Abstract: A computing system includes: a control circuit configured to: determine a privacy baseline for controlling communication for a user, determine an application-specific privacy setting for controlling communication for a first executable program associated with the user, generate a user-specific privacy profile based on the privacy baseline and the application-specific privacy setting, the user-specific privacy profile for controlling an application set including a second executable program; and a storage circuit, coupled to the control circuit, configured to store the user-specific privacy profile.

Abstract: A method and an electronic device are disclosed herein. The electronic device includes a communication unit, a storage unit and at least one processor, which executes the method, including detecting a request for establishing a call session, generating a new security key from a preset security key, renewing the preset security key by setting the generated new security key as a current preset security key, and establishing the call session based on the generated new security key.

Abstract: A computing system includes: a control circuit configured to: determine a privacy baseline for controlling communication for a user, determine an application-specific privacy setting for controlling communication for a first executable program associated with the user, generate a user-specific privacy profile based on the privacy baseline and the application-specific privacy setting, the user-specific privacy profile for controlling an application set including a second executable program; and a storage circuit, coupled to the control circuit, configured to store the user-specific privacy profile.

Abstract: Some embodiments provide distributed rate limiting to combat network based attacks launched against a distributed platform or customers thereof. The distributed rate limiting involves graduated monitoring to identify when an attack expands beyond a single server to other servers operating from within the same distributed platform distribution point, and when the attack further expands from one distributed platform distribution point to other distribution points. Once request rates across the distributed platform distribution points exceed a global threshold, a first set of attack protections are invoked across the distributed platform. Should request rates increase or continue to exceed the threshold, additional attack protections can be invoked. Distributed rate limiting allows any server within the distributed platform to assume command and control over the graduated monitoring as well as escalating the response to any identified attack.

Abstract: A system includes programmable systolic cryptographic modules for security processing of packets from a data source. A first programmable input/output interface routes each incoming packet to one of the systolic cryptographic modules for encryption processing. A second programmable input/output interface routes the encrypted packets from the one systolic cryptographic module to a common data storage. In one embodiment, the first programmable input/output interface is coupled to an interchangeable physical interface that receives the incoming packets from the data source. In another embodiment, each cryptographic module includes a programmable systolic packet input engine, a programmable cryptographic engine, and a programmable systolic packet output engine, each configured as a systolic array (e.g., using FPGAs) for data processing.

Abstract: Methods for probabilistically expediting secure connections via connection parameter reuse are provided. In one aspect, a method includes determining whether a client had previously established a secure connection with a hostname. The method also includes obtaining a source identifier used by the client to establish the previous secure connection when it is determined that the client previously established the previous secure connection with the hostname. The method also includes sending a request to the hostname for a new secure connection based on the obtained source identifier. Systems and machine-readable media are also provided.

Abstract: A first computing system may identify a security threat located at least at a first virtual server. The first virtual server may be within a second computing system. The first computing system may provision, in response to the identifying, a first firewall associated with the first virtual server. The first firewall may include a rule to deny all communication transmitted from the first virtual server. The first computing system may execute, in response to the provisioning, a first repair operation to repair the first virtual server.

Abstract: The invention disclosed herein is an in-circuit security system for electronic devices. The in-circuit security system incorporates identity credential verification, secure data and instruction storage, and secure data transmission capabilities. It comprises a single semiconductor chip, and is secured using industry-established mechanisms for preventing information tampering or eavesdropping, such as the addition of oxygen reactive layers. This invention also incorporates means for establishing security settings, profiles, and responses for the in-circuit security system and enrolled individuals. The in-circuit security system can be used in a variety of electronic devices, including handheld computers, secure facility keys, vehicle operation/ignition systems, and digital rights management.

Abstract: A first computing system may identify a security threat located at least at a first virtual server. The first virtual server may be within a second computing system. The first computing system may provision, in response to the identifying, a first firewall associated with the first virtual server. The first firewall may include a rule to deny all communication transmitted from the first virtual server. The first computing system may execute, in response to the provisioning, a first repair operation to repair the first virtual server.

Abstract: A server system for a domain name system (DNS) which operates to concurrently provide both public-facing and restricted channels for receiving and handling Internet Protocol (IP) address requests from a population of computers. The server system implements an alternative DNS request handling process to provide a trusted computer entity with exclusive access to the restricted channels.

Abstract: A verification data processing method includes: receiving CAPTCHA response information sent by user through a user terminal and obtaining an IP address of the user terminal from the CAPTCHA response information; obtaining verification data by verifying the CAPTCHA response information, and storing the verification data in a preset hash table, where the verification data includes the type of a CAPTCHA code corresponding to the CAPTCHA response information, and the number of total verifications of CAPTCHA response information and the number of correct verifications both corresponding to the IP address; determining a user type of the user according to the IP address, the number of total verifications and the number of correct verifications; storing the verification data in a min-heap according to the CAPTCHA code type and the user type; and making a statistic of all the numbers of total verifications and all the numbers of correct verifications in the min-heap.

Abstract: Method for automatically distributing, as needed, a user's digital-works and usage-rights to one or more user-devices. A definition of the usage-rights for a digital-work may be stored at one or more locations on a network. A version of said digital-work suitable for a user-device may be provided by one or more locations on said network. When a user who is authorized to utilize said digital-work is active at a user-device, a version of said digital-work and authorization to utilize is automatically transferred when needed to a user-device. The digital-work and authorization may be automatically transferred as needed to any user-device where an authorized user is active. The usage-rights may only be valid for one or more specific users. The usage authorization at each user-device may be less than defined in the full usage-rights maintained on the network. Authorization to utilize said digital-work at a user-device may be extended from time to time by exchanging user-device status across the network.

Abstract: Various aspects of the disclosure relate to providing secure containers or data vaults for data of one or more managed applications. In some embodiments, each managed application may be assigned its own private data vault and/or may be assigned a shared data vault that is accessible to at least one other managed application. As the managed application executes, calls for access to the data may be intercepted and redirected to the secure containers. Data stored in a secure container may be encrypted according to a policy. Other aspects relate to deleting data from a secure container, such as via a selective wipe of data associated with a managed application. Further aspects relate to configuring and creating the secure containers, retrieving key information required to encrypt/decrypt the data stored in the secure containers, and publishing the managed applications, policy information and key information for download to a mobile device.

Abstract: An application service system receives, from a merchant service system, an application program code comprising identifying information. The identifying information is extracted and the application is distributed for operation on a user device. A user interacts with the application, creating an access request that is transmitted to the application service system along with the extracted identifying information. The application service system transmits an access token to the user device comprising the received identifying information. The user device transmits the access token with a service request to the application service system. The application service system compares the identifying information from the access token to the identifying information extracted from the application program code received from the merchant services system. If the identifying information matches, the service request is processed.

Abstract: The present invention provides a method, system and computer program product for analyzing risks, for example associated with potential data leakage. Risk for activities may be measured as a function of risk components related to: persons involved in the activity; sensitivity of data at risk; endpoint receiving data at risk; and type the activity. Risk may account for the probability of a leakage event given an activity as well as a risk cost which reflects the above risk components. Manually and/or automatically tuned parameters may be used to affect the risk calculation. Risk associated with persons and/or files may be obtained by: initializing risk scores of persons or files based on a rule set; adjusting the risk scores in response to ongoing monitoring of events; identifying commonalities across persons or files; and propagating risk scores based on the commonalities.

Abstract: The described embodiments relate to methods, systems, and products for providing verification code recovery and remote authentication for a plurality of devices configured for electronic communication with a server. Specifically, in the methods, systems, and products, the user entrusts information about the user's verification code to the service provider, and only with cooperation between the user and the service provider can a lost verification code be recovered. The service provider can further authenticate the user before cooperating in the recovery process by way of a time-sensitive authentication sequence that involves the user device.

Abstract: Disclosed are systems and methods to provide application acceleration as a service. In one embodiment, a system includes a head office to serve an enterprise application comprised of a collaborative document. The system also includes a branch office to request the collaborative document from the head office. The enterprise application may also include a computed document and/or a static document. In addition, the system also includes a set of Point of Presence (POP) locations between the head office and the branch office to communicate the collaborative document, the computed document and the static document on behalf of the head office from a closest POP location to the head office to a closest POP location to the branch office and then onward to the branch office.

Abstract: A user interface is used to assign different devices and device types to media services where the number of different devices and device types that are capable of being assigned is determined by access privilege information corresponding to such media services. When a number of devices of a specific type are assigned where such a number exceeds a limit specified in the access privilege information, the assignment of additional devices of that specific type is halted.

Abstract: Aspects of the subject disclosure may include, for example, receiving, from a second waveguide system, electromagnetic waves at a physical interface of a transmission medium that propagate without utilizing an electrical return path where the electromagnetic waves are guided by the transmission medium and where the electromagnetic waves have a non-optical frequency range, and authenticating the second waveguide system according to an authentication protocol based on authentication information contained in the electromagnetic waves. Other embodiments are disclosed.

Abstract: Current approaches to managing security intelligence data often address both threat and malicious behavior at the individual computer level, tracked by the Internet Protocol (IP) address. For example, important facts, observed behavior, and other indications that are tracked by security organizations are only tracked with respect to individual IP addresses. Bilateral network inheritance generally refers to inheriting a variety of attributes from parents to children and from children to parents in a computer network hierarchy. The computer network hierarchy may comprise various entities such as, for example, top level entities, autonomous systems, address ranges, and individual IP addresses.