Abstract: A method for detecting malware includes the steps of identifying a one or more open network connections of an electronic device, associating one or more executable objects on the electronic device with the one or more open network connections of the electronic device, determining the address of a first network destination that is connected to the open network connections of the electronic device, receiving an evaluation of the first network destination, and identifying one or more of the executable objects as malware executable objects. The evaluation includes an indication that the first network destination is associated with malware. The malware executable objects includes the executable objects that are associated with the open network connections that are connected to the first network destination.

Abstract: A system and a computer program product are disclosed for eliminating access to data on removable storage media of a removable storage media cartridge. The system comprises a computer configured to send to a data storage drive a command to eliminate access to data on a removable storage media cartridge, and send to the data storage drive a command to shred at least one key in response to the command, where shredding the at least one key eliminates access to the data on the removable storage media cartridge. A determination to eliminate access to the data on the removable storage media cartridge is based on a number of read and/or write errors encountered for the removable storage media cartridge.

Abstract: Disclosed are systems, methods, and computer readable media for retrieving digital images. The method embodiment includes converting a descriptive audio stream of a digital video that is provided for the visually impaired to text and then aligning that text to the appropriate segment of the digital video. The system then indexes the converted text from the descriptive audio stream with the text's relationship to the digital video. The system enables queries using action words describing a desired scene from a digital video.

Abstract: A system comprising a broadcast facility, one or more players, and an analytic service center. The broadcast facility may be configured to provide a plurality of streams. The one or more players may be configured to receive at least one of the plurality of streams and provide feedback on a user experience. The analytic service center may be configured to receive the feedback from the one or more players.

Abstract: An interception-proof authentication and encryption system and method is provided that utilizes passcodes with individual pins that are made up of symbols from a set of symbols, and tokens that contain at least two symbols from the set of symbols used for the passcode. Multiple tokens (a “token set”) are presented to a user, with some or all of a user's pre-selected pins (symbols) randomly inserted into some or all of the tokens. The user selects a token from the token set for each pin position in the passcode. The user is authenticated based on the selected tokens. Because each selected token may or may not contain one of the pre-selected pins in the user's passcode, and also contains other randomly generated symbols that are not one of the pre-selected pins in the user's passcode, someone that observes which tokens the user has chosen cannot determine what the user's actual passcode is.

Abstract: Provided are exemplary embodiments including a method for creating and using a personal encounter history using a communication device. The method involves the communication device receiving the transmission of a pseudo identifier from a proximal communication device where the pseudo identifier is associated with the user of the proximal communication device. Once received, the method continues with the wireless communication device requesting and receiving the actual identification of the user of the proximal communication device that is correlated with the pseudo identifier. The communication device includes a transceiver capable of communicating wirelessly with a mobile telecommunications network, a memory device and a processor. To ensure privacy, the processor is capable of receiving a pseudo identifier from a proximate communication device and then requesting an actual identification correlated with the pseudo identifier of the proximate communication device.

Abstract: Embodiments relate to systems and methods for authenticating devices and securing data. In embodiments, a session key for securing data between two devices can be derived as a byproduct of a challenge-response protocol for authenticating one or both of the devices.

Abstract: A secure transcoder assembly features a secure data path where the related crypting and coding functions are secured in the secure data path. More specifically, during transcoding the ingress (received) encrypted video data is decrypted and copied from application memory (that is accessible to the application processor) to secure memory (that is inaccessible to the application processor) by security processor(s). Once in the secured memory, this video data is transcoded. The video data, now in its transcoded form, is re-encrypted by the security processor(s) during the transfer back to application memory for egress (continued transmission). The mode for the re-encrypting may be managed by the application processor via a crypto API, and the application processor may further feature an opaque handle on the data when it is passed to the secure region.

Abstract: An apparatus and a method for protection of data stored in a data storage unit that comprises a plurality of storage areas. A data interface connects to a computer system and transfer of a data signal from the computer system to the apparatus requests access to the data storage unit. A main control unit is configured to receive the data signal and is connected to the data storage unit. A user control unit is connected to the main control unit and is arranged to be set in different modes and generates a mode selection signal indicating the selected mode. The main control unit is configured to receive the mode selection signal, and depending on the selected mode, control connection of the apparatus to a plurality of networks, and direct the request to a storage area of the plurality of storage areas of the data storage unit.

Abstract: A computational engine may comprise a working memory configured to receive a first input message and a second input message, a context memory coupled with the working memory, wherein the context memory is configured to simultaneously store a first context corresponding to the first input message and a second context corresponding to the second input message, and a set of computational elements coupled with the working memory and coupled with the context memory, wherein the set of computational elements is configured to finish generating a first output digest based on the first input message and a first context after starting generation of a second output digest based the second input message and a second context and before finishing the generation of the second output digest.

Abstract: Embodiments of the invention provide for a sensor system with enhanced low-power features. Embodiments can include transmission of sensor data from a transmitter unit to a receiver unit. The sensor data can flag the sensor data with a particular header ID, enabling the receiver unit to route the sensor data to a low-power processing unit within the receiver unit without using the receiver unit's higher-power application processer. Embodiments can also utilize a proprietary encryption engine to provide a supplementary encryption layer to any encryption utilized in the wireless protocol. The transmitter unit can also compress and batch the sensor data for sending, to further increase power savings.

Abstract: A method of converting an original application into a cloud-hosted application includes splitting the original application into a plurality of application components along security relevant boundaries, mapping the application components to hosting infrastructure boundaries, and using a mechanism to enforce a privacy policy of a user. The mapping may include assigning each application component to a distinct virtual machine, which acts as a container for its assigned component.

Abstract: A method and system for protecting against unknown malicious activities by detecting a heap spray attack on a electronic device are disclosed. A script is received at an electronic device from a remote device via a network and a loop operation is detected in the script that contains a write operation operable to write data to a memory of the electronic device. The amount of the data operable to be written to the memory by the write operation is determined and the data is prevented from being written to the memory if the amount of the data is greater than or equal to a threshold.

Abstract: A secret sharing system transforms computational secret shares to homomorphic secret shares. On a data distribution apparatus, a key selector selects K??1 keys. A pseudorandom number generator generates pseudorandom numbers from the keys. An encryption part generates a ciphertext from information using the pseudorandom numbers. A key division part divides the keys into N shares fg(n) using an arbitrary sharing. A ciphertext division part divides the ciphertext into N shares fc(n) using an arbitrary sharing. When K shares fsj(i) are input into distributed data transform apparatuses, a reconstruction part generates a reconstructed value Uj by reconstructing shares fsj(i) using the secret sharing, and when K shares fc(i) are input, generates the reconstructed value Uj by reconstructing shares fc(i) using the arbitrary sharing. A redivision part divides reconstructed value Uj into N shares fUj(n) using a homomorphic secret sharing. A transformer generates share ga(i) of the information from K? shares fUj.

Abstract: Use rules are included within tokenized data either before or after tokenization. The use rules can be appended to the data before or after tokenization, can be used to modify the data before or after tokenization, and can be used to select or generate token tables for use in tokenizing the data. The use rules limit how, where, and when the tokenized data can be used, who can use the tokenized data, and the like. In addition, data can be tokenized such that the tokenized data can be identified as tokenized based on the tokenized data failing a validation test. The data is tokenized using one or more token tables, and the validation test is applied to the tokenized data. If the tokenized data passes the validation test, the data is modified with formatting rules or re-tokenized with additional token tables until the tokenized data fails the validation test.

Abstract: Systems and methods are disclosed for managing and protecting electronic content and applications. Applications, content, and/or users can be given credentials by one or more credentialing authorities upon satisfaction of a set of requirements. Rights management software/hardware is used to attach and detect these credentials, and to enforce rules that indicate how content and applications may be used if certain credentials are present or absent. In one embodiment an application may condition access to a piece of electronic content upon the content's possession of a credential from a first entity, while the content may condition access upon the application's possession of a credential from a second entity and/or the user's possession of a credential from a third entity. Use of credentials in this manner enables a wide variety of relatively complex and flexible control arrangements to be put in place and enforced with relatively simple rights management technology.

Abstract: A location-dependent security method and system for a portable electronic device is disclosed. Without requiring that the user enter any location information, the system determines one or more familiar areas for the device based on locations where the device has received at least a threshold amount of successful user authentication entries. Thereafter, when a user attempts to access the device or an application of the device, the device will implement a first authentication process if the device is in one of the familiar areas, or a different authentication process if the device is not in one of the familiar areas.

Abstract: A cache server for providing content includes a processor configured to receive a first datagram from a client system sent to an anycast address, send a response datagram to the client system in response to the first datagram, receive a request datagram from the client system sent to the anycast address, and send a batch of content datagrams to the client system. The first datagram includes a universal resource locator corresponding to the content. The response datagram includes a content identifier for the content. The request datagram includes the content identifier, an offset, and a bandwidth indicator. The batch of content datagrams includes a portion of the content starting at the offset.

Abstract: A device is configured to perform a method that detects a trigger marker for an action corresponding to a segment of a multimedia signal. A fingerprint is generated based on the segment of the multimedia signal at a trigger time point. The generated fingerprint is stored in a database and communicated to the device. During playback of the multimedia signal, fingerprints of segments of the multimedia signal are generated and matched against fingerprints in the database. When a match is found, one or more associated actions for the segment are retrieved by the device. The trigger time point may be determined as a time point near or at the segment of the multimedia signal with the matched fingerprint. In this way, trigger markers for actions may be enabled without modifying the multimedia signal.

Abstract: Systems and methods are provided to facilitate anticipatory pushing of content to clients of a communications network in such a way that the content is unusable by the anticipatory clients until explicitly requested. Embodiments apply one or more self-keying techniques to a content dataset to generate an anticipatory dataset, such that the anticipatory dataset cannot be used to reconstruct the content dataset without a keying dataset that also can only be generated using the content dataset. The anticipatory dataset is pre-pushed to a client in anticipation of a future request for the content. If and when the client subsequently issues a request for the content dataset, the server intercepts the new copy of the content dataset received in response to the request, uses the content dataset to generate the keying dataset, and communicates the keying dataset to the client for local reconstruction of the content dataset by the client.