Abstract: Examples are disclosed for techniques for wireless docking. According to some embodiments, a mobile device may scan for an available docking device, for example a device with one or more I/O devices such as a display. The mobile device may automatically establish a secure wireless link with the docking device, for example, if the docking device is known to the mobile device. However, I/O services to be provided by the docking device are not activated. Instead, the docking device will prompt a user for identification data. If the identification data passes verification, the I/O services may be activated. According to some embodiments, the identification data obtained by the docking device may also be used to wake the mobile device, to login to the mobile device, and/or to unlock the mobile device for user access.

Abstract: In an ad hoc peer-to-peer type network during peer discovery, information relating to users of various devices is broadcast to other devices in the network, which can compromise privacy of the users. Instead of announcing a public identifier that might be known by a multitude of individuals, the user device announces a private identifier that might be known to, or determined by, a select few individuals. The individuals selected can be given a key to determine the private identifier associated with a public identifier, or vice versa, wherein that key can have a validity range or a period of time, after which the key expires. Prior to the expiration of the key, the selected individuals, through their respective devices, can detect a corresponding user and/or device by the current private identifier being announced, thus mitigating the number of people that are aware of the user's presence.

Abstract: Embodiments of a polyethylene polymer blend having a melt index (I2)<2 g/10 min are provided, wherein the polyethylene polymer blend comprises at least about 50% by wt. of at least one high density polyethylene resin (HDPE) having a density ?0.950 g/cm3, a melt index (I2)<4 g/10 min; a melt flow ratio (I10/I2)?9, and a molecular weight distribution (MWD) of about 2 to about 5; and further comprises about 1% to about 20% by wt. of at least one low density polyethylene resin (LDPE) having a density ?0.930 g/cm3, a melt index (I2) of about 0.1 to about 10 g/min, and an MWD>3.

Abstract: During a data protection operation, a system exploits a virtual hierarchy to centralize the configuration and management of operating system credentials of numerous virtual guests. For each virtual guest, the system uses the credential to collect a single Globally Unique Identifier (GUID) previously generated and stored in-guest by any data protection agent. The system stores the collected GUID as a custom property in the context of the virtual hierarchy. The system also exploits the virtual hierarchy custom properties to determine if GUIDs are copies due to virtual guest replication. The system ensures GUID uniqueness by requesting regeneration of the GUID by in-guest data protection agents. Using GUIDs that are unique across the virtual hierarchy, the system can correlate application data of multiple in-guest data protection agents.

Abstract: In a general aspect, pseudorandom integers are generated for use in a cryptographic protocol. In some aspects, a first plurality of digits are obtained and converted to a second plurality of digits. The first plurality of digits (e.g., bits) represent an integer in a first number system (e.g., binary), and the second plurality of digits (e.g., trits) represent the integer in a second number system (e.g., trinary). A plurality of integers in the first number system are generated based on the second plurality of digits, and an array of integers is produced. Each integer in the array is less than a modulus, and the array includes the plurality of integers. The array of integers can be used in a lattice-based cryptographic protocol.

Abstract: Various embodiments include one or more of systems, methods, software, and data structures for validating a digital signature, wherein common information in a certification chain is maintained in one entry of a Document Secure Store (DSS). The DSS separates the Long Term Validation (LTV) information from the digital signature, allowing amendment of and addition to the LTV information in the DSS after a digital signature is applied to a document.

Abstract: A computing device may receive netflow data that includes information corresponding to network-side activity associated with a target device. The computing device may evaluate the netflow data based on a netflow signature to identify potentially malicious activity. The netflow signature may include information corresponding to two or more network events occurring in a particular order. The computing device may report, to another computing device, that potentially malicious activity, corresponding to the network data, has been detected based on the evaluation of the netflow data.

Abstract: A system, method, and computer-readable medium for reporting sensor data over a communication network are provided. A data reporting instruction that identifies at least one of a sensor or a data reporting technique is received from a trust mediator over a communication network. The data reporting instruction is based at least in part on an identified risk. Sensor data is obtained from the sensor, and the sensor data is transmitted to the trust mediator over the communication network based on the data reporting technique.

Abstract: A sandbox tool can create and maintain multiple isolated execution environments, simultaneously. The sandbox tool can assign a unique security label to each isolated execution environment. In order to ensure the security labels are unique, the sandbox tool, for each security label, can bind a communication socket in an abstract name space of the operating system with a name that is the same as the security label. If the operating system returns an error that the name for the communication socket is already in use, the sandbox tool can determine that the security label is already in use by another isolated execution environment or other process.

Abstract: A method and apparatus for managing security for a connection between a user device and a communications network comprising at least one base station and a core network is provided. The method includes processing, at the core network, the security capability information for the user device and the security capability information for the first base station to select a plurality of preferred security policies for a connection between the user device and the first base station. The method also includes transmitting the selected plurality of preferred security policies to the first base station as a list of preferred security policies from which said base station can select a security policy.

Abstract: The present invention is directed towards systems and methods for managing SSL session persistence and reuse in a multi-core system. A first core may indicate that an SSL session established by the first core is non-resumable. Responsive to the indication, the core may set an indicator at a location in memory accessible by each core of the multi-core system, the indicator indicating that the SSL session is non-resumable. A second core of the multi-core system may receive a request to reuse the SSL session. The request may include a session identifier of the SSL session. In addition, the session identifier may identify the first core as an establisher of the SSL session. The second core can identify from encoding of the session identifier whether the second core is not the establisher of the SSL session. Responsive to the identification, the second core may determine whether to resume the SSL session.

Abstract: A system may be configured to allow for network-based authentication of a user device, which may reduce or eliminate the need for a user to provide credentials. The authentication may be performed when the user device attempts to access content provided by a third party content provider. The network-based authentication may be performed by, or in conjunction with, a device that (a) is associated with the same telecommunications network as the user device, and (b) can authenticate the identity of the user device.

Abstract: A hotspot provides an open wireless network and a secure wireless network. The open wireless network has no network-level encryption and allows open association therewith. The secure wireless network employs network-level encryption and requires authentication of a received access credential from a client device before allowing association therewith. A system for authorizing the client device for secured access at the hotspot includes an access controller configured to establish an encrypted connection between the client device and a login portal of the hotspot over the open wireless network, and to store a user-specific access credential transmitted via the encrypted connection as a valid access credential in a credential database. The credential database is accessed by wireless access points of the hotspot to authenticate the received access credential from the client device in response to a request from the client device to associate with the secure wireless network.

Abstract: Systems and apparatus disclosed herein provide for a tamper resistant electronic device. The electronic device can include a circuit board, a shell, an anti-tamper material, a memory, one or more sensors, and tamper responsive electronics. The one or more sensors can be configured to sense when the shell moves away from the circuit board. The anti-tamper material can be integrated into the first portion of the shell and disposed to protect the memory, one or more sensors, and the tamper responsive electronics. The tamper responsive electronics on the circuit board can be coupled to the anti-tamper material and the one or more sensors, and can be configured to zeroize data in the memory if tampering is sensed by the anti-tamper material or if one or more of the one or more sensors sense the shell has moved away from the circuit board.

Abstract: A host providing system includes a physical host network switch which determines permission and non-permission of communication on the basis of whether or not information pieces indicating users correlated with information indicating a transmission source and information indicating a transmission destination included in communication data from a physical instance match each other, and controls the communication data on the basis of a determination result. Accordingly, since only communication between instances of the same user is permitted, and thus communication from a physical instance is appropriately controlled, it is possible to ensure security in the system.

Abstract: In various embodiments, a circuit arrangement is provided. The circuit arrangement may include a detection circuit, which is designed to detect light attacks on the circuit arrangement; a processing circuit, which is designed to initiate a current flow through a line for each light attack detected by the detection circuit; and a control circuit, which is designed to enable functioning of a component of the circuit arrangement depending on the conducting state of the line.

Abstract: A challenge manipulation and restoration capability is provided for use during network authentication. A mobile device (MD) and a subscriber server (SS) each have provisioned therein a binding key (B-KEY) that is associated with a subscriber identity of a network authentication module (NAM) of the MD. The SS obtains an authentication vector (AV) in response to a request from a Radio Access Network (RAN) when the MD attempts to attach to the RAN. The AV includes an original authentication challenge parameter (ACP). The SS encrypts the original ACP based on its B-KEY, and updates the AV by replacing the original ACP with the encrypted ACP. The MD receives the encrypted ACP, and decrypts the encrypted ACP based on its B-KEY to recover the original ACP. The MD provides the original ACP to the NAM for use in computing an authentication response for validation by the RAN.

Abstract: A method is disclosed that includes registering an application with a security information technology element (ITE), where the security ITE includes a secure computing device located within a protection envelope and configured to provide security services for one or more applications. The security ITE also provides a secure processing environment for hosting applications, and includes cryptographic services and hardware acceleration. A security manager within the security ITE is configured to erase data within the protection envelope upon detecting physical tampering.

Abstract: Markup language security messages are processed. A template corresponding to a markup language security message is identified. The markup language security message is parsed for variable values using the template. A transition sequence is generated that represents the entire markup language security message. Each transition in the transition sequence is associated with a portion of the markup language security message. A lightweight data model of the markup language security message is populated using the transition sequence. The lightweight data model includes nodes for the variable values and a set of selected constant values.

Abstract: Systems and methods for virtualization and emulation assisted malware detection are described.