Abstract: A method in one example implementation includes generating a plurality of transformed views of an object in a network environment and generating a plurality of filtered information sets. The method further includes detecting a suspect correlation based on an analysis of at least some of the plurality of transformed views and of at least some of the plurality of filtered information sets. In a more specific embodiment, the analysis includes an original view of the object. Other more specific embodiments include applying filters to selected views of the object, where each of the filters is associated with a different obfuscation type. Applying the filters includes transforming obfuscation elements in the plurality of transformed views, where the object contains the one or more obfuscation elements.

Abstract: A communication network is operated by identifying at least one potential hijack autonomous system (AS) that can be used to generate a corrupt routing path from a source AS to a destination AS. For each of the at least one potential hijack AS the following operations are performed: identifying at least one regional AS that is configured to adopt the corrupt routing path from the source AS to the destination AS and determining a reflector AS set such that, for each reflector AS in the set, a source AS to reflector AS routing path and a reflector AS to destination AS routing path do not comprise any of the at least one regional AS. A reflector AS is then identified that is common among the at least one reflector AS set responsive to performing the identifying and determining operations for each, of the at least one potential hijack AS.

Abstract: The invention provides a secure Wi-Fi communications method and system. In an embodiment of the invention, unique physical keys, or tokens, are installed at an access point and each client device of the network. Each key comprises a unique serial number and a common network send cryptographic key and a common network receive cryptographic key used only during the authentication phase by all components on the LAN. Each client key further includes a secret cryptographic key unique to each client device. During authentication, two random numbers are generated per communications session and are known by both sides of the wireless channel. Only the random numbers are sent across the wireless channel and in each case these numbers are encrypted. A transposed cryptographic key is derived from the unique secret cryptographic key using the random numbers generated during authentication. Thus, both sides of the wireless channel know the transposed cryptographic key without it ever being transmitted between the two.

Abstract: There is described a computer system to provide a filesystem, and to export a consumer directory of the filesystem for access by a consumer application over a network. The system has a protected directory. Protection controls restrict performance of file management activities on file entities of the protected directory by the consumer application.

Abstract: A method is provided for utilizing a title signal contained in digital data through a comparison of the title signal to a player signal stored in a player device.

Abstract: Embodiments of systems and methods for power-on user authentication are disclosed. A method for power-on user authentication may comprise receiving an authentication input with a security controller of a computing device prior to supplying power to a primary processor of the computing device, comparing the authentication input to an authentication code using the security controller, and supplying power to the primary processor in response to the authentication input matching the authentication code.

Abstract: Systems and methods for determining vulnerability to session stealing are disclosed. An example method includes intercepting, at a first computing device, an intercepted packet sent from a client to a second computing device different than the first computing device, the intercepted packet including a first instruction in a first portion of the intercepted packet, determining, using a template, a second portion of the intercepted packet that is a value that is changed by a calculated amount each time that the client sends a packet, changing the value by the calculated amount to determine a next value for a next packet, replacing the second portion of the intercepted packet with the next value to generate a modified packet, replacing the first portion of the modified packet with a second instruction, and transmitting the modified packet to the second computing device.

Abstract: A method and device for securely sharing images across untrusted channels includes downloading an encrypted image from a remote server to a computing device. The encrypted image may be encrypted at the time of uploading by another user. The current user of the computing device is authenticated using a facial recognition procedure. If the current user is authenticated and is determined to be authorized to view the decrypted image, the encrypted image is decrypted and displayed to the user. If the user becomes unauthenticated (e.g., the user leaves the computing device or another user replaces the current user), the encrypted image is displayed in place of the decrypted image such that the decrypted image is displayed only for authorized persons physically present at the computing device.

Abstract: A system and method for preventing malware, spyware and other undesirable applications from affecting mobile communication devices uses a server to assist in identifying and removing undesirable applications. When scanning an application, a device transmits information about the application to a server for analysis. The server receives the information, produces a characterization assessment and can also provide a characterization re-assessment for the application, or data object, and transmits the assessment to the device. By performing analysis on a server, the invention allows a device to reduce the battery and performance cost of protecting against undesirable applications. The server transmits notifications to devices that have installed applications that are discovered to be undesirable. The server can accumulate this data and then perform a characterization re-assessment of a data object it has previously assessed to provide an assessment based upon one of trust, distribution and ratings information.

Abstract: A method and apparatus 20 for securing executable code embodying a cipher 12 using a metamorphic algorithm 24. The metamorphic algorithm 24 dynamically executes polymorphic primitives 43, each of which implements a functional component 41 of the cryptographic algorithm 12. When a halting condition is met, the output of the cryptographic algorithm 12 occurs.

Abstract: A method of encrypting data to be accessed only by a group of users comprises a user in the group receiving a user secret si=ƒ1(R, ui), the user secret having been created by operating a first one-way function f1 on parameters comprising a root key R and a public identifier ui for the user. The user in the group receives a public identifier ui for each of the other users in the group. The user in the group obtains a group key by operating a second one-way function ƒ2 on parameters comprising the user secret s, and the public identifiers for the other users in the group u1, u2, . . . , uj?1, uj+1 . . . un?1, un, wherein said second one-way function/band said first one-way function ƒ1 satisfy: ƒ2(ƒ1(R,u1), u2, . . . , un)=ƒ2(ƒ1(R,u2), u1, u3, u4 . . . , un)= . . . =ƒ2(ƒ1(R,un), u1, u2 . . . , un?1). The user in the group encrypts the data using the group key.

Abstract: A system and method prevent malware, spyware and other undesirable applications from affecting mobile communication devices, which use a server to assist in identifying and removing undesirable applications. When scanning an application, a device transmits information about the application to a server for analysis. The server receives the information, produces a characterization assessment and can also provide a characterization re-assessment for the application, or data object, and transmits the assessment to the device. Performing analysis on a server reduces the battery and performance cost of protection. The server transmits notifications to devices that have installed applications that are discovered to be undesirable. The server receives data about applications from many devices, using the combined data to minimize false positives and provide comprehensive protection against known and unknown threats.

Abstract: An input port for a computer system may retain potentially authenticable requests for processing while removing other connection requests from an incoming queue or request pool. The input port may continue to receive new requests even during a denial of service attack, allowing potentially legitimate requests to be processed. In a typical embodiment, a first in, first out buffer may be used to receive and process connection requests. When the buffer is full, any request that comes from a device having a previous connection with the computer system may be retained for authentication, while removing requests that come from unknown devices. Some embodiments may retain a list of known devices associated with administrators or other known users, and the list may be updated as those users are authenticated.

Abstract: A first and second secure location indicators are electronically received at one or more servers from a first portable computing device and a second portable computing device, respectively, operating in a wireless communication network. Each of the secure location indicators is generated using the location of the corresponding portable computing device, and neither secure location indicator reveals the location of the corresponding portable computing device to the one or more servers. The first secure location indicator is compared to the second secure location indicator at the one or more servers and, in response to determining that the first secure location indicator is identical to the second secure location indicator, an indication of physical proximity of the second portable computing device is electronically transmitted to the first portable computing device.

Abstract: Systems and methods for detection and dispute management of claims made against proprietary content in a live data stream are provided in this disclosure. The system includes a reference stream generation component that updates a set of reference data streams based on an identification of data that is associated with non-live content (e.g., advertisements, flashbacks, etc.). Moreover, user generated content is compared with the set of reference data streams to facilitate identify the claims and a partner-defined policy is applied to the user generated content to facilitate dispute management and/or resolution.

Abstract: Side channel attacks against a computing device are prevented by combinations of scrambling data to be stored in memory and scrambling the memory addresses of the data using software routines to execute scrambling and descrambling functions. Encrypted versions of variables, data and lookup tables, commonly employed in cryptographic algorithms, are thus dispersed into pseudorandom locations. Data and cryptographic primitives that require data-dependent memory accesses are thus shielded from attacks that could reveal memory access patterns and compromise cryptographic keys.

Abstract: A computer-implemented method for combining static and dynamic code analysis may include 1) identifying executable code that is to be analyzed to determine whether the executable code is capable of leaking sensitive data, 2) performing a static analysis of the executable code to identify one or more objects which the executable code may use to transfer sensitive data, the static analysis being performed by analyzing the executable code without executing the executable code, 3) using a result of the static analysis to tune a dynamic analysis to track the one or more objects identified during the static analysis, and 4) performing the dynamic analysis by, while the executable code is being executed, tracking the one or more objects identified during the static analysis to determine whether the executable code leaks sensitive data via the one or more objects. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In general, techniques are described for dynamic threat protection in mobile networks. A network system comprising a network security device and a management system may implement the techniques. The management system includes a network server having a shared database. A mobile device manager (MDM) of the management system receives a report message from a mobile device, specifying a threat to a mobile network. The MDM publishes the threat to the shared database. A network management system (NMS) of the management system receives data from the shared database identifying the threat and generates a security policy that specifies actions to address the threat. The NMS then installs the security policy in the network security device so that the network security device performs the actions of the security policy to address the threat.

Abstract: Aspects described herein allow multiple devices to function as a coherent whole, allowing each device to take on distinct functions that are complementary to one another. Aspects described herein also allow the devices function as a coherent whole when interconnected devices and their respective applications are configured to operate in various operation modes, when management policies are employed to control the operation of the interconnected devices and their respective applications, when transferring content between the interconnected devices and storing the content at those devices, when obtaining access credentials for the interconnected devices that enable the devices to access enterprise resources, when a policy agent applies management policies to control operation of and interaction between the interconnected devices, and when the interconnected devices are used to access an enterprise application store.

Abstract: A user obtains access to particular services levels associated with media content. A user and devices associated with the user may be authenticated to access content at a particular service level such as a particular quality level, content level, resolution, limited viewing, unlimited simultaneous viewing, etc. When the user is authenticated at a device, content at an appropriate service level is selected and provided to the device. Authenticating the user at a device such as a set top box may involve receiving a manually entered login and password, a passcode transmitted from a mobile device, face detection, a mobile device authorization code sent using infrared or radio frequency transmission, or other mechanisms identifying that the user or the mobile device is in the vicinity or is periodically in the vicinity of the set top box.