Abstract: Apparatus, system, and media for utilizing content. An exemplary system comprises a first computing device and a second computing device, wherein the first computing device transmits a request for access to content to the second computing device, receives the content from the second computing device, and grants at least one permitted utilization of the content, and wherein the second computing device receives the request for access to content from the first computing device, determines whether the first second computing device is permitted to receive the content, grants access to the content based at least in part on the first computing device being permitted to receive the content, and transmits the content to the first computing device based at least in part on the first computing device being permitted to receive the content.

Abstract: A system and method for sending encrypted messages to a distribution list. In one embodiment, the method comprises: identifying a distribution list address in a message; determining one or more member addresses associated with the distribution list address; for each member address, determining if a public key for a member identified by the member address is available on the computing device; and if so, encrypting the message to the member; sending the encrypted message to the distribution list address only if each of the one or more member addresses associated with the distribution list identifies a member for which a public key is available on the computing device.

Abstract: A method includes, in a data storage device, receiving data having a particular proportion of zero values and one values and scrambling the data to generate scrambled data that has the particular proportion of zero values and one values.

Abstract: Described herein is a technique of protecting users against certain types of Internet attacks. The technique involves obtaining certificates from visited web sites and qualifying communications with those web sites based on the content of the certificates.

Abstract: A system for protecting an electronic system against malware includes an operating system configured to execute on the electronic device, a driver coupled to the operating system, and a below-operating-system security agent. The below-operating-system security agent is configured to identify one or more resources for changing filters of the driver, trap an attempted access of the one or more resources that originates from the operational level of the operating system, access one or more security rules to determine whether the attempted access is indicative of malware, and operate at a level below all of the operating systems of the electronic system accessing the one or more resources for changing filters of the driver.

Abstract: A user authenticates a mobile device (MD) to a network-based service (NBS) for initial authentication. Policy is pushed from the NBS to the MD and the MD automatically obtains details about devices and attributes that are near or accessible to the MD in accordance with the policy. The details are pushed as a packet from the MD to the NBS and multifactor authentication is performed based on the details and the policy. If the multifactor authentication is successful, access privileges are set for the MD for accessing the NBS and perhaps for accessing local resources of the MD.

Abstract: Files of computer documents are classified into confidential levels without extracting and analyzing contents of the files. Files created by particular users may be clustered into groups of files based on file characteristics, such as file type (e.g., file extension) and file naming convention. A prediction confidential score may be generated for each group of files. A log of a file retention resource may be consulted to identify files created by users. A file created by a user may be assigned a prediction confidential score of a group of files having the same file characteristic as the file and created by the same user. The prediction confidential score may be used to determine a confidential level of the file when the file is found to be inaccessible.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for mapping security processing rules into a data structure that facilitates a more efficient processing of the security processing rules. In one aspect, a method includes receiving security processing rules, each of the security processing rules defining one or more security checks and security operations corresponding to the security checks and that are to be performed when the security checks occur; and generating from the security processing rules a mapping of security checks to security operations, the mapping including a security check entry for each security check that is defined in one or more of the security processing rules, and each security check entry being mapped to one or more security operations that the security processing rules define as corresponding to the security check.

Abstract: A location collection system is described herein that provides a uniform facility for reporting location data to a cloud-based service from a variety of devices, and that provides a uniform facility for accessing aggregated location data collected by the cloud-based service. The system collects location information related to a user and reports the location information to a central service to provide a variety of useful services to the user. By providing a big, secure location vault in the cloud, the system enables big data analytics to be used to allow current and future questions to be asked of this data and to correlate this with other data to enable new scenarios not yet enabled. Thus, the location collection system provides a model to report, gather, and analyze location data across devices and users.

Abstract: Systems and methods for remote control and management of medical workstations using an instant messaging infrastructure. A remote client, such as a mobile phone, laptop, tablet, or other computing device, is used to generate instructions or information requests in one or more data packets. The remote client sends the one or more data packets using the instant messaging infrastructure to a medical workstation at another location. A service application in communication with the medical workstation receives the data packets and causes the medical workstation to retrieve the requested information or execute the instruction. The communications between the remote client and the service application are encrypted and signed to ensure secure communications.

Abstract: A network switch automatically detects undesired network traffic and mirrors the undesired traffic to a security management device. The security management device determines the source of the undesired traffic and redirects traffic from the source to itself. The security management device also automatically sends a policy to a switch to block traffic from the source.

Abstract: An image forming apparatus receives authentication information about a user who requests a function and determines whether the user needs to be authenticated before executing the requested function. The image forming apparatus then transmits the authentication information to an authentication device that performs authentication of the user, and receives an authentication result from the authentication device indicative of whether the user is authentic. The image forming apparatus executes the function specified in the request only when the authentication result shows that the user is authentic.

Abstract: Embodiments include systems and methods for user login to a multimedia system. In one embodiment, a method of logging in one or more user profiles on a multimedia system includes associating one or more actuation sequences of one or more buttons on a remote control device each with a user profile, each user profile having one or more characteristics for outputting multimedia content, the characteristics affecting multimedia content provided by a multimedia system to personalize the user's multimedia experience, communicating a first signal corresponding to one of the one or more actuation sequences from the remote control device to a multimedia system to identify a first user profile for login, logging in the first user profile as an active user profile on the multimedia system based on the first signal, and controlling multimedia content provided to an output system of the multimedia system based on the active user profile.

Abstract: Provided are an apparatus and method for safely removing a malicious code from a file, or reporting the probable presence of a malicious code when it cannot be removed safely. The method includes: determining whether a file is a document or image file; opening and saving the document file as a new file by using an application associated with the document file to remove a malicious code from the document file, when it is determined that the file is the document file; and converting the image file into a different file format from a present file format and saving the converted image file to remove a malicious code from the image file, when it is determined that the file is the image file.

Abstract: The apparatus for dynamic update of a software-based IPTV conditional access system includes: a server master key manager managing a master key and encrypting a conditional access code ID; a conditional access server manager generating and managing a server list, linking and storing an update policy with the conditional access server IDs included in the server list, and controlling execution of the conditional access server; and a conditional access code download server generating an ID map of set of conditional access codes by combining the plurality of conditional access codes and the plurality of conditional access code IDs that are encrypted, and transmitting the ID map of set of conditional access codes and the conditional access code to a receiver.

Abstract: A method, a network element, and a client device for creating a trusted connection with a network are disclosed. A client device 104 may attempt to access a sub-network 106. The client device 104 may determine that a certificate of the sub-network 106 is issued by a certification authority absent from a device certificate trust list. The client device 104 may receive via the sub-network 106 a certificate trust list update 400 from a certificate trust list provider 108.

Abstract: A data-processing system, such as a payment processing system, including a tokenizer, such as a card encryption and storage system (CES) employing a tokenization feature. In one embodiment, the present invention provides a first-computer-implemented method for preventing the transmission of confidential information between a first computer and a second computer in communication with the first computer. The method includes the steps of: (a) the first computer receiving information for performing a transaction, the information including confidential information manually entered by a user; (b) the first computer sending the confidential information to a third computer; (c) the first computer receiving, from the third computer, a token having no algorithmic relationship to the confidential information; and (d) the first computer sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token.

Abstract: There is provided a content editing apparatus, content editing method and program capable of easily and rapidly extracting sections corresponding to a reproducing operation of content data. The content editing apparatus includes an operation input processing unit 104 into which a reproduction operating command of content data is input by a user and a record controlling unit 108 for recording operation data corresponding to the reproduction operating command input into the operation input processing unit along with a reproduction position of the content data in a recording medium.

Abstract: An embodiment includes a computer-implemented method of managing access control policies on a computer system having two high-level programming language environments. The method includes managing, by the computer system, a structured language environment. The method further includes managing, by the computer system, a dynamic language environment within the structured language environment. The method further includes receiving a policy. The policy is written in a dynamic language. The method further includes storing the policy in the dynamic language environment. The method further includes converting the policy from the dynamic language environment to the structured language environment. The method further includes generating a runtime in the structured language environment that includes the policy.

Abstract: The disclosed embodiments provide a system that protects an application from malware on a host system. During operation, the system receives a command to commence execution of the application on the host system. In response to the command, the system causes a security scan to be performed on the host system to detect malware, wherein the malware can compromise the security of the application. The system also restricts one or more operations associated with the application until the security scan successfully completes.