Abstract: Software code of a software system (e.g., a software stack) may be verified as conforming to a specification. A high-level language implementation of the software system may be compiled using a compiler to create an assembly language implementation. A high-level specification corresponding to the software system may be translated to a low-level specification. A verifier may verify that the assembly language implementation functionally conforms to properties described in the low-level specification. In this way, the software system (e.g., a complete software system that includes an operating system, device driver(s), a software library, and one or more applications) may be verified at a low level (e.g., assembly language level).

Abstract: A method, a network element, and a network include determining an authentication mechanism between two nodes in a network path; operating the network path; performing connectivity check between the two nodes in the network path; and authenticating specific frames in the connectivity check between the two nodes with the authentication mechanism responsive to the specific frames affecting a state of the network path. The frames can be Bidirectional Forwarding Detection (BFD), Continuity Check Messages (CCMs), etc. Advantageously, the method, network element, and network reduce the computational load of providing authentication while maintaining secure authentication for important frames, i.e., ones that affect the state of the network path.

Abstract: The examples provided herein relate to digital rights management keys that allow for the presentation of content on output devices of a content presentation device. The examples describe subscriber-specific digital rights management keys that are provided to a subscriber by a mobile network operator instead of a device manufacturer. The digital rights management keys are associated with the subscriber account maintained by the mobile network operator. As a result, the mobile network operator provides the capability to transfer the digital rights management keys between multiple devices because the digital rights management keys are subscriber-specific instead of device-specific.

Abstract: A non-transitory processor-readable medium storing code representing instructions to cause a processor to perform a process includes code to cause the processor to receive a set of indications of allowed behavior associated with an application. The processor is also caused to initiate an instance of the application within a sandbox environment. The processor is further caused to receive, from a monitor module associated with the sandbox environment, a set of indications of actual behavior of the instance of the application in response to initiating the instance of the application within the sandbox environment. The processor is also caused to send an indication associated with an anomalous behavior if at least one indication from the set of indications of actual behavior does not correspond to an indication from the set of indications of allowed behavior.

Abstract: A method of sharing content by using a personal cloud device and an electronic device and a personal cloud system using the method are provided. The method includes connecting to a personal cloud device configured to share the content with another electronic device, if a new first content is added to a set first folder, determining an upload condition of the electronic device, and if the upload condition satisfies a set condition, transmitting the first content to the personal cloud device. Accordingly, a user is able to share contents between a plurality of electronic devices by using a personal cloud device in real time.

Abstract: Systems and methods for automated data privacy compliance involve a data privacy operations server receiving information via a web server regarding an initiative and packaging the initiative information for assessment by a data privacy legal compliance function. One or more databases storing an inventory of data privacy compliance requirements resources are accessible by the data privacy legal compliance function via a relational database server to assess the packaged initiative information. A clear function generates an approval recommendation based on the assessment of the packaged initiative information by the data privacy legal compliance function.

Abstract: Described systems and methods allow conducting computer security operations, such as detecting malware and spyware, in a bare-metal computer system. In some embodiments, a first processor of a computer system executes the code samples under assessment, whereas a second, distinct processor is used to carry out the assessment and to control various hardware components involved in the assessment. The described computer systems may be used in conjunction with a conventional anti-malware filter to increase throughput and/or the efficacy of malware scanning.

Abstract: There is provided a remote operation system, a relay device, a communication device, and a remote operation method which are capable of executing collective remote operations. The remote operation system includes communication devices, an external device that specifies at least one communication device as a target of a remote operation among the communication devices, and accepts an input of a remote operation content to be executed for the specified communication device, and a relay unit for relaying communication between the specified communication devices and the external device. The relay unit includes a storage unit for storing the remote operation content accepted by the external device, and a notification unit for notifying the specified communication device of the remote operation content.

Abstract: Methods and systems for providing access to content are disclosed. The method is performed at least in part at a client computer system having a processor and memory. The method includes detecting, via a supplemental application associated with a host application at the client computer, a user selection of content. The supplemental application is unauthorized to independently access the content. The method further includes accessing the content at a server computer via a communication channel between the host application and the server computer, in response to the user selection detected via the supplemental application. The communication channel is inaccessible to applications executed separately from the host application at the client computer. The method further includes initiating presentation of the content at the client computer.

Abstract: An SOC includes a secure processor and an always-on component. The always-on component may remain powered even during times that other parts of the SOC are powered off. Particularly, the secure processor and related circuitry may be powered off, while various state for the secure processor may be stored in memory in an encrypted form. Certain state may be stored in the always-on component. When the secure processor is powered on again, the secure processor may check for the state in the always-on component. If the state is found, the secure processor may retrieve the state and use the state to access the encrypted memory state.

Abstract: Preserving privacy related to networked media consumption activity. Source privacy zones are defined and associated with privacy standards. Privacy standards include frequency criteria governing the storage of datasets including information associated with networked media consumption activity collected from the source privacy zone. Transaction requests including a networking protocol address are received over a network from a client device at a target location by a networked privacy system. The source privacy zone associated with the client device is identified. Using the networking protocol address to access characteristics having characteristic value(s), a dataset can be created including associating the networked media consumption activity with the characteristic and characteristic value(s). The dataset is pre-processed to comply with the privacy standards. The networking protocol address is discarded.

Abstract: A mobile device user is able to execute an app in a federation of wrapped apps without having to login to that app provided that the user has already logged into another app in that federation. The federation of apps on the device uses multi-app authentication to enable the user to start subsequent apps after explicitly entering login credentials for another app in that federation. This feature is loosely referred to as single sign-on for apps in the federation. The multi-app authentication is implemented by giving the second app a chance to prove two facts. One that it knows where in the operating system keychain a login ticket is stored and two, what the hash value of a random byte array is. By showing these facts, the logged-into app can safely provide login credentials to subsequent app without the user having to enter a login name or password.

Abstract: A system and method for fingerprinting content via a playlist are provided. The system includes a content requestor to receive an indication that a request for content is to be served, the content being served with a duplication restriction; a code generator to generate a code with a plurality of bits associated with the content being served, a number of the plurality of bits of the code being defined based on the length of the content divided by a predetermined length of equally sized segments; a playlist generator to generate a playlist to serve a plurality of segments, each of the plurality of segment's length being determined by a corresponding bit of the code; and a playlist transmitter to transmit the playlist along with the content to a visitor or device associated with the request.

Abstract: A narration session between a plurality of participants can be set up to allow participants to collaboratively narrate an electronic book. Information can be transmitted to each participant so that the views of the participants remain in sync. Visual cues can also be transmitted to notify a participant of text that is to read aloud and audio snippets of read text are collected to form a narration file. Participants without access rights to the electronic book can be granted temporary rights.

Abstract: The present invention provides a method and a system for negotiation based on IKE messages. A standby device updates a value of a stored third identity according to an update notification of an active device. The update notification of the active device is sent by the active device after updating a value of a stored second identity. When the standby device switches to a new active device, the new active device sends a second message for negotiating IPSec information to a peer device according to the updated third identity. The third identity is an identity that is stored in the standby device and used to acquire state information of the active device.

Abstract: A non-transitory computer readable medium may include executable instructions which, when executed by a processor, cause the processor provide for a repository of digital content and to create a first license based on the digital content. The instructions further cause the processor to transmit the first license and the digital content to a non-destructive testing (NDT) device, and wherein the digital content is configured to be executed by, used by, or displayed by the NDT device, or a combination thereof, based on the first license.

Abstract: A technique provides user authentication using a smart device (e.g., a smart phone, a tablet, etc.). The technique involves displaying, by processing circuitry of a smart device, a password prompt on a touch screen of the smart device. The password prompt includes a motion video of touch screen gestures to prompt a user of the smart device to enter a gesture password. The technique further involves receiving, by the processing circuitry, a trial gesture password entered by the user via the touch screen. The trial gesture password includes a user-entered sequence of touch screen gestures. The technique further involves performing, by the processing circuitry, multiple gesture password confirmation operations to verify that the user is able to re-enter the trial gesture password via the touch screen over time to authenticate the user to the smart device.

Abstract: A system and a method are disclosed for authenticating a user of a mobile computing device. Information is received describing the location of the mobile computing device. The information can include the current location of the device or a current type of user activity associated with a location. A current timeout length is determined based on this information. If the mobile computing device has remained idle for a time period equal to the current timeout length, the user of the mobile computing device is authenticated.

Abstract: Technologies are generally provided for a system to enhance security and prevent side channel attacks of targeted functions. Side channel attacks assume that the targeted functions operate at same speed each time, and observe timing data of the targeted functions to glean secure information. According to some examples, an enhanced security system may alter a processing speed of one or more subunits of a processor executing the targeted function(s) to transparently change an instantaneous performance of the processor in an unpredictable manner. The performance time of the targeted function(s) may thereby be randomized. A virtual machine manager (VMM) may identify a security risk for a targeted function, and trigger one or more subunits of the processor to operate at a reduced frequency. After completion of the targeted function, the subunits may be returned to a default performance speed.

Abstract: Embodiments of the invention relate to providing isolated entropy elements for a virtual machine to increase entropy in a computing environment. At least one virtual machine is deployed on a hypervisor. The hypervisor generates entropy elements based on triggers related to a virtual machine. Identifiers are assigned to the entropy elements based on the triggers and the virtual machine. Use of the entropy elements is restricted for the virtual machine based on the assigned identifiers. The increase in entropy through providing isolated entropy elements for a virtual machine deployed on a hypervisor reduces the success of external attacks on data residing within the computing environment.