Abstract: Aspects relate to a computer implemented anonymous credential method for credential abuse prevention and efficient revocation. The method includes acquiring a credential from an issuer at a user, registering the user and credential with an oblivious monitor, generating a user presentation token at the user using the credential, requesting presentation with the oblivious monitor by the user, wherein the user presentation token is transmitted to the oblivious monitor, verifying the user presentation token, wherein presentation is aborted if verification fails, transmitting, from the oblivious monitor, an oblivious monitor presentation token portion to the user in response to the verification passing, transmitting a combined presentation token to a verifier, wherein the combined presentation token includes the user presentation token and the oblivious monitor presentation token portion, and verifying the combined presentation token at the verifier.

Abstract: A computer in a network has an operating system. The operating system is configured to prevent running of software not identified in a list of approved software referred to as a white list. Software absent from the list is prevented from running by the operating system. The network has a server which determines, for each item of software on the white list, the administration rights of the users of computers having that item of software. If a white listed software item is present on one or more computers used by users without admin rights, then the admin rights of any user of other computers having the same white listed software item are withdrawn by instructions sent by the server to the computer.

Abstract: An system comprises: a first storage that stores access destination information, characteristic information, and first identification information in a manner associated with one another; a transmitter that transmits a captured image of a medium; a first-acquiring-unit that extracts the characteristic information and acquires the access destination information and the first identification information associated with the characteristic information, access based on the access destination information being controlled by an authentication device comprising a second storage that stores second identification information allocated to each medium, third identification information corresponding to the first identification information, and collation information indicating an access source in a manner associated with one another; a second-acquiring-unit that acquires fourth identification information allocated to each medium from the captured image; and an access unit that transmits the first identification information,

Abstract: A device newly introduced to a network is automatically credentialed to be able to communicate over a network before the device first communicates with the network. For example, at a point of purchase, a user can provide network identification information to a merchant computing device that effects transfer of that information to the new device such that the new device can communicate directly with the network without initial credentialing directly between the unique device and the local network. In another example, the merchant computing device communicates with the local network to register a newly purchased device with the local network before the newly purchased device is introduced to the network. Accordingly, the network is configured to begin communications with the unique device without initial credentialing directly between the unique device and the local network.

Abstract: Methods and systems are provided for fine tuning access control by remote, endpoint systems to host systems. Multiple conditions/states of one or both of the endpoint and host systems are monitored, collected and fed to an analysis engine. Using one or more of many different flexible, adaptable models and algorithms, an analysis engine analyzes the status of the conditions and makes decisions in accordance with pre-established policies and rules regarding the security of the endpoint and host system. Based upon the conditions, the policies, and the analytical results, actions are initiated regarding security and access matters. In one described embodiment of the invention, the monitored conditions include software vulnerabilities.

Abstract: Network traffic is received from a guest device on a computer network of a hospitality establishment, and a guest area of the hospitality establishment is accordingly identified. A login database is queried to find an unexpired login for the guest area, the unexpired login specifying a stored guest identifier corresponding to information retrieved from a property management system of the hospitality establishment regarding a guest of the guest area at a time when the unexpired login was created. The stored guest identifier of the unexpired login is compared with a current guest identifier of the guest area retrieved from the property management system regarding a current guest of the guest area. When the stored guest identifier matches the current guest identifier, the guest device is automatically allowed to access the network service for a remaining portion of the allowed access duration of the unexpired login.

Abstract: A secure beacon-based system includes beacons that may generate dynamic beacon identifiers. A mobile device application may send a request to an application server, including a dynamic beacon identifier. The application server can locally compute the dynamic beacon identifier and compare it to the received beacon identifier to validate the request and determine whether to respond to the request.

Abstract: A method for executing a secure application on an untrusted user equipment having storage means with at least one protected region includes establishing a secure or authenticated communication channel between a trusted device and the user equipment. Secure application information of the secure application is provided via the communication channel to be executed on the user equipment. Correctness of the secure application information is checked. Execution of the secure application is initiated on the user equipment via the communication channel such that the secure application is stored in the protected region of the storage means.

Abstract: Systems and methods for adding context to prevent data leakage over a computer network are disclosed. Data is classified and contextual information of the data is determined. A transmission policy is determined in response to the classification and contextual information. The data is either transmitted or blocked in response to the classification and the contextual information.

Abstract: A system may receive a request to access user sponsored media content (“media content”), the request including a digital token (“token”), the media content being associated with a user sponsored account (“account”), and the account being associated with unused data from a mobile communications service plan, where the account and the mobile communications service plan are associated with a user. The system may identify token information included in the token. The system may compare the token information with stored token information. The system may determine that the token is valid based on the token information matching the stored token information. The system may provide access to the media content based on the token being valid. The system may provide information to cause data charges, for traffic flow associated with access to the media content, to be charged against the unused data associated with the account.

Abstract: Systems and methods are described comprising a touchscreen that includes a processor coupled to a security system at a premises. A plurality of user interfaces presented via the touchscreen includes a security interface and a network interface. The security interface provides control of functions of the security system and access to data collected by the security system. The network interface provides access to network devices. The network devices are located at the premises and are coupled to the touchscreen. A security server at a remote location is coupled to the gateway and comprises a client interface through which remote client devices exchange data with the gateway and the security system. At least one of the security server and touchscreen collect behavioral data using the security system and the network devices, and generate a risk score using the behavioral data.

Abstract: Artificial Immune Systems (AIS) including the Dendritic Cell Algorithm (DCA) are an emerging method to detect malware in computer systems. An implementation of the DCA may detect anomalous behavior in various processes of a device or devices. Unlike previous approaches, the DCA implementation may use an inflammation signal to communicate information among the processes of device or a network, where the inflammatory signal indicates a likelihood that a process has been attacked by malicious software.

Abstract: In an example, a cross-view detection engine is disclosed for detecting malware behavior. Malware may attempt to avoid detection by remaining in volatile memory for as long as possible, and writing to disk only when necessary. To avoid detection, the malware may also provide a pseudo-driver at a file system level that performs legitimate-looking dummy operations. A firmware-level driver may simultaneously perform malicious operations. The cross-view detection engine detects this behavior by deconstructing call traces from the file system-level operations, and reconstructing call traces from firmware-level operations. If the traces do not match, the object may be flagged as suspicious.

Abstract: A computer-implemented method for identifying abnormal computer behavior includes receiving, at a computer server subsystem, data that characterizes subsets of particular document object models for web pages rendered by particular client computers; identifying clusters from the data that characterize the subsets of the particular document object models; and using the clusters to identify alien content on the particular client computers, wherein the alien content comprises content in the document object models that is not the result of content that is the basis of the document object model served.

Abstract: According to one embodiment, a computerized method comprises receiving a set of indicators of compromise (IOCs) associated with a known malware of a first message type from a first source and receiving one or more IOCs (IOC(s)) from a second source that is different from the first source. Thereafter, a determination is made as to whether the received IOC(s) from the second source correspond to the set of IOCs received from the first source. If so, information associated with at least the set of IOCs is used to locate a malware of the first message type that is undetected at the second source.

Abstract: In embodiments of the present invention improved capabilities are described for detecting restricted content associated with retrieved content. The method and system may include receiving a client request for content, saving contextual information from the client request, presenting retrieved content in response to the client request, and presenting the contextual information from the client request, and retrieved content, to a scanning facility. The scanning facility may utilize the contextual information from the client request to aid in the detection of restricted content associated with retrieved content.

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

Abstract: An approach for detecting an insider threat is described. Embodiments include determining one or more features from one or more network transfers among a plurality of network entities, determining a baseline behavioral profile of the plurality of network entities based on the one or more features; and determining at least one malicious network entity from among the plurality of network entities based on a systematic deviation from the baseline behavioral profile of at least one of the one or more features.

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

Abstract: A system and method for detecting Fast-Flux malware are presented. Domain name system (DNS) lookup requests to DNS servers from a local area network (LAN) to a wide area network (WAN) are monitored. The DNS lookup requests comprise requests to resolve uniform resource locators (URLs) to network addresses. The network addresses (IP) received from the DNS servers for the DNS lookup requests are monitored provide a URL-to-IP associations list. The DNS servers used for the DNS lookup requests for the URLs are monitored to provide a DNS Domain-to-DNS server associations list. A suspicious URL log based on the URL-to-IP associations list, and a suspicious DNS log based on the DNS Domain-to-DNS server associations list are generated.

Abstract: In an embodiment, a method providing an improvement in remediating vulnerabilities in computer security comprising: receiving, using a network tap of a sensor computer that is coupled to a compromised computer, a communication packet that was sent from the compromised computer to a target computer; using the sensor computer, determining that the target computer is one of a plurality of enterprise computers; reading, at the sensor computer, a plurality of fields within a header of the communication packet; and performing a remediation measure by generating a header of an action packet, wherein the header comprises duplicates of at least some fields of the plurality of fields so as to appear to be generated by the target computer, generating a payload of the action packet, and sending the action packet comprising the generated header and the generated payload to the compromised computer.

Abstract: An object-forwarding device can block a malicious Content Object from being inserted into an Interest's reverse path over a named data network. During operation, the device can receive a Content Object via a first interface, and can perform a lookup operation in a Pending Interest Table (PIT) to identify a PIT entry for an Interest associated with the Content Object. The device then determines, from the PIT entry, an egress interface used to forward the Interest. If the device determines that the egress interface of the PIT entry matches the first interface for the Content Object, the device forwards the Content Object via a return interface specified in the PIT entry. On the other hand, if the egress interface of the PIT entry does not match the first interface for the Content Object, the device can block the Content Object.

Abstract: A cloud-based method, a behavioral analysis system, and a cloud-based security system can include a plurality of nodes communicatively coupled to one or more users, wherein the plurality of nodes each perform inline monitoring for one of the one or more users for security comprising malware detection and preclusion; and a behavioral analysis system communicatively coupled to the plurality of nodes, wherein the behavioral analysis system performs offline analysis for any suspicious content from the one or more users which is flagged by the plurality of nodes; wherein the plurality of nodes each comprise a set of known malware signatures for the inline monitoring that is periodically updated by the behavioral analysis system based on the offline analysis for the suspicious content.

Abstract: This specification generally relates to using redirect messages to implement content scanning. One example method includes receiving from a client a first request for a network resource, the first request including an original location of the network resource; determining that a response to the first request is to be analyzed; sending a redirect response to the client including a modified location for the network resource different than the original location; receiving a second request for the network resource from the client, the second request including the modified location; in response to receiving the second request for the network resource from the client: retrieving the network resource from the original location; determining that the retrieved network resource is suitable to send to the client; and in response to determining that the retrieved network resource is suitable, sending the retrieved network resource to the client.

Abstract: A method, non-transitory computer readable medium and global traffic manager computing device for preventing distributed denial of service attack comprising machine executable code which when executed by at least one processor, causes the processor to perform steps including obtaining network information relating to a request in response to receiving the request. A rating is determined for the obtained network information based on one or more network parameters. An action to be taken for the received request is determined based on a comparison of the determined rating and a threshold rating. The determined action is executed for the received request.

Abstract: System architecture and methods for controlling improper network activity in a wide area network, where the system includes multiple service provider devices configured to provide communications service to attack vector devices. Each service provider device or plurality of devices is provided with at least one policy agent. The policy agent of each of the service provider devices is placed in communication with a security service system. The method includes detecting an improper network event using one of the policy agents and providing the security service device associated with that policy agent/service provider device with vector data characterizing the improper network event. The method further includes forwarding the vector data relating to the improper network event from the security service system to other of the security service systems, and from those to the policy agents in the other service provider devices.

Abstract: A system of client devices and a server system implementing services makes use of credentials to facilitate authentication of the client devices with the server and generates log entries for different accesses to the server system. A monitoring system places credentials and log entries referencing the monitoring system with the credentials and log entries on the client devices without any authentication or actual access attempts by the client devices to the monitoring system. Unauthorized access to the client devices may result in the credentials and log entries to the monitoring system being accessed and used to access the monitoring system. Attempts to exploit the monitoring system using the credentials and log entries is contained within the monitoring system and data is collected to characterize malicious code attempting to exploit the monitoring system. The data is then used to prevent attacks and detect compromised client devices and server systems.

Abstract: Methods and systems described herein relate to enhancing security on a device by enforcing one or more policies on the loading, linking, and/or executing of native code by one or more applications executing on the device.

Abstract: A method and apparatus that secures a dynamic virtualized network is described. In an exemplary embodiment, a device receives a current network policy of the dynamic virtualized network. In addition, the current network policy includes multiple network policy elements, where each of the multiple network policy elements identifies an authorized endpoint in the dynamic virtualized network. The device further determines a network security policy for the dynamic virtualized network from the current network policy. The network security policy includes one or more second network policy elements that are a different network policy element than one of the multiple network policy elements of the current network policy. In addition, each of the one or more second network policy network elements adds an additional policy on how network traffic is processed in the dynamic virtualized network by a port of one of the plurality of network access devices.

Abstract: Various embodiments of systems and methods for dynamically switching device configuration based upon context are described herein. In an aspect, the method includes reading a tag attached to an entry gate of a restricted area through a device. Upon reading the tag, an application is executed to connect the device to a mobile device management (MDM) server. Upon establishing the connection, the restricted area identifier (ID) is sent to the MDM server. The device receives one or more policies applicable for the restricted area from the MDM server. The received one or more policies are executed on the device to change the device configuration. After execution, the device sends a confirmation message to the MDM server to indicate that the device is policy complaint. Upon receiving the confirmation, the MDM server instructs to open the entry gate to allow the device within the restricted area.

Abstract: A method includes retrieving, from a memory accessible by a computer, a document comprising a workload definition document that defines an intended virtual configuration to include at least one virtual machine and at least one network appliance to be associated with at least one of the virtual machines in the intended virtual configuration, each network appliance respectively serving a role in the intended virtual configuration of transforming, inspecting, filtering, or otherwise manipulating all the network traffic, before it reaches an intended virtual machine, for purpose other than a data packet forwarding in a virtual configuration. The workload definition document is parsed to extract attributes of each of the network appliances, including one or more security policy to be applied to each network appliance. Configuration data is extracted from the parsed workload definition document that is related to any security policy of any of the network appliances to be deployed.

Abstract: A mobile device capable of performing a plurality of functions. The mobile device includes a memory for storing a plurality of different security policies; an input device for invoking a function from the plurality of functions by a user; a processor for assigning a first security policy from the stored plurality of security policies to the invoked function; and a security module for requiring the user to satisfy the assigned first security policy, before the invoked function is performed by the mobile device.

Abstract: A method and associated computing system. Data received by a computing environment includes a mixture of non-sensitive data and sensitive data along with related metadata indicative of a sensitivity of the sensitive data. The computing system includes the computing environment. An operation is performed on the sensitive data in the computing environment by: (a) determining that the data used for the operation are sensitive data, (b) intercepting the operation on the sensitive data, and (c) registering newly created sensitive data, as a result of the operation, with metadata indicating one or more addresses of the sensitive data. An external access to the sensitive data in the computing environment is intercepted. A compliance firewall rule is applied to the sensitive data intended to leave the computing environment. The compliance firewall rule defines an action to be applied to the sensitive data such that the sensitive data are protected against unauthorized access.

Abstract: Systems for providing scanning within distributed services are provided herein. In some embodiments, a system includes a plurality of segmented environments that each includes an enforcement point that has an active probe device, and a plurality of workloads that each implements at least one service. The system also has a data center server coupled with the plurality of segmented environments over a network. The data center server has a security controller configured to provide a security policy to each of the plurality of segmented environments and an active probe controller configured to cause the active probe device of the plurality of segmented environments to execute a scan.

Abstract: Disclosed herein is an instance of a media modality controller of a communication system which is assigned to convey media modality control signals of a communication event to respective media modality agents of endpoints of the communication event without accessing respective call agents of the endpoints. The media modality controller instance is so assigned independently of a call controller of the communication system and responsive to an instruction received via the network. The media modality controller instance is released from said assignment responsive to the media modality controller instance returning a response to the received instruction while the call controller continues to operate in communication with the call agents of the endpoints.

Abstract: Provided are a method, an apparatus and a system for establishing a session. In the method, a Visit Policy and Charging Rules Function (V-PCRF) receives an S9 session establishment triggering message from a Home Policy and Charging Rules Function (H-PCRF), wherein the S9 session establishment triggering message is used for triggering establishment of an S9 session and a first S9 sub-session, and the first S9 sub-session is used for policy control of Evolved Packet Core (EPC)-routed traffic; the V-PCRF determines whether the S9 session has been or is being established; and when it is determined that the S9 session has been or is being established, the V-PCRF indicates to the H-PCRF that the S9 session has been or is being established. Through the solution, conflict is avoided in the process of establishing the S9 sub-session in the related art and the stability of the system is improved.

Abstract: A service registration system includes a server that provides a service through a network, a peripheral device capable of communicating with the server and using the service, and a terminal device capable of communicating with the server and the peripheral device. When the terminal device receives the registration requesting information representing information related to registration necessary for using the service from a user, the terminal device transmits registration requesting information to the server. When the server receives the registration requesting information from the terminal device, the server transmits service information necessary for using the service. Further, the terminal device can transmit the service information to the peripheral device when it receives the service information from the server.

Abstract: An arrangement for a collaborative videoconferencing environment is disclosed. A display having a substantially “L-shaped” configuration allows for display of collaborative materials and video of remote participants simultaneously, which provides for a more natural interaction for a meeting participant interacting with the collaborative materials. Additionally, a camera is arranged to focus on the meeting participants shoulder while the meeting participant is interacting with the collaborative materials. Such location of the camera provides a more natural view of the collaborator to remote users.

Abstract: Method and apparatus for propagating state information updates are disclosed. In the method and apparatus, a node establishes connections with one or more nodes of a plurality of nodes based at least in part on the number of connections retained by each node of the plurality of nodes. The node may then propagate state information updates to the one or more nodes.

Abstract: Disclosed herein is a system and method for managing a collaborative document that is owned by two different users who belong to different organizations. The users first create a document that will be owned by both users. Both users are also granted full ownership rights in the document. The users then contribute to the document by providing information that may be confidential to their organization. The users want to ensure that they can cut off access to the confidential information if and when the relationship between the users or organizations sours. When one of the users with full ownership privileges decides to end the cooperation with the other users, that user simply revokes access to the document to the other user. As a result of the revocation all users are no longer able to see or access the entire document. In this way the confidential information of all parties is protected.

Abstract: A method and apparatus for sharing presentation data, interactions, and annotation information between devices. The method includes: converting the presentation data into at least one image; transmitting the at least one image to the second device; displaying an image from among the at least one image on a screen of the first device, and transmitting image identification information about the displayed image to the second device; adding annotation data to the displayed image, based on a user input; and transmitting annotation information about the annotation data to the second device. The second device displays an image corresponding to the image identification information on a screen of the second device based on the image identification information, and the second device displays the annotation information on the image displayed on the screen of the second device the annotation information.

Abstract: Methods and apparatus for transcoding metadata are disclosed. Example methods disclosed herein to meter media content presented by a media device includes accessing first metadata accompanying media to be presented by the media device, the first metadata not being detectable by a metering device collecting audience measurement data associated the media device, transcoding the first metadata into second metadata having a format that is detectable by the metering device and capable of being inserted into at least one of an audio signal or a video signal corresponding to the media to presented by the media device, inserting the second metadata into the at least one of the audio signal or the video signal, and providing the at least one of the audio signal or the video signal with the inserted second metadata to the media device for presentation.

Abstract: A system performs tunneling for real time communication (“RTC”) between a source endpoint and a destination endpoint. The system receives, by a server, a request from a user equipment (“UE”) for enabling header compression of inner internet protocol (“IP”) and transport headers of media traffic encapsulated within a tunnel. The media traffic corresponds to the RTC between the source endpoint and the destination endpoint. The system determines a mapping that maps one or more indices to identifying information of the source endpoint and the destination endpoint, and sends a response to the UE including the mapping. Upon sending the response, the UE and the server communicate the media traffic according to the mapping, where the media traffic includes media packets in which inner IP and transport headers are replaced with an index within the one or more indices.

Abstract: A method and apparatus for approving multimedia data, including: receiving second multimedia data of a second resolution; selecting a block of the second multimedia data; and requesting a corresponding block of first multimedia data, to the selected block of the second multimedia data. Furthermore, the method includes receiving the corresponding block of the first multimedia data of a first resolution; and approving the second multimedia data at the server apparatus in response to evaluating the received block of the first multimedia data.

Abstract: A method, computer program product and computing device for selecting at least one playlist for transfer, the at least one playlist being stored on a first personal media device. The at least one playlist is converted to a common format, thus generating a first common format playlist. Communication is established with a second personal media device. The first common format playlist is transferred to the second personal media device.

Abstract: An architecture is provided that can scale content resolution in order to mitigate errors in a provisioned service of a communication network, such as a wireless service or a femtocell service that integrates with DSL or other broadband carriers. The architecture can identify fault conditions relating to e.g., bandwidth oversubscription or symbolization integrity. Based upon such identification, the architecture can alter encoding format codecs of certain types of content in order to reduce their resolution/quality, thereby mitigating bandwidth oversubscription fault conditions or freeing up space (without necessarily increasing bandwidth) to insert additional FEC code.

Abstract: In one method embodiments, providing a transport stream to a client device, the transport stream comprising a head stream and a tail stream, the head stream and the tail stream each comprising a compressed video sequence; providing information in a transport stream packet associated with the head stream, the information configured to cause the client device to selectively control an output of at least one of a plurality of pictures of the head stream yet to be output from a decoded picture buffer (DPB) at an out-point from the head stream to the trail stream.

Abstract: Systems and methods of dynamically adapting multimedia data transmit rates of data senders to available bandwidths of data receivers, in which the available bandwidths are estimated by the data senders using at least reception quality feedback information provided in real-time transport control protocol (RTCP) report packets. The data senders can obtain several bandwidth estimation parameters, such as a packet loss ratio and a round trip delay, from the reception quality feedback information, as well as multimedia data transmit rates from the data senders to the data receivers, and obtain estimates of the available bandwidths of the data receivers using at least the bandwidth estimation parameters and multimedia data transmit rates. Further, using the estimated available bandwidth, the data senders can dynamically adapt the multimedia data transmit rates to the available bandwidths for more reliably achieving the quality of experience (QoE) desired and/or required for multimedia data transmissions.

Abstract: A method, a computer program product, and a computer system for monitoring conversational audio quality of Voice over Internet Protocol (VoIP) are provided. A monitoring system determines a size of an audio file and an available bandwidth. The monitoring system predicts time of receiving the audio file, based on the size and the bandwidth. The monitoring system determines whether the time of receiving the audio file exceeds a monitoring timer interval by a certain threshold. The monitoring system uses an intrusive testing method for monitoring call quality, in response to determining that the time of receiving the audio file exceeds the monitoring timer interval by the certain threshold.

Abstract: Features are disclosed for automatically generating content requests and recording metrics and other information about execution of the requests. The requests can be background requests, executed by user computing devices during idle periods and without any user initiation. The background requests may be browser requests for content pages. Metrics and other information about execution of the requests may be recorded during execution of the background requests and reported to a performance analysis system. Instructions to execute background requests can be generated so as to develop a data set, such as a data set for analyzing request execution performance.