Abstract: The present disclosure provides a method, device and system for protecting multimedia data of a multimedia message. By performing digital watermark encryption of the multimedia data in the multimedia message at a sender of the multimedia message and performing digital watermark decryption of the multimedia data in the multimedia message at a receiver of the multimedia message, the encryption protection over the multimedia data in the multimedia message is strengthened, thus implementing the protection over an intellectual property of a user of a terminal, and improving the level and capacity of protection over the intellectual property of the user.

Abstract: Methods of analyzing malware and other suspicious files are presented, where some embodiments include analyzing the behavior of a first malware sample on both a virtual machine and a physical computing device, the physical device having been booted from a secondary boot source, and determining whether the behavior of the malware sample was different on the virtual machine and the physical computing device. In certain embodiments, a notification indicating that the behavior was different may be generated. In other embodiments, a malware analysis computing device that is configured to receive a base hard drive image may be networked booted, and the behavior of the malware sample on the malware analysis computing device may be analyzed. In certain embodiments, a malware-infected hard drive image may then be copied off the malware analysis computing device for further forensic analysis.

Abstract: In one implementation, traffic in a mobile network is directed across multiple paths to a single cloud server or security server (e.g., a security as a service). The mobile device detects a cloud connector through a primary connection based on an attachment or connection via a first interface of a mobile device. The mobile device sends a request to the cloud connector for an identification of a cloud security server associated with the cloud connector. After receiving the identification of the cloud security server, the mobile device directs one or more subsequent data flows or subflows for a second interface or another interface of the mobile device to the cloud server or security server. The second data flow and the second interface are associated with another network that is external to the enterprise network and trusted network connection or not associated with the enterprise network and the trusted network connection.

Abstract: Information associated with a port security state of a network device is received. The received information is converted into an icon that corresponds to the port security state of the network device. The icon is displayed to a user.

Abstract: The invention relates to a system for verifying the identity of an individual by employing biometric data features associated with the individual, which system comprises at least one or more hardware components, an enrollment means, and a verifying means, wherein said enrollment means are arranged in deriving a first biometric template data, said first biometric template data being secret and associated with a first set of first biometric data features of said individual, and in receiving a further set of first biometric data features of said individual, and in deriving a further biometric template data associated with said further set of first biometric data, and wherein said verifying means are arranged in comparing the first biometric template data with the further biometric template data to check for correspondence, wherein the identity of the individual is verified if correspondence exists.

Abstract: Aspects of the subject matter described herein relate to a simplified login for mobile devices. In aspects, on a first logon, a mobile device asks a user to enter credentials and a PIN. The credentials and PIN are sent to a server which validates user credentials. If the user credentials are valid, the server encrypts data that includes at least the user credentials and the PIN and sends the encrypted data to the mobile device. In subsequent logons, the user may logon using only the PIN. During login, the mobile device sends the PIN in conjunction with the encrypted data. The server can then decrypt the data and compare the received PIN with the decrypted PIN. If the PINs are equal, the server may grant access to a resource according to the credentials.

Abstract: A method and system for authentication of sites in a land mobile radio (LMR) system and encryption of messages exchanged by the sites. In some embodiments, the method includes transmitting a certificate created by a trusted authority by applying a function to a first site public key using the trusted authority's private key to generate a reduced representation, which is encrypted with the trusted authority's private key. Other sites may receive the certificate, decrypt it using the trusted authority's public key, and authenticate the first site. The method may further include generating a session key, encrypting it with the public key of the first site, and transmitting the encrypted session key to the first site. The first site decrypts the encrypted session key with the first site's private key, and transmits a message encrypted with the shared session key to other sites for decryption using the session key.

Abstract: Techniques for granting access to an application or service based on a detected human stimulus at a computing device include detecting a stimulus that is generated by an external entity and independent of a CAPTCHA or CAPTCHA-like challenge. If the stimulus is included in a set of human stimuli, access to the application or service may be granted. Otherwise, access may be denied. The detected stimulus may be ad-hoc, or may be a response to an explicit challenge other than a CAPTCHA or CAPTCHA-like challenge. A background application may continuously test over time for ad-hoc stimuli that are consistent with a human presence, and may maintain or deny access accordingly. The detected stimulus may include changes in states of components of the computing device that are related to spatial orientation and/or location. Access to the application or service may be granted/denied based on the detected stimulus and an additional criteria.

Abstract: Methods and systems for securing remotely-operable devices are provided. A security device can receive a plurality of commands to control a remotely-operable device in a remote environment. At least one command in the plurality of commands can include command data that is related to the remotely-operable device. The security device can receive a plurality of responses to the plurality of commands. The security device can process the plurality of commands and the plurality of responses to determine a signature related to an operator that issued the plurality of commands for the remotely-operable device. The security device can determine an identity of the operator based on the signature. The security device can generate an identity report that includes the identity of the operator.

Abstract: Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a remote file-system access protocol response is received at a network device logically interposed between one or more clients and a server. The response represents a response to a request from one of the clients relating to a file associated with a share of the server. A determination is made whether a holding buffer corresponding to the file exists. If not, then one is created; otherwise, the existing holding buffer is used for any of the clients or processes running on the clients that access the file. Data read from or written to the file as a result of the request is buffered into the holding buffer. The existence or non-existence of malicious, dangerous or unauthorized content contained within the holding buffer is determined by performing content filtering on the holding buffer.

Abstract: The invention provides a system and method for writing data to a removable media device in accordance with a security policy. According to a method of the invention a request to write data to a first file on the removable media device is detected. Dummy data is written to the first file instead of writing the requested data. The requested data is written instead to a corresponding second file on a fixed media device. The corresponding second file is compared to a security policy. Response to the write request is based on the results of the comparison.

Abstract: A system and method are provided for managing data, such as for example security or other business data. For the example of security data, security data is received from a plurality of assets that may or may not be remotely located. A plurality of security metrics are computed and normalized according to thresholds. Security metrics are aggregated to generate an aggregate score, this may include weighting the metrics according to metric priorities. A change effort corresponding to each metric is also received and a corresponding change effort for the aggregate score is calculated. Aggregate scores and aggregate change efforts are analyzed to generate risk reduction recommendations. Upon instruction, metrics corresponding to an aggregate score may be displayed including recommendations of metrics for risk reduction. The recommended metrics may be selected according to analysis of change-to-effort ratios for the metrics.

Abstract: Data driven device detection is provided, whereby a device is detected by obtaining a plurality of feature values for a given device; obtaining a set of device attributes for a plurality of potential devices; calculating a probability value that the given device is each potential device within the plurality of potential devices; identifying a candidate device associated with a maximum probability value among the calculated probability values; and labeling the given device as the candidate device if the associated maximum probability value satisfies a predefined threshold. The predefined threshold can be a function, for example, of whether the given user has previously used this device. The obtained feature values can be obtained for a selected set of features satisfying one or more predefined characteristic criteria. The device attributes can be obtained, for example, from a profile for each of the plurality of potential devices.

Abstract: Provided is a system including a first image forming apparatus and an information processing apparatus connected via a network. When a second image forming apparatus is added to the network, the second image forming apparatus generates parent setting information indicating that the first image forming apparatus previously connected to the network is its parent, and transmits the parent setting information to the first image forming apparatus. The first image forming apparatus generates parent-child relationship setting information indicating a parent-child relationship between the first image forming apparatus and the second image forming apparatus, based on the parent setting information from the second image forming apparatus. The information processing apparatus registers the second image forming apparatus as a new output destination, based on information of the second image forming apparatus.

Abstract: A method for communication, including distributing over a communication network multiple channels of digital content, which are encrypted using different, channel-specific control words, and transmitting over the communication network, different, channel-specific entitlement control messages from which the control words are derivable such that each of the different channel-specific control words is derivable from any of the different channel-specific entitlement control messages by authorized receivers of the channels on the communication network. Related methods and apparatus are also included.

Abstract: Methods and systems for detecting social engineering attacks comprise: extracting one or more non-semantic data items from an incoming email; determining whether the one or more non-semantic data items match information stored in a data store of previously collected information; performing behavioral analysis on the one or more non-semantic data items; analyzing semantic data associated with the email to determine whether the non-semantic data matches one or more patterns associated with malicious emails; and based on the determining, performing, and analyzing, identifying the email as potentially malicious or non-malicious. The system also includes processes for collecting relevant information for storage within the data store and processes for harvesting information from detected social engineering attacks for entry into the data store and seeding of the collection processes.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for detecting security exposures of Voice over Internet Protocol (VOIP) devices. One of the methods includes obtaining data identifying a source Internet Protocol (IP) address associated with a communication device that has been provisioned with configuration files for VOIP services; determining that a VOIP phone configuration interface is exposed over an untrusted network at the source IP address; and determining that the communication device associated with the source IP address has a security exposure based at least in part on determining that the VOIP phone configuration interface is exposed over the untrusted network at the source IP address.

Abstract: In a method for protecting sensor data from manipulation, in the context of an authentication of the sensor, a number used once is sent from a control unit to the sensor, the sensor generating with the use of the number used once a cryptographic authentication message and sending at least a first part of the cryptographic authentication message to the control unit. In addition, the sensor data are provided with a cryptographic integrity protection, time-variant parameters being added to the sensor data and the sensor data being sent with the cryptographic integrity protection and the added time-variant parameters from the sensor to the control unit. For calculation of the initial parameters, at least a second part of the cryptographic authentication message is utilized.

Abstract: Systems and methods for detecting design-level attacks against a digital circuit which includes various functional units. A target unit is selected from among the functional units for monitoring and a predictor unit is arranged to receive events before they reach the target unit. A reactor unit is selected from among the functional units of the digital circuit which are arranged to receive events after they pass through the target unit. A monitor unit is arranged to receive predicted event messages from the predictor unit and actual event messages from the reactor unit. The monitor unit is configured to indicate an alarm based on a comparison of the predicted event messages received from the predictor unit and the actual event messages received from the reactor unit.

Abstract: A method begins by a dispersed storage (DS) processing module generating a temporary public-private key pair, a restricted use certificate, and a temporary password for a device. The method continues with the DS processing encoding a temporary private key to produce a set of encoded private key shares and encoding the restricted use certificate to produce a set of encoded certificate shares. The method continues with the DS processing module outputting the set of encoded private key shares and the set of encoded certificate shares to a set of authentication units. The method continues with the DS processing module outputting the temporary password to the device such that, when the device retrieves the set of encoded private key shares and the set of encoded certificate shares, the device is able to recapture the temporary private key and the restricted use certificate for accessing a dispersed storage network (DSN).