Abstract: Systems and methods for cloud security monitoring and threat intelligence in accordance with embodiments of the invention are disclosed. In one embodiment, a process for monitoring and remediation of security threats includes generating a threat model using a first portion of activity data, identifying, based upon the threat model, a threat using a second portion of activity data, selecting a security policy to implement in response to the identified threat, identifying cloud security controls in a remotely hosted cloud application server system to modify in accordance with the selected security policy, establishing a secure connection to the remotely hosted cloud application server system using login credentials associated with a tenant account with the cloud application, and sending instructions to the remotely hosted cloud application server system to set the identified cloud security controls with respect to the tenant account in accordance with the selected security policy.

Abstract: A computer-implemented method for managing data protection of storage units may include 1) providing a user interface that enables a user to configure data protection policies for storage units, 2) selecting at least one storage unit for data protection, 3) enabling the user to configure, through the user interface, a data protection policy to schedule a data backup of the storage unit, and 4) enabling the user to configure, through the same user interface, the same data protection policy to schedule a data transfer operation from the storage unit to an additional storage unit. The data transfer operation may include at least one of a replication operation and a continuous data protection operation. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Authenticity and responsiveness of evidence (e.g., biometric evidence) may be validated without regard for whether there is direct control over a sensor that acquired the evidence. In some implementations, only a data block containing evidence that is (1) appended with a server-generated challenge (e.g., a nonce) and (2) signed or encrypted by the sensor may validate that the evidence is responsive to a current request and belongs to a current session. In some implementations, trust may be established and/or enhanced due to one or more security features (e.g., anti-spoofing, anti-tampering, and/or other security features) being collocated with the sensor at the actual sampling site.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for sharing digital media with a space. One of the methods includes receiving a request from a first user to provide digital media for presentation in a first physical space, the request identifying the digital media and a group of authorized users allowed to view the digital media. Sensors in the first space identify the authorized users located in the first physical space. That only authorized users can view the digital media is determined from the sensors. The digital media is provided for presentation in the first physical space while determining that only authorized users can view the digital media.

Abstract: A computer-implemented method includes receiving a request to remove data that is associated with a protected social entity. The data maintained on one or more social networks is scanned, where scanning includes identifying data that is associated with one or more social entities. One or more characteristics of the identified data are determined, and a reference to the identified data that indicates the characteristic, is generated for each of the one or more characteristics. A match between the one or more generated references and one or more stored references is identified, where the one or more stored references each reference one or more characteristics associated with the protected social entity, and where the one or more stored references are stored in one or more social risk databases. A request to the one or more social networks to remove the identified data associated with the one or more generated references is submitted.

Abstract: A method for an administrator to impersonate a user is provided. A portal manager of a server detects an action initiated in the administrator portal pertaining to a user portal during a current session. The portal manager calculate a current user-to-impersonate identifier using a user identifier associated with the user portal, an administrator identifier associated with the administrator portal, and a session identifier associated with the current session. The portal manager compares the current user-to-impersonate identifier with a stored user-to-impersonate identifier. The portal manager permits the action initiated in the administrator portal to be executed in the user portal when the current user-to-impersonate identifier matches the stored user-to-impersonate identifier.

Abstract: There is described an electronic data communication system in which encrypted mail messages for a recipient are sent in two parts: message data encrypted by a symmetric encryption algorithm using a session key and session key data encrypted by an asymmetric encryption algorithm using a public key associated with the recipient. If the recipient uses a webmail service to access the encrypted electronic mail message, the encrypted session key data is sent to a trusted third party server which has access to the private key of the user. The trusted third party server decrypts the encrypted session key using the private key of the user, and then sends the decrypted session key to a remote network device for decryption of the encrypted message.

Abstract: Systems and methods for saving encoded media streamed using adaptive bitrate streaming in accordance with embodiments of the invention are disclosed. In one embodiment of the invention, a playback device configured to perform adaptive bitrate streaming of media includes a video decoder application and a processor, where the video decoder application configures the processor to select a download stream from a set of alternative streams of video data, measure streaming conditions and request a stream of video data from the alternative streams of video data, receive portions of video data from the requested stream of video data, decode the received video data, save the received video data to memory, when the received video data is from the download stream and separately download and save the corresponding portion of video data from the download stream to memory, when the received video data is not from the download stream.

Abstract: An authentication management system for managing use of a processing apparatus includes an authentication management apparatus including a position storing unit to store position information of the processing apparatus; a receiving unit to receive user information that identifies a portable terminal to be used for authenticating when a user requests the processing apparatus via a requester to perform a target process; a determination unit to determine whether distance between the portable terminal and the processing apparatus satisfies a proximity determination condition between the portable terminal and the processing apparatus, the distance being obtained based on position information of the portable terminal received from the portable terminal, and the position information of the processing apparatus; and an authentication unit to conduct authentication processing based on user information received from the requester, and the user information received from the portable terminal when the distance satisfies

Abstract: A credential, such as a password, for an entity is used to generate multiple keys. The generated keys are distributed to credential verification systems to enable the credential verification systems to perform authentication operations. The keys are generated such that access to a generated key allows for authentication with a proper subset of the credential verification systems. Thus, unauthorized access to information used by one authentication system does not, by itself, allow for successful authentication with other authentication systems.

Abstract: Embodiments of the present disclosure provide a user interface that enables a user to more easily identify servers that may be used to set access permissions for content items. The method and system described herein includes receiving user credentials that are associated with a user. In response to receiving the user credentials, one or more servers associated with the user credentials are displayed. The one or more servers are configured to manage information rights for a content item created by the user. Upon receiving a selection of one of the one or more servers, a list of one or more templates supported by the selected server is displayed to the user. The one or more templates identify information rights that may be applied to the content item.

Abstract: A method, system and apparatus for time-out management for session-dependent applications. A time-out management system can include one or more of pages defining a session-dependent application. The system further can include a server-side time-out manager configured for use in a content server in detecting a time-out condition in the session-dependent application when the session-dependent application has been distributed to a content client. Finally, the system can include at least one client-side time-out manager configured to detect activity for the session-dependent application and to notify the content server when activity is detected in the session-dependent application when the session-dependent application has been distributed to the content client.

Abstract: A processing device executing an application that is logged in to a user account recognized by a registration service receives information identifying a device that has not been bound to any user account, wherein the application supports a plurality of registration techniques. The processing device identifies a registration technique supported by the device that is to be used for registration of the device. The processing device performs at least one of sending information associated with the registration technique to the device or receiving the information associated with the registration technique. The processing device sends the information associated with the registration technique to the registration service, and then receives a message from the registration service, wherein the message indicates that the information satisfied a criterion of the registration technique and comprises a notification that the device is bound to the user account.

Abstract: Systems and methods are disclosed for facilitating remote key management services in a collaborative cloud-based environment. In one embodiment, the remote key management architecture and techniques described herein provide for local key encryption and automatic generation of a reason code associated with content access. The reason code is used by a remote client device (e.g., an enterprise client) to control a second (remote) layer of key encryption. The remote client device provides client-side control and configurability of the second layer of key encryption.

Abstract: The present disclosure describes a network appliance and associated access policy protocol (APP) that communicates and obeys access policies within a network. The network appliance (APP node) propagates access policies to other APP nodes that can utilize the policies most effectively. When an access policy reaches the network boundary, intra network bandwidth is optimized. The access policies may be distributed and executed in the cloud—e.g. proxy firewall, proxy policy execution.

Abstract: Techniques for security auditing of cloud resources are provided. A virtual machine (VM) is captured and isolated when a session indicates that a session with the VM has terminated. Security checks are executed against the VM in the isolated environment. Results from the security checks are then reported.

Abstract: In a general aspect, a conversion scheme is used with a cryptographic system. In some aspects, a pad bit vector is generated based on a size of a message bit vector, and a record bit vector is generated based on the pad bit vector. The record bit vector indicates the size of the pad bit vector. The record bit vector, the message bit vector, and the pad bit vector are combined to yield a first bit vector. A hash function is applied to the first bit vector, and an encryption function is applied to a portion of the first bit vector. A ciphertext is generated based on the output of the hash function and the output of the encryption function.

Abstract: Exemplary methods and systems for verifying human interaction with a computer interface are described herein. An exemplary method includes a human-interaction verification system detecting a request by an access device to access network-based content, providing, for display by the access device, a visually dynamic representation of one or more security images associated with a passcode in response to the access request, receiving, by way of the access device, challenge-response input associated with the visually dynamic representation of the one or more security images, and performing an access operation based at least in part on a comparison of the challenge-response input to the passcode.

Abstract: A system having a UHF RFID transceiver is adapted to communicate exclusively with a single electro-magnetically coupled transponder located in a predetermined confined transponder operating region. The system includes a near field coupling device comprising a plurality of lines connected in parallel with an unmatched load. The near field coupling device may be formed, for example on a printed circuit board with a plurality of electrically interconnected traces and a ground plane. The system establishes, at predetermined transceiver power levels, a mutual electro-magnetic coupling which is selective exclusively for a single transponder located in a defined transponder operating region. Also included are methods for selective communication with the transponder in an apparatus such as a printer-encoder.

Abstract: In some implementations, a method of managing access to resources in a single device including receiving, from a first resource assigned to a first perimeter, a request to access a second resource assigned to a second perimeter different from the first perimeter. The single device includes the first perimeter and the second perimeter. Whether access to the second resource is prohibited is determined based on a management policy for the first perimeter. The management policy defining one or more rules for accessing resources assigned to the second perimeter including the second resource.