Abstract: A method for securely searching, finding, reproducing, recovering, and/or exporting electronic data from at least two systems which can be found in a network and which are organized in a functionally identical and decentralized manner. The individual systems include a system certificate and a corresponding serial number by the manufacturer and can carry out an authentication process using said system certificate and serial number. Information is provided on user authorizations between the systems using configuration tables which are stored on each of the systems. A maximum level of security is ensured by combining cryptographic methods and the mutual authentication of the involved systems. A user interface is provided for the user, wherein the user receives a pre-selection of the requested electronic data in the user interface and can then mark the pre-selection for further processing.

Abstract: This document discusses, among other things, a system and method for detecting an initiation of a transaction and generating a string of characters based on the detection. A subset of characters of the string of characters is presented in such a way as to be distinguished from remaining characters of the string of characters. In various example embodiments, the transaction is validated based on an identification of the subset of characters of the string of characters.

Abstract: A network security apparatus includes a management unit, a security policies monitoring unit, a security monitoring unit, a log security check unit, and a log transmission unit. The management unit receives network security apparatus setting information, security policies and log generation policies from the outside. The security policies monitoring unit checks whether the security policies comply with a set format. If the security policies comply with the set format, the security monitoring unit monitors whether a communication node communicates in compliance with the security policies. The log security check unit generates a monitoring log based on the log generation policies, and checks whether the monitoring log complies with a log setting format. If the monitoring log complies with the log setting format, the log transmission unit transmits the security log to the outside, thereby performing the outside network security.

Abstract: A system and method are provided that allow an application on a first terminal to inquire about available network communication associations that it can use to send data to another terminal, thereby avoiding the establishment of a new network communication association with the other terminal. A security information module may serve to collect and/or store information about available network communication associations between the first terminal and another terminal across different layers. The security information module may also assess a trust level for the network communication associations based on security mechanisms used to establish each association and/or past experience information reported for these network communication associations. Upon receiving a request for available network communication associations, the security information module provides this to the requesting application which can use it to establish communications with a corresponding application on the other terminal.

Abstract: Disclosed herein are system, method, and computer program product embodiments for adapting to malware activity on a compromised computer system. An embodiment operates by detecting an adversary operating malware on a compromised system. A stream of network communications associated with adversary is intercepted. The stream of network communications includes a command and control channel of the adversary. The stream of network communications is accessed. An emulation of the command and control channel is provided. An analysis of the accessed stream of traffic is executed. A plurality of response mechanisms is provided. The plurality of response mechanisms is based in part on the analysis of the stream of network communications and a custom policy language tailored for the malware.

Abstract: Systems and methods are disclosed for authenticating electronic messages. A data structure is generated by a computer server which allows for the authentication of the contents and computer server identity of a received electronic message and provides a trusted stamp to authenticate when the message was sent. Data which can authenticate the message, the computer server identity, and the time the message was sent is included into a data structure which is called an Electronic PostMark (EPM).

Abstract: One feature pertains to an efficient algorithm to protect the integrity of a plurality of data structures by computing an aggregate message authentication code (MAC) over the plurality of data structures. An aggregate MAC may be constructed from a plurality of MAC values associated with a plurality of data structures. The aggregate MAC binds the plurality of data structures and attests to their combined integrity simultaneously. Rather than checking the integrity of a data structure when it is accessed, the aggregate MAC is periodically checked or verified, to ascertain the integrity of all data structures. If the aggregate MAC computed is different from the previously stored aggregate MAC, then all data structures that are part of the aggregate MAC are discarded.

Abstract: A rogue access point in a wireless local-area network can be disabled by an authorized access point wirelessly transmitting a layer-2 broadcast packet. If a rogue access point receives this broadcast packet, it will forward a copy to the switch to which it is connected. The switch then determines whether the port on which the copy of the broadcast packet is received is associated an authorized access point port. If the switch determines the port is not an authorized access point port, the switch shuts down the port.

Abstract: When communication from a first virtual device to a second virtual device is received, it is determined a first virtual interface associated with the first virtual device and a second virtual interface associated with the second virtual device. It is then determined a first security domain associated with the first virtual interface and a second security domain associated with the second virtual interface to implement a security policy between the first security domain and second security domain. The communication between the virtual devices is allowed or blocked.

Abstract: The present invention discloses a method and a device for prompting information about an e-mail. The method comprises: extracting information from a currently opened e-mail; according to the extracted information, determining whether an unsafe webpage link is contained in content of the currently opened e-mail; and if yes, providing security prompting information to a user. By means of the present invention, security is ensured when a person uses an e-mail box.

Abstract: Embodiments of the invention create an underlying infrastructure in a flash memory device (e.g., a serial peripheral interface (SPI) flash memory device) such that it may be protected against user attacks—e.g., replacing the SPI flash memory device or a man-in-the-middle (MITM) attack to modify the SPI flash memory contents on the fly. In the prior art, monotonic counters cannot be stored in SPI flash memory devices because said devices do not provide replay protection for the counters. A user may also remove the flash memory device and reprogram it. Host platforms alone cannot protect against such hardware attacks. Embodiments of the invention enable secure standard storage flash memory devices such as SPI flash memory devices to achieve replay protection for securely stored data. Embodiments of the invention utilize flash memory controllers, flash memory devices, unique device keys and HMAC key logic to create secure execution environments for various components.

Abstract: Embodiments of the invention create an underlying infrastructure in a flash memory device (e.g., a serial peripheral interface (SPI) flash memory device) such that it may be protected against user attacks—e.g., replacing the SPI flash memory device or a man-in-the-middle (MITM) attack to modify the SPI flash memory contents on the fly. In the prior art, monotonic counters cannot be stored in SPI flash memory devices because said devices do not provide replay protection for the counters. A user may also remove the flash memory device and reprogram it. Host platforms alone cannot protect against such hardware attacks. Embodiments of the invention enable secure standard storage flash memory devices such as SPI flash memory devices to achieve replay protection for securely stored data. Embodiments of the invention utilize flash memory controllers, flash memory devices, unique device keys and HMAC key logic to create secure execution environments for various components.

Abstract: A control unit of a communication device decrypts, when receiving via an antenna from a reader/writer a cipher key encrypted with a key same as a common key recorded in a recording unit by the reader/writer, the encrypted cipher key with the common key recorded in the recording unit, and when receiving via the antenna from the reader/writer a readout target address specifying a region of a data readout source in the recording unit encrypted with a cipher key same as the cipher key by the reader/writer, decrypting the encrypted readout target address with the cipher key, and transmitting the data recorded in the region specified by the readout target address obtained through decryption of the regions of the recording unit to the reader/writer via the antenna.

Abstract: A method includes selecting a first biclique role in a plurality of roles and finding all roles in the plurality that have a set of vertices of a second type that is a subset of a set of vertices of the second type in the first role; removing each of the subsets from the set of vertices of the second type corresponding to the first role; and reassigning the vertices of the first type to the roles such that original associations between the vertices of the first type and the vertices of the second type are maintained.

Abstract: Systems and methods are disclosed for enabling a recipient of a cryptographically-signed electronic communication to verify the authenticity of the communication on-the-fly using a signed chain of check values, the chain being constructed from the original content of the communication, and each check value in the chain being at least partially dependent on the signed root of the chain and a portion of the communication. Fault tolerance can be provided by including error-check values in the communication that enable a decoding device to maintain the chain's security in the face of communication errors. In one embodiment, systems and methods are provided for enabling secure quasi-random access to a content file by constructing a hierarchy of hash values from the file, the hierarchy deriving its security in a manner similar to that used by the above-described chain.

Abstract: An apparatus and method for secure file transfer may be provided. In an exemplary embodiment, a file may include a content record and a metadata record. The content record and metadata record may each be encrypted. The encrypted content record and encrypted metadata record may each be uploaded to at least one server. The metadata record may be decrypted and the content record may subsequently be called from the at least one server and decrypted, resulting in a recreation of the original file. The server may have zero knowledge of the file records.

Abstract: A gaming system for performing integrity checks of a gaming machine is described. The gaming system includes a host server comprising having a processor, an interface for communicating with a plurality of gaming machines, an oversight module, and a database of expected gaming machine configurations. The gaming system further includes the plurality of gaming machines configured to present game play of a wager-based game. Each gaming machine includes a cabinet, a display coupled to the cabinet, and a processor coupled to the cabinet. The gaming system is configured to perform an integrity check of the plurality of gaming machines through the host server.

Abstract: Network communication and provisioning systems and methods are provided to enable automatic provisioning of an appliance to provide encryption services for email messages and other types of electronic messages addressed to or from an email domain.

Abstract: A method, apparatus and computer program product to detect and apply security policy to active client requests within a secure user session begins by applying a first heuristic to a plurality of requests for a particular resource to identify a pattern indicating of an active client. In one embodiment, the heuristic evaluates a frequency of requests for the particular resource across one or more secure user sessions. Later, upon receipt of a new request for the particular resource, a determination is then made whether the new request is consistent with the pattern. If so, an action is taken with respect to a secure session policy.

Abstract: An electronic device has a lower power state in which power to a storage device is disabled. Predetermined information stored in a memory is useable to unlock the storage device during a procedure to transition the electronic device from the lower power state to a higher power state. The predetermined information is different from a credential for use in unlocking the storage device.