Abstract: Techniques are provided for computer network security. The techniques include obtaining operational data for at least a first networked application; obtaining enterprise data for at least a second networked application; correlating the operational data with the enterprise data to obtain correlated data; and using the correlated data to improve security of the computer network.

Abstract: When a host mobile electronic device and a client mobile electronic device connect to each other for at least a second time, the client mobile electronic device refers to an entry corresponding to the host mobile electronic device for retrieve required information to wirelessly connect to the host mobile electronic device and to connect to an application installed on the host mobile electronic device under authentication. Therefore, the client mobile electronic device can be relieved from the burden of requesting required information for authentication repeatedly.

Abstract: Methods and apparatus for connecting, e.g., bridging, a cable network to other networks and/or devices is described. A bridge device facilitates the distribution of cable provider content to end users operating IP based devices. The bridge device performs one of more of the following: interface protocol conversions, user device controlled tuner selection, transcoding of data, transrating of a data stream, decryption in accordance with a conditional access protocol and re-encryption in accordance with an authorized service domain protocol.

Abstract: A method, an apparatus, and a system for solving and managing security problems, which may occur during a handover of a User Equipment (UE) between PLMNs in a mobile communication network, by using a Non-Access Stratum (NAS) protocol are provided. By the method, a UE can perform a security mode command and an authentication with a network. Further, the method can prevent interruption of communication due to authentication or security during a handover of a UE between Public Land Mobile Networks (PLMNs).

Abstract: A method, system and non-transitory computer-readable medium are provided for controlling display of content on an electronic device with a touch screen display, which content may, in response to detection of a squeeze gesture, be reduced on the display screen to reveal additional content, tools and features associated with the one or more pages of the content.

Abstract: Disclosed is a method and system to operate a governed data processing system in concert with a governing data processing system. The method includes operating a secure governing data processing system to monitor operation of at least one governed data processing system to detect a deviation from modeled user and governed data processing system behavior. The method further includes, upon detecting a deviation from the modeled behavior, taking proactive action to mitigate an occurrence of a potential adverse result of an occurrence of a cyber-security threat.

Abstract: The invention provides a method for identifying pulse optical signal, including: a. receiving first trigger information; b. collecting and identifying pulse optical signal with a predetermined method to obtain a unit of data; c. parsing the unit of data and determining type of it, if the unit of data is a unit of data representing header information, step d is executed; or if the unit of data is other type of unit of data, step b is executed; d. going on collecting and identifying pulse optical signal with the predetermined method to obtain a unit of data; e. determining whether all units of data corresponding to the unit of data representing the header information is received; f. packeting the unit of data representing the header information with all corresponding units of data into a group of data packets.

Abstract: A method for generating a transport stream of a server is provided. The method for generating a transport stream of a server which sends broadcasting content to a client device comprises: scrambling broadcasting content by using a specific key; adding at least one content-encryption message which includes the specific key and a device key for obtaining the specific key from the at least one content-encryption message to the broadcasting content so as to generate a transport stream; and sending the generated transport stream to the client device.

Abstract: A technique to manage members of a group of decoders having access to broadcast data, each group member sharing a common broadcast encryption scheme (BES) comprising the steps of, in a stage for a decoder to become a group member, receiving keys pertaining to the position in the group according to the BES, receiving a current group access data comprising a current group access key, and in a stage of accessing broadcast data, using the current group access data to access the broadcast data, and in a stage of renewing the current group access key, sending a first group message comprising at lease a next group access key encrypted so that only non-revoked decoders can access it, said group message being further encrypted by the current group access key, updating the current group access key with the next group access key.

Abstract: A server computer system receives mobile device activity data from a mobile device. The server computer system verifies that the mobile device activity data matches mobile device activity data that is stored at the mobile device and generates a shared secret at the server computer system using the received mobile device activity data. The shared secret at the server computer system matches a shared secret generated at the mobile device.

Abstract: The invention enables the shared secret, which is used for encrypting the communication of CWs from a smartcard to a receiver, to cover at least a part of a binary image of firmware that is executing in the receiver. Preferably the shared secret covers the entire binary image of the firmware. Hereto, data from one or more predefined firmware memory locations are read, the set of data forming the shared secret.

Abstract: A network security platform stores network telemetry information in an active memory, such as DRAM, and analyzes the network telemetry information to detect and respond to network security threats. Using a common active memory to store sensed network telemetry information and analyze that information provides a real-time dataflow engine for detecting security threats and neutralizing detected threats.

Abstract: A dynamic watermark generation method and system in which the dynamic watermark may have a default length or a shorter length, and wherein the dynamic watermark is generated to have the determined length. The dynamic watermark is a locally-unique code that is used as an index to a database entry that identifies the subscriber that requested the media asset. In some instances, the entry may include a timestamp, a subscriber device identifier such as a MAC address or IP address, a subscriber identifier or ID number, and a media asset identifier such as a static ID. The static ID may include a code that indicates whether the dynamic watermark is of a default length or shorter. The length of the dynamic watermark may be partly based upon projected audience size for the requested media asset.

Abstract: A distributed system in which time-dependent credentials are supplied by controllers that operate according to different local times. Errors that might arise from the controllers generating inconsistent credentials because of time skew are avoided by identifying credentials generated during transition intervals in which different ones of the controllers may generate different credentials at the same absolute time. During a transition interval, controllers and other devices may use credentials differentially based on the nature of the authentication function. Each controller may periodically renew its credentials based on self-scheduled renewals or based on requests from other devices, such that renewal times are offset by random delays to avoid excessive network traffic. Controllers may determine which credential is valid for any given time, based on a cryptographically secure key associated with that time and information identifying the entity that is associated with that credential.

Abstract: In accordance with embodiments, there are provided mechanisms and methods for security verification of communications to tenants of an on-demand database service. These mechanisms and methods for security verification of communications to tenants of an on-demand database service can enable embodiments to allow tenants to selectively implement security measures with respect to inbound communications, etc. The ability of embodiments to provide such feature may allow tenants to efficiently and effectively implement security measures for in-bound emails.

Abstract: Methods and systems for allowing system administrators to effectively debug access control issues experience by users without comprising security. In some embodiment, when a user's request to access services provided by a service provider is denied, the user may be issued a token that encodes some of debugging information useful for determining the cause of the denial of access. The debugging information may be encoded such that it is inaccessible to the user. Subsequently, the user may give the token to an administrator. The administrator may submit the token to the service provider, which may decode the token and provide the administrator access to debugging information that is useful for debugging access control policies causing the denial of access.

Abstract: Provided is an eigendecomposition cipher. Input data is formatted into a numerical representation and arranged as a data matrix. Eigendecomposition is performed on the data matrix to determine at least a first component matrix (of eigenvalues) and a second component matrix (of eigenvectors). The eigendecomposition process is modified to ensure that the first component matrix has a diagonalized matrix of eigenvalues. Provided are additional features of shaping, compression, and message generation for an eigendecomposition-based cipher. A first message is generated based upon the first component matrix. A second message is generated based upon the second component matrix. The first and second messages comprise separate indecipherable parts of the input data. The first and second messages may be transmitted or stored separately such that the source data may not be recovered without both messages.

Abstract: Methods, apparatus and articles of manufacture for defending against a cyber attack via asset overlay mapping are provided herein. A method includes determining which of multiple systems within an organization stores each of multiple assets, determining at least one relationship present between the multiple assets across the multiple systems of the organization, and identifying, upon an attack of a first system of the multiple systems within the organization, one or more additional systems of the multiple systems vulnerable to the attack based on at least one relationship between one or more of the multiple assets stored on the first system to one or more of the multiple assets stored on one or more additional systems.

Abstract: Method and apparatus for SPS authentication, for example for use with GPS, are disclosed. The method may include receiving a first set of Y codes from a plurality of satellites, generating authentication decisions using W code estimates extracted from the first set of Y codes for satellite channels corresponding to the plurality of satellites, and generating an authentication response according to authentication decisions generated for the satellite channels.

Abstract: An apparatus and method for employing a token based arbiter. The apparatus includes a priority provider (26) comprising a processor for calculating an arbiter metric and an identity provider (18) having a processor for embedding the metric into a secured token. The apparatus also comprises memory coupled to the processor having one or more instructions executable at the processor. The processor is operable when executing the instructions to: collect authorization attributes (A) from one or more users seeking use of a resource (20) associated with a service provider; determine the level of priority to the one or more users based on prescribed policy of the priority provider; assign at least one arbiter metric (22, 32) to a secured token (T) for each of the one or more users based on the level of priority identified by the priority provider.