Abstract: Verification of a user login to a secure account from a mobile device occurs when the user provides login credentials and a hardware identifier (ID) corresponding to the mobile device. The provided login credentials and hardware ID are then verified against a registry. Further, the mobile device determines and provides a geographic location of the mobile device using a global positioning system (GPS) component installed therein. The location provided by the mobile devices is then matched with a location of a network element with which the mobile device is currently communicating.

Abstract: A method and system is disclosed that provides at least one server device; and at least one remote audio playback device, the remote audio playback device including a unique identifier stored thereon. An encryption key is created by the at least one server device. The at least one server device transmits, over a long range communication network, to the remote audio playback device, music content encrypted using the encryption key and the remote audio playback device's unique identifier.

Abstract: System and methods for authenticating access to multiple data stores are disclosed. The system may include a server coupled to a network, a client device in communication with the server via the network and a plurality of data stores. The server may authenticate access to the data stores and forward information from those stores to the client device. An exemplary authentication method receives a request for access to data. Information concerning access to that data is stored and associated with an identifier assigned to a client device. If the identifier is found to correspond to the stored information during a future request for access to the store, access to that store is granted.

Abstract: A controller provides authentication, authorization, and accounting (AAA) services for a network, the controller comprising a control unit having one or more processors and a Representational State Transfer (REST) interface executed by the control unit to receive application data that specifies an interface method and a resource identifier for a resource, the resource identifier conforming to a subscriber management resource model. The REST interface determines, based on the resource identifier, a record for a subscriber management construct corresponding to the resource. The REST interface applies, to the record, an action corresponding to the interface method to modify access to the network by a subscriber.

Abstract: The invention consists of a new registration and authentication protocol for between a Mobile Node and a Home Agent. The new protocol uses a novel messaging sequence to request registration, authentication and authorization of the Mobile Node when it is located on a foreign network, and the novel protocol will avoid some of the standard registration and authentication protocol messages in order to eliminate the problems associated with re-transmission errors.

Abstract: There are provided a rule-set analyzer and a method of analyzing an ordered security rule-set comprising a plurality of rules and characterized by at least one extrinsic field. The method comprises: upon specifying atomic elements constituting an extrinsic space corresponding to the at least one extrinsic field, partitioning, by a processor, the extrinsic space into two or more equivalence classes, wherein each atomic element in the extrinsic space belongs to one and only one equivalence class; mapping, by the processor, said equivalence classes over the rule-set; and analyzing, by the processor, the security rule-set using the results of mapping said equivalence classes over the rule-set.

Abstract: A method of automatically administering servers is disclosed. The method includes automatically transmitting commands to at least one of the servers. Administrator level access is non-invasively obtained on the at least one of the servers utilizing the automatically transmitted commands. The at least one of the servers is administered using the administrator level access and the automatically transmitted commands.

Abstract: Examples described herein enable memory state sharing among a plurality of virtual machines (VM) including a parent VM and a child VM. A request for memory state sharing between the parent VM and the child VM is received, and the parent VM is suspended. The child VM resumes execution of one or more suspended applications. In one example, the child FM is forked with pre-loaded, suspended applications from the parent VM. Aspects of the disclosure offer a high performance, resource efficient solution that outperforms traditional approaches in areas of software compatibility, stability, quality of service control, re-source utilization, and more.

Abstract: Techniques and systems for managing security profiles in a machine-to-machine messaging system are provided. For example, computing device, a method, and a computer-program product may be provided for maintaining one or more security profiles, and may include registering one or more IoT devices with a messaging system, generating one or more security profiles for an IoT device, and assigning the one or more security profiles to one or more other IoT devices. A security profile includes a permissions record and one or more sets of restrictions.

Abstract: A trusted peripheral device can be utilized with an electronic resource, such as a host machine, in order to enable the secured performance of security and remote management in the electronic environment, where various users might be provisioned on, or otherwise have access to, the electronic resource. The peripheral can have a secure channel for communicating with a centralized management system or service, whereby the management service can remotely connect to this trusted peripheral, using a secure and authenticated network connection, in order to run the above-described functionality on the host to which the peripheral is attached.

Abstract: A security system for authenticating users and protecting content that provides an application program interface (API) with a Cloud Platform integration (Platform) to extend the security capabilities of Public Key Infrastructure and Privilege Management Infrastructure systems to authenticated external users and protected content.

Abstract: Systems and apparatuses for revoking access to one or more applications for one or more individuals or users are provided. In some examples, revocation settings may be received from different business divisions or enterprises or business groups within an entity and may be compiled to form a standardized set of revocation settings that may be applied across the entity. Accordingly, upon receiving an item that may be associated with access and may include one or more applications to which access may be revoked and/or one or more users from which access may be revoked, the system may apply the standardized revocation settings to determine whether access should be revoked. If it is determined that access should be revoked, the system may revoke access to the one or more applications for the one or more users.

Abstract: Systems and methods may provide for receiving runtime input from one or more unlock interfaces of a device and selecting a level of access with regard to the device from a plurality of levels of access based on the runtime input. The selected level of access may have an associated security policy, wherein an authentication of the runtime input may be conducted based on the associated security policy. In one example, one or more cryptographic keys are used to place the device in an unlocked state with regard to the selected level of access if the authentication is successful. If the authentication is unsuccessful, on the other hand, the device may be maintained in a locked state with regard to the selected level of access.

Abstract: Adaptive security profiles are supported on an electronic device. One or more security profiles may be automatically or selectively applied to the device based on the device's location and one or more geographic zone definitions. The security profiles may be used to determine the level of authentication or number of invalid authentication attempts for a particular feature or application or set of features or applications.

Abstract: The present invention provides an operations, administration and maintenance (OAM) security authentication method and OAM packet transmitting/receiving devices. An OAM packet is authenticated by utilizing a random number and an authentication code. A threshold for the number of failed authentication is determined. If the number of failed authentication is greater than the threshold, the random number will be updated. According to the present invention, OAM packets constructed by malicious users or tampered with may be detected to increase security of OAM packets and avoid a denial-of-service (DOS) attack.

Abstract: Embodiments of the present invention provide a packet receiving method, a deep packet inspection device and system, which relates to the field of communications. The packet receiving method includes: receiving a service request packet sent by a terminal device, where the packet carries a terminal domain name indicating the terminal device and a server domain name indicating a service server required by the service request; resolving the received server domain name to obtain a service server Internet protocol (IP) address; and discarding the packet if the resolved service server IP address does not belong to the preset service server IP address corresponding to the received terminal domain name in a preset list. Embodiments of the present invention are applied to the processing of the packet.

Abstract: A method includes receiving, at a first wireless device, from a second wireless device, content and an identification of the second wireless device, over a peer-to-peer wireless communication link. The received content is rendered and verification information containing the identification of the second wireless device and an identification of the received content is generated at the first wireless device. The verification information is then encrypted at the first wireless device using an encryption key. Apparatus and a computer program product counterparts to the method are also disclosed.

Abstract: Identifying malicious servers is provided. Malicious edges between server vertices corresponding to visible servers and invisible servers involved in network traffic redirection chains are determined based on determined graph-based features within a bipartite graph corresponding to invisible server vertices involved in the network traffic redirection chains and determined distance-based features corresponding to the invisible server vertices involved in the network traffic redirection chains. Malicious server vertices are identified in the bipartite graph based on the determined malicious edges between the server vertices corresponding to the visible servers and invisible servers involved in the network traffic redirection chains. Access by client devices is blocked to malicious servers corresponding to the identified malicious server vertices in the bipartite graph.

Abstract: Systems, devices, and methods are described herein for calculating a trust score. The trust score may be calculated between entities including, but not limited to, human users, groups of users, organizations, businesses/corporations, and locations. A system trust score may be calculated for an entity by combining a variety of factors, including verification data, a network connectivity score, publicly available information, and/or ratings data. A peer trust score targeted from a first entity to a second entity may also be calculated based on the above factors. In some embodiments, the peer trust score may be derived from the system trust score for the target entity and may take into account additional factors, including social network connections, group/demographic info, and location data. Finally, a contextual trust score may be calculated between the first and second entities based on a type of transaction or activity to be performed between the two entities.

Abstract: Systems, methods, and computer-readable media are disclosed for detecting anomalous advertising content and taking or directing one or more actions to be taken to mitigate risk associated with anomalous advertising content. The anomalous advertising content indicates a deviation from an expected state of the advertising content. Various measures may be taken to determine whether the anomalous advertising content is reflective of malware.

Abstract: Methods and systems for providing forensic visibility into systems and networks are provided. More particularly, a sensor agent may receive events defining an action of a first object acting on a target. The object, the event, and the target are then correlated to at least one originating object such that an audit trail for each individual event is created. A global perspective indicating an age, popularity, a determination as to whether the object may be malware, and IP/URL information associated with the event may then be applied to at least one of the object, the event, the target, and the originating object. A priority may then be determined and assigned to the event based on at least the global perspective. An event line containing event information is then transmitted to an end recipient where the information may be heuristically displayed.

Abstract: The systems and methods described herein relate to storing values, such as sketches, that represent time indexed data related to network traffic. The model may be indexed by multiple sets of keys and time range values. It is an advantage that the index is essentially repeated for different time intervals. Utilization of the sketches avoids prohibitively large amounts of network traffic from overwhelming the monitoring computing device(s). Further, the probabilistic representative accuracy of the sketches is dynamically configurable. The time indexed data may represent data traffic on a computer network. The time indexed data may be data packets sent on the network. In one or more embodiments the time indexed data may be sketches that represent and/or approximate the data packets. Further, it is contemplated herein that the accuracy of the sketches' representation may be dynamically configurable.

Abstract: Systems and methods are provided for monitoring and detecting intrusions and authenticating messages on a communication network of a vehicle. A plurality of signals transmitted over communications network between an electronic control module and a remote electronic module are monitored. Reflectometry feature sets are extracted from the plurality of signals and compared to a repository of predetermined communication network feature sets to generate a mismatch value. The mismatch value is compared to a predetermined threshold range and an authenticated event occurs when the mismatch value is within the predetermined threshold range. When the mismatch value is outside the predetermined threshold range, a flagged event occurs and is recorded.

Abstract: Embodiments of the present invention are directed to identifying phishing websites by rendering and analyzing document object model (DOM) objects associated with a website for features that indicate phishing behavior. Embodiments analyze the full scope and functionality associated with a website by executing functions embedded in a DOM object before analyzing the website for phishing activity. Accordingly, embodiments render and analyze a fully executed DOM object for phishing behavior. Embodiments may then perform steps to mediate a website that is classified as performing phishing. Thus, embodiments are configured to (1) collect website information from a variety of websites and web servers connected to the internet, (2) analyze the collected data to determine whether the website information is performing phishing, and (3) mediate websites and other actors that are determined to be performing phishing based on the results of the phishing analysis.

Abstract: A computing device processor may be configured with processor-executable instructions to implement methods of detecting and responding non-benign behaviors of the computing device. The processor may be configured to monitor device behaviors to collect behavior information, generate a behavior vector information structure based on the collected behavior information, apply the behavior vector information structure to a classifier model to generate analysis results, use the analysis results to classify a behavior of the device, use the analysis results to determine the features evaluated by the classifier model that contributed most to the classification of the behavior, and select the top “n” (e.g., 3) features that contributed most to the classification of the behavior. The computing device may display the selected features on an electronic display of the computing device.

Abstract: A learning-based computer network security system may include a service delivery controller executing on one or more of hardware processors that receives requests for transmitting network flows to one or more destination machines via a communication network. The service delivery controller may group the network flows into one or more similarity groups, and direct the network flows in a particular similarity group to a learning-based security appliance instance designated for the particular similarity group. Based on receiving feedback from the security appliance instance, the service delivery controller may regroup the similarity groups, and/or redirect the network flows, and/or redistribute the training results between the appliances, and/or modify assignment of appliances to similarity groups.

Abstract: A method for identifying a threatening network comprises an asymmetric threat signature (AT-SIG) algorithm comprising a network movement before/after algorithm that provides a graphical plot of changes in network transaction activity from before to after a specified time and further comprising one or more of: a network progression algorithm that provides a graphical plot to analyze behavior in small increments of time without specification or emphasis upon a particular time or event; a statistical network anomaly ranking algorithm that provides as output a ranked list of the networks; and an anomaly trend graphs algorithm that analyzes and visualizes the networks' anomaly scores over time. Also disclosed are an AT-SIG system and a software program product.

Abstract: Embodiments are configured to receive metadata of a process intercepted on an end host when attempting to access a network. The metadata includes a hash of an application associated with the process and an endpoint reputation score of the application. Embodiments are configured to request a threat intelligence reputation score based on the hash of the application, to determine an action to be taken by the end host based, at least in part, on one or more policies and at least one of the threat intelligence reputation score and the endpoint reputation score, and to send a response indicating the action to be taken by the end host. Further embodiments request another threat intelligence reputation score based on another hash of a dynamic link library module loaded by the process on the end host, and the action is determined based, at least in part, on the other threat intelligence score.

Abstract: A system and method for creating a core cognitive fingerprint. A core cognitive fingerprint can be used to capture the evolution of a system state and potentially respond with a predetermined action if the fingerprint falls within a threshold. The method includes: identifying a set of time frames within which data is extracted; providing a plurality of pattern recognizers; processing the extracted data through the plurality of pattern recognizers to generate an initial set of elements; extracting identified relationships amongst the initial set of elements; modifying the initial set of elements to include the identified relationships to create an intermediate set of elements; comparing the intermediate set of elements against assigned values to weigh each element in the intermediate set of elements to create a final set of elements; and using the final set of elements as a cognitive fingerprint.

Abstract: A computer architecture is disclosed for implementing a hacking-resistant computing device. The computing device, which could be a mainframe computer, personal computer, smartphone, or any other computing device suitable for network communication, comprises a first partition and a second partition. The second partition can communicate over a network such as the Internet. In contrast, the first partition cannot connect to the Internet, and can directly communicate only with the second partition through a bus or with input/output devices directly connected to the first partition. Further, the first partition segments its memory addressing between computer executable code, critical data files, and data files read from the second partition. The second partition is hardware-limited from reading or writing to the memory addressing of the first partition. As a result, the critical data files and program code stored on the first partition are protected from malicious code affecting the second partition.

Abstract: Embodiments are directed towards detecting and thwarting incoming network requests by either throttling and/or redirecting the attack requests towards a honeypot. As network requests are received, TCP segments are examined to identify a presence of attack signatures before returning an ACK. Such attack signatures may identified based on an absence of referrer headers, an invalid cookie, known improper sender addresses, known valid sender addresses, examination of OSI layer 4 and/or above content of a packet, or the like. If an attack is identified, throttling may be employed by responding to the attack requests by dropping and/or rejecting packets within the request, acknowledging the client device's packets at a byte level, modifying a round trip time (RTT) calculation by responding at a defined slowed rate, and/or redirecting client requests to a honeypot.

Abstract: Concepts and technologies are disclosed herein for preventing spoofing attacks for bone conduction applications. According to one aspect, a device can receive an authentication signal that has propagated through a body. The device can prevent an adversary from using the authentication signal to spoof a user to be authenticated by the device. The device can also authenticate the user.

Abstract: Techniques for detecting an intranet spoofing attack are disclosed. In one embodiment, the techniques may be realized as a system and method for detecting an intranet spoofing attack. For example, the system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to: identify an attempt to access an intranet website at a user device; determine that the intranet website is a spoofed intranet website; and perform an action in response to the determination of the spoofed intranet website to protect user.

Abstract: The invention relates to a method for remotely performing operations determined by a service provider on a secure element connected to a communication device having a user application capable of IP based communication, characterized by providing a non service provider specific Internet terminal client module for the user application for establishing connection with the secure element; obtaining context parameters for connection to an Internet terminal provider module hosted on a remote server via the user application, launching the Internet terminal client module by the user application, using the context parameters to establish remote connection between the Internet terminal provider module and the Internet terminal client module, detecting the secure element connected to the communication device via the Internet terminal client module, opening a virtual communication channel between the Internet terminal provider module and the secure element over the connection between the Internet terminal client module a

Abstract: A server interacts with a sender to form a package which can include one or more attached data files to be sent to one or more recipients, and the server applies a policy established by a policy authority of the sender to the package. Since the server both forms the package through interaction with the sender and applies the policy, violations of the policy by the package can be brought to the sender's attention during an interactive session with the sender and before encryption of all or part of the package. As a result, the sender is educated regarding the policy of the sender's policy authority, and the sender can modify the package immediately to comport with the policy. The server delivers the package to intended recipients by sending notification to each recipient and including package identification data, e.g., a URL by which the package can be retrieved.

Abstract: In one embodiment, a method includes activating a cross-platform DLP policy for enforcement against a plurality of users on each of a plurality of heterogeneous communications platforms. The method further includes monitoring communications of the plurality of users on each of the plurality of communications platforms for violations of the cross-platform DLP policy. The method also includes, responsive to a detected violation of the cross-platform DLP policy by at least one user on at least one communications platform, dynamically acquiring context information for the detected violation using information associated with the detected violation. In addition, the method includes publishing violation information to one or more designated users. The violation information includes at least a portion of the information associated with the detected violation and at least a portion of the context information.

Abstract: Implementations of the present disclosure involve a system and/or method for modeling a networking device policy or set of rules and/or transforming a networking device policy model into a set of comprehensible rules for presentation to a manager of the device. In one embodiment, the system and/or method includes converting one or more rules of the firewall device into a string of representative bits, creating a binary decision diagram from the converted rules of the firewall policy, transforming the binary decision diagram into a ternary tree diagram and analyzing the ternary tree diagram to condense the firewall policy into one or more rules comprehensible by a user of the firewall.

Abstract: A portable proxy for security management and privacy protection and methods of use are provided. The proxy establishes a connection to a user device. The proxy also establishes a secure connection to a virtual private network (VPN), performs authentication of the proxy to the VPN, and upon successful completion of the proxy authentication provides access to the VPN through the secure connection user credentials. Once the VPN accepts the credentials, the proxy routes at least a portion of Internet traffic between the user device and the VPN through the secure connection and the connection to the user device. The proxy can also establish a secure connection to an anonymizing service and route all Internet traffic of the user device through the anonymizing service using the secure connection and the connection to the user device.

Abstract: A log management service provides automated log management for any applications deployed on a cloud. A security profile defining the logging requirements for the application is associated with the application. During deployment, a deployment appliance queries the service, providing an application context and deployment topology. The log management service references the supplied application context and deployment topology against the defined log requirements in the security profile and, in response, determines an applicable set of log files, residency and longevity requirements. The log management service then identifies/specifies the log collection resources and requirements that are necessary and instructs the requesting deployment process to configure the one or more log sources and event collectors as needed.

Abstract: A computer-implemented process receives a request to utilize one or more virtual data center (VDC) resources at a virtual data center and determines a particular service level applicable to request. Based on the particular service level and mapping information that indicates associations between VDC resource utilization policies and service levels, the process determines a particular VDC resource utilization policy corresponding to the request and causes completion of the request according to the particular VDC resource utilization policy. Another process determines that a resource utilization performance is incompatible with a requested service level and selects a new resource utilization based in part on the resource utilization performance information and mapping information. The process causes data distributed according to a prior resource utilization policy to be distributed according to the new resource utilization policy in one or more resources at a virtual data center.

Abstract: Disclosed are system and method for distributing antivirus records to user devices. An exemplary method includes collecting, by a server, statistics on the use of antivirus records; calculating a coefficient of effectiveness of each antivirus record based on the statistics; identifying one or more most effective antivirus records whose coefficients of effectiveness exceed a predetermined effectiveness threshold; identifying one or more less effective antivirus records whose coefficients of effectiveness do not exceed the predetermined effectiveness threshold; transmitting identified most effective antivirus records to a plurality of user devices for storage in antivirus databases of the user devices; receiving, from the user devices, one or more less effective antivirus records removed from the antivirus databases of the user devices; and storing the received less effective antivirus records in an antivirus database of the server if said antivirus records were not in the antivirus database of the server.

Abstract: An agile governance system provides recommendations for infrastructure change requests concerning a cloud-based computer environment in accordance with security policies regarding data to be used in connection with applications impacted by the requests. The nature and character of the data is determined using an interactive dialog with a requesting entity. Possible responses provided by the requesting entity are mapped to security policy requirements, which, in turn, are used to determine infrastructure stack requirements. Where pre-approved solutions that satisfy the security needs for the requested infrastructure change exist, they are recommended; otherwise, the requesting entity is presented with the recommendation for the requested infrastructure change along with a list of required approvals and approvers.

Abstract: An intercepting user equipment and a lawful interception method thereof are provided. The intercepting user equipment registers to the administrating server for lawful interception, and then receives a positive interception message from the administrating server. The intercepting user equipment receives a signal from user equipment, and determines whether a power measurement of the signal exceeds a threshold. If positive, the intercepting user equipment transmits a power adjustment request to the administrating server so that the administrating server notifies the eNB of transmitting a power adjustment command to the user equipment for adjusting transmitting power. The intercepting user equipment intercepts communication data of the user equipment.

Abstract: There is provided a method of processing an IMS session originated by a UE after restart of a S-CSCF that was previously assigned to a user of the UE during registration with the IMS, when a further S-CSCF is currently assigned to the user. The method comprises, at a HSS, receiving a request to register a user identity of the user from the previously assigned S-CSCF, determining that the previously assigned S-CSCF is not the same as a S-CSCF currently assigned to the user, determining if IMS restoration procedures are supported for the UE, and, if IMS restoration procedures are not supported for the UE, sending a response to the previously assigned S-CSCF, the response identifying the further S-CSCF currently assigned to the user.

Abstract: Embodiments disclosed herein provide systems, methods, and computer readable media to provide roaming IP multimedia subsystem (IMS) access. In a particular embodiment, a method provides, in a communication interface, attaching a communication device to provide the communication device with access to a broadband access network associated with a visited domain of the communication device. The method further provides, in a proxy call session control element of a broadband services gateway (BSG), registering the communication device to access IMS services on behalf of an IMS core in the visited domain over the broadband access network, conveying Session Initiation Protocol (SIP) signaling between the communication device and the IMS core as a SIP proxy, and establishing a communication session between the communication device and the IMS core.

Abstract: A background noise inserter server is described that includes a communication interface for communicating with a network, memory for storing background audio, and a processor coupled to the communication interface and the memory. The processor controls the server to connect to a phone call session in response to a session initiation protocol (SIP) invite from a calling device indicating that the calling device is requesting the background audio in the phone call session with a called device. The processor also controls the server to insert the background audio into the phone call session so that the inserted background audio is mixed with audio from the phone call session transmitted to both the calling device and the called device.

Abstract: A network-connected server for meeting initiation has software executing on the server from a non-transitory physical medium, the software providing a function allowing a user to schedule a meeting and to configure availability conditions, a function for informing scheduled participants of the scheduled meeting, a function for receiving indications of availability for the scheduled meeting from communication appliances associated with scheduled participants, and a function for connecting the communication appliances to communicate when the configured availability conditions are met.

Abstract: The present disclosure is directed towards a method and system for synching content on a second screen with content being displayed on a first or primary screen. The method and system of the present disclosure supports multiple synching mechanisms as well as prioritization between the different multiple synching mechanism.

Abstract: A virtual conferencing system is described which evaluates and selects participants for active participation based on one or more criteria.

Abstract: Techniques for adaptive content transmission are described herein. During transmission of a content item, a network connection may be monitored to collect data corresponding to one or more network conditions associated with the transmission of the content item. Such network conditions may include, for example, network throughput, available network bandwidth, network latency and others. The collected data may be used to dynamically adjust one or more transmission attributes in connection with the transmitted content item. The one or more transmission attributes may be determined for adjustment at any desired transmission interval.