Abstract: In a network connecting device connectable to a network, a connection approval/disapproval determination section determines approval/disapproval of connection to a network in accordance with a connection approval/disapproval determination rule managed by a connection approval/disapproval determination rule management section. When there is a security problem in a content of the connection approval/disapproval determination rule if a connection is to be formed, the security problem is solved by having a user re-input authentication information in the content of the connection approval/disapproval determination rule.

Abstract: The present invention discloses an apparatus, system and method for accessing internet webpage. The system includes a user terminal and a proxy server. The user terminal is configured to initiate an access request to the proxy server, the access request including URL information of a target webpage which carries an identifier of requiring security authentication, and receive and display target webpage information outputted from the proxy server. The proxy server is configured to receive the access request, perform security authentication on the URL information of the target webpage which carries the identifier of requiring security authentication according to pre-stored webpage security database information; if the security authentication is passed, obtain the target webpage information and output the target webpage information to the user terminal. By applying the present invention, network delay overload for accessing the internet webpage can be reduced, and user experience can be improved.

Abstract: Data storage and management systems can be interconnected as clustered systems to distribute data and operational loading. Further, independent clustered storage systems can be associated to form peered clusters. As provided herein, methods and systems for creating and managing intercluster relationships between independent clustered storage systems, allowing the respective independent clustered storage systems to exchange data and distribute management operations between each other while mitigating administrator involvement. Cluster introduction information is provided on a network interface of one or more nodes in a cluster, and intercluster relationships are created between peer clusters. A relationship can be created by initiating contact with a peer using a logical interface, and respective peers retrieving the introduction information provided on the network interface.

Abstract: A method for propagating session management events between a plurality of machines forming a machine cluster includes generating, with a session management user interface, a session management event on a first machine of the machine cluster; detecting, with an installment of the interface, the generated event; sending, from the installment to a first security service related to the first machine, a set of specific information that is related to the detected event; determining, with the first security service, a set of target machines; sending the specific information from the first security service to target security services that are related to the target machines; and processing the specific information at each target security service of the target machines so as to execute, on each target machine that has received the specific information, the session management event generated on the first machine.

Abstract: A server having an automaton whose state transitions in accordance with received characters, determines whether the automaton has transitioned to a final state on the basis of the characters. The server receives a coding sequence from the client in the characters included in the string. The coding sequence elements corresponding to the characters are values encrypting a non-unity using a first encryption scheme having homomorphism, and whose elements not corresponding to the characters are values encrypting a unity using the first encrypting scheme. The server generates, in response to receiving the coding sequence, exchange data encrypting a subsequent state key corresponding to each of a plurality of previous states of the automaton on the basis of the coding sequence using the first encryption scheme; encrypts exchange data with the corresponding previous state key and sends the encrypted exchange data to the client.

Abstract: Methods, devices, and storage media storing instructions to obtain logs from a security device and one or multiple service-providing devices, wherein the logs include information pertaining to traffic flow activity at an application layer associated with a service; store rules that identify behavior ranging from unintentional through intentional for one or multiple communication layers including an application layer; interpret the logs based on the rules; determine whether a violation exists based on the interpreting; and generate a notification that indicates the violation exists in response to a determination that the violation exists.

Abstract: A content delivery system includes an upload module, a content delivery module, and a monitoring module. The upload module is configured to receive content from a content provider, detect content containing malicious software or proprietary information, and provide information about the content to a monitoring module. The content delivery module is configured to detect content containing malicious software or unauthorized changes, detect operational changes to the content delivery module, provide information about the content and the operational changes to the monitoring module, receive a request for the content from a client system, and provide the content to the client system. The monitoring module is configured to monitor a network for potentially malicious traffic, receive information from the content delivery module and the upload module, correlate the information and the potentially malicious traffic to identify a security event, and trigger a response to the security event.

Abstract: The present application is directed towards systems and methods for aggressively probing a client side connection to determine and counteract a malicious window size attack or similar behavior from a malfunctioning client. The solution described herein detects when a connection may be under malicious attach via improper or unusual window size settings. Responsive to the detection, the solution described herein will setup probes that determine whether or not the client is malicious and does so within an aggressive time period to avoid the tying up of processing cycles, transport layer sockets and buffers, and other resources of the sender.

Abstract: A system that includes a memory and processor is provided. The processor is programmed to receive input data, determine that the input data is tainted, store the tainted input data in a location in the memory, and based on storing the tainted input data in the location, label the location as a tainted location. The processor is further programmed to assign a triggering event to the tainted location such that an action is initiated when the triggering event has occurred.

Abstract: In a network connecting device connectable to a network, a connection approval/disapproval determination section determines approval/disapproval of connection to a network in accordance with a connection approval/disapproval determination rule managed by a connection approval/disapproval determination rule management section. When there is a security problem in a content of the connection approval/disapproval determination rule if a connection is to be formed, the security problem is solved by having a user re-input authentication information in the content of the connection approval/disapproval determination rule.

Abstract: An apparatus and method for providing a security service are provided. The apparatus for providing a security service includes a first block cipher and a second block cipher. The second block cipher is independent of the first block cipher, and is configured to be used as a random number generator when the first block cipher is used to perform encryption/decryption, and to be used to perform encryption/decryption when the first block cipher is used as a random number generator.

Abstract: An analyzer can obtain data regarding signal characteristics in each of multiple communication channels within an access network. The analyzer can use that data to create signatures corresponding to each of the multiple channels. Based on similarities between signatures, the analyzer may then identify clusters of signatures associated with devices that share channels or portions of channels.

Abstract: The invention presented herein consists of systems and methods of secure storage for sensitive and confidential data, such as personal identity data, along with methods of securely accessing that data, and transferring information from that data, as necessary.

Abstract: A method for programming a vehicle module via a secure programming system. The method carried out by the system involves generating a credentials media containing one or more secure credentials. Then, a credentials programmer programs one or more vehicle modules using the credentials media. During each stage of the vehicle module programming, the programming status is securely updated in the credential media. In case of a programming failure, the credentials media is used in a secondary credentials programmer to program the vehicle modules.

Abstract: Systems and methods for providing privacy settings for applications associated with a user profile are provided. Exemplary methods include receiving a request from a member of a web-based social network to install an application in association with a member profile, installing the requested application, providing privacy settings selections to control access to data associated with the installed application, receiving a privacy settings selection from the member, and displaying data associated with the application based on the privacy settings selection.

Abstract: The subject matter of this specification can be embodied in, among other things, a method that includes receiving at a computing device that is in a locked state, one or more user inputs to unlock the device and to execute at least one command that is different from a command for unlocking the device. The method further includes executing in response to the user inputs to unlock the device an unlocking operation by the device to convert the device from a locked state to an unlocked state. The method further includes executing the at least one command in response to receiving the user inputs to execute the at least one command. The at least one command executes so that results of executing the at least one command are first displayed on the device to a user automatically after the device changes from the locked state to the unlocked state.

Abstract: An apparatus, device, methods, computer program product, and system are described that determine a virus associated with a communications network, and distribute an anti-viral agent onto the communications network using a bypass network, the bypass network configured to provide transmission of the anti-viral agent with at least one of a higher transmission speed, a higher transmission reliability, a higher transmission security, and/or a physically-separate transmission path, relative to transmission of the virus on the communications network.

Abstract: A method relates to authority checks governing user access to business object attachments in a store of business object attachments. The business object attachments are semantically associated with business objects of one or more remote computer systems. The method includes, at a content management interface layer that is communicatively coupled to the store of business object attachments, sending a request for user authority checks on a parent business object of a business object attachment to an originating computer system and receiving results of the user authority checks from the originating computer system.

Abstract: A video player reads, from a recording medium storing video data and control data, the control data which includes a plurality of operation control methods for a control target apparatus, each operation control method being set for one of a plurality of playback controls including a normal playback control and a special playback control, detects one of the playback controls which is requires, to obtain a detected playback control, plays back the video data in the recording medium in accordance with a playback control method corresponding to the detected playback control, and controls operation of the control target apparatus in accordance with one of the operation control methods in the control data which corresponds to the detected playback control.

Abstract: A system can control whether a recipient of an electronic message (e.g., a text message, a multimedia message, an e-mail message, etc.) with a forwarding-restricted attachment is permitted to forward the attachment to third parties can be implemented on the network without specialized hardware or software for the client devices. The sender of a text message may limit the downstream distribution of that text message through text message forwarding by associating a forwarding restriction flag with the message.