Abstract: A system that incorporates the subject disclosure may perform, for example, receiving an over-the-air programming message that is utilizing a hypertext transfer protocol where the over-the-air programming message including programming data for use by the mobile communication device, converting the over-the-air programming message to a short message service transport protocol to generate an adjusted message that includes the programming data, and providing the adjusted message to a universal integrated circuit card of the mobile communication device via a baseband proxy operating in a device processor of the mobile communication device. Other embodiments are disclosed.

Abstract: In an embodiment, an application server is configured to manage privacy settings of a subscriber for one or more social networking services. The application server determines a set of privacy settings (e.g., a manually configured or default set of privacy settings) of the subscriber for the one or more social networking services, and then receives, from the subscriber, permission to dynamically modify the set of privacy settings. The application server monitors, responsive to the received permission, passive behavior of the subscriber that is separate from interactions between the subscriber and the one or more social networking services (e.g., calls, text messages, instant messages made to/from the subscriber, a location of the subscriber, etc.). The application server triggers a modification to the set of privacy settings based on the monitored passive behavior of the subscriber.

Abstract: An image collection based information security method and system is disclosed. The method includes a server side receiving a first transaction data sent by a client side and generating a second transaction data with the first data. The server converts the second data into an image, and sends the image to the client. A dynamic token collects the image, pre-processes, and converts the image into a third transaction data, and displays the third data for user's confirmation. The token generates and displays a second dynamic password according to the third data. The client receives the second password input by a user and sends same to the server. The server receives the second password and generates a first dynamic password, determines whether the first password is identical to the second password; if yes, the authentication is successful and the transaction is executed; if no, the transaction is cancelled.

Abstract: The present invention comprises a method and apparatus for simplifying the process of access to a network for a roaming computer user, divides the responsibility of servicing a given user wanting to access the network between multiple parties wanting to access the network between multiple parties and minimizes the possibility of improper dissemination of email header data as well as improper use of network resources (including server systems) by non-clients.

Abstract: Processor system with a general purpose processor and a cryptographic processor dedicated to performing cryptographic operations and enforcing the security of critical security parameters. The cryptographic processor prevents exposure of critical security parameters outside the cryptographic processor itself, and instead implements a limited scripting engine, which can be used by the general purpose processor to execute operations that require the critical security parameters.

Abstract: Computer-implemented systems, methods, and computer-readable media for generating and executing anti-reverse engineering software include receiving at least one of a set of input instructions and a set of input values; creating a deterministic environment; executing one or more functions corresponding to at least one of the set of input instructions and the set of input values while simultaneously generating a set of output values corresponding to the executed one or more functions, wherein the set of output values is generated based on a deterministic function of the computing device executing the one or more functions; and outputting the set of output values.

Abstract: A data processing system having a first processor, a second processor, a local memory of the second processor, and a built-in self-test (BIST) controller of the second processor which can be randomly enabled to perform memory accesses on the local memory of the second processor and which includes a random value generator is provided. The system can perform a method including executing a secure code sequence by the first processor and performing, by the BIST controller of the second processor, BIST memory accesses to the local memory of the second processor in response to the random value generator. Performing the BIST memory accesses is performed concurrently with executing the secure code sequence.

Abstract: A data stream with a given data rate is distributed into a plurality of virtual lanes or streams, each with a lower data rate than the data stream. Virtual lanes permit the use of lower cost electronics at the optical-electrical conversion points. Security information is generated that includes a unique initialization vector. The security information is distributed or allocated across some or all of the of the virtual data streams in a virtual lane alignment marker in a portion of the alignment marker used to maintain direct current (DC) transmission balance, but that otherwise does not provide useful information.

Abstract: Methods and apparatuses for authenticating a secure sockets layer certificate (SSL) certificate are described herein. The methods include receiving the SSL certificate associated with a website, identifying a chain of trust associated with the SSL certificate, transmitting, to a security manager, a validation request based on the SSL certificate and a certificate in the chain of trust, receiving a validation response from the security manager, and presenting an indication of trustworthiness, to a user, based on the validation response. The apparatuses are provided to implement the methods.

Abstract: In an example embodiment, disclosed herein is an apparatus comprising an interface configured to communicate with at least one external device, and processing logic coupled with the interface. The processing logic determines whether the interface is connected directly to a predefined network. The processing logic restricts access to the interface responsive to determining the interface is connected to a network other than the predefined network. The processing logic does not restrict access to the interface while the interface is directly connected with the predefined network.

Abstract: An example apparatus is provided that receives a pseudonym and encrypted identifier, where the pseudonym is of a user's personal data. The pseudonym has been generated using a first secret key, and the encrypted identifier has been generated by encrypting the identifier using a second secret key. The first and second secret keys are known to other user(s) authorized to access the data, and are unknown to the apparatus. The operations also include storing the personal data in a database under the pseudonym, and indexed by the encrypted identifier. The keys used for encryption and pseudorandom generation can be provided by a second apparatus (e.g. an offline security manager), which may employ a proxy re-encryption scheme to provide proper keys to the apparatus based on access policies. Only the authorized users can decrypt the keys with their private keys, thus can query the user records stored in the apparatus.

Abstract: Security events associated with network devices and an actor category model are stored (501, 503). The actor category model includes levels arranged in a hierarchy and each level is associated with a subcategory for a category of the model. Security events are correlated with the actor category model (505), and a determination of whether a security threat exists is performed based on the correlating (506).

Abstract: Disclosed are systems and methods for ensuring confidentiality of information of a user of a service. One example method includes receiving a request to carry out an operation control procedure for the service; identifying the user of the service; selecting a trusted device associated with the identified user of the service; sending, to the selected trusted device, a request for confidential information of the user, wherein the confidential information is used to carry out the operation control procedure; receiving the confidential information from the selected trusted device; and carrying out the operation control procedure using the received confidential information.

Abstract: A method for applying policies to an email message includes receiving, by an inbound policy module in a protected network, message metadata of an email message. The method also includes determining, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy. The method further includes blocking the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the metadata policy. In specific embodiments, the method includes requesting scan results data for the email message if receiving the email message in the protected network is not prohibited by one or more metadata policies. In further embodiments, the method includes receiving the scan results data and requesting the email message if receiving the email message in the protected network is not prohibited by one or more scan policies.

Abstract: A physical host executes a hypervisor or virtual machine monitor (VMM) that instantiates at least one virtual machine (VM) and a virtual input/output server (VIOS). The VIOS determines by reference to a policy data structure a disposition of a packet of network communication with the VM, where the disposition includes one of dropping the packet and forwarding the packet. Thereafter, the determined disposition is applied to a subsequent packet in a same packet flow as the packet.

Abstract: This disclosure relates to scheduled online publishing of internet media. Media content, such as a video, can be received for upload to an online server. A future publish time for the media content is determined based on user input, or satisfaction of a set of predetermined criteria. The media content is maintained as unpublished until the future publish time. Exposure of the media content is restricted to authorized users while the media content is unpublished. At the future publish time, the media content is published, and provided to a set of content consumers via the online server.

Abstract: Technologies related to contextual use and expiration of digital content are generally described. In some examples, a receiving device may connect with a sponsoring device having the digital content. A relationship property defines a relationship context between the receiving device and the sponsoring device. The receiving device may receive the digital content from the sponsoring device and use the digital content so long as allowed, as determined with reference to the relationship property.

Abstract: Certain embodiments of the invention may include systems, methods, and apparatus for estimating power time of use. According to an example embodiment of the invention, a method is provided for synchronizing local system time with a network clock for estimating power time of use. The method includes storing power usage data and initial time stamps, wherein the initial time stamps are derived from one or more of a local clock or broadcast network time; receiving data comprising network time; adjusting the local system time with a PID loop, wherein the PID loop adjusts the local system time based at least in part on a difference between the local clock and the received network time; storing, with the power usage data and initial time stamps, an indicator when the difference is greater than a predetermined value; and determining synchronization when the difference is less than or equal to a predetermined value.

Abstract: A system and method for identifying unauthorized uploaded content that has been uploaded before a validated live reference stream has been ingested is disclosed herein. The live reference stream is compared against the indexed uploaded content repeatedly as the live reference stream is received. The matching process is done once per a time period until a match meeting a minimum match duration threshold is identified. The match is then determined to be unauthorized, and a claim is issued against the unauthorized uploaded content. The time period can be based on a utility based analysis that factors the computational costs of repeated matching versus the diminishing value of the live reference stream as time progresses.

Abstract: In one embodiment, a computer system creates for a first user a location-triggered note specific for a second user and for a particular location, determines the second user's location, and transmits the location-triggered note to the second user if the second user is at the particular location.