Abstract: One particular example implementation of an apparatus for mitigating unauthorized access to data traffic, comprises: an operating system stack to allocate unprotected kernel transfer buffers; a hypervisor to allocate protected memory data buffers, where data is to be stored in the protected memory data buffers before being copied to the unprotected kernel transfer buffers; and an encoder module to encrypt the data stored in the protected memory data buffers, where the unprotected kernel transfer buffers receive a copy the encrypted data.

Abstract: The present invention discloses an encoding apparatus using a Discrete Cosine Transform (DCT) scanning, which includes a mode selection means for selecting an optimal mode for intra prediction; an intra prediction means for performing intra prediction onto video inputted based on the mode selected in the mode selection means; a DCT and quantization means for performing DCT and quantization onto residual coefficients of a block outputted from the intra prediction means; and an entropy encoding means for performing entropy encoding onto DCT coefficients acquired from the DCT and quantization by using a scanning mode decided based on pixel similarity of the residual coefficients.

Abstract: In accordance with embodiments, there are provided mechanisms and methods for security verification of communications to tenants of an on-demand database service. These mechanisms and methods for security verification of communications to tenants of an on-demand database service can enable embodiments to allow tenants to selectively implement security measures with respect to inbound communications, etc. The ability of embodiments to provide such feature may allow tenants to efficiently and effectively implement security measures for in-bound emails.

Abstract: A computer implemented method for managing a password is disclosed. The method can include generating a first hash value corresponding to a first password. The method can also include determining whether the first hash value corresponds with a second hash value included in the set of hash values. Further, the method can include suppressing storage of the first password in the set of passwords in response to determining that the first hash value corresponds with a second hash value included in the set of hash values.

Abstract: The invention features systems and methods for detecting and mitigating network attacks in a Voice-Over-IP (VoIP) network. A server is configured to receive information related to a mitigation action for a call. The information can include a complexity level for administering an audio challenge-response test to the call and an identification of the call. The server also generates i) a routing label based on the identification of the call, and ii) a script defining a plurality of variables that store identifications of a plurality of altered sound files for the audio challenge-response test. Each altered sound file is randomly selected by the server subject to one or more constraints associated with the complexity level. The server is further configured to transmit the script to a guardian module and the routing label to a gateway.

Abstract: Computer-implemented methods and apparatuses for recursive multi-layer examination for computer network security remediation is provided herein. Exemplary methods may include: receiving a first identifier associated with a first node; retrieving first metadata using the first identifier; identifying a second node in communication with the first node using the first metadata; ascertaining a first characteristic of each first communication between the first and second nodes using the first metadata; examining each first communication for malicious behavior using the first characteristic; receiving a first risk score for each first communication responsive to the examining; determining the first risk score associated with one of the second communications exceeds a first predetermined threshold and indicating the first and second nodes are malicious. Exemplary methods may further include: providing the identified malicious nodes and communications originating from or directed to the malicious nodes.

Abstract: In various embodiments, static, dynamic, and behavioral analyses may be performed on an application. A set of code fragments employed by the application may be determined. A set of device resources employed by the application may be determined. An application fingerprint is generated for the application and potentially malicious component and/or behaviors are identified. The application fingerprint encodes identifiers for the set of code fragments and identifiers for the set of device resources.

Abstract: In one embodiment, an encryption device may retrieve authentic genetic information from a genetic information database, generate false genetic information based on the authentic genetic information, encrypt the false genetic information to produce encrypted genetic information, assign identifiers to respective segments of the encrypted genetic information, transmit the encrypted genetic information to be genetically analyzed to a gene analyzer, receive, from the gene analyzer, an analysis of the encrypted genetic information, and decrypt the analysis of the encrypted genetic information to parse the analysis of the authentic genetic information.

Abstract: An error detection device and method for a programming language is provided, the device including a program preparation unit configured to prepare a program by using a programming language, a logic converter configured to convert the prepared program to a sequence, a hash code calculator configured to detect a same logic relative to a sequence by dividing the converted sequence to a minimum unit of a plurality of program languages, calculating each hash code by the divided minimum unit of the plurality of program languages and comparing each calculated hash code, and an LCS (Longest Common Subsequence) calculator calculating an LCS relative to the sequence divided by the minimum unit of the plurality of program languages, and detecting a similar logic relative to the sequence by applying the calculated LCS to an LCS algorithm.

Abstract: Systems and methods for generation and use of short keys are disclosed. The systems and methods include the generation of a short key based on the location of a first device that requests the generation of the key. The short key is sent to the first device, which in turn communicates the short key to a second device, through a display, print receipt, direct communication, or other means. The short key is entered into the second device, which in turn communicates the entered short key to a server along with location information corresponding to the second device. The server authorizes communication between the first and second devices after it determines that the short key sent by the second device matches one of the keys active in a region corresponding to the location of the second device.

Abstract: In an approach for managing user profiles, a computer identifies a first user profile and one or more additional user profiles, wherein the first user profile is active on a computing device. The computer receives streaming data. The computer receives a trigger wherein the received trigger includes biometric data. The computer identifies a second user profile from the identified one or more additional user profiles that is associated with the received trigger. The computer compares biometric data from the second user profile with the biometric data in the received trigger. The computer determines whether the biometric data matches, within a defined tolerance level, the biometric data in the second user profile.

Abstract: The invention relates to a method for providing a wireless local network, wherein stationary communication devices and mobile communication devices are connected in the manner of a mesh as the sub-network, which is particularly connected to an infrastructure network and configured to exchange authentication messages with at least one communication device, which is particularly disposed in the infrastructure network and provides an authentication function. During an attempt to establish a first link by a first communication device connected to a communication device providing the authentication function to a second communication device connected to the communication device providing the authentication function, an authenticator role to be assigned as part of an authentication process is associated with the first and second communication devices, wherein at least one property correlating with the connection is analyzed for meeting a criterion.

Abstract: A computer-implemented method for preventing false positive malware identification may include (1) identifying a set of variants of a trusted software program, (2) characterizing, for each variant in the set of variants of the trusted software program, at least one common property of the variants, (3) clustering the set of variants of the trusted software program based on the common property of the variants, and (4) creating a signature capable of recognizing variants of the trusted software program. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: IoT devices are secured on multiple local area networks. Each local network contains a router which monitors activities of IoT devices, and transmits corresponding information to a backend server. The backend amalgamates this information, calculates dynamic reputation scores, and determines expected authorized activities for specific IoT devices. Based thereon, the backend creates a constraint profile for each IoT device, and transits the constraint profiles to the routers for enforcement. Enforcing a constraint profile can include creating multiples VLANs with varying levels of restricted privileges on a given local area network, and isolating various IoT devices in specific VLANs based on their reputation scores. Constraint profiles can specify to enforce specific firewall rules, and/or to limit an IoT device's communication to specific domains and ports, and/or to specific content.

Abstract: Secure element authentication techniques are described. In implementations, a confirmation is received that an identity of a user has been physically verified using one or more physical documents. One or more credentials that are usable to authenticate the user are caused to be stored in a secure element of a mobile communication device of the user, the secure element implemented using tamper-resistant hardware.

Abstract: A method and system for processing frames transmitted in a network including nodes and network segments connecting the nodes. Frames transmitted over network segments are detected. Frame information from each detected frame is stored in a frame information repository. A stored hierarchical data structure includes vectors specifying frame information defining frames permitted in the network, classes including vectors with constraints on the vectors, and patterns including classes with constraints on the classes. The frame information in the detected frames may not match the frame information specified in the vectors. The vectors, if matched by the frame information in the detected frames, may not satisfy the constraints in the classes. The vectors, if matched by the frame information in the detected frames, may satisfy the constraints in the classes, and the classes whose constraints are satisfied by the matched vectors may not satisfy the constraints in the patterns.

Abstract: An electronic device and a method thereof for releasing lock using an element combining color and symbol are provided. In the method, at least two groups including at least two elements combining color and symbol are displayed. One element included in each of the at least two groups is allowed to be sequentially selected at least one time. When it is determined that a sequence of the sequentially selected elements is the same as a set sequence, a lock of the electronic device is released.

Abstract: Described herein are systems and methods for providing software administration tools, for use in administering server configurations, such as in a traffic director or other type of server environment. In accordance with an embodiment, the system comprises a traffic director having one or more traffic director instances, which is configured to receive and communicate requests, from clients, to origin servers having one or more pools of servers. An administration server can be used to manage the traffic director, including a REpresentational State Transfer (REST) infrastructure and management service which maps REST calls to mbeans or other management components registered on the administration server, for use in managing the traffic director.

Abstract: Data security jurisdiction zones are identified and data security policy data for the data security jurisdiction zones is obtained. The data security policy data for the data security jurisdiction zones is then automatically analyzed to determine allowed secrets data with respect to each of the identified data security jurisdiction zones. The allowed secrets data with respect to each of the data security jurisdiction zones is then automatically obtained and provided to resources in the respective data security jurisdiction zones, either from a central secrets data store or from an allowed secrets data store associated with each data security jurisdiction zone.

Abstract: A method begins with a computing device of a dispersed storage network (DSN) determining that an encoded data slice of a set of encoded data slices requires rebuilding and sending partial rebuild requests to storage units of the DSN. The method continues with one of the storage units generating a partial rebuilt slice based one or more encoded data slices of the set of encoded data slices stored by the one of the storage units and securing the partial rebuilt slice using a shared secret scheme that is shared among the storage units to produce a secured partial rebuilt slice. The method continues with the computing device receiving a set of secured partial rebuilt slices from the storage units, recovering a set of partial rebuilt slices from the set of secured partial rebuilt slices, and rebuilding the encoded data slice from the set of partial rebuilt slices.