Abstract: System and method embodiments are provided for accessing a wireless network. The embodiments enable establishing and releasing session resources in a wireless local area network (WLAN) corresponding to packet data network (PDN) connections in a 3 GPP enhanced packet core (EPC). In an embodiment, a method in a network component for establishing a control channel with a user equipment (UE) includes setting up, by the network component, a link layer channel, sending, by the network component, an identifier of the link layer channel to the UE; and communicating, by the network component, with the UE over the link layer channel using a WLAN control protocol (WLCP), wherein the WLAN comprises a trusted WLAN Access Network (TWAN).

Abstract: System and method embodiments are provided for segment integrity and authenticity for adaptive streaming. In an embodiment, the method includes receiving at a data processing system a segment of a media stream, determining, with the data processing system, a digest or a digital signature for the segment, and comparing, with the data processing system, the digest/digital signature to a correct digest or a correct digital signature to determine whether the segment has been modified.

Abstract: A system that incorporates the subject disclosure may perform, for example, receiving a baseline credential and an external credential, mapping the external credential to the baseline credential in a secure element memory, receiving a request for an authentication from a secure device processor of the communication device where the request for the authentication includes a user credential inputted into the communication device, comparing the user credential with the baseline credential to verify the authentication, and providing the authentication and the external credential to the secure device processor without providing the baseline credential to enable the secure device processor to provide the external credential to an external entity device that is remote from the communication device. Other embodiments are disclosed.

Abstract: A method and apparatus for delaying responses to requests in a server are described. Upon receipt, from a client device, of a first request for a resource at a first location, a response that includes a redirection instruction to a second location is transmitted. The response includes a first number of redirects to be completed prior to the first request being fulfilled. Upon receipt of a following request including a number of redirects, the remote server determines whether the number of redirects has been performed. When the number of redirects has not been performed the transmission of the redirection instruction is repeated with a number of redirects smaller than the first number of redirects until the receipt of a request indicating that the number of redirects has been performed. When the number of redirects has been performed the request is fulfilled.

Abstract: Systems and methods for account security are provided. In one example embodiment, a first login request including a username and a password is analyzed to identify a first internet protocol (IP) address and a first request time associated with the first login request. A login history comprising login request data for the server computer is analyzed to identify a plurality of usernames, wherein each username of the plurality of usernames is associated with a corresponding login request from the first IP address within a threshold time period of the first request time. In response to determining a login success ratio is below a threshold login success ratio and a number of unique usernames in the analyzed data is above the unique username threshold, the system automatically performs a security action.

Abstract: One method for managing encryption includes identifying an available or a secure mode. During restarts a passphrase must be entered in secure mode but not in available mode. Further, a master key is created for encrypting volume keys, where master and volume encryption keys are not stored in non-volatile memory (NVRAM) nor in disk storage. A half-key is created by encrypting the master key with a secure key, the secure key and the encrypted volume encryption keys being stored in disk storage. The half-key is stored in NVRAM only in available mode but not in secure mode. The master key is recreated during a restart when operating in the available mode by decrypting the NVRAM half-key with the secure key from disk storage. Further, the passphrase must be entered by an operator to recreate the half-key and the master key during a restart in the secure mode.

Abstract: An output method and an output device are provided. The output method includes the following steps. A first electronic device sends a file to a server and generates a piece of verification information corresponding to the file. A second electronic device receives the piece of verification information and displays the piece of verification information on screen. An output device reads the piece of verification information displayed by the second electronic device, and obtains the file from the server according to the piece of verification information so as to output a paper document of the file.

Abstract: A method, performed by an authentication processor of a first network device, includes receiving a first message through a network interface circuit from a second network device. The first message contains a first data unit to be operated upon by the first network device. A second message is received through the network interface circuit from the second network device. The second message contains a reported authentication token for the second network device and a second data unit to be operated upon by the first network device. The first message is received before receipt of the second message. A check authentication token is generated based on hashing the first data unit. A command that controls operation of the first network device is selectively performed on the second data unit based on whether the check authentication token matches the reported authentication token.

Abstract: Embodiments relate to providing a secure management agent for high-availability continuity for cloud systems. An aspect includes receiving operating parameters and threshold settings for a plurality of computing clouds. Secure relationships are established with the plurality of computing clouds based on the operating parameters. Data is mirrored across the plurality of computing clouds. Threshold data is then monitored for the plurality of computing clouds to maintain a continuity of resources for the plurality of computing clouds.

Abstract: A method and system for protecting the integrity of a memory system. An age counter and an opportunity counter are provided for each of multiple memory blocks. An epoch counter is provided for the memory system. Data is written in a selected memory block which increases the local sequence number of the selected memory block. The opportunity counter for the selected memory block is updated if the local sequence number of the selected memory block rolls over. A message authentication code (MAC) is generated in the selected memory block based on a global sequence number and the local sequence number. The age counter and the opportunity counter are updated for memory blocks when the opportunity counter for the memory blocks matches the LSB of the epoch counter. A new MAC is generator for any memory block for which the updating is performed.

Abstract: Embodiments relate to providing a secure management agent for high-availability continuity for cloud systems. An aspect includes receiving operating parameters and threshold settings for a plurality of computing clouds. Secure relationships are established with the plurality of computing clouds based on the operating parameters. Data is mirrored across the plurality of computing clouds. Threshold data is then monitored for the plurality of computing clouds to maintain a continuity of resources for the plurality of computing clouds.

Abstract: Systems and methods for disabling one or more plugins associated with a browser application are provided. In one exemplary method, a plugin is installed on an electronic device, and the device receives data from a data source, where that data is associated with the installed plugin. Whether the installed plugin meets a disabling criteria is determined. In accordance with a determination that that the installed plugin meets a disabling criteria: performance of a function with the installed plugin is foregone; and it is reported to the data source that the installed plugin is not installed on the electronic device. In accordance with a determination that the installed plugin does not meet the disabling criteria, the function is performed with the installed plugin.

Abstract: The real-time cyber threat indicator verification mechanism technology (hereinafter “TIVM”) instantiates one or more virtual client emulators to access a source of a threat, in response to a received threat indicator, so as to evaluate validity and/or severity of the potential threat. In one embodiment, the TIVM may receive a cyber threat indicator having identifying information of a cyber threat source; instantiate, in response to the cyber threat indicator, a virtual client emulator; send a control message to cause the virtual client emulator to interact with the cyber threat source based on the identifying information; obtain a confidence indicator relating to the cyber threat indicator based on interaction between the virtual client emulator and the cyber threat source; and generate a cyber threat indicator confirmation report including the confidence indicator.

Abstract: A secure and change-tolerant method for obtaining an identifier for a collection of assets associated with a computing environment. Each asset has an asset parameter and the computing environment has a fingerprint based on an original collection of assets and on a codeword generation algorithm on the original collection of assets. The method comprises: retrieving the asset parameters of the collection of assets and processing the retrieved asset parameters to obtain code symbols. An error-correction algorithm is applied to the code symbols to obtain the identifier. The method can be used in node-locking.

Abstract: In one embodiment, a data storage client may establish a virtual replay protected storage system with an agnostic data storage. The virtual replay protected storage system may maintain a trusted counter and a secret key in a trusted client environment. The virtual replay protected storage system may encode a hash message authentication code signature based on the trusted counter, the secret key, and a data set. The virtual replay protected storage system may send a write request of the data set with the hash message authentication code signature to an agnostic data storage.

Abstract: A technique allows a client computer with a web browser to receive a web page having active content in response to transmitting a request for content. The active content includes a signature and a set of attributes associated with a web domain. The web browser can interpret the signature and the set of attributes as formatted in the active content. Validation of the signature and the set of attributes can be in a secure mode through a secure enclave module.

Abstract: Systems and methods of managing the security of a networked environment based on activity associated with deployed pseudo-accounts are presented. In one embodiment, a plurality of pseudo-accounts are deployed in one or more networks, domains, or virtual machines and activity associated with the pseudo-accounts is collected to identify security risks to facilitate remediation and mitigation.

Abstract: A physical unclonable function (PUF) imaged through two faces is disclosed. The PUF is difficult to counterfeit because the view through both faces must be duplicated for a successful counterfeit. PUF may be incorporated into a user-replaceable supply item for an imaging device. A PUF reader may be incorporated into an imaging device to read the PUF. Other systems and methods are disclosed.

Abstract: A system for detecting user credentials comprising an interface and a processor. The interface is configured to receive a plurality of data chunks. The processor is configured to determine a number of continuous bytes in the plurality of data chunks having appropriate values and, in the event that the number of the continuous bytes is greater than or equal to a threshold number of bytes, determine whether continuous byte data of the continuous bytes comprises a credential.

Abstract: Disclosed are various embodiments for distributed generation of network pages from portions of network pages. A first request for a network page is obtained. A second request for a network page portion is sent to a server application. The second request includes a protocol header that specifies a base uniform resource locator (URL). The network page portion is obtained from the server application. The network page portion is based at least in part on the base URL. The network page is generated from the network page portion and other data.

Abstract: A method for controlling actions for browser extensions includes registering, at a browser process module, a list of one or more rules from a browser extension, where the rules define one or more conditions and one or more corresponding actions to take when the conditions are satisfied. A renderer process module that is in communication with the browser process module applies the conditions to content of web pages rendered in the browser application. The renderer process module determines whether any of the conditions are satisfied by the content of the web pages rendered in the browser application using the renderer process module. The browser process module or the renderer process module performs the actions defined in the rules in response to at least one of the conditions defined in the rules being satisfied.

Abstract: One embodiment provides a system that facilitates efficient and secure transportation of content. An intermediate node receives a packet that corresponds to a fragment of a content object message that is fragmented into a plurality of fragments. One or more fragments of the plurality of fragments indicate a unique name that is a hierarchically structured variable-length identifier that comprises contiguous name components ordered from a most general level to a most specific level. The received fragment indicates an intermediate state which is based on a hash function performed on an intermediate state from a previous fragment and data included in the received fragment. In response to determining that the received fragment is a first fragment, the system identifies a first entry in a pending interest table for an interest with a name that is based on a hash of a content object and that corresponds to the first fragment.

Abstract: Stacked tab views are described. A computing device can display multiple content panes in a web browser window. Each content pane can correspond to a different web site. The content panes can be arranged in a visual stack, where content pane are positioned one in front of another in a three-dimensional view. In the three-dimensional view, a distance between content panes can appear to separate the content panes. Each content pane can display snapshot image of content of a web site. The content panes can be used in place of tabs for navigating between web pages.

Abstract: Systems and techniques are provided for trust agents. Trust agents may be enabled. A state determination may be received from each of the enabled trust agents. The state determination may indicate either a trusted state or an untrusted state. The received state determinations may be combined to determine a security state. A security measure may be enabled or disabled based on the determined security state.

Abstract: Features are disclosed for facilitating remote management of browser add-ons on multiple user computing devices from a centralized add-on management system. A browser application on the user computing devices may include an integrated application programming interface that can be remotely accessed by the add-on management system. In some embodiments, a management add-on or some other object that is separate from or otherwise not integrated with the browsing application may be used to facilitate the remote management of add-ons. Management of add-ons may include permitting and/or blocking installation and/or execution of particular add-ons on a case-by-case basis. The determination may be based on user permissions, add-on characteristics, observed execution of add-ons, and the like.

Abstract: A method and apparatus for authenticating packets in a controller area network (CAN) are disclosed. The method includes transmitting messages using a mixture of message authentication codes (MACs) in a controller area network (CAN). In addition, a first MAC is generated using a first message and the first MAC is divided into a first MAC part and a second MAC part. A second MAC is generated using a second message and the second MAC is divided into a third MAC part and a fourth MAC part. A linear operation is performed between the second MAC part and the third MAC part to generate a first authentication MAC. The first message is transmitted with the first MAC part and the second message is transmitted with the first authentication MAC.

Abstract: In one embodiment, a layered/distributed grid-specific network services system comprises grid sensors in the utility grid configured to generate grid data values such as raw grid data values, processed grid data values, and/or any combination thereof, and to communicate the grid data values using a communication network. Distributed grid devices in the utility grid may be configured to receive the grid data values, and one or more of the grid devices may be configured to convert raw grid data values into processed grid data values. Application devices in the utility grid may be configured to access the grid data values from the distributed grid devices, and to further process the grid data values according to a particular grid application operating at the corresponding application device into application data values.

Abstract: An example method includes receiving an indication of a selection of a first application environment that includes a first virtual environment associated with a first security domain and is configured to isolate execution of software applications within the first application environment, suspending execution of a second application environment that includes a second virtual environment associated with a second security domain different from the first security domain, initiating execution of the first application environment, identifying information associated with the first security domain and provided by the first application environment that is to be sent to an external computing device associated with the first security domain, selecting communication network(s) from one or more communication networks that are each available to the mobile computing device for data communication, encrypting, based on the first security domain and network(s), the information, and sending, to the external computing device via

Abstract: An anomaly detection system is provided in connection with a transport service. The anomaly detection system can construct routine route profiles for individual users of the transport service using historical route data. The anomaly detection system can monitor a current route traveled by a user. The anomaly detection system can further identify a matching routine route profile of the respective user. The anomaly detection system can utilize the matching routine route profile to identify a probable anomaly in the current route. In response to detecting the probable anomaly, the anomaly detection system can enable a safety protocol to perform a number of actions.

Abstract: Techniques are generally described for user authentication. Example techniques may include providing a data set including audio data and image data, wherein the audio data includes voice recordings of multiple people, wherein the image data includes at least a facial image of at least one of the multiple people, receiving a response to the data set from a user device, and determining whether the received response corresponds to at least a part of content of the voice recording of the one of the multiple people whose facial image is included in the image data.

Abstract: A music distribution server according to an embodiment provides a service in which users can easily enjoy digital contents. The server may include an information storage unit storing various tables and data bases, a playback transmission unit transmitting, in response to playback requests, music data to a terminal device in a streaming method, and a purchase transmission unit transmitting, in response to a purchase request, the music data to the terminal device in a downloading method, a ticket possession status update unit updating a possession status of virtual tickets used for playback of the music data possessed by users, a ticket providing unit providing the virtual tickets to users, a comment management unit managing users' comments on music pieces, a recommendation management unit managing recommendation of music pieces by one user to other users, and a ticket offer management unit offering the virtual tickets from one user to other users.

Abstract: The backup-in-the-middle primary-backup configuration is created by placing a backup-in-the-middle forwarder in the routing path between the primary and the environment. The backup-in-the-middle forwarder intercepts output messages along with required state information sent by the primary to the environment. The backup-in-the-middle forwarder backs up the primary by updating its state information and forwards the output packets to the environment.

Abstract: Methods and apparatus for validating a system include reading protected record data for a section of the system from a secure storage element, and verifying integrity of the section of the system using the record data. The secure storage element independently verifies that all record data and data to be written to the system is valid.

Abstract: An encryption method for packaging, encrypting, and transmitting a plurality of contents included in a web application to a communication device, the encryption method includes: acquiring performance information relating to performance of the communication device; determining, by circuitry, an encryption algorithm to be applied to each of the plurality of contents, based on the performance information; performing first encryption processing on the plurality of contents using the encryption algorithm respectively; performing second encryption processing on identification information that identifies the encryption algorithm used for the plurality of contents respectively; packaging encrypted contents and encrypted identification information, the encrypted identification information being stored in a location specified by the communication device; and transmitting the encrypted contents and the encrypted identification information, which are packaged, to the communication device.

Abstract: Described herein is a computing platform incorporating a trusted entity, which is controllable to perform cryptographic operations using selected ones of a plurality of cryptographic algorithms and associated parameters, the entity being programmed to record mode of operation information, which is characterized by the algorithms and associated parameters that are selected to perform an operation.

Abstract: Systems and methods for account security are provided. In one example embodiment, a first login request including a username and a password is analyzed to identify a first internet protocol (IP) address and a first request time associated with the first login request. A login history comprising login request data for the server computer is analyzed to identify a plurality of usernames, wherein each username of the plurality of usernames is associated with a corresponding login request from the first IP address within a threshold time period of the first request time. In response to determining a login success ratio is below a threshold login success ratio and a number of unique usernames in the analyzed data is above the unique username threshold, the system automatically performs a security action.

Abstract: A system includes a processor configured to execute a web browser in a first browser execution process initiated by an operating system of the system. The system includes a browser extension installed in the web browser, the browser extension including a markup language file and a file specifying at least one type of action related to a page element on which the browser extension seeks to act. The web browser may be configured to receive a set of rules from a web publisher associated with a first web page prior to rendering the first web page, determine based on the file, without loading the browser extension, that the browser extension is configured to implement a first action prohibited by the set of rules, and restrict the browser extension from implementing the first action on the first web page.

Abstract: A method and apparatus for encrypted universal resource identifier (URI) based messaging is described. In one embodiment of the method, a server computing system receives an encrypted message from a first client computing system over a network, decrypts the encrypted message, stores the decrypted message in a message data store, and generates a shortened uniform resource locator (URL) for subsequent retrieval of the stored message. The server computing system sends the shortened URL to the first client computing system. Subsequently, the server computing system receives from a requesting computing system, a request, including the shortened URL, to retrieve the stored message, encrypts the stored message in a uniform resource identifier (URI) with an encryption type URI, and sends the encrypted URI to the requesting computing system.

Abstract: A Web page vulnerability detection method and apparatus are described, where the method can receive a vulnerability detection task for performing vulnerability detection on a to-be-detected target Web page; acquiring a configuration file corresponding to the vulnerability according to the vulnerability detection task. The vulnerability detection task being is at least used to indicate a vulnerability that needs to be detected, and the configuration file includes a matching condition used to match the to-be-detected target Web page in to-be-detected Web pages and indication information of a test sample used to perform vulnerability detection on the to-be-detected target Web page. The method also detects whether the vulnerability indicated by the configuration file exists on the to-be-detected target Web page by using the configuration file.

Abstract: A method and apparatus for delaying responses to requests in a server are described. Upon receipt, from a client device, of a first request for a resource at a first location, an identification of a second server is performed. A response that includes a redirection instruction to a second location is transmitted. The response includes a first number of redirects to be completed prior to the first request being fulfilled. Upon receipt of a following request including a number of redirects, the remote server determines whether the number of redirects has been performed. When the number of redirects has not been performed the transmission of the redirection instruction is repeated with a number of redirects smaller than the first number of redirects until the receipt of a request indicating that the number of redirects has been performed. When the number of redirects has been performed the request is fulfilled.

Abstract: Disclosed are a method, device, and system for implementing network access, and a network system. The method comprises: in the case that a terminal requests to access a webpage, a server determining content of the webpage that the terminal requests to access; and the server searching for a webpage, used as a reference webpage, with relevant content matching the content of the webpage, and providing information of the found reference webpage for the terminal. The present invention can enable a user terminal to obtain multiple associated access results by performing webpage access once.

Abstract: A content access request from a first computing device for a digital content can be received. The content associated with request can be a digital content associated with a second computing device. A facial biometric identification challenge can be conveyed to the first computing device. The conveying can trigger the capture of a digital self-portrait photograph of a portion of a face of a user associated with the first computing device. A facial biometric of the face of a user within the digital self-portrait photograph can be compared to facial features of human faces within historic digital media associated with a different user. When the facial biometric matches a facial biometric within historic digital media, the digital content associated with the content access request can be conveyed to the first computing device.

Abstract: A system for detecting user credentials comprising a data chunker, a data chunk storage, a bytewise checker, a bit counter, and a credential checker. The data chunker is for determining a data chunk. The data chunk storage is for storing the data chunk. The bytewise checker is for checking that each byte of the data chunk comprises an appropriate value. The bit counter is for: determining a continuous number of bytes greater than or equal to the threshold byte value; and in the event the continuous number of bytes is greater than or equal to a threshold number of bytes, determining a credential address range corresponding to the continuous number of bytes. The credential checker is for determining whether data stored in the data chunk storage corresponding to the credential address range comprises a credential.

Abstract: The invention provides a computer-implemented method of analyzing symbols in a computer system, the symbols conforming to a specification for the symbols, in which the specification has been codified into a set of computer-readable rules; and, the symbols analyzed using the computer-readable rules to obtain patterns of the symbols by determining the path that is taken by the symbols through the rules that successfully terminates, and grouping the symbols according to said paths, the method comprising; upon receipt of a message at a computer, performing a lexical analysis of the message; and, in dependence on lexical analysis of the message assigning the message to one of the groups identified according to said paths. The invention also provides a computer programmed to perform the method and a computer program comprising program instructions for causing a computer to perform the method.

Abstract: A system and a method transmit data in a first codec from a first terminal to a second terminal. The first terminal establishes a connection with the second terminal and/or transmits, transfers and/or sends the data to the second terminal via the connection between the first terminal and the second terminal. The connection between the first terminal and the second terminal has a first channel and/or a second channel to transmit the data from the first terminal to the second terminal. The first terminal transmits the data in a first codec to the second terminal via the first channel and/or the second channel of the connection without receiving capabilities of and/or intentions from the second terminal. The second terminal may be incapable of receiving, of processing, of accepting and/or of displaying the data in the first codec. The capabilities of and/or the intentions from the second terminal is transmitted to the first terminal via the connection.

Abstract: The real-time cyber threat indicator verification mechanism technology (hereinafter “TIVM”) instantiates one or more virtual client emulators to access a source of a threat, in response to a received threat indicator, so as to evaluate validity and/or severity of the potential threat. In one embodiment, the TIVM may receive a cyber threat indicator having identifying information of a cyber threat source; instantiate, in response to the cyber threat indicator, a virtual client emulator; send a control message to cause the virtual client emulator to interact with the cyber threat source based on the identifying information; obtain a confidence indicator relating to the cyber threat indicator based on interaction between the virtual client emulator and the cyber threat source; and generate a cyber threat indicator confirmation report including the confidence indicator.

Abstract: Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay (“overlay”) are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member.

Abstract: A variety of techniques for performing identity verification are disclosed. As one example, a verification request is received from a remote user. The verification request pertains to a cryptographic key. In response to receiving a confirmation from a local user of the local device, a verification process is initiated. A result of the verification process is transmitted to the remote user. As a second example, a verification request can be received at the local device, from a local user of the device. A verification process with respect to the local user is initiated, and a result of the verification process is transmitted to a remote user that is different from the local user.

Abstract: Systems and methods embedding a guest module within an embedder module are disclosed. According to some aspects, an embedder module is executed at a computer. A request to access a guest module is received via the embedder module. The request comprises a tag in a programming language. The tag identifies the guest module. An event is provided, using information associated with the tag, to an executing instance of the guest module responsive to the request to access the guest module. Processing of the event at the executing instance of the guest module is signaled.

Abstract: A method, computer readable medium, and device for providing authenticated domain name service includes forwarding at a traffic management device a request for a domain name from a client device to one or more servers coupled to the traffic management device. The traffic management device receives a first response comprising at least a portion of the domain name from the one or more servers. The traffic management device attaches a first signature to the first response when the first response is determined by the traffic management device to be an unauthenticated response, and provides the first response with the first signature to the client device.