Abstract: Providing authorized copies of encrypted media content including: receiving application for authentication to make copies of the media content; providing forensic decryption tools to process the media content; transmitting a permission to make copies of the media content using the forensic decryption tools; performing authorized decryption of the media content; and making and forensically marking copies of the decrypted media content.

Abstract: Systems and methods for setting up VPN connection are provided. Method includes facilitating creating gateway connection between client side and server side. Client side comprises multiple client side virtual NICs and server side comprises multiple server side virtual NICs. Method includes facilitating creating data paths for VPN connection between each of at least portion of client side virtual NICs and each of at least portion of server side virtual NICs. Data path of each pair of corresponding client side virtual NICs and corresponding server side virtual NIC is associated with gateway connection and port forward. Method includes facilitating transmitting data, via first data path for VPN connection, between first client computing device communicatively coupled with corresponding client side virtual NIC of first data path and first server computing device communicatively coupled with corresponding server side virtual NIC of first data path.

Abstract: Systems and techniques for performing cryptographic operations based on public key validity registers are described. A described system includes a controller and a memory structure to store one or more public keys. The memory structure includes one or more validity registers that respectively correspond to the one or more public keys. The controller has exclusive write access to the validity register. The controller can be configured to perform an authentication of a public key, write an authentication status value to the corresponding validity register based on a result of the authentication, and perform one or more cryptographic operations using the public key that are conditional on the validity register indicating an authenticated status for the public key.

Abstract: A trusted virtualization platform protects sensitive customer data during operation of virtual machines in a multi-tenant cloud computing center. The trusted virtualization platform limits administrator access to the data and state of the virtual machines running thereon, reports any changes made thereto, and requires keys provided by the customer or a trusted third party of the customer to perform management operations on the virtual machines. By requiring cloud computing centers to use such trusted virtualization platforms, customers uploading their virtual machines into the cloud computing center can be assured that cloud administrators will not be able to access or tamper with their private data. Furthermore, customers can directly audit all important state or configuration changes for their virtual machines as the trusted virtualization platform can be configured to report all such changes according to a security policy set by the customer.

Abstract: A method for evaluating potential attacks of worms, the method includes: associating, in response to information representative of a network and of worm entities, between worm entities and potential worm sources to provide associated worm sources; determining potential worm attacks that start from the associated worm sources; and evaluating at least one potential worm attack security metric associated with the potential worm attacks.

Abstract: The described apparatus and methods may include a processor, a memory in communication with the processor, a removable module in communication with the processor and operable to store data, an initialization component executable by the processor and configured to initialize the removable module, and an authentication component executable by the processor and configured to: receive a command from the removable module to perform an authentication operation, wherein the command is a standard message having a command qualifier value or code that represents an authentication challenge; obtain a random value from the removable module in response to the command; calculate a response based on the random value and a terminal key stored in the memory; and transmit the response to the removable module.

Abstract: A method and system for user authentication uses photos, pictures, images, pictures of words, logos, graphics, icons, or pictures of colors (graphical elements) as password elements (graphical password) to gain access to a secure platform, section of a platform, specific content, website, computer, mobile device or other electronic device (secure content). The Method and system provide the creation, use in authentication and maintenance of the graphical password. Graphical password creation is initiated through user selection and platform storage of a subset of one or more platform provided or user provided graphical elements (secret graphical elements). The graphical elements are photos, pictures or images that are memorable to the user and are from within one or more relevant categories, e.g. colors, playing cards, animals. A graphical user interface (GUI) having virtual dials, wheels, reels or keypads to display images is used to implement the login/authentication process.

Abstract: Described systems and methods allow protecting a computer system from malware, such as viruses and rootkits. In some embodiments, a hypervisor configures a hardware virtualization platform hosting a set of operating systems (OS). A memory introspection engine executing at the processor privilege level of the hypervisor dynamically identifies each OS, and uses an protection priming module to change the way memory is allocated to a target software object by the memory allocation function native to the respective OS. In some embodiments, the change affects only target objects requiring malware protection, and comprises enforcing that memory pages containing data of the target object are reserved exclusively for the respective object. The memory introspection engine then write-protects the respective memory pages.

Abstract: A method for joining a user domain based on digital right management (DRM), a method for exchanging information between a user device and a domain enforcement agent, and a method for exchanging information between user devices belonging to the same user domain include sharing a domain session key between the user device and the domain enforcement agent or between the user devices belonging to the same user domain. Information is exchanged through a secure session set up between the user device and domain enforcement agent or between the user devices, and information exchange occurs through encryption/decryption using the domain session key.

Abstract: The disclosed embodiment relates to identity verification and identity management, and in particular, to methods and systems for identifying individuals, identifying users accessing one or more services over a network, determining member identity ratings, and based on member identity ratings that restrict access to network-based content and certain user-to-user interactions. Further, the user experience in performing identity management is simplified and enhanced as disclosed herein.

Abstract: The disclosed embodiment relates to identity verification and identity management, and in particular, to methods and systems for identifying individuals, identifying users accessing one or more services over a network, determining member identity ratings, and based on member identity ratings that restrict access to network-based content and certain user-to-user interactions. Further, the user experience in performing identity management is simplified and enhanced as disclosed herein.

Abstract: A semiconductor memory may be provided with a built-in test mode that is accessible through a password protection scheme. This enables access to a built-in test mode after manufacturing, if desired. At the same time, the password protection prevents use of the built-in test mode to bypass security features of the memory.

Abstract: According to one embodiment of the invention, a method for setting permission levels is described. First, an application and digital signature is received by logic performing the permission assessment. Then, a determination is made as to what permission level for accessing resources is available to the application based on the particulars of the digital signature. Herein, the digital signature being signed with a private key corresponding to a first public key identifies that the application is assigned a first level of permissions, while the digital signature being signed with a private key corresponding to a second public key identifies the application is assigned a second level of permissions having greater access to the resources of an electronic device than provided by the first level of permissions.

Abstract: A security module detects and remediates malware from suspicious hosts. A file arrives at an endpoint from a host. The security module detects the arrival of the file and determines the host from which the file arrived. The security module also determines whether the host is suspicious. If the host is suspicious, the security module observes the operation of the file and identifies a set of files dropped by the received file. The security module monitors the files in the set using heuristics to detect whether any of the files engage in malicious behavior. If a file engages in malicious behavior, the security module responds to the malware detection by remediating the malware, which may include removing system changes caused by the set.

Abstract: An operating system of an information handling system (IHS) initializes a security tool to provide security management during user-to-user transactions. The security tool may determine a relationship between the users and, in response, invoke a user personal profile and application profile information that pertains to the users and the transaction. The security tool determines an initial observed confidence level that indicates a degree of certainty with respect to the accuracy of user authentication. The security tool may continuously determine observed confidence levels from current user actions, learned behavior, and other information within a security information store. The security tool may compare a currently observed confidence level to a predetermined confidence threshold. The tool may halt the transaction if the observed confidence level does not exceed the predetermined confidence threshold thus indicating a breach in security confidence.

Abstract: A method for consolidating cloud service data and behaviors can begin with the compilation of user/service membership data that associates requesting entities with subscribed cloud services by a trusted cloud service consolidator. A federated trust library housing inter-service trust information for the cloud services contained in the user/service membership data can be created. In response to a service request from a requesting entity, trusted secondary cloud services can be identified for the requesting entity. Identification of the trusted secondary cloud services can be based upon trust factors synthesized from data contained in the federated trust library. Data satisfying the service request and associated behaviors from each trusted secondary cloud service can then be consolidated into a unified data structure. A behavior can be an executable action supported by a trusted secondary cloud service. The unified data structure can be conveyed to the requesting entity in a service response.

Abstract: A method for consolidating cloud service data and behaviors can begin with the compilation of user/service membership data that associates requesting entities with subscribed cloud services by a trusted cloud service consolidator. A federated trust library housing inter-service trust information for the cloud services contained in the user/service membership data can be created. In response to a service request from a requesting entity, trusted secondary cloud services can be identified for the requesting entity. Identification of the trusted secondary cloud services can be based upon trust factors synthesized from data contained in the federated trust library. Data satisfying the service request and associated behaviors from each trusted secondary cloud service can then be consolidated into a unified data structure. A behavior can be an executable action supported by a trusted secondary cloud service. The unified data structure can be conveyed to the requesting entity in a service response.

Abstract: There is a performing of digital rights management (DRM), operable in an offline mode with respect to a communications network. The performing includes identifying a stored rights object associated with a stored asset. The stored rights object includes reporting duration information associated with the stored asset. The performing also includes determining, utilizing a processor, whether a transmission of an early status message is a successful communication based on an early status message determination. If a failure in communicating the early status message is determined, utilizing the stored asset. The performing may also include transmitting an early status message and/or later status message after identifying the stored rights object. There is also a performing of digital rights management (DRM) associated with a DRM system and operable in an offline mode with respect to a communications network. There are also client devices, communicating systems, computer readable mediums and protocols.

Abstract: Guest accounts arise in a variety of ways. Hotels, Coffee Shops, internet cafes, internet kiosks, etc provide internet access to its guests, aka customers. Cloud based security services can serve as a platform for supporting efficient and safe guest account management. Guest accounts are managed by the cloud service and are associated and disassociated with individuals as needed by the guest account provider. The cloud service can also provide a guest account provider with greater control over guest account usage and accountability.

Abstract: Techniques are disclosed for improving security in virtual private network. In one embodiment, key information is generated for a virtual private network (VPN) connection between a first device and a second device. A plurality of shares is then generated based on the key information. A first set of one or more shares is stored on a dongle that is paired to the first device. A second set of one or more shares is stored on the first device. In response to a request to resume the VPN connection, the first set of shares is retrieved from the dongle. The key information is reconstructed based on the first set of shares and the second set of shares. The reconstructed key information may then be used to resume the VPN connection.