Abstract: Functional encryption keys can be selected based on a set of criteria that facilitates efficient decryption of ciphertexts. The method includes electronically storing one or more decryption key metadata parameters for a plurality of candidate decryption keys for a functional encryption ciphertext, storing a functional encryption ciphertext, extracting a scheme type of functional input from the ciphertext, extracting a functional input from the ciphertext, searching the metadata parameters to identify a set of candidate keys matching the scheme type of the ciphertext, searching the set of candidate keys to identify a key matching the extracted functional input, and selecting one of the identified candidate keys matching the scheme type and the extracted functional input as a decryption key for the functional encryption ciphertext.

Abstract: Embodiments of computer-implemented methods, systems, and non-transitory computer-readable medium having one or more computer programs stored therein are provided to transfer contents of transactional data between two or more networks configured to have different levels of network protection. Generated data barcodes can be decoded to produce contents of transactional data to be transmitted between two or more networks configured to have different levels of network security protection, and decoded contents of the transactional data can then be securely communicated back to the sender for comparison by generating validation barcodes to be decoded by the sender. Generated verification barcodes can then be decoded to produce verification data. Verification data can confirm success of the transmission of contents of transactional data encoded in the data barcodes. Decoded contents of transactional data can then be stored responsive to an indication of successful transmission.

Abstract: A secure and scalable data storage system that includes a server and a plurality of clients. The server maintains an access permission file that includes a file-group name, a plurality of client access blocks, a first and second public key, and a signature that is based on a first private key. The signature ensures that only clients who have a certain level of access can modify the contents of the access blocks. Each client access block includes at least one of a first access key, a second access key and a third access key. The access keys are encapsulated within biometric information of the client. The server grants one of a first level of access based on a successful verification of a signed request with the first public key and a second level of access based on a successful verification of the signed request with the second public key.

Abstract: Methods and systems provide indirect and temporary access to a company's IT infrastructure and business applications. The methods/systems involve establishing an access control center (ACC) to control the access that technical support personnel may have to the company's IT infrastructure and business applications. Thin client terminals with limited functionality may then be set up in the ACC for use by the technical support personnel. The thin client terminals connect the technical support personnel to workstations outside the ACC that operate as virtual desktops. The virtual desktops in turn connect the technical support personnel to the IT infrastructure and business applications. An ACC application may be used to automatically establish the connection between the thin client terminals and the virtual desktops and the virtual desktops and the IT infrastructure and business applications.

Abstract: A location sentry system is provided for use within a mobile device. The sentry system can be configured to detect unauthorized attempts to locate mobile devices by monitoring messages passed between the mobile device and the wireless network and/or messages passed between components of the mobile device, and determining that one or more of the messages is/are indicative of an attempt to locate the mobile device. In response to a determination that an unauthorized attempt has been detected, the location sentry can be configured to take one or more actions. For example, the location sentry system could prevent location information from being sent back to the wireless network and/or the location sentry system could cause incorrect information to be sent to the wireless network.

Abstract: Examples of systems and methods are provided for facilitating establishing a remote session between a host device and a remote server. The system may facilitate establishing a first remote session between a client device and the remote server. The system may facilitate establishing a trusted relationship between the client device and the host device. The system may provide remote session login information from the client device to the host device to enable the host device to establish a second remote session with the remote server. The system may facilitate termination of the first remote session at the client device after the login information is provided to the host device.

Abstract: A method and apparatus for sharing secret information between devices in a home network are provided. In the method and apparatus, home network devices receive a password (credential) input by a user and encrypt secret information based on the credential by using keys generated according to a predetermined identity-based encryption (IBE) scheme. Accordingly, it is possible to securely share the secret information between home network devices without any certificate authority or certificate.

Abstract: A circuit capable of being operated in a first and a second mode of operation comprises a storage location adapted to store at least a first state, a second state and a third state, wherein the circuit is adapted to switch to the first mode of operation when the storage location acquires the first or the third state, and wherein the circuit is adapted to switch to the second mode of operation when the storage location acquires the second state.

Abstract: Analyzing computer code using a tree is described. For example, a client device generates a data request for retrieving data from a non-trusted entity via a network. A gateway is communicatively coupled to the client device and to the network. The gateway is configured to receive computer code from the non-trusted entity via the network. The gateway builds a tree representing the computer code. The tree has one or more nodes. A node of the tree represents a statement from the computer code. The gateway analyzes the statement to identify symbol data. The symbol data describes a name of the variable and the value of the variable. The gateway stores the symbol data in a symbol table.

Abstract: Systems and methods that regulate range of access to personal information of a mobile unit's owner. The access control component can designate granularity for access levels and/or a spectrum of access modes—(as opposed to a binary choice of full access or no access at all). Such access can be based on a spectrum and/or discrete trust relationship between the owner and user of the mobile unit. A profile definition component can exploit an owner's trust relationships to designate levels of security. The profile definition component can further define a profile based on a set of applications, such as entertainment mode, browser mode, and the like.

Abstract: One of the embodiments is directed to establishing peer-to-peer tunnels between clients in a mobility domain. Normally, clients attached to a network having access nodes connected to a central controller transfer all traffic through the central controller via tunnels between the access node and the central controller. A mobility manager operating in the controller tracks access nodes connected to the controller, and clients connected to those access nodes. When the mobility controller recognizes traffic passing between clients in its mobility domain that is eligible for peer-to-peer forwarding, it instructs the access nodes supporting the clients to establish a peer-to-peer tunnel between the nodes, and direct the client traffic through this peer-to-peer tunnel. The peer-to-peer tunnel may be session based, or may be aged. Eligibility of traffic for peer-to-peer tunnels may be controlled by rules, such as limiting peer-to-peer tunnels by source or destination, by port or protocol, and the like.

Abstract: A multi-layer USB drive for storing data in a memory has at least two printed circuit board assemblies, each one including a memory for storing data and a control microprocessor controlling the flow of data to and from the memory. The circuit board assemblies are operatively connected to one another in a serial manner for exchange of data between adjacent assemblies upon access by a user and wherein at least one of the control microprocessors is security enabled requiring a user defined security input for accessing the memory of the printed circuit board assembly of that security enabled control microprocessor. A USB connector is for connecting to a USB slot of a device and the USB connector is operatively connected to only one of the printed circuit board assemblies. A USB hub is provided on at least one of the assemblies for recognizing the circuit board assemblies of the USB drive.

Abstract: A semiconductor device includes a serial communication interface connector, a non-volatile semiconductor memory, a memory controller, and a memory reader/writer. The serial communication interface connector is capable of being connected to a serial communication interface terminal of electronic equipment. The memory controller includes a memory interface connected to the non-volatile semiconductor memory and a copyright protection function and controls the non-volatile semiconductor memory. The memory reader/writer includes a controller interface connected to the memory controller and a serial communication interface connected to the serial communication interface connector.

Abstract: A method, apparatus, system, and computer program product for user identity attestation in mobile commerce. The method may include obtaining a photograph of a user of a mobile device via a camera integrated with the mobile device; identifying a first set of fiducial points from the photograph; causing the first set of fiducial points from the photograph to be compared to a second set of fiducial points associated with an authorized user of the mobile device; and determining that the user is the authorized user if the first set of fiducial points matches the second set of fiducial points.

Abstract: A computer-implemented method for creating a rights management system (RMS) with superior layers and subordinate layers is described. A separate trust network for one or more layers of the RMS is established. The trust network includes one or more computing nodes within the one or more layers. A data object is created on a computing node that is a member of trust network in a superior layer. The data object is encrypted to a ciphertext data object. A publishing license is created for each of the one or more layers of the RMS. Access rights and attributes associated with the ciphertext data object are controlled within each layer based on the publishing license of each of the one or more layers of the RMS.

Abstract: A system that safely executes a native code module on a computing device. During operation, the system receives the native code module, which is comprised of untrusted native program code expressed using native instructions in the instruction set architecture associated with the computing device. The system then loads the native code module into a secure runtime environment, and proceeds to execute a set of instructions from the native code module in the secure runtime environment. The secure runtime environment enforces code integrity, control flow integrity, and data integrity for the native code module. Furthermore, the secure runtime environment moderates which resources can be accessed by the native code module on the computing device and/or how these resources can be accessed. By executing the native code module in the secure runtime environment, the system facilitates achieving native code performance for untrusted program code without a significant risk of unwanted side effects.

Abstract: Systems and methods are disclosed for monitoring executable software applications on a computer network. Executable software applications and data files may be monitored by a risk monitoring system. The executable software application and data files may attempt to access a computer network and/or a computing device and a monitoring process may identify risks associated with the executable software application and/or data file. A suspicious characteristic of the executable software application may be identified during the monitoring process. The suspicious characteristic may be malware and may be neutralized before it causes damage to the computer network and/or computing device.

Abstract: In one embodiment, a method comprises receiving a primary stream of encoded frames and a separate stream of redundant frames. The method further comprises decoding and reconstructing in parallel the frames in the primary stream and the separate stream of redundant frames, on a real-time basis, in accordance with a specified common clock reference. The method further comprises, upon determining that a frame in the primary stream exhibits an error or impairment, determining a decoded redundant frame in the separate stream that corresponds to the impaired frame, and substituting at least a portion of the information in the decoded redundant frame for a corresponding decoded version of the impaired frame.

Abstract: This present application relates to data encryption and decryption technology, and especially relates to a data encryption and decryption method and apparatus. The described encryption method comprises: packeting plaintext data to be encrypted, randomly assigning an encryption function to each group of the plaintext data, encrypting each group of the plaintext data with the encryption function respectively, and arranging the encrypted data according to its corresponding position in the plaintext data to form a ciphertext. The encryption apparatus includes: packet module, encryption function random assignment module and encryption processing module. This application also provides a data decryption method and apparatus. This invention randomly assigns an encryption function to the plaintext to be encrypted, and uses the assigned encryption function to encrypt the plaintext data to arrange and form a ciphertext, greatly strengthening the security of data storage, and achieving the perfect secrecy of data.

Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.