Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.

Abstract: A recovery mechanism is provided for split-server passcode verification systems. An exemplary server-centric recovery scheme enables the system to respond to authentication attempts even if an authentication server is unavailable. The exemplary server-centric recovery scheme allows a periodic exchange of encrypted partial secret states among the authentication servers. Recovery occurs by allowing the decryption of the encrypted partial secret state that corresponds to the server that is unresponsive. An exemplary token-centric recovery scheme comprises determining that a first authentication server is unavailable; applying an authentication mechanism to a message requesting a token to change to a new split-state mode; and sending the authenticated message to the token.

Abstract: A method and an apparatus for filtering a uniform resource locator (URL). According to the method, a first category corresponding to a URL connection request can be found in a pre-stored category information table; when the first category conforms to a predetermined URL passing through policy, the URL connection request is allowed to pass through; the URL connection request is forwarded to a corresponding server; a second category corresponding to a URL is determined according to web page content returned by the server; if the second category conforms to the predetermined URL passing through policy, the web page content is sent to a client; if the second category does not conform to the predetermined URL passing through policy, the web page content is blocked. A category to which a URL belongs can be determined in real time, and implementing a function of accurate category filtration.

Abstract: A wireless computing device includes an antenna that is configured to transmit and receive wireless signals. The wireless computing device comprises a transmitter component that causes a first wireless signal to be transmitted to a wireless access point via the antenna, wherein the first wireless signal comprises a request for a location proof, wherein the request for the location proof comprises data that identifies the wireless computing device, and wherein the location proof comprises data that is indicative of a geographic location of the wireless access point. The system also includes a receiver component that receives, via the antenna, a second wireless signal from the wireless access point, wherein the second wireless signal is received by the receiver component subsequent to the transmitter component causing the first wireless signal to be transmitted to the wireless access point.

Abstract: A fingerprinting method. For each round in a series of rounds: providing to each receiver in a set of receivers a version of a source item of content, the source item of content corresponding to the round. For the round there is a corresponding part of a fingerprint-code for the receiver, the part includes one or more symbols. The version provided to the receiver represents those one or more symbols. One or more corresponding symbols are obtained from a suspect item as a corresponding part of a suspect-code. For each receiver in the set of receivers, a corresponding score that indicates a likelihood that the receiver is a colluding-receiver is updated.

Abstract: Techniques for protecting digital content in a storage device from pirate and illegal use are described. According to one aspect of the techniques, a method for protecting digital content stored in a storage device from illegally accessing by a host, comprises: exchanging data between the storage device and the host to achieve a mutual authentication between the storage device and the host; disabling an encryption/decryption module in the storage device to prohibit the host from reading out the digital content decrypted by the encryption/decryption module until the authentication of the storage device to the host passes; and disabling the host to prohibit the host from reading out the digital content decrypted by the encryption/decryption module if the authentication of the host to the storage device fails. Thereby, pirate and illegal use of the digital content stored in the storage device are effectively prevented or decreased.

Abstract: A micro-virtualization architecture deploys a threat-aware microvisor as a module of a virtualization system configured to facilitate real-time security analysis, including exploit detection and threat intelligence, of operating system processes executing in a memory of a node in a network environment. The micro-virtualization architecture organizes the memory as a user space and kernel space, wherein the microvisor executes in the kernel space of the architecture, while the operating system processes, an operating system kernel, a virtual machine monitor (VMM) and its spawned virtual machines (VMs) execute in the user space. Notably, the microvisor executes at the highest privilege level of a central processing unit of the node to virtualize access to kernel resources. The operating system kernel executes under control of the microvisor at a privilege level lower than a highest privilege level of the microvisor. The VMM and its spawned VMs execute at the highest privilege level of the microvisor.

Abstract: The invention relates to the provision of virus scanning capabilities in a network environment. Optimum use is made of a plurality of virus scanners by inspecting content passed over the network to identify which of the scanners is most suitable for that content. The content is then passed to the appropriate scanners in dependence on the results of the inspection.

Abstract: A method of securely communicating a message for a financial transaction from a first correspondent to one or more recipients. The method comprises dividing the message into at least two portions. Each portion is intended for a recipient. Each portion intended for receipt by one of the recipients is encrypted with that recipient's public key. The message is signed and transmitted to one of the recipients to enable the recipient to verify the message and further transmit the message to a further recipient.

Abstract: A method and an electronic device for protecting data for a first electronic device with a data transmission interface are provided. A basic I/O system of the first electronic device is provided with a verification program for verifying a second electronic device. The method includes: loading the verification program into a memory of the first electronic device; verifying the second electronic device to acquire a verification result by the memory running the verification program via the memory; disabling the data transmission interface to cause the second electronic device to be unable to perform data transmission with the first electronic device by the data transmission interface in a case that the verification result indicates that the second electronic device is not a valid device.

Abstract: Technologies for securing an electronic device include trapping an attempt to access a secured system resource of the electronic device, determining a module associated with the attempt, determining a subsection of the module associated with the attempt, the subsection including a memory location associated with the attempt, accessing a security rule to determine whether to allow the attempted access based on the determination of the module and the determination of the subsection, and handling the attempt based on the security rule. The module includes a plurality of distinct subsections.

Abstract: A system controls access to a group of media items. A client device is operable by a user. A media server is coupled to at least one media data source, wherein the at least one media data source stores one or more media items for supply, by the media server, to the client device over a network. An authorization server is coupled to an authorization data source. The authorization data source stores data identifying a group of media items of fixed group size N that are accessible by the user, each media item in said group having a different associated availability parameter value indicating a number of time periods M within which access to the media item is available, wherein the authorization server is arranged to authorize the media server to supply a media item to the client device if said media item belongs to the group of media items.

Abstract: A method, non-transitory computer readable medium, and device that identifies network traffic characteristics to correlate and manage one or more subsequent flows includes transmitting a monitoring request comprising one or more attributes extracted from an HTTP request received from a client computing device and a timestamp to a monitoring server to correlate one or more subsequent flows associated with the HTTP request. The HTTP request is transmitted to an application server after receiving an acknowledgement response to the monitoring request from the monitoring server. An HTTP response to the HTTP request is received from the application server. An operation with respect to the HTTP response is performed.

Abstract: A method for monitoring a malicious attribute of a webpage is disclosed. The method includes the following steps: acquiring webpage query requests submitted by a plurality of clients; crawling a webpage based on the webpage query requests and acquiring crawled webpage contents; counting up a referenced value of a URL based on the webpage contents; calling a predetermined detection program to detect a malicious attribute of the URL based on the a referenced value of the URL. The accuracy of detection can be improved by using the method for monitoring a malicious attribute of a webpage provided in the present disclosure. Furthermore, a system for monitoring a malicious attribute of a webpage is further disclosed.

Abstract: In a verification apparatus, a biometric information acquisition unit acquires a plurality of biometric information pieces from an object. A first verification unit calculates, as a verification score, the similarity between the biometric information piece and a verification information piece, and compares the calculated verification score with a first determination value to determine whether the biometric information piece matches the verification information piece. When the verification fails, a second verification unit performs verification on the plurality of biometric information pieces having a predetermined relationship, using the verification information piece and a second determination value which defines a less stringent criterion than the first determination value.

Abstract: A method and a system for distributing an encryption key for service protection and content protection in a mobile broadcasting system are provided where a network generates a first encryption key when a broadcasting service is first provided to the terminal, and transmits a long term key message including the generated first encryption key to the terminal. Also, the network generates a second encryption key before the lifetime of a first access value pair expires, and transmits a long term key message including the generated second encryption key to the terminal.

Abstract: Location data that corresponds to one or more user devices each associated with a user may be obtained. Based on the location data, the particular location of a user may be determined. Similarities between various users may be identified when it is determined that those users have visited the same locations. Upon at least two users visiting a threshold amount of the same locations, one or more recommendations may be provided to the users, whereby the recommendations relate to places that those users have yet to visit. In addition, the users may have the opportunity to reveal information about themselves to other users, while maintaining their anonymity. As a result, the users may meet people and learn about new places that are likely to be of interest to those users.

Abstract: Systems and methods for managing digital rights settings are provided. In some aspects, the systems and methods described include receiving user input including an order for obtaining access rights to a media asset. Control circuitry determines whether the media asset is associated with a first package of media assets. The control circuitry cross-references a database of user order history to determine whether the user has obtained access rights for each media asset in the first package of media assets. If the user has obtained access rights for each media asset in the first package of media assets, the control circuitry generates digital rights settings for each media asset in the first package of media assets to enable the user to create a mashup. The mashup includes portions of at least one media asset in the first package. The control circuitry generates a display based on the digital rights settings.

Abstract: A method and apparatus for authorizing a host to access a portable storage device and a method and apparatus of providing information for authorizing a host to access a portable storage device. The method includes: verifying integrity of host software requesting to transmit data; determining whether the host is authorized to access the portable storage device; and determining whether the host software is authorized to access the portable storage device. Accordingly, user information may be stored on the portable storage device and moved with security.

Abstract: The subject disclosure is directed towards automated, static analysis-based program code processing that detects unprotected resource accesses by applications, that is, those that do not provide proper opt-in consent dialogs (prompts). In one aspect, consent prompt code is automatically inserted into the program code to protect such unprotected access points. Also described are program representation graph construction and processing, a dominator node-based approach to determine placement points for inserting consent prompt code, and a backward search-based approach for inserting consent prompt code.