Abstract: An electronic device (100) includes a control circuit (208) and one or more modules (210) operable with the control circuit. An application usage module (211) is operable with the control circuit to define one or more applications (104,105,106,107), operable with the control circuit and otherwise available for use by a user (101) when the electronic device is in an unlocked state, that are precluded from use by an authorized person when the electronic device is operably connected to a predefined peripheral accessory (300) when unlocked.

Abstract: A system for retrieving and presenting a boarding pass includes a mobile computer apparatus configured to monitor incoming messages for boarding pass information from an entity issuing a boarding pass and send a request for a boarding pass to a remote server in response to detecting boarding pass information. The request includes the detected boarding pass information and a display characteristic of the mobile computer apparatus. The system further includes a remote server configured to use the boarding pass information to retrieve additional boarding pass information from the entity issuing the boarding pass, in response to receiving the request. The remote server is further configured to generate a new boarding pass formatted for presentation via the mobile computer apparatus based on the display characteristic of the mobile computer apparatus and the boarding pass retrieved from the entity issuing the boarding pass.

Abstract: An upload and verification system allows a user to upload files which the user would like to attached to the electronic record of a certain event associated with the company, for example, an insurance claim. A quarantine server may receive the uploaded file and scan the file for malicious code. The quarantine server may transmit the file to temporary storage server. The temporary storage server may receive the file, may convert the file to a file format supported by the company system and may compress the file. The temporary storage server may also transmit a preview of the file back to the client device, where the user can verify that the correct document has been uploaded and no mistakes have been made.

Abstract: A computer-implemented method may include providing authentication code for an existing web-based application. The authentication code may be programmed to modify functionality of the existing web-based application as the existing web-based application executes while leaving a binary of the existing web-based application unchanged. The method may also include establishing strong authentication for the existing web-based application by 1) identifying, via the authentication code, a request to bind an authentication credential to a profile of a user, the request being received via a browser through which the existing web-based application is accessed, 2) directing, via the authentication code and in response to the request, the browser to an external authentication site that is not part of the existing web-based application, and 3) at the external authentication site, enabling the user to bind the authentication credential to the profile.

Abstract: Secure information flow may include a service receiving a request for data from a caller. The service may respond to the request with the requested data via a secure flow container. The secure flow container may then send the information to the caller component. Before the secure flow container receives or sends the information, a monitoring environment may permit the secure flow container to receive or send the information, respectively.

Abstract: A device streams assets to network-based storage in cooperation with servers administering the network-based storage. The servers manage and secure access to the stream of assets, on both an account level and an asset level, in accordance with asset metadata registered for the assets during streaming, and in accordance with account data associated with the assets being streamed and the device with which the assets are streamed. The servers operate to notify other authorized devices associated with the device that the assets are available to download, including initiating the download of assets automatically or in response to user input.

Abstract: A wireless server access control system comprising a wireless server generating a local wireless communications network, the wireless server having a processor and a plurality of redundant data memory devices. A first wireless device coupled to the wireless server through the local wireless communications network. An access control system operating on the wireless server, the access control system configured to generate a user control on a user interface of the first wireless device to allow a user to permit or deny access to the processor and the data memory devices of the wireless server by a second wireless device through the local wireless communications network.

Abstract: A processing device comprises a processor coupled to a memory and implements a host-based intrusion detection system configured to permit detection of tampering with at least one software component installed on the processing device. The host-based intrusion detection system comprises a forward-secure logging module configured to record information characterizing a plurality of events occurring in the device in such a manner that modification of the recorded information characterizing the events is indicative of a tampering attack and can be detected by an authority. For example, the recorded information may comprise at least one forward-secure logging record R having entries r1 . . . rn corresponding to respective ones of the events wherein any erasure or other modification of a particular pre-existing entry ri in R by an attacker is detectable by the authority upon inspection of R.

Abstract: A security model restricts binary behaviors on a machine based on identified security zones. Binary behaviors can be attached to an element of a document, web-page, or email message. The binary behavior potentially threatens security on the local machine. A security manager intercepts download requests and/or execution requests, identifies a security zone for the requested binary behavior, and restricts access based on the security zone. The binary behavior can identify a security zone according to the related URL. In one example, all binary behaviors associated with a security zone are handled identically. In another example, a list of permissible binary behaviors is associated with a security zone such that only specified binary behaviors are granted access. In still another example, a list of impermissible binary behaviors is associated with a security zone such that binary behaviors that are found in the list cannot initiate access.

Abstract: The present invention provides methods and apparatuses that utilize a portable apparatus to securely operate a host electronic device. Typically, each portable apparatus includes a data storage unit which stores an operating system and other software. In one example, a portable apparatus can provide a virtual operating environment on top of a host's operating system for a host device. In another example, a portable apparatus containing its operating system can directly boot a host device with one or more hardware profiles. Furthermore, a device-dependent protection against software piracy, a user-dependent protection against sensitive data leaks, a controllable host operating environment to prevent unwanted information exposure, and a secure restoration procedure to prevent virus infection between the host device users may be incorporated. Moreover, an authorization signature may also be utilized to authorize a connected-state guest operation environment in the host device.

Abstract: The present invention provides a method and device for setting up a wireless network connection. The second device sets up a connection with the wireless network according to the network configuration information. With the present invention, user participation when a terminal is connected to the wireless network is reduced, and efficiency in setting up a wireless network connection is improved.

Abstract: Techniques and systems for authentication with an untrusted root between a client and a server are disclosed. In some aspects, a client may connect to a server. The server and client may initiate a secure connection by exchanging certificates. The server may accept a client certificate having an untrusted root that does not chain up to a root certificate verifiable to the server certificate authority. In further aspects, the server may enable the client to associate an untrusted certificate with an existing account associated with the server. The client certificate may be hardware based or generated in software, and may be issued to the client independent of interactions with the server.

Abstract: A method and arrangement in a media server (300a) in a first local network (300), of providing remote access to media content stored in a second local network (302). The media server sends a subscription request (3:2) to a presence server (304) for information on media content in the second local network, substantially based on the existing presence service framework. In response thereto, a presence service notification is received (3:3) from the presence server with information referring to remote media content in the second local network that has been published at the presence server. The media server then retrieves (3:4) a content list with available remote media content according to the received presence service notification, and presents (3:5) information from said content list on what media content is available in the second local network, to a device (300c) in the first local network.

Abstract: A system, method, and computer program product are provided for reacting in response to a detection of an attempt to store a configuration file and an executable file on a removable device. In use, a first device removably coupled to a second device is identified. Additionally, an attempt to store on the first device a configuration file for the first device and an executable file is detected. Further, a reaction is performed in response to the detection of the attempt.

Abstract: This disclosure provides a network security architecture that permits installation of different software security products as virtual machines (VMs). By relying on a standardized data format and communication structure, a general architecture can be created and used to dynamically build and reconfigure interaction between both similar and dissimilar security products. Use of an integration scheme having defined message types and specified query response framework provides for real-time response and easy adaptation for cross-vendor communication. Examples are provided where an intrusion detection system (IDS) can be used to detect network threats based on distributed threat analytics, passing detected threats to other security products (e.g., products with different capabilities from different vendors) to trigger automatic, dynamically configured communication and reaction.

Abstract: A switcher device comprises a multiplexer coupled in-between at least one input and output cards. The multiplexer detects the presence of an event signal from an activated sink. In response to the detection of the event signal, a processor changes an address of an HDCP receiver from a first address to a second address for enabling the at least one source to authenticate with the input card and enabling the output card to authenticate with the at least one sink for security protocol encryption. In response to the non-detection of the event signal, the processor changes the address of an HDCP receiver from the second address to the first address for disabling the at least one source from initiating a first authentication with the input card, therefore the output card also does not attempt to initiate a second authentication with the at least one sink for security protocol encryption.

Abstract: A switcher device comprises a multiplexer coupled in-between at least one input and output cards. The multiplexer detects the presence of an event signal from an activated sink. In response to the detection of the event signal, the switch dynamically switches to a closed position in order to enable the at least one source to authenticate with the input card and the output card to authenticate with the at least one sink for security protocol encryption. In response to the non-detection of the event signal, the switch switches dynamically to an open position in order to disable the at least one source from authenticating with the input card, therefore the output card also does not attempt to authenticate with the at least one sink for security protocol encryption.

Abstract: Methods and systems for provisioning a computing device are provided. An example method may include receiving, by a computing device, information indicating a uniform resource identifier (URI) and a wireless access point configured to allow the computing device to connect to a wireless network to enable the computing device to access the URI. The method may also include downloading, onto the computing device, a provisioning software application from the URI. The method may also include executing the provisioning software application on the computing device, wherein the provisioning software application is configured to provision the computing device such that the provisioned computing device is configured to operate in a limited function mode. The method may also include locking the provisioned computing device to prevent changes to the limited function mode.

Abstract: A method for delivering encrypted content to a subscriber terminal on-demand through a communication network is provided. The method begins when SRM receives a request for content from the subscriber terminal. In response to the request, the SRM directs a video server to transmit the content as an unencrypted transport stream to an encryptor. The packets in the unencrypted transport stream include a header with a destination address associated with the subscriber terminal. The encryptor encrypts the content in the unencrypted transport stream to generate an encrypted transport stream. The encryptor also inserts in the packet headers of the packets in the encrypted transport stream the destination address associated with the subscriber terminal obtained from the packet headers in the unencrypted transport stream. Finally, the encrypted transport stream is transmitted to the subscriber terminal over the communication network.

Abstract: A method and apparatus for secure network access using a virtual machine are disclosed. The method includes provisioning a virtual machine, downloading content to the virtual machine, and sending information from the virtual machine. The information that is sent from the virtual machine is configured to allow the display of output from the virtual machine. The output from the virtual machine is based on the content. The apparatus includes a number of virtual machine servers. Each of the virtual machine servers is configured to support at least one of a number of virtual machines. A first virtual machine of the virtual machines includes an antivirus module. The first virtual machine is configured to download content. The antivirus module is configured to detect a virus by virtue of being configured to analyze the content.