Abstract: In one embodiment, a method includes identifying, using one or more processors, a plurality of characteristics of a Portable Document Format (PDF) file. The method also includes determining, using the one or more processors, for each of the plurality of characteristics, a score corresponding to the characteristic. In addition, the method includes comparing, using the one or more processors, the determined scores to a first threshold. Based at least on the comparison of the determined scores to the first threshold, the method includes determining, using the one or more processors, that the PDF file is potential malware.

Abstract: Systems, methods, and software for operating one or more content delivery nodes (CDN), which cache content for delivery to end users, are provided herein. In one example, content requests received from at least a first end user for the content at a first CDN are monitored to determine when the content requests comprise an attack on the first CDN. Responsive to the attack on the first CDN, a rate limit is established in the first CDN on at least the content requests received by the first CDN and an indication of the attack is transferred for delivery to at least a second CDN. Responsive to the indication of the attack, the rate limit is applied for further content requests received for the content at the second CDN.

Abstract: Anomalous activity is detected using event information that is received from accounts from within an online service. Generally, anomalous activity is detected by comparing a baseline profile that includes past event information for accounts of the online service with a recent profile that includes recent event information for the accounts. Anomalous activity is detected when the recent profile shows that one or more events are occurring more frequently as compared to the occurrence of the event the associated baseline profile. The events that are recorded and used in the anomaly detection may include all or a portion of events that are monitored by the online service. One or more reports may also be automatically generated and provided to one or more users to show activity that may be considered anomalous activity.

Abstract: A computer-implemented method for distinguishing code of a program obfuscated within a packed program may include (1) retrieving memory of the packed program that includes the code of the obfuscated program in an unobfuscated state and unpacking code that unpacks the code of the obfuscated program when the packed program is executed, (2) identifying an import address table within the memory of the packed program, (3) determining that the import address table is an import address table of the code of the obfuscated program, (4) determining that a region of code within the memory of the packed program may be the code of the obfuscated program by determining that the region of code uses the import address table, and (5) performing a security operation on the region of code. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A notebook computer includes a main body and a display device. The main body includes a first touch layer sensing a touch track of a user, a memory pre-storing an authorizing track, and a processor connected between the first touch layer and the memory. The processor compares the touch track with the authorizing track to determine if the user is authorized. The display device is jointed to be pivoted to the main body, wherein the display device is turn on when the user is authorized.

Abstract: The device and method described herein relates to the field of computer security and, specifically, to the field of protecting confidential personal information which enables encrypted access to the remote server. A device and a method for securing confidential user information and secure exchanges of such information with the servers that host the services is provided. The device and method are based on personalising a smartcard containing the information. The chip card, connected to the user terminal, has a connection enabling the terminal to appear as a standalone host of the user's local network. An encrypted connection is then established directly between the chip card and the server hosting the service for the transmission of confidential data. The data, stored on the chip card, are then exchanged with the server via the encrypted connection. The data are never accessible in plain text on the user terminal.

Abstract: Automated site scans are often seen as precursors to a cyber attack, from URI enumeration and version mapping to timing scans used to identify the most valuable DDoS targets. Disclosed are methods and apparatuses for detecting automated site scans and identifying the source of cyber attacks. Honeypot links are provided on a web page via a server. If multiple honeypot links are selected by a visitor of the web page, the server may identify the visitor as an automated system and generate a session ID. The server induces an artificial delay prior to displaying the data associated with the selected honeypot link. After a subsequent attack, the server is able to identify the attacker by association with the stored session ID of an automated site scan.

Abstract: A system for integrating access to separate and physically partitioned networks from a single client device is described. The system is interposed between the client device and the networks to allow communication between the client device and the networks, such that data remains partitioned between networks. The system includes a scrambler configured to mix portions of data of variable bit lengths. Typically, the scrambler receives the portions of data from each of the plurality of networks, intermixes the portions of data from the networks, then selects different paths for transporting the intermixed portions of data to the client device. Each of the different paths for transporting the intermixed portions of data are physically and/or logically partitioned from each other. Only when the data arrives on the client device is it able to be reassembled, and then only in particular partitioned locations on the client device corresponding to the particular network from which the data originated.

Abstract: Systems and methods for creating a visual password are presented. A user having an account or profile is given the option to create a visual password via a graphical user interface. The interface displays a plurality of themes to the user, wherein each theme represents a category of images. The user selects a theme and is presented with a plurality of images within the category. The user selects one or more images in a certain order to create a visual password. The selected images and order of selection are saved as the user's visual password. When the user later attempts to electronically access his account, the user will be required to select the correct pictures in the correct sequence in order to access his account.

Abstract: A mechanism is provided for detecting malicious activity in a functional unit of a data processing system. A set of activity values associated with a set of functional units and a set of thermal levels associated with the set of functional units are monitored. For a current activity value associated with the functional unit in the set of functional units, a determination is made as to whether a thermal level associated with the functional unit differs from a verified thermal level beyond a predetermined threshold. Responsive to the thermal level associated with the functional unit differing from the verified thermal level beyond the predetermined threshold, sending an indication of suspected abnormal activity associated with the given functional unit.

Abstract: A method relating generally to loading a boot image is disclosed. In such a method, a header of a boot image file is read by boot code executed by a system-on-chip. It is determined whether the header read has an authentication certificate. If the header has the authentication certificate, authenticity of the header is verified with the first authentication certificate. It is determined whether the header is encrypted. If the header is encrypted, the header is decrypted.

Abstract: An application safety system is described herein that provides a scoring system of how dangerous an application is based on behavioral inspection of the application. Upon detecting installation of an application or first execution of the application, the application safety system performs static analysis before the new application is executed by the operating system. The system allows the user to approve running the application after displaying information about what the application does. Next, the system performs dynamic analysis as the application runs and alerts the user to any potentially harmful behavior. Over time, the system determines when the application may be acting in a manner that is out of character and informs the user. The system also allows users to restrict behavior that a particular application can perform.

Abstract: A method and system for unlocking and deleting a file or a folder. The method for unlocking the file or the folder comprises: receiving an unlock request of a file or a folder, wherein the unlock request includes an input parameter; verifying whether the input parameter complies with a preset condition; if the input parameter complies with the preset condition, correcting a deformed path format of the file or the folder and/or the special file name of the file or the special folder name of the folder according to a preset rule; determining whether restrictive setting of the corrected file or folder is present; and if yes, cleaning the restrictive setting of the file or the folder.

Abstract: A combination of shim and back-end server applications may be used to identify and block the installation of malicious applications on mobile devices. In practice, a shim application registers with a mobile device's operating system to intercept application installation operations. Upon intercepting an attempted installation operation, the shim application identifies the application seeking to be installed, generates a key uniquely identifying the application, and transmits the key over a network connection to a back-end server. The back-end server may be configured to crawl the Internet to identify malicious applications and compile and maintain a database of such applications. Upon receiving a key from the shim application, the back-end server can search its database to locate a matching application and, if found, respond to the mobile device with the application's status (e.g., malicious or not). The shim application can utilize this information to allow or block installation of the application.

Abstract: An optical receiver for a quantum key distribution system comprises a plurality of optical components mounted or formed in a substrate and optically coupled by one or more hollow core waveguides formed in the substrate.

Abstract: A share group of servers comprises a first server and a second server. The first server has a server partition and a management processor which is separate from said server partition. Usage rights may be transferred from the first server to the second server by executing machine readable instructions on the management processor which is separate from said server partition.

Abstract: A media signer produces an array of hash values including a respective hash value for each of multiple different portions of content. The media signer applies a hash function and an encryption key to the array of hash values to create a digital signature associated with the content. Prior to playback of the content, a media verifier retrieves the array of hash values for the different portions of content. The media verifier produces a hash value result for the retrieved array. Based on the hash value result for the retrieved array and a hash value result of the array in the received digital signature, the media verifier verifies the integrity of the retrieved array. If the retrieved array of hash values is found to be trustworthy, the media verifier determines the integrity of a portion of the content by verifying the portion's corresponding hash value from the “trustworthy” array.

Abstract: A cryptographic key is used to secure a communication link between a first device and a second device. Generating the cryptographic key is accomplished by a) generating a first cryptographic key, b) generating a second cryptographic key, c) applying a hash function to packets transmitted over the communication link to create a hash result, and d) applying the hash function to the first cryptographic key, the second cryptographic key and the hash result.

Abstract: A computer determines whether destination information is included in permission target information. The destination information indicates a destination to which a file stored in a storage device is transferred. The permission target information includes information indicating a target permitted to access the file. The computer prompts before the file is transferred, upon determining that the destination information is not included in the permission target information, a user to input whether to permit the transfer. The computer adds the destination information to the permission target information upon receiving, via an input device, a permission input for permitting the transfer. The computer transfers the file upon receiving the permission input.

Abstract: The instruction code including an instruction code stored in the area where the encrypted instruction code is stored in a non-rewritable format is authenticated using a specific key which is specific to the core where the instruction code is executed or an authenticated key by a specific key to perform an encryption processing for the input and output data between the core and the outside.