Abstract: This specification describes technologies relating to imparting cryptographic information in network communications.

Abstract: This disclosure details the implementation of apparatuses, methods and systems of an application security management platform (hereinafter, “ASMP”). ASMP systems may, in one embodiment, implement a live platform on a computerized system, whereby the platform may receive security data associated with a running application from multiple security tacking systems, evaluate the security performance of the application, generate an application security summary report for review and manage review processes for security professionals.

Abstract: A wearable video recording system with time-bracketed authentication is provided and includes a article, including a spine, wearable by a user, a recording device, supported on the spine, to generate a recording of a scene, an affecter subsystem, supported on the spine, to influence the scene being recorded with unpredictable data and an untrusted controller coupled to the recording device and the affecter subsystem, the untrusted controller being receptive of the unpredictable data, which the untrusted controller communicates to the affecter subsystem, and being configured to transmit at least hashed digests of the recording to one or more repositories.

Abstract: A computer or microchip configured to be securely controlled through a secure control bus, including through a private network. The computer or microchip includes a secure private unit protected by an inner hardware-based access barrier or firewall; an unprotected public unit including at least one network connection configured to connect to a network; a separate private network connection located in the secure private unit; a microprocessor, core or processing unit configured for general purposes located in the unprotected public unit and separate from the access barrier or firewall; a secure control bus isolated from input from both the network and components of the unprotected public unit; and a master controlling device in the private unit being configured for securely controlling an operation executed by the microprocessor, core or processing unit via a connection to the secure control bus, including through the separate private network to the separate private network connection.

Abstract: A system and method for enabling a user to retrieve, decode, and utilize hidden data embedded in audio signals. An exemplary implementation includes a microphone structured to receive sound waves representative of an audio signal and hidden data embedded in the audio signal. The then microphone converts the received sound waves into an electrical output signal. The system also includes a processor electrically coupled to the microphone and configured to receive the electrical output signal in order to extract the hidden data and provide information represented by the hidden data as an output thereof. A user interface is also provided and is electrically coupled to the processor and configured to receive a first input from the user and activate the processor to selectively initiate extraction of the hidden data. The processor produces as an output the information represented by the hidden data. Finally, the system includes a user presentation mechanism configured to present the information to the user.

Abstract: Apparatus, systems, and methods may operate to receive from a requesting device, at a memory device, a request to access a memory domain associated with the memory device, and to deny, by the memory device, the request if the memory domain comprises any part of a secure domain, and the requesting device has not asserted a secure transfer indication. Additional operations may include granting the request if the memory domain comprises some part of the secure domain and the requesting device has asserted the secure transfer signal, or if the memory domain comprises only a non-secure domain. Additional apparatus, systems, and methods are disclosed.

Abstract: A content usage control apparatus prevents a content managed by an end user from being illegally used. To prevent a content from being used by an apparatus or user other than an authorized apparatus or user, a content usage control apparatus registers the authorized apparatus or user and determines, before providing the content, whether the content is going to be provided to the authorized apparatus or user. The content usage control apparatus also has the capability of imposing a limitation on rewriting of registration. The above-described capabilities of the content usage control apparatus make it possible to protect copyright of information to be provided. A specific example of the content usage control apparatus is a server which stores contents such as movie contents or music contents, and may be used in a system in which a content is provided in response to a request from a client such as a portable telephone, a TV set, or a personal computer, connected to the server.

Abstract: A request to receive multicast data, associated with a multicast group, may be transmitted. The request may be transmitted via a tunnel. Group keys may be received in response to the request. The group keys may be based on the multicast group. An encapsulated packet may be received via another tunnel. The encapsulated packet may be processed, using the group keys, to obtain a multicast packet associated with the multicast data. The multicast packet may be forwarded to at least one multicast recipient.

Abstract: A method performed by a network device may include generating and storing a first public key and a first private key in a first device, transmitting a serial number and the first public key from the first device to a second device, generating, by the second device, a second public key and a second private key, transmitting the second public key from the second device to the first device and transmitting the serial number, the first public key, the second public key and the second private key to a third device, establishing and authenticating a connection between the first device and the third device using the first public key and the second public key and transmitting encrypted configuration information with the two key pairs from the third device to the first device.

Abstract: An apparatus and method for detecting an obfuscated malicious web page are provided to find a malicious web page by deobfuscating an obfuscated malicious code. The apparatus includes an obfuscated code detector that detects whether an obfuscated code is included in a source code of a web page, a deobfuscation function inserter that reconfigures the source code by inserting a function for deobfuscating the obfuscated code into the source code, a deobfuscator that is called by the function inserted into the reconfigured source code and deobfuscates the obfuscated code, and a malicious code detector that detects a malicious code using the deobfuscated code.

Abstract: Systems and methods are described herein for enabling users to select from available secure service providers (each having a Trusted Service Manager (“TSM”)) for provisioning applications and services on a secure element installed on a device of the user. The device includes a service provider selector (“SPS”) module that provides a user interface for selecting the secure service provider. In one embodiment, the SPS communicates with a key escrow service that maintains cryptographic keys for the secure element and distributes the keys to the user selected secure service provider. The key escrow service also revokes the keys from deselected secure service providers. In another embodiment, the SPS communicates with a central TSM that provisions applications and service on behalf of the user selected secure service provider. The central TSM serves as a proxy between the secure service providers and the secure element.

Abstract: An anchoring method for generating an XPath expression. The method can include identifying a stable anchor in the transcodable markup along an axis shared by the selected node. An XPath expression can be generated for the stable anchor. Subsequently, an offset between the stable anchor and the selected node can be computed. Finally, the XPath expression for the stable anchor and the offset can be concatenated, the concatenation forming the XPath expression for the selected node.

Abstract: A method for simulation aided security event management, the method includes: generating attack simulation information that comprises multiple simulation data items of at least one data item type out of vulnerability instances data items, attack step data items and attack simulation scope data items; wherein the generating of attack simulation information is responsive to a network model, at least one attack starting point and attack action information; identifying security events in response to a correlation between simulation data items and event data; and prioritizing identified security events.

Abstract: An approach is provided for securely storing sensitive data. A system is provided that includes a central device configured to receive a key from a requester, to obtain a new key associated with the key, and to transmit the new key to the requestor, and a storage device for storing the new key in association with the key. Also, a secure system is provided that includes a parsing unit that parses an actual data value into a first data field and a second data field, a key generation unit that generates a key, a first process that transmits the key to a central manager and receives a new key associated with the key from the central manager, and at least one storage device configured to store the first data field in association with the key, and to store the second data field in association with the new key.

Abstract: The present invention provides a processor-implemented method and system of updating an operating system of a computer system, where the operating system is subject to a system lockdown that does not allow changes to a list of approved executables of the operating system and that does not allow changes to a base system configuration of the operating system. In an exemplary embodiment, the method and system include, (1) identifying at least one trusted updater process in the operating system and (2) allowing the trusted updater process to make at least one change to the list of approved executables. In an exemplary embodiment, the method and system include, (1) identifying at least one trusted updater process in the operating system and (2) allowing the trusted updater process to make at least one change to the base system configuration.

Abstract: Incremental scanning of files for malicious codes. A file may be scanned for malicious codes in a first scanning instance in a client computer using a pattern of malicious code signatures. Thereafter, an update to the pattern for generating an updated pattern is received in the client computer. A delta pattern may be generated based on a difference between the pattern and the updated pattern. In a second scanning instance, the file may be rescanned using the delta pattern.

Abstract: A computer-implemented method for securely deduplicating data owned by multiple entities may include identifying a plurality of data segments to store on a third-party storage system and, for each data segment: 1) identifying a hash of the data segment, 2) transmitting the hash of the data segment to a central server, 3) receiving an encrypted string that is based on the hash of the data segment from the central server, 4) encrypting the data segment with the encrypted string, and 5) transferring the encrypted data segment to the third-party storage system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A device includes a first memory unit adapted to store encrypted instructions, a processor adapted to execute decrypted instructions, a second memory unit accessible by the processor, and a decryption unit. The device includes a key database and a key selection circuit, wherein the key selection circuit is adapted to select a selected decryption key from the key database for decrypting encrypted instructions. The selection is responsive to a fixed selection information stored within the integrated circuit and to received key selection information. A method includes a stage of receiving encrypted instructions; and executing decrypted instructions by a processor. The method includes receiving key selection information, selecting a selected decryption key out of a key database in response to fixed selection information and to the received key selection information, and decrypting encrypted instructions using the selected decryption key.

Abstract: Provided is a digital cable system and method for protecting a secure micro (SM) client, and more particularly, a digital cable system and method for protecting an SM program that can improve the security of an SM program through authentication of a host and integrity verification of the SM program. A method of protecting an SM program includes: receiving host authentication information associated with a host from a trusted authority; verifying validity of the secure micro program based on the host authentication information; and sending, to an authentication proxy, a HostStateInformation message that includes host state information associated with validity verification information of the SM program.

Abstract: A method for protection of data includes maintaining a control parameter indicative of a current version of the data. The data is partitioned into multiple segments. Respective signatures of the segments are computed, responsively to the control parameter, the segments and respective signatures forming respective signed input segments, which are stored in a memory. After the signed input segments are stored, a signed output segment is fetched from the memory. The signature of the signed output segment is verified responsively to the control parameter, and the data in the signed output segment is processed responsively to verifying the signature.