Abstract: Devices, systems, and methods are disclosed which utilize lightweight agents on a mobile device to detect message-based attacks. In exemplary configurations, the lightweight agents are included as contacts on the mobile device addressed to an agent server on a network. A malware onboard the mobile device, intending to propagate, unknowingly addresses the lightweight agents, sending messages to the agent server. The agent server analyzes the messages received from the mobile device of the deployed lightweight agents. The agent server then generates attack signatures for the malware. Using malware propagation models, the system estimates how many active mobile devices are infected as well as the total number of infected mobile devices in the network. By understanding the malware propagation, the service provider can decide how to deploy a mitigation plan on crucial locations. In further configurations, the mechanism may be used to detect message and email attacks on other devices.

Abstract: An integrated cryptographic apparatus providing confidentiality and integrity includes an integrated cryptographic module including confidentiality and integrity. Further, the integrated cryptographic apparatus includes a hash function unit for detecting whether a message is modified by using the integrated cryptographic module. Furthermore, the integrated cryptographic apparatus includes a block cipher unit for constructing a data encryption algorithm by using the integrated cryptographic module.

Abstract: A software-based privacy filter is provided on a computing device. First, a content window is opened and displayed on a display of the computing device. Then a semi-transparent topmost window is created, wherein the semi-transparent topmost window includes a moving privacy pattern designed to obscure first portions of the content window at a first time and obscure second portions of the content window at a second time. The semi-transparent topmost window is then displayed on top of the first content window on the display of the computing device.

Abstract: Apparatus and methods for scalable block pixel filtering are described. A block filtering instruction is issued to a processing element (PE) to initiate block pixel filtering hardware by causing at least one command and at least one parameter be sent to a command and control function associated with the PE. A block of pixels is fetched from a PE local memory to be stored in a register file of a hardware assist module. A sub-block of pixels is processed to generate sub-block parameters and the block of pixels is filtered in a horizontal/vertical edge filtering computation pipeline using the sub-block parameters.

Abstract: Operation of a device may be enabled or disabled by an instruction that may be given in a variety of ways. For example, a device (e.g., a car) may be equipped with a mechanism that disables (“kills”) and/or enables (“unkills”) some or all of the functionality of the car upon receipt of an appropriate instruction. The instruction could be given remotely. For example, the instruction could be given remotely from a wireless telephone by sending appropriate messages through a network. An instruction to re-enable operation of the device could also be given remotely. The honoring of kill and/or unkill instructions could be predicated on some type of authentication, such as the identity of the device from which the instruction is issued, a password, a biometric identification, the location from which the instruction is issued, or some other factor.

Abstract: Provided is a method in which a first device authenticates a public key of a second device. The method includes: receiving a first value generated based on the public key of the second device and a password displayed on a screen of the second device and the public key of the second device, from the second device; generating a second value based on the public key of the second device and a password input to the first device by a user of the first device according to the password displayed on the screen of the second device; and authenticating the public key of the second device based on the first value and the second value.

Abstract: Instrumented networks and platforms having target subjects (devices, transactions, services, users, organizations) are disclosed. A security orchestration service generates runtime operational integrity profiles representing and identifying a level of threat or contextual trustworthiness, at near real time, of subjects and applications on the instrumented target platform. Methods and systems are disclosed for network flow and device/platform remediation in response to reconnaissance-based intelligence correlation based on network monitoring, to accomplish network flow remediation and device/platform remediation. In an embodiment, a system receives system warnings and endpoint threat intelligence. The system correlates risk based on inputs from sensory inputs that monitor network activity, system configuration, resource utilization, and device integrity.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, enable software application transfer among connected computing devices. In one aspect, a method includes receiving a request, corresponding to an application running on a first computer, to operate the application on a second computer; initiating a communication session between the first computer and the second computer over a network; disabling the application on the first computer with respect to one or more operational parameters; and enabling the application on the second computer with respect to the one or more operational parameters. The one or more operational parameters can include a software licensing state of the application, current application data of the application running on the first computer, or both.

Abstract: Techniques for synchronizing personal contact information with or from different sources are disclosed. Through a website (i.e., a server or system), all fractional personal contact information is consolidated, synchronized, processed or updated. In return, any of the resources may be synchronized to get a copy of the latest version of the contact information. When contacts in a list by a registered user are also registered with the server, any of the contacts may update their respective contact information that can be timely reflected in the list. As a result, the registered user always has a latest version of the contact information for some or all of his/her contacts without even knowing some has already been changed or updated. Based on the contact information, other features including proof delivery of emails, recycling of deleted contacts, a “black” list, contact relationship levels and anonymous email, short messaging and calls are provided.

Abstract: Methods and apparatus for security protection domain-based testing. A testing framework enables the same certification tests to be run across different protection domains or operation modes, and on different platforms or devices. The testing framework may, for example, be directed to testing implementations of the Java Platform, Micro Edition (Java ME®) using Connected Device Configuration (CDC) or Connected Limited Device Configuration (CLDC) as the configuration layer and Mobile Information Device Profile (MIDP) as the profile layer. Different Mobile Information Device Profile (MIDP) specifications (e.g., MIDP 2.x and MIDP 3.x specifications) may be supported. The testing framework may be deployed in the context of compatibility testing and technology compatibility kits (TCKs). The testing framework may, for example, be applied in compatibility testing for Java ME® platform technology implementations.

Abstract: The present embodiments provide methods and apparatuses for use in navigating through content. Some embodiments provide methods for use in navigating through content that receive an initial first directional control command, activate a seek mode upon receipt of the initial first directional control command comprising advancing over a first amount of content in a first direction from a first point in the content to a second point in the content, receive an initial second directional control command following the receipt of the initial first directional command, and activate a search mode upon receipt of the initial second directional control command, comprising advancing back over a second amount of the first amount of the content where the second amount is less than the first amount of the content.

Abstract: A method and an apparatus for effective data sharing between users in a cloud computing system are provided. The cloud computing system includes a first cloud hub and a User Equipment (UE). The first cloud hub provides a cloud service to a UE connected by a public cloud access and provides a cloud service to a UE connected to a public personal cloud system installed by a service provider, and is installed by a user. The UE subscribes to the first cloud hub as a main cloud and inquires as to data stored in the first cloud hub.

Abstract: A method for orchestrating peer authentication during a call (e.g., a telephone call, a conference call between three or more parties, an instant messaging [IM] chat session, etc.) is disclosed. In particular, a user is first authenticated in order to participate in a call (e.g., via entering a password, etc.), and subsequently during the call the user may be peer authenticated. In accordance with the illustrative embodiment, a user who participates in a call might be prompted to authenticate another user on the call based on particular events or user behavior during the call.

Abstract: A method and system for transferring an ongoing communication session from one application server (AS) to another is described. Multiple ASs are monitored and serviced by a Transfer Management Module (TMM). Each of the ASs serves a different network and each network includes various end devices. During an ongoing communication session, whether the session is to continue using the current AS is determined based on a set of rules. If the session is to be transferred, an alternative AS that provides the same application as the current AS is selected using a set of conditions. Upon selection of the alternative AS, the current AS transfers the control and/or media state of the ongoing session for one to all users through the TMM to the selected AS, and the session is continued.

Abstract: A method for using virtualization to implement information rights management. The method may include: 1) intercepting, at a virtualization module, a request from an application to access data; 2) querying an information-rights-management database for a virtualization policy associated with the access request; 3) receiving, at the virtualization module, the virtualization policy from the information-rights-management database; and 4) controlling access to the data by applying the virtualization policy to the access request in a manner that is transparent to the application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for asynchronous processing of system calls, including detecting a system call on a computer system; filtering the system call to determine when the system call call matches a filter parameter; making a copy of the system call and asynchronously asynchronously processing the system call copy, if the system call does not pass through at through at least one filter, and the filter parameter does not match the system call; placing placing the system call into a queue; releasing the system call after an anti-virus (AV) (AV) check of the system call copy and terminating an object that caused the system call call when the AV check reveals that the system call is malicious; and for an object associated with the system call that has behavior differences compared to a previous known known non-malicious version of the object but also similarities to the previous known non-known non-malicious object, classifying the object as non-malicious.

Abstract: A system and method for establishing a chain of trust from a registrant to a registry. A registrant request to a registrar to change a domain name record includes at least one registrant factor, such as a one time password. The registrar can formulate an extended EPP command that includes the factor to effectuate the change and send it to a registry. The registry can verify the at least one factor using at least one validation server. If the factor is successfully verified, the EPP can be processed by the registry. If the factor is not verified, the EPP command may not be processed and an error message may be generated and sent to the registrar.

Abstract: A method and system for automatically generating a certificate operation request is described.

Abstract: Disclosed are various embodiments for executing untrusted content in a trusted network through the use of an external proxy server application. An identification of a resource specified by a user is obtained in one or more computing devices. The user is associated with one of a plurality of network sites hosted by the one or more computing devices. The one or more computing devices are within a trusted network that is separated from an untrusted network by a firewall. The resource is obtained from an external proxy server application executed in the untrusted network. One or more network pages are generated for the one of the network sites based at least in part on the resource.

Abstract: A cryptography module includes a key store having a plurality of storage locations for storing a key as k key fragments including a plurality of random key fragments and a remainder key fragment. One or more crypto-processing segments each operate based on corresponding ones of the k key fragments to process an input signal to produce an output signal.