Abstract: Systems and methods for sharing content between devices are disclosed. To request a shared piece of media content, a playback device generates and sends a request to content server. The playback device includes information in the request that indicates the playback capabilities of the device. The content server receives the request and determines the playback capabilities of the playback device from the information in the request. The content server then determines the assets that may be used by the playback device to obtain the media content and generates a top level index file for the playback device that includes information about the determined assets. The top level index file is then sent to the playback device that may then use the top level index file to obtain the media content using the indicated assets.

Abstract: In an embodiment, a computer system is configured to receive, from a client computer, a request with one or more values; determine, based on the one or more values, whether the request is from a platform-specific application compiled for a first computer platform; determine, based on the one or more values, whether the platform-specific application is being executed within an emulator being executed by a second computer platform, wherein the second computer platform is different than the first computer platform.

Abstract: Conditional policies can be defined that change based on security measurements of network endpoints. In an example embodiment, a network traffic monitoring system can monitor network flows between the endpoints and quantify how secure those endpoints are based on analysis of the network flows and other data. A conditional policy may be created that establishes one or more first connectivity policies for handling a packet when a security measurement of an endpoint is a first value or first range values, and one or more second connectivity policies for handling the packet. The connectivity policies may include permitting connectivity, denying connectivity, redirecting the packet using a specific route, or other network action. When the network traffic monitoring system detects a change to the security measurement of the endpoint, one or more applicable policies can be determined and the system can update policy data for the network to enforce the policies.

Abstract: Technology, implemented in digital hardware, software, or combination thereof, for completing Secure Hash Algorithm (SHA-2) computation with generating one new hash value at each clock cycle is described. The technology includes: using synchronous logic to store the computed values every alternate clock and combinational logic to process multiple rounds of SHA in each clock; completing hash calculation in unrolled modes; using efficient adders for most 32-bit adders to improve performance.

Abstract: A method for securely connecting to a remote server that provides improved Internet security. In the method, a client receives a request to connect to a remote server associated with a domain name. The client, when resolving the domain name, determines whether the remote server supports at least one predetermined IP layer security protocol. The client performs a key exchange protocol with the remote server to generate at least one shared secret in response to determining that the remote server supports the at least one predetermined IP layer security protocol. The client connects to the remote server using the at least one shared secret in the IP layer security protocol.

Abstract: Systems and methods for sharing content between devices are disclosed. To request a shared piece of media content, a playback device generates and sends a request to content server. The playback device includes information in the request that indicates the playback capabilities of the device. The content server receives the request and determines the playback capabilities of the playback device from the information in the request. The content server then determines the assets that may be used by the playback device to obtain the media content and generates a top level index file for the playback device that includes information about the determined assets. The top level index file is then sent to the playback device that may then use the top level index file to obtain the media content using the indicated assets.

Abstract: A device for controlling network access comprising a first transceiver configured in as open access point device, a second transceiver configured in client mode and configured to connect to a second network, and a human detectable output device. The first transceiver device is configured to request and receive a user access security key. Upon matching the output and received security keys, data access to the network is enabled. Further, the device limits the addresses to which a user client device can transmit data. The user access security key required for the connecting to the first transceiver is time varying.

Abstract: A variety of techniques for performing identity verification are disclosed. As one example, a verification request is received from a remote user. The verification request pertains to a cryptographic key. In response to receiving a confirmation from a local user of the local device, a verification process is initiated. A result of the verification process is transmitted to the remote user. As a second example, a verification request can be received at the local device, from a local user of the device. A verification process with respect to the local user is initiated, and a result of the verification process is transmitted to a remote user that is different from the local user.

Abstract: A sequence generator implemented on a processor that generates a sequence of signals applies a feedback shift register with feedback. A feedback loop connects at least a first and a second shift register element to last shift register element to a first shift register element of the shift register and includes at least one two-input n-state switching functions that is characterized by non-associative switching functions or switching tables. The sequence generator may be part of a scrambler, an autonomous sequence generator, a hash code generator, a communication device, and a data storage device.

Abstract: Described herein are methods, apparatuses, and systems for secure provisioning of devices for manufacturing and maintenance. A method includes provisioning a sensor device by storing identification data for the sensor device and information used to authenticate the identification data in the sensor device. A method includes storing subassembly data for the sensor device and information used to authenticate the subassembly data in the sensor device in response to the sensor device being received and installed in a subassembly unit. The sensor device is installed in response to validating authenticity of the identification data. A method includes connecting the sensor device to a wireless sensor network in response to validating authenticity of one or more of the identification data and the subassembly data. The sensor device is integrated into a larger unit comprising the wireless sensor network.

Abstract: Remote terminals are configured to generate ciphertexts from plaintext polynomials. Each ciphertext corresponds to a plaintext polynomial bound to a message space of a polynomial-based fully homomorphic cryptographic scheme. At least one server is configured to receive ciphertexts via a network from the plurality of remote terminals. The server performs a multiplication operation and an addition operation on the ciphertexts to obtain resultant ciphertexts. The multiplication operation includes performing a bitwise decomposition function on a ciphertext to obtain a bitwise decomposed ciphertext. The bitwise decomposition function maps a multi-bit data type to a sequence of bits. The multiplication operation further includes performing matrix multiplication on the bitwise decomposed ciphertext and a data element belonging to a set of data elements. Message filters, data search engines, and other applications are discussed.

Abstract: Method and devices are provided for controlling access of a device to a remote desktop or an application running on a remote desktop or application server using a remoting protocol. The method includes: registering the device with a device state server to store identifying information, including a push notification token; using the device state server with access to the device identifying information to wake a device state application on the device in response to detection of connectivity between the device and the remote desktop or application server; monitoring the device to determine a device state; sending the device state from the device to the device state server and then to the remote desktop or application server; and determining based on the received device state if an access to the remote desktop or remote application running in the user session is allowed, otherwise blocking the access.

Abstract: A memory protection system includes a memory, one or more physical processors, a hypervisor, and a virtual machine including a guest OS executing on the one or more processors. The hypervisor notifies the guest OS of a first location of a first device and a second location of a second device. The hypervisor specifies a first protection level for the first device and a second protection level for the second device. The hypervisor notifies the virtual machine of the first protection level and the second protection level. The guest OS maps a first memory page accessible by the first device and a second memory page accessible by the second device. The guest OS specifies a first trust level for the first device and a second trust level for the second device. The guest OS compares the trust levels and the protection levels associated with each device.

Abstract: Method for securing control words within a decoder in charge of descrambling digital content protected by these control words, comprising the following steps: for each descrambling unit of this decoder, loading in a directory a pairing key referenced by an identifier associating said key to a descrambling unit; receiving at least one encrypted control word referenced by an indication allowing to identify the descrambling unit for which it is intended; decrypting the control word by using a first key shared with a security module; identifying in the directory the pairing key whose identifier corresponds to the indication of destination associated to the control word; encrypting this control word by using this pairing key; and storing in a register the control word in a chronological and referenced way.

Abstract: Examples disclosed herein relate to unwrap a message received from a remote management service in a first device and to provide the message to a second device. Examples include a first message received in a first device from a remote management service through a firewall, which is unwrapped into a second message. The second message is provided to its destination. In examples, the second message is received in the first device and unwrapped into a third message. The third message is provided to a second device.

Abstract: A computerized technique is provided to analyze a message for malware by determining context information from attributes of the message. The attributes are determined by performing one or more of a static analysis of meta information of the message (e.g., delivery protocol attributes) to generate a first result; a dynamic analysis of an object contained in the message to generate a second result; and, in some embodiments, an emulation of the object to generate a third result. The first result, second result, and third result are correlated in accordance with one or more correlation rules to generate a threat index for the message. The threat index is compared with a predetermined threshold to determine whether the message should be classified as malware and, if so, an alert is generated.

Abstract: A method for controlling an authentication state of an electronic device according to various embodiments of the present disclosure includes authenticating user login with representative authentication information in a first application requiring user authentication, identifying temporary authentication information when authenticating the user in the first application, storing the identified temporary authentication information and the representative authentication information, deciding whether temporary authentication information is identical to the stored temporary authentication information by identifying the temporary authentication information while using the first application, and maintaining the authentication state if the temporary authentication is identical to the stored temporary authentication information.

Abstract: Methods and systems for scrubbing confidential insurance account information are provided. According to embodiments, a scrubbing server can receive a request to scrub confidential insurance data that includes the contents of an insurance account information database and an indication of the category of confidential data stored in the database. The scrubbing server can scrub the valid data contained in the received database, replacing confidential information with “scrambled” data that is not confidential. The scrubbing server can transmit the contents of the scrubbed database back to the requesting party.

Abstract: A computer-implemented method may hide sensitive information, such as sensitive information relating to auto, home, life, or renters insurance, banking, and/or vehicle loans. In one aspect, the method may commence or execute an eavesdropper detection functionality or application. The method may also detect an unauthorized viewer or eavesdropper is viewing, or potentially viewing, a display screen associated with the mobile device for more than a threshold duration of at least one second, determine that sensitive or confidential information is being displayed or about to be displayed, on the display screen, and prevent the unauthorized viewer or eavesdropper from viewing the sensitive or confidential information via the display screen to facilitate hiding sensitive or confidential information.

Abstract: A computer-implemented method may hide sensitive information including when no one is looking at a display screen of a client computing device, such as sensitive information relating to auto, home, life, or renters insurance, banking, and/or vehicle loans. In one aspect, the method may determine that confidential or sensitive information is being displayed on a display screen of a computing device of a user. The method may also collect image data from a front facing camera in communication with the computing device, and determine that zero or two or more people are viewing the display screen for more than a threshold duration of at least one second. The method may further blur or obscure the confidential or sensitive information being displayed on the display screen when it is determined that the zero or two or more people are viewing the display screen for more than the threshold duration.