Abstract

A computer system with multiple security levels, the system comprising a high-power processing device (130), a low-power processing device (110), and an interface unit (120) comprising functions for moving classified information between the high-power device (130) and the low-power device (110) according to formal rules for confidentiality and/or integrity. Additional security aspects, e.g. availability, may readily be accommodated. A method for implementing multiple levels of security along a number of independent security axes on the system is also disclosed.

IPC Classes  ?

• G06F 21/60 - Protecting data
• G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
• G06F 21/78 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Abstract

A computer system with multiple security levels, the system comprising a high-power processing device (130), a low-power processing device (110), and an interface unit (120) comprising functions for moving classified information between the high-power device (130) and the low-power device (110) according to formal rules for confidentiality and/or integrity. Additional security aspects, e.g. availability, may readily be accommodated. A method for implementing multiple levels of security along a number of independent security axes on the system is also disclosed.

IPC Classes  ?

• G06F 21/60 - Protecting data
• G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
• G06F 21/78 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Abstract

Systems and methods for providing security services during a power management mode are disclosed. In some embodiments, a method comprises detecting with a mobile security system a wake event on a mobile device, providing from the mobile security system a wake signal, the providing being in response to the wake event to wake a mobile device from a power management mode, and managing with the mobile security system security services of the mobile device. Managing security services may comprise scanning a hard drive of the mobile devices for viruses and/or other malware. Managing security services may also comprise updating security applications or scanning the mobile device for unauthorized data.

IPC Classes  ?

• G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
• G06F 1/3209 - Monitoring remote activity, e.g. over telephone lines or network connections
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• H04L 9/40 - Network security protocols
• H04W 12/06 - Authentication
• H04W 12/062 - Pre-authentication
• G06F 8/61 - Installation

Abstract

A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.

IPC Classes  ?

• H04L 9/40 - Network security protocols
• H04L 61/25 - Mapping addresses of the same type

Abstract

Outbound traffic of a host application may be received from a host device having a host processor. The secure resource may be configured to provide a secure transaction based on the outbound network traffic. Using a second processor different than the host processor, it may be determined whether the host application is authorized to provide the outbound network traffic to the secure resource. The outbound network traffic may be allowed to be forwarded to the secure resource if the host application is authorized. The outbound network traffic may be disallowed to be forwarded to the secure resource if the host application is not authorized.

IPC Classes  ?

• H04L 9/40 - Network security protocols
• G06F 21/34 - User authentication involving the use of external additional devices, e.g. dongles or smart cards
• G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
• G06F 21/60 - Protecting data

Abstract

Systems and methods for implementing content, streaming, and network security inside a chip or inside a computing device are disclosed. In exemplary embodiments, a system comprises a communication chip and a second processor. The communication chip comprises a router and security instructions. The router is configured to intercept untrusted data between a network, and a first router. The second processor is configured to receive the untrusted data from the router, process the untrusted data with the security instructions to produce trusted data, and provide the trusted data to the router.

IPC Classes  ?

• G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
• G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
• H04L 9/40 - Network security protocols
• H04W 12/12 - Detection or prevention of fraud
• H04W 12/128 - Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
• H04W 12/08 - Access security

Abstract

A system may include a traffic interception module configured to intercept network traffic of a host device. A traffic virtualization module may be configured to generate a virtual file on the host device containing the intercepted network traffic. A security system interface module may be configured to provide the virtual file to a secure digital security system over a virtualized file interface coupling the host device to the secure digital security system, and to receive instructions to allow or to deny the network traffic from the secure digital security system over the virtualized file interface. A traffic access management module may be configured to allow or to deny the network traffic based on the instructions.

IPC Classes  ?

• H04L 9/40 - Network security protocols

Abstract

A computer system with multiple security levels, the system comprising a high-power processing device (130), a low-power processing device (110), and an interface unit (120) comprising functions for moving classified information between the high-power device (130) and the low-power device (110) according to formal rules for confidentiality and/or integrity. Additional security aspects, e.g. availability, may readily be accommodated. A method for implementing multiple levels of security along a number of independent security axes on the system is also disclosed.

IPC Classes  ?

• G06F 21/60 - Protecting data
• G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
• G06F 21/78 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Abstract

A method comprises detecting with a mobile security system a wake event on a mobile device, providing from the mobile security system a wake signal, the providing being in response to the wake event to wake a mobile device from a power management mode, and managing with the mobile security system security services of the mobile device. Managing security services may comprise scanning a hard drive of the mobile devices for viruses and/or other malware. Managing security services may also comprise updating security applications or scanning the mobile device for unauthorized data.

IPC Classes  ?

• H04L 9/40 - Network security protocols
• G06F 1/3209 - Monitoring remote activity, e.g. over telephone lines or network connections
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
• H04W 12/06 - Authentication
• H04W 12/062 - Pre-authentication
• G06F 8/61 - Installation

Abstract

A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

IPC Classes  ?

• G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• H04L 9/40 - Network security protocols
• H04W 12/128 - Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
• H04W 12/00 - Security arrangementsAuthenticationProtecting privacy or anonymity
• H04W 12/12 - Detection or prevention of fraud

Abstract

A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

IPC Classes  ?

• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• H04L 9/40 - Network security protocols
• H04W 12/128 - Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
• H04W 12/00 - Security arrangementsAuthenticationProtecting privacy or anonymity
• H04W 12/12 - Detection or prevention of fraud

Abstract

A system may include a traffic interception module configured to intercept network traffic of a host device. A traffic virtualization module may be configured to generate a virtual file on the host device containing the intercepted network traffic. A security system interface module may be configured to provide the virtual file to a secure digital security system over a virtualized file interface coupling the host device to the secure digital security system, and to receive instructions to allow or to deny the network traffic from the secure digital security system over the virtualized file interface. A traffic access management module may be configured to allow or to deny the network traffic based on the instructions.

IPC Classes  ?

• H04L 9/40 - Network security protocols

Abstract

Systems and methods for implementing content, streaming, and network security inside a chip or inside a computing device are disclosed. In exemplary embodiments, a system comprises a communication chip and a second processor. The communication chip comprises a router and security instructions. The router is configured to intercept untrusted data between a network, and a first router. The second processor is configured to receive the untrusted data from the router, process the untrusted data with the security instructions to produce trusted data, and provide the trusted data to the router.

IPC Classes  ?

• G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
• H04L 9/40 - Network security protocols
• G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
• H04W 12/128 - Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
• H04W 12/12 - Detection or prevention of fraud
• H04W 12/08 - Access security

Abstract

A secure data exchange system comprising a security device including a first external device plug, and a security engine operative to enforce a security policy on data transfer requests received from the host; an external device including a second external device plug; and a host including a first external device port operative to communicatively couple with the first external device plug, a second external device port operative to communicatively couple with the second external device plug, and a driver, e.g., a redirect driver, operative to transfer a data transfer request to the security device before executing the data transfer request.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• H04L 9/40 - Network security protocols
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• G06F 21/71 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
• G06F 13/38 - Information transfer, e.g. on bus
• G06F 13/42 - Bus transfer protocol, e.g. handshakeSynchronisation
• G06F 21/85 - Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices

Abstract

A method comprises detecting a removable media device being coupled to an external device port of a digital device having an operating system and a file system, authenticating a password to access the removable media device, causing redirection code to be temporarily generated on the digital device, intercepting with the redirection code a data request, determining to allow the data request based on a security policy, allowing the operating system or file system to provide the data based on the determination, detecting the removable media device being removed from the digital device; and terminating the at least a portion of the redirection code.

IPC Classes  ?

• G06F 21/31 - User authentication
• H04L 9/40 - Network security protocols
• G06F 21/55 - Detecting local intrusion or implementing counter-measures
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
• G06F 21/52 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure

Abstract

A computer system with multiple security levels, the system comprising a high-power processing device (130), a low-power processing device (110), and an interface unit (120) comprising functions for moving classified information between the high-power device (130) and the low-power device (110) according to formal rules for confidentiality and/or integrity. Additional security aspects, e.g. availability, may readily be accommodated. A method for implementing multiple levels of security along a number of independent security axes on the system is also disclosed.

IPC Classes  ?

• G06F 21/60 - Protecting data
• G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
• G06F 21/78 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Abstract

A digital content marketplace filter engine may be configured to identify a communication between a digital content marketplace client and a digital content marketplace server. An analysis engine may be configured to review the communication against a digital content marketplace policy. A response engine configured to block, allow or modify the communication to conform to the digital content marketplace policy.

IPC Classes  ?

• G06Q 30/0601 - Electronic shopping [e-shopping]
• H04W 12/08 - Access security
• H04W 12/00 - Security arrangementsAuthenticationProtecting privacy or anonymity
• H04W 12/37 - Managing security policies for mobile devices or for controlling mobile applications

Abstract

Systems and methods for providing security services during a power management mode are disclosed. In some embodiments, a method comprises detecting with a mobile security system a wake event on a mobile device, providing from the mobile security system a wake signal, the providing being in response to the wake event to wake a mobile device from a power management mode, and managing with the mobile security system security services of the mobile device. Managing security services may comprise scanning a hard drive of the mobile devices for viruses and/or other malware. Managing security services may also comprise updating security applications or scanning the mobile device for unauthorized data.

IPC Classes  ?

• G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
• H04W 12/062 - Pre-authentication
• H04W 12/06 - Authentication
• H04L 9/40 - Network security protocols
• G06F 1/3209 - Monitoring remote activity, e.g. over telephone lines or network connections
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• G06F 8/61 - Installation

Abstract

Outbound traffic of a host application may be received from a host device having a host processor. The secure resource may be configured to provide a secure transaction based on the outbound network traffic. Using a second processor different than the host processor, it may be determined whether the host application is authorized to provide the outbound network traffic to the secure resource. The outbound network traffic may be allowed to be forwarded to the secure resource if the host application is authorized. The outbound network traffic may be disallowed to be forwarded to the secure resource if the host application is not authorized.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• H04L 9/40 - Network security protocols
• G06F 21/34 - User authentication involving the use of external additional devices, e.g. dongles or smart cards
• G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
• G06F 21/60 - Protecting data

Abstract

A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

IPC Classes  ?

• G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• H04L 9/40 - Network security protocols
• H04W 12/128 - Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
• H04W 12/00 - Security arrangementsAuthenticationProtecting privacy or anonymity
• H04W 12/12 - Detection or prevention of fraud

Abstract

A system may include a traffic interception module configured to intercept network traffic of a host device. A traffic virtualization module may be configured to generate a virtual file on the host device containing the intercepted network traffic. A security system interface module may be configured to provide the virtual file to a secure digital security system over a virtualized file interface coupling the host device to the secure digital security system, and to receive instructions to allow or to deny the network traffic from the secure digital security system over the virtualized file interface. A traffic access management module may be configured to allow or to deny the network traffic based on the instructions.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

A computer system with multiple security levels, the system comprising a high-power processing device (130), a low-power processing device (110), and an interface unit (120) comprising functions for moving classified information between the high-power device (130) and the low-power device (110) according to formal rules for confidentiality and/or integrity. Additional security aspects, e.g. availability, may readily be accommodated. A method for implementing multiple levels of security along a number of independent security axes on the system is also disclosed.

IPC Classes  ?

• G06F 21/60 - Protecting data
• G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
• G06F 21/78 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Abstract

A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

IPC Classes  ?

• G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• H04W 12/12 - Detection or prevention of fraud
• H04W 12/00 - Security arrangementsAuthenticationProtecting privacy or anonymity

Abstract

Systems and methods for providing security services during a power management mode are disclosed. In some embodiments, a method comprises detecting with a mobile security system a wake event on a mobile device, providing from the mobile security system a wake signal, the providing being in response to the wake event to wake a mobile device from a power management mode, and managing with the mobile security system security services of the mobile device. Managing security services may comprise scanning a hard drive of the mobile devices for viruses and/or other malware. Managing security services may also comprise updating security applications or scanning the mobile device for unauthorized data.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• H04W 12/06 - Authentication
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• G06F 1/3209 - Monitoring remote activity, e.g. over telephone lines or network connections
• G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
• G06F 8/61 - Installation

Abstract

A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• H04L 29/12 - Arrangements, apparatus, circuits or systems, not covered by a single one of groups characterised by the data terminal

Abstract

A secure data exchange system comprising a security device including a first external device plug, and a security engine operative to enforce a security policy on data transfer requests received from the host; an external device including a second external device plug; and a host including a first external device port operative to communicatively couple with the first external device plug, a second external device port operative to communicatively couple with the second external device plug, and a driver, e.g., a redirect driver, operative to transfer a data transfer request to the security device before executing the data transfer request.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• G06F 21/71 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
• G06F 13/38 - Information transfer, e.g. on bus
• G06F 13/42 - Bus transfer protocol, e.g. handshakeSynchronisation
• G06F 21/85 - Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices

Abstract

A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

IPC Classes  ?

• G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• H04W 12/12 - Detection or prevention of fraud
• H04W 12/00 - Security arrangementsAuthenticationProtecting privacy or anonymity

Abstract

In various embodiments, a method comprises detecting a removable media device coupled to a digital device, authenticating a password to access the removable media device, injecting redirection code into the digital device, intercepting, with the redirection code, a request for data, determining to allow the request for data based on a security policy, and providing the data based on the determination. The method may further comprise selecting the security policy from a plurality of security policies based, at least in part, on the password and/or filtering the content of the requested data. Filtering the content may comprise scanning the data for malware. Filtering the content may also comprise scanning the data for confidential information.

IPC Classes  ?

• G06F 21/31 - User authentication
• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• G06F 21/55 - Detecting local intrusion or implementing counter-measures
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
• G06F 21/52 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure

Abstract

Outbound traffic of a host application may be received from a host device having a host processor. The secure resource may be configured to provide a secure transaction based on the outbound network traffic. Using a second processor different than the host processor, it may be determined whether the host application is authorized to provide the outbound network traffic to the secure resource. The outbound network traffic may be allowed to be forwarded to the secure resource if the host application is authorized. The outbound network traffic may be disallowed to be forwarded to the secure resource if the host application is not authorized.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• G06F 21/34 - User authentication involving the use of external additional devices, e.g. dongles or smart cards
• G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
• G06F 21/60 - Protecting data

Abstract

A computer system with multiple security levels, the system comprising a high-power processing device (130), a low-power processing device (110), and an interface unit (120) comprising functions for moving classified information between the high-power device (130) and the low-power device (110) according to formal rules for confidentiality and/or integrity. Additional security aspects, e.g. availability, may readily be accommodated. A method for implementing multiple levels of security along a number of independent security axes on the system is also disclosed.

IPC Classes  ?

• G06F 21/60 - Protecting data
• G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
• G06F 21/78 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Abstract

Systems and methods for providing security services during a power management mode are disclosed. In some embodiments, a method comprises detecting with a mobile security system a wake event on a mobile device, providing from the mobile security system a wake signal, the providing being in response to the wake event to wake a mobile device from a power management mode, and managing with the mobile security system security services of the mobile device. Managing security services may comprise scanning a hard drive of the mobile devices for viruses and/or other malware. Managing security services may also comprise updating security applications or scanning the mobile device for unauthorized data.

IPC Classes  ?

• G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
• G06F 1/3209 - Monitoring remote activity, e.g. over telephone lines or network connections
• H04W 12/062 - Pre-authentication
• H04W 12/06 - Authentication
• H04L 9/40 - Network security protocols
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• G06F 8/61 - Installation

Abstract

A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• H04L 29/12 - Arrangements, apparatus, circuits or systems, not covered by a single one of groups characterised by the data terminal

Abstract

Systems and methods for implementing content, streaming, and network security inside a chip or inside a computing device are disclosed. In exemplary embodiments, a system comprises a communication chip and a second processor. The communication chip comprises a router and security instructions. The router is configured to intercept untrusted data between a network, and a first router. The second processor is configured to receive the untrusted data from the router, process the untrusted data with the security instructions to produce trusted data, and provide the trusted data to the router.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
• H04W 12/128 - Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
• H04W 12/12 - Detection or prevention of fraud
• H04W 12/08 - Access security

Abstract

A system may include a traffic interception module configured to intercept network traffic of a host device. A traffic virtualization module may be configured to generate a virtual file on the host device containing the intercepted network traffic. A security system interface module may be configured to provide the virtual file to a secure digital security system over a virtualized file interface coupling the host device to the secure digital security system, and to receive instructions to allow or to deny the network traffic from the secure digital security system over the virtualized file interface. A traffic access management module may be configured to allow or to deny the network traffic based on the instructions.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

IPC Classes  ?

• G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• H04W 12/00 - Security arrangementsAuthenticationProtecting privacy or anonymity
• H04W 12/12 - Detection or prevention of fraud

Abstract

A secure data exchange system comprising a security device including a first external device plug, and a security engine operative to enforce a security policy on data transfer requests received from the host; an external device including a second external device plug; and a host including a first external device port operative to communicatively couple with the first external device plug, a second external device port operative to communicatively couple with the second external device plug, and a driver, e.g., a redirect driver, operative to transfer a data transfer request to the security device before executing the data transfer request.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• G06F 21/71 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
• G06F 13/38 - Information transfer, e.g. on bus
• G06F 13/42 - Bus transfer protocol, e.g. handshakeSynchronisation
• G06F 21/85 - Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices

Abstract

Systems and methods for providing security services during a power management mode are disclosed. In some embodiments, a method comprises detecting with a mobile security system a wake event on a mobile device, providing from the mobile security system a wake signal, the providing being in response to the wake event to wake a mobile device from a power management mode, and managing with the mobile security system security services of the mobile device. Managing security services may comprise scanning a hard drive of the mobile devices for viruses and/or other malware. Managing security services may also comprise updating security applications or scanning the mobile device for unauthorized data.

IPC Classes  ?

• H04L 29/00 - Arrangements, apparatus, circuits or systems, not covered by a single one of groups
• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
• G06F 1/3209 - Monitoring remote activity, e.g. over telephone lines or network connections
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• H04W 12/06 - Authentication
• G06F 8/61 - Installation

Abstract

A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• H04L 29/12 - Arrangements, apparatus, circuits or systems, not covered by a single one of groups characterised by the data terminal

Abstract

A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

IPC Classes  ?

• G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• H04W 12/12 - Detection or prevention of fraud
• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

A computer system with multiple security levels, the system comprising a high-power processing device (130), a low-power processing device (110), and an interface unit (120) comprising functions for moving classified information between the high-power device (130) and the low-power device (110) according to formal rules for confidentiality and/or integrity. Additional security aspects, e.g. availability, may readily be accommodated. A method for implementing multiple levels of security along a number of independent security axes on the system is also disclosed.

IPC Classes  ?

• G06F 21/60 - Protecting data
• G06F 21/78 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
• G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

Outbound traffic of a host application may be received from a host device having a host processor. The secure resource may be configured to provide a secure transaction based on the outbound network traffic. Using a second processor different than the host processor, it may be determined whether the host application is authorized to provide the outbound network traffic to the secure resource. The outbound network traffic may be allowed to be forwarded to the secure resource if the host application is authorized. The outbound network traffic may be disallowed to be forwarded to the secure resource if the host application is not authorized.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• G06F 21/34 - User authentication involving the use of external additional devices, e.g. dongles or smart cards
• G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
• G06F 21/60 - Protecting data

Abstract

A system may include a traffic interception module configured to intercept network traffic of a host device. A traffic virtualization module may be configured to generate a virtual file on the host device containing the intercepted network traffic. A security system interface module may be configured to provide the virtual file to a secure digital security system over a virtualized file interface coupling the host device to the secure digital security system, and to receive instructions to allow or to deny the network traffic from the secure digital security system over the virtualized file interface. A traffic access management module may be configured to allow or to deny the network traffic based on the instructions.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.

IPC Classes  ?

• G06F 9/00 - Arrangements for program control, e.g. control units
• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

A secure data exchange system comprising a security device including a first external device plug, and a security engine operative to enforce a security policy on data transfer requests received from the host; an external device including a second external device plug; and a host including a first external device port operative to communicatively couple with the first external device plug, a second external device port operative to communicatively couple with the second external device plug, and a driver, e.g., a redirect driver, operative to transfer a data transfer request to the security device before executing the data transfer request.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• G06F 21/71 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
• G06F 13/38 - Information transfer, e.g. on bus
• G06F 13/42 - Bus transfer protocol, e.g. handshakeSynchronisation
• G06F 21/85 - Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices

Abstract

A secure data exchange system comprising a security device including a first external device plug, and a security engine operative to enforce a security policy on data transfer requests received from the host; an external device including a second external device plug; and a host including a first external device port operative to communicatively couple with the first external device plug, a second external device port operative to communicatively couple with the second external device plug, and a driver, e.g., a redirect driver, operative to transfer a data transfer request to the security device before executing the data transfer request.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• G06F 21/71 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
• G06F 13/38 - Information transfer, e.g. on bus
• G06F 13/42 - Bus transfer protocol, e.g. handshakeSynchronisation
• G06F 21/85 - Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices

Abstract

Systems and methods for providing security services during a power management mode are disclosed. In some embodiments, a method comprises detecting with a mobile security system a wake event on a mobile device, providing from the mobile security system a wake signal, the providing being in response to the wake event to wake a mobile device from a power management mode, and managing with the mobile security system security services of the mobile device. Managing security services may comprise scanning a hard drive of the mobile devices for viruses and/or other malware. Managing security services may also comprise updating security applications or scanning the mobile device for unauthorized data.

IPC Classes  ?

• G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Abstract

Systems and methods for providing security services during a power management mode are disclosed. In some embodiments, a method comprises detecting with a mobile security system a wake event on a mobile device, providing from the mobile security system a wake signal, the providing being in response to the wake event to wake a mobile device from a power management mode, and managing with the mobile security system security services of the mobile device. Managing security services may comprise scanning a hard drive of the mobile devices for viruses and/or other malware. Managing security services may also comprise updating security applications or scanning the mobile device for unauthorized data.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• H04W 12/06 - Authentication
• G06F 1/32 - Means for saving power
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
• G06F 9/445 - Program loading or initiating

Abstract

A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

IPC Classes  ?

• G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• H04W 12/12 - Detection or prevention of fraud

Abstract

A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

IPC Classes  ?

• G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.

IPC Classes  ?

• G06F 9/00 - Arrangements for program control, e.g. control units
• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

Systems and methods for providing security services during a power management mode are disclosed. In some embodiments, a method comprises detecting with a mobile security system a wake event on a mobile device, providing from the mobile security system a wake signal, the providing being in response to the wake event to wake a mobile device from a power management mode, and managing with the mobile security system security services of the mobile device. Managing security services may comprise scanning a hard drive of the mobile devices for viruses and/or other malware. Managing security services may also comprise updating security applications or scanning the mobile device for unauthorized data.

IPC Classes  ?

• G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

A system may include a traffic interception module configured to intercept network traffic of a host device. A traffic virtualization module may be configured to generate a virtual file on the host device containing the intercepted network traffic. A security system interface module may be configured to provide the virtual file to a secure digital security system over a virtualized file interface coupling the host device to the secure digital security system, and to receive instructions to allow or to deny the network traffic from the secure digital security system over the virtualized file interface. A traffic access management module may be configured to allow or to deny the network traffic based on the instructions.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

A system may include a traffic interception module configured to intercept network traffic of a host device. A traffic virtualization module may be configured to generate a virtual file on the host device containing the intercepted network traffic. A security system interface module may be configured to provide the virtual file to a secure digital security system over a virtualized file interface coupling the host device to the secure digital security system, and to receive instructions to allow or to deny the network traffic from the secure digital security system over the virtualized file interface. A traffic access management module may be configured to allow or to deny the network traffic based on the instructions.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• H04L 12/26 - Monitoring arrangements; Testing arrangements

Abstract

Systems and methods for implementing content, streaming, and network security inside a chip or inside a computing device are disclosed. In exemplary embodiments, a system comprises a communication chip and a second processor. The communication chip comprises a router and security instructions. The router is configured to intercept untrusted data between a network, and a first router. The second processor is configured to receive the untrusted data from the router, process the untrusted data with the security instructions to produce trusted data, and provide the trusted data to the router.

IPC Classes  ?

• G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• H04W 12/12 - Detection or prevention of fraud
• H04W 12/08 - Access security

Abstract

In various embodiments, a method comprises detecting a removable media device coupled to a digital device, authenticating a password to access the removable media device, injecting redirection code into the digital device, intercepting, with the redirection code, a request for data, determining to allow the request for data based on a security policy, and providing the data based on the determination. The method may further comprise selecting the security policy from a plurality of security policies based, at least in part, on the password and/or filtering the content of the requested data. Filtering the content may comprise scanning the data for malware. Filtering the content may also comprise scanning the data for confidential information.

IPC Classes  ?

• G06F 21/31 - User authentication
• G06F 21/55 - Detecting local intrusion or implementing counter-measures
• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
• G06F 21/52 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure

Abstract

A digital content marketplace filter engine may be configured to identify a communication between a digital content marketplace client and a digital content marketplace server. An analysis engine may be configured to review the communication against a digital content marketplace policy. A response engine configured to block, allow or modify the communication to conform to the digital content marketplace policy.

IPC Classes  ?

• G06Q 30/06 - Buying, selling or leasing transactions
• H04W 12/08 - Access security
• H04W 12/37 - Managing security policies for mobile devices or for controlling mobile applications
• H04W 12/00 - Security arrangementsAuthenticationProtecting privacy or anonymity

Abstract

Systems and methods for providing security services during a power management mode are disclosed. In some embodiments, a method comprises detecting with a mobile security system a wake event on a mobile device, providing from the mobile security system a wake signal, the providing being in response to the wake event to wake a mobile device from a power management mode, and managing with the mobile security system security services of the mobile device. Managing security services may comprise scanning a hard drive of the mobile devices for viruses and/or other malware. Managing security services may also comprise updating security applications or scanning the mobile device for unauthorized data.

IPC Classes  ?

• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Abstract

Outbound traffic of a host application may be received from a host device having a host processor. The secure resource may be configured to provide a secure transaction based on the outbound network traffic. Using a second processor different than the host processor, it may be determined whether the host application is authorized to provide the outbound network traffic to the secure resource. The outbound network traffic may be allowed to be forwarded to the secure resource if the host application is authorized. The outbound network traffic may be disallowed to be forwarded to the secure resource if the host application is not authorized.

IPC Classes  ?

• G06F 17/00 - Digital computing or data processing equipment or methods, specially adapted for specific functions

Abstract

Outbound traffic of a host application may be received from a host device having a host processor. The secure resource may be configured to provide a secure transaction based on the outbound network traffic. Using a second processor different than the host processor, it may be determined whether the host application is authorized to provide the outbound network traffic to the secure resource. The outbound network traffic may be allowed to be forwarded to the secure resource if the host application is authorized. The outbound network traffic may be disallowed to be forwarded to the secure resource if the host application is not authorized.

IPC Classes  ?

• G06F 21/34 - User authentication involving the use of external additional devices, e.g. dongles or smart cards
• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
• G06F 21/60 - Protecting data

Abstract

A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

IPC Classes  ?

• G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
• H04W 12/00 - Security arrangementsAuthenticationProtecting privacy or anonymity
• G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
• H04L 29/06 - Communication control; Communication processing characterised by a protocol

Abstract

A computer system with multiple security levels, the system comprising a high-power processing device (130), a low-power processing device (110), and an interface unit (120) comprising functions for moving classified information between the high-power device (130) and the low-power device (110) according to formal rules for confidentiality and/or integrity. Additional security aspects, e.g. availability, may readily be accommodated. A method for implementing multiple levels of security along a number of independent security axes on the system is also disclosed.

IPC Classes  ?

• G06F 21/60 - Protecting data
• G06F 21/78 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
• G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.

IPC Classes  ?

• G06F 9/00 - Arrangements for program control, e.g. control units
• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• H04L 29/12 - Arrangements, apparatus, circuits or systems, not covered by a single one of groups characterised by the data terminal

Abstract

A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

IPC Classes  ?

• G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity

Abstract

A computer system with multiple security levels, the system comprising a high-power processing device (130), a low-power processing device (110), and an interface unit (120) comprising functions for moving classified information between the high-power device (130) and the low-power device (110) according to formal rules for confidentiality and/or integrity. Additional security aspects, e.g. availability, may readily be accommodated. A method for implementing multiple levels of security along a number of independent security axes on the system is also disclosed.

IPC Classes  ?

• G06F 21/78 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Abstract

A mobile security system connects to a mobile device and filters out attacks and malicious code. Using the mobile security system, a mobile device can be protected by greater security and possibly by the same level of security offered by a corporation, enterprise, or other entity associated with the mobile device.

IPC Classes  ?

• G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
• G06F 21/55 - Detecting local intrusion or implementing counter-measures

Abstract

Systems and methods for providing security services during a power management mode are disclosed. In some embodiments, a method comprises detecting a wake event, providing a wake signal in response to the wake event to wake a mobile device from a power management mode, and managing security services of the mobile device. Managing security services may comprise scanning a hard drive of the mobile devices for viruses and/or other malware. Managing security services may also comprise updating security applications or scanning the mobile device for unauthorized data.

IPC Classes  ?

• G06F 11/00 - Error detectionError correctionMonitoring
• G06F 12/14 - Protection against unauthorised use of memory
• G06F 12/16 - Protection against loss of memory contents
• G08B 23/00 - Alarms responsive to unspecified undesired or abnormal conditions

Abstract

Systems and methods for implementing content, streaming, and network security inside a chip or inside a computing device are disclosed. In exemplary embodiments, a system comprises a communication chip and a second processor. The communication chip comprises a router and security instructions. The router is configured to intercept untrusted data between a network, and a first router. The second processor is configured to receive the untrusted data from the router, process the untrusted data with the security instructions to produce trusted data, and provide the trusted data to the router.

IPC Classes  ?

• G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
• H04W 12/12 - Detection or prevention of fraud
• H04L 29/06 - Communication control; Communication processing characterised by a protocol
• H04W 12/08 - Access security

Abstract

The present invention relates to a data processing system comprising both a high performance computing sub-system having typical high power consumption and a low performance subsystem requiring less power. The data processing system acts as a single computing device by moving the execution of software from the low performance subsystem to the high performance subsystem when high computing power is needed and vice versa when low computing performance is sufficient, allowing in the latter case to put the high performance subsystem into a power saving state. The invention relates also to related algorithms.

IPC Classes  ?

• G06F 1/26 - Power supply means, e.g. regulation thereof
• G06F 1/32 - Means for saving power

Abstract

A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.

IPC Classes  ?

• G06F 9/00 - Arrangements for program control, e.g. control units

Abstract

A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

IPC Classes  ?

• G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity

Abstract

The present invention relates to a data processing system comprising both a high performance computing subsystem having typical high power consumption and a low performance subsystem requiring less power. The data processing system acts as a single computing device by moving the execution of software from the low performance subsystem to the high performance subsystem when high computing power is needed and vice versa when low computing performance is sufficient, allowing in the latter case to put the high performance subsystem into a power saving state. The invention relates also to related algorithms.

IPC Classes  ?

• G06F 1/32 - Means for saving power
• G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs