Abstract: A system for providing security services to a mobile device where the mobile device is in communication with a public network through a first network path that is subject to interference by a third party. The system includes a security server and a private network. The security server is operative to communicate with the mobile device through the private network. The security server is also operative to communicate with the public network through a second network path that is less susceptible to the interference by the third party than is the first network path. The security server communicates with the public network through the second network path to provide security services to the mobile device that are delivered over the private network.

Abstract: Techniques are disclosed for validating input on a handheld device. In response to receiving an input and a request to access a computing resource, an application running on the handheld device may collect data from one or more sensors of the handheld device. The application may then determine, based on the collected sensor data, if an individual is interacting with the device and recognize the input as valid if such is the case. In one embodiment, the application may present a challenge to a user which is difficult for computer programs to perform, and determine whether an individual is interacting with the device based on successful completion of the challenge. In an alternative embodiment, the application may collect data and determine whether an individual is interacting with the device without presenting an explicit challenge to the user.

Abstract: Embodiments of the present invention provide apparatus, method and/or computer program products for monitoring internet activity. In some method embodiments, a network is searched to detect network data indicative of actual and/or potential contact with a child. A report is generated that identifies a source of detected data and the report is sent to a responsible party.

Abstract: According to an embodiment, a communication apparatus includes a cryptographic key storage, a transmitter, a receiver, and a sharing controller. The cryptographic key storage stores therein one or more cryptographic keys shared with an external device. The transmitter transmits specifying information that specifies at least one of the cryptographic keys to the external device. The receiver receives determination information that indicates a result of determination, which is made by the external device based on the specifying information, on whether the shared cryptographic key is consistent between the apparatus and the external device. When receiving the determination information indicating that the shared cryptographic key is inconsistent between the apparatus and the external device, the sharing controller deletes the cryptographic key specified by the specifying information from the cryptographic key storage.

Abstract: An authentication process receives information identifying a user, a device used by the user and a location in which the device is being used. That authentication process determines whether the location is among a set of familiar locations stored about the user for a service being accessed. If the location is not among the set of familiar locations, then the user is not authenticated. A desirable user experience can be obtained by using information about any existing relationship, such as a synchronization relationship, between the device and the service established at a prior familiar location. Instead of challenging a user whose device is in an unfamiliar location, the authentication process determines whether the device has a relationship established with the service. If the device has a relationship established with the service, then the set of familiar locations is updated to include the location in which the device is being used.

Abstract: A service request for a managed computer system is received and once a primary authorization for same has been given, a secondary authorization management system (SAMS) determines whether or not the service request requires secondary authorization. This determination is made according to a context of the managed computer system and an authorization profile for the received service request. If needed, the SAMS resolves the secondary authorization request and returns the resolution decision.

Abstract: Providing authorization and authentication in a cloud for a user of a storage array includes: receiving, by a storage array access module from a client-side array services module, a token representing authentication of user credentials and authorized access privileges defining one or more storage array services accessible by the user, where the token is generated by a cloud-based security module upon authentication of the user credentials and identification of authorized access privileges for the user; receiving, by the storage array access module from the user, a user access request to one or more storage array services; and determining, by the storage array access module, whether to grant the user access request in dependence upon the authorized access privileges represented by the token.

Abstract: A trusted content distribution system is described comprising a trustworthy enduser device and a network management infrastructure, the enduser device being adapted for communications between the enduser device and the networked infrastructure via a secure tunnel; the end user device comprising a host processor and memory; secure non-volatile memory for storing an operating system, a trusted boot process executed by the host processor to boot the end user device into a known state, means for communicating with a visualization device.

Abstract: This is directed to providing access to content stored on a local cloud. In particular, a device can direct a librarian service overseeing the operation of a local cloud to provide another device with access to content stored on the local cloud. The librarian service can generate credentials for the other device, and provide the credentials to the other device. Using the credentials, the other device can connect directly to the local cloud and access the content. In addition, the local cloud can validate the credentials of the other before providing access to the content. The credentials can include, for example, a key to install or load on the device. The librarian may not require, however, the user to create credentials or register with the librarian before being permitted to access the content on the local cloud.

Abstract: The disclosure relates to techniques for switching between channels of digital multimedia content. In particular, a decoding device decodes and renders to a display at least one frame of a segment of data prior to receiving the entire segment. In certain aspects, the decoding device may render one of the frames of the segment and freeze the rendered frame until the decoding device receives all of the frames of the segment. In other aspects, the decoding device may render frames of one or more segments at a reduced rendering rate until the receiving and rendering operations of decoding device are synchronized such that the rendering of the current segment occurs at substantially the same time as the receiving of the next segment. By rendering at least frame prior to receiving the entire segment the decoding device more quickly displays content to a user during a channel switching event.

Abstract: A variety of techniques are disclosed for detection of advanced persistent threats and similar malware. In one aspect, the detection of certain network traffic at a gateway is used to trigger a query of an originating endpoint, which can use internal logs to identify a local process that is sourcing the network traffic. In another aspect, an endpoint is configured to periodically generate and transmit a secure heartbeat, so that an interruption of the heartbeat can be used to signal the possible presence of malware. In another aspect, other information such as local and global reputation information is used to provide context for more accurate malware detection.

Abstract: Particular embodiments provide a method to authenticate a user of an application running on a mobile operating system (OS) installed on a mobile device, wherein the mobile OS invokes callback methods of the application upon making changes to an execution state of the application. Code embedded into the application causes the application to communicate with a management agent installed in the mobile OS upon invocation of a hooked callback method. Upon invocation of the hooked callback method, the embedded code assesses whether the user should be provided an authentication challenge prior to enabling the application to run in the foreground, and presents the authentication challenge if necessary. Finally, the embedded code returns execution control from the management agent back to the application wherein the application executes the at least one callback method prior to running in the foreground.

Abstract: A method for the secure exchange of data over an ad-hoc network implementing an Xcast broadcasting service and an associated node are disclosed. The method includes providing a security graph for the network and a communication graph for the network, routing a data item between the sender node sending the data and each receiver node receiving the data along a secure route on the security graph. The method also includes generating, between one relay node and a subsequent relay node of the secure route, an appropriate message, containing the data protected in accordance with a security association shared between the relay node and the subsequent relay node. The method further includes routing the message from the relay node to the subsequent relay node along a communication route on the communication graph.

Abstract: The present invention provides a security identity discovery method, through hiding or omitting MAC addresses of the first station and a second station in a frame for identity discovery between the two stations, adopting identity codes to identify the identities of the two stations and authenticating the identities by using a ciphertext, improves the degree of privacy protection during identity discovery of the stations.

Abstract: A method for establishing a secure communication session over communication paths between one or more client devices and one or more server computers according to a communication protocol includes initiating the session including passing communication through a proxy on a device on the communication paths, passing session initiation information between the client devices and the server computers via the proxy, passing encrypted content between the client devices and the server computers over secure communication sessions, each established for exclusive access from one client device and one server computer based on the exchanged session initiation information between said client device and said server computer whereby the proxy does not have access to the content, and modifying, using the proxy, at least some information passing between a client device and a server computer such that the communication to and from the server computer adheres to the communication protocol.

Abstract: This is directed to providing access to content stored on a local cloud. In particular, a device can direct a librarian service overseeing the operation of a local cloud to provide another device with access to content stored on the local cloud. The librarian service can generate credentials for the other device, and provide the credentials to the other device. Using the credentials, the other device can connect directly to the local cloud and access the content. In addition, the local cloud can validate the credentials of the other before providing access to the content. The credentials can include, for example, a key to install or load on the device. The librarian may not require, however, the user to create credentials or register with the librarian before being permitted to access the content on the local cloud.

Abstract: An approach is provided for providing a trust level to access a resource. A system receives a request at a device, from a first user, to access a resource associated with a second user. The resource is further associated with a predetermined privacy level. The system calculates a trust level between the first user and the second user based, at least in part, on a trust metric. The system then determines whether the trust level meets the predetermined privacy level and grants an access right to the resource based, at least in part, on the determination.

Abstract: Information useful for authenticating an entity is sent over a back channel during the authentication of an entity to a RESTful service. The delivery of the entity-related information is triggered by the validation of a service ticket received by the authentication component of the RESTful service.

Abstract: Disclosed are various embodiments for detecting and responding to attacks on a computer network. One embodiment of such a method describes monitoring data communications transmitted to a target class of first computing nodes; in response to detecting a non-legitimate data communication to a computing node in the target class, determining whether the non-legitimate data communication is a form of attack on a network to which the computing nodes are connected; and in response to determining that the network is under attack, implementing new security measures for second computing nodes that are not part of the target class to protect the second computing nodes against the attack on the network while the attack is ongoing.

Abstract: A system and method for configuring a component carrier is presented. A component carrier assignment message is received. The component carrier assignment message may be configured to identify the component carrier and include at least one of, at least one of a downlink carrier frequency, a carrier frequency of a paired uplink carrier, a bandwidth of the component carrier, and a bandwidth of the paired uplink carrier, an indication of whether the component carrier is a control channel monitoring component carrier configured to signal data channel assignment information for the component carrier, and a logical index of the component carrier. The component carrier assignment message may then be used to configure the component carrier on a user equipment (UE).