Abstract: Embodiments of techniques for distributing and rendering media content are provided. In response to a request for a first media file, a combined media file is generated having first and second segments that together include data from the first media file and from a second media file. The combined media file is then provided to a player module operable to render only data from the first media file during a first operating mode, and operable to render data from both the first and second media files during a second operating mode. For example, the first media file may be a music file, and the second media file an advertisement. A consumer may play the music portion without special software or a license, but the advertisement will be rendered as well. Alternatively, the consumer may purchase a license and use special playback software to render the music without the advertisement.

Abstract: A malware detection system based on stored data that analyzes an electronic message for threats by comparing it to previously received messages in a message archive or to a contacts list. Threat protection rules may be generated dynamically based on the message and contacts history. A message that appears suspicious may be blocked, or the system may insert warnings to the receiver not to provide personal information without verifying the message. Threat checks may look for unknown senders, senders with identities that are similar to but not identical to previous senders or to known contacts, or senders that were added only recently as contacts. Links embedded in messages may be checked by comparing them to links previously received or to domain names of known contacts. The system may flag messages as potential threats if they contradict previous messages, or if they appear unusual compared to the patterns of previous messages.

Abstract: Message(s) are received from each one of multiple proxy servers, which are anycasted to the same IP address, that indicate source IP addresses of packets that are received that are directed to that same IP address. These proxy servers receive the packets as result of domain(s) resolving to that same IP address, and a particular one of the proxy servers receives the packets as a result of an anycast protocol implementation selecting that proxy server. Based on these message(s) from each of the proxy servers, a determination of the likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers is determined. A message is transmitted to each of the proxy servers that indicates which source IP addresses of packets are not likely to be legitimately received at that proxy server.

Abstract: A cloud-based proxy service identifies a denial-of-service (DoS) attack including determining that there is a potential DoS attack being directed to an IP address of the cloud-based proxy service; and responsive to determining that there are a plurality of domains that resolve to that IP address, identifying the one of the plurality of domains that is the target of the DoS attack. The domain that is under attack is identified by scattering the plurality of domains to resolve to different IP addresses, where a result of the scattering is that each of those domains resolves to a different IP address, and identifying one of those plurality of domains as the target of the DoS attack by determining that there is an abnormally high amount of traffic being directed to the IP address in which that domain resolves.

Abstract: According to one embodiment, an information processing apparatus comprises a wireless communication device, a display, a logon process module, and a display control module. The logon process module is configured to cause the display to display a logon screen, in a logon process of identifying a user account which uses an operating system. The display control module is configured to cause the display to display, together with the logon screen, a state of an access point detected by the wireless communication device.

Abstract: The invention relates to a method for generating a certificate for signing electronic documents by means of an ID token (106), having the following steps: —sending (201) a transaction request for a user to carry out a transaction, —as a result of the sending of the transaction request, a check is carried out as to whether the certificate (519) is available and if this is not the case, carrying out the following steps: generating (206) an asymmetrical key pair consisting of a private key and a public key using an ID token, said ID token (106) being assigned to the user; storing (207) the generated asymmetrical key pair on the ID token, wherein at least the private key is stored in a protected memory region of the ID token; transmitting (208; 509) the generated public key (518) to a first computer system, and generating (209) the certificate (519) by means of the first computer system for the public key.

Abstract: A method is disclosed for establishing a secure communication session using composite key cryptography. The method comprises generating a first plurality of secret keys all of which are known only to a first communicating party and each one of which is shared with exactly one of a plurality of stewards, and generating a second plurality of secret keys all of which are known only to a second communicating party and each one of which is shared with exactly one of the plurality of stewards. The first and second communicating parties each send information to the other through different stewards, each communication leg being encrypted using a secret key known only to the respective communicating party and steward. These communications are usable to distribute cryptographic seeds to the communicating parties for use in generating a temporary session key that can be used to encrypt direct communications between the parties.

Abstract: Embodiments of memory devices, computer systems, security apparatus, data handling systems, and the like, and associated methods facilitate security in a system incorporating the concept of a security perimeter which combines cryptographic and physical security. The memory device can comprise a memory operable to store information communicated with a processor, and a logic operable to create at least one cryptographic security perimeter enclosing at least one selected region of the memory and operable to manage information communication between the processor and the at least one selected region of the memory.

Abstract: A method and system for accelerated decryption of a cryptographically protected user data unit, wherein a transmitter initially generates a cryptographic key that is provided with a related key identification. The transmitter then performs asymmetrical encryption of the generated cryptographic key using a public cryptographic key and encryption of at least one user data unit using the generated cryptographic key. The encrypted user data unit, the asymmetrically encrypted cryptographic key and the related key identification of the cryptographic key are transported to a receiver that decrypts the received asymmetrically encrypted key using a private key, if verification of the received related key identification of the cryptographic key indicates the cryptographic key is not present in a decrypted state in the receiver. The receiver then decrypts the received cryptographically encrypted user data unit using the cryptographic key in the receiver or with the cryptographic key decrypted using the private key.

Abstract: Systems and methods for content-protecting video codecs are described. At least one embodiment of the invention comprises a system for protecting video content comprising computer memory comprising a stored set of instructions for processing video data; and at least one microprocessor configured to process the video data according to the stored set of instructions, the stored set of instructions requiring identification of data to be removed, at least a portion of which is essential to obtaining a visually acceptable reproduction of video, the stored set of instructions being further configured to replace removed data with data-hiding values, wherein the visually acceptable reproduction of video cannot be generated without a key that enables recovery of enough of the removed data from the data-hiding values that replaced the removed data.

Abstract: Methods, systems, and computer-readable media for analyzing and indicating network resources as potentially malicious are disclosed. Some aspects of the disclosure provide ways for threat-analyzing individuals and/or organizations to transmit information about potentially malicious resources in a safe manner. Users or computing devices may transmit non-resolvable “de-fanged” resource identifiers, which lessens the likelihood that the receiving computing device will download malicious data or applications from the resource. Some aspects disclosed herein provide ways to correctly and accurately “re-fang” the resource identifier for threat analysis of the resource, for example by selecting one or more re-fangers to apply and applying the re-fangers to the identifier. Data may be retrieved from the resource (for example via a headless or non-interactive browser), and the resource and/or resource identifier may be categorized as malicious.

Abstract: This disclosure describes methods, systems, and application programming interfaces for creating a credential managed account. This disclosure describes creating a new password managed account, defining the password managed account, wherein the password managed account is to access a service on a managed computing device, identifying the password managed account for a lifecycle, and automatically managing the password managed account by updating and changing a password for the password managed account on a periodic basis.

Abstract: Contents data that have been enciphered and transmitted are recorded as they are on a recording medium, and the contents key used to encipher these data is enciphered in a way used in this recording system and is recorded on the medium. Moreover, a step is taken to ensure that fine trick plays can be performed. In recording contents data that have been enciphered and transmitted, the contents data themselves are recorded in the enciphered state on the recording medium. However, the contents data are decoded by a contents data decoding circuit 46, and a map file containing necessary management information for reproduction is created by a map file creating circuit 47 and this file is recorded together with the contents data.

Abstract: The present invention relates to antivirus protection and more particularly to antivirus protection in a cloud server. The present invention protects a user machine from a virus while allowing the user to get the benefit of using multiple antivirus options without the need to run the antivirus options on the user machine.

Abstract: An electronic message threat protection system that incorporates user authorization to ensure that only authorized users receive the benefits of the system's protection. The system protects against threats such as phishing attacks or malware embedded in attached files. References to resources in messages, such as links or attachments, are transformed into protected references that may for example insert a level of indirection between the user and the resource. Use of a protected reference triggers a user authorization check; if the user is an authorized user, the system provides access via a security mechanism that mitigates potential threats. Unauthorized users are denied access. A message recipient may deliberately or inadvertently distribute copies of the message or of the protected references; however, the authorization check ensures that recipients of the copies can only access resources via these copies if they are authorized users.

Abstract: At least initially blocking client download of certain content and injecting a user verification step for such downloads is disclosed. In some embodiments, client download of a response from a server to a client request is blocked, and instead a notification page with options to accept or decline the server response is provided to the client.

Abstract: Apparatus, systems and methods may provide a browser interface to detect an attempt by web content to manipulate data in a local data store. In addition, the data may be classified into a category if the data is remotely accessible. Additionally, a security policy may be applied to the data based on the category. In one example, a separator may separate the data from other data based on the category, the data may be encrypted/decrypted based on the category, and/or context information and user input may be determined to apply the security policy further based on the context information and the user input.

Abstract: A system and method is illustrated for providing secure credential using a secure credential package stored on a client device and at least one key stored in a corporate network. In embodiments, an access connector receives credentials and a device unique identifier from the client device over a secure link, obtain the at least one key from the corporate network, apply the at least one key to the credentials and the device unique identifier to generate the secure credential package including the encrypted credential and the device unique identifier, send the secure credential package to the client device over the secure link, upon receiving the secure credential package from the client device, retrieve the at least one key via the key manager, decrypting the secure credential package using the at least one key to obtain the credentials, and validate the credentials against a user directory located in the corporate network.

Abstract: Resetting a password for a network service account may include redirecting the user to a password reset tool, wherein the user is blocked from network access other than the password reset tool while being redirected. After redirecting the user to the password reset tool, user entry of verification information may be accepted, and the verification information from the user may be compared with known verification information for the user. User entry of a new password may be accepted if the verification information accepted from the user matches the known verification information for the user; and the new password may be stored as the known password for the user. Related systems and computer-program products are also discussed.

Abstract: A technique transfers soft token authentication capabilities from an old device to a new device. The technique involves receiving a transfer initiation message from the old device while the old device is currently provisioned with the soft token authentication capabilities. The transfer initiation message includes new device binding information obtained by the old device from the new device. The technique further involves providing a reply message to the old device in response to the transfer initiation message. The reply message directs the old device to supply an authentication code to the new device, the authentication code being based on the new device binding information. The technique further involves receiving, from the new device, a provisioning message including the authentication code, and provisioning the new device with the soft token authentication capabilities in response to receipt of the provisioning message from the new device.