Abstract: Systems and methods for an SDN switch that provides service group chaining for sequentially serving multiple network security devices are provided. According to one embodiment, a packet received by the switch is processed by a first FPU based on a first set of rules and forwarded conditionally to a first security device. The packet is security processed, including dropping it or forwarding it to an egress port or forwarding it to a second FPU. When forwarded to the second FPU, the packet is processed based on a second set of rules by forwarding it to a second security device or dropping it or forwarding it to the egress port. When forwarded to the second security device, the packet is security processed, including dropping it or forwarding it to the egress port or conditionally forwarding it to a third FPU to be sequentially forwarded to a third security device.

Abstract: Video content is processed for delivery using an automated process that allows for convenient packaging of encrypted or digital rights management (DRM) protected content in a manner such that the packaged content can be efficiently stored in a content delivery network (CDN) or other content source for subsequent re-use by other media clients without re-packaging, and without excessive storage of unused content data.

Abstract: An electronic device and a method for operating the electronic device are provided. The electronic device includes a secure memory including at least one profile, a processor configured to generate profile extended information for each of the at least one profile, based on profile information, update the profile extended information based on network information obtained by a network search, a memory configured to store the profile extended information, and a communication interface configured to perform the network search.

Abstract: Methods, systems, and computer program products for vehicle wireless internet security are provided. A connection request is received from a mobile device. A data request is transmitted to the mobile device. The data request includes a request for location-based data of the mobile device. A first data is received from the mobile device that corresponds to the data request. A vehicle data is generated that comprises location-based data of the vehicle. A match between the first data and the vehicle data is determined. A match is determined where the location based data of the mobile device is with a pre-determined threshold of the location-based data of the vehicle.

Abstract: A system is provided in which a person may use a Cellular (Mobile) Telephone, a PDA or any other handheld computer to make a purchase. This is an example only. The process may entail any type of transaction which requires authentication, such as any financial transaction, any access control (to account information, etc.), and any physical access scenario such as doubling for a passport or an access key to a restricted area (office, vault, etc.). It may also be used to conduct remote transactions such as those conducted on the Internet (E-Commerce, account access, etc.). In the process, a multifactor authentication is used.

Abstract: The present disclosure includes methods and systems for measuring the integrity of a device. A number of embodiments can include initiating an observatory in a system and initiating a remote manager. A number of embodiments can also include measuring the integrity of the device from the observatory and accessing the integrity measurement of the device from the remote manager.

Abstract: Described herein is technology for enabling authentication of software instructions used in gaming machines. More specifically, the technology is directed to a situation where an electronic gaming machine operates based on two separate sets of software, being base data and game data.

Abstract: A method of delivering web distributed content is disclosed. A set of web distributed content is received by a proxy server. The set of web distributed content is divided by the proxy server into a plurality of portions. Additional security code is added to the plurality of portions to form a modified set of web distributed content. The additional security code detects unauthorized modification of the modified set of web distributed content, wherein at least a portion of the modified set of web distributed content is different for different intended users of the set of web distributed content. The modified set of web distributed content is delivered by the proxy server to an intended user.

Abstract: Systems and methods for security hardening of a file in transit and at rest via segmentation, shuffling and multi-key encryption are presented. The method including segmenting at a first computer system a file into a plurality of file segments, and encrypting the plurality of file segments using a plurality of encryption keys in order to generate a corresponding plurality of encrypted file segments, wherein each file segment of the plurality of file segments is encrypted using a respective encryption key of the plurality of encryption keys. Additionally included is bidirectional data transformation of a file by obfuscating at a first computer system digital values of the file in order to generate corresponding obfuscated digital values of the file, wherein the obfuscated digital values of the file retain their contextual integrity and referential integrity.

Abstract: This disclosure relates to systems and methods for managing connected devices and associated network connections. In certain embodiments, trust, privacy, safety, and/or security of information communicated between connected devices may be established in part through use of security associations and/or shared group tokens. In some embodiments, these security associations may be used to form an explicit private network associated with the user. A user may add and/or manage devices included in the explicit private network through management of various security associations associated with the network's constituent devices.

Abstract: A Bluetooth key apparatus is provided. The apparatus comprises a control unit; a Bluetooth locking device connected with the control unit; and a Bluetooth unlocking device connected with the control unit. After setting, the Bluetooth unlocking device and the Bluetooth locking device are specifically grouped for handshake communication. After waking up the Bluetooth locking device, the Bluetooth unlocking device receives a password provided by the Bluetooth locking device; and, after the Bluetooth unlocking device inputs the password, the Bluetooth locking device is unlocked. Thus, the present invention effectively enhances anti-theft, distributes key remotely, manages key databases and prevents password from leaking.

Abstract: Various techniques for detection of malware that attempt to exploit a memory allocation vulnerability are disclosed. In some embodiments, a system, process, and/or computer program product for detecting an attempt to exploit a memory allocation vulnerability includes receiving a malware sample; monitoring an array operation performed by the malware sample using a memory monitoring component; and determining whether the array operation performed by the malware sample is suspicious. For example, an array operation, such as a vector operation performed by an application that is executed using an ActionScript virtual machine, can be monitored to detect any suspicious vector operations.

Abstract: Embodiments of the present invention disclose a method, computer program product, and system for data obfuscation and right-protection. An initial matrix Xi, represents the initial data set of the application and final matrix Xf is obtained from Xi. The final matrix Xf is obtained by performing one of the following operations Xf=(P(Xi)+E)F; Xf=P(Xi)F+E; and Xf=P(XiF)+E. Where P(.) is a projection operator that projects an input initial matrix in a space having a lower dimension than the input matrix, E represents a noise matrix, and F represents a matrix as a perturbation series. The matrix F is represented as a perturbation series, whose leading term is the identity matrix I, one or more higher-order terms of the perturbation series embedding a secret, multiplicative noise, so as for a matrix multiplied by the matrix F is right-protected.

Abstract: Methods, systems, and computer program products for vehicle wireless internet security are provided. A connection request is received from a mobile device. A data request is transmitted to the mobile device. The data request includes a request for location-based data of the mobile device. A first data is received from the mobile device that corresponds to the data request. A vehicle data is generated that comprises location-based data of the vehicle. A match between the first data and the vehicle data is determined. A match is determined where the location based data of the mobile device is with a pre-determined threshold of the location-based data of the vehicle.

Abstract: A method is provided for producing cryptographic keys, while a vehicle is in operation, for use in secure vehicle communications. The method may include obtaining unique entropy data from an entropy source based on dynamically changing, transient variables related to the operation of the vehicle, optionally in a driving mode. The method may include seeding a random number generator with the unique entropy data to generate at least one random number. A plurality of cryptographic keys are generated based on the at least one random number. A secure communication exchange may be established using the plurality of cryptographic keys. A non-transitory computer-readable medium is also provided having instructions embodied thereon that, when executed by a processor, perform the above operations as an algorithm in a vehicle.

Abstract: Systems and techniques are provided for controlling requests for resources from remote computers. A remote computer's ability to access a resource is determined based upon the computer's operating environment. The computer or computers responsible for controlling access to a resource will interrogate the remote computer to ascertain its operating environment. The computer or computers responsible for controlling access to a resource may, for example, download one or more interrogator agents onto the remote computer to determine its operating environment. Based upon the interrogation results, the computer or computers responsible for controlling access to a resource will control the remote computer's access to the requested resource.

Abstract: Techniques for informing a user about an agreement including agreement terms and trustworthiness of data source are described herein. In some examples, a processor receives agreement document data while the data is in route to a client device. A system receives network sources and content data of the agreement document. The network sources are to be processed by the processor with traffic analytics, and the content data is to be processed with text analytics. The output of these analytics is used to generate an agreement risk event for delivery to the client device with the original agreement document data.

Abstract: Techniques for informing a user about an agreement including agreement terms and trustworthiness of data source are described herein. In some examples, a processor receives agreement document data while the data is in route to a client device. A system receives network sources and content data of the agreement document. The network sources are to be processed by the processor with traffic analytics, and the content data is to be processed with text analytics. The output of these analytics is used to generate an agreement risk event for delivery to the client device with the original agreement document data.

Abstract: Embodiments of the present application relate to a method, a system, and a computer program product for authenticating a service. A method for authenticating a service is provided. The method includes receiving a first service request from a first terminal, generating a first link address that is used to link to an access location based on the received first service request, determining a preset terminal identifier corresponding to a second terminal, the preset terminal identifier being a terminal identifier preset by the user, sending the first link address to the second terminal, receiving a first link request, determining an issued terminal identifier based on the first link request, comparing the determined issued terminal identifier with the preset terminal identifier of the second terminal, and performing a next processing operation on the first service request based on the comparison result.

Abstract: A cloud storage system supporting user agnostic encryption and deduplication of encrypted files is described. Further the cloud storage system enables users to share a file, a group of files, or an entire file system with other users without a user sending each file to the other users. The cloud storage system further allows a client device to minimize the utilization of bandwidth by determining whether the encrypted data to transfer is already present in the cloud storage system. Further the cloud storage system comprises mechanisms for a client device to inform the cloud storage system of which data is likely to be required in the future so that the cloud storage system can make that data available with less latency one the client device requests the data.