Abstract: A system and method are provided to monitor and prevent potential enterprise policy and/or rule violations by subscribers.

Abstract: A method including registering an authority device for an account on an auth platform; receiving transaction request from an initiator to the auth platform; messaging the authority device with the transaction request; receiving an authority agent response from the authority device to the auth platform; if the authority agent response confirms the transaction, communicating a confirmed transaction to the initiator; and if the authority agent response denies the transaction, communicating a denied transaction to the initiator.

Abstract: A method of DDoS and hacking protection for internet-based servers using a private network of internet servers utilizes multiple data streams sent over a network of proxy servers to mitigate malicious attacks and ensure fast connections from a user to a destination server. The destination server is hidden from the user and the redundancy of the proxy network serves to maintain security and connection quality between the user and the destination server.

Abstract: A client hosted virtualization system (CHVS) includes a processor to execute code, a component, and a non-volatile memory. The non volatile memory includes BIOS code and code to implement a virtualization manager. The virtualization manager is operable to initialize the CHVS, launch a virtual machine on the CHVS, and assign the component to the virtual machine, such that the virtual machine has control of the component. The CHVS is configurable to execute the BIOS and not the virtualization manager, or to execute the virtualization manager and not the BIOS.

Abstract: Embodiments are directed to automatically unlocking a user device based on proximity to a previously paired accessory.

Abstract: As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.

Abstract: A DNS server receives, from a client device, a DNS query for a resource record type at a domain name. The DNS server determines that the resource record type does not exist at the domain name and generates an answer that indicates that the queried resource record type does not exist at the domain name and also indicates that a plurality of other resource record types exist at the domain name regardless of whether those plurality of other resource record types actually exist at the domain name. The DNS server transmits the generated answer to the client device.

Abstract: A method of encrypting data on a memory device includes receiving a memory transaction request at an inline encryption engine coupled between a processing core and switch fabric in a system on a chip (SOC). The memory transaction request includes a context component and a data component. The context component is analyzed to determine whether the data component will be stored in an encrypted memory region. If the data component will be stored in an encrypted memory region, the data component is encrypted and communicated to a location in the encrypted memory region. The location is based at least on the context component.

Abstract: Protection from malware download is provided. A first input is received to access one of an email attachment or a web site link using an application. A newly generated secure virtual machine is obtained from one of a network server or a cloud computing service. The one of the email attachment or the web site link is sent to the newly generated secure virtual machine for processing.

Abstract: To use both intraframe prediction coding and interframe prediction coding, and at the same time restrict a transfer volume of reference data used in motion detection in interframe prediction coding. In a coding apparatus that compression-codes moving images, both intraframe prediction coding and interframe prediction coding are applied and prediction coding is carried out using a prediction image produced by the coding system deemed to have the higher coding efficiency.

Abstract: Systems and methods for determining access to a home automation system may include receiving a command from a user to perform a home automation function, and determining a privilege for the user, which may be based on the location of the user. The methods may include comparing the command and the user privilege to an authorization list, where the authorization list defines system access to perform home automation functions based at least on individual commands and associated privileges. The methods may also include determining whether to allow the user access to the home automation system to perform the commanded home automation function.

Abstract: A computer implemented method and apparatus comprises detecting a file content update on a first client computer system, the file to be synchronized on a plurality of different types of client computer systems in a plurality of formats. The method further comprises associating a security policy with the file, wherein the security policy includes restrictions to limit one or more actions that can be performed with the file, and synchronizing the file to a second client computing system while applying the security policy to provide controls for enforcement of the restrictions at the second client computer system.

Abstract: A method of classifying privacy relevance of an application programming interface (API) comprises analyzing a set of input applications to identify a plurality of custom APIs and generating a respective taint specification for each identified custom API. The method further comprises generating taint flows based on each taint specification and matching features and associated feature values from the taint flows to a set of feature templates. The method also comprises correlating the matched features and associated feature values with respective privacy relevance of the plurality of custom APIs to identify a set of privacy relevant features. The method further comprises detecting a candidate API, extracting features from the candidate API and comparing the extracted features to the set of privacy relevant features. Based on the comparison, a label is assigned to the candidate API indicating privacy relevance of the candidate API.

Abstract: A computer implemented method for providing location based security controls on a plurality of user devices is provided. The method includes the following steps of: (a) defining a geo location of an area at a server, (b) defining a radius of said area where security policies are effective at the server, (c) retrieving a current location of one or more of users, (d) activating the security policies on the one or more users devices when the one or more users enter within the radius of the area, (e) restricting blacklisted applications and websites to be accessed on the one or more user devices, (f) accessing a camera of the one or more user devices to control the camera, (g) retrieving biometric information of the one or more users, and (h) tracking an attendance of the one or more users based on the biometric information of the one or more users.

Abstract: Software development kit (SDK) class tree structures of malicious SDKs are created, with each node of the SDK class tree structures representing a class of a corresponding malicious SDK. An app class tree structure of a mobile app is also created, with each node of the app class tree structure representing a class of the mobile app. To determine if the mobile app has been created (e.g., repackaged or originally created) using at least one of the malicious SDKs, the app class tree structure is compared against the SDK class tree structures to find an SDK class tree structure that matches the app class tree structure. For confirmation, the similarity of classes of the app class tree structure relative to classes of the SDK class tree structure can be determined.

Abstract: Disclosed are various approaches for integrating application scanning into a mobile enterprise computing management system. A management service instructs the client device to provide a list of installed applications to the management serviceand receives the list of installed applications from the client device. The management service then adds the list of installed applications to an aggregate listing of applications representing a list of client applications installed on one or more client devices. Subsequently, the management service sends to a scanning service a policy comprising an identifier of a client application that is prohibited on the client device. The management service also sends the aggregate listing of applications to the scanning service. The management service then receives a notification from the scanning service that the prohibited client application is present in the aggregate listing of applications.

Abstract: A dynamic data minimization server implements minimization protocols to entity-specific information based on access rights (e.g., privacy rights) of a requesting entity. The minimization may be applied on the fly (e.g., as the entity-specific information is requested) and the level, type, protocol, etc., of encryption (or other minimization process) may be selected based on a particular type of a data item. The dynamic data minimization server may determine and apply transformation functions, such as encryption, to items of protected information, transforming those items of protected information into items of minimized information. If a requesting entity has appropriate rights, the dynamic data minimization server may selectively apply a reverse transformation function, such as decryption, to recover the original information.

Abstract: Automated locating and disconnection of undesired devices may include receiving a unique address of a candidate device, determining the address of the switch coupled to the candidate device based on the address of the candidate device, accessing the switch using the switch address, receiving switch information from the switch, receiving credentials from the user and commands to transform the candidate device into a disconnected state, and determining whether the user is permitted to execute the commands based on the credentials from the user. If it is determined that the user is permitted to execute the commands, the candidate device may be transformed into a disconnected state on the network and its address may be added to a blacklist. A device may be deemed to be undesired on the network due to intrusion events, violation of network policies, or other appropriate criteria.

Abstract: To verify that a mobile gaming device is in communications with an intended server that provides activities and/or services to a player through the mobile gaming device and maintains information related to these activities and/or services, a verification server determines one or more pieces of the maintained information and sends the determined information to a verification device as a confirmation that the mobile gaming device is in communication with the intended server.

Abstract: An image processing apparatus for providing at least a service to a service requestor receives a service execution request and authentication information of a service requestor from the service requestor and issues a request for authenticating the service requestor to an authentication service. Also, the image processing apparatus executes the requested service based on an authentication result transmitted from the authentication service. Further, the image processing apparatus manages an execution state of the executed service and an authentication state of the service requestor by associating the execution state with the authentication state.