Abstract: A method for network security includes monitoring traffic exchanged over a computer network. A failed attempt to communicate with a target computer by an initiating computer is identified in the monitored traffic. The identified failed attempt is revived by establishing an investigation connection with the initiating computer while impersonating the target computer. Verification is made as to whether the failed attempt was malicious or innocent, by communicating with the initiating computer over the investigation connection.

Abstract: A computer implemented method for controlling access to an electronic media source is disclosed. An access control system receives achievement goals and degree of access information. Assessment information is also received by the access control system from one or more input data sources. The access control system determines whether the achievement goals are met based on the received assessment information and forwards an access signal to the electronic media source based on the access determination. The access signal, including a grant signal, is forwarded when the achievement goals are met.

Abstract: Methods and apparatus for verifying a boot process of a computing system are disclosed. An example computer-implemented method includes reading, by a computing system during a boot process, a header section of a read-write portion of firmware of the computing system. The example method further includes generating, using a first cryptographic hash algorithm, a message digest corresponding with the header. The example method also includes decrypting, using a first public-key, an encrypted signature corresponding with the header. The example method still further includes comparing the message digest corresponding with the header and the decrypted signature corresponding with the header. In the event the message digest corresponding with the header and the decrypted signature corresponding with the header match, the example method includes continuing the boot process.

Abstract: Technology is disclosed for preventing an exfiltration of a data associated with an application executing on a mobile device. The technology can migrate the application from a computing platform of the mobile device to a secure computing platform, where the secure computing platform is independent of the computing platform of the mobile device. The technology can further receive a request to access the application through the mobile device, execute the requested application on the secure computing platform, and provide an access to the requested application executing on the secure computing platform through the mobile device. The access provided through the mobile device includes displaying information on the mobile device, where the displayed information includes data generated by the execution of requested application on the secure platform.

Abstract: An automated key transition method is executed by a node in a network. The network includes a set of nodes utilizing a current key identifier. A key identifier specifies an authentication protocol and an authentication key for use in the authentication of intermediate-system to intermediate-system (IS-IS) protocol data units. The method includes a set of steps including receiving a message at the node, where, the message includes a most recent key identifier to replace the current key identifier, verifying whether all reachable nodes in the set of nodes have advertised the most recent key identifier, continuing authentication using the current key identifier until all reachable nodes in the set of nodes have been verified to advertise the most recent key identifier, and switching authentication at the node to use the most recent key identifier upon verification that all reachable nodes in the set of nodes have advertised the most recent key identifier.

Abstract: An information processing device having a lock function for restricting user operations and a mechanism executed by this information processing device are provided in which the information processing device includes: an input unit for receiving a first password and a specified location from a user; a mode setting unit for switching to a restricted mode restricting at least some of the functions of the information processing device in response to receiving the first password and location; and a releasing unit for releasing the restricted mode on condition that the information processing device has reached the specified location.

Abstract: A function of a software program is stored in a memory during execution in a device of the software program. A processor relocates the function in a region of the memory comprising dummy code, transforms the dummy code in a predictable manner, generates a predicted checksum for the region based on a previous checksum, generates a calculated checksum over the region, and verifies the integrity of the function by comparing the predicted checksum and the calculated checksum. Also provided are a device and a computer program product.

Abstract: A method classifies data to determine hidden states of a machine by first acquiring data from the machine in a client, which is permuting randomly, and then chaff is inserted before transmitting to server as private data. The server classifies the private data according to a hidden Markov model to obtain permuted noisy estimates of states of the machine and the chaff, which are transmitted to a third party. The third party removes the chaff and inverts noisy estimates using a permutation ordering to obtain unpermuted noisy estimates of the states of the machine.

Abstract: Processing a downgrader specification by constructing a set of candidate downgrader placement locations found within a computer software application, where each of the candidate downgrader placement locations corresponds to a transition between a different pair of instructions within the computer software application, and where each of the transitions participates in any of a plurality of data flows in a set of security-sensitive data flows within the computer software application, applying a downgrader specification to the set of candidate downgrader placement locations, and determining that the downgrader specification provides full coverage of the set of security-sensitive data flows within the computer software application if at least one candidate downgrader placement location within each of the security-sensitive data flows is a member of the set of candidate downgrader placement locations.

Abstract: A method and system for utilizing target browsers. A client program is executed, which includes: (i) receiving a selection of at least one target browser by a user at a user interface at a first terminal, wherein the user interface displays two or more target browsers for each group of target browsers of two or more groups of target browsers from which the user has selected the at least one target browser; (ii) generating a message that includes the selected at least one target browser; and (iii) sending the message to a server.

Abstract: Selective data encryption of a file, in particular an H.264/MPEG-4 AVC data stream. If a first unit in the data stream is to be encrypted, it is encrypted and the encryption is put into a further unit, preferably in the data stream. A substitution unit is generated and put in the place of the first unit; if necessary, at least one header value is taken from the first unit for use in the substitution unit. A decryptor receives the encrypted data stream, extracts and decrypts the further unit and replaces the substitution unit with a regenerated first unit.

Abstract: A method of obfuscating a code is provided, wherein the method comprises performing a first level obfuscating technique on a code to generate a first obfuscated code, and performing a second level obfuscating technique on the first obfuscated code. In particular, the code may be a software code or a software module. Furthermore, the first level obfuscating technique and the second obfuscating may be different. In particular, the second level obfuscating technique may perform a deobfuscation.

Abstract: A method, performed by a server device, may include receiving a request to activate an application session, the request being received from a user equipment on behalf of a particular application installed on the user equipment. The method may further include determining one or more application requirements associated with the particular application; determining conditions associated with one or more application servers; selecting a particular one of the one or more application servers based on the determined one or more application requirements and based on the determined conditions; and setting up the application session between the user equipment and between the selected particular one of the one or more application servers.

Abstract: Large scale system operation may be provided. Upon receiving an action request from a user, a determination may be made as to whether the user requires elevated permissions to perform the action request. In response to determining that the user requires elevated permissions to perform the action request, the action request may be forwarded to a lockbox for evaluation and a permission response may be received from the lockbox.

Abstract: A system includes authentication of a user with a first server, reception of a request from the user to authenticate the user with a second server, requesting, from the first server, in response to receiving the request, user credentials to access the second server, reception of the user credentials from the first server, and transmission of the user credentials to the second server.

Abstract: Portable information handling systems dynamically allocate resources to anti-malware functions based upon available resources and threat status. Dynamic allocation of resources to anti-malware functions provides a timely and targeted response to specific threats with resources dedicated based upon availability and the impact on other information handling system functions. An adaptive mobile integrity validation system interfaces with plural portable information handling systems to selectively update anti-malware settings as threats emerge.

Abstract: A module configured in operation to connect to a host, the module including: a decryptor operable to decrypt an encrypted transport stream received from the host, the transport stream including content data and a decryption seed; a decryption key generator operable to extract the decryption seed from the transport stream and to generate a decryption key from the decryption key seed; and a secure channel generator operable to generate a secure channel between the module and the host, whereby the secure channel generator is further operable to provide the generated decryption key to the host over the secure channel.

Abstract: A method and a terminal device for making multi-system constraint of a specified permission in a digital rights. A rights object related to content object is obtained by an executing device. The specific permission descriptions of the rights object include system constraint descriptions of a plurality of systems of the same type. The executing device obtains a corresponding system information in the device according to the system constraint descriptions and compares the system information in the device with the system information in the system constraint descriptions, so as to judge whether there is any system permitted in system constraint descriptions. If yes, it determines to permit executing the specific permission for the content object; otherwise, it determines not to permit executing said specific permission for the content object.

Abstract: A method and system for utilizing the biometric factors reflected in the typing as a kind of physiological password, to create a rhythmic password specific to the user, and to authenticate based on the rhythmic password. The method includes providing an original training text to a user, receiving an input training text provided by the user according to the original training text, extracting rhythmic characteristic values between adjacent text units of the input training text, and generating a rhythmic password of the user based on the extracted rhythmic characteristic values between adjacent text units. The invention utilizes the rhythm of a user inputting text can bring multiple advantages, including enhanced security of the password, and saving the user's cost of memorizing the password.

Abstract: A system includes a memory configured to store executable code and a processor operably coupled to the memory. The processor is configured to execute the code to receive a request from a developer of a first web application to provide a notification corresponding to the first web application, authenticate the developer using a client identifier, after authenticating the developer, receive a content of the notification and a first user identifier, and provide the content of the notification to at least one of a plurality of computing devices associated with the first user identifier, based on an account associated with the first user identifier. The system syncs the notification and a plurality of computing devices associated with the first user identifier, based on the account.