Abstract: In various example embodiments, a system and method for transferring the state of a first device to a second device are disclosed. Information associated with a current state of a first device is captured. The captured information includes application states associated with a plurality of corresponding applications that are executing on the first device at the time of capturing the information. A type of connection to be used to transfer the state of the device is determined based on the connections available to the first device and the second device. The file containing the information of the state of the first device is transferred to the second device using the connection type. The file, when processed by the second device, causes the second device to reproduce the state of the first device.

Abstract: A method and apparatus for a certificate authority system providing authentication to a plurality of devices associated with an organization are described. The method may include receiving, at the certificate authority system, a request from a device to sign authentication information of the device, wherein the device is associated with the organization. The method may also include sending a challenge to the device to perform an action with a system other than the certificate authority system, and receiving the response to the challenge from the device. Furthermore, the method may include verifying that the response was generated correctly based on the challenge, and signing the authentication information of the device with one or more keys of the certificate authority system as an authentication of an identity of the device.

Abstract: A system detects a security attack through a network-based application. The system receives a runtime request for invocation of a function and dynamically determines if the request for invocation of the function is associated with a cross-site scripting attack. In response to determine the function is associated with a cross-site scripting attack, the system stores information associated with the request, which is used for determining if the request is a legitimate request or a cross-site scripting attack.

Abstract: A method of pushing passwords, and a pushing system are provided. The method includes establishing a sharing cryptographic library which stores a plurality of application program identification codes, account names and passwords, receiving first biological characteristic information of a user, and simultaneously receiving a push request including second biological characteristic information and a current application program identification code. An account name and a password of the current application program identification code from the sharing cryptographic library is read, and the account name and the password is pushed to a second terminal device when the first biological characteristic information matches with the second biological characteristic information.

Abstract: Systems and methods for user identification and authentication are disclosed. In one embodiment, a method of authenticating a first party to a second party may include the following: (1) receiving, from one of an electronic device of a first party and an electronic device of a second party, a request to generate authenticating indicia; (2) using at least one of a plurality of computer processors, generating the authenticating indicia; (3) transmitting, over a network, the authenticating indicia to the electronic device of a first party and to the electronic device of the second party; (4) receiving, from an electronic device of the second party, an indication that the second party has confirmed that the first party is authentic; and (5) storing an identity of the first party, the second party, and the authenticating indicia in a database.

Abstract: Methods and systems for detection and mitigation of denial-of-service (DoS) attacks against network applications/services/devices in near real-time are provided. According to one embodiment, multiple access requests are received at a network device from a source Internet Protocol (IP) address. Temporal and/or spacial information relating to the access requests are stored in a first database operatively coupled with the network device. It is determined based on a first defined condition whether compression is to be performed on the stored temporal and/or spacial information. When a result of the determining is affirmative, then the stored temporal and/or spacial information is compressed. One or more compression ratios of the compressed temporal and/or spacial information with respect to the stored temporal and/or spacial information in uncompressed form are computed. The source IP address is identified as malicious based on the one or more compression ratios.

Abstract: Systems for dynamic watermarking within a cloud-based collaboration environment. Storage facilities are managed by servers to provide cloud-based storage services to two or more client entities as a service across a network. The servers maintain versions of editable documents or photo images or video clips using a version indication. Dynamic watermarking applies a first watermark image to a first version of the editable document and grants edit access to a first client entity of the two or more client entities. While the first client entity has edit access to the first version of the editable document the system generates a second version of the editable document and applies a second watermark image to the second version of the editable document before delivering the second version to a second client entity. A security watermark is based on a user credential, and a leak source can be determined based the user credential.

Abstract: A network control apparatus and method is provided. The method includes operations of informing a server of capability information including an encryption/decryption method, wherein the server provides the network control apparatus with control information used to control a network device using a general-purpose control web application, transmitting to the server a control information requesting message that requests the control information, receiving from the server the control information which has been encrypted using the encryption/decryption method, decrypting the encrypted control information according to the encryption/decryption method, and transmitting a control command for controlling the network device according to the decrypted control information.

Abstract: Presented is a system and methods for receiving metadata, a decryption module and encrypted content from a cable headend, decrypting the encrypted content with the decryption module and presenting the decrypted content to a user. The client device can receive, load and execute any decryption module compatible with the system framework allowing flexibility in the choice or changing of client device manufacturer and/or Digital Rights Management system vendor.

Abstract: The disclosed embodiments relate to a system that generates an alert based on information extracted from search results generated by a query. During operation, the system executes the query to generate the search results. The system also obtains configuration information for the alert, wherein the configuration information identifies information associated with the search results, and also specifies a trigger condition for the alert. Next, when the trigger condition for the alert is met, the system uses the configuration information to generate a payload containing the identified information associated with the search results. The system then invokes alert-generating functionality and provides the payload as input to the alert-generating functionality. This enables the alert-generating functionality to use the information from the search results while performing one or more alert actions association with the alert.

Abstract: Authentication of devices to receive services provided by service providers over communications networks such as open access networks, wherein the provider of the network need not have access to secret information shared between the devices and the service providers. A request is received from a device to receive services from a service provider and is forwarded to the service provider. A challenge and an expected response is received from the service provider and the challenge is forwarded to the device. A response to the challenge is received from the device the device is authenticated to receive services from the service provider if the response received from the device matches the expected response provided by the service provider.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for secure data transmission using natural language. One of the methods includes: obtaining sensitive information for a user; obtaining a natural language key for the user, wherein the natural language key for the user includes one or more natural language tokens; generating decoding data for the sensitive information for the user, wherein generating the decoding data comprises: for each place in the sensitive information for the user: assigning a respective one of the natural language tokens in the natural language key for the user to the value at the place, and generating one or more respective dummy natural language tokens for each value of the respective set of possible values for the place other than the value at the place; and providing the decoding data for use in decoding the natural language key into the sensitive information.

Abstract: A mechanism is provided for managing data storage in a distributed virtual environment. A write access request to a virtual machine in the distributed virtual environment is received from a user, the virtual machine running on a hypervisor node in the distributed virtual environment. The data associated with the write access request is cached at the hypervisor node. The user is notified of a completion of the write access request. The cached data is transmitted to a storage node in the distributed virtual environment, the storage node providing physical storage to the virtual machine.

Abstract: In various exemplary embodiments, a system and associated method for providing a hybrid cloud computing environment are disclosed. For example, a system may authorize an enterprise user based on an enterprise identity. Once authenticated, embodiments may use mapping data and a cloud role to determine an identity to use when the enterprise user accesses a cloud.

Abstract: A communication to a network location is detected at a computing device. The communication to the network location is encrypted dependent at least in part on whether the network location is at a different computing device from the computing device.

Abstract: A network protection system and method for processing of network traffic between one or more networked devices. The network protection system may include the networked devices and a threat correlation device. The networked devices may operate as a monitoring agent and/or an interdiction agent. The threat correlation device may execute computer code for receiving information from the monitoring agent regarding an event recognized by the monitoring agent, retrieving an event score for the event from a risk scoring database based on an event type, a destination of the event, and a number of occurrences of the event, and updating a risk score by adding the event score to the risk score. When the risk score reaches a critical threshold, the threat correlation device may send instructions to the interdiction agent to take protective or defensive action against data traffic of that event type and from that aggressor.

Abstract: The disclosed technology includes techniques for secure access to data associated with an organization and includes providing a user device access to a user interface that is configurable by a user of the user device to execute function requests. Upon receipt of a function request, a router can randomly select an available computer from a computer cluster to execute the function. The computer can access a predetermined portion of the organization's data, generate an output by executing the requested function based on the predetermined portion of the organization's data, and transmit the output to the user device.

Abstract: In one example, a method includes obtaining, by a data processing device, first secret data associated with a first user and corresponding to a first location of a remote resource. The method further includes generating, using the first secret data, a first uniform resource locator (URL) usable to obtain the first location, and accessing the first location using the first URL. The method further includes obtaining, in response to transfer of usage rights of the data processing device from the first user to a second user, second secret data associated with the second user and corresponding to a second location of the remote resource. The method further includes generating, using the second secret data, a second URL usable to obtain the second location, and accessing the second location using the second URL. The second location is inaccessible via the first URL. The first location is inaccessible via the second URL.

Abstract: A method for automatically establishing a wireless connection, a gateway device and a client device for internet of things (IoT) using the same are provided. According to the provided method, SSID of the gateway device can be composed of an encrypted access password and an index, so that the client device may identify the gateway device to be connected according to the index within the SSID string and acquire the encrypted access password from the SSID string. Therefore, the client device can decrypt the encrypted access password. Accordingly, the wireless connection between the client device and the gateway device can be automatically established since the client device acquires the access password from the SSID of the gateway device.

Abstract: When a portable terminal of a user receives an authentication prompt message pushed by an application server, an authentication prompt option corresponding to the authentication prompt message is output at the portable terminal. A portal authentication is initiated after the authentication prompt option is selected by the user. MAC address information of the portable terminal returned by a portal server is acquired after the portal authentication is initiated. A user name and password for the application client terminal to log into the application server terminal is used as a user name and password for portal authentication. The MAC address information of the portable terminal returned by the portal server is sent to the application server. The present disclosure facilitates the operation of using the portal authentication, prevents the user from forgetting to perform the portal authentication, and brings convenience to those who are not familiar with the portal authentication mechanism.