Abstract: A digital data signal, such as a digital video signal, is intentionally pre-distorted before being sent over a network. In one embodiment, this pre-distortion may be performed in accordance with a pre-distortion pattern or algorithm which is shared with only intended receivers. The pre-distortion pattern may be used to vary the pre-distortion on a periodic basis, as frequently as on a symbol-by-symbol basis. The pre-distortion function may include distorting the phase and/or the amplitude of the digital signal's modulation.

Abstract: A control unit controls execution of an instruction according to a decode result of an instruction code. A GRA register stores an access attribute for each of the plurality of general-purpose registers. A mode storage unit stores modes for controlling an operation of a CPU. When the control unit makes a request for access to the general-purpose register, register access allowance determining circuit determines whether the access to the general-purpose register in question is to be allowed or not, depending on the access attribute stored in the GRA register and the mode stored in the mode storage unit. Therefore, the number of the general-purpose registers used corresponding to the mode can be changed, and efficiency of use of the general-purpose registers can be optimized.

Abstract: A local content server system (LCS) for creating a secure environment for digital content is disclosed, which system comprises: a communications port in communication for connecting the LCS via a network to at least one Secure Electronic Content Distributor (SECD), which SECD is capable of storing a plurality of data sets, is capable of receiving a request to transfer at least one content data set, and is capable of transmitting the at least one content data set in a secured transmission; a rewritable storage medium whereby content received from outside the LCS may be stored and retrieved; a domain processor that imposes rules and procedures for content being transferred between the LCS and devices outside the LCS; and a programmable address module which can be programmed with an identification code uniquely associated with the LCS. The LCS is provided with rules and procedures for accepting and transmitting content data.

Abstract: A side channel attack utilizes information gained from the physical implementation of a cryptosystem. Software and hardware-based systems and methods for preventing side channel attacks are presented. Cryptographic hardware may introduce dummy operations to compensate for conditional math operations in certain functions such as modular exponentiation. Cryptographic hardware may also introduce random stalls of the data path to introduce alterations in the power profile for the operation. A cryptographic function may be mapped to a micro code sequence having a plurality of instructions. Firmware in the cryptosystem may alter the micro code sequence by altering the order of instructions, add dummy operations in the micro code sequence, break the micro code sequence into multiple sub micro code sequences and/or change the register location for source and destination operands used in the sequence. These alterations are designed to randomly change the timing and power profile of the requested function.

Abstract: A method and system for generating a log with location and accelerometer history and verifying the authenticity of the user based on the log. A stroke and capture module captures stroke data from a user. A location identifier module identifies the portable computing device's location. An accelerometer determines the portable computing device's acceleration. A logging module generates metadata that includes the location and accelerometer history. A verification module receives the location and the accelerometer history. The verification module determines the user's mode of transportation based on the accelerometer history. The location and the mode of transportation are compared with information from an authority. If the data matches, the verification authenticates the document.

Abstract: A system (and method) to update content of a secure area of a secure digital (SD) card is disclosed. The system performs a first authenticated key exchange to access the secure area of the secure digital memory. The system reads content from the secure area in response to successful performance of the first authenticated key exchange. The system modifies the content in a memory of a computer system. The system performs a second authenticated key exchange to access the secure area of the secure digital card in preparation to write to the secure area of the secure digital memory. The system then writes modified content to the secure area of the secure digital memory in response to successful performance of the second authenticated key exchange.

Abstract: Methods for automatically verifying and populating an encryption keystore are provided. Pursuant to these methods, the keystore may be automatically checked to determine if it is missing a required digital certificate; if so, the missing required digital certificate may be automatically inserted into the keystore. The methods may also include automatically obtaining the required digital certificates and a list of the required digital certificates, and automatically comparing the list of required digital certificates with the digital certificates in the keystore to determine if the keystore is missing a required digital certificate. The methods may further include sending an informational alert if a missing required digital certificate was automatically inserted into the keystore, and may include checking the keystore to determine if any required digital certificates have expired, will expire within a predetermined time period, or are inoperative.

Abstract: A Secure Non-autonomous Peering (SNAP) system includes a hierarchical digital watermarking scheme, a central licensing authority, licensed fabricators and assemblers.

Abstract: An improved technique involves converting facts from multiple fact sources to a common data format. Along these lines, for each fact source having a source-specific format, a KBA system provides an adaptor that converts incoming facts in the source-specific format to the common data format prior to generating questions. The KBA system stores the facts in the common format in a database for subsequent access. In response to an authorization request, the KBA system then builds questions based on the facts from multiple sources in the common data format stored in the database.

Abstract: The present application enables the enterprise to configure various policies to address various subsets of the traffic based on various information relating the client, the server, or the details and nature of the interactions between the client and the server. An intermediary deployed between clients and servers may establish an SSL VPN session between a client and a server. The intermediary may receiving a response from a server to a request of a client via the clientless SSL VPN session. The response may comprise one or more cookies. The intermediary may identify an access profile for the clientless SSL VPN session. The access profile may identify one or more policies for proxying cookies. The intermediary may determine, responsive to the one or more policies of the access profile, whether to proxy or bypass proxying for the client the one or more cookies.

Abstract: A system and method for verifying and/or geolocating network nodes in a network in attenuated environments for cyber and network security applications are disclosed. The system involves an origination network node, a destination network node, and at least one router network node. The origination network node is configured for transmitting a data packet downstream to the destination network node through at least one router network node. The data packet contains a header portion and a payload data portion. At least one of the network nodes is an enabled network node. The enabled network node(s) is configured to verify any of the network nodes that are located upstream from the enabled network node(s) by analyzing the header portion and/or the payload data portion of the data packet.

Abstract: A computer-implemented method for validating ownership of deduplicated data may include (1) identifying a request from a remote client to store a data object in a data store that already includes an instance of the data object, (2) in response to the request, verifying that the remote client possesses the data object by (i) issuing a randomized challenge to the remote client, the randomized challenge including a random value which, when combined with at least a portion of the data object, produces an authentication token demonstrating possession of the data object and, in response to the randomized challenge, (ii) receiving the authentication token from the remote client; and, in response to receiving the authentication token from the remote client, (3) storing the data object in the data store on behalf of the remote client. Various other methods and systems are also disclosed.

Abstract: In one aspect, a method of determining the protection that a remote computer has from malware includes receiving at a base computer, details of all or selected security products operating on a remote computer, receiving similar information from other remote computers, and identifying malware process that were not identified by the security products installed on the other remote computers and having a same or similar combination of security products installed on the remote computer.

Abstract: Methods and systems integrating sensitive or private data with cloud computing resources while mitigating security, privacy and confidentiality risks associated with cloud computing. In one embodiment, a computer network system includes a firewall separating a public portion of the computer network from an on-premises portion of the computer network, a database storing private data behind the firewall, and a user device connected with the computer network. The user device accesses an application hosted in the public portion of the computer network. In response, the application generates return information. The user device receives the return information and generates a request for private data based on at least a portion of the returned information. The request is transmitted to the database which generates a response including the requested private data. The response is transmitted in an encrypted form from the database via the computer network to the user device.

Abstract: Automatic file replication and scanning for malware in a sharing environment is based on detection of file system changes. Only one client of the multi-client environment needs to include malware protection software for all clients to benefit. A file replication service for each client monitors a shared directory, and synchronizes files across clients at the file system driver level. When a new file appears in the shared directory of a client system, through this driver, the new file automatically gets replicated. A malware protection component operates by monitoring the directory for new or modified files. File replication causes automatic malware scanning on the client that has protection. When the file has been cleaned and re-written to the directory, the replication service senses that the file has changed and replicates the cleaned file to the other clients. Thus, the replication behavior produces a multiparty file scanning and cleansing protection scheme.

Abstract: A hybrid system is provided. The system includes a computing device implementing a first application execution environment (AEE) and a second AEE. The first AEE is configured to be isolated from the second AEE. The first software application associated with the first AEE is configured to be processed on the first AEE such that the first software application is denied direct access to the second AEE. A second software application associated with the second AEE is configured to be processed on the second AEE such that the second software application is denied direct access to the first AEE.

Abstract: An authentication scheme for unlocking a computing system may require a shortened password in some cases. For example, the computing system may be configured to determine a time that a user has been locked out of a computing device and to determine which of a plurality of time spans that the time falls within. The computing system may also prompt the user for a required password including a full password or a subset of the full password depending on the determined time span. The computing system may be further configured to display a visual indicator corresponding to the determined time span or a required password length on a visual display. A length of the required password for login may be progressively longer for each of the plurality of time spans as a time period that a respective time span covers increases.

Abstract: A data storage architecture for networked access by clients includes a file server capable of communication with the clients via the network, physical storage organized as a plurality of logical volumes, and an encryption device in communication with both the file server and the physical storage. The encryption device is operable in response to signaling from the file server, including an indication of a range of blocks of data, to cause encryption of the range of blocks with an encryption key that is unique within the physical storage. The encryption device includes nested tables mapping block ranges to encryption keys. Consequently, undesirable key sharing across files, file systems, and other units can be avoided down to the block level.

Abstract: Embodiments of the inventions are generally directed to methods, apparatuses, and systems for the dynamic evaluation and delegation of network access control. In an embodiment, a platform includes a switch to control a network connection and an endpoint enforcement engine coupled with the switch. The endpoint enforcement engine may be capable of dynamically switching among a number of network access control modes responsive to an instruction received from the network connection.

Abstract: A system and machine-implemented method for providing access to one or more shared objects to a user participating in a collaboration session, including receiving a request from a user to receive access to one of one or more shared objects within a collaboration session, each shared object having a corresponding access control list including one or more authorized users having access to the shared object, determining whether the user has access to the one of the one or more shared objects by referencing the access control list in response to receiving the request and adding the user as an authorized user within the access control list for each of the one or more shared objects when it is determined that the user does not have access to the one of the one or more shared objects, such that the user is provided access to the one or more shared objects.