Abstract: A wearable device includes: a touch screen; an acceleration sensor configured to generate an acceleration signal; an optical sensor using a light source and configured to generate a touch interrupt signal; and a control unit configured to detect a wearing state of the wearable device, the wearing state of the wearable device including a not-wearing state for the wearable device, a wrist wearing state, and a hand gripping state on the basis of the acceleration signal and the touch interrupt signal, and to execute a function corresponding to the wearing state of the wearable device.

Abstract: Updating a central repository with information about malware resident upon a computer system. Upon detecting the malware executing in a virtual machine, a software module, without manual instruction, sends malware manifest data to a central repository over a network. The malware manifest data may comprise a copy of the malware and all versions, including temporary versions, of any files written to, updated by, or accessed by the malware. The central repository may receive, over a network from at least two computer systems, distinct sets of malware manifest data and may subsequently store the sets of malware manifest data.

Abstract: The subject disclosure relates to antimalware scanning, and more particularly to offline antimalware scanning of a host environment via an alternate, known safe operating system. An offline scanning product obtains data previously written by the host environment online antimalware scanning tool, e.g., configuration data and antimalware signatures in shared data stores accessible to the offline and online products, and uses that data to perform the offline antimalware scan. The offline scanning product writes results information and any quarantined files to other shared data stores, whereby the online environment, when rebooted, has access to the information, such as for review and to upload telemetry information to an online service for analysis. Also described is offline replacement of operating system files that cannot be cleaned or removed when online.

Abstract: A method at a server system includes: receiving a user request to enter a first information exchange hall; detecting a lock status of information of an information exchange operation associated with the user and with a second information exchange hall, where the information exchange operation is associated with a second information exchange hall; when the lock status is an unlocked state, processing entry of the user into the first information exchange hall; when the lock status is a locked state, determining an operation state of the information of the information exchange operation; when the operation state is an inactive operation state, changing the lock status of the information from the locked state to the unlocked state, and processing entry of the user into the first information exchange hall; and when the operation state is an active operation state, restoring entry of the user into the second information exchange hall.

Abstract: There is provided a communication apparatus comprising an antenna. A communication unit is able to use external power that is generated by receiving a signal from an external apparatus via the antenna, thereby transmitting a response to the signal that is received from the external apparatus to the external apparatus. A deactivation unit deactivates, in a case where the external power is generated by receiving the signal from the external apparatus via the antenna, supply of the external power from the antenna to the communication unit. A control unit performs control so as to interrupt deactivation of supply of the external power from the antenna to the communication unit by the deactivation unit.

Abstract: A message including a digital signature of a message originator is received at a processor. In response to determining that the message originator is authorized by a data protection policy to originate the message, a determination is made as to whether a specific authorized certificate issuer is configured for the message originator within a data protection policy. In response to determining that the specific authorized certificate issuer is configured for the message originator within the data protection policy, a determination is made as to whether a message originator certificate used to generate the digital signature of the message originator is issued by the specific authorized certificate issuer configured for the message originator within the data protection policy.

Abstract: A method at a terminal in a multiple-node digital communications network, comprising any one or more of: generating at least one symmetric first key(s), across all participating nodes in the multiple-node digital communications network and securely distributing the at least one first key(s) in encrypted form to multiple participating nodes of the multiple-node digital communications network, using at least one asymmetrically established second key(s), the participating nodes including at least one message-transmitting node(s) and at least one message-receiving node(s); generating at least one symmetric third key(s) for one or more communication session that includes one or more communications from the at least one message-transmitting node(s) to the message-receiving node(s); encrypting at least one payload message using the at least one third key(s) at the at least one message-transmitting node(s), sending the encrypted at least one payload message, and receiving the encrypted at least one payload message at

Abstract: A message including a digital signature of a message originator is received at a processor. In response to determining that the message originator is authorized by a data protection policy to originate the message, a determination is made as to whether a specific authorized certificate issuer is configured for the message originator within a data protection policy. In response to determining that the specific authorized certificate issuer is configured for the message originator within the data protection policy, a determination is made as to whether a message originator certificate used to generate the digital signature of the message originator is issued by the specific authorized certificate issuer configured for the message originator within the data protection policy.

Abstract: Process, equipment, and computer program product code for configuring a network security device using a hand-held computing device are provided. Default initial settings for a network security device are received by a mobile application running on a hand-held computing device. The default initial settings represent settings that allow the network security device to be remotely managed via a network to which the network security device is coupled. The default initial settings are presented to a network administrator via a touch-screen display of the hand-held computing device. Revisions to or acceptance of the default initial settings are received by the mobile application. The mobile application causes the network security device to be configured with the revised or accepted default initial settings by delivering the settings to the network security device via a management interface to which the hand-held computing device is coupled via a connecting cable.

Abstract: Methods, systems, and products authenticate a user to a device. A user selects or submits a media file for authentication. Features in the media file are compared to a set of criteria for authentication. The number of matching criteria, that is within a range of values for each criterion in the set of criteria, is determined. The number of matching criteria is compared to a threshold value. When the number of matching criteria equals or exceeds the threshold value, then the user that selected or submitted the media file is authenticated.

Abstract: According to one embodiment, a system includes at least one switching distributed line card (DLC) configured to apply Access Control Lists (ACLs) on each switching interface of the at least one switching DLC to direct certain received packets to at least one appliance DLC to have deep packet inspection services performed on the certain received packets, and at least one central switch fabric coupler (SFC) in communication with the at least one switching DLC, where the at least one appliance DLC and the at least one switching DLC are connected to the at least one central SFC. Other systems, methods and computer program products for providing scalable virtual appliance cloud (SVAC) services are described in more embodiments.

Abstract: Disclosed are methods and apparatus for detecting mismatch of ciphering parameters, such as Count-C, in a wireless device and recovery therefrom. The methods and apparatus for detection include examining a predefined ciphered field, such as a Length Indicator field, in one or more received Radio Link Control (RLC) Protocol Data Units (PDUs). Next, a determination of when the field is invalid over a predetermined sample number of PDUs is performed. Mismatch of ciphering parameters can then be determined when a predetermined number of samples of the field detected as invalid exceed a predetermined threshold. Additionally, recovery of PDUs after mismatch detections is disclosed using a range of Hyper-Frame Numbers (HFNs) to decipher buffered PDUs, and then check which of the HFNs eliminate the parameter mismatch by again determining if parameter mismatch occurs using the methods and apparatus for detection.

Abstract: A method and system for processing information. An apparatus divides target information into N pieces of divided data using a secret sharing scheme in which a predetermined number (K) of pieces of the N pieces of divided data is required to restore the target information, wherein N>K. The apparatus is an information processing device or an external storage device. The apparatus selects M pieces from the N pieces (K<M<N). After selecting the M pieces, the M pieces are stored in the external storage device which limits a totality of pieces of the N pieces being stored on the external storage device to the M pieces. After storing the M pieces, the target information is restored from at least K pieces of the N pieces after which D pieces of the M pieces in the external storage device are destroyed (D>M?K).

Abstract: This invention is for a system capable of securing one or more fixed or mobile computing device and connected system. Each device is configured to change its operating posture by allowing, limiting, or disallowing access to applications, application features, devices features, data, and other information based on the current Tailored Trustworthy Space (TTS) definitions and rules which provided for various situationally dependent scenarios. Multiple TTS may be defined for a given deployment, each of which specifies one or more sensors and algorithms for combining sensor data from the device, other connected devices, and/or other data sources from which the current TTS is identified. The device further achieves security by loading digital credentials through a unidirectional multidimensional physical representation process which allows for the device to obtain said credentials without the risk of compromising the credential issuing system through the data transfer process.

Abstract: Various embodiments provide a data governance and licensing system for monitoring usage of tracking data associated with transport of a plurality of packages and for facilitating licensing arrangements in connection therewith. In certain embodiments, the system comprises: one or more memory storage areas containing a variety of data and one or more computer processors. The one or more computer processors are configured to: receive observed data associated with access of tracking data by at least one accessing party; analyze at least a portion of the observed data to determine identification data for the accessing party; compare the identification data and the authorized user data to determine whether the accessing party is an authorized party; determine whether one or more discrepancies exist between the observed data and either generic usage data or authorized user data; and if so, generate either a license proposal or a license revision request.

Abstract: A plurality of computer messages are classified into clusters according to the behavior of the computer messages in the context of a computer resource. For a new message of the plurality of computer messages, it is determined whether the cluster to which the new computer message is classified has been seen previously. A measure is then obtained of the probability that the cluster to which the next new message will be classified has been seen previously.

Abstract: A device may detect an attack. The device may receive, from a client device, a request for a resource. The device may determine, based on detecting the attack, a computationally expensive problem to be provided to the client device, where the computationally expensive problem requires a computation by the client device to solve the computationally expensive problem. The device may instruct the client device to provide a solution to the computationally expensive problem. The device may receive, from the client device, the solution to the computationally expensive problem. The device may selectively provide the client device with access to the resource based on the solution.

Abstract: A rich client performs single sign-on (SSO) to access a web- or cloud-based application. According to the described SSO approach, the rich client delegates to its native application server the task of obtaining a credential, such as a SAML assertion. The native server, acting on behalf of the user, obtains an assertion from a federated identity provider (IdP) that is then returned to the rich client. The rich client provides the assertion to a cloud-based proxy, which presents the assertion to an identity manager to attempt to prove that the user is entitled to access the web- or cloud-based application using the rich client. If the assertion can be verified, it is exchanged with a signed token, such as a token designed to protect against cross-site request forgery (CSRF). The rich client then accesses the web- or cloud-based application making a REST call that includes the signed token. The application, which recognizes the request as trustworthy, responds to the call with the requested data.

Abstract: Techniques are described for reducing time to decrypt a next encrypted frame in a content stream by optimizing a license/key acquisition process. When requesting content, a key identifier and/or license identifier may be included within a webpage using a link, script, or similar access point. When a client device sends a request for content, the loading of the webpage within the client device includes the embedded key identifier. Access to the key/license identifier at the client device then may initiate a key/license acquisition process by the client device. The key/license may be obtained from a key management device in parallel with, or prior to, downloading of at least a portion of the content stream.

Abstract: Computing platform security methods and apparatus are disclosed. An example apparatus includes a security application to configure a security task, the security task to detect a malicious element on a computing platform, the computing platform including a central processing unit and a graphics processing unit; and an offloader to determine whether the central processing unit or the graphics processing unit is to execute the security task; and when the graphics processing unit is to execute the security task, offload the security task to the graphics processing unit for execution.