Abstract: A method is described for defining a reserved pattern of symbols, receiving in a crypto-module an input stream including sequential input symbols, applying a cipher to the input stream in the crypto-module so as to generate an intermediate stream including sequential output symbols corresponding respectively to the input symbols, and converting the intermediate stream to an output stream from the crypto-module by comparing successive groups of the input symbols and the corresponding output symbols to the reserved pattern and, upon finding a match to the reserved pattern in a given group, substituting the input symbols in the group into the intermediate stream in place of the corresponding output symbols. Related hardware and systems are also described.

Abstract: A policy application server and methods for use are described. The policy application server is a logical element of a policy-based control and charging system for a mobile data service network. The policy application server is configured to manage policies including creating, revising, formatting, and provisioning of policies. The policy application server is configured to assemble policy rules from policies and context data. Context data includes subscriber and service information needed to make a particular policy rule. The policy application server gathers context data from one or more network databases. The policy application server is configured to send policy rules to select ones of a plurality of policy decision engines. The policy application server manages the storing of policies, policy rules and formatted context data in select ones of a plurality of policy repositories.

Abstract: Described herein is a computing platform incorporating a trusted entity, which is controllable to perform cryptographic operations using selected ones of a plurality of cryptographic algorithms and associated parameters, the entity being programmed to record mode of operation information, which is characterized by the algorithms and associated parameters that are selected to perform an operation.

Abstract: The present invention discloses a XSS detection method for detecting the XSS vulnerabilities in a web page, comprising for each parameter-value pair in a set of parameter-value pairs that can be accepted by the web page: constructing a parameter-value pair in which a dedicated script is inserted; assembling a URL corresponding to the web page based on the parameter-value pair in which a dedicated script is inserted; acquiring the dynamic web page content corresponding to the assembled URL; and simulating the execution of the acquired dynamic web page content, if the dedicated script is executed, it is determined that the processing of the parameter in the web page contains XSS vulnerabilities. The present invention further discloses a corresponding XSS detection device and a web site security scanning system and a web scanning system using such a device.

Abstract: The subject disclosure is directed towards detecting software vulnerabilities in an isolated computing environment. In order to evaluate each input submission from an external computer, a plurality of tasks are automatically generated for execution on one or more computing units running within the isolated computing environment. Various configurations of the one or more computing units are defined in which each computing unit executes the plurality of tasks. A report is produced comprising results associated with such an execution.

Abstract: This discloses a video file encryption and decryption method, device, and mobile terminal. The encryption method can include: obtaining a to-be-encrypted video file and an encryption key, encrypting the video file using the encryption key to obtain an encrypted video file, obtaining scanned non-hidden partitions of a mobile terminal and an extended memory of the mobile terminal for storing user data, determining a partition storing the to-be-encrypted video file among the non-hidden partitions, and moving the encrypted video file to a folder in the partition storing the to-be-encrypted video file. The decryption method can include: obtaining a to-be-decrypted video file and a decryption key, decrypting the to-be-decrypted video file using the decryption key to obtain a decrypted video file, and determining a pre-encryption storage location of the to-be-decrypted video file and moving the decrypted video file to the pre-encryption storage location of the to-be-decrypted video file.

Abstract: Systems and methods may be provided for masking data on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider's website. A privacy agent may process input field content to try to detect encoding markers in the input field content, which define portions of the content that are to be encoded. A third party key server may be used to store decoding keys. A URI reference to the decoding key may be used to access the decoding key by a node attempting to view the decoded version of the input field content.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for authenticating a communications source. In one aspect, a method includes decrypting a symbol that was received over a particular communications channel. The symbol is decrypted using a decryption key that is assigned to a particular endpoint that is assigned the particular communications channel. A measure of error is computed for the decrypted symbol. In turn, a determination is made whether the measure of error exceeds a threshold error measure. If the measure of error does not exceed the threshold error measure the decrypted symbol is identified as a valid symbol transmitted by the particular endpoint, and logged as such. If the measure of error exceeds the threshold error measure, the decrypted symbol is identified as a symbol from a different endpoint.

Abstract: Techniques for detecting malicious attacks may monitor activities during execution of content (e.g., network downloads and email) to identify an instruction backdoor on a computer. An instruction backdoor is malware that opens a port for listening for instructions from a remote server. Such instructions may trigger activation of malicious activity. These techniques employ virtual machines that, in a controlled and monitored environment, permit content, when loaded and executed, to open ports. When those ports are not the authorized ones used for communications by known programs installed on the computer, an instruction backdoor is discovered.

Abstract: Given the rise in popularity of communicating personal, private, sensitive, or vital peer-to-peer or peer-to-group information over potentially insecure text messaging infrastructure, it would be highly desirable to provide a solution that would enable the initiator and/or the consumer of these communiqués to determine the state of the privacy associated with the messages. The non-limiting technology herein provides systems and methods for enabling a consumer to graphically, linguistically, verbally, or programmatically, determine the privacy and security state of a communiqué and/or the privacy/security association with the at least one plurality of peers. Methods and systems provided by a computer application can enable a consumer to input message oriented data that will be subsequently communicated to at least one of a plurality of peers. Upon reception of the data, systems and methods are also describe to display the message oriented communiqué to the at least one peer consumer or other user.

Abstract: An embodiment generally relates to a method of managing tokens. The method includes detecting a presence of a token at a client and determining a status of the token. The method also includes formatting the token at the client in response to the status of the token being unformatted.

Abstract: An audio-video display device can download from a third party server a licensable component on which a royalty is to be paid. Various methods are disclosed for accounting for royalties associated with downloading the licensable component to the client device between the third party server and a client device manufacturer server.

Abstract: A device receives an attack on a Session Initiation Protocol (SIP)-based device, determines a type of the attack, and applies, based on the determined type of the attack, a return routability check filter to the attack.

Abstract: A process and system for enciphering and deciphering Unicode characters that is compatible with scripting languages such as JAVASCRIPT®, JSCRIPT® and VBSCRIPT®. The process and system can encipher each character individually and maintain the size of the character. The enciphered character is deciphered at the application layer at the client to provide endpoint security.

Abstract: A system comprising a processor adapted to activate multiple security levels for the system and a monitoring device coupled to the processor and employing security rules pertaining to the multiple security levels. The monitoring device restricts usage of the system if the processor activates the security levels in a sequence contrary to the security rules.

Abstract: The invention relates to a method for verifying the identity of an individual by employing biometric data features associated with the individual, which method provides privacy of said biometric data features, comprising at least the steps of: a) for enrollment purposes deriving a first biometric template from at least a first set of first biometric data features associated with said individual, and b) for identity verifying purposes deriving a further biometric template from at least a further set of said first biometric data features associated with said individual, and c) comparing said further biometric template with said first biometric template.

Abstract: Methods and devices provide a secure virtual environment within a mobile device for processing documents and conducting secure activities. The methods and devices create a secure application environment in which secure data and documents may be segregated from unsecured data using document encryption, allowing the application of security policies to only the secure application environment. The creation of a secure application environment allows users to access and manipulate secure data on any mobile device, not just specifically designated secure devices, without having to secure all data on the mobile device, while providing the corporate entity with necessary document security. The methods and devices provide for securing data on a mobile device at the data level using encryption.

Abstract: Techniques to manage digital telephones are described. An apparatus may comprise a digital telephone management component having a telephone interface module operative to receive security information in the form of a personal identification number (PIN) for an operator or device. The digital telephone management component may also comprise a telephone security module communicatively coupled to the telephone interface module, the telephone security module operative to receive encrypted security credentials from a computing device, and decrypt the encrypted security credentials with the PIN. The digital telephone management component may further comprise a telephone authentication module communicatively coupled to the telephone security module, the telephone authentication module operative to authenticate the digital telephone using the security credentials. Other embodiments are described and claimed.

Abstract: A method and system for hybrid encryption wherein all of the round function variables including the encryption algorithm change for each round. This permits the generation of block sizes and key sizes of any length and use standard block sizes and key sizes for the respective symmetric algorithm for each round function.

Abstract: An electronic circuit for implementing a physically unclonable function. The electronic circuit includes duplicate circuits, referred to as “circuit primitives,” that generate a first and a second output voltage based on the received input, referred to as a “challenge.” The electronic circuit further includes a comparator coupled to the circuit primitives and generates an output based on the difference between the first and second output voltages. While the circuit primitives contain duplicate circuitry, the circuit primitives may generate a different output voltage due to a particular set of transistors in the circuit primitives operating in the sub-threshold region whose gates are tied to ground and whose sub-threshold current, the magnitude of which is random based on the threshold voltage variation of the set of transistors, is used to affect the value of the output voltage.