Abstract: Provided are a data processing method and apparatus applied to a target device in which a Linux operating system is running. A first program is deployed in the Linux operating system. The method includes: loading a target loading and invasion machine into a first memory space of the first program, and creating, in the first memory space, a second memory space for the target loading and invasion machine, where the second memory space is simply available to the target loading and invasion machine and to a program loadable by the target loading and invasion machine; configuring a second runtime environment for a second program, where the second runtime environment is isolated from a first runtime environment of the first program; and loading the second program into the second memory space based on the second runtime environment, and running the second program in a threaded manner.

Abstract: A data processing method, applied to a target device in which a Linux operating system is running. A first program is deployed in the Linux operating system. The method includes: loading a target loading and invasion machine into a first memory space of the first program, and acquiring a vulnerability repair library for the first program through the target loading and invasion machine; creating, in the first memory space, a second memory space for the target loading and invasion machine, and configuring a second runtime environment isolated from a first runtime environment of the first program; and loading the vulnerability repair library in the second memory space based on the second runtime environment, and performing a vulnerability repair on the first program by using the vulnerability repair library.

Abstract: Establishing inter-device communication is disclosed including receiving, using a first device, an encrypted session key sent by a second device, decrypting, based on a private key of the first device, the encrypted session key in a trusted environment to obtain a decrypted session key, and conducting, based on the decrypted session key, data communications with the second device.

Abstract: Establishing inter-device communication is disclosed including receiving, using a first device, an encrypted session key sent by a second device, decrypting, based on a private key of the first device, the encrypted session key in a trusted environment to obtain a decrypted session key, and conducting, based on the decrypted session key, data communications with the second device.

Abstract: The present invention provides methods, devices, and systems for device identity authentication. A method for identity authentication comprises: obtaining, by one or more processors associated with an authenticatee terminal, a device encryption key, obtaining, by one or more processors associated with the authenticatee terminal, second data based at least in part on the device encryption key and first data, wherein obtaining the second data comprises at least one of signing or encrypting the first data, and the first data comprises a random number, generating, by one or more processors associated with the authenticatee terminal, an authentication code based at least in part on the second data and an identifier (ID) of the authenticatee terminal, and communicating, by one or more processors associated with the authenticatee terminal, the authentication code to an authenticator equipment.

Abstract: A virtual mobile infrastructure performs client-side rendering by intercepting and redirecting screen data for generating a screen image of a remote mobile operating system from a server computer to a mobile client device. The mobile client device receives the screen data and generates the final screen image of the remote mobile operating system. The screen data include drawing application programming interface (API) calls to generate surfaces for applications running on the remote mobile operating system and data for compositing the surfaces together. The mobile client device makes the drawing API calls to generate the surfaces and generates the final screen image of the remote mobile operating system by compositing the surfaces in accordance with the compositing data.

Abstract: A virtual mobile infrastructure for mobile devices includes mobile client devices and a server computer running remote mobile operating systems. The remote mobile operating systems share the same kernel, and are each implemented on a container. A mobile client device running a mobile operating system, which may be the same as or different from the remote mobile operating systems, may access one of the many remote mobile operating systems on the server computer.

Abstract: Calibration of vehicle and smartphone coordinate systems includes receiving acceleration data from an accelerometer of the smartphone. The smartphone identifies a Y-axis, a Z-axis, and an X-axis of the coordinate system of the vehicle relative to a coordinate system of the smartphone from the raw acceleration data. The smartphone generates processed acceleration data by transforming the raw acceleration data into the coordinate system of the smartphone. The processed acceleration data is used to detect driving conditions of the vehicle.

Abstract: A virtual mobile infrastructure performs client-side rendering by intercepting and redirecting screen data for generating a screen image of a remote mobile operating system from a server computer to a mobile client device. The mobile client device receives the screen data and generates the final screen image of the remote mobile operating system. The screen data include drawing application programming interface (API) calls to generate surfaces for applications running on the remote mobile operating system and data for compositing the surfaces together. The mobile client device makes the drawing API calls to generate the surfaces and generates the final screen image of the remote mobile operating system by compositing the surfaces in accordance with the compositing data.

Abstract: A script-based scan engine is embedded in a webpage requested by a client computer from a web server. The script-based scan engine may be embedded in the webpage by injecting the script-based scan engine in a header of the webpage in a computer security device between the client computer and the web server, or by integrating the script-based scan engine in the webpage as a library. The script-based scan engine executes in the client computer when the webpage is received by the client computer. The script-based scan engine scans the webpage for web threats, which may include malicious codes, exploits, and phishing, for example. The webpage is allowed to be rendered by a web browser in the client computer when the webpage is deemed safe by the script-based scan engine.

Abstract: Processes for fingerprinting a document file and for preventing information leakage are disclosed. Computer apparatus for implementing said processes are also disclosed. For fingerprinting a document, the document is provided and may be normalized. A sequence of hash values are generated for the document. A window size is adaptively determined depending upon the document. Fingerprints for the document are selected from amongst the hash values using the adaptively-sized window. The fingerprints for the document are added to a fingerprint set for content being protected by the information leakage prevention system. For information leakage prevention, suspect documents are processed at the deployment points by extracting fingerprints from the suspect documents and matching the extracted fingerprints against the fingerprints in the fingerprint set. Different fingerprint extraction methods are used at the server and the deployment points. Other embodiments, aspects and features are also disclosed.

Abstract: Processes for fingerprinting a document file and for preventing information leakage are disclosed. Computer apparatus for implementing said processes are also disclosed. For fingerprinting a document, the document is provided and may be normalized. A sequence of hash values are generated for the document. A window size is adaptively determined depending upon the document. Fingerprints for the document are selected from amongst the hash values using the adaptively-sized window. The fingerprints for the document are added to a fingerprint set for content being protected by the information leakage prevention system. For information leakage prevention, suspect documents are processed at the deployment points by extracting fingerprints from the suspect documents and matching the extracted fingerprints against the fingerprints in the fingerprint set. Different fingerprint extraction methods are used at the server and the deployment points. Other embodiments, aspects and features are also disclosed.

Abstract: A process of information leakage prevention for sensitive information in a database table. Content to be inspected is extracted at a deployment point. The content is processed by a first fingerprinting module to determine if the content matches fingerprint signatures generated from database cells between a first threshold size and a second threshold size which is larger than the first threshold size. The content is also processed by a second fingerprinting module to determine if the content matches fingerprint signatures generated from database cells larger than the second threshold size. The content may also be filtered, and the filtered content processed with an exact match module to determine if the filtered content exactly matches data from cells smaller than the first threshold size. Other embodiments, aspects and features are also disclosed.

Abstract: A caller ID verifier may be employed to protect telephone users against caller ID spoofing. The caller ID verifier may be implemented in a telephony apparatus, such as a smart phone, stand alone caller ID device, or telephone network infrastructure, for example. Telephone numbers of related callers may be grouped into caller groups. The caller ID verifier may be configured to play one of several audio messages depending on the caller group of the telephone number corresponding to the caller ID of the telephone call. An audio message may include a question. The caller ID verifier may forward the telephone call to the telephone user when the caller answers the question correctly. Otherwise, the caller ID verifier may terminate the telephone call and give the telephone user the option to return the telephone call using the caller ID.

Abstract: Processes for fingerprinting a document and for preventing information leakage at a deployment point are disclosed. For fingerprinting a document, a sequence of hash values for a document is generated, a portion of said hash values to be selected as fingerprints for the document. A current window is positioned over a portion of the sequence of hash values. The hash values are examined starting from one end of the current window, and a first-encountered hash value that is 0 modulo P is selected to be a fingerprint for the current window. For information leakage prevention at a deployment point, a rolling hash calculation is performed on a target document, and a determination is made if a hash value is 0 modulo P. A first filter is applied if the hash value is 0 modulo P, and a second filter is otherwise applied. Other embodiments, aspects and features are also disclosed.