Abstract: A mobile device detects its location and other devices in proximity to the mobile device. When the device is in an untrusted location, or is in physical proximity to an untrusted device, the mobile device ensures existing security and authentication mechanisms are in place, and may additionally require enhanced security measures on the device. In addition, the device may modify its functionality based on the mobile device being in an untrusted location or in physical proximity to an untrusted device.

Abstract: A mobile device detects its location and other devices in proximity to the mobile device. When the device is in an untrusted location, or is in physical proximity to an untrusted device, the mobile device ensures existing security and authentication mechanisms are in place, and may additionally require enhanced security measures on the device. In addition, the device may modify its functionality based on the mobile device being in an untrusted location or in physical proximity to an untrusted device.

Abstract: Methods and products to deliver at least a portion of an advertisement to a viewer at normal playback speeds after receiving a command from the viewer to fast-forward through an advertisement faster than normal playback speeds is described. In certain embodiments, the invention delivers a portion of the advertisement to be played at normal playback speeds to the viewer: and delivers the remaining portion of the advertisement to be played at a playback speed that is faster than the specified playback speed so that the combination of the portions delivered at normal and faster playback speeds is delivered to the user at the specified playback speed. In some other embodiments, the invention delivers at least a portion of the first advertisement to the viewer at normal playback speeds; and delivers one or more other advertisements to the viewer simultaneously with the first advertisement with the audio information muted based on the specified playback speed.

Abstract: The disclosure relates to secure data storage and retrieval, in particular to methods and circuits for securely storing data to reduce the possibility of leakage via side channel attacks. Embodiments disclosed include a method of storing a value comprising a series of words, the method comprising: i) combining in a series of XOR operations a word of a first portion of the value, a word of a second portion of the value and an output word of a first random number generator to provide a first combined word; ii) storing the first combined word in a shift register; and iii) repeating steps i) and ii) for each successive word of the first and second portions of the value.

Abstract: The present disclosure generally provides systems and methods of network security and threat management. An exemplary system includes detection and prevention modules (DPM) designed specifically to collect and transmit suspicious binary network packet data. The collected network packets are sent to a behavioral correlation module to perform automatic behavioral correlation: (1) within each DPM, (2) across all DPMs installed on a network, and (3) across all DPMs installed on all networks. The results of the behavioral correlation are sent to a security dashboard module (SDM), which generally acts as a fully integrated Security Event Management system and collects, correlates, and prioritizes global network alerts, local network alerts, posted vendor alerts, and detected network vulnerabilities with enterprise assets. The SDM could display the results in a user-friendly graphical user interface and has the ability to perform geographic mapping of externally generated threats.

Abstract: Customer communication security vulnerabilities are resolved. A usage history is obtained for a user device including communications involving the user device. Pattern recognition is applied to the usage history. The user device is assigned with a risk classification from a predetermined set of possible risk classifications, based on the pattern recognition. A vulnerability on the user device is remedied when the risk classification exceeds a predetermined threshold.

Abstract: Applying a security policy to an application session, includes recognizing the application session between a network and an application via a security gateway, determining by the security gateway a user identity of the application session using information about the application session, obtaining by the security gateway the security policy comprising network parameters mapped to the user identity, and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.

Abstract: A cloud infrastructure is enhanced to provide a context-based security assurance service to enable secure application deployment. The service inspects network and cloud topologies to identify potential security capabilities and needs. Preferably, these options are then surfaced to the user with easy-to-understand, pre-configured templates representing security assurance levels. When a template (e.g., representing a pre-configured assurance level) is selected by the user, the system then applies specific capabilities and controls to translate the user-selected generalized specification (e.g., “high security”) into granular requirements for a specific set of security resources. Preferably, the identification of these security resources is based on system configuration, administration, and information associated with the pre-configured template.

Abstract: A data processing apparatus has processing circuitry which has a secure domain and a less secure domain of operation. When operating in the secure domain the processing circuitry has access to data that is not accessible in the less secure domain. In response to a control flow altering instruction, processing switches to a program instruction at a target address. Domain selection is performed to determine a selected domain in which the processing circuitry is to operate for the instruction at the target address. Domain checking can be performed to check which domains are allowed to be the selected domain determining the domain selection. A domain check error is triggered if the selected domain in the domain selection is not an allowed selected domain.

Abstract: Systems and methods of providing a secure access layer in a mobile phone and a computer system coupled to the mobile phone to provide authentication for transmitting data between the phone and the computer system.

Abstract: Secure key derivation within a virtualized execution environment may involve a key derivation module executing within a platform layer of the execution environment. An application executing within an application layer of the execution environment may access the key derivation module in order to generate a cryptographic key according to a key derivation function. Instead of being returned to the application, the derived key may be stored within a secure storage area of the execution environment without being stored, even temporarily in the application layer, or other non-secure areas, of the execution environment. The application may receive a reference to the derived key usable by other cryptographic processes. The application may pass the key reference to a method of a cryptographic module and the cryptographic module may use the key reference to access the derived key from the secure storage for use in performing any of various cryptographic processes.

Abstract: Methods and systems for controlling access to content include an authentication process that provides for increased speed by reducing, or eliminating in some cases, steps in the authentication process. In particular, the systems and methods can encode content paths previously authenticated for a particular user into an authentication token. When the user attempts to access one of the top content paths, the systems and methods can verify the user based on the encoded authentication token rather than following a complete authentication process.

Abstract: A system and method is provided to determine location information of a portable computing device and, in particular, to a secure and scalable system and method of decoupling and exposing handset originated location information to third parties. The system includes a location platform to determine location information of a remote user, and an encryption service configured to secure the location information of the remote user and send the secure location information to a content provider.

Abstract: A data processing apparatus including circuitry for performing data processing, a plurality of registers; and a data store including regions having different secure levels, at least one secure region (for storing sensitive data accessible by the data processing circuitry operating in the secure domain and not accessible by the data processing circuitry operating in a less secure domain) and a less secure region (for storing less secure data). The circuitry is configured to determine which stack to store data to, or load data from, in response to the storage location of the program code being executed. In response to program code calling a function to be executed, the function code being stored in a second region, the second region having a different secure level to the first region, the data processing circuitry is configured to determine which of the first and second region have a lower secure level.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive registration data for a local network device, receive registration data for an electronic device, receive a request to pair the local network device and the electronic device, where the request to pair the devices includes a pairing code, and allow the pairing if the registration data for the local network device, the registration data for the electronic device, and the pairing code satisfies predetermined conditions. In an example, the pairing code was to the local network device and the electronic device requested and received the pairing code from the local network device.

Abstract: Virus detection by executing electronic message code in a virtual machine is disclosed. An example method includes detecting that an electronic message includes executable code, the electronic message designating a destination recipient. Two or more destination computing systems are identified for the electronic message corresponding to the destination recipient specified in the electronic message prior to delivery of the electronic message to the two or more destination computing systems, the two or more destination computing systems including a first destination computing system and a second destination computing system different from the first destination computing system. Two or more simulation environments corresponding to the two or more destination computing systems are identified. The executable code is executed in the two or more simulation environments. The two or more simulation environments are monitored for a malicious action.

Abstract: The disclosed embodiments illustrate methods and systems for identifying a targeted content item for a user. The method includes receiving one or more encrypted first attributes of the user, and a first key. Thereafter, one or more content items are encrypted using the first key. The one or more content items are stored in a data structure such that the one or more content items are indexed in the data structure according to one or more second attributes of the one or more content items. Thereafter, at least one encrypted content item is retrieved from the data structure based on the one or more encrypted content items, the indexing of the one or more content items, and the one or more encrypted first attributes. The at least one encrypted content item is decrypted to generate the targeted content item.

Abstract: According to one embodiment, an apparatus includes a memory and a processor. The processor is configured to receive a forwarded email and to determine a plurality of keywords in the forwarded email. The processor is further configured to search an email server using the plurality of keywords and to determine that an email message from the plurality of email messages is the original email corresponding to the forwarded email. The processor is also configured to attach a portion of the determined email message to the forwarded email.

Abstract: According to one embodiment, an apparatus is configured to store a plurality of phishing scores, each phishing score of the plurality of phishing scores indicating a likelihood that a user of a plurality of users will respond to a phishing email. The apparatus is configured to receive an email, to select a first subset of the plurality of users based on the phishing score of each user in the first subset, and to select a second subset of the plurality of users based on the phishing score of each user in the second subset, wherein each user in the second subset is determined to be more likely to respond to a phishing email than each user in the first subset. The apparatus is configured to communicate the email to the first subset and to communicate the email to the second subset based on the first subset's responses to the email.

Abstract: The present disclosure generally provides systems and methods of network security and threat management. An exemplary system includes detection and prevention modules (DPM) designed specifically to collect and transmit suspicious binary network packet data. The collected network packets are sent to a behavioral correlation module to perform automatic behavioral correlation: (1) within each DPM, (2) across all DPMs installed on a network, and (3) across all DPMs installed on all networks. The results of the behavioral correlation are sent to a security dashboard module (SDM), which generally acts as a fully integrated Security Event Management system and collects, correlates, and prioritizes global network alerts, local network alerts, posted vendor alerts, and detected network vulnerabilities with enterprise assets. The SDM could display the results in a user-friendly graphical user interface and has the ability to perform geographic mapping of externally generated threats.