Abstract: Traffic broadcast to a VLAN is restricted. To do so, a plurality of stations are associated with a BSSID (basic service set identifier). A first VLAN is configured by sending a first group key to each station from the plurality of stations that is a member of the first VLAN, wherein each VLAN is associated with a unique group key. One or more frames addressed to the first VLAN are received. The one or more frames are encrypted with the first group key to prevent stations without the first group key from being able to decrypt the one or more frames. The one or more encrypted VLAN frames are broadcast to the plurality of stations associated with the BSSID.

Abstract: Systems and methods involve compute nodes configured to define and/or otherwise process information associated with one or more virtual machines. In one exemplary implementation, a compute node may be configured to enable a firewall between the virtual machine and at least a portion of a network. Moreover, the firewall may be configured to detect undesired traffic based on a list of rules or an Ethernet bridge table associated with communication between the virtual machine and the network. Various features may also relate to the compute node being configured to lock the virtual machine in response to the firewall detecting undesired traffic associated with the virtual machine.

Abstract: Methods, media, and systems for, in one embodiment, protecting one or more keys in an encryption and/or decryption process can use precomputed values in the process such that at least a portion of the one or more keys is not used or exposed in the process. In one example of a method, internal states of an AES encryption process are saved for use in a counter mode stream cipher operation in which the key used in the AES encryption process is not exposed or used.

Abstract: An exemplary system includes 1) a mobile computing device provided by a vertical solution provider for use by a customer of an industry service provider to access one or more services provided by the industry service provider and 2) a mobile media platform provider subsystem operated by the vertical solution provider and configured to communicate with the mobile computing device. The mobile media platform provider subsystem and the mobile computing device are configured to provide a mobile media platform managed by the vertical solution provider and configured to facilitate the use of the mobile computing device by the customer to access the one or more services provided by the industry service provider.

Abstract: Systems and method are provided for delivering notifications to user regarding use of their authentication information. The delivery of notifications involves ascertaining a device identifier associated with a request received from a user device to engage in a transaction using the authentication information and comparing this device identifier associated with the request to a plurality of known device identifiers previously associated with the authentication information. Thereafter, a notification for a user associated with the authentication information can be generated and delivered, if the device identifier is not among the plurality of known device identifiers. In the systems and methods, contact information for delivering the notification is based on contact information for at least one previous transaction that meets a selection criteria and that is associated with the authentication information.

Abstract: An electronic device includes a positioning module, a micro processing unit and a first storing device. The micro processing unit electrically connects with the positioning module and the first storing device. The electronic detects a position thereof via the positioning module and generates a positioning coordinate datum. The micro processing unit determines whether the electronic device is in a preset working area through the positioning coordinate datum. When the electronic device is not in the preset working area, the micro processing unit stops the electronic device from accessing the first storing device. When the electronic device is in the preset working area, the micro-processing unit allows the electronic device to access the first storing device and boot a first operating system stored thereon.

Abstract: A method of providing a user with an option to access a protected system by satisfying a reduced security measure is disclosed. An attempt by the user to access the protected system is detected. It is detected that a first security token system is within a first proximity to the protected system. Based on the detecting of the attempt by the user to access the protected system and the detecting that the first security token system is within the first proximity, the user is provided with the option to access the protected system by satisfying the reduced security measure.

Abstract: Disclosed embodiments of a data protection mechanism can provide secure data management. In particular, the disclosed embodiments provide secure data management mechanisms that can control transfer of data items so that contents of protected data items are not accessible to non-authorized parties. For example, the disclosed system can prevent an application from storing a protected file using a new file name. As another example, the disclosed system can prevent an application from sending a protected file to another computing device over a communication network.

Abstract: A network device is configured to receive a request, from a device, for private information associated with a user of a user device, on behalf of another user device. The network device may authenticate the device, the user device, and the other user device. The network device may request and receive the user's authorization to send the private information to the other user device. The network device may generate and send a token used to request the private information. The network device may receive the token from the device, determine that the token is valid, and send the private information.

Abstract: A computer-implemented method for optimizing security controls for virtual data centers may include 1) identifying a security policy that applies to at least one workload configured to store data on a first storage appliance, 2) identifying at least one storage-appliance functionality capable of implementing at least a part of the security policy, 3) identifying a second storage appliance that possesses the storage-appliance functionality, and 4) migrating the data from the first storage appliance to the second storage appliance in response to identifying the security policy and the storage-appliance functionality. Variants include methods, systems, and computer-readable media.

Abstract: According to one embodiment of present invention, there is provided a method of controlling access to a communication network. The method includes receiving a request from a communication device to connect to the communication network, the request including a substantially unique identifier of the device, and determining whether the identifier is contained in a local device database of the network. Where it is determined that the identifier is not contained in the local database, the method further includes authorizing the device to connect to the network, and at a subsequent update of the local device database, determining the status of the identifier from a shared device database, and updating the status of the determined identifier in the local device database with the determined status.

Abstract: A content recognition system operates in conjunction with a media hosting service to identify hosted media content and ownership rights associated with the hosted content. By applying melody recognition, the content recognition system can identify compositions embodied in hosted media content even when these compositions do not precisely match any known sound recording. Thus, the content recognition system is beneficially able to detect, for example, recorded cover performances and recorded live performances embodied in hosted media content. Once identified, ownership information is determined and the media hosting service can carry out appropriate rights management policies associated with the content such as monetizing or blocking the protected content.

Abstract: A method for dynamic provisioning of virtual systems includes, with a server system that hosts virtual systems, detecting a new virtual system on the server system, and with the server system, using a physical address of the new virtual system to perform network authentication on behalf of the new virtual system.

Abstract: A syndication system facilitates rights management services between media content owners and media hosting services that elect to participate in the syndication system and mutually elect to participate with each other. The syndication system utilizes a content recognition system to identify hosted media content and ownership rights associated with the hosted content. By applying melody recognition, the content recognition system can identify compositions embodied in hosted media content even when these compositions do not precisely match any known sound recording. Thus, the content recognition system is beneficially able to detect, for example, recorded cover performances and recorded live performances embodied in hosted media content. Once identified, ownership information is determined and the syndication system can facilitate rights management policies associated with the content such as monetizing or blocking the protected content.

Abstract: A method for dynamic switching of user profiles on a computing device. The computing device is coupled to at least one image-sensing device and can be configured using a plurality of stored user profiles. The method includes receiving at least one image from the at least one image-sensing device and generating a current user value based on the at least one received image. The method further includes determining if the current user value corresponds to at least one stored user value corresponding to a stored user profile. If the current user value corresponds to at least one stored user value, the method includes retrieving the stored user profile and configuring at least some programs operating on the computing device using the retrieved user profile. If the current user value does correspond to at least one stored user value, the method includes configuring the computing device using an alternative method.

Abstract: A cloud-based computer system changes the modern paradigm from being device-centric to being person-centric. The system makes all user data, software settings, device settings, and licensed content for a user available in the cloud. The system includes a conversion mechanism that can convert information intended for one device type to a different device type. Thus, a user changing smart phone platforms can convert their current smart phone settings to equivalent settings on the new phone platform, and their new phone can then be configured using the user's converted settings stored in the cloud. By storing all the user's relevant information in the cloud, this information may be accessed anywhere and may be used to configure a large number of different devices according to the user's settings.

Abstract: A method and computer program product for using a vibration signature as an authentication key to authorize access of a user computer to a network. A vibration device generates a vibration signal of the vibration signature. In one embodiment, a router detects and validates the vibration signal, and then the router starts a session of connecting the user computer to the network. In another embodiment, the user computer decodes the vibration signal of the vibration signature to a security set identifier and a security key, and then sends to a router. In response to validating the security set identifier and the security key, the router starts a session of connecting the user computer to the network.

Abstract: Disclosed are a clipboard protection system in a DRM environment and a recording medium in which a program for executing the method in a computer is recorded. An identification information management unit changes first identification information of data, which is to be stored in a clipboard, into second identification information when data stored in the clipboard is requested by a reliable object, and outputs the second identification information corresponding to identification information of the reading target data if the reliable object requests extraction of the data stored in the clipboard. A data protection unit encodes the data, which is to be stored in the clipboard, and decodes the encoded data which is read from the clipboard.

Abstract: Access to a mobile computing device by a connected external device is limited, based on the context of the connection. The connection of the mobile computing device to an external device is detected. An identifier of the connected external device is gleaned, and the gleaned identifier is looked-up in a database of mappings between identifiers and descriptions of specific devices. The connected external device is classified as being of a specific functional category, based on the gleaned identifier and the description of the external device from the database. The functional category describes a legitimate function to be performed by the connected external device, such as data synchronizing, media playing or battery charging. The external device is provided with a level of access to the mobile computing device based on the classified functional category.

Abstract: In a first embodiment of the present invention, a method of providing security enforcements of widgets in a computer system having a processor and a memory is provided, comprising: extracting access control information from a widget process requesting a service, generating access control rules customized for the widget process, and providing the access control rules to a trusted portion of the computer system outside of the user code space of a Web Runtime (WRT) system; and for any static access control rule, delegating security checking of the widget process from the WRT system to the trusted portion of the computer system.