Abstract: Systems and techniques are disclosed for detecting whether a wearable computing device is worn by a user or not. The detection can be made based on whether the device is secured to a user or based on a sensor. A device worn by a user may be operated in a private mode such that the user wearing the device is provided information that is useful while wearing the device. For example, the user may receive message notifications, news updates, telephone call information, or the like. A wearable computing device maybe operated in a public mode while not being worn by a user. While in the public mode, the device may provide non user specific information such as a current time, media items, or the like.

Abstract: A system and method for enforcing policy in a computing environment with a plurality of hosts that includes establishing a policy update specified through a namespaced addressing syntax; publishing the policy update to a set of components associated with a referenced component namespace; at a host of the set of components, authenticating the policy update; at the host, locally verifying policy compliance of an operation request by the host directed towards at least a second component; applying results of verifying the policy compliance of the operation request within a communication channel flow, which comprises routing the operational request through the communication channel to the second component if the operational request is permitted and preventing the operational request if the operational request is not permitted.

Abstract: A method for transmitting and receiving multimedia content having cryptoperiods scrambled by a control word includes a sender using an operating key and an encryption algorithm in a first virtual mother card to encrypt the control word to obtain a cryptogram, using a syntax constructor also in the first virtual mother card to generate an ECM that incorporates the cryptogram, and transmitting it to a terminal. The terminal receives the ECM and using a syntax analyzer contained in a first virtual daughter card associated with the mother card and uses it to locate a position of the cryptogram CW*t in the ECM. Using an operating key of a decryption algorithm in the daughter card, it then decrypts the cryptogram. Then, using the decrypted control word, it proceeds to descramble the cryptoperiod. Meanwhile, the sender occasionally changes the virtual mother card into a different virtual mother card.

Abstract: A hardware sensor and a hardware user-input component are integrated in a portable electronic device. The hardware sensor is operable to produce hardware sensor output indicative of orientation or motion or both of the device within its environment. The hardware user-input component has multiple elements operable to accept user input through touch. A user-input driver and the device's operating system are jointly operable to detect touch events involving the elements. A software application stored in the device's memory is executable by the device's processor as a process. A sensor driver or the operating system or both are configured to control what hardware sensor output, if any, is receivable by the process. This control may thwart an attack based on analysis of the hardware sensor output, the attack designed to deduce what user input has been made via multiple elements of the hardware user-input component.

Abstract: Data security jurisdiction zones are identified and data security policy data for the data security jurisdiction zones is obtained. The data security policy data for the data security jurisdiction zones is then automatically analyzed to determine allowed secrets data with respect to each of the identified data security jurisdiction zones. The allowed secrets data with respect to each of the data security jurisdiction zones is then automatically obtained and provided to resources in the respective data security jurisdiction zones, either from a central secrets data store or from an allowed secrets data store associated with each data security jurisdiction zone.

Abstract: A method begins with a computing device of a dispersed storage network (DSN) determining that an encoded data slice of a set of encoded data slices requires rebuilding and sending partial rebuild requests to storage units of the DSN. The method continues with one of the storage units generating a partial rebuilt slice based one or more encoded data slices of the set of encoded data slices stored by the one of the storage units and securing the partial rebuilt slice using a shared secret scheme that is shared among the storage units to produce a secured partial rebuilt slice. The method continues with the computing device receiving a set of secured partial rebuilt slices from the storage units, recovering a set of partial rebuilt slices from the set of secured partial rebuilt slices, and rebuilding the encoded data slice from the set of partial rebuilt slices.

Abstract: Techniques for notification of reassembly-free file scanning are described herein. According to one embodiment, a first request for accessing a document provided by a remote node is received from a client. In response to the first request, it is determined whether a second request previously for accessing the document of the remote node indicates that the requested document from the remote node contains offensive data. If the requested document contains offensive data, a message is returned to the client, without accessing the requested document of the remote node, indicating that the requested document is not delivered to the client.

Abstract: Embodiments of systems, apparatuses, and methods to securely download digital rights managed content with a client are described. In some embodiments, a system establishes a secure root of trust for the client. In addition, the system establishes a secure tunnel between an agent of the client and a storage system of the client. Furthermore, the system securely downloads the digital rights managed content to the storage system via the secure tunnel and securely provides the digital rights managed content from the storage system to a display.

Abstract: The systems, methods and apparatuses described herein provide a computing environment that manages private key storage. An apparatus according to the present disclosure may comprise a first non-volatile storage for storing a private root key for signing digital certificates, an input device for receiving manual input from an operator, a communication interface consisting of a one-way transmitter for transmitting information from the apparatus, and a processor. The processor may be configured to retrieve the private root key from the first non-volatile storage, receive information for a new digital certificate through the input device, generate the new digital certificate according to the received information, sign the new digital certificate using the private root key and transmit the new digital certificate from the apparatus using the transmitter.

Abstract: Embodiments of the invention are directed to an apparatus, method, and computer program product for an exposure based application security testing system. In some embodiments, the apparatus is configured to: access an application, wherein the application comprises an assessment parameter, wherein the assessment parameter comprises one or more assessment sub-parameters, wherein the one or more assessment sub-parameters comprise one or more assessment indicators; process the application, wherein processing the application comprises calculating a total exposure score for the application based on at least an application exposure score and a protective control score; determine whether the application qualifies for security testing based on at least the calculated total exposure score; and initiating the presentation of the qualified application to the user to implement security testing.

Abstract: Methods, apparatus and articles of manufacture for automated discovery of knowledge-based authentication components are provided herein. A method includes analyzing entity-related information to identify one or more individuals within the entity for exclusion from one or more authentication requirements in connection with one or more operations associated with the entity, wherein said analyzing is based on one or more pre-defined parameters, and querying an agent of the entity to approve each of the one or more individuals identified within the entity for exclusion from the one or more authentication requirements.

Abstract: Methods, system, and media for analyzing a potential malware sample are disclosed. A sample for malware analysis may be received. The sample may be received through a web interface. The sample may be analyzed using a plurality of analyzers implemented on one or more computing devices. The analyzers may perform a sequence of configurable analytic steps to extract information about the sample. The extracted information may be displayed to a user through the web interface.

Abstract: A method including: reading a portion of stored data from a storage medium, decrypting the portion of stored data, then if changes are requested, making the changes to the portion of stored data to produce changed data, encrypting the changed data, and writing the encrypted changed data to the storage medium. An apparatus that performs the method is also included.

Abstract: A method begins with a processing module of a dispersed storage network (DSN) identifying an encoded data slice of a set of encoded data slices that requires rebuilding and identifying storage units of the DSN that store the set of encoded data slices. The method continues with the processing module determining a rebuilding metric regarding the identified encoded data slice and selecting a sub-set of the storage units for retrieving a decode threshold number of encoded data slices of the set of encoded data slices based on the rebuilding metric. When the decode threshold number of encoded data slices have been retrieved, the method continues with the processing module decoding the decode threshold number of encoded data slices to produce a reconstructed data segment and generating a rebuilt encoded data slice from the reconstructed data segment.

Abstract: The present invention relates to a method for seamless policy based network discovery, selection and switching of a user equipment (UE), characterized by the steps of: retrieving existing network selection policy information for current UE location; contacting network policy control server of current UE location; performing network authentication procedure with the network policy control server; securing communication channel between the UE and the network policy control server; requesting a network selection policy information; storing the network selection policy information; extracting the network selection policy information; evaluating a first set of UE local operating environment conditions; provisioning the plurality of sets of access point security information on UE; evaluating a second set of UE local operating environment conditions; performing network switch; evaluating a third set of UE local operating environment conditions; establishing a wireless local area network (WLAN) interworking procedure

Abstract: A data storage arrangement comprising a data transfer device and a removable data storage item, the removable data storage item storing an encryption key, and the data transfer device being operable to read the encryption key from the removable data storage item, encrypt data using the encryption key; and transfer the encrypted data to the removable data storage item. Additionally, a method of distributing a key for use in encrypting data to be stored on a removable data storage item, the method comprising: storing an encryption key to a removable data storage item, the removable data storage item having a unique identifier; storing an association of the unique identifier and a decryption key, the decryption key for use in decrypting data encrypted using the encryption key; receiving from a user a unique identifier of a removable data storage item; and returning to the user a decryption key associated with the received unique identifier.

Abstract: An information processing system includes a recording apparatus and a portable device, wherein the recording apparatus includes a recording control section, a selection section, a creation section, a digest information transfer control section, an operation information reception control section, and an operation information reflection section, and wherein the portable device includes a digest information reception control section, and an operation information transfer control section.

Abstract: According to certain embodiments, a cyber threat analysis system generates a network model of a network infrastructure that is used by an organization, assigns a weighting value to each of a plurality of network elements of the network infrastructure according to a relative importance of the each network element to the organization, and generates an attack vector according to a determined vulnerability of the network infrastructure. The attack vector represents one or more illicit actions that may be performed to compromise the network infrastructure. The system may simulate, using a network modeling tool, the attack vector on the network model to determine one or more resulting ramifications of one or more of the plurality of network elements due to the attack vector, and determine a criticality level of the attack vector according to the weighting value of the one or more network elements.

Abstract: A secure (e.g., protected) storage drive for use with an associated computer device is disclosed. The secure storage drive allows access only when properly authenticated to the computer device attempting to access the secure storage drive. Additionally, other levels of authentication may be required prior to allowing access. For example, access may only be allowed if both the computer device and a user authenticated to the computer device are recognized by the secure storage drive. If access to the secure storage drive is not permitted, then the secure storage drive may remain hidden and not accessible to the operating system of the computer device. Accordingly, if hidden, no command of the operating system of the computer device can access, alter, or erase data on the secure storage drive.

Abstract: A system and method for determining at least one hardening strategy to prevent at least one attack, comprising: performing processing associated with obtaining at least one attack graph, the at least one attack graph comprising at least one goal condition, at least one initial condition, and at least one exploit; performing processing associated with obtaining at least one allowable action that disables the at least one initial condition; performing processing associated with obtaining costs associated with the at least one allowable action; and performing processing associated with utilizing the at least one allowable action to determine at least one recommended strategy from the at least one allowable action taking into account the costs.