Abstract: In one embodiment, an apparatus comprises a first interface arrangement that obtains information from at least one data source. The information is associated with the presence of an entity at a location. The apparatus also comprises a processing arrangement that automatically updates a dynamic distribution list that is associated with the location based on the information.

Abstract: An apparatus and method are described for implementing efficient communication between a microcontroller and a communication module.

Abstract: A method for balancing load among firewall security devices (FSDs) is provided. According to one embodiment, imminent shutdown of a first cluster unit of an HA cluster of FSDs is gracefully handled by a switching device. A load balancing (LB) table, forming associations between hash values output by the LB function and corresponding ports of the switching device to which the cluster units are coupled, is maintained. The first cluster unit is coupled to a first port. Responsive to imminent shutdown of the first cluster unit: (i) a second cluster unit, coupled to a second port, is selected to perform security services on traffic sessions handled by the first cluster unit; and (ii) the LB table is updated by replacing reference(s) to the first port with reference(s) to the second port. Security services for subsequently received network traffic associated with the traffic sessions is performed by the second cluster unit.

Abstract: A method for balancing load among firewall security devices (FSDs) is provided. According to one embodiment, a switching device performs adaptive load balancing among cluster units of an HA cluster of firewall security devices. A load balancing (LB) function implemented by the switching device is configured based on information received from a network administrator. A LB table is maintained that forms associations between hash values output by the LB function and corresponding ports of the switching device to which the cluster units are coupled. Network traffic received by the switching device is directed to appropriate cluster units based on the LB function and the LB table. A traffic load on each of the cluster units is monitored. Responsive to a deviation from a predefined ideal traffic distribution, an attempt is made to improve performance of the HA cluster by dynamically adjusting the LB balancing table to address the deviation.

Abstract: A system and method for executing privileged code in a process are described. The method includes establishing, by an authorized library, a privileged function. The privileged function has a first privilege level used by a processor that is executing the privileged function, while preserving a different privilege level for a process invoking the privileged function. The method includes communicating, to a computer process, access information of the privileged function, to allow the computer process to invoke the privileged function. The method includes executing the privileged function for the computer process. Executing the privileged function includes setting a processor that is being used by the computer process to use the first privilege level associated with the privileged function, executing the privileged function with that processor at the first privilege level, then restoring that processor to a previous privilege level, and returning control of that processor to the computer process.

Abstract: This document describes techniques for transporting at least a portion of the data for a remote presentation session via datagrams. In particular, a span-out model is described whereby a remote presentation session can be associated with multiple channels and each channel can be routed through a different gateway computer system. As such, a connectionless oriented channel for a client may be routed through a first gateway computer system and a connection oriented channel for the client may be routed through a second gateway computer system. In addition to the foregoing, other techniques are described in the claims, the attached drawings, and the description.

Abstract: In an example embodiment, a method includes receiving, by an apparatus, from a remote server, a message including information about at least one device, the message including a second encryption key of the at least one device and an encrypted object encrypted with a first encryption key of the at least one device; transmitting, by the apparatus, an encrypted message that includes the encrypted object, encrypted with the second encryption key of the at least one device; and receiving, by the apparatus, from the at least one device, a message identifying or describing the at least one device, only if the at least one device has determined that the message transmitted by the apparatus is valid.

Abstract: A device may identify a plurality of files for a multi-file malware analysis. The device may execute the plurality of files in a malware testing environment. The device may monitor the malware testing environment for behavior indicative of malware. The device may detect the behavior indicative of malware. The device may perform a first multi-file malware analysis or a second multi-file malware analysis based on detecting the behavior indicative of malware. The first multi-file malware analysis may include a partitioning technique that partitions the plurality of files into two or more segments of files to identify a file, included in the plurality of files, that includes malware. The second multi-file malware analysis may include a scoring technique that modifies a plurality of malware scores, corresponding to the plurality of files, to identify the file, included in the plurality of files, that includes malware.

Abstract: A relay device communicates with a server and a client device and includes a storage and a controller. The controller is configured to: receive, from the server, service use information which is to be used for the client device to use a service; transmit the received service use information to the client device; receive, from the client device, transmission instructing information containing key information which identifies CA certificate data stored in the storage and used for the client device to verify server certificate data; and transmit, to the client device, the CA certificate data identified by the key information contained in the received transmission instructing information. The CA certificate data is stored in the storage.

Abstract: A mobile terminal allocates data to a first wireless interface using a first communication network and a second wireless interface using a second communication network and executes wireless communication. The mobile terminal executes Web access to a server using the first wireless interface and acquires an authentication screen from the server. The mobile terminal executes Web access to a predetermined Web page, which is confirmed not to exist in advance, using the first wireless interface after the Web access is executed performed, and suppresses the allocation of the data to the second wireless interface when the Web access succeeds.

Abstract: A user verification method and system, a password protection apparatus and a storage medium are disclosed, and the method includes: receiving an operation request containing a user identity of a user sent by the user via a user terminal; generating identity verification information according to the user identity; sending the identity verification information to an NFC terminal through near field communication with the NFC terminal, so that the NFC terminal prompts the user to provide identity acknowledgement; receiving identity acknowledgement information from the NFC terminal, if the identity acknowledgement is provided by the user, where the identity acknowledgement information contains an identifier of the NFC terminal; determining whether the user identity matches the identifier of the NFC terminal according to the identity acknowledgement information; and sending operation response information to the user terminal of the user if the user identity matches the identifier of the NFC terminal.

Abstract: A client device communicates with a server and a relay device and includes a controller and a storage.

Abstract: Systems and methods for mobile-based login via wireless credential transfer are disclosed. In some implementations, a proxy server receives a registration request for a receiver device for accessing a secure resource. The proxy server registers the receiver device in response to the registration request. The proxy server receives, from a transmitter device, information identifying the transmitter device along with authentication credentials for authenticating the receiver device to access the secure resource. The proxy server identifies the receiver device based on the information identifying the transmitter device. The proxy server forwards, to the receiver device, the authentication credentials for authenticating access of the receiver device to the secure resource.

Abstract: A system for sharing a USB Key by multiple virtual machines located at different hosts including at least two virtual machine managers, each virtual machine manager including a virtual machine transceiver module which is configured to receive a request for accessing a USB Key from a virtual machine within its host; a storage module which is configured to store an association relationship between a USB Key and the virtual machine authenticated by the USB Key; a verification module which is configured to, in response to judging that the virtual machine of the received request can access the USB Key, transmit the request for accessing the USB Key to a USB Key transceiver module of a virtual machine manager of the host where the USB Key is located; and a USB Key transceiver module which is configured to receive a request for accessing a USB Key, and to transmit an access request to a connected USB Key.

Abstract: A 3D graphical password authentication method displays a 3D grid upon a user's request to access a restricted resource. The 3D graphical password authentication method requires the user to enter his or her access password by touching one or more intersections, namely touching the corresponding sensitive areas, on the 3D grid with an input device. A password is then produced as a sequence of the coordinates of the intersections touched along with penup values.

Abstract: A cryptographic proxy service may be provided. Upon determining that data associated with a network destination comprises at least some sensitive data, a cryptographic service may provide a security certificate associated with the network destination. The plurality of data may be encrypted according to the security certificate associated with the network destination and provided to the cryptographic service for re-encryption and transmission to the network destination.

Abstract: An approach for managing licenses for software installations on virtual machine (VM) instances in a networked computing environment (e.g., a cloud computing environment) is provided. Specifically, in one example, data (e.g., real-time and/or historical) pertaining to usage of a set of software installations on a set of (VM) instances in the networked computing environment is collected. When a request is received (e.g., from a requester) for a license for a particular software installation of the set of software installations, it is determined whether the license is available. If not, it is then determined whether the license is obtainable based on the collected data and a current configuration of the networked computing environment. Then, responsive to the license being obtainable, the requested license may be allocated.

Abstract: Provided is an electronic device. The electronic device includes at least one processor for executing a plurality of operating systems; and a mobile high-definition link (MHL) module. The operating systems include a normal operating system for controlling a content service and a secure operating system for receiving information for controlling digital rights management (DRM) content from the MHL module and controlling a DRM service.

Abstract: A cryptographically-enabled RFID tag stores a primary secret key and derives secondary keys from the primary key. A secondary key may be derived by combining the primary key with one or more other parameters using one or more algorithms. The tag uses a derived secondary key to encrypt or electronically sign a tag response sent to a verifying entity. The verifying entity does not know the derived secondary key, but knows the tag primary key and the parameters and algorithms used to derive the secondary key and can derive all of the potential secondary keys. The verifying entity can then attempt to authenticate the tag or tag response by trying potential secondary keys.

Abstract: Some embodiments use proxies on host devices to suppress broadcast traffic in a network. Each host in some embodiments executes one or more virtual machines (VMs). In some embodiments, a proxy operates on each host between each VM and the underlying network. For instance, in some of these embodiments, a VM's proxy operates between the VM and a physical forwarding element executing on the VM's host. The proxy monitors the VM's traffic, and intercepts broadcast packets when it knows how to deal with them. The proxy connects to a set of one or more controllers that provides a directory service that collects and maintains global information of the network. By connecting to the controller cluster, the proxy can obtain information that it can use to resolve broadcast requests. In some embodiments, the connection between the proxy and the controller cluster is encrypted and authenticated, to enhance the security.