Abstract: To protect customer data and provide increased workflow security for processing requested by a customer, a secure communicational channel can be established between a customer and one or more hardware accelerators such that even processes executing on a host computing device hosting such hardware accelerators are excluded from the secure communicational channel. An encrypted bitstream is provided to hardware accelerators and the hardware accelerators obtain therefrom cryptographic information supporting the secure communicational channel with the customer. Such cryptographic information is stored and used exclusively from within the hardware accelerator, rendering it inaccessible to processes executing on a host computing device. The cryptographic information can be a shared secret, an appropriate one of a pair of cryptographic keys, or other like cryptographic information.

Abstract: A method having the steps of obtaining temporal information communicated to a first device; carrying out one or more of the following tests: a test to determine whether the first device is in a state following an initial operation, a battery replacement or other power outage, or a reset, a test to determine whether a deviation between temporal information of the clock and the communicated temporal information is less than or equal to a threshold which is specified, and a test to determine whether the communicated temporal information has the same date as the temporal information of the clock; and synchronizing the clock using the communicated temporal information if all of one or more defined conditions are satisfied, wherein one of the one or more conditions requires that at least one of the one or more tests carried out has a positive result.

Abstract: Protecting data is disclosed, including: analyzing, using one or more processors, a set of scripting resource source data to determine a plurality of semantic units; determining a tree-structured source data based at least in part on mapping values of the plurality of semantic units to respective ones of a plurality of semantic structures; selecting an obfuscation strategy to apply to the tree-structured source data, wherein the selected obfuscation strategy includes one or more obfuscation techniques; determining an obfuscated tree-structured source data based at least in part by applying the selected obfuscation strategy to the tree-structured source data; and converting the obfuscated tree-structured source data into a set of obfuscated scripting resource source data.

Abstract: An anti-cheating system may comprise a combination of a modified environment, such as a modified operating system, in conjunction with a trusted external entity to verify that the modified environment is running on a particular device. The modified environment may be may be modified in a particular manner to create a restricted environment as compared with an original environment which is replaced by the modified environment. The modifications to the modified environment may comprise alternations to the original environment to, for example, detect and/or prevent changes to the hardware and/or software intended to allow cheating or undesirable user behavior.

Abstract: A service receives a request from a user of a group of users to perform one or more operations requiring group authentication in order for the operations to be performed. In response, the service provides a first user of the group with a musical seed and an ordering of the group of users. Each user of the group applies a transformation algorithm to the seed to create an authentication claim. The service receives this claim and determines, based at least in part on the ordering of the group of users, an ordered set of transformations, which are used to create a reference audio signal. If the received claim matches the reference audio signal, the service enables performance of the requested one or more operations.

Abstract: Methods and systems for facilitating communications between user computing devices and online entities (such as web sites, advertisers, and/or advertising networks or exchanges), and safeguarding user identifiable information and ad targeting data from those entities are provided. Communications sent from user computing devices and directed to the entities are intercepted, and those communications are processed to encrypt, or otherwise remove, user identifiable information therein. The processed communications are transmitted to the intended entities, targeting data calls are received from those entities for ad targeting data associated with users of those computing devices, and at least a portion of such ad targeting data is provided to the entities when certain predefined conditions are met.

Abstract: An apparatus for providing an improved content protecting and packaging system for protecting content may include an extractor for extracting a content package into a plurality of content segments including a first portion and a second portion. An enveloper may envelop each of the content segments in the first portion separately to thereby create one or more protected content segments. Further, a packager may package the protected content segments with the second portion of the content segments into a protected content package, which may then be uploaded to a distributor for distribution to user terminals. A corresponding method and computer program product are also provided.

Abstract: Disclosed is a storage device reader for interfacing a storage device and a user terminal, which includes a storage unit and a control unit. The data storage unit stores reader recognition information uniquely assigned to the storage device reader. The control unit retrieves reader recognition information stored in the storage device, determines whether or not the retrieved reader recognition information matches reader recognition information stored in the data storage unit, and transferring a file list stored in the storage device to the user terminal if the retrieved reader recognition information matches the stored reader recognition information.

Abstract: In a case where a processing request corresponding to an instruction transmitted from a data processing apparatus is accepted from an external apparatus, an appropriate processing based on a processing request corresponding to an instruction made by a user who operates the data processing apparatus is performed.

Abstract: A virtual hard disk drive containing a guest operating system is bound to a source computing device through encryption. When the virtual hard drive is moved to a difference computing device, a virtual machine manager instantiates a virtual machine and causing the virtual machine to boot the operating system from the virtual hard disk drive. Because the guest operating system is encrypted by an encryption device on a source computing device, the virtual machine causing the decryption of the guest operating system with a copy of the key. The virtual hard disk is bound to the target computing device through encryption based on a hardware on the target computing device.

Abstract: A first time software is loaded for execution by a device, the software stored in non-secure storage is authenticated. Authenticating the software may involve a cryptographic operation over the software and a digital signature of the software. A verification tag may be generated for the software if authentication of the software is successful, the verification tag based on the software and at least a device-specific secret data. The verification tag may be stored within the device. Each subsequent time the software is loaded for execution it may be verified (not authenticated) by using the verification tag to confirm that the software being loaded is the same as the one used to generate the verification tag while avoiding authentication of the software.

Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.

Abstract: Providing a challenge response test associated with a computer resource includes generating a challenge response test image including providing a first substantially well-formed image, including a first masked image having a visible portion entirely composed of portions of a first well-formed image, and a first plurality of image elements; and providing at least one ill-formed image, each at least one ill-formed image including a second masked image having at least one first ill-formed portion.

Abstract: System and method for determining, by a security application, whether an examined software code is a malware, according to which the system detects whenever the examined process code performs system calls and further detects a call site. Pieces of code in the surrounding area of the site and/or in branches related to the site are analyzed and the properties of the analyzed pieces of code are compared with a predefined software code patterns, for determining whether the examined process code corresponds to one of the predefined software code patterns. Then the examined process code is classified according to the comparison results.

Abstract: A method and computing system for receiving, on a computing device, an access request from an application executing within an operating environment. The access request requests access to data associated with the operating environment. One or more temporal access options are presented to a user in response to the access request. A selected temporal access option is received from the user, chosen from the one or more temporal access options. Temporal access rights are granted to the application based, at least in part, upon the selected temporal access option.

Abstract: The gathering of content (such as a file) from a variety of different sources. Rather than provide the whole content, a given one of the sources instead provides only a portion of the information represented by the content. The source also provides a share of, but not the entirety of, the shared secret that will be used to decode. For instance, in one embodiment, the source might encode only a portion of the content using the shared key, and then transmit the encoded portion. As an alternative, the source might encode the entire content, and then transmit a portion of that encoded content. Thus, the transmitter has security with their private content, while still allowing widely available content to be transferred for the benefit of the greater whole.

Abstract: Provided is adaptive authentication that utilizes relational analysis, sentiment analysis, or both relational analysis and sentiment analysis to facilitate an authentication procedure. The relational analysis evaluates a transactional profile and a behavioral profile of the user. The sentiment analysis evaluates available user information that is obtained from various forms of Internet activity related to the user. A level of authentication is selectively modified based on a result of the relational analysis and/or the sentiment analysis.

Abstract: A computing system includes: a control unit configured to: determine a protocol profile including a first protocol and a second protocol for communicating between a first device and a second device, generate a unified-protocol privacy mechanism for a privacy protection scenario, the unified-protocol privacy mechanism based on combining the first protocol and the second protocol; and a communication unit, coupled to the control unit, configured to communicate content information according to the unified-protocol privacy mechanism between the first device and the second device.

Abstract: A method of managing keys and an electronic device adapted to the method are provided. The method includes creating a first key, based on information included in a memory space of a processor, creating a second key, based on at least one item of user information, and creating a third key that was created through at least one encryption process, based on the created first key and the created second key.

Abstract: Systems, methods, computer readable media and articles of manufacture consistent with innovations herein are directed to computer virtualization, computer security and/or data isolation. According to some illustrative implementations, innovations herein may utilize and/or involve a separation kernel hypervisor which may include the use of a guest operating system virtual machine protection domain, a virtualization assistance layer, and/or a rootkit defense mechanism (which may be proximate in temporal and/or spatial locality to malicious code, but isolated from it), inter alia, for detection and/or prevention of malicious code, for example, in a manner/context that is isolated and not able to be corrupted, detected, prevented, bypassed, and/or otherwise affected by the malicious code.