Abstract: An example operation may include one or more of evaluating a proposed membership conversion submitted by a client application (App) on a client subject to a first membership services provider (MSP1), evaluating the validity of the client according to channel membership rules, placing a transaction certificate in a creator field of a client transaction request, using fabric-attribute-based authentication to authenticate the client that submitted the membership conversion proposal, consulting a membership table to determine access rights of the client, and passing the access rights information to an application membership credential generator compliant with a second membership services provider (MSP2).

Abstract: A content distribution system includes content receivers that provide a plurality of blockchain databases that store transaction records associated with subscriber requests for content, and a computer system that processes those transaction records and enables authorized content receivers to output requested content.

Abstract: One embodiment provides a system that facilitates efficient and transparent encryption of packets between a client computing device and a content producing device. During operation, the system receives, by a content producing device, an interest packet that includes a masked name which corresponds to an original name, wherein the original name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level. The system obtains the original name based on the masked name. The system computes a symmetric key based on the original name and a generated nonce. The system generates a content object packet that corresponds to the original name and includes the masked name, the nonce, and a payload encrypted based on the symmetric key, wherein the content object packet is received by a client computing device.

Abstract: A computing device features one or more hardware processors and a memory that is coupled to the one or more processors. The memory comprises software that supports virtualization, including a virtual machine operating in the guest mode and a virtualization layer operating in the host mode. The virtual machine is configured to execute a plurality of processes including a guest agent process. The virtualization layer is configured to protect the guest agent process operating within the virtual machine that provides metadata to the virtualization layer by restricting page permissions for memory pages associated with the guest agent process when the guest agent process is inactive.

Abstract: At an electronic computing device, a first memory footprint is obtained for a protected computer. The protected computer is monitored with the electronic computing device. At the electronic computing device, a second memory footprint is obtained for the protected computer. The first memory footprint is compared with the second memory footprint. When the first memory footprint does not match the second memory footprint, a security alert is initiated for the protected computer.

Abstract: Systems and methods are provided herein for use in identifying and/or detecting electronic message containing malicious content. One exemplary method includes receiving multiple electronic tags. Each of the multiple electronic tags corresponds to an electronic message and a use, and the user caused the electronic tag to be associated with the electronic message based on a perception that the electronic message included malicious content. The exemplary method further includes assigning, for each electronic tag, point(s) to the corresponding user when the corresponding electronic message includes malicious content, totaling, for each user, the point(s) assigned during a predefined interval, and identifying one of the user(s) with a highest total point(s), for the defined interval, as a winner, thereby incentivizing users to associate electronic tags with electronic message perceived to include malicious content.

Abstract: A shippable storage device may be used to execute one or more applications, such as an encryption application, and to securely store client data on a storage node of the shippable storage device. After connecting the shippable storage device to a client network, a stateless compute node of the shippable storage device downloads operating code. After validating the operating code, the stateless compute node executes the operating code. The operating code may include an application, such as an encryption application that receives, encrypts, and stores client data. The application does not access writeable persistent storage other than through an internal network interface to the storage node, according to a networking protocol. The volatile memory of the stateless compute node is cleared upon removal of power to the shippable storage device so that unencrypted data and one or more encryption keys are not persisted within the shippable storage device.

Abstract: A content providing method of a content providing system is provided. The method includes transmitting identification information in a broadcasting manner from a first electronic device, if the identification information is received, generating user history information based on a receiving record of the identification information, at a second electronic device, transmitting the user history information to a database server from the second electronic device, transmitting the user history information to the first electronic device from the database server, transmitting the user history information to a content server at the first electronic device, transmitting a content associated with the user history information to the first electronic device from the content server, and providing the content to a user of the first electronic device.

Abstract: Examining applications for structural indications of repackaging is disclosed. A mobile application is received. The mobile application is analyzed to determine whether the mobile application matches a build-related file format fingerprint indicative of application repackaging. In response to a result of the analysis, the mobile application is categorized as a repackaged application.

Abstract: Systems, methods, apparatus and other mechanisms of authorizing a device to receive subscriber services via a network by comprising identifying a customer premises equipment (CPE) access device in communication with a device to be authorized for receiving subscriber services, determining a location associated with the CPE access device; and authorizing the device for receiving subscriber services if the CPE access device location is a valid location for a subscriber account associated with requested subscriber services.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for creating a unified passcode. One of the methods includes identifying that an application program installed on the system is assigned to a profile for an organization, identifying that the profile requires a passcode to allow access to the application program, providing a user interface with which user input is able to specify whether the system should use separate passcodes to unlock the system and provide access to the application program, receiving first user input that specifies that the system is to use a single passcode to both unlock the system and provide access to the application program, receiving, while the system is locked, second user input that specifies the single passcode, unlocking the system, receiving user input that selects a user interface element to activate the application program, and activating the application program without requesting a passcode.

Abstract: A method for securing data by embedding the data in a data structure and utilizing a sensor to detect transfer of the data structure. The data is embedded such that the data is only accessible by first executing an executable program. If the executable program determines that the device attempting to access the data (the accessing device) does not have permission to access the data, then the executable program destroys the data. If the data structure is transferred to another device, a sensor positioned to detect the data structure when transferred will identify the data. If the sensor determines that the data structure is not permitted to be transferred, then the sensor destroys the data.

Abstract: In one embodiment, a computer-implemented method is provided, comprising: developing at least a portion of a particular application that is configured to be installed on at least one device including an operating system, a web browser, and another application; developing a web page that includes a Hypertext Transfer Protocol (HTTP) link; causing the web page that includes the HTTP link to be hosted by at least one server in connection with a web site; causing to be stored, in connection with the particular application, first information identifying at least one aspect of the web site; causing to be stored, at the at least one server, second information identifying the particular application; via at least one network, receiving, at the at least one server and from the at least one device, a first request initiated via the web browser of the at least one device; and in response to the first request, serving, to the at least one device via the at least one network, the web page that includes the HTTP link such t

Abstract: A NIC is provided in a cloud infrastructure. The NIC has a first information which receives least one application message from an application supported by the infrastructure. The NIC digitally signs the application message and outputs the digitally signed message to a network.

Abstract: The present disclosure is directed towards systems and methods for rewriting a HTTP response transmitted via a clientless SSL VPN session. An intermediary device may identify, in a HTTP response transmitted via a clientless SSL VPN session, an absolute URL that includes a first hostname of the server. The device may provide a unique string corresponding to the first hostname of the server. The device may generate a URL segment by combining the unique string with a second hostname of the device. The device may rewrite the absolute URL by replacing the first hostname in the absolute URL with the generated URL segment. A domain name system (DNS) server for the client may be configured with a DNS entry comprising a wildcard combined with the second hostname, to cause the DNS server to resolve the rewritten absolute URL to an IP address of the device.

Abstract: A spoken command analyzer computing system includes technologies configured to analyze information extracted from a speech sample and, using a joint speaker and phonetic content model, both determine whether the analyzed speech includes certain content (e.g., a command) and to identify the identity of the human speaker of the speech. In response to determining that the identity matches the authorized user's identity and determining that the analyzed speech includes the modeled content (e.g., command), an action corresponding to the verified content (e.g., command) is performed by an associated device.

Abstract: A shadow sandbox is maintained for malware detection. The shadow sandbox is a virtual machine replica of a target computing environment from a protected computing system. The shadow sandbox is maintained through all change events that occur to the target computing environment. The described systems and methods of detecting or preventing malware execution include maintaining a virtual machine replica of a target computing system by monitoring the target computing system for a plurality of possible events, the plurality of possible events including change events and risk events, detecting a change event on the target computing system, and updating the virtual machine based on the detected change event. The described systems and methods detect a risk event on the target computing system, execute the risk event on the virtual machine, and determine whether the risk event is malicious based on observation of execution of the risk event on the virtual machine.

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

Abstract: A passwordless reset technique includes actions to receive a request for a password reset, wherein the request password reset is initiated at a first device, determine that the first device is a trusted device, authenticate the user in order to obtain a cloud key from a network device, wherein the cloud key is associated with the first device, derive a key encryption key using the cloud key, decrypt a local storage key using the key encryption key, decrypt a local storage using the local storage key to obtain a content encryption key, obtain a new password via user input, re-encrypt the content encryption key, and transmit it to the network device, derive a new authentication token using the new password, and transmit the new authentication token to the network device.

Abstract: Clustering is provided of computer security attacks by the threat actor based on features of the attacks. Attack data is obtained for a given attack and a plurality of features of the given attack are extracted from a plurality of attack attributes. A feature-based score is computed for the given attack based on the extracted features relative to each of a plurality of attack clusters. Each attack cluster is comprised of a plurality of attacks performed by a particular attacker. The given computer security attack is assigned to a particular attack cluster if the feature-based score for the particular attack satisfies a predefined score criteria.