Abstract: Technologies are generally described for providing an encryption method using real-world objects. In some examples, a method may include capturing, by a first electronic device, an external object, generating an object signal associated with the external object, generating an encryption key based on the object signal, and transmitting data encrypted by the encryption key to a second electronic device.

Abstract: A system and method can provide a secure subnet management agent (SMA) in an Infiniband (IB) network. The system can comprise a host channel adapter (HCA) associated with a host, wherein the HCA operates to implement a SMA in its embedded firmware. The HCA can prevent a host administrator or software with root access to the host from changing the embedded firmware on the HCA and modifying one or more states associated with the SMA without being endorsed by a site administrator. Additionally, the SMA is associated with a management key, and the host is not allowed to observe the management key without being endorsed by a site administrator.

Abstract: Information from a position and/or gesture detection system can be transmitted to various devices in order to enable users to interact and/or view others users. In some embodiments, video is captured that includes a current view of the body of a user. In order to prevent an unauthorized, unintended, or undesired transmission of at least part of the body image data, one or more settings or policies can be specified that can control which portions are transmitted, received, and/or displayed. For example, a user can be prompted before body image or position data is transmitted, which enables a user to control the type of data that is sent. A recipient or intermediate entity or component can also specify one or more settings or policies to control the type of data that is transmitted and/or received. In some embodiments, an external service can be utilized to manage the transmission of data.

Abstract: In an embodiment, a method is provided for prefetching attributes used in access control evaluation. In this method, an access control policy that comprises rules is retrieved. These rules further comprise parameters. At least one of the rules is categorized into a class from multiple classes based on at least one of the parameters. Here, the class is a grouping based on at least one of these parameters. An attribute associated with the at least one of these parameters is identified and this attribute is mapped to the class.

Abstract: A system for automatically managing vulnerabilities may determine vulnerability data describing vulnerabilities in an information technology environment and then assign each vulnerability to a stakeholder for remediation. The system may receive a remediation proposal from the stakeholder, obtain approval for the remediation proposal, and facilitate remediation of the vulnerability based on the proposal.

Abstract: The present invention relates generally to systems and methods for delivering content from content providers to end users using computer networks. Aspects of the invention enable content providers cost-effective content delivery using, for example, download and peer-to-peer mechanisms, while also allowing content providers the ability to control and restrict usage of the content and combat piracy. These and other aspects of the invention are discussed in more detail herein.

Abstract: Disclosed herein is a method for determining a security classification for data that includes generating a classification signature for data based on a semantic interpretation of the data. The classification signature is associated with a security classification for the data. The method also includes comparing the generated classification signature to a predetermined classification signature associated with the security classification. Further, the method includes verifying the generated classification signature matches the predetermined classification signature.

Abstract: A user of a client device that executes a remote application is authenticated by first receiving an HTTP or HTTPS request to authenticate the user from the remote application. The user is prompted for authentication information, and authentication information is obtained by communicating with a hardware device in electronic communication with the client device. The user's authorization to use the remote application is then verified using a computer processor and using the authentication information.

Abstract: A method and system is used in managing organization based security risks. Organization based information is analyzed for information that is suitable for use in attacking a user in the organization. The organization based information comprises user access information. Publicly available information is analyzed for information that is suitable for use in identifying the user within the organization. Based on the analyzes, there is derived a risk score for the user.

Abstract: Techniques for identifying misleading applications are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for identifying misleading applications comprising receiving a request for network data, parsing the request for network data, using a processor, to determine if one or more portions of the request match a suspicious indicator, identifying the suspicious indicator without using a known malware domain or a known malware signature, and performing a specified action in the event one or more portions of the request match a suspicious indicator.

Abstract: Embodiments of the invention include a conditional access system comprising a terminal and a smartcard, wherein the terminal comprises a user interface for interaction with an end-user, comprising an output for displaying first user interaction data and an input for generating second user interaction data in response to the first user interaction data; and a descrambler configured for descrambling scrambled content, and wherein the smartcard is configured for generating the first user interaction data and allowing, in dependence of the second user interaction data received from the user interface, the descrambler to descramble the scrambled content.

Abstract: A system for and method of protecting a resource is presented. The system and method include a trusted pair consisting of an initiator and a receiver. The receiver faces outward and is connected to a network, such as the Internet. The initiator is connected to the protected resource. In establishing a connection between the initiator and the receiver, the initiator initiates all communications. This configuration simplifies environment management, improves security including access controls, and facilitates deployment of internet-facing resources by changing the traditional model of component-to-component connection.

Abstract: Improved techniques involve flagging anomalous behavior in a current session when there is sufficient difference between an observed distribution of Markov events in the current session and an observed distribution of Markov events in a global session. Here, “Markov events” refer to events such as web page transitions and web page addresses. During a user session, a testing server generates a frequency distribution of a set of Markov events of the user session. The testing server also obtains a frequency distribution of previously observed Markov events of a global session, i.e., sets of sessions of previous user sessions or training sessions. The testing server then computes an anomaly statistic depending on the Markov events that indicates a difference between the user session and the global session. The testing server may produce an alert if the anomaly statistic differs significantly from some nominal value.

Abstract: Systems and methods for controlling network access determine that a client computer on the network is in compliance with administrator-defined network health policy standards before the client computer is granted access to the network. A packet exchange mechanism is defined wherein filtering instructions from a server are converted into firewall rules on the client computer to restrict client access to remediation servers on the network. The client computer obtains update patches from the remediation servers to become compliant with network health policy standards.

Abstract: A method of authenticating, using an authentication server, the use of an authentication device over a communication network via an intermediate communication device, comprising: receiving an authentication datagram by the intermediate device; protecting the datagram by the intermediate device, by at least one of changing, adding to, encrypting and signing of the datagram; and forwarding the datagram to the authentication server for authentication.

Abstract: A system includes an ingestion component configured to receive a request from an entity for content related to a content item and a user identity. The request has a content identifier representative of the content item and a token. A request processing component of the system is configured to access a database associated with the system and identify the content item and the user identity using the content identifier and the token, wherein the database has information associating the token with the user identity and associating the content identifier with the content item. In response to identification of the content item and the user identity, the request processing component directs a recommendation engine associated with the system to identify the content related to the content item and the user identity. Information identifying the content related to the content item and the user identity is then transmitted back to the entity.

Abstract: A computer can be configured to provide seamless access to a proxy server by, upon connection to a computer network, determining whether a proxy server using authentication is connected to the computer network, and then prompting a user of the computer to enter authentication information for that proxy server. This authentication information for the proxy server then can be stored in a manner accessible by applications on the computer to use the authentication information to connection with requests by the applications to access the second computer network. For example, the operating system can store the authentication information. It also can include a module that processes all requests from applications that access the proxy server, and then includes in such requests the stored authentication information.

Abstract: Information concerning a plurality of identified threats provided by a plurality of preselected sources is stored in memory. An e-mail message may be received over a communication network. The received e-mail message is separated into a plurality of components. The stored information is searched to identify a reputation score associated with each of the plurality of components. It is then determined whether the e-mail is a threat based on the identified reputation score of each of the plurality of components. The determination is sent to a designated recipient.

Abstract: Systems and methods may provide for detecting a browser request for web content. Additionally, interaction information associated with a plurality of sources may be determined in response to the browser request, and a risk profile may be generated based on the interaction. The risk profile may include at least a portion of the interaction information as well as recommended control actions to mitigate the identified risk. In one example, the risk profile is presented to a user associated with the browser request as well as to a security control module associated with the platform.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to identify privacy relevant correlations between data values. An example disclosed apparatus includes a principal monitor to identify a first privacy value associated with a first principal, a tuple manager to build a probability tuple matrix comprising a first tuple and a plurality of second tuples, the first tuple including the first principal and the associated first privacy value, and an Eigenvector engine to evaluate the probability tuple matrix to identify a dominant Eigenvector indicative of a correlation between the first privacy value and one of the plurality of second tuples.