Abstract: In one embodiment a method comprises initiating, by a network attached storage device, a virus scan process on the network attached storage device, receiving, by the network attached storage device, a first file access request that identifies a file, and interrupting the virus scan process to respond to the first file access request.

Abstract: Determining malware status of a file is disclosed. An apparatus obtains information about an unknown target file, obtains system context of the unknown target file, and determines the unknown target file as clean if the system context matches with one or more predetermined conditions indicative of cleanliness. The predetermined conditions of cleanliness include at least the target file being located in a directory which contains other clean files.

Abstract: Methods, systems, and devices are described for encryption key storage and modification in a data storage device. A portion of an encryption key may be stored in a first storage medium, and one or more bits of the encryption key may be stored in a one-time writable storage location. Data received at the data storage device may be encrypted using the encryption key, and may be stored in a storage medium. In the event that it is no longer desired to allow users to access the encrypted data stored in the storage medium, the one or more bits of the encryption key stored in a one-time writable storage location may be modified. Such modification thereby prevents decryption of the encrypted data and effectively precludes access to the encrypted data.

Abstract: According to this disclosure, a user is identified (and selectively granted access to protected resources) by using information that describes the user's interpersonal relationships. This information typically is stored in a datastore, such as a digital address book, an online profile page, or the like. The user's digital address book carries an “acquaintance pattern” that changes dynamically in time. This pattern comprises the information in the user's contact list entries. In this approach, the entropy inherent in this information is distilled into a unique acquaintance digest (or “fingerprint”) by normalizing the contact list data, and then applying a cryptographic function to the result.

Abstract: An Internet infrastructure delivery platform (e.g., operated by a service provider) provides an RSA proxy “service” as an enhancement to the SSL protocol that off-loads the decryption of the encrypted pre-master secret (ePMS) to an external server. Using this service, instead of decrypting the ePMS “locally,” the SSL server proxies (forwards) the ePMS to an RSA proxy server component and receives, in response, the decrypted pre-master secret. In this manner, the decryption key does not need to be stored in association with the SSL server.

Abstract: A disclosed example method for requesting neighboring network information from a device involves encoding a request for neighboring network information and sending the request to an authentication server to obtain the neighboring network information. The example method also involves receiving a response to the request, retrieving the neighboring network information contained in the response, and decoding the neighboring network information. The decoded neighboring network information is stored.

Abstract: There are disclosed techniques for use in detecting malicious websites. In at least one embodiment, there is disclosed a technique for generating a profile in connection with a website. The profile comprising at least one attribute associated with the website. The technique also comprises collecting information relating to the website during a visit to the website. The technique further comprises detecting a change in connection with the website. The detection of the change comprises identifying a variation between the generated profile and the collected information.

Abstract: An image is selected responsive to receiving an access request for access to protected content. An access code is assigned to the image, and the image is partitioned into a plurality of image tiles. Each image tile comprises a code segment, which is a part of the access code. The image tiles are then scrambled into a scrambled version of the image and displayed to a user. The user rearranges the scrambled version of the image to reassemble the image, identifies a correct sequence for the code segments, and then enters the code segments in the correct sequence as a codeword. The codeword is matched against the assigned access code. If they match, the user is granted access to the protected content. Otherwise the person is denied access to the protected content.

Abstract: Provided are methods and systems for mitigating a DoS attack. A method for mitigating a DoS attack may commence with receiving, from a client, a request to initiate a secure session between the client and a server. The method may continue with determining whether the client is on a whitelist. Based on a determination that client is absent from the whitelist, a pre-generated key may be sent to the client. The method may include determining validity of the established secure session. The determination may be performed based on further actions associated with the client. Based on the determination that the secure session is valid, a renegotiation of the secure session may be forced. The method may further include generating a new key using a method for securely exchanging cryptographic keys over a public channel. The new key is then sent to the client.

Abstract: In some implementations, a computing device includes an identifier that is embedded into a firmware of the computing device. The identifier uniquely identifies the computing device from other computing devices. The computing device may send a request to a server to provide credentials to enable the computing device to access a secured resource, such as secured data or a secured system. The computing device may provide the server with the identifier to enable the server to determine whether the computing device is authorized to access the secured resource. If the server determines that the computing device is authorized, the server may provide the credentials to the computing device. If the server determines that the computing device is unauthorized, the server may cause the computing device to perform one or more actions to render the computing device inoperable and/or render the resource inaccessible.

Abstract: The invention provides a method and apparatus for providing content in a network having a network proxy arranged between a mobile terminal and a content provider. The method features a step of adapting or transforming the content in the network proxy based on one or more digital rights issued by the owner of the content. The network proxy includes an adaption policy module that receives the digital rights and provides an adaption policy; and an adaption engine module that receives the adaption policy and the content from the content provider, and provides adapted content to the terminal. In operation, the network proxy uses the digital rights to determine an optimal adaptation policy and then uses that to transform the content.

Abstract: Methods and apparatus to provide on-the-fly key computation for Galois Field (also referred to Finite Field) encryption and/or decryption are described. In one embodiment, logic generates a cipher key, in a second cycle, based on a previous cipher key, generated in a first cycle that immediately precedes the second cycle. Other embodiments are also described.

Abstract: An infrastructure delivery platform provides a RSA proxy service as an enhancement to the TLS/SSL protocol to off-load, from an edge server to an external cryptographic server, the decryption of an encrypted pre-master secret. The technique provides forward secrecy in the event that the edge server is compromised, preferably through the use of a cryptographically strong hash function that is implemented separately at both the edge server and the cryptographic server. To provide the forward secrecy for this particular leg, the edge server selects an ephemeral value, and applies a cryptographic hash the value to compute a server random value, which is then transmitted back to the requesting client. That server random value is later re-generated at the cryptographic server to enable the cryptographic server to compute a master secret. The forward secrecy is enabled by ensuring that the ephemeral value does not travel on the wire.

Abstract: One or more embodiments of techniques or systems for connection authentication are provided herein. A mobile device or device may act as an initiator of a connection with a vehicle, which acts as a target. A user utilizing the device may initiate a connection request by launching an application or browser on the device. The device transmits the connection request to the vehicle. The vehicle may receive the connection request and respond with a device identifier (ID) request. A user of the device may select whether or not to continue. If the user continues, the device transmits a device ID of the device to the vehicle. An interface component may render the connection request for an occupant of the vehicle, such as the driver, and await a response. In this way, a driver of a vehicle may act as a gatekeeper for connections.

Abstract: A method or system of receiving an electronic file containing content data in a predetermined data format, the method comprising the steps of: receiving the electronic file, determining the data format, parsing the content data, to determine whether it conforms to the predetermined data format, and if the content data does conform to the predetermined data format, regenerating the parsed data to create a regenerated electronic file in the data format.

Abstract: The present invention is directed to an apparatus, a method, and a computer program product for authenticating a user based on a sequence of rhythmic inputs. The user via a mobile device provides one or more inputs (e.g., pushing a button, tapping a touchscreen, a biometric, or the like) to one or more sensors associated with the mobile device as an attempt of authorization. The one or more inputs may be provided in a rhythmic manner (e.g., provided in time with music). The present invention then compares the provided one or more inputs to one or more predetermined sequences of inputs that are associated with positive authentication of the user (e.g., a known password). The phone determines that the one or more provided inputs match one or more predetermined rhythmic sequences associated with positive authentication of the user and authenticates the user.

Abstract: A method of encrypting and transferring data between a sender and a receiver using a network thereby transferring data in a secure manner includes the steps of a server receiving from the sender an identifier of the receiver; generating a transfer specific encryption key specific to the transfer; encrypting the data using the generated transfer specific encryption key; the server retrieving information specific to the receiver that is accessed according to the identifier of the receiver received from the sender, and using the retrieved information specific to the receiver to encrypt the transfer specific encryption key; transferring the encrypted data and the encrypted transfer specific encryption key over the network for receipt by the receiver; the server receiving from the receiver the encrypted transfer specific encryption key and identifier of the receiver; the server retrieving information specific to the receiver that is accessed according to the identifier of the receiver received from the receiver, a

Abstract: The present invention is directed to an apparatus, a method, and a computer program product for authenticating a user based on a sequence of rhythmic inputs. The user via a mobile device provides one or more inputs (e.g., pushing a button, tapping a touchscreen, a biometric, or the like) to one or more sensors associated with the mobile device as an attempt of authorization. The one or more inputs may be provided in a rhythmic manner (e.g., provided in time with music). The present invention then compares the provided one or more inputs to one or more predetermined sequences of inputs that are associated with positive authentication of the user (e.g., a known password). The phone determines that the one or more provided inputs match one or more predetermined rhythmic sequences associated with positive authentication of the user and authenticates the user.

Abstract: A device generates parameters identifying selectively revealed un-obfuscated information associated with administering and assessing a Turing test. The device provides, to a client device, a challenge based on the parameters. The challenge directs the client device to selectively reveal the un-obfuscated information for presentation to a user associated with the client device. The device receives a response, to the challenge, from the client device and determines, based on the response and the parameters, whether the user associated with the client device is human. The device selectively performs an action based on determining whether the user associated with the client device is human.

Abstract: In one embodiments, a method for authorizing access for an application programming interface (API) client or API client device to data of one or more data models of one or more smart devices includes retrieving a number of access tokens from an authorization server, and providing, via a single connection, the number of access tokens in a request made by the API client or the API client device to the API, wherein the number of access tokens are used to verify access rights of the API client or the API client device to read data for a number of users associated with the one or more data models of the one or more smart devices.