Abstract: A method for improving security of peripheral devices is described. The method includes displaying, by a processor of a computing device, a code, receiving, by the processor, a user input after displaying the code, comparing, by the processor, the user input to the displayed code, and establishing, by the processor, secure communication between a peripheral device and a software application at the computing device based at least in part on a result of the comparing the user input to the displayed code.

Abstract: Methods, systems, and devices for protecting against abnormal computer behavior are described. The method may include monitoring a computer process related to an application running on a computing device of one or more computing devices, analyzing a database including a set of digital fingerprints, where a digital fingerprint of the set of digital fingerprints relates to the application, the digital fingerprint including an indication of a set of computer processes related to the application that are classified as normal computer processes for the application, determining that the computer process related to the application is an abnormal computer process based on analyzing, and performing a security action on the computing device to protect the computing device against the abnormal computer process based on the determining.

Abstract: The disclosed computer-implemented method for managing endpoint security states using passive data integrity attestations may include (i) receiving passively collected network data from an endpoint device of a computing environment, (ii) determining a security state of the endpoint device using the passively collected network data from the endpoint device, (iii) determining that the security state of the endpoint device is below a threshold, and (iv) in response to determining that the security state of the endpoint device is below a threshold, performing a security action to protect the computing environment against malicious actions. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for creating program-specific execution environments may include (1) identifying a privileged software program to be executed on a client system in a program-specific execution environment, (2) establishing the program-specific execution environment by (a) determining that at least one process executing on the client system is not essential to operation of the privileged software program to be executed on the client system and (b) suspending execution of the non-essential process in response to identifying the non-essential process, and (3) initiating execution of the privileged software program in the program-specific execution environment. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Bringing a non-isolated computer application into an isolation layer with an isolated computer application. In one embodiment, a method may include isolating a first computer application by executing the first computer application as a virtualized first computer application in an isolation layer. The method may also include receiving a request, from the virtualized first computer application, to share a computer object with a second computer application that is not executing in the isolation layer. The method may further include, in response to the receiving of the request, several acts. These acts may include executing, in real-time, at least a portion of the second computer application as a virtualized second computer application in the isolation layer. These acts may also include creating a virtualized computer object based on the computer object in the isolation layer. These acts may further include sharing the virtualized computer object in the isolation layer.

Abstract: The disclosed computer-implemented method for managing security programs may include (i) identifying a security program configured to analyze files on a client device to detect malicious files, (ii) determining a result the security program would report for an analysis of a file on the client device, (iii) intercepting an attempt by the security program to analyze the file, and (iv) determining, based on the result the security program would report for the analysis of the file, whether to permit the security program to analyze the file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for providing secure memory may include reserving, by a hypervisor stored in a memory device of the computing device, a portion of the memory device as a secure memory during a boot sequence of the computing device and preventing access to the secure memory by an operating system (OS). The method may include receiving a request for secure memory by an application and reserving a portion of the secure memory for the application. The method may include authenticating the application to access the reserved portion of the secure memory, and allowing the authenticated application to access the reserved portion of the secure memory. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for improving security of peripheral devices is described. In one embodiment, the method includes sending, by a processor of a peripheral device, at least one packet of data to an operating system of a computing device, identifying, by the processor, execution of a software application on the computing device, performing, by the processor, a handshake protocol between the secure input device and the software application based at least in part on the execution of the software application, and establishing, by the processor, a secure session over a secure channel between the secure input device and the software application based at least in part on the handshake protocol. In some cases, the at least one packet of data identifies the peripheral device to the operating system as two or more peripheral devices such as a default input device and a secure input device.

Abstract: The disclosed computer-implemented method for detecting and addressing suspicious file restore activities may include (i) detecting a restore activity during which files are restored to a client device from a previously stored backup of the files, (ii) determining that a total number of the files restored during the restore activity exceeds a threshold number, and (iii) performing, based on the total number of the files exceeding the threshold number, a security action to protect the client device from a malicious threat associated with the restore activity. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Bringing a non-isolated computer application into an isolation layer with an isolated computer application. In one embodiment, a method may include isolating a first computer application by executing the first computer application as a virtualized first computer application in an isolation layer. The method may also include receiving a request, from the virtualized first computer application, to share a computer object with a second computer application that is not executing in the isolation layer. The method may further include, in response to the receiving of the request, several acts. These acts may include executing, in real-time, at least a portion of the second computer application as a virtualized second computer application in the isolation layer. These acts may also include creating a virtualized computer object based on the computer object in the isolation layer. These acts may further include sharing the virtualized computer object in the isolation layer.

Abstract: A computer-implemented method for securing computing devices against imposter processes may include (1) identifying a process that is subject to a security assessment, (2) determining, based on comparing an attribute of the process to an attribute of a legitimate process, that the process comprises an imposter process of the legitimate process, (3) determining that a file may have been created by the imposter process, and (4) determining a security action for the file in response to determining that the file has been created by the imposter process. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for sharing the results of malware scans within networks may include (1) identifying a set of files stored on a set of client devices within a network, (2) obtaining a set of copies of the files stored on the client devices within the network, (3) performing a malware scan on the copies of the files, (4) generating a result of the malware scan performed on the copies of the files, and then (5) sharing the result of the malware scan with at least a subset of the client devices within the network to enable the subset of client devices to use the result of the malware scan instead of each performing an additional malware scan that is at least partially redundant to the malware scan performed on the copies of the files. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Operating methods of an array of electromechanical pixels resulting in efficient and reliable operation of light modulating elements. The invention simplifies the design of electromechanical light modulators and permits the construction of large size displays with greater mechanical tolerances on glass substrates.

Abstract: A display including a light source for generating light, an optical waveguide for receiving and evenly distributing light in a light propagation direction by total internal reflections and a matrix of electromechanical picture elements for modulating light to produce an image.

Abstract: A gas discharge addressed display comprising a matrix of micro-mechanical picture elements with optical properties.

Abstract: A computer-implemented method includes identifying a file and calculating a first identifier for the file. The method may also include identifying a first malware identifier that is associated with a first malware program. The method may further include comparing the first file identifier with the first malware identifier to determine whether the file comprises the first malware program. The method may include saving the first file identifier in a manner that allows the first file identifier to be retrieved for comparison with a second malware identifier. The second malware identifier may be associated with a second malware program. Various other methods and systems are also disclosed herein.

Abstract: Opportunistically locked files are accessed in real-time from a kernel mode file system filter driver without breaking opportunistic locks. A file system is monitored, and the granting of an opportunistic lock to a specific file object referring to a specific underlying file is detected. The granting of the detected opportunistic lock results in both the file object and the underlying file being opportunistically locked. A reference to the opportunistically locked file object is cached. The file system filter driver filters a request to access the opportunistically locked file via a second file object which is not opportunistically locked. The kernel mode file system filter driver uses the cached reference to access the opportunistically locked underlying file. This enables access of the opportunistically locked file from the kernel mode file system filter driver without breaking the opportunistic lock.

Abstract: A display including a light source for generating light, an optical waveguide for receiving and evenly distributing light in a light propagation direction by total internal reflections and a matrix of electromechanical picture elements for modulating light to produce an image.

Abstract: A computer-implemented method for determining, in response to an event of interest, whether to perform a real-time file scan by examining the full context of the event of interest may comprise: 1) detecting an event of interest, 2) identifying at least one file associated with the event of interest, 3) accessing contextual metadata associated with the event of interest, 4) accessing at least one rule that comprises criteria for determining, based on the event of interest and the contextual metadata, whether to perform a security scan on the file, and then 5) determining, by applying the rule, whether to perform the security scan on the file. Corresponding systems and computer-readable media are also disclosed.

Abstract: A back-light assembly for uniformly illuminating large area displays. The back-light assembly includes a uniformly thin waveguide, a reflector and a plurality of light sources evenly distributed along the display area between the waveguide and the reflector. Prismatic facets are provided along the lower surface of the waveguide for effectively coupling light emitted from light sources into the waveguide.