Abstract: A method includes creating a virtual machine including a remote file system, a file system service, and a security application. Access to the remote file system is restricted with the security application upon an unknown malicious code outbreak. The more that is known about the threat, the more precise are the restrictions placed upon the file system thus reducing the impact on users of the file system to an absolute minimum.

Abstract: Systems (100) and methods (600) for generating encrypted data. The methods involve: combining a cryptographic key with state initialization bits to generate first combination bits; producing a first keystream by performing a permutation function ƒ using the first combination bits as inputs thereto; and using the first keystream to encrypt first data (e.g., authentication data or message body data) so as to produce first encrypted data. The permutation function ƒ comprises a round function ƒround that is iterated R times. The round function ƒround consists of (1) a substitution layer in which the first combination bits are substituted with substitute bits, (2) a permutation layer in which the substitute bits are re-arranged, (3) a mixing layer in which multiple of the permutation layer are combined together, and (4) an addition layer in which a constant is added to the output of the mixing layer.

Abstract: Methods, apparatus, and articles of manufacture to identify media delivery are disclosed. An example method includes receiving a first log from a media provider, the first log comprising first source address information, first destination address information, first source port information, first destination port information, and media identification information; receiving a second log from a first receiver, the second log comprising second source address information, second destination address information, second source port information, and second destination port information; comparing information in the first log to information in the second log to attempt to identify a matching entry between the media provider and the receiver; and when a matching entry is identified, storing the media identification information from the first log in association with the receiver.

Abstract: An access authentication system for authenticating a subscriber of a service, the access authentication system comprising an operator access authentication system and one or more private access authentication systems, each private access authentication system being communicatively connectable with the operator access authentication system, the operator access authentication system being adapted to provide one or more authentication functions for facilitating authentication of subscribers of the service based on respective subscriber authentication data items associated with credentials of the subscriber; wherein each private access authentication system is adapted to communicate one or more subscriber authentication data items to said operator access authentication system; and wherein each private access authentication system is further adapted to communicate one or more verification data items indicative of the private access authentication system operating in at least one predetermined state.

Abstract: An electronic device includes a display, one or more processors, and memory storing one or more programs. The one or more programs include a first program having a user-logged-in state for a first user and a user-logged-out state for the first user. The device communicates with a social network system; and displays a first user interface on the display. The first user interface includes a first predetermined area that corresponds to the first program. If the first program is in the user-logged-in state for the first user, the device displays in the first predetermined area first content from a plurality of users of the social network system that are connected to the first user. If the first program is in the user-logged-out state, the device displays in the first predetermined area second content that is selected for the first user, without displaying the first content.

Abstract: A system includes a tamper detector that includes a linear feedback shift register (LFSR) for generating pseudorandom coded detection signals as a function of seed values and a generator polynomial. The generator polynomial is loaded from a controller to the LFSR via software, and the seed values are directly loaded from a hardware-based random number generator to the LFSR. The tamper detector has output and input elements for connection to ends of a tamper detection circuit, wherein the detection circuit is linked with a physical closure surrounding an electronic circuit. The detection signals are applied to the output element and incoming signals are received from the tamper detection circuit at a comparator via the input element. Comparison of the incoming signals with the coded detection signals is performed to detect interference with the detection circuit in an attempt to tamper with the electronic circuit.

Abstract: Methods, systems, and apparatus, including compute program products, for selecting a question for a challenge-response test. One of the methods includes obtaining question response pairs, wherein each question response pair includes a question about a first entity and a response to the question. Respective difficulty values for each question response pair are determined from a count of a number of times the question in the question response pair has been submitted as a search query to a search engine by users of the search engine. A request for a challenge-response test is received, wherein the request includes a context for the challenge-response test. Difficulty criteria for the challenge-response test are determined from the context. A first question response pair is selected that has a difficulty value that satisfies the difficulty criteria for the challenge-response test, the question from the first question response pair is provided in response to the request.

Abstract: In one embodiment, a device in a network detects a network attack using aggregated metrics for a set of traffic data. In response to detecting the network attack, the device causes the traffic data to be clustered into a set of traffic data clusters. The device causes one or more attack detectors to analyze the traffic data clusters. The device causes the traffic data clusters to be segregated into a set of one or more attack-related clusters and into a set of one or more clusters related to normal traffic based on an analysis of the clusters by the one or more attack detectors.

Abstract: A device may be configured to communicate with a mobile device using a short range communication protocol. The device may open a port based on communicating with the mobile device using the short range communication protocol. The device may receive a request from the mobile device via the port. The request may request security information for setting up a secure connection. The device may provide the security information to the mobile device. The device may establish a secure connection with the mobile device based on the security information. The device may provision the mobile device to receive media content from the device based on the secure connection. The device may provide the media content to the mobile device based on provisioning the mobile device.

Abstract: A system and method is provided for enabling identification of network users having similar interests and for facilitating communication between them. An Internet-based (or “on-line”) application is provided that: 1) facilitates the identification of users having similar interests using web-browsing behavior; 2) determines the virtual distance between web sites; and 3) utilizes profiling techniques and user-supplied descriptive information to facilitate direct communication between users who need not have had prior contact, and without requiring the participation of the visited web sites.

Abstract: A network service database stores abstractions of services provided by network elements. The network elements may proactively initiate communication with the service database. Additionally, network elements may update the service database when the network element experiences a state change. Client applications may contact the service database to perform functions, such as provisioning network services, billing, and fault monitoring without having to be concerned with the underlying details of each of the network elements.

Abstract: A delivery system, media, and method for communicating content to devices are provided. The delivery system includes a services aggregator and content aggregator for processing requests from the devices. The services aggregator processes the request to identify credentials for the devices that generate the request and to identify providers of content specified in the request. The content aggregator receives the content from the identified providers and formats the content based on limits imposed by the device. Because the devices are configured to allow the services aggregator and content aggregator to perform computational-intensive tasks associated with requesting and transmitting the content, the complexity and cost of the devices are minimized.

Abstract: A server includes a key generator and an authenticator. The key generator is configured to receive a request for a first key from a worker device, to create the first key that is associated with a worker, and to transmit the first key to the worker device. The authenticator is in communication with the key generator, the authenticator is configured to receive a second key and identification details from a customer device, to transmit the identification details to the worker device, to receive acknowledgment of the identification details from the worker device, and to authenticate the second key and the identification details with the customer device.

Abstract: A system and method of anonymous authentication is described. In operation, the authenticator receives a request to access a resource from one of the user devices of an associated set of user devices, wherein each of the user devices is registered to at least one user requesting access to the resource registered to at least two users. The authenticator generates and transmits an authentication challenge in response to the request to a subset of the user devices. A user device subsequently generates and transmits a response to the authentication challenge to the authenticator. The authenticator determines whether the responses received from the one or more user devices constitutes a valid response and grants any one or more of the user devices of the associated set of user devices access to the resource if the responses received from the user devices constitutes a valid response to the authentication challenge.

Abstract: Systems, methods, and devices for displaying digital content. In one embodiment, a method of simulating digital content includes providing information corresponding to a plurality of pixels of displayable content at an electronic device; and simulating the displayable content at the electronic device by displaying a representation of a first subset of the plurality of pixels during a first time period and displaying a representation of a second subset of the plurality of pixels during a second time period.

Abstract: Systems and methods are provided for automatically handling multiple levels of encryption and decryption. An electronic file is received to add to encrypted storage. The electronic file is encrypted to generate a new level of encryption for the electronic file using an encryption process that uses encryption data to generate the new level of encryption and to decrypt the new level of encryption. A set of existing encryption data associated with the electronic file is identified, wherein each existing encryption data from the set of existing encryption data is associated with an existing level of encryption already applied to the electronic file. The encryption data is added to the set of existing encryption data associated with the electronic file so that the existing levels of encryption and the new level of encryption can be decrypted.

Abstract: A system and a method are disclosed for a computer implemented method to unlock a mobile computing device and access applications (including services) on a mobile computing device through a launcher. The configuration includes mapping one or more applications with a guest access code. The configuration receives, through a display screen of a mobile computing device, an access code, and determines whether the received access code corresponds with the guest access code. The configuration identifies the mapped applications corresponding to the guest access code and provides for display, on a screen of the mobile computing device, the identified applications.

Abstract: A platform integrity verification system capable of executing platform integrity verification by a trusted boot without causing a delay of system startup time. The platform integrity verification system has an information processing device and an integrity verification computer that is communicably connected to each other. The information processing device comprises an acquisition section acquires a unique value from each of a plurality of programs executed by the information processing device when the information processing device is shut down; and a storage section configured to store the unique value acquired by the acquisition section in a storage device. The integrity verification computer comprises a comparison section configured to acquire the unique value stored in the storage device through communication with the information processing device and compares the acquired unique value with a predetermined value held in advance for each program.

Abstract: Techniques are provided for generating and managing temporary email addresses. A requestor having a requestor email address makes a request to receive a temporary email address. The temporary email address is generated and mapped to the requestor email address. Messages received that are associated with the temporary email address are mapped to the requestor email address and forwarded to the requestor. The temporary email address expires when an expiring event is detected.

Abstract: A method of dynamically applying a control policy to a network is described. A network layer of a plurality of network layers associated with user traffic is determined. A portion of a control policy corresponding to the network layer and the user traffic is accessed. Then, the portion is sent to a security device associated with the network layer, the portion being configured to be applied by the security device to the network layer and the user traffic.