Abstract: A method for attesting a component of a system during a boot process. The method includes steps of: verifying that the system is in a trusted state; in response to verifying that the system is in a trusted state, requesting an enrollment of the system wherein the requesting step further comprises the step of: retrieving enrollment data associated with the system; retrieving current input data associated with the component of the system; comparing the current input data against the enrollment data in order to determine whether the system can retain its trusted state; wherein in response to the comparing step, if the current input data matches the enrollment data, the system retains its trusted state; and accepting the trusted state until receipt of a notification, from the system having a retained trusted state, of an update to the system.

Abstract: A system and method for authentication policy orchestration may include a user device, a client device, and a server. The server may include a network interface configured to be communicatively coupled to a network. The server may further include a processor configured to obtain, from a client device via the network, a transaction request for a transaction, determine an authorization requirement for the transaction request based, at least in part, on a plurality of authorization policies, individual ones of the plurality of authorization policies being separately configurable by at least one of a relying party and an authorizing party, and complete the transaction based on the authorization requirement having been met.

Abstract: A mechanism is provided for a non-converged network for a service provider. A core network is divided into individually managed domains, where each of the domains comprises multiprotocol label switching for packets. A management system is coupled to each of the domains. Network elements in each of the domains are restricted from directly transferring packets to network elements in another one of domains. Each of the domains has a domain firewall at an edge of the domains, and the domain firewall restricts packets from being received from other domains. To transfer packets from one domain to another domain, the management system receives the packets from one domain and transfers the packets to the other domain after authentication.

Abstract: A method for managing an operation of an encrypted global interleaved memory space physically implemented according to an interleaving addressing scheme in encrypted memory banks of a plurality of memories respectively belonging to a plurality of channels. The method includes providing each channel with a local address pointer configured to be incrementally moved along the global memory space each time the global memory space is addressed at the current address pointed by the pointer, and in an absence of movement of the local pointer of a channel during a time period, addressing the global memory space from the channel through the address interleaving with a specific transaction at the current address, and upon reception at the channel of the specific transaction having been initiated by the channel, re-encrypting data located at the current address with a new encryption key and incrementing the local address pointer to its next position.

Abstract: A method for security for inter-RAT carrier aggregation is disclosed. The method includes encrypting a message using an encryption technique for a first RAT. The method also includes sending, to a UE, at least a portion of the encrypted message using a different, second RAT. Sending using the second RAT does not further encrypt the at least a portion of the encrypted message. The method further includes receiving the at least a portion of the message encrypted using the first RAT protocol. Receiving uses the second, different RAT. The method also includes decrypting the at least a portion of the message using the first RAT protocol. Apparatus and computer readable media are also described.

Abstract: Described herein are methods, network devices and machine-readable storage media for detecting whether a message is a phishing attack based on the collective responses from one or more individuals who have received that message. The individuals may flag the message as a possible phishing attack, and/or may provide a numerical ranking indicating the likelihood that the message is a possible phishing attack. As responses from different individuals may have a different degree of reliability, each response from an individual may be weighted with a corresponding trustworthiness level of that individual, in an overall determination as to whether a message is a phishing attack. A trustworthiness level of an individual may indicate a degree to which the response of that individual can be trusted and/or relied upon, and may be determined by how well that individual recognized simulated phishing attacks.

Abstract: Aspects described herein allow multiple devices to function as a coherent whole, allowing each device to take on distinct functions that are complementary to one another. Aspects described herein also allow the devices function as a coherent whole when interconnected devices and their respective applications are configured to operate in various operation modes, when management policies are employed to control the operation of the interconnected devices and their respective applications, when transferring content between the interconnected devices and storing the content at those devices, when obtaining access credentials for the interconnected devices that enable the devices to access enterprise resources, when a policy agent applies management policies to control operation of and interaction between the interconnected devices, and when the interconnected devices are used to access an enterprise application store.

Abstract: Generally, this disclosure describes a method and system for authenticating to a network via a device-specific one-time password. A method in an embodiment may include generating a first one-time password (OTP) based at least in part on a plurality of client device attributes; and providing the first OTP to an authenticator associated with a private network during a first session, wherein the authenticator is configured to authenticate the client device to at least one of the private network and protected content included in the private network for a second session following the first session based on the provided first OTP.

Abstract: Systems and techniques can include one or more computer-implemented methods that include: digitally signing Universal Resource Locator (URLs), which have been isolated from a source playlist document, to generate digitally signed URLs; generating a protected playlist document from the digitally signed URLs; and providing the protected playlist document for use in a video on demand system. The digitally signed URLs can be in a protected master playlist document and can point to two or more sub-playlist documents, which can themselves be protected. The digitally signed URLs can be in a protected sub-playlist document and can point to encrypted video fragments. In addition, a URL of the protected master playlist document can itself be digitally signed, and the digitally signed master playlist URL can be sent to a mobile device in response to a request for video from the mobile device.

Abstract: Systems and methods of the present disclosure are directed to providing a digital reputation score. The server can generate a first reputation score of a user based on the user's online activity, identity verification, and online transaction history. The server can identify, from the user's online account, a first set of online accounts with which the user established a unidirectional trust relationship from the user to the first set of online accounts. The server can identify, from the user's online account, a second set of online accounts with which the user established a unidirectional trust relationship from the user to the second set of online accounts. The server can generate a second reputation score based on the first number and second number of trust relationships from the first set and second set of online accounts respectively. The server can generate a third reputation using the first and second reputation scores.

Abstract: One embodiment provides a system that facilitates routers in verifying content objects in a cost-effective manner by aggregating content objects into a secure content catalog. During operation, a client computing device receives a secure content catalog, which indicates a set of content objects and their corresponding digests. The catalog is digitally signed with the private key of a producer of the catalog. The client computing device constructs an interest for a content object, where the interest indicates a name for the content object and the corresponding digest for the content object, which is based on the secure content catalog. The name for the request content object is a hierarchically structured variable length identifier (HSVLI) which comprises name components ordered from a most general level to a most specific level.

Abstract: An apparatus for encrypting data is provided. The apparatus is capable of symmetrically encrypting data and then encrypting the symmetrically encrypted data with the aid of a bit string. The bit string has a maximum entropy. Encryption of the symmetrically encrypted data is designed such that a section of the bit string is used for encryption and successive encryption operations are carried out with carrying sections of the bit string while the bit string remains unchanged.

Abstract: Systems and methods may provide implementing one or more device locking procedures to block access to a device. In one example, the method may include receiving an indication that a user is no longer present, initiating a timing mechanism to set a period to issue a first device lock instruction to lock a peripheral device, relaying timing information from the timing mechanism to a controller module associated with the peripheral device; and locking the peripheral device upon expiration of the period.

Abstract: System and method for detection of malicious code injected into processes associated with known programs. Execution of processes in a computer system is monitored. From among the processes being monitored, only certain processes are selected for tracking. For each of the processes selected, function calls made by threads of the process are tracked. From among the tracked function calls, only those function calls which are critical function calls are identified. For each identified critical function call, program instructions that caused the critical function call are subjected to analysis to assess their maliciousness.

Abstract: A method and an apparatus that provide rewriting code to dynamically mask program data statically embedded in a first code are described. The program data can be used in multiple instructions in the first code. A code location (e.g. an optimal code location) in the first code can be determined for injecting the rewriting code. The code location may be included in two or more execution paths of first code. Each execution path can have at least one of the instructions using the program data. A second code may be generated based on the first code inserted with the rewriting code at the optimal code location. The second code can include instructions using the program data dynamically masked by the rewriting code. When executed by a processor, the first code and the second code can generate identical results.

Abstract: According to one embodiment, an apparatus receives a virtual private network (VPN) establishment request and a plurality of packets communicated over at least one first protocol, with the first protocol being at least one of the Session Initiation Protocol, the Open System for Communication in Realtime protocol, and the Extended Messaging and Presence Protocol. The apparatus prioritizes the VPN establishment request over the plurality of packets and communicates a negotiation packet comprising a destination port and a response port.

Abstract: The present disclosure provides a method and system for monitoring an application. The method includes creating a simulated system service; establishing a connection with a function in a device driver that manages an Input/Output (I/O) channel of the device; intercepting data transmitted from the application to the function in the device driver that manages the I/O channel of the device; replacing, based on the intercepted data, a system service requested by the application with a corresponding simulated system service; and recording a request received by the simulated system service and forwarding the request to an analysis module for analysis.

Abstract: Techniques for protecting an online service against network-based attacks are described. In some cases, protection is performed by way of a scalable protection service including a dynamically scalable set of virtual machines hosted by a cloud service that is distinct from a data center that hosts the online service. The protection service is coupled to the online service via a private link. When an attack is detected by the online service, network traffic bound for the online service is redirected from the public network to the protection service. The protection service then processes the network traffic, such as by dropping network traffic associated with the attack and forwarding legitimate network traffic to the online service via the private link.

Abstract: Selecting one or more applications from the plurality of similar or near redundant applications to activate. A method includes retrieving information about current characteristics of one or more applications. The method further includes retrieving information about a current computing operational landscape. Based on the information about current characteristics of one or more applications and the information about a current computing operational landscape, the method further includes creating a ranking of applications. The rankings are made available to a system with a plurality of applications with similar or near redundant functionality. At the system, one or more of the applications in the plurality of applications are selected to activate based on the ranking of applications.

Abstract: Transitioning between display applications, including: retrieving a device identifier when a first device is selected using a first display application running on a second device; enabling the first display application to launch a second display application using the device identifier of the first device, launching the second display application customized to automatically select the first device, wherein the automatic selection of the first device using the device identifier allows to bypass a device selection process. Keywords include seamless transition and direct device selection.