Abstract: The present invention provides a system and automated methods to enable a collection of electronic information to be divided into multiple asymmetric scrambled subsets, stored across a plurality of disparate apparatuses, and reconstructed as needed. The present invention provides automated methods to adjust the relative size of the scrambled subsets based upon characteristics such as performance, cost and available space of the apparatuses on which the subsets are stored. The present invention enables the scrambled subsets of electronic information to be created, accessed and manipulated as though they are located on a local device in an integrated and unscrambled state. The present invention enables fault tolerance and enhanced performance through optional redundancy and parity capabilities. The present invention generates an electronic blueprint used to deconstruct the original collection of electronic information and reconstruct it as needed.

Abstract: Systems and methods can support threat detection using electromagnetic signatures. One or more sensors comprising radio receivers may receive radio frequency signals within an electromagnetic environment. Radio frequency signatures may be identified from one or more of the radio frequency signals. A baseline electromagnetic environment may be established from the radio frequency signatures. The radio frequency signatures may be monitored over time to detect variations from the baseline electromagnetic environment. Variations in the electromagnetic environment may be evaluated against stored threat signatures. Operator interfaces may present indications of threats determined from evaluating the variations in the electromagnetic environment.

Abstract: A method for managing a file, including receiving a request to encrypt the file, the request identifying a target location; determining a plurality of coordinates based on the target location; generating a cryptographic key based on the plurality of coordinates; generating an encrypted version of the file using the cryptographic key; and storing the encrypted version of the file.

Abstract: A rights-based system is described in which vouchers are employed for creating, managing, distributing, and redeeming rights in digital contexts. A voucher is a digital, possession-based rights representation. An authorization component of the system validates the vouchers and issues corresponding tokens. Access to digital resources is provided in response to presentation of the tokens which are validated by matching voucher refresh values to corresponding values maintained by the system. New refresh values are generated and inserted in the vouchers each time they are redeemed.

Abstract: Apparatus and methods for protected content access, browsing and transfer over a network. In one embodiment, the network comprises a premises (e.g., residential) Local Area Network (LAN), and the apparatus comprises a server and renderer consumer premise equipment (CPE). The renderer CPE scans the network to search for a server CPE that implements a compatible security framework. The renderer authenticates itself with the server, and the server allows content browsing and selection access only to an authorized and authenticated renderer. A negotiation and exchange protocol comprises messages exchanged between the renderer and the server that include one or more of device identification, encryption key exchange, digital certificates and information regarding security package used by each CPE.

Abstract: Systems and methods for a security tool that verifies the security of a software package. An example method may involve identifying a plurality of components contained in a software package comprising one of a JAR file, an Android application package, a docker image, a container file, or a virtual machine image; comparing the components contained in the software package to a list of known components; classifying the software package as insecure when at least one of the components matches an insecure component, or as secure when each of the compared components matches a corresponding secure component on the list of known components; preventing addition of the software package to a software repository when the software package is classified as insecure; and when insecure, providing an interface to enable a user to request the components of the software package be added as a secure component on the list of known components.

Abstract: Devices, system, and methods of secure entry and handling of passwords and Personal Identification Numbers (PINs), as well as for secure local storage, secure user authentication, and secure payment via mobile devices and via payment terminals. A computing device includes: a secure storage unit to securely store a confidential data item; a non-secure execution environment to execute program code, the program code to transport to a remote server a message; a secure execution environment (SEE) to securely execute code, the SEE including: a rewriter module to securely obtain the confidential data item from the secure storage, and to securely write the confidential data item into one or more fields in said message prior to its encrypted transport to the remote server.

Abstract: Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, the use of PKI-authenticated serial numbers within network devices manufactured by a particular manufacturer enables one-step provisioning of one or more managed devices. A managed device is provisioned with the serial number of a management device manufactured by the particular manufacturer. When the managed device is installed within a network, the management device is located by the managed device with the assistance of a locator server and the managed device initiates establishment of an encrypted management tunnel with the management device.

Abstract: Techniques are described for managing access to computing-related resources that, for example, may enable multiple distinct parties to independently control access to the resources (e.g., such that a request to access a resource succeeds only if all of multiple associated parties approve that access). For example, an executing software application may, on behalf of an end user, make use of computing-related resources of one or more types that are provided by one or more remote third-party network services (e.g., data storage services provided by an online storage service)—in such a situation, both the developer user who created the software application and the end user may be allowed to independently specify access rights for one or more particular such computing-related resources (e.g., stored data files), such that neither the end user nor the software application developer user may later access those resources without the approval of the other party.

Abstract: Methods and systems for masking certain cryptographic operations in a manner designed to defeat side-channel attacks are disclosed herein. Squaring operations can be masked to make squaring operations indistinguishable or less distinguishable from multiplication operations. In general, squaring operations are converted into multiplication operations by masking them asymmetrically. Additional methods and systems are disclosed for defeating DPA, cross-correlation, and high-order DPA attacks against modular exponentiation.

Abstract: Systems and methods are described for using a client agent operating in a virtual private network environment to intercept HyperText Transfer Protocol (HTTP) communications. Methods include: intercepting at the network layer, by a client agent executing on a client, an HTTP request from an application executing on the client; modifying the HTTP request; and transmitting, via a transport layer connection, the modified HTTP request to a server. Additional methods may comprise adding, removing, or modifying at least one cookie in the HTTP request. Still other methods may comprise modifying at least one name-value pair contained in the HTTP request. Corresponding systems are also described.

Abstract: Electronic appliances, computer-implemented systems, non-transitory media, and methods are provided to identify risky network activities using intelligent algorithms. The appliances, systems, media, and methods enable rapid detection of risky activities.

Abstract: Systems, methods, and computer-readable storage media are provided for securely storing and accessing content within a public cloud. A processor manufacturer provides processors having secure enclave capability to a cloud provider. The provider makes available a listing of processor identifiers (CPUIDs) for processors available for storing content and having secure enclave capability. A content owner provides CPUIDs for desired processors from the listing to the manufacturer which provides the content owner with a processor-specific public code encryption key (CEK) for encrypting content to be stored on each processor identified. Each processor is constructed such that content encrypted with the public CEK may only be decrypted within a secure enclave thereof. The content owner encrypts the desired content with the public CEK and returns the encrypted content and the CPUID for the appropriate processor to the cloud provider. The cloud provider then stores the encrypted content on the particular processor.

Abstract: Systems and methods that use probabilistic grammatical inference and statistical data analysis techniques to characterize the behavior of systems in terms of a low dimensional set of summary variables and, on the basis of these models, detect anomalous behaviors are disclosed. The disclosed information-theoretic system and method exploit the properties of information to deduce a structure for information flow and management. The properties of information can provide a fundamental basis for the decomposition of systems and hence a structure for the transmission and combination of observations at the desired levels of resolution (e.g., component, subsystem, system).

Abstract: A web browser detects a network privacy threat associated with communications for retrieving a resource from a remote system before the resource is retrieved from the remote system. In connection with detecting the network privacy threat, the web browser automatically retrieves personal information associated with a user of the computing device, generates a privacy threat warning comprising a representation of the retrieved personal information, a representation of the remote system, and a representation of a third-party threat positioned in-between the representation of the personal information and the representation of the remote system, and provides the privacy threat warning for display at the computing device before retrieving the resource from the remote system.

Abstract: Selective deciphering of a received signal, as taught herein, provides a number of advantages, including greater efficiency through the elimination or at least reduction of wasted decoding cycles. The technique, such as practiced in a user equipment or other wireless communication device, capitalizes on the advantageous recognition herein that the demodulation results obtained for at least some types of received data blocks may be inspected or otherwise evaluated for characteristic patterns that are indicative of whether the data block was or was not ciphered for transmission. That evaluation informs the selective deciphering decision.

Abstract: A system, method, and computer program product are provided for conditionally performing an action based on an attribute. In use, at least one attribute associated with an object is determined. Additionally, an event associated with the object is identified. Further, at least one action is conditionally performed in association with the event, based on the at least one attribute.

Abstract: Embodiments of the present invention provide a method and a device for synchronizing an uplink ciphering parameter in unacknowledged mode. The method for synchronizing an uplink ciphering parameter in unacknowledged mode includes: sending an indication message to a terminal when detecting that an unrecoverable error occurs in an uplink packet or that the uplink packet is invalid, where the indication message is used to instruct the terminal to initialize an uplink ciphering parameter; receiving a response message sent by the terminal; and initializing the uplink ciphering parameter according to an initial value of the ciphering parameter. The embodiments of the present invention solve a service defect, namely, a break of the communication link caused by synchronization of an uplink ciphering parameter between the terminal and the radio network controller in unacknowledged mode, and shorten the time of synchronizing the uplink ciphering parameter without interrupting the service.

Abstract: A method includes instantiating, in response to a request by an executing application, an input data object with one or more uninitialized fields and traversing a path toward a sink in the executing application to a branching point of the executing application. In response to reaching the branching point, one or more parameters are provided for some or all of the one or more uninitialized fields of the input data object, wherein the one or more parameters were determined prior to beginning of execution of the executing application to cause a branch to be taken by the executing application toward the sink. The path is traversed toward the sink at least by following the branch in the executing application. Apparatus and computer program products are also disclosed.

Abstract: A primary storage controller determines that a quarantined area of the primary storage controller cannot be repaired, wherein the quarantined area is infected with a virus. A query is sent to a secondary storage controller to determine whether the secondary storage controller has data that is free of virus in an area of the secondary storage controller corresponding to the quarantined area of the primary storage controller. In response to receiving a notification that the secondary storage controller has data that is free of virus, the primary storage controller is repaired to remove the virus.