Abstract: A method and apparatus prevents hacker code from infecting an application program by requiring decryption of the application program prior to running the application program on a computer. The device is preferably a computer system that includes a dongle, or a separate unit that is connected or connectable to the computer. A security program decrypts a first key with a second key stored on the dongle. When a new application is installed the first time on the computer, the security program uses a decrypted first key to encrypt whatever is installed such that the encrypted application program is the only installed version of the application program on any non-transitory computer readable memory accessible by the computer. When a command is given to startup the application program, whatever code is needed for startup is first decrypted using the decrypted first key.

Abstract: A system and method for processing, storage, distribution, and interaction with electronic images created or captured by mobile devices having network communications capabilities, such as smartphones, allows a user whose image-displaying device includes enhanced viewer software to use an image displayed on the image-displaying device as a portal for communication with others who have interacted with the image, including authors and facilitators of the image. Watermarking and security measures are provided to enable source and content verification of a displayed image so that user morphing of imagery can be tracked to maintain stability of image-based interaction and so that malicious imagery tamper can be prevented.

Abstract: A secure information transmitting system and method for personal identity authentication, which, on the basis of a user public key, encrypt and transmit an authentication number transmitted from a server that provides a service to a user to a mobile communication terminal of the user, thereby preventing an unauthorized user who obtained the authentication number from being recognized even if an authentication number is externally exposed through hacking.

Abstract: Methods, systems, apparatuses, and/or computer-readable media for providing device management via application modification may be provided. In some embodiments, a request to perform an action may be received. Upon determining that the action is associated with a metered resource, a further determination may be made as to whether the request complies with at least one management policy. In response to determining that the request complies with the at least one management policy, the requested action may be authorized and/or caused to be performed.

Abstract: Systems and methods for detecting spoofed traffic include determining a first hop count of a first data query from a first transmitting device to a first server, determining a second hop count of a second data query from the first transmitting device to a second server, determining a third hop count of a third data query appearing to be from the first transmitting device to the first server, and determining a fourth hop count of a fourth data query appearing to be from the first transmitting device to the second server. The third and fourth hop counts are compared to the first and second hop counts, respectively. It is determined whether the third hop count differs from the first hop count by more than a predetermined amount.

Abstract: A method and apparatus is provided for the operation of a secure and deduplicated write once read many virtual disk which exceeds the write performance of traditional cryptographic methods. This is achieved through the utilization of a time-memory tradeoff via the empty space on a virtual disk at format time. Traditionally empty space is zeroed to indicate that data is not present. When implementing the apparatus, the empty space is filled with the output of a symmetric-key algorithm uniquely keyed for that specific disk. From an information theoretic point of view, the format operation stores cryptographically structured data, rather than purely redundant data, enabling the write operation that encodes data to be stored on the disk to operate without additional cryptographic computation. This reduced computation requirement for encoding enables the computation required deduplication to operate as if encoding was not being performed, resulting in a net throughput increase.

Abstract: In a liveness detection system, a first set of one or more parameters of a first liveness test is selected at random. The first parameter set is transmitted to a user device available to an entity, thereby causing the user device to perform the first liveness test according to the first parameter set. Results of the first liveness test performed at the user device according to the first parameter set are received form the user device. Results of a second liveness test pertaining to the entity are received. The liveness detection system determines whether the entity is a living being using the results of the liveness tests, the results of the first liveness test being so used by comparing them with the first parameter set.

Abstract: Systems and techniques are provided for trust agents. Trust agents may be enabled. A state determination may be received from each of the enabled trust agents. The state determination may indicate either a trusted state or an untrusted state. The received state determinations may be combined to determine a security state. A security measure may be enabled or disabled based on the determined security state.

Abstract: The present invention relates to a method and a system for providing a cloud-based application security service. The system for providing the cloud-based application security service according to the present invention includes: a client device including a compiler, an execution package composition unit, an uploader, and a downloader; and a cloud device including an execution package decomposition unit, a security library providing unit, a security library application unit, and an execution package recomposition unit, thereby, based on a cloud, providing convenience in security application and rapid action against hacker attacks.

Abstract: Example implementations relate to a database and a data stream query. For example, a computing device may include a processor. The processor may receive a query associated with at least one of a database and a buffer storing streamed data from a data stream, where the database stores database data previously stored in the buffer. The processor may identify at least one postponed command relevant to the query, the at least one postponed command being associated with at least one of the database data and the streamed data. The processor may generate a modified query based on the query and the at least one postponed command, the modified query being a modification of the query to account for the at least one postponed command. The processor may process the modified query and provide a query result of the query based on the modified query being processed.

Abstract: Embodiments of this disclosure are directed to an execution profiling handler configured for intercepting an invocation of memory allocation library and observing memory allocation for an executable application process. The observed memory allocation can be used to update memory allocation meta-data for tracking purposes. The execution profiling handler can also intercept indirect branch calls to prevent heap allocation from converting to execution and intercept exploitation of heap memory to block execution.

Abstract: Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.

Abstract: An apparatus according to the present disclosure may comprise a secure zone configured to execute a task having a subtask. The task and subtask may have respective executable code and may be digitally signed by respective code providers. The secure zone may be further configured to apply respective sets of permissions while the respective executable code of the task and subtask are executed. The respective set of permissions for the task may be based on at least one of information associated with the signed task and information in a digital certificate of the respective code provider for the task. The respective set of permissions for the subtask may be based on at least one of information associated with the signed subtask and information in a digital certificate of the respective code provider for the subtask.

Abstract: One or more embodiments of the disclosure include systems and methods that generate and utilize digital visual codes. In particular, in one or more embodiments, the disclosed systems and methods generate digital visual codes comprising a plurality of digital visual code points arranged in concentric circles, a plurality of anchor points, and an orientation anchor surrounding a digital media item. In addition, the disclosed systems and methods embed information in the digital visual code points regarding an account of a first user of a networking system. In one or more embodiments, the disclosed systems and methods display the digital visual codes via a computing device of the first user, scan the digital visual codes via a second computing device, and provide privileges to the second computing device in relation to the account of the first user in the networking system based on the scanned digital visual code.

Abstract: Various multiple methods of data transport, and combinations thereof, may be used to initialize or update conditional access information on various devices. In an integrated device having both a broadcast receiver, such as an SDARS receiver, and a two-way communications transceiver, such as an LTE, 3G, 4G or 5G modem, or the like, conditional access information for the broadcast receiver may be sent to the transceiver, and then passed to the broadcast receiver, or vice versa. Additionally, for example, the broadcast receiver may be sent, over the broadcast communications channel, a “wake-up” message for the two-way transceiver, which message may then be passed to the two-way transceiver, so as to make it ready to receive conditional access information over the two-way communications channel, or vice versa.

Abstract: A method includes: displaying, by a second device, prompt information, where the prompt information is used to inform a user that a task executed on a first device may be handed off to the second device for execution; receiving, by the second device, a first operation of the user, and collecting a fingerprint used when the user performs the first operation, where the first operation is used to request execution of the task on the second device; acquiring, by the second device, first fingerprint information and second fingerprint information by using the first device; calculating, by the second device according to the fingerprint used when the user performs the first operation and the first fingerprint information, third fingerprint information; and executing, by the second device, the task when the third fingerprint information matches the second fingerprint information.

Abstract: Systems and methods implemented in a cloud node in a cloud based security system for network access control of a mobile device based on multidimensional risk profiling thereof include receiving posture data from the mobile device; determining a device fingerprint and a risk index of the mobile device based on the posture data; and, responsive to a request by the mobile device for network resources through the cloud based security system, performing a multidimensional risk analysis based on the device fingerprint and the risk index and allowing or denying the request based on the multidimensional risk analysis.

Abstract: When a user enters a resource provider location with a portable communication device, the portable communication device provides an indication to a transaction processing system that the portable communication device is currently at the resource provider location. At a later time when the user conducts a transaction with a portable transaction device, the fact that the user's portable communication device had been detected at the resource provider a short time ago is taken into account as a positive indicator that the transaction is not fraudulent. By verifying that both the portable communication device and the portable transaction device are present at the resource provider, the risk of approving a fraudulent transaction from a stolen portable transaction device can be reduced.

Abstract: Embodiments include identifying, at a logical path node, a first logical path and a second logical path; executing, by a processor implemented at least partially in hardware, a first set of instructions to follow the first logical path; storing, in a memory, a first set of information obtained from following the first logical path; evaluating, by a malware handler module implemented at least partially in hardware, the first set of information for malware; restoring, from the memory, environmental data for the first logical path node; executing, by the processor, a second set of instructions to follow the second logical path; storing, in a memory, a second set of information obtained from following the second logical path; and evaluating, by the malware handler module, the second set of information for malware.

Abstract: Systems and methods for efficient downloading and rendering of a web page on a network connected processing device are provided. A per-page manifest specifies a list of blocked resources specific to the web page is provided. When a page is requested by the network connected processing device, blocked resources defined in the manifest are not retrieved via the network and hence not rendered by the processing device. Manifests are defined on a per-page basis. In one embodiment, manifests are created or retrieved with each request.