Abstract: A system and method are provided for enabling access to presence status for mobile devices. The method comprises receiving, via an application programming interface, an application inquiry, the application inquiry requesting a presence data for at least one mobile device; responsive to receiving said inquiry, obtaining network data from one or more network infrastructure nodes associated with providing service to the at least one mobile device; determining a response to the application inquiry based upon the network data; and providing the response via the application programming interface.

Abstract: A system and method are provided for enabling access to presence status for mobile devices. The method comprises receiving, via an application programming interface, a subscription request, the subscription request requesting a presence data for at least one mobile device; registering a subscription for a subscriber device according to the subscription request; obtaining network data from one or more network infrastructure nodes associated with providing service to the at least one mobile device; determining that at least a portion of the network data is associated with the subscription; and providing the at least a portion of the network data to the subscriber device via the application programming interface.

Abstract: A technique for determining scan lanes is provided. For a set of patterns, a number of scan lanes is estimated to be utilized on an accelerator. The number of the scan lanes estimated for the set of patterns is iteratively incremented to optimize a throughput of the accelerator. The set of patterns is distributed to the number of the scan lanes as a distribution, and each one of the scan lanes has a predetermined number of engines. A size of a memory space is evaluated that is needed for the distribution to distribute the set of patterns onto the number of scan lanes.

Abstract: Features are disclosed for enabling servers to initiate the opening of connections with clients, initiate transfers of data to clients, and provide clients with hints regarding which content retrieval, connection establishment, and other network operations will likely improve user-perceived performance on the client. A token may be transmitted from a client to a server, and the server may utilize the token to initiate a network connection with the client and send data to the client. The token may also be passed to a third party for similar use. Hints may be provided to the client, indicating actions that the client may perform in order to improve content processing efficiency and enhance a user experience with the content. The disclosed features may, for example, be incorporated into web browser and server software.

Abstract: A network appliance that monitors multimedia content requested by at least one networked computer coupled to a local area network and the Internet. The appliance includes a database, at least one interface processing packetized data encapsulating TCP/IP packet data generated by the network computer(s) and communicated over the local area network, routing logic for the TCP/IP packet data, and processing means processing the TCP/IP packet data to identify whether it specifies a URL representing at least one particular file type of multimedia content, and if so, adds the specified URL and an associated date and time to the database. It can include a first mechanism monitoring physical connections/disconnections to the local area network over time, and a second mechanism monitoring Internet connectivity over time. It can also provide access to information stored in the database and/or provide upload of stored information to a remote system for remote access to such information.

Abstract: A method of provisioning a subordinate trusted security zone in a processor having a trusted security zone. The method comprises receiving by a master trusted application executing in a master trusted security zone of the processor a request to provision a subordinate trusted security zone in the processor, wherein the request comprises a master trusted security zone key, wherein the request designates the subordinate trusted security zone, and wherein the request defines an independent key. The method further comprises provisioning by the master trusted application the subordinate trusted security zone to be accessible based on the independent key.

Abstract: The invention describes a method for executing an application (A) which comprises executable native or interpretable code and calls functions of an operating system (BS), whereby the operating system (BS) transmits a result of the respective function call (f1) to the application (A). The method according to the invention is characterized by the fact that the application (A) checks the result of a respective function call for a falsification, so as to detect an attack.

Abstract: A method is disclosed for checking HDCP link integrity in a High-bandwidth Digital Content Protection (HDCP) transmitter. From an HDCP receiver communicatively coupled to the HDCP transmitter by an HDCP-protected interface, a single-bit value indicative of HDCP 1.1 feature support is read. When the single-bit value is true, HDCP Enhanced Link Verification is used in the HDCP transmitter. When the single-bit value is false, the method determines whether the HDMI receiver supports HDCP Enhanced Link Verification, and if so, HDCP Enhanced Link Verification is used in the HDCP transmitter.

Abstract: One embodiment receives at a first node in at least a portion of a network a routing table, the portion of the network comprising the first node and one or more second nodes, the routing table specifying the immediate neighbor that provides each of the best paths in the portion of the network based on a total cost; using the routing table, determines at the first node every second node that is necessary for the first node to reach all edges of the network, the second nodes that are necessary for the first node to reach all edges of the network comprising an active set for the first node; and sends a message from the first node to every second node to facilitate determining whether to shut down the second node.

Abstract: Normally, at the time of manufacturing, security may be provided to a device being manufactured through the loading of an operating system that has been cryptographically signed. The present application discloses a “factory mode” for the device. The “factory mode” allows the device to execute untrusted operating system code, such as unsigned operating system code and operating system code that has been signed, but the certificate authority is not trusted. To support execution of untrusted operating system code in a secure manner, the device may be adapted to prevent data of predetermined type from being loaded on the device while the device is in the “factory mode”. In contrast to the “factory mode”, the secure mode of the device is referred to herein as a “product mode”. There develops a need to manage, in a secure manner, transitions between the “product mode” and the “factory mode”.

Abstract: A method of converting an original application into a cloud-hosted application includes splitting the original application into a plurality of application components along security relevant boundaries, mapping the application components to hosting infrastructure boundaries, and using a mechanism to enforce a privacy policy of a user. The mapping may include assigning each application component to a distinct virtual machine, which acts as a container for its assigned component.

Abstract: A computer-implemented method for determining whether profiles associated with social-networking websites have been compromised may include (1) creating a database of validated-content identifiers that identify valid content published on a social-networking profile, (2) determining, by monitoring the social-networking profile, that at least one item of content has been illegitimately published on the social-networking profile, and then (3) performing at least one security action on the social-networking profile. Various other systems, methods, and computer-readable media are also disclosed.

Abstract: A Secure Digital (SD) card, and an system and an operating method for the SD card are disclosed. The disclosed SD card has a Flash memory and a controller. The Flash memory contains a data storage space and a Content Protection Recorded Media (CPRM) support space. The controller executes a firmware of the SD card, such that read/write commands provided from a host for the CPRM support space are regarded and executed as security commands and a CPRM mechanism is operated over the data storage space.

Abstract: Systems and methods for managing system resources on distributed servers are discussed. The servers may determine, using control circuitry, a system resource metric of the server. The system resource metric may be compared with a pre-determined threshold value. Based on the comparison of the system resource metric with a pre-determined threshold value, the server may determine whether to initiate maintenance on the server. If it is determined that maintenance should be initiated, the server may enter a not-in-service mode and the server may initiate maintenance. Once maintenance is complete, the server may exit the not-in-service mode.

Abstract: Supporting of multiple concurrent tasks to be submitted via a single web-browser is important because it improves efficiency for user to utilize the web browser for daily works. The supporting of web based multitasking is also an important step towards creating a web based computer user work environment.

Abstract: Supporting of multiple concurrent tasks to be submitted via a single web-browser is important because it improves efficiency for user to utilize the web browser for daily works. The supporting of web based multitasking is also an important step towards creating a web based computer user work environment.

Abstract: An authentication system receives encrypted terminal identification information and terminal identification information, from a transmission terminal, and determines whether decrypted identification information decrypted using a terminal public key obtained by the authentication system matches the terminal identification information received from the transmission terminal.

Abstract: Described systems and methods allow the detection and prevention of malware and/or malicious activity within a network comprising multiple client computer systems, such as an enterprise network with multiple endpoints. Each endpoint operates a hardware virtualization platform, including a hypervisor exposing a client virtual machine (VM) and a security VM. The security VM is configured to have exclusive use of the network adapter(s) of the respective endpoint, and to detect whether data traffic to/from the client VM comprises malware or is indicative of malicious behavior. Upon detecting malware/malicious behavior, the security VM may block access of the client VM to the network, thus preventing the spread of malware to other endpoints. The client system may further comprise a memory introspection engine configured to perform malware scanning of the client VM from the level of the hypervisor.

Abstract: A combination-based broadcast encryption method includes: assigning by a server a base group of different combinations to each user; producing and sending secret information for each user by using as a base the base group allocated to each user; producing and sending an inverse-base parameter value through calculations with integers used to produce the base group and key value information of one or more privileged users; and deriving a group key by using the key value information of the privileged users, encrypting a session key by using the derived group key, and sending the encrypted session key to each user. Accordingly, each user is assigned a different base through a combination, thereby having security against collusion attacks.

Abstract: A method enables selected features of a software product residing on an end user electronic device with a license delivered from a licensing provider to a service provider of the end user electronic device. The method includes requesting at least one license to authorize a first service provider. An encrypted installation key uniquely associated with the first service provider is received as well as an authorization agent module for installation on one or more authorization agent devices associated with the first service provider. The encrypted installation key and the authorization agent module are installed on the authorization agent devices. A device-unique identifier (DUID) is generated for each authorization agent device based on hardware characteristics of the respective authorization agent devices. The DUID and the encrypted installation key are sent from the authorization agent device to a licensing provider to obtain the requested license.