Abstract: Technologies described herein generally provide a multimodal device capable of providing at least dual usage. In an example, the multimodal device may include base hardware and a hypervisor that runs on the base hardware. A work virtual machine may include a work operating system that is configured to operate on the hypervisor. A home virtual machine may include a home operating system that is configured to operate on the hypervisor. The work virtual machine may further include an arbitrator operating system that is configured to operate on hypervisor. The arbitrator operating system may be configured to run a smart arbitrator server. The smart arbitrator server may be configured to provide a gateway between the work virtual machine and the home virtual machine. The smart arbitrator server may also be configured to enforce various policies between the work virtual machine and the home virtual machine.

Abstract: Enables trusted user access of computer systems for example that verifies trusted users and may allow trusted users to bypass challenge-response tests, while limiting access by automated processes and unwanted human challenge-response test solvers. Embodiments may implement an account that may be utilized across websites to enable a valid or trusted user to bypass challenge-response tests. Embodiments of the invention cost time, or cost a nominal fee, or require use of something that may be validated as owned by a user such as a physical address or cell phone, or trusted referral or social graph or any combination thereof, but cost large amounts time or money for spammers using cheap third world labor, thus making it expensive to invoke attacks on sites protected by embodiments of the invention.

Abstract: A mechanism is described for facilitating encryption-free integrity protection of storage data at computing systems according to one embodiment. A method of embodiments of the invention includes receiving a read request, from a software application at a computing device, to perform a read task relating to a first data block of data stored at a storage device coupled to the computing device. The read task may include reading the first data block. The method may further include accessing a first reference cryptographic code at a first metadata cache associated with the first data block, calculating a first new cryptographic code relating to the first data block, comparing the first new cryptographic code with the first reference cryptographic code, and accepting the read request if the first new cryptographic code matches the first reference cryptographic code. The accepting may further include facilitating the read task.

Abstract: A method may be for detecting potentially suspicious operation of an electronic device configured to operate in the course of activity sessions. The method may include within the device, a metering, from an initial instant of the number of activity sessions having a duration below a first threshold, and a comparison of this number with a second threshold.

Abstract: A technique of encoding video frames allocates an available number of bits to different portions of the video frame. A processing unit identifies a region of interest (ROI) in a video frame, and computes a first and second complexity parameter respectively representing the change in video information in the ROI portions and non-ROI portions in the video frame relative to a reference frame. Bits are allocated to the ROI portion proportional (positive correlation) to the first complexity parameter and a ratio of the area of the ROI to the area of the frame. The remaining available bits are allocated to the non-ROI. In an embodiment, the bits are encoded according to H.264 standard.

Abstract: According to an aspect of the present invention there is provided a method of obtaining authentication information for use in a Generic Bootstrapping Architecture, GBA, employed in a network with one or more GBA-capable subscriber registers and one or more GBA-incapable subscriber registers. The method involves a selection function for determining whether the authentication information of a subscriber is stored at a GBA-capable subscriber register or at a GBA-incapable subscriber register, and an inter working function for translating between the Diameter messages of the Zh interface and the MAP messages of the Zh? interface.

Abstract: A time clock 10, capable of outputting a datum to an USB memory 100 connected thereto, includes a controller authenticating whether or not the USB memory 100 is valid an external apparatus as an output destination to which the datum is output, and determining whether or not the datum is output on the basis of the authentication result. Further, the controller 25 authenticates an external apparatus on the basis of an authentication datum stored in the USB memory 100. The controller 25 performs the authentication on the basis of an identification datum of the time clock and an identification datum included in the authentication datum stored in the external apparatus.

Abstract: A VPN gateway is described that provides single sign-on (SSO) functionality with respect to remote users who have established tunneling sessions with the VPN gateway and who attempt to access a protected resource. The VPN gateway may receive, from a client device, a security assertion request that includes a request for a security assertion to be made by the VPN gateway with respect to a user of a private network associated with the VPN gateway, determine whether the security assertion request was received via a tunneling session established for the user between the client device and the VPN gateway, and issue a security assertion for the user in response to determining that the security assertion request was received via the tunneling session. In this way, a VPN gateway may act as an SSO identity provider for users that have an established tunneling session with the gateway.

Abstract: Some embodiments of cloud-based gateway security scanning have been presented. In one embodiment, some data packets are received sequentially at a gateway device. The data packets constitute at least a part of a file being addressed to a client machine coupled to the gateway device. The gateway device forwards an identification of the file to a remote datacenter in parallel with forwarding the data packets to the client machine. The datacenter performs signature matching on the identification and returns a result of the signature matching to the gateway device. The gateway device determining whether to block the file from the client machine based on the result of the signature matching from the datacenter.

Abstract: A social networking system contains information describing users of the social network and various connections among the users. A user can access multiple external systems that communicate with the social networking system to access information about the users of the social networking system. Login status of the user account on the social networking system is maintained. If the login status of the user account on the social networking system indicates that the user is not logged in, the user is required to provide authentication information. If the login status of the user account indicates that the user is logged in, social network information is provided to the user via an external system, subject to the privacy settings of users of the social networking system. If the user logs out from an external system, the user is also logged out from the social networking system.

Abstract: A method of key distribution from a first entity to a second entity including the first entity communicating with a moveable key device so as to share a secret data with said moveable key device, relocating said moveable key device to a location having a quantum link with said second entity, transmitting a quantum signal from said moveable key device to said second entity on said quantum link, the quantum signal being based on said secret data; and said first entity and said second entity undertaking key agreement based on the quantum signal received by the second entity. Such a method allows the principles of quantum key distribution to be applied even in the absence of a suitable quantum communications link between the first and second entities.

Abstract: Apparatus, methods, and other embodiments associated with securing and authenticating multiple devices behind a network address translation (NAT) device are described. One example method includes controlling a phone proxy to provide security credential information to an Internet Protocol (IP) phone located behind the NAT device. The credentials may be selectively provided in response to receiving a certificate request from the IP phone. The certificate request includes IP phone identifying addresses. The method may also include controlling the phone proxy to update an entry in a secure IP phone data store to relate together the IP phone identifying addresses, a source port associated with the IP phone, and the fact that credential information was provided to the IP phone. This entry can mark the IP phone as an authorized phone. The entry may be addressable as a function of a least a portion of the IP phone identifying addresses.

Abstract: A method for managing routing information in a communications system comprises-defining, in a client network apparatus, a unique private IP address, the unique private IP address uniquely identifying a terminal and the corresponding remote network. The client apparatus defines an IP routing address for the remote network. The client apparatus routes a data packet to a VPN tunnel having the IP routing address defined for the remote network, the data packet being directed to the remote network identified by the unique private IP address. The unique private IP address is translated into a corresponding customer IP address of the terminal in order the data packet to be routable to the terminal in the remote network.

Abstract: The invention relates to an apparatus for detecting malicious sites, comprising: a monitoring unit for monitoring all processes being executed in a computing apparatus; a hook code insertion unit for inserting a hook code in a process executed in a browser when the execution of the browser is detected by the monitoring unit; a danger level determining unit that, upon the detection of a website movement, uses the hook code to inspect a stack structure of a process implemented according to the website movement and determine whether or not to perform the stack structure inspection, and determines whether or not the website to which the movement has been made is a malicious site; and a database for storing a list of sites determined to be malicious.

Abstract: A system and method is disclosed for providing security in virtual function calling. During a build process a program code is analyzed to identify one or more call sites used to facilitate a call to a subroutine associated with a declared object type. One or more trusted vtable pointers to a respective subroutine is determined, and the program is configured, via the build process, to detect, at an execution time, an initiation of a virtual call at a call site, verify whether a vtable pointer used in connection with the call site is associated with at least one of the trusted vtable pointers, and, if verified, facilitate the virtual call using the call site. If the vtable pointer cannot be verified then the virtual call is aborted.

Abstract: Systems and methods securely provide media content from a media server to a media client via a network. The media content is segmented to create multiple media segments that are each identified in a playlist, and at least one of the media segments is encrypted using a cryptographic key. The cryptographic key is also identified in the playlist, and the playlist is provided from the media server to the media client via the network. The various media segments and cryptographic keys may then be requested from and provided by the media server using hypertext transport protocol (HTTP) or similar constructs to allow the media client to receive and decrypt the various segments of the media content.

Abstract: In order to protect SSL encrypted communication from MITM attacks, a server certificate is used in the communication. However, operation of the server certificate is not simple, and the certificate is not sufficient to protect the communication from the MITM attacks. In SSL encrypted communication in which a password is shared between a client and a server, the client encrypts random number data and a password by means of a public key, determines a value by processing encrypted data by means of encrypted password data, and transfers the thus-determined value to the server. The server eliminates the password encrypted data from the value and back calculates the random number data, which are then decrypted, to thus acquire the random number data generated by the client. A hash value of the random number data is submitted to the client.

Abstract: A system includes a memory configured to store executable code and a processor operably coupled to the memory. The processor is configured to execute the code to receive a request from a developer of a first web application to provide a notification corresponding to the first web application, authenticate the developer using a client identifier, after authenticating the developer, receive a content of the notification and a first user identifier, and provide the content of the notification to at least one of a plurality of computing devices associated with the first user identifier, based on an account associated with the first user identifier.

Abstract: A method for motion estimation with respect to a sequence of images. Respective updates are generated based on predictor vectors. The updates are distributed over a plurality of tables, which are organized in a plurality of table sets. Only a single table of updates, of a respective selected table set, is applied to a given predictor vector to generate a limited set of candidate vectors only. For a subsequent predictor vector, a further single table of the plurality of tables out of the plurality of table sets is applied.

Abstract: The present document relates to the transmission of data in a digital cellular telecommunications network. In particular, the present document relates to the secure transmission of data over Global System for Mobile Communications (GSM) networks. A method for encoding a SACCH information block in a wireless network is described. The method comprises randomizing a plurality of randomization unit input bits derived from at least some of a plurality of payload bits of the SACCH information block using a pseudo-random bit block, thereby yielding a plurality of randomized bits; and ciphering a plurality of ciphering unit input bits derived from at least some of the plurality of randomized bits, thereby yielding an encoded data burst of a SACCH frame; wherein ciphering is based on a ciphering algorithm using a ciphering key Kc and a frame number COUNT of the SACCH frame; wherein the pseudo-random bit block is determined based on the ciphering key Kc.