Abstract: Devices and methods for managing a communications network include using USB keys to provision and management components in the network by having the network component establish a connection to a network administrator device, such as a laptop, PDA, or desktop workstation. A first USB key is used to provision a network component so that it has the necessary security information to interact with a second USB key, used to enable actual management of the component. Once the component has the security information, the second USB key is inserted and certain callback data are made available to the component. It uses this data to make a “call” or connection to an administrator's device. The callback data may be an IP address of the device, an e-mail address, VoIP data, instant messaging data, dial-up data, and so on. Once the connection, initiated and established by the network component, is made the administrator can begin managing the component.

Abstract: Secure services and hardware on a mobile device are disabled if it is detected that software in the untrusted domain, such as the operating system, has been hacked or tampered with. Mobile devices often have rich, unprotected operating systems which are vulnerable to hacking, especially from execution of one or more apps. These apps are separated from secure services on the device, such as e-wallet services, NFC functionality, camera, enterprise access, and the like, and the present invention ensures that tampering with code in the untrusted domain or operating system does not affect these and other secure services. If tampering in the untrusted space is detected, the secure services and possible hardware on the device are shutdown or disabled. The extent of this disablement may depend on various factors, such as use of the device, type of device, context in which device is used (e.g., military, enterprise).

Abstract: A mobile device, such as a smartphone or a laptop, connects to a network based on the available bandwidth (throughput) of the network rather than on signal strength. The device may send a request containing the device's location to a service provider who has data on networks in the device's location and specifically on bandwidth or pipe performance. This data is used to determine which network in the area would be best to connect to. The network may be a network that does not necessarily have the highest signal strength (often shown as bars on a handset device). The service provider can cause the device to transition to the network having the higher bandwidth. It can also direct the user so that blackout areas are avoided using the network data maintained by the provider. The provider uses testers to obtain current bandwidth data of networks.

Abstract: Methods and systems for propagating data security policies and rules up a chain of network components, for example, from an end-user device having a firewall, to a network component at the “edge” of the network, from where a policy statement can be transmitted to a service provider are described. A device, such as a computer or mobile phone, has, as part of its firewall software, a policy propagation file, that communicates with pre-existing firewall software. The firewall software creates a policy statement upon detecting a triggering event, which is transmitted from the device to the next data security component up the chain, “upstream,” in the network. The firewall server may combine policy statements from numerous end-user type devices and transmit the policy statement to an external network component. The ISP or other service provider may then use the policy statement to implement data security rules for the devices in the network.

Abstract: Methods and systems for preventing an application which has been maliciously or inadvertently tampered with from causing harm to a computer system are described. Application code of the tampered application is inputted into a code analyzer. The code is analyzed and functions within the application code are identified and examined. Multiple profiles are created and each identified function is assigned a profile. A profile may be a description of how a function is intended to operate, that is, the function's expected behavior. Multiple replacement functions are created using a first set of functions, where each function is called by the identified functions and a second set of functions where each function in the second set calls the identified function. Calls between functions are examined and a called function is replaced with a replacement function, such that a call to an original function results in a call to the replacement function.

Abstract: A method, system and apparatus is provided for embedded patch management. In one embodiment, a method is provided. The method includes receiving a call to a code module. The method further includes checking a guardian stack for indications of authorization. The guardian stack is separate from an execution stack. The method also includes passing the call to an internal code module. Moreover, the method includes executing the code module.

Abstract: A method apparatus and system for hardware acceleration for large volumes of channels is described. In an embodiment, the invention is a method. The method includes monitoring an inbound queue for hardware jobs. The method further includes detecting an interrupt from a hardware component. The method also includes transferring a job from the inbound queue to the hardware component. The method may further include transferring a completed job from the hardware component to an outbound queue. The method may also include providing an indication of completion of a job in an outbound queue.

Abstract: Devices and methods for managing a communications network include using USB keys to provision and management components in the network by having the network component establish a connection to a network administrator device, such as a laptop, PDA, or desktop workstation. A first USB key is used to provision a network component so that it has the necessary security information to interact with a second USB key, used to enable actual management of the component. Once the component has the security information, the second USB key is inserted and certain callback data are made available to the component. It uses this data to make a “call” or connection to an administrator's device. The callback data may be an IP address of the device, an e-mail address, VoIP data, instant messaging data, dial-up data, and so on. Once the connection, initiated and established by the network component, is made the administrator can begin managing the component.

Abstract: Methods and systems for propagating data security policies and rules up a chain of network components, for example, from an end-user device having a firewall, to a network component at the “edge” of the network, such as a so-called “edge” firewall server, from where a policy statement can be transmitted to a service provider, such as an ISP, are described. A device, such as a computer or mobile phone, has, as part of its firewall software, a policy propagation file, that communicates with pre-existing firewall software. The firewall software creates a policy statement upon detecting a triggering event, which is transmitted from the device to the next data security component up the chain, “upstream,” in the network. In some cases this device may be a firewall server or a firewall policy server. The firewall server may combine policy statements from numerous end-user type devices and transmit the policy statement to an external network component, such as an ISP firewall server or similar device.

Abstract: A method apparatus and system for hardware acceleration for large volumes of channels is described. In an embodiment, the invention is a method. The method includes monitoring an inbound queue for hardware jobs. The method further includes detecting an interrupt from a hardware component. The method also includes transferring a job from the inbound queue to the hardware component. The method may further include transferring a completed job from the hardware component to an outbound queue. The method may also include providing an indication of completion of a job in an outbound queue.

Abstract: The present invention teaches a variety of methods and systems for utilizing a USB provisioning device to provision a new device. One aspect teaches receiving control of a new device coupled to a USB provisioning device and connecting the USB provisioning device through a network connection to a server. Then the USB provisioning device automatically provisions the new device responsive to information related to the device and information related to the server and relinquishes control of the new device. A USB provisioning device according to another aspect includes an instant messaging client, a provisioning script, and an identifier of the USB provisioning device.

Abstract: A software package comprising a variable describing a state of a device, the variable having an assigned name, a mapping module including a mapping between the assigned name and a routine, wherein the routine accesses the variable and a dynamic receiving module receiving and storing, without recompiling the software package, a correlation between a common name for the variable and the assigned name, a request, including the common name of the variable being fulfilled by consulting the stored correlation. Further, a software package operating on a device comprising a reading module to read software code in a file, the software code including a correlation between a common name and an assigned name for a variable and a dynamic correlation module receiving the correlation from the reading module and storing, without recompiling the software package, the correlation.