Abstract: Disclosed are various systems, methods, and other embodiments directed to detection of malware in content items. To detect the malware, for example, one or more content items are identified in association with the rendering of a network page in a simulated environment. A plurality of tests are applied to the one or more content items to detect an existence of malware associated with the content items.

Abstract: A method for applying a security policy to an application session, includes recognizing the application session between a network and an application via a security gateway; determining by the security gateway a user identity of the application session using information about the application session; obtaining by the security gateway the security policy comprising network parameters mapped to the user identity; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.

Abstract: A communication apparatus identifies an access point with which the communication apparatus can perform wireless communication and transmits information indicating the identified access point to a communication partner apparatus by way of the wireless communication. In response to this, an access point designated by the communication partner apparatus is registered as a relay access point.

Abstract: Techniques for discovering and/or advertising services are described herein. A first bitmask is received from a remote device over a wireless network, the first bitmask having one or more bits that have a predetermined logical value. Each bit represents a particular service provided by the remote device. A logical operation is performed between the first bitmask and a second bitmask locally generated within a local device, where the second bitmask represents a service being searched by the local device. It is determined whether the remote device is potentially capable of providing the service being searched by the local device based on a result of the logical operation.

Abstract: Embodiments of the present invention disclose a method for updating a group temporal key, a related apparatus and system. A method includes: An access point AP sets an updating period of a group temporal key GTK; the access point updates the GTK whenever the updating period of the GTK arrives; the access point receives a GTK request that is sent by a mobile station STA in an association list within a preset delay time period after arrival of the updating period of the GTK, where the association list records all mobile stations communicating with the access point, and the preset delay time period is shorter than the updating period of the GTK; and when the preset delay time period after the arrival of the updating period of the GTK arrives, the access point sends the updated GTK to the mobile station in the association list according to the GTK request.

Abstract: A plurality of processing elements may include a first processing element having a first stream operator configured to transmit at least a portion of the tuples to a second stream operator. A first rule of an encryption policy may be determined to require encrypting at least a first value of a first attribute. The first value may be within a first tuple of the portion of the tuples. Each tuple of the portion of the tuples may include the first attribute and a second attribute. A first connection may be established for transmitting from the first stream operator to the second stream operator. The first connection may be an encrypted connection. The first value may be extracted from the first tuple and transmitted to the second stream operator via the first connection. The first stream operator may perform the extracting and transmitting.

Abstract: Embodiments of the disclosure can include systems and methods for secure file transfers. The onsite monitoring system secure file transfer solution can allow for transferring operational data by an onsite system behind a firewall to a central monitoring and diagnostic infrastructure by sending asynchronous, concurrent, parallel files over a port using a previously opened connection.

Abstract: An apparatus, program product and method for managing access to a secure, encrypted webserver. A user computer may communicate through a cloud server with the secure webserver via an End-To-End encrypted connection. The webserver being able to run applications, receive and distribute data with similarly secured webservers and receive and distribute data between the webserver and the client computer. The End-To-End Encrypted connection may remain open until the client computer disconnects and the identity of the user is authenticated by a cloud server.

Abstract: Embodiments of the present invention provide systems, methods, and computer storage media for detecting and restoring erroneous data. In cases that a data entry within a data matrix is determined to be erroneous, the data entry can be restored using a replacement value calculated in accordance with other data from the data matrix. In particular, the number of dimensions used to calculate the replacement value can be reduced from the complete set of dimensions to avoid unnecessary noise data that may impact corrected data values.

Abstract: Implementations for secure network labeling to control inter-process communications in a multi-tenant Platform-as-a-Service (PaaS) system are disclosed. A method of the disclosure includes initializing, by a processing device of a node, a gear of an application on the node, wherein the node hosts a plurality of gears for a plurality of applications of a multi-tenant Platform-as-a-Service (PaaS) system, and wherein the plurality of applications comprising multi-tenant applications having different owners. The method further includes determining a user identifier (UID) of the gear, generating a custom network security label (NSL) of the gear, assigning the custom NSL to the gear, and applying the custom NSL to an outgoing network packet sent from the gear to another gear within the PaaS system.

Abstract: One approach for authenticating data includes storing a plurality of combinations of representations of public keys and session key IDs in a non-volatile memory. A payload and accompanying public key, session key ID, and signature of the payload are input. The signature is a function of the payload and a private key of a key pair that includes the accompanying public key and the private key. Authenticity of the payload is determined based on the accompanying public key and session key ID and the combinations stored in the non-volatile memory, and from the signature and the payload. In response to determining that the payload is authentic, the payload is processed, and in response to determining that the payload is not authentic, processing of the payload is disabled.

Abstract: In embodiments of the present invention improved capabilities are described for securely sharing computer data content that allows for the secure un-sharing of the content. The facility to un-share content may be implemented through a secure exchange server, where the content is being shared along with a secure protection feature that when altered results in the un-sharing of the content. This secure un-sharing facility may be used to securely share content beyond the secure protective facilities of an enterprise, out to users in other companies, into the public space, to users not intended to get the content, and the like, where the sender maintains control to access of the content no matter where or to who the content has been distributed. In this way, the secure sharing of content is made to be easy across corporate boundaries at the user level and at the individual document level.

Abstract: In embodiments of the present invention improved capabilities are described for securely viewing computer data content, such as documents, presentations, spreadsheets, emails, blog entries, texts, and the like, through a secure viewing facility, where the secure viewing facility utilizes a camera or other biometric sensor to monitor an authorized user's actions in the determination of whether the secure viewing facility will permit the computer data content to be viewed on the computer's display, and/or in the control of the viewing process itself.

Abstract: A method of enciphering information includes generating five index values by performing modulo division on a 32-bit binary input value, identifying five 8-bit output patterns based on the five index values, and enciphering or deciphering five bytes of text using the five 8-bit output patterns.

Abstract: A system and method for securing input signals when using input interfaces such as touch-screens and other input interfaces that are suitable for handheld, mobile, computing and other devices, by generating fake signals. In accordance with an embodiment, the technique can be used to protect input signals from, e.g. a touch-screen keyboard, and make it more difficult for malicious software applications to intercept and understand such input signals. The technique can also be implemented without requiring significant changes to the underlying operating system (OS) or graphical user interface (GUI). In accordance with an embodiment, a security enhancer or security enhancing application injects fake signals into the OS/GUI input signals queue. The security enhancer or security enhancing application is also associated with a communication channel that allows it to establish a cryptographic signature or key with authorized or sensitive application receivers that are authorized to receive the input signals.

Abstract: An embodiment of the invention allows a user to back-up/store data to a cloud-based storage system and synchronize that data on the user's devices coupled to the storage system. The devices have secure out-of-band cryptoprocessors that conceal a private key. The private key corresponds to a public key that is used to encrypt a session key and information, both of which are passed to and through cloud based storage, all while remaining encrypted. The encrypted material is communicated from the cloud to another of the user's devices where the encrypted material is decrypted within a secure out-of-band cryptoprocessor (using the private key that corresponds to the aforementioned public key) located within the device. The embodiment allows for secure provisioning of the private key to the devices. The private key is only decrypted within the cryptoprocessor so the private key is not “in the open”. Other embodiments are described herein.

Abstract: A method, system, apparatus and computer programs are disclosed to process content for an enterprise. The method includes reviewing, using at least one enterprise policy, content that is to be sent through a data communications network to a public service to determine if the content comprises secure data and, in response to identifying secure data, modifying the content to be sent to the public service such that a presence of secure data will be visually imperceptible when the content is rendered at the public service. The step of modifying can include steganographically embedding the secure data or a link to the secure data in a container such as image data.

Abstract: Techniques are disclosed for establishing secure communications between computing devices utilizing proximity services in a communication system. For example, a method for providing secure communications in a communications system comprises the following steps. At least one key is sent from at least one network element of an access network to a first computing device and at least a second computing device. The first computing device and the second computing device utilize the access network to access the communication system and are authenticated by the access network prior to the key being sent. The key is useable by the first computing device and the second computing device to securely communicate with one another when in proximity of one another without communications between the first computing device and the second computing device going through the access network.

Abstract: A product of prime numbers and a quadratic non-residue of one of the prime numbers are received as a public key from a first party. The product of prime numbers comprises a first group and the prime numbers respectively comprise a first sub-group and a second sub-group of the first group. Data of the first party is automatically encrypted bit-wise using a computerized device by encrypting first bit values of the data of the first party as quadratic residue and encrypting second bit values of the data of the first party as quadratic non-residue to produce a first intermediate number. The first intermediate number is automatically multiplied by the quadratic non-residue of the public key using the computerized device to complete encryption of the data of the first party. A square root of a value is received from a second party. The second party does not have the quadratic residue and the quadratic non-residue.

Abstract: A method for link setup includes sending a first authentication message including a user identifier to an access point (AP). A second authentication message sent by the AP according to the user identifier is received and includes an EAP method request message and a ANonce of the AP. A first PTK is generated according to the ANonce, an SNonce, and a first MSK. A third authentication message is sent to the AP. The third authentication message includes an EAP method response message, the SNonce, and a first MIC that is generated according to the first PTK. A fourth authentication message is sent by the AP when it authenticates, according to a second PTK, that the first MIC is correct. The fourth authentication message includes an EAP-Success message, configuration information configured by the AP for the terminal, and a second MIC. The second MIC is authenticated according to the first PTK.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser may split or share a data set into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting an original data set into portions of data that may be communicated using one or more communications paths. Secure workgroup communication is supported through the secure distribution and management of a workgroup key for use with the secure data parser.

Abstract: A method for protection of cloud computing includes homomorphic encryption of data. Partially or fully homomorphic encryption allows for data within the cloud to be processed without decryption. A partially or fully homomorphic encryption is provided. The proposed scheme can be used with both an algebraic and analytical approaches. A cloud service is implemented on a server. A client encrypts data using fully homomorphic encryption and sends it to the server. The cloud server performs computations without decryption of the data and returns the encrypted calculation result to the client. The client decrypts the result, and the result coincides with the result of the same calculation performed on the initial plaintext data.

Abstract: A method for transmitting data in a sensor network, which comprises at least one sensor node and a central processor, is provided. The at least one sensor node repeatedly transmits a status message comprising at least one unique identifier associated with the sensor node and a data value determined by the sensor node to the central processor. Furthermore, at least one secure value range message is provided to the central processor for the at least one sensor node, which message is valid for a particular time span and comprises at least bounds for valid data values. The value contained in the status message is further processed by the central processor only if the data value is within the bounds indicated in the value range message.

Abstract: Techniques are disclosed for secure and efficient communication from a source to a destination through an intermediary. The disclosed techniques employ a source-to-intermediary encryption algorithm to encrypt the communication from the source to the intermediary. The disclosed techniques also employ an intermediary-to-destination encryption algorithm to encrypt the communication from the intermediary to the destination. Thus, a more optimal encryption algorithm may be employed for communication between the intermediary and the destination, even if the more optimal encryption algorithm is not supported by the source. Also, a more optimal encryption algorithm may be employed for communication between the source and the intermediary, even if the more optimal encryption algorithm is not supported by the destination.

Abstract: A method for starting an application program in a Linux container and a corresponding Linux system are provided, where the method includes: creating, by a container start process, a container according to a command entered by a user, creating a first application start process, and putting the first application start process into the container for execution; obtaining, by the first application start process, according to the command entered by the user, the number N of application programs to be started, and creating N?1 second application start processes, where N is a positive integer not less than 2; and starting, in the container, by the first application start process and the N?1 second application start processes, the N application programs to be started. By using technical solutions of the present invention, when the container is created, a plurality of application programs can be started simultaneously.

Abstract: A microform imaging apparatus comprising a chassis including a microform media support structure configured to support a microform media within a plane substantially orthogonal to a first optical axis, a fold mirror supported along the first optical axis to reflect light along a second optical axis that is angled with respect to the first optical axis, a lens supported along one of the first and second optical axis, an area sensor supported along the second optical axis, a first adjuster for moving the area sensor along at least a portion of the second optical axis and a second adjuster for moving the lens along at least a portion of the one of the first and second optical axis.

Abstract: A method, system, apparatus and computer programs are disclosed to process content for an enterprise. The method includes reviewing, using at least one enterprise policy, content that is to be sent through a data communications network to a public service to determine if the content comprises secure data and, in response to identifying secure data, modifying the content to be sent to the public service such that a presence of secure data will be visually imperceptible when the content is rendered at the public service. The step of modifying can include steganographically embedding the secure data or a link to the secure data in a container such as image data.

Abstract: Systems, methods and computer readable memory devices for delivering a presentation are provided. In one example, a method includes communicatively coupling the host computing device to an external router, and establishing the closed wireless network using the router. An encrypted communication session is established via the closed wireless network with a plurality of client computing devices that each comprises a display. Each of the client computing devices is communicatively coupled to a virtual network server on the host computing device. Frame buffer data is retrieved from a storage subsystem of the host computing device. The frame buffer data is sent to each of the client computing devices to modify the display of each device.

Abstract: A device for controlling a service access authorization for a user device with regard to an access-restricted service includes a service access authorization provider, the service access authorization provider being configured to set a period of time in which the service access authorization is valid, responsive to an authorization message provided with a service-dependent user identifier, and the service access authorization provider being configured to disable an authorization allowing the service access authorization to be extended or reactivated using the previous service-dependent user identifier when at least a predetermined duration has passed since an end of a last authorization time interval for which a service access authorization was determined by the device.

Abstract: Aspects of this disclosure relate to filtering network data transfers. In some variations, multiple packets may be received. A determination may be made that a portion of the packets have packet header field values corresponding to a packet filtering rule. Responsive to such a determination, an operator specified by the packet filtering rule may be applied to the portion of packets having the packet header field values corresponding to the packet filtering rule. A further determination may be made that one or more of the portion of the packets have one or more application header field values corresponding to one or more application header field criteria specified by the operator. Responsive to such a determination, at least one packet transformation function specified by the operator may be applied to the one or more of the portion of the packets.

Abstract: Systems, apparatus and methods are described including operations for securing display output data against malicious software attacks.

Abstract: A system and method of protecting data on a communication device are provided. Data received when the communication device is in a first operational state is encrypted using a first cryptographic key and algorithm. When the communication device is in a second operational state, received data is encrypted using a second cryptographic key and algorithm. Received data is stored on the communication device in encrypted form.

Abstract: In one aspect, a method of determining a geographical location of a base station is provided. The base station is within a coverage area of a master base station and requests geographical location information from the master base station through a first Precision Time Protocol (PTP) management message. The base station receives the geographical location information from the master base station through a second PTP management message. In addition, the base station determines the geographical location of the base station from the geographical location information included in the second PTP management message.

Abstract: A method and a system for managing login using a cookie are described. The method includes receiving from a respective client system a request for document information, and receiving from the respective client system a cookie that identifies a plurality of user names logged into the server system from the respective client system. The plurality of logged-in user names includes a first user name and a second user name distinct from the first user name. The method also includes redirecting the received request to a location associated with a selected user name of the plurality of logged-in user names, and receiving the redirected request. The method furthermore includes, in response to the redirected request, processing the request as a request from the selected user name and sending to the respective client system document information corresponding to the request from the selected user name.

Abstract: In embodiments of the present invention improved capabilities are described for managing amendment voting in a networked secure collaborative computer data exchange environment, the method comprising establishing a secure exchange server-based environment between users of at least two business entities, the secure exchange server environment managed by an intermediate business entity, the users exchanging content, and providing an amendment voting facility when the content relates to a proposed amendment to an agreement wherein the amendment voting facility enables users to vote on the proposed amendment.

Abstract: A display apparatus including: a display device; an image processor processing an image signal received from an image source according to a preset image processing process to display an image on the display device; a connector to which an upgrade apparatus upgrades the image processing process is connected and to which a server is connected to communicate with; and a controller comparing a first pairing key with a second pairing key stored in the server and selectively allowing or blocking a booting operation according to a comparison result, the first pairing key being generated based on a pre-stored first identification of the display apparatus and a second identification of the upgrade apparatus obtained from the upgrade apparatus when the display apparatus starts booting up.

Abstract: An information processing apparatus executes an application program including an application resource and a runtime. The information processing apparatus includes a memory, and a processor that executes a procedure in the memory. The procedure includes generating a process space in the memory to invoke the application program, loading the runtime into the process space, loading the application resource into the process space into which the runtime is loaded, generating a process of the application program based on the application resource and the runtime which are loaded into the process space, and executing the process of the application program.

Abstract: A way of providing seamless remote data storage and access with a universal encryption key is provided. Data may be able to be uploaded from and/or downloaded to a variety of user devices and/or types of user devices. During transfer of data, a secure communication channel may be established between a user device and a destination storage. Data may be compressed and/or encrypted before being passed to the destination storage. Such compression and/or encryption may be performed at the user device or an intermediate processing module. Likewise, when downloading data, the data may be decompressed and/or decrypted before being made available to a destination user device. Such decompression and/or decryption may be performed at the destination device or the intermediate processing module. In any case, the universal encryption key may be utilized by all user devices to generate uniformly encrypted data.

Abstract: A system and method for modifying the carrier frequency of first and second signals associated with first and second sequences, respectively, of consecutive time intervals, comprises: first means determining two carrier frequencies respectively associated with each of the two signals based on one time interval or at least two consecutive and continuous time intervals, said time interval(s) belonging to a sequence of consecutive time intervals of known duration; and second means determining a first time interval or at least two first consecutive time intervals belonging to the first sequence, based on a second time interval belonging to the second sequence, by establishing a temporal correspondence between each end of said time interval of said second sequence and an interval of said first sequence including this end. The first means determines said carrier frequencies based on one time interval or at least two consecutive time intervals, belonging to said first sequence.

Abstract: A home system is provided. In a method of executing an application, information for executing the application is received from a device when accessing of the device is sensed, and the application is executed based on the received information. Accordingly, when a user merely brings a wireless guest device near to or in contact with an access point or a wired home device, it is possible to allow the wireless guest device to simultaneously automatically set an optimum security environment for a wireless network and execute an application that the user desires.

Abstract: The disclosed computer-implemented method for deploying applications included in application containers may include (1) identifying an application container that includes an application and facilitates transferring the application to a deployment environment, (2) performing a reconnaissance analysis on the deployment environment by identifying one or more properties of the deployment environment, (3) determining, based at least in part on the reconnaissance analysis, that the deployment environment meets a predetermined threshold of requirements for securely executing the application, and then (4) transferring the application included in the application container to the deployment environment in response to determining that the deployment environment meets the predetermined threshold. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and system for selecting at a terminal at least one of a plurality of available access networks for use with a wireless application invoked at the terminal according preferences associated with the wireless application, the network service provider, the subscriber, the subscriber subscription and application content provider. The selection may be constrained by an Application Policy received from a network service provider.

Abstract: A method implemented by a set top box that encrypts communications for a channel stacking switch (CS) using a public key of the CSS, the method comprising: obtaining a message from a head end; extracting electronic counter measure (ECM) data from the message; sending the ECM data to the CSS; receiving, in response to the sending, a new public key of the CSS; encrypting communications for the CSS using the new public key of the CSS. Also, a method for implementation by a CSS, comprising: maintaining a private key and a public key; obtaining ECM data sent by a set top box in communication with the CSS; obtaining an identifier of the CSS; formulating a new public key based on the private key, the identifier and the ECM; rendering the new public key available to the set top box.

Abstract: A method for providing control plane encryption in layer 3 networks is disclosed. The method for providing control plane encryption in layer 3 networks includes for a network having a subset of network elements forming a secured domain; the steps of at a network element which is in the secured domain, encrypting all unencrypted Layer 3 packets as they egress an encryption enable egress interface; unencrypting all encrypted Layer 3 packets as they egress an egress interface is not enabled for encryption; and leaving encrypted all encrypted Layer 3 packets as they egress an encryption enable egress interface. A system and machine readable storage media are also disclosed.

Abstract: A system and method for routing and delivering pre-fetched assets/media, such as a digital image, is provided. The present invention is directed to a system that allows for two digital images to be pre-fetched or otherwise transferred concurrently from two separate source devices to virtually expand the bandwidth and increase the efficiency of the transfer. The system also allows image enhancements to be made in a distributed manner either by a source or destination device, or by both. The invention further provides a method of efficiently delivering multiple versions of a single image to a destination device. An asset ranking system is also provided that takes into consideration the frequency at which the digital image is accessed and the number of source devices that that the digital image is stored within.

Abstract: A client credentials data structure, a method of employing the same and a secure client-server communication system employing the data structure or the method. One embodiment of the data structure is associated with a client and includes: (1) a pre-provisioned set of credentials configured to register the client with a server, (2) a standard user set of credentials employable for secure client-server communication, and (3) a re-acquisition token combinable with the pre-provisioned set of credentials to allow the client to re-register the client with the server.

Abstract: A highly scalable application network appliance is described herein. According to one embodiment, a network element includes a switch fabric, a first service module coupled to the switch fabric, and a second service module coupled to the first service module over the switch fabric. In response to packets of a network transaction received from a client over a first network to access a server of a data center having multiple servers over a second network, the first service module is configured to perform a first portion of OSI (open system interconnection) compatible layers of network processes on the packets while the second service module is configured to perform a second portion of the OSI compatible layers of network processes on the packets. The first portion includes at least one OSI compatible layer that is not included in the second portion. Other methods and apparatuses are also described.

Abstract: A method of managing a virtual computer in a computer system including a plurality of computers, each of the computer storing a program for realizing a virtualization management module for managing a virtual computer, including a management storage area that is accessible only by the virtualization management module, storing start-up management information representing a correspondence among identification information on the virtual computer, identification information on a logical storage area storing a service program, and start-up authentication information for starting the virtual computer. The method including: a step of referring to the start-up management information to determine whether the start-up authentication information corresponding to the virtual computer exists, in a case of receiving a start-up request; a step of reading the service program from the logical storage area and executing the read service program, in a case of being determined the start-up authentication information exists.

Abstract: Some embodiments provide a program that synchronizes a keychain stored on a device with a set of other devices. The keychain includes a set of keychain items. The program receives (1) a list of keychain items for updating the keychain stored on the device and (2) data representing the keychain items specified in the list of keychain items. For each keychain item in the list of keychain items, the program updates the keychain stored on the device with the data that represents the keychain item.

Abstract: One example discloses a data manager of a data collector (DCDM) executing on a virtual machine for managing sensitive data. The DCDM can have a conformance certificate that characterizes functionality of the DCDM. The DCDM can request sensitive data from a data subject, wherein the request for the sensitive data includes the conformance certificate. The DCDM can further receive, in response to the request, the sensitive data encrypted with an encrypted secret key. The secret key can be decrypt-able with a private key stored at a trusted platform module for the data collector (DCTPM).