identity of an online user. One method includes receiving from the user, through a first device, a request to access a web page associated with the user's online account; transmitting to the user an image that contains a unique ID and a URL of an authentication server; and receiving from the user, through the first device, an authentication request containing the unique ID. The method also includes receiving from the user, through a second device, a log-in ID associated with the user and the unique ID; and authenticating the identity of the user to grant the user access, through the first device, to the web page associated with the user's online account.

Abstract: A method and an apparatus for executing applications in a highest-priority-first order in the processor divided into a secure mode area and a non-secure mode area are provided. The method includes receiving a request to be processed in the non-secure mode domain from the application, determining an access permission level configured to a resource used for processing the request, determining, when the access permission level allows for access from the secure mode domain, a priority of the application, changing the access permission level to allow for access by the non-secure mode domain according to the priority of the application, and processing the request of the application using the resource in the non-secure mode domain.

Abstract: A technique for key sharing among multiple key servers connected to one another over a communication network is provided herein. Each key sever of the multiple key servers stores respective cryptographic keys, and provides the keys to a local device group connected with the key server, to enable the device group to encrypt messages with the keys. Each key server acts as a proxy for the other key servers in order to receive other keys from the other key servers over the network, and provide the other keys to the device group for use to decrypt messages received from other local device groups respectively connected with the other key servers that were encrypted with the other keys and to check message integrity. The multiple key servers may share keys with each other directly, or alternatively, indirectly through a central key server, as needed to support secure communications between their respective device groups.

Abstract: Methods and apparatus are disclosed for securely sharing user-generated content using DRM principles, and for tracking statistics of content viewing. In this way, a user can generate protected content that can still be shared among friends on, e.g., a social network.

Abstract: A cloud-based platform (e.g., cloud-based collaboration and/or storage platform/service) is described that provides advanced control tools for administrators of an enterprise account. The advanced control tools permit the administrator to set mobile security settings for mobile devices running applications that allow a user to access enterprise data in the cloud-based platform; activity notification archiving; support for multiple email domains; automation processes; and policies. The settings selected by the administrator are applied enterprise-wide within the cloud-based platform.

Abstract: The present invention discloses a method and a browser for browsing a web page, and a storage medium, and the method comprises: prestoring identity information of an owner user; receiving a web page browsing request from a browsing user, and obtaining the identity information of the browsing user; comparing the identity information of the browsing user with the prestored identity information of the owner user to determine whether the browsing user is the owner user; browsing a web page in a private browsing mode when the browsing user is determined as the owner user; and browsing a web page in a non-private browsing mode when the browsing user is determined as a non-owner user. By the invention, the privacy of browsing behaviors of the owner user may be effectively protected, and the owner user is enabled to examine browsing behaviors of other non-owner users.