Abstract: A computer-implemented method for scanning data stored on cloud computing platforms may include (1) identifying a cloud computing service that hosts a plurality of cloud computing instances and a plurality of data volumes that store data for the plurality of cloud computing instances, (2) determining that a data volume within the plurality of data volumes that stores data for a cloud computing instance within the plurality of cloud computing instances is subject to a security scan, (3) detecting a computing system that is external to the cloud computing instance, and (4) performing the security scan on the data volume from the computing system that is external to the cloud computing instance instead of performing the security scan from within the cloud computing instance. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques utilizing common encryption approaches for data from multiple parties enable those parties to discover information that is held in common by the parties without disclosing to any party information that is not held in common by the parties. Encrypted information for each party can be compared to determine which encrypted values match, and those encrypted values can be returned to any of the parties such that a party can determine which corresponding data the parties have in common without having access to any other data of any other parties.

Abstract: A social network (SNET) is divided into one or more circles employing separate security secrets, e.g. keys, for communication between members. A device can be a member of more than one circle, and store different keys for each of those circles in separate, restricted portions of memory. When a member leaves a circle, new keys can be generated and distributed to the remaining members. Before and after joining a circle, a level of trust associated with the device or human member can be determined based on third party trust verification and a trust history. A requirement for multiple current circle members to vouch for the prospective member can be imposed as a condition of membership. Each circle can be assigned different trust and access levels, and authorization to receive information can be checked before transmitting information between circles.

Abstract: Data between a client and a server is pinned through a receiving interworking unit and a transmitting interworking unit connected via a non-IP based communications path. The receiving interworking unit and transmitting interworking unit convert received data between IP and a non-IP based communications protocols. The transmitting interworking unit receives IP data for the client from the server. The data is converted and transmitted via the non-IP based communications link to the receiving interworking unit, which converts the data back into an IP format and forwards the converted data on to the client. One segment of the path between server and client transports the data in a non-IP format. Neither IP client nor the server are aware of the non IP segment and no change in their IP network mode of operation is required.

Abstract: A method, apparatus and/or system generates a challenge for user authentication, having a challenge data element from a stored pool of challenge data elements. The challenge is based on rule data and stored usage data associated with at least some of the challenge data elements in the stored pool of challenge data elements. The generated challenge is sent for use in an authentication of a user to a sender. A method, apparatus and/or system also generates sender authentication and corresponding location information, having a data element from a stored pool of challenge data elements. Selection of the data elements is based on rule data and stored usage data associated with at least some of the data elements in the stored pool of data elements.

Abstract: The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM. The trigger event may be analyzed in relation to a set of heuristics, and based on the analysis, a data collection process may be initiated wherein the data comprises information about events occurring in the first virtual machine.

Abstract: A system, method, and computer program product are provided for conditionally performing a scan of data based on an associated data structure. In use, at least one aspect is identified for each of a first plurality of scanners utilized to perform a scan on data at a first network device. Additionally, at least one data structure is associated with the data, where the at least one data structure reflects the at least one aspect of each of the first plurality of scanners. Furthermore, a subsequent scan on the data is conditionally performed utilizing each of a second plurality of scanners at a second network device, based on the at least one data structure.

Abstract: A registration part receives a product key of a program for performing a communication using a private key and a public key, and discrimination information of a computer using the program. The registration part registers in a management part, when an authentication of a license corresponding to the product key is completed in success, correspondence information between the product key and the discrimination information and other discrimination information regarding the correspondence information. A discrimination information sending part returns the other discrimination information to an electronic certificate issue apparatus. A checking part receives the other discrimination information and check whether the other discrimination information is registered in the management part.

Abstract: In accordance with the exemplary embodiments of the invention there is at least a method, apparatus, and executable program of computer instructions to perform the operations of establishing and initializing a set of platform configuration registers, where a first subset of platform configuration registers is defined as being non-resettable, and a second subset of platform configuration registers is defined as being resettable, storing initial boot-up system state information in one or more non-resettable platform configuration registers, dynamically resetting (2) a value of a platform configuration register identified by a reference integrity metric to reflect a measurement value provided by the reference integrity metric, and responding to an attestation request (0) with an attestation response (5) including dynamic information from the platform configuration register that was reset and system state information from a non-resettable platform configuration register.

Abstract: A method of accessing local applications when roaming on a NFC mobile device may include creating a first partition and a second partition on a secure element (SE) of a subscriber identification module (SIM) of a near field communication (NFC) enabled device. The home TSM separates the first partition and the second partition by public key encryption. The home TSM generates cryptographic keys in response to a request by a roaming TSM for access to the second partition of the SIM. Following the exchange of security keys, the home TSM delegates to the roaming TSM access to the second partition of the SIM.

Abstract: A method of accessing local applications when roaming on a NFC mobile device may include creating a first partition and a second partition on a secure element (SE) of a subscriber identification module (SIM) of a near field communication (NFC) enabled device. The home TSM separates the first partition and the second partition by public key encryption. The home TSM generates cryptographic keys in response to a request by a roaming TSM for access to the second partition of the SIM. Following the exchange of security keys, the home TSM delegates to the roaming TSM access to the second partition of the SIM.

Abstract: A system and method for local operations in a communications system are provided. A method for device operations includes identifying, at a communications controller of a communications system, identification information in a packet received from a machine-to-machine device, and determining if the packet is to be processed locally according to the identification information. The method further includes routing the packet to a local destination if the packet is to be processed locally, and routing the packet to a remote destination if the packet is not to be processed locally.

Abstract: An authentication device includes circuitry that holds L (L?2) secret keys si (i=1 to L) and L public keys yi that satisfy yi=F(si) with respect to a set F of multivariate polynomials of n-th order (n?2). The circuitry also performs with a verifier, an interactive protocol for proving knowledge of (L?1) secret keys si that satisfy yi=F(si). The circuitry receives L challenges from the verifier, arbitrarily selects (L?1) challenges from the L challenges received. The circuitry also generates, by using the secret keys si, (L?1) responses respectively for the (L?1) challenges selected, and transmits the (L?1) responses generated.

Abstract: A mechanism is provided for a non-converged network for a service provider. A core network is divided into individually managed domains, where each of the domains comprises multiprotocol label switching for packets. A management system is coupled to each of the domains. Network elements in each of the domains are restricted from directly transferring packets to network elements in another one of domains. Each of the domains has a domain firewall at an edge of the domains, and the domain firewall restricts packets from being received from other domains. To transfer packets from one domain to another domain, the management system receives the packets from one domain and transfers the packets to the other domain after authentication.

Abstract: In one embodiment, a method comprises providing an apparatus having exclusive access to each of one or more central processing units (CPUs) of a computing system and exclusive access to host resources of the computing system; and controlling, by the apparatus, execution of a virtual machine in the computing system based on the apparatus controlling access to any one of the CPUs or any one of the host resources according to prescribed policies for the virtual machine, the prescribed policies maintained exclusively by the apparatus.

Abstract: Phishing and online fraud prevention in one aspect includes a user computer implementing operations such as establishing a VPN tunnel between the user computer and a network operations center, activating a website launcher, reading user credentials from a smartcard, launching a browser in a sandboxed execution environment, and requesting a whitelisted webpage from the network operations center, via the VPN tunnel. The network operations center comprises one or more servers implementing operations such as determining if a user requested webpage is listed for access by the user, and loading and sending the requested webpage to the user, via the VPN tunnel, if the requested webpage is listed for access by the user. The user computer supplies the user credentials to the website and presents a webpage, a homepage, or a one-time password entry page for the website.

Abstract: The present invention systems and methods facilitate secure communication of information between devices. A present invention system and method can enable secure communication of proprietary content in a HDCP compliant configuration. In one embodiment, a high definition content protection key secure management method is utilized to enable efficient and secure storage of a HDCP key. A high definition content protection key value is received. The high definition content protection key is encrypted utilizing a secure key value, wherein the secure key value is not accessible via an external port. In one exemplary implementation, the secure key is stored in fuses included in a processing unit. The results of said encrypting in a memory (e.g., a BIOS memory, flash memory, etc.).

Abstract: A device is configured to perform a method that detects a trigger marker for an action corresponding to a segment of a multimedia signal. A fingerprint is generated based on the segment of the multimedia signal at a trigger time point. The generated fingerprint is stored in a database and communicated to the device. During playback of the multimedia signal, fingerprints of segments of the multimedia signal are generated and matched against fingerprints in the database. When a match is found, one or more associated actions for the segment are retrieved by the device. The trigger time point may be determined as a time point near or at the segment of the multimedia signal with the matched fingerprint. In this way, trigger markers for actions may be enabled without modifying the multimedia signal.

Abstract: Computer systems and methods are provided in which an agent executive, when initially executed in a virtual machine, obtains an agent API key from a user. This key is communicated to a grid computer system. An agent identity token, generated by a cryptographic token generation protocol when the key is valid, is received from the grid and stored in a secure data store associated with the agent executive. Information that evaluates the integrity of the agent executive is collected using agent self-verification factors. The information, encrypted and signed with a cryptographic signature, is communicated to the grid. Commands are sent from the grid to the agent executive to check the security, compliance, and integrity of the virtual machine processes and data structures. Based on these check results, additional commands are sent by the grid to the agent executive to correct security, compliance or integrity problems and/or to prevent security compromises.

Abstract: Embodiments are provided for managing shared content with a content management system. In some embodiments, a request is received for a history of content shares for an authenticated account, at least one content share is retrieved for the authenticated account, the at least one content share having at least one shared item and at least one recipient identifier, information on the at least one content share on a user interface is displayed, and a request is received to modify the at least one content share and updating the at least one content share in response to the request.