Abstract: A decoder arrangement (10) includes a processor (12) programmed to decode multiple streams (111-11n), including multiple streams of different formats. In terms of functionality, the decoder arrangement includes a routing stage (13) routes each streams to different decoder stages (141-14n), each capable of decoding a stream of a particular format to yield an uncompressed stream at its output. Each of plurality of buffer stages (161-16n) stores a successive frame of an uncompressed stream output by an associated decoder stage. An output stage scales and the frames stored by the buffer stages to a common size for input to a display device (22).

Abstract: A method, system, and computer program product containing instructions to provide hardware-based human presence detection. Rather than rely upon software to display a CAPTCHA image, hardware in the form of a sprite engine of a graphics device is used to write a random text string directly to the display device, overlaying the user interface provided by software. Because the sprite engine is isolated from a host operating system for the system, the random text string cannot be captured and processed by software robots running under the host operating system.

Abstract: Aspects of the present disclosure are directed toward a method that includes a physically-unclonable function (PUF) device that receives a communication that includes a first challenge value, a second challenge value and a remote message authenticity value. The method includes the generation of additional challenge-response pairs in a secure manner. The additional challenge-response pairs are securely communicated between the PUF device and an authenticating server or other device for subsequent use in authentication.

Abstract: A system and method for controlling data communications between a server and a client device, such as a mobile device. Embodiments relate generally to a technique where stop data is provided to the client device. This stop data can be transmitted (e.g. by the client device) to the server. When processed by the server, the stop data indicates to the server that at least some of the encrypted data received by the client device from the server was not decrypted using the second key (e.g. as may be the case when the second key has been deleted). Upon receiving the stop data, the server may, for example, withhold the transmission of data encrypted with the first key to the client device until the second key is restored on the client device. In one embodiment, the stop data is provided to the client device in an encoded (e.g. encrypted) form.

Abstract: A method may include receiving a session control protocol request message and fingerprinting the received session control protocol message. The method may further include comparing the fingerprint of the received request message to a list of fingerprints associated with known malicious user agents and rejecting the request message when the fingerprint of the received message matches any fingerprint in the list of fingerprints associated with known malicious user agents. The method may include comparing the fingerprint of the received request message to the list of fingerprints associated with known non-malicious user agents and accepting the request message when the fingerprint of the received message matches any fingerprint in the list of fingerprints associated with known non-malicious user agents.

Abstract: Systems and methods described herein provide for communication between a base component and a tablet component of a hybrid computing system. The hybrid computing system is in a connected state when the base component and tablet component are connected. Systems and methods provide for a switch for determining control of the hybrid computing system when in a connected state. Embodiments provide that the base component may control the tablet component when the hybrid computing system is in a connected state and the switch is set to base control. According to embodiments, the display component may control the hybrid computing system when the hybrid computing system is in a connected state and the switch is set to tablet control. In addition, embodiments provide that a server module running on the display component and a client module running on the base component facilitate communication between the hybrid computing system components.

Abstract: Methods of detecting anomalous behaviors associated with a fabric are presented. A network fabric can comprise many fungible networking nodes, preferably hybrid-fabric apparatus capable of routing general purpose packet data and executing distributed applications. A nominal behavior can be established for the fabric and represented by a baseline vector of behavior metrics. Anomaly detection criteria can be derived as a function of a variation from the baseline vector based on measured vectors of behavior metrics. Nodes in the fabric can provide a status for one or more anomaly criterion, which can be aggregated to determine if an anomalous behavior has occurred, is occurring, or is about to occur.

Abstract: A method and apparatus for transmitting a subset voice stream associated with a subset talk group. A voice communication device receives a session identifier from an associated data communication device engaged. The voice communication device transforms the session identifier into a session key identifier, obtains an encryption algorithm implementing a subset talk group filtering feature and a voice encryption key identifier, and combines the session key identifier with the voice encryption key identifier to generate a signaling key identifier. The voice communication device associates the signaling key identifier and an encryption algorithm identifier with the subset voice stream during transmission of the subset voice stream to a receiving voice communication device.

Abstract: A secure communications method is provided for use in a telecommunications network, wherein a transaction between an entity A and an entity B of the network comprises: entity A sending an authorization request to an Authorization Server S, in which request the entity A identifies itself and authenticates itself; the entity A declares to the Authorization Server its intention to communicate with a certain entity B; the Authorization Server determines a secret key that it shares with the entity B; the Authorization Server generates a session key and sends it to the entity A; the session key being a one-way function of the secret key and also being a function of an integer (transaction number) allocated to the transaction; the Authorization Server also generates a transaction identifier that is a function depending at least on the transaction number in non-invertible manner.

Abstract: A method, system, and computer usable program product for managing a security database in a computer memory by presenting a content delivery unit in a browser window on a computer display, identifying a plurality of domains associated with the content delivery unit wherein a first set of the plurality of domains is associated with hyperlinks in the content delivery unit, receiving user input selecting a security category for a second set of domains, and associating the second set of domains with the selected security category in the security database.

Abstract: A system and method for integrating the Internet front end-sign on processes of the various systems of a financial institution which allows a customer to view and access its various financial accounts with the institution. During the initial sign up for the online access to its accounts, a customer creates his/her User ID and password online during the same session. Once the customer has signed on (password) and verified ownership of at least one account, the system displays all of the customer's accounts that are available for access via the Internet website. The online ownership verification uses only a single account of the customer and the ownership verification criteria associated with the account. The account used for verifying a customer is first determined based on the accounts selected by the customer for accessing online. From the selected accounts, the system of the present invention creates a verification hierarchy with respect to the accounts.

Abstract: A computer platform is provided that comprises a processor and a cryptographic co-processor coupled to the processor. The computer platform further comprises a platform entity coupled to the processor. The platform entity establishes a secure relationship with the cryptographic co-processor that enables the platform entity to utilize cryptographic functions provided by the cryptographic co-processor.

Abstract: A resource monitoring method may include determining, at a first monitoring node, a load level for each monitoring node of a plurality of monitoring nodes including the first monitoring node and a second monitoring node based on a namespace associated with the first monitoring node. The namespace may include an overlay namespace and a local namespace. The local namespace may identify objects being monitored by the first monitoring node. The overlay namespace may include local viewpoints for other monitoring nodes of the plurality of monitoring nodes including the second monitoring node. Each local viewpoint may identify one or more objects that are monitored by a respective other monitoring node. The method may further include prohibiting the first monitoring node from instituting a new object creation request if the load level of the second monitoring node is lower than the load level of the first monitoring node.

Abstract: The present invention includes a network service access method. In one embodiment, such a method comprises: forwarding the domain name resolution requests to a local domain name server of each Internet service provider providing services through access link corresponding with the Internet service provider; receiving Internet Protocol address on the domain name resolution requests which the local domain name server of each Internet service provider returned from the corresponding access link; selecting the Internet Protocol address according to line state of the access link of each Internet service provider providing services and returning the selected Internet Protocol address to the user equipments; and visiting network services by the access link of the Internet service provider returning the selected Internet Protocol address.

Abstract: A method for use with content includes analyzing a sequence of frames of the content, determining whether an area exists in a scene depicted by the sequence of frames where additional content such as advertising can be inserted without obstructing activity in the scene, for any such area, determining an amount of time that the area is available when the sequence of frames is being played, and for any such area, determining a size of the area. A storage medium storing a computer program for causing a processor based system to execute these steps and an apparatus for use with content are also disclosed.

Abstract: A system for remotely authenticating credit card transactions of a consumer comprises at least one subsystem that alerts the consumer via a communication device of the consumer when a credit card transaction that meets certain criteria is being attempted on the consumer's credit card account. Also, a system for remotely authenticating credit card transactions of a consumer may comprise at least one subsystem that receives an authorization request from a merchant for completing the credit card transaction and at least one subsystem that disallows the transaction to complete if a response is received from the consumer rejecting the transaction. The communication device may be a cell phone, computer, PDA, land line telephone, or any other communication device.

Abstract: In one embodiment, there is provided a mobile communications device comprising: a processor; a communications subsystem operable to exchange signals with a wireless network; a storage element having application modules and data stored thereon, the data comprising at least user application data associated with the application modules and service data including data for establishing communications with the wireless network; and a security module operable to detect policy messages received by the device, and to perform a security action if a first policy message to enforce a first data protection policy is received and a subsequent policy message to enforce a second data protection policy is not received within a predetermined duration from the time at which the first policy message is received; wherein the security action comprises erasing or encrypting at least some of the data on the storage element.

Abstract: A method includes receiving, via a server, a User ID and Password from a client device, and generating a Secret PIN (SPIN). Values for a Partial Password and an encrypted version of the SPIN (ESPIN) are determined. The method includes challenging a user of the client device with a challenge that prompts the user to enter the Partial Password and an ESPIN. An Additional Factor, e.g., a One-Time Password from a Shared Secret, is locked using the SPIN. The Partial Password and challenge unlock the Additional Factor. The method includes authenticating the identity using the unlocked Additional Factor. A system includes a server in communication with a client device, and a non-transitory memory device on which is recorded process instructions for authenticating the identity of a user of the client device. The server executes the instructions to thereby authenticate the identity of the user using the unlocked Additional Factor.

Abstract: A browser application has at least two web browser objects for browsing Private PAIR while hiding multi-page navigation from a user. The browser application is configured to automatically download XML data from Private PAIR, and generate one or more reports therefrom, including a Daily Updates report, a Cross Checker report, and a Docket Listing report. The browser application is preferably configured to selectively provide limited access to Private PAIR by restricting user navigation to programmatic navigation.

Abstract: First source code of a computer program having a plurality of lines of instructions is received. An obfuscation process is performed on the first source code, including at least two of a shuffling operation, a fertilizing operation, an aggregating operation, and a neutralizing operation. Second source code is generated based on the obfuscation process, where the second source code, when executed by a processor, produces an identical result as the first source code.