Abstract: A computer-implemented method for informing users about applications available for download may include (1) identifying, through sharing functionality provided by an operating system, shared content that identifies an application hosted by an application distribution platform, (2) in response to identifying the shared content, obtaining security information about the identified by the shared content, and (3) informing, prior to a user downloading the application, the user of the obtained security information about the application to enable the user to make an informed decision about whether to download the application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for detecting private browsing mode may include (1) determining that a browser application is operating as a foreground application on the computing device, (2) detecting computing activity occurring on the computing device while the browser is operating in the foreground, (3) determining that no new entry has been made in the browser's history, (4) in response to determining that no new entry has been made in the browser's history, incrementing a certainty level score that identifies a level of certainty that the browser is executing in private browsing mode, (5) determining that the certainty level score has exceeded a certainty threshold, indicating that the browser is likely to be executing in private browsing mode, and (6) performing a security action in response to determining that the browser is likely to be executing in private browsing mode. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method of authenticating a user at a peripheral apparatus includes receiving a log-in request from a user, sending a request to a social networking service to authenticate the user's social networking service account, receiving the user's social networking service account information from the social networking service, determining based on the user's social networking service account information whether the user is authorised to access the peripheral apparatus, and allowing, in a case that the determining determines that the user is authorised to access the peripheral apparatus, the user access to the peripheral apparatus.

Abstract: Methods and systems are provided for providing access to a cloud-based logging service to a user without requiring user registration. According to one embodiment, access to a cloud-based logging service is integrated within a network security gateway appliance by automatically configuring access settings for the logging service without registering the gateway appliance with the logging service. A traffic or event log is transparently created within the logging service by making use of the automatically configured access settings and treating the logging service as a logging device. A request is received, by the gateway appliance, from an administrator to access data associated with the log. Responsive to the request, the data from the logging service is transparently retrieved, by the gateway appliance, and presented to the administrator via a graphical user interface (GUI) of the gateway appliance.

Abstract: A bipartite graph is generated which includes one or more source vertices and one or more destination vertices. For a given source vertex, a temporal behavioral matrix is generated using the bipartite graph where a first dimension of the temporal behavioral matrix is associated with time and a second dimension of the temporal behavioral matrix is associated with at least some of the one or more destination vertices. For the given source vertex, a model is generated using at least some portion of the temporal behavioral matrix. Anomaly detection is performed on at least part of the temporal behavioral matrix using the model.

Abstract: Detecting online attacks is described, including identifying one or more events associated with users on a social graph. For each type of event of the one or more events, generating at least one directed acyclic graph (DAG), where each node on the DAG represents a node on the social graph where an event of the type occurs and each edge on the DAG represents a propagation of the event from a first node of the edge to a second node of the edge.

Abstract: A computer-implemented method for scanning packed programs in response to detecting suspicious behaviors may include (1) executing a packed program that may include (i) malicious code that has been obfuscated within the packed program and (ii) unpacking code that deobfuscates and executes the malicious code when the packed program is executed, (2) monitoring, while the packed program is executing, how the packed program behaves, (3) detecting, while monitoring how the packed program behaves, a suspicious behavior of the malicious code that indicates that the unpacking code has deobfuscated and executed the malicious code, and (4) performing a security operation on the packed program in response to detecting the suspicious behavior of the malicious code. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods are provided for dynamic analysis wrapper objects for application dataflow. A system creates a wrapper object that points to a data object received from a data source, creates a source tracking object for the wrapper object, and records information associated with the data source into the source tracking object. The system creates a copy of the wrapper object for a tracking event in an application program, creates a flow tracking object for the tracking event, and records information associated with the tracking event into the flow tracking object as the tracking event processes the copy of the wrapper object. The system outputs the copy of the wrapper object to a data sink for the application program, creates a sink tracking object for the data sink, and records information associated with the data sink into the sink tracking object.

Abstract: In some embodiments, a system includes a trusted network, an untrusted network, on-board equipment on-board a moving object, one or more first security devices on-board the moving object and communicatively connecting the on-board equipment and the untrusted network, and a security device bank communicatively connecting the trusted network and the untrusted network. The security device bank includes a common bus or the local network and one or more second security devices connected to the common bus or the local network.

Abstract: A multi-party security protocol that incorporates biometric-based authentication and withstands attacks against any single party (e.g., mobile phone, cloud, or the user). The protocol involves the function split between mobile and cloud and the mechanisms to chain-hold the secrets. A key generation mechanisms binds secrets to a specific device or URL (uniform resource locator) by adding salt to a master credential. An inline CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) handling mechanism uses the same sensor modality as the authentication process, which not only improves the usability, but also facilitates the authentication process. This architecture further enhances existing overall system security (e.g., handling untrusted or compromised cloud service, phone being lost, impersonation, etc.) and also improves the usability by automatically handling the CAPTCHA.

Abstract: System and method for creating a secure channel for inter-application communication based on the messaging system called Intents in the Android OS are disclosed. In one embodiment, an application for accessing a cloud-based storage platform triggers the broadcast of a custom Intent to all applications on a mobile device to detect an authorized application that is capable of interacting with the application. Once an authorized application is chosen, the application opens a secure channel for communication with the authorized application and passes encrypted data stream to the to the secure channel for access by the authorized application.

Abstract: A video processing method for a video image consisting of a plurality of units includes: generating a plurality of information types of at least a first unit and a second unit neighboring the first unit; and storing the plurality of information types of the first unit in a first continuous address space in a buffer and storing the plurality of information types of the second unit in a second continuous address space in the buffer, wherein the first continuous address space is adjacent to the second continuous address space. The plurality of information types of the first and second units are required for coding a specific unit, and the order of the stored plurality of information types of the first and second units is manipulated in each of the first and second continuous address spaces.

Abstract: A method for calculating a partial risk score for a data object may include identifying a request to calculate a partial risk score for a data object, the request including a partial risk score filter, and the data object being associated with one or more policies. The method may further include for each policy associated with the data object, determining whether characteristics associated with the policy match a parameter in the partial risk score filter, and when the characteristics associated with the policy match information in the partial risk score filter, including a data object risk score associated with the policy in the partial risk score for the data object.

Abstract: A method for low-level security based on the UID. In particular it enhances an RFID system by adding the ability to dynamically modify the UID of the smartcard or to randomly generate a new UID for the smartcard.

Abstract: Methods for marking a consumer good at a distribution point are described that enable field authentication of the consumer good at an authentication point without connection to a remote database. Methods for authenticating a marked consumer good are described by scanning encrypted indicia without connecting to a remote database are described. Authentication methods for marked consumer goods, apparatus for carrying out the authentication methods, and systems based on the authentication methods are described.

Abstract: Methods and systems are provided for providing access to a cloud-based logging service to a user without requiring user registration. Methods and systems are also provided for providing cloud-based logging service to users by integrating the cloud-based logging service within a network security gateway appliance, thereby enabling the users to use the cloud-based logging service by accessing the gateway appliance. The cloud-based logging service can be accessed via an Application Programming Interface (API) without requiring user registration and allows easy and efficient access to log files, viewing of log files, and data security to stored log files and generated reports.

Abstract: A configuration for achieving efficient content verification processing based on hash values is provided. Hash values of hash units set as segmented data of a content stored on an information storage medium are recorded in a content hash table and are stored on the information storage medium together with the content. An information processing apparatus for executing content playback executes hash-value comparison processing based on one or more randomly selected hash values. Regardless of the data amount of content, the configuration can perform hash-value determination and comparison processing based on hash units having a small amount of data, so that user equipment for executing content playback can perform efficient content verification.

Abstract: A Multilevel Security (MLS) server provides MLS functionality to single-level applications running on a remote Multiple Independent Level Security (MILS) or MLS client device. More specifically, the MLS server provides a plurality of different security domains in which applications can execute. The client device executes a single-level application in a first security domain, the single-level application not natively capable of communicating with other domains. The single-level application in the first security domain sends a request to the MLS server. The MLS server receives the request, passing it to all applicable domains, including a second security domain, where it is duly executed. The MLS server then provides the results of the request execution—if any—back to an appropriate application on the client device.

Abstract: The present disclosure provides methods and systems for secure logon. One or more method includes: determining, via authentication information provided by a user of an electronic device, that the user is authorized to access an online account provided by the online account provider; providing the user with a selectable option to enable an expedited logon process by which the user can access the online account by solely providing a particular authentication item of the user; receiving a verification credential in response to a next logon attempt using the expedited logon process; and verifying that the received verification credential matches an assigned verification credential provided to the user for use in conjunction with the next logon attempt using the expedited logon process.

Abstract: A system and computer based method are provided for identifying active content in websites on a network. One embodiment includes a computer based method of classifying web content. The method receives content of a web page, and determines a first property associated with the content, the first property including static content. The method executes active content associated with the webpage, and determines a second property associated with the content based at least in part on the executing, the second property including the active content. The method also evaluates a logical expression relating the first property and the second property, and associates the web page with a category based on a result of the evaluation. The evaluation of the logical expression at least in part evaluates whether a constant value matches at least a portion of the content of the web page.