Abstract: Methods and arrangements to launch trusted, distinct, co-existing environments are disclosed. Embodiments may launch trusted, distinct, co-existing environments in pre-OS space with high assurance. A hardware-enforced isolation scheme may isolate the partitions to facilitate storage and execution of code and data. In many embodiments, the system may launch a partition manager to establish embedded and main partitions. Embedded partitions may not be visible to the main OS and may host critical operations. A main partition may host a general-purpose OS and user applications, and may manage resources that are not assigned to the embedded partitions. Trustworthiness in the launch of the embedded partition is established by comparing integrity metrics for the runtime environment against integrity measurements of a trusted runtime environment for the embedded partition, e.g., by sealing a cryptographic key with the integrity metrics in a trusted platform module. Other embodiments are described and claimed.

Abstract: Context captured with sensors of an information handling system is applied to selectively lock access to currently unlocked information, with conditions for locking access based upon the context. Nervous states enforce locking of selected information based upon the confidence of the security of the information under sensed external conditions. Increased sensitivity for locking access includes reduced timeouts to a lock command, increased response to sensed conditions, and more rapid response where unlocked access is to sensitive information.

Abstract: In a font applying device on a client side in a computer system composed of the client and a server, an obfuscated font storing section stores an obfuscated font in which a character different from a character identified by the server based on a character code and having the same width of the character identified by the server is mapped to the character code. An obfuscated document receiving section receives an obfuscated document obtained by obfuscating document data as a result of converting the character code to a character code to which a character identified by the server based on the character code in the document data is mapped in the obfuscated font. A deobfuscation processing section identifies the character mapped in the obfuscated font to a character code included in the obfuscated document, and a display control section controls the display of the character.

Abstract: Methods for probabilistically expediting secure connections via connection parameter reuse are provided. In one aspect, a method includes determining whether a client had previously established a secure connection with a hostname. The method also includes obtaining a source identifier used by the client to establish the previous secure connection when it is determined that the client previously established the previous secure connection with the hostname. The method also includes sending a request to the hostname for a new secure connection based on the obtained source identifier. Systems and machine-readable media are also provided.

Abstract: A system for providing multiple levels of authentication before delivering private content to the client devices over the communications network. A product identifier on the physical product is scanned using a code reader/decoder in the client device to access or request private content from the server. The server receives the device identifier associated with the client device and the product identifier associated with the physical product from the client device over the communications network for authentication. The server processor transmits the requested content, preferably a webpage, to the client device if both the device identifier and the product identifier are authenticated by the server processor.

Abstract: Systems and methods of detecting copying of computer code or portions of computer code involve generating unique fingerprints from compiled computer binaries. The unique fingerprints are simplified representations of the compiled computer binaries and are compared with each other to identify similarities between the compiled computer binaries. Copying can be detected when there are sufficient similarities between at least portions of two compiled computer binaries.

Abstract: A method for improving the security of secret authentication data during authentication transactions is provided that includes converting the secret authentication data of a user into scrambled secret authentication data by associating a different text-string with each item of information included in the secret authentication data. The method also includes capturing the scrambled secret authentication data with a communications device, and conducting an authentication transaction with the captured authentication data.

Abstract: An apparatus having a first memory circuit, a plurality of arithmetic modules, and a plurality of second memory circuits. The first memory circuit may be configured to read or write data to or from a host. The plurality of arithmetic modules each may be configured to be enabled or disabled in response to control signals received from the first memory circuit. The plurality of second memory circuits may be configured to read or write data to or from the first memory circuit through a data exchange layer. The arithmetic modules provide cryptographic protection of the data.

Abstract: A data-streaming system facilitates establishing a bidirectional data stream over a content centric network (CCN). During operation, the system determines a first routable name prefix associated with a service provider to which the network device desires to establish the bidirectional streaming session. The system also generates a client stream name to provide to the service provider. The client stream name includes a second routable prefix to a local network device, and includes a client stream identifier for a first data stream from the service provider. The system then disseminates an Interest message whose name includes the first routable name prefix and the client stream name. After receiving a Content Object that includes the remote device's response, the system can then communicate with the service provider using a bidirectional stream over the CCN based on the client stream name and the provider stream name.

Abstract: A method and a system for defending against malware and a method for updating a filtering table thereof are provided. The method for defending against malware includes: receiving a network packet by an electronic device, which stores a filtering table; determining whether the network packet conforms to a specific filtering rule of the filtering table by the electronic device; if the network packet conforms to the specific filtering rule, performing a specific operation on the network packet by the electronic device according to the specific filtering rule; and if the network packet does not conform to the specific filtering rule, uploading characteristic information of the network packet to a malware analyzing device by the electronic device.

Abstract: Systems and methods for a user to personalize Internet content from an Internet service provider using selected policy applications. The policy applications may be discrete, single purpose applications. The system may be controlled from home gateways and remote devices.

Abstract: Detecting online attacks is described, including identifying one or more events associated with users on a social graph. For each type of event of the one or more events, generating at least one directed acyclic graph (DAG), where each node on the DAG represents a node on the social graph where an event of the type occurs and each edge on the DAG represents a propagation of the event from a first node of the edge to a second node of the edge.

Abstract: Embodiments are directed to systems, methods and computer program products for providing user authentication based on historical user patterns. Embodiments receive from a user, a request to execute a user action associated with an application, wherein execution of the user action requires validation of authentication credentials; collect a set of data comprising information related to usage patterns associated with the apparatus of the user; determine a user pattern score associated with the user; determine a level of authentication; determine which authentication types are associated with the level of authentication; request authentication credentials corresponding to the authentication types; receive authentication credentials from the user; validate the authentication credentials, thereby resulting in a successful validation of the authentication credentials; and, in response to the successful validation, execute the user action.

Abstract: A system and method for controlling a device. Data that was encrypted using a first encryption scheme is decrypted, then re-encrypted using a second encryption scheme. The re-encrypted data is then decrypted.

Abstract: Embodiments provide user authentication based on proximity to a close network of a user. Embodiments receive from a user a request to execute a user action associated with an application, wherein execution of the user action requires validation of one or more authentication credentials; collect a set of data comprising information related to a physical location of the user; determine a close network score associated with the user; determine a level of authentication associated with the close network score; determine which one or more authentication types are associated with the level of authentication associated with the close network score; request one or more authentication credentials corresponding to the determined one or more authentication types; receive credentials from the user; validate the credentials, thereby resulting in a successful validation of the credentials; and, in response to the successful validation of the credentials, execute the user action.

Abstract: Examples are disclosed for a first device to wirelessly dock to a second device. In some examples, a first device may receive identification from the second device for wirelessly docking. The first device may determine whether the second device is allowed to wirelessly dock and if allowed an authentication process may be implemented. The first device may then wirelessly dock to the second device based on a successful authentication. Other examples are described and claimed.

Abstract: A server receives, from a first client device associated with a first user, a certification request including information associated with an electronic document, along with a representation of a credential associated with a second user. The server validates the representation of the credential associated with the second user. Responsive to validating the representation of the credential, the server attaches a badge to the electronic document, the badge corresponding to the credential and providing a certification that the second user has witnessed the electronic document. The server stores information corresponding to the electronic document with the attached badge.

Abstract: Digital fingerprint generation logic executed by a client device includes quirk-exposing logic configured to expose behavioral differences between various system configurations of client devices. The digital fingerprint generation logic queries a remote client device for system configuration, and generates a digital fingerprint of the client device that includes a system configuration characteristic reported by the client device in response to the query. Results of execution of the quirk-exposing logic are compared to expected results that are specific to the reported system configuration. If the results of execution do not match the expected results, the digital fingerprint is determined to have been spoofed.

Abstract: The invention disclosed herein is an in-circuit security system for electronic devices. The in-circuit security system incorporates identity credential verification, secure data and instruction storage, and secure data transmission capabilities. It comprises a single semiconductor chip, and is secured using industry-established mechanisms for preventing information tampering or eavesdropping, such as the addition of oxygen reactive layers. This invention also incorporates means for establishing security settings, profiles, and responses for the in-circuit security system and enrolled individuals. The in-circuit security system can be used in a variety of electronic devices, including handheld computers, secure facility keys, vehicle operation/ignition systems, and digital rights management.

Abstract: System and method for creating a secure channel for inter-application communication based on the messaging system called Intents in the Android OS are disclosed. In one embodiment, an application for accessing a cloud-based storage platform triggers the broadcast of a custom Intent to all applications on a mobile device to detect an authorized application that is capable of interacting with the application. Once an authorized application is chosen, the application opens a secure channel for communication with the authorized application and passes encrypted data stream to the to the secure channel for access by the authorized application.