Abstract: A method, system, and computer program product for intercepting communication between a virtual machine and an encrypted replication data stored on a storage medium and redirecting the communication to a remote replication appliance and using a key stored on the remote replication appliance to enable the virtual machine to facilitate communication with the encrypted replication data stored on the storage medium, wherein facilitating communication enables the virtual machine to interact with the encrypted replication data as unencrypted data.
Abstract: A method to communicate content is disclosed. An apparatus also performs the functions of the method. The method includes capturing a rendering of at least a portion of an image. The image has an embedded cryptographic representation of at least one character in a code and the code corresponds to a unit of content. The embedded cryptographic representation of the at least one character identifies an orientation of the at least a portion of the image. The method includes decoding the embedded cryptographic representation of the at least one character in the code, determining an orientation of the rendering of the at least a portion of an image, and retrieving the unit of content corresponding to the code from a storage location. The method includes displaying the unit of content in an orientation corresponding to the orientation of the rendering of the at least a portion of the image.
Abstract: A method, system, and/or computer program product securely generates and/or manages a virtual card on a mobile device. The mobile device receives a protected application, which initially cannot be accessed by an operating system for execution by a processor. The mobile device also receives a security object, which is used to convert the received protected application into an executable application that can be utilized by the operating system for execution by the processor. The executable application is then executed by the processor to act as a virtual card, which provides a functionality of a predefined physical electronic or magnetic-stripe card.
Type:
Grant
Filed:
December 10, 2013
Date of Patent:
December 29, 2015
Assignee:
International Business Machines Corporation
Inventors:
Richard H. Boivie, Robert R. Friedlander, James R. Kraemer, Jeb R. Linton
Abstract: A computer-implemented method for blocking flanking attacks on computing systems may include (1) detecting a denial-of-service attack targeting a computing network, (2) inferring, based at least in part on detecting the denial-of-service attack, a secondary attack targeting at least one computing resource within the computing network, (3) determining that the computing resource is subject to additional protection based on inferring the secondary attack targeting the computing resource, and (4) protecting the computing resource against the secondary attack by adding an authentication requirement for accessing the computing resource. Various other methods, systems, and computer-readable media are also disclosed.
Abstract: Systems and methods for automatically maintaining the anonymity or privacy of a stream of data as it is transmitted over a network or provided for other use, by receiving a data stream in real-time from an original source and identifying a data subset of interest within the original data stream. The data subset of interest is segregated from the data stream for either obfuscating at least a portion of the data subset in accordance with certain criteria or encrypting it. The data subset is obfuscated or encrypted for purpose of transmission over the network or for testing and reunited at a target source with the remainder of the data stream.
Abstract: A first copy of an intrinsic ID of a first node may be stored on a second node. The first node may receive a challenge that causes it to generate a second copy of its intrinsic ID. The second copy and a random value may be used as inputs of a function to generate a first code. The first code is transmitted to the second node. The second node decodes the first code using its local copies of the random value and/or the intrinsic ID. The second node checks the decoded information against its local information and authenticates the first node if there is a match.
Type:
Grant
Filed:
December 11, 2013
Date of Patent:
December 22, 2015
Assignee:
GLOBALFOUNDRIES INC.
Inventors:
Srivatsan Chellappa, Toshiaki Kirihata, Sami Rosenblatt
Abstract: The present invention relates to a system that manages security of one or more computer systems and/or one or more different types of I/O channels such as USB, Ethernet, SATA, and SAS. According to certain aspects, the management system is distributed. That is, a central management system and computer subsystems are physically distributed within one or more geographical areas, and communicate with each other by passing messages through a computer network. According to certain additional aspects, the configuration and/or security functions performed by methods and apparatuses according to the invention can be logically transparent to the upstream host and to the downstream device.
Type:
Grant
Filed:
August 20, 2013
Date of Patent:
December 15, 2015
Assignee:
Janus Technologies, Inc.
Inventors:
Joshua Porten, Sofin Raskin, Michael Wang, Mikhail Borisov
Abstract: System and method for distribution of a PIN code comprising an application end user in communication with an application server comprising at least one PIN code generating mechanism for authentication of an application end user, and a portable telecommunication device further characterized by that said application server is in communication with a synthetic voice PIN server also in communication with said portable telecommunication device.
Abstract: Methods and systems for Data Leak Prevention (DLP) in a private network are provided. According to one embodiment, information is received from an administrator (i) defining a DLP rule to be applied to packets associated with an upper layer protocol and (ii) defining an action to take when a condition associated with the rule is satisfied. The rule includes a regular expression and/or a string that is configured to detect existence of sensitive information. A packet originated by a host device is received. The packet is determined to be associated with the upper layer protocol. A command, request or method of the protocol is identified that is specified by or represented by the packet. The packet is scanned for sensitive information based on the rule. When the scanning results in a conclusion that sensitive information is contained within the packet, then the defined action is performed.
Abstract: Systems and methods for performing hybrid symbolic execution to detect exploitable bugs in binary code are described. In some example embodiments, the systems and methods determine that resources associated with an execution client performing symbolic execution of a target program are below, at, or above a threshold performance level, generate checkpoints for active executing paths of the online symbolic execution, and cause the execution client to perform symbolic execution in response to the determination that the resources are at or above the threshold performance level.
Type:
Grant
Filed:
May 21, 2013
Date of Patent:
November 10, 2015
Assignee:
Carnegie Mellon University
Inventors:
David Brumley, Sang Kil Cha, Thanassis Avgerinos, Alexandre Rebert
Abstract: Disclosed are various embodiments of techniques that may be used to improve the reliability of network authentication. A communication session is established between a server computing device and a client computing device. The communication session is established via a network using a credential for a network site. A verifier for the credential is generated, which may be used to confirm the authenticity of the credential. The verifier is provided to the client computing device via the network.
Abstract: A multiplication method and a modular multiplier are provided. The multiplication method includes transforming a redundant-form multiplier by adding a recoding constant to the multiplier, performing recoding by using the transformed multiplier, and performing partial multiplication between the multiplier and a multiplicand using result values of the recoding.
Type:
Grant
Filed:
December 23, 2013
Date of Patent:
October 20, 2015
Assignee:
SAMSUNG ELECTRONICS CO., LTD.
Inventors:
Yong Ki Lee, Sun-Soo Shin, Jonghoon Shin, Kyoung Moon Ahn, Ji-Su Kang, Kee Moon Chun
Abstract: A method for embedding information in an image includes defining a code corresponding to a unit of content where the code includes at least one character. The method includes defining a cryptographic representation for each character of the at least one character in the code. Each cryptographic representation includes a group of regularly spaced mark locations and each mark location has a mark selected from a normative mark or a native mark. A pattern of marks in the group of regularly spaced mark locations is unique to each character of the at least one character in the code. The method includes embedding the cryptographic representation for each character of the at least one character of the code into at least a portion of an image. A distance between mark locations in the image indicates an orientation of the image.
Abstract: A computerized method manages passwords to unlock an electronic device from a standby mode by taking changed GPS coordinates of a location of the electronic device and utilizing the changed coordinates in preset formulas to establish and require a new password in substitution for a current password, to allow unlocking of the electronic device.
Type:
Grant
Filed:
May 22, 2013
Date of Patent:
October 13, 2015
Assignees:
Fu Tai Hua Industry (Shenzhen) Co., Ltd., HON HAI PRECISION INDUSTRY CO., LTD.
Abstract: A computer-implemented method for introducing variation in sub-system output signals to prevent device fingerprinting may include (1) intercepting, on a computing device, an output signal sent from a sub-system device on a computing device to a software component on the computing device, (2) identifying a margin of error for the output signal, (3), creating a modified output signal by introducing variation into the output signal in such a way that (a) the variation does not exceed the margin of error for the output signal and (b) the modified output signal cannot be used to identify the computing device, and (4) sending the modified output signal to the software component. Various other methods, systems, and computer-readable media are also disclosed.
Abstract: In accordance with an example embodiment of the present invention, there is provided a method comprising: maintaining a local database of trusted uniform resource locators (URL) where an URL is qualified to said database based on fulfilling predetermined criteria; detecting a request to access a uniform resource locator (URL); obtaining reputation data for the URL from a reputation server or from a local reputation scanner; comparing the obtained reputation data of the requested URL with the reputation data of the requested URL that is stored in the local database of trusted URLs if any; if there is a conflict between the reputation data obtained and the reputation data stored in the local database of trusted URLs, using the reputation data stored in the local database of trusted URLs to determine whether access to the URL is allowed.
Abstract: A computer-implemented method for adjusting suspiciousness scores in event-correlation graphs may include (1) detecting a suspicious event involving a first actor and a second actor within a computing system, (2) constructing an event-correlation graph that includes (i) a representation of the first actor, (ii) a representation of the suspicious event, and (iii) a representation of the second actor, and (3) adjusting a suspiciousness score associated with at least one representation in the event-correlation graph based at least in part on a suspiciousness score associated with at least one other representation in the event-correlation graph such that the adjusted suspiciousness score associated with the at least one representation is influenced by the suspicious event. Various other methods, systems, and computer-readable media are also disclosed.
Type:
Grant
Filed:
December 23, 2013
Date of Patent:
September 29, 2015
Assignee:
Symantec Corporation
Inventors:
Acar Tamersoy, Kevin Roundy, Sandeep Bhatkar, Elias Khalil
Abstract: A mobile device management apparatus has a policy storage unit that receives a plurality of security policies, which are classified into a plurality of profiles assigned priorities of activation and in which operating states of functions of a mobile device are defined. A management server supplies the profiles and the security policies to the mobile device. A policy implementation unit selectively activates the profiles so that control of the mobile device functions can be carried out with minimal communication, and also in response to changing events.
Type:
Grant
Filed:
September 14, 2012
Date of Patent:
September 22, 2015
Assignee:
SAMSUNG SDS CO., LTD.
Inventors:
Hyun-Woo Jung, Jong-Sam Kim, Ho-Young Son, Ji-Joong Gil, Jin-Yong Kim
Abstract: Systems and methods for managing trust relationships. In some embodiments, a method may include receiving an indication of an in-person transaction between a first user and a second user; calculating, for the first user, a trust score associated with the second user, the trust score based, at least in part, upon the indication; and storing a record of the trust score. For example, the in-person transaction may include a face-to-face meeting.
Type:
Grant
Filed:
December 10, 2013
Date of Patent:
September 22, 2015
Assignee:
Dell Products, L.P.
Inventors:
Yuan-Chang Lo, Charles D. Robison, Clifton J. Barker
Abstract: Described are techniques for using a first secure communication connection between a first component and a second component to establish a second communication connection as another secure communication connection between the components. The first secure communication connection may be used to exchange fingerprints for digital certificates of the two components. The second communication may be used to exchange digital certificates of the two components. Each of the components may determine whether the received fingerprint of the other component matches a calculated fingerprint of the received certificate for the other component, and if so, the received certificate for the other component may be stored in a data store of said each component.
Type:
Grant
Filed:
December 23, 2013
Date of Patent:
September 22, 2015
Assignee:
EMC Corporation
Inventors:
Mingjiang Shi, Meiling Ge, Tianming Zhang, Gregory W. Lazar