Abstract: A user of a client device that is protected by a firewall may navigate to a website using a particular browser process (e.g., a window/tab of a browser) of the client device, sending a content request toward a web content server in the process. The firewall may intercept the content request, and may also receive information from the client device identifying which browser process initiated the content request. Before passing the content request to the appropriate web content server, the firewall may request and download a security policy from a security policy server. The security policy may notify the firewall which hosts are authorized/unauthorized for use with a particular domain, and which file types from each of these hosts are authorized/unauthorized for use with the particular domain. The firewall may then filter content related to the identified browser process based on the security policy.

Abstract: An encryption method for packaging, encrypting, and transmitting a plurality of contents included in a web application to a communication device, the encryption method includes: acquiring performance information relating to performance of the communication device; determining, by circuitry, an encryption algorithm to be applied to each of the plurality of contents, based on the performance information; performing first encryption processing on the plurality of contents using the encryption algorithm respectively; performing second encryption processing on identification information that identifies the encryption algorithm used for the plurality of contents respectively; packaging encrypted contents and encrypted identification information, the encrypted identification information being stored in a location specified by the communication device; and transmitting the encrypted contents and the encrypted identification information, which are packaged, to the communication device.

Abstract: In an embodiment, a processor includes: at least one core to execute instructions; a cache memory coupled to the at least one core to store data; and a tracker cache memory coupled to the at least one core. The tracker cache memory includes entries to store an integrity value associated with a data block to be written to a memory coupled to the processor. Other embodiments are described and claimed.

Abstract: A system and method for transmitting user credentials to another device. According to some embodiments, a method is described of receiving into a first portable electronic device a set of credentials from a user, the set of credentials to include a WLAN SSID and a network key, the set of credentials to allow the first device to connect to the WLAN. The set of credentials is used to connect the first device to the WLAN. The first device creates a message for wireless transmission, the message includes the set of credentials for accessing the WLAN and is adapted to be delivered to a second device. Finally, the first device transmits the message over the air, wherein the message is addressed to the second device. The second device receives the message and uses the credentials in the message to connect to the WLAN. Other embodiments are also described.

Abstract: A method is disclosed of embedding a GPS location of a host device in an IPv6 address using IPv6 Neighbor Discovery, the method includes sending a neighbor solicitation request having a Global Positioning System (GPS) option from a first host device to an IPv6 server via an IPv6 communication network, the GPS option providing GPS information of the first host device; receiving the neighbor solicitation request having the GPS option on the IPv6 server, the IPv6 server configured to capture the neighbor solicitation request and create an IPv6 address with GPS information for the first host device; sending a neighbor discovery advertisement from the IPv6 server to the first host device; receiving the neighbor discovery advertisement and returning a solicit, request and renew message to the IPv6 server; and returning a reply message to the first host device with the IPv6 address with the GPS information.

Abstract: A personal media system implemented as a tuple service allows remote access, selection, authorization, and transmission of personal media stored in a collection on a home network across a network to a guest network. A mobile client device enables browsing/searching for content, shows media players within a domain, finds a media player within a domain for a given media type, gets a media object, and renders a media object on a given media player within a domain. Each gateway has an agent that registers to the server and responds to commands from the server. The server acts as a hub for moving digital content objects between domains, provides media services on behalf of domains (e.g., transcoding, proxy streaming, etc.), provides a web interface to mobile client devices for control over user domains, sends commands to the personal media agents, and creates an accessible set of domains for a user.

Abstract: A trust relationship is established at a first network connected device between the first network connected device and a second network connected device. A communication session is established between the first network connected device and a third network connected device, wherein the third network connected device lacks a trust relationship with the second network connected device. A message is sent from the first network connected device to establish a communication session between the third network connected device and the second network connected device based on the trust relationship between the first network connected device and the second network connected device.

Abstract: A system, method and computer readable device are described herein. A plurality of packets are received at a data streaming device, from a computing device; the packets including authentication information for gaining access to a local network. The MAC address of the computing device with a MAC address of a data streaming device in the header of the packets. The authentication information including the MAC address of the data streaming device to a server. An authentication to access the local network is received from the server.

Abstract: Disclosed herein are techniques for use in fraud detection. In one embodiment, the techniques comprise a method. The method comprises receiving an encrypted current location associated with a user. The method also comprises obtaining an encrypted historical location associated with the user and an encrypted location sensitivity metric that relates to a distance within which locations are considered to be the same. The method further comprises performing an authentication operation based on the encrypted current location, the encrypted historical location and the encrypted location sensitivity metric.

Abstract: A method of detecting a content desired to be detected includes receiving electronic data at a first host, determining a checksum value using the received electronic data, sending the checksum value to a processing station, the processing station being a second host that is different from the first host, and receiving a result from the processing station, the result indicating whether the electronic data is associated with a content desired to be detected. A method of detecting a content desired to be detected includes receiving electronic data at a receiving station, and determining whether the received electronic data is associated with a content desired to be detected, wherein the receiving station does not include content detection data for identifying the content desired to be detected.

Abstract: In one embodiment, a first computing device receives an access token from a second computing device, the access token being generated by the second computing device for a specific software application executing on a specific computing device; stores the access token; receives a request for the access token from a software application executing on a third computing device; verifies whether the software application is the same as the specific software application and the third computing device is the same as the specific computing device for which the access token is generated; and sends the access token to the third computing device only when the software application is the same as the specific software application and the third computing device is the same as the specific computing device for which the access token is generated.

Abstract: Embodiments of the present invention relate to providing encrypted content to authorized content consumers while providing robust traitor tracing. In some embodiments, at least one device key is read. A key block is read. A media key precursor is determined from the key block and the at least one device key. At least one encrypted block key is read. A block master key is determined from the media key precursor. A security program is executed to determine a decrypted block key from the media key precursor, the block master key, and the encrypted block key. The decrypted block key is provided for application to the encrypted content to obtain decrypted content.

Abstract: Various embodiments are generally directed to techniques to form and maintain secure communications among two or more body-carried devices disposed in close proximity to the body of a person to form a body area network (BAN). An apparatus to establish secure communications includes a processor component; a signal component for execution by the processor component to compare a signal characteristic of a security test signal to a known signal characteristic of the security test signal to derive a bioelectric characteristic, the security test signal received via a tissue; and a bioelectric component for execution by the processor component to determine whether to allow transmission of data through the tissue based on the bioelectric characteristic. Other embodiments are described and claimed.

Abstract: A method executes at an authentication server. The method receives a request from a shared user device. The request seeks access to personal information that is associated with a user and stored at a resource server. The method receives access authentication information from a personal user device and creates an access token that grants access privileges to the personal information associated with the user. The method provides the access token to the shared user device. The method receives from the personal user device a command to revoke access privileges associated with the access token. When the method receives a validation request from the resource server, including the access token, the method determines that access privileges associated with the access token have been revoked. The method then notifies the resource server that the validation request failed, thereby preventing access to the personal information by the shared user device.

Abstract: A method for detecting beaconing behavior includes preprocessing network records to identify candidate source and destination pairs for detecting beaconing behavior, where each source and destination pair is associated with a specific time interval in a plurality of time intervals forming a time range, the time interval and time range having been predefined. The activity time interval information is converted from the time domain into the frequency domain. Candidate frequencies are determined from the source and destination pairs, as likely candidate frequencies/periodicities of beaconing activities.

Abstract: An imaging system may output embedded data in an output frame. Selected bits of pixel data words, corresponding to data read out from imaging pixels and non-imaging pixels, may be modified to correspond to bits of embedded data. Modifying pixel data words may include receiving a pixel data word and decatenating the pixel data words into fragments of the data word. A first fragment may correspond to bits of the data word that are replaced by embedded data bits output from an embedded data engine. A second fragment may be modified using arithmetic circuitry based on whether the embedded data bits that replace the first fragment are the same as bits of the first fragment. An output data word may be produced that includes embedded data bits at its least significant bits, most significant bits, or intermediate bits.

Abstract: According to one exemplary embodiment, a method for load balancing between a virtual component within a virtual environment and a Host Intrusion Prevention System (HIPS) is provided. The method may include receiving a trusted connection table from the HIPS, wherein the trusted connection table contains a plurality of trusted connection information. The method may also include receiving a network packet from a virtual switch, wherein the network packet has a plurality of connection information. The method may then include determining if the plurality of connection information matches the plurality of trusted connection information. The method may further include sending the network packet to a destination based on determining that the plurality of connection information matches the plurality of trusted connection information.

Abstract: An authentication technique with a teaching phase and authentication phase. In the teaching phase, authentication information is collected for a user in at least two categories, wherein one category relates to measurable physical characteristics of the user, another category relates to communication resources available to the user; and a third category relates to knowledge possessed by the user. In the authentication phase, some of the collected authentication information is used to formulate challenge(s) for presentation to the user. Response(s) to the formulated challenge(s) is/are received from the user and correctness of the received response is determined based at least partially on comparison with at least a portion of the collected authentication information. A correctness metric is calculated for the response(s). The user is authenticated if the correctness metric meets or exceeds a first threshold value.

Abstract: The invention provides a computer-implemented authentication method comprising the step of enabling a user to input an identifier (e.g. a PIN) into an electronic device having a screen and a keypad operable within a keypad zone of the screen; by operating at least one key of the keypad via an image of at least part of a scrambled keypad which is displayed at least partially within the keypad zone. The user's operation of the keypad key via the image generates an encoded version of the user's intended input. In one sense the invention can be perceived as superimposing a non-functional image of a scrambled keyboard over an underlying, functional keypad. The image may be any type of electronic image, and may include a video image. The invention is particularly suited for use with, but not limited to, mobile phones, tablet computer, PCs etc. It can be implemented in any system wherein a user's identity must be verified before access is granted to a controlled resource.

Abstract: A cryptographic device performs modular addition between a first integer value x and a second integer value y in a processor by: obtaining a first masked input {circumflex over (x)}, a second masked input ?, a first mask rx and a second mask ry, the first masked input {circumflex over (x)} resulting from the first integer value x masked by the first mask rx and the second masked input ? resulting from the second integer value y masked by the second mask ry; computing a first iteration masked carry value ?1, using the first masked input {circumflex over (x)}, the second masked input ?, the first mask rx, the second mask ry and a carry mask value ?; recursively updating the masked carry value ?i to obtain a final masked carry value ?k?1, wherein the masked carry value is updated using the first masked input {circumflex over (x)}, the second masked input ?, the first mask rx, the second mask ry, and the carry mask value ?; combining the first masked input {circumflex over (x)} and the second masked input ? and t