Abstract: The disclosed embodiments include a method for disarming malicious code in a computer system having a processor. The method comprises accessing, by the computer system, input content, wherein the input content includes a plurality of data units having a value representing media content, and adjusting, by the processor, a data unit value of at least a portion of the data units, wherein the portion of the data units and an adjustment of the data unit value are determined so as to render any malicious code included in the plurality of data units inactive for its intended malicious purpose while not interfering with an intended use of the input content.

Abstract: A method and apparatus for use with a plurality of resources integrated within a space for performing a process and a program run by a processor for controlling the process, the apparatus for associating the resources with the program and comprising a processor running a program to perform the steps of identifying at least a first reference point within the space, identifying the relative juxtaposition of at least a first resource with respect to the first reference point and associating the first resource with the program as a function of the relative juxtaposition of the first resource to the reference point.

Abstract: Some aspects as described herein are directed to mirroring, in upstream and/or downstream data traffic for a particular connection, markings of data packets (e.g., DSCP and/or other markings) that have been received in downstream data traffic for that same connection. A trusted device in the network may control the markings, rather than a less-trusted endpoint device and/or a less trusted software application operating in any device.

Abstract: Systems and techniques for sharing security data are described herein. Security rules and/or attack data may be automatically shared, investigated, enabled, and/or used by entities. A security rule may be enabled on different entities comprising different computing systems to combat similar security threats and/or attacks. Security rules and/or attack data may be modified to redact sensitive information and/or configured through access controls for sharing.

Abstract: The subject disclosure is directed towards securing network data traffic through a trusted partition of the computing environment. A proxy service may communicate transaction data from a client to security-critical code within the trusted partition, which compares the transaction data to a security policy from a commercial electronic entity. If the transaction data includes malicious content, a security component framework of the trusted partition may reject the transaction data and terminate communications with the client. If the transaction data does not include malicious content, the security component framework may communicate a secured version of the transaction data and retrieve response data from the commercial electronic entity, which may be further communicated back to the client.

Abstract: A speaker recognition system for authenticating a mobile device user includes an enrollment and learning software module, a voice biometric authentication software module, and a secure software application. Upon request by a user of the mobile device, the enrollment and learning software module displays text prompts to the user, receives speech utterances from the user, and produces a voice biometric print. The enrollment and training software module determines when a voice biometric print has met at least a quality threshold before storing it on the mobile device. The secure software application prompts a user requiring authentication to repeat an utterance based at least on an attribute of a selected voice biometric print, receives a corresponding utterance, requests the voice biometric authentication software module to verify the identity of the second user using the utterance, and, if the user is authenticated, imports the voice biometric print.

Abstract: A method for proactively detecting shared libraries suspected of association with malware includes the steps of determining one or more shared libraries loaded on an electronic device, determining that one or more of the shared libraries include suspicious shared libraries by determining that the shared library is associated with indications that the shared library may have been maliciously injected, loaded, and/or operating on the electronic device, and identifying the suspicious shared libraries to a reputation server.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for securing data. One of the methods includes receiving, by the map reduce framework, data for analysis. The method includes identifying, by the map reduce framework, private data in received data. The method includes encrypting the private data. The method includes storing the encrypted private data in a location separate from the received data. The method includes obfuscating the private data by adding a reference to the location of the encrypted private data in the received data.

Abstract: A set of techniques is described for enabling a virtual machine based transcoding system. The system enables any transcoding provider to make their transcoding service available to other users over a network. The system can automate the deployment, execution and delivery of the transcoding service on behalf of the transcoding provider and enable other users to use the transcoding services to transcode content. The system receives a virtual machine image, transfers the image to a location where the media content is stored and creates a virtual private network of resources that will perform the transcoding of the media content. The virtual private network may be firewalled or otherwise restricted from opening connections with external clients when transcoding the content in order to prevent malicious use of the media content.

Abstract: A packet processing method, apparatus, and system. A first node receives a first packet sent by a relay device, where the first packet includes data in a second packet sent by a second node to the relay device, the data in the second packet is encrypted by using second additional authentication data and a session key between the first node and the second node, and the second additional authentication data is generated by the second node according to at least address information in a packet header of the second packet by using a second rule; the first node generates first additional authentication data according to address information in a packet header of the first packet by using a first rule, and decrypts the data in the first packet by using the first additional authentication data and the session key.

Abstract: A system and method for identifying and preventing malicious application programming interface attacks is configured to, during a learning stage: monitor all requests sent to and from the server API; identify one or more first characteristic data points of each request and response sent during the learning stage; and determine, based at least in part on the identified one or more first characteristic data points, one or more characteristic data models, wherein a characteristic data model represents at least one of an expected input to the API and an expected output of the API; and during a protection stage: monitor all requests sent to and from the server API; identify one or more second characteristic data points of each request and response sent during the protection stage; and one of validate and invalidate the identified one or more second characteristic data points against the one or more characteristic data models.

Abstract: Example embodiments relate to a notification system. The notification system accesses a set of components of a first data object, a user having registered to monitor the first data object for modifications. The notification system compares the set of components of the first data object to a previous set of components of the first data object and determines, based on the comparison, that the set of components of the first data object includes at least one modification from the previous set of components of the first data object. In response to determining that the set of components of the first data object includes at least one modification from the previous set of components of the first data object, the notification system notifies the user of the at least one modification to the first data object.

Abstract: A device management system is configured to manage access to electronic documents on client devices using policies. The policies specify one or more download and processing restrictions to be enforced with respect to the particular electronic document at client devices for example, particular hardware and software configurations that are required at client devices before data is permitted to be downloaded to those client devices. The policies may also specify other requirements that must be satisfied before data is permitted to be downloaded to those client devices, for example, user authentication.

Abstract: Obtaining and/or validating user credentials at client devices is described.

Abstract: An apparatus includes a processor and a memory storing instructions executed by the processor to receive a first communication session using a first key, where the first communication session is between a client and a server. A second communication session is initiated using a second key, where the second communication session is between the apparatus and the server. An active communication session is negotiated between the client and the server using the first key and the second key. The active communication session is decrypted using the first key and the second key. The active communication session is re-encrypted using a third key to form re-encrypted data.

Abstract: A server system with one or more processors and memory sends a verification request, to a client device, to verify that the client device is storing a data block, where the verification request includes verification parameters. In response, the server system obtains from the client device a first verification value for the data block. The server system compares the first verification value with a second verification value for the data block, where the second verification value was previously computed, in accordance with the data block and the verification parameters, and stored by the server system. In accordance with a determination that the first verification value matches the second verification value, the server system confirms that the client device is storing the data block.

Abstract: Embodiments of a data encryption and/or decryption technique are disclosed. Briefly, for example, in accordance with one example embodiment a method is provided. A message based at least in part on a hierarchical symbol assignment system is encrypted. The hierarchical symbol assignment system is represented as a numerical value.

Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for performing multi-factor authentication. In one aspect, a method includes determining that a user has successfully completed an authentication factor, determining whether a mobile device associated with the user is proximate to a computer; and authenticating the user based on determining that the user has successfully completed the authentication factor, and that the mobile device is proximate to the computer.

Abstract: A hardware device for monitoring and intercepting data packetized data traffic at full line rate, is proved. In high bandwidth embodiments, full line rate corresponds to rates that exceed 100 Mbytes/s and in some cases 1000 Mbytes/s. Monitoring and intercepting software, alone, is not able to operate on such volumes of data in real-time. An exemplary embodiment comprises: a data delay buffer with multiple delay outputs; a search engine logic for implementing a set of basic search tools that operate in real-time on the data traffic; a programmable gate array; an interface for passing data quickly to software sub-systems; and control means for implementing software control of the operation of the search tools. The programmable gate array inserts the data packets into the delay buffer, extracts them for searching at the delay outputs and formats and schedules the operation of the search engine logic.