Abstract: A system that incorporates the subject disclosure may perform, for example, receive secret information and non-secret information from a secure download application function, provide a request for a first verification to a secure element where the first verification is associated with access to content and/or an application that is accessible via the secure download application function, receive the first verification which is generated by the secure element based on the secret information without providing the secret information to the secure device processor, receive the non-secret information from the secure element, and generate a second verification for the access based on the non-secret information, where the content and/or application is accessible from the secure download application function responsive to the first and second verifications. Other embodiments are disclosed.

Abstract: Subject innovations enable a client device to dynamically download Digital Rights Management components, and/or other plug-ins, to extend a browser functionality, where the downloading places the downloaded component(s) within a super sandbox that, inter alia, disables selected operating system calls by the downloaded component, performs one or more heuristic analysis on code execution of the component to detect possible malicious code, and restricts output through the super sandbox to those responses that are in response to a request to the component, rather than output that the component might have initiated ‘on its own.’ In some embodiments, a webpage is configured to include instructions to automatically download and install the component, thereby minimizing user actions to directly request and/or install the component.

Abstract: A method for authenticating a user includes receiving an account identifier from the user, obtaining, based on the account identifier, a valid media objects, and presenting, to the user, media objects that include valid media objects and a invalid media objects. A selection of a subset of the media objects is received. The method further includes obtaining user metrics for risk analysis, performing, by a computer processor, risk analysis to identify a risk level based on user metrics, authenticating, based on the risk level and the selection of the subset, the user, and authorizing the user to access a resource when the user is authenticated.

Abstract: A method and system for facilitating management of cloud-based service instances, the system including one or more computing systems configured to communicate with at least one multi-tenant computing cloud, and configured to establish a cloud-based service instance hosted in the multi-tenant computing cloud and an access entity with permissions to access the established cloud-based service instance. The system can receive a request for the cloud-based service instance, the request authenticated as originating from a requestor; consult a set of access controls associated with the cloud-based service instance; determine, responsive to the consulting, if the request is allowable by the requestor; and enable, responsive to determining that the request is allowable by the requestor, the requestor to complete the request using a restricted access credential associated with the access entity.

Abstract: A method and system for initiating message listening and routing message content to authorized user devices is disclosed. For a second user device to receive notifications regarding records of a first user, the second user device provides information identifying the first user to a notification service. The notification service verifies the identifying information. The notification service initiates one or more listeners to listen for messages flowing over a messaging bus that are relating to the first user. Once a message is identified, at least a portion of the message is used to generate a notification that may be sent to the second user device.

Abstract: Computer systems and methods in various embodiments are configured to test the security of a server computer by simulating a wide range of attacks from one or more bot-nets. In an embodiment, a computer system including a memory; a processor in a home geographic region coupled to the memory; a plurality of network cards in the home geographic region, coupled to the processor and the memory; wherein each network card in the plurality of network cards is configured to send one or more requests to a remote server computer through a geographic region, of a plurality of geographic regions, that is different than the home geographic region; wherein, for each network card of the plurality of network cards, the processor is configured to store a geo-mapping, which indicates the certain geographic region the network card is configured to send the one or more requests to the remote server computer through.

Abstract: The present disclosure discloses a network device and/or method for centralized configuration with dynamic distributed address management. The disclosed network device receives, at a first network node, a range of sub network addresses and a specified size for a sub network. The disclosed network device then divides the range of sub network addresses into a plurality of sub-ranges of sub network addresses based on the specified size. Further, the network device allocates the plurality of sub-ranges of sub network addresses to a plurality of sub networks, and transmits an allocated sub-range of sub network addresses to a corresponding sub network at a second network node through an established secure communication channel. Moreover, the network device can retrieve a profile template that includes the range of sub network addresses and the specified size of the sub network; and create a profile based on the profile template.

Abstract: Systems and method to provide secure storage are disclosed. An example method includes establishing a secure tunnel between a storage device and an agent, transferring first data from the storage device to the agent via the secure tunnel, the secure tunnel to prevent software executing in an operating system from modifying the data, and identifying a data modification by comparing the first data to second data.

Abstract: Methods and systems for causing a device to join a network or fabric. A joining device sends an indication that the electronic device is not connected to a network type and receives a device ID for an assisting device to assist the electronic device in joining a network of the network type. Moreover, the assisting device resides on the network. The joining device then authenticates to the assisting device from the assisting device and receives network credentials for the network. Furthermore, the joining device joins the network using the network credentials.

Abstract: Data traffic is monitored on a network and data access elements thereof are collected. The collected data access elements are compared to security rules providing sets of predefined data access elements for identifying predefined data accesses. First audit data collections for data accesses are sent to a first repository. For a data access that matches one of the rules, a second audit data collection defined by the matching rule is sent to at least a second repository designated by the matching rule.

Abstract: Disclosed are systems, methods and computer program products for treatment of malware using an antivirus driver. In one aspect, an example method includes performing, by an antivirus software, an antivirus scan of the computer; detecting, by the antivirus software, a malicious object on the computer; formulating at least one task for treatment of the detected malicious object; configuring and activating on the computer an antivirus driver of the antivirus software to execute the at least one formulated task for treatment of the detected malicious object; and rebooting the computer by the antivirus software, whereby upon rebooting of the computer the antivirus driver is loaded by the operating system of the computer to execute the at least one task for treatment of the detected malicious object.

Abstract: A computer network of an enterprise includes a central management computer linking at least one trusted host computer with at least one user computer. The trusted host computer is not used for normal day-to-day activities within the enterprise, and may also not be used for reading electronic mail nor for accessing the Internet and downloading Web site content. Antivirus software on the user computer screens for suspect activity or features and, if found, the suspect activity or features are compared to rules database. If a determination of malware cannot be made, then these unresolved activities or features are sent to the central management computer to be compared to the trusted, known activities and features of the trusted computer. The suspect activities may be deemed acceptable if activities are shared amongst a certain number of user computers all configured to perform the same function. A user computer may be compared against itself over time.

Abstract: Disclosed are systems, methods, and computer program products for preserving and subsequently restoring a state of a program emulator. In one aspect, the system loads a file into an emulator of the computer system and determines whether an emulation is being performed for the first time. When the emulation is performed for the first time, the system loads into the emulator an initial image of the emulator state and emulates the file using the loaded initial image of the emulator state. During emulation, the system creates and stores new images of the emulator state upon occurrence of predefined conditions. When the emulation is not performed for the first time, the system identifies new images of the emulator state created during initial emulation of the file, loads into the emulator the identified images, and resume emulating the file using the new images of the emulator state.

Abstract: Methods, systems, computer-readable media, and apparatuses for providing a managed browser are presented. In various embodiments, a computing device may load a managed browser. The managed browser may, for instance, be configured to provide a managed mode in which one or more policies are applied to the managed browser, and an unmanaged mode in which such policies might not be applied and/or in which the browser might not be managed by at least one device manager agent running on the computing device. Based on device state information and/or one or more policies, the managed browser may switch between the managed mode and the unmanaged mode, and the managed browser may provide various functionalities, which may include selectively providing access to enterprise resources, based on such state information and/or the one or more policies.

Abstract: Data traffic is monitored on a network and data access elements thereof are collected. The collected data access elements are compared to security rules providing sets of predefined data access elements for identifying predefined data accesses. First audit data collections for data accesses are sent to a first repository. For a data access that matches one of the rules, a second audit data collection defined by the matching rule is sent to at least a second repository designated by the matching rule.

Abstract: A social network (SNET) is divided into one or more circles employing separate security secrets, e.g. keys, for communication between members. A device can be a member of more than one circle, and store different keys for each of those circles in separate, restricted portions of memory. When a member leaves a circle, new keys can be generated and distributed to the remaining members. Before and after joining a circle, a level of trust associated with the device or human member can be determined based on third party trust verification and a trust history. A requirement for multiple current circle members to vouch for the prospective member can be imposed as a condition of membership. Each circle can be assigned different trust and access levels, and authorization to receive information can be checked before transmitting information between circles.

Abstract: The execution of a process within a VM may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM. The trigger event may be analyzed in relation to a set of heuristics, and based on the analysis, a data collection process may be initiated wherein the data comprises information about events occurring in the first virtual machine.

Abstract: A system and method for local operations in a communications system are provided. A method for device operations includes identifying, at a communications controller of a communications system, identification information in a packet received from a machine-to-machine device, and determining if the packet is to be processed locally according to the identification information. The method further includes routing the packet to a local destination if the packet is to be processed locally, and routing the packet to a remote destination if the packet is not to be processed locally.

Abstract: An authentication device includes circuitry that holds L (L?2) secret keys si (i=1 to L) and L public keys yi that satisfy yi=F(si) with respect to a set F of multivariate polynomials of n-th order (n?2). The circuitry also performs with a verifier, an interactive protocol for proving knowledge of (L?1) secret keys si that satisfy yi=F(si). The circuitry receives L challenges from the verifier, arbitrarily selects (L?1) challenges from the L challenges received. The circuitry also generates, by using the secret keys si, (L?1) responses respectively for the (L?1) challenges selected, and transmits the (L?1) responses generated.

Abstract: A mechanism is provided for a non-converged network for a service provider. A core network is divided into individually managed domains, where each of the domains comprises multiprotocol label switching for packets. A management system is coupled to each of the domains. Network elements in each of the domains are restricted from directly transferring packets to network elements in another one of domains. Each of the domains has a domain firewall at an edge of the domains, and the domain firewall restricts packets from being received from other domains. To transfer packets from one domain to another domain, the management system receives the packets from one domain and transfers the packets to the other domain after authentication.