Abstract: An apparatus, computer readable medium, and method are provided in one example embodiment and include a network device, an analysis module, and a tag module. The analysis module may be configured to perform a number of actions on the network data to identify network information about the network data. The tag module may be configured to determine whether a destination for the network data is within a set of destinations; and responsive to a determination that the destination for the network data is within the set of destinations: generate a metadata tag based on the network information, associate the metadata tag with the network data, and transmit the network information and the metadata tag.

Abstract: In order to solve this problem, the first aspect of the present invention is a system for duplicating (cloning) a physical environment in a virtual environment using CMDB, the system comprising: means for setting a level of confidentiality for attributes of configuration items (CI) of CMDB managing the source hardware information and software information, and means for sending CMDB information including CI having the level of confidentiality set to a virtual environment constructing means connected via a network; the virtual environment constructing means having a means for constructing the source environment in a virtual environment based on sent CMDB information; and the sending means having a means for changing the level of confidentiality of CI attributes having the level of confidentiality set in accordance with a default confidentiality policy.

Abstract: Systems and methods for enhanced security of media are provided. Media security may be enhanced by improving the setup of encryption and/or decryption, by improving the performance of encryption and/or decryption, or by improving both. The calls related to enhanced security of media from an application in an emulated environment to a security module in the operating system hosting the emulated environment may be combined to reduce the overhead of accessing a security module. An application handling secure shell (SSH) communications may execute multiple calls to a cryptographic module in the host operating system. Because many calls to the cryptographic module during SSH communications follow patterns, two or more related calls may be combined into a single combined call to the cryptographic module. For example, a call to generate a server-to-client key and a call to generate a client-to-server key may be combined into a single call.

Abstract: Disclosed is an Internet of things capability integration system, which relates to the field of Internet of things, and the field of telecommunication network and Internet.

Abstract: A system and methods are provided for establishing an authenticated and encrypted communication connection between two devices with at most two round-trip communications. During establishment of an initial authenticated, encrypted communication connection (or afterward), a first device (e.g., a server) provides the second device (e.g., a client) with a token (e.g., a challenge) that lives or persists beyond the current connection. After that connection is terminated and the second device initiates a new connection, it uses the token as part of the handshaking process to reduce the necessary round-trip communications to one.

Abstract: Generating a set of attempted external contacts associated with a malware sample is disclosed. A malware sample is executed, in an accelerated computing environment. In the accelerated computing environment, a guest time is advanced more quickly than a time by which a host time is advanced. A set of one or more attempted external contacts generated by the executing malware sample is recorded. The set of attempted external contacts is provided as output.

Abstract: Cryptographic communication systems and methods can utilize a base interface and a channel interface. Plug-ins can be utilized to provide cryptographic functions configured for either a first customer or a second customer. The first customer can be a United States domestic customer and the second customer can be an international customer.

Abstract: Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.

Abstract: Cryptographic key management and usage is accomplished by employing a hybrid symmetric/asymmetric security context wherein seed values are associated with randomly generated cryptographic keys. A security context environment is maintained wherein cryptographic keys are reliably reproduced when needed.

Abstract: The present disclosure provides a cover for an electronic device and a biometric data apparatus for communication with an electronic device, wherein the biometric data apparatus comprises: a body; and a biometric data input element formed on the body; wherein at least part of the body is configured such that the biometric data apparatus may be releasably coupled to the electronic device when the cover for the electronic device is fitted to the electronic device.

Abstract: Methods and apparatus for distribution of keys are disclosed. An optical signal for carrying encoded information in accordance with a quantum key distribution scheme is generated. The generated optical signal has a wavelength which is changed to another wavelength prior to transmission of the optical signal. The optical signal carrying the encoded information and having the changed wavelength is received, where after decoding of the information takes place by means of detector apparatus operating in the changed wavelength.

Abstract: A device may collect environmental information surrounding the device. Based on the collected environmental information, the device may automatically identify a potentially secured location that has lower security risk. When a potentially secured location is identified, the device may prompt the user to setup a security profile having reduced security requirement for the secured location. The device may store and associate the security profile with the secured location. The device may activate the security profile with reduced security requirement when the device is in the secured area. Further, the security profile may require that certain features of the device be disabled when the device is in the secured location.

Abstract: An application analysis platform enables automatic generation of abstract program representations (APRs) that are amenable to static analyzes for finding security vulnerabilities. The APR is generated automatically, preferably from an existing build system or a source repository, and then encapsulated into a binary archival format for consumption by a static analysis tool, which operates on-premises or in the cloud. The abstract program representation is a highly compact version of the actual source code it represents. The archival format obfuscates the source code that is subjected to the analysis, thus protecting it from being reverse-engineered when moved off-premises or otherwise shared with other users, teams and even organizations.

Abstract: A method for a device to connect to a wireless network is provided. The method includes: acquiring authority use data of a user; processing the authority use data to obtain an authority result; and sending the authority result to a terminal device.

Abstract: Some embodiments of the invention provide a mobile device that restricts access to its applications. The mobile device, displays, on the device's touch screen display, a lock screen page for accessing the device in a primary access mode or a secondary access mode. The primary access mode provides access to several of the device's applications, and the secondary access mode provides access to a limited set of the applications. The mobile device receives a touch input on the lock screen page to access the device in the secondary access mode. The mobile device unlocks the device to the secondary access mode by allowing access to the set of applications and restricting access to the remaining applications in the plurality of applications.

Abstract: The present invention is related to a wireless transmit/receive unit (WTRU) for providing advanced security functions. The WTRU includes trusted platform module (TPM) for performing trusted computing operations; and a secure time component (STC) for providing a secure measurement of a current time. The STC and the TPM are integrated to provide accurate trusted time information to internal and external to the WTRU. The STC may be located on an expanded a subscriber identity module (SIM), on the WTRU platform, or two STCs may be used, one in each location. Similarly, the TPM may be located on an expanded SIM, on the WTRU platform, or two TPMs may be used, one in each location. Preferably, the STC will include a real time clock (RTC); a tamper detection and power failure unit; and a time report and sync controller.

Abstract: Methods for managing a communication session in a communication network are disclosed. For example, a method includes detecting, by a first endpoint comprising at least one processor, an error condition associated with the communication session, sending, by the first endpoint, a notification of the error condition to a second endpoint that is using a transport layer session and receiving, by the first endpoint, a communication from the second endpoint, proposing a response to the error condition. Another method includes receiving, by a first endpoint comprising at least one processor, a notification of an error condition associated with the communication session, selecting, by the first endpoint, a response to the error condition, and sending, by the first endpoint, a communication to a second endpoint that is using a transport layer session, proposing a response to the error condition.

Abstract: Accessing privileged objects in a server environment. A privileged object is associated with an application comprising at least one process resource and a corresponding semi-privileged instruction. The association is filed in an entity of an operating system kernel. A central processing unit (CPU) performs an authorization check if the semi-privileged instruction is issued and attempts to access the privileged object. The CPU executes the semi-privileged instruction and grants access to the privileged object if the operating system kernel has issued the semi-privileged instruction; or accesses the entity if a process resource of the application has issued the semi-privileged instruction to determine authorization of the process resource to access the privileged object.

Abstract: An instant messaging message processing method is disclosed and includes: receiving, by a server, an instant messaging message, user account information of a destination user terminal, and user account information of a source user terminal from the source user terminal; determining, by the server, a risk level of the instant messaging message according to a preset rule and the user account information of the source user terminal; and if the risk level of the instant messaging message reaches a first risk level, transmitting, by the server when, the instant messaging message and preset pre-warning information to the destination user terminal according to the user account information of the destination user terminal, wherein the pre-warning information comprises security prompt information which is used for prompting a user of the destination user terminal to notice a security risk of the instant messaging message. An instant messaging message processing device is also disclosed.

Abstract: Techniques and systems are disclosed for enabling device configuration using signals that encode device policy settings. A method of configuring policy settings on a host device can include receiving a signal that encodes at least one policy setting; interpreting the signal to determine the at least one policy setting; and applying the at least one policy setting to the host device at its own authority.