Abstract: Systems, computer program products, and methods are described herein for creating reusable resource-centric threat models and identifying controls for securing resources within a network. The present invention is configured to determine that an internal resource in a network requires protection from unauthorized external access; electronically receive information associated with the internal resource within the network; determine one or more threat vectors associated with the internal resource; electronically retrieve from a controls library, a control template associated with a resource category matching the resource category of the internal resource; and apply the control template to the internal resource.

Abstract: A method includes collecting system calls and call parameters invoked by monitored applications for target computer systems. The system calls and call parameters are received from operating system kernels on the plurality of target computer systems. Sequences of systems calls and call parameters of the monitored applications are correlated among different target computer systems to deduce malicious activities. Remedial action(s) are performed in response to malicious activities being deduced as being malicious by the correlating. Another method includes determining that network activity at a specific time is deemed to be suspicious. Using IP addresses involved in the suspicious network activity, computer system(s) are determined that are sources of the suspicious network activity. Based on the specific time and the determined computer system(s), application(s) are determined that are executing on the determined computer system(s) that are causing the suspicious network activity.

Abstract: Described systems and methods allow a mobile device, such as a smartphone or a tablet computer, to protect a user of the respective device from fraud and/or loss of privacy. In some embodiments, the mobile device receives from a server a risk indicator indicative of whether executing a target application causes a privacy risk. Determining the risk indicator includes automatically supplying a test input to a data field used by the target application, the data field configured to hold a private item such as a password or a geolocation indicator. Determining the risk indicator further comprises determining whether a test device executing an instance of the target application transmits an indicator of the test input, such as the test input itself or a hash of the test input, to another party on the network.

Abstract: There is provided an anti-malware mobile content data management apparatus, for use in managing content data within an input electronic file containing content data to be sent over a wireless network including at least one mobile device being served by the wireless network, at least one tokenizer to tokenize the content data contained within the input electronic file into a tagged generic representation of the content data, a content management engine to apply a predetermined content management policy to the tagged generic representation of the content data to form content-managed tagged generic content data and a validator to create validated content-managed content data by being arranged to ensure the content-managed content data represented in the content-managed tagged generic representation conforms to any predefined limits and rules applied to each form of content data appearing in the content data of the input electronic file, wherein an output of the validator is operably coupled to the wireless netwo

Abstract: A method, system and devices for creating access to a wireless communication device by using BAN, comprising detecting the presence of a user's body by using a BAN enabled access module connected to the wireless communication device, collecting biometric data of the user and receiving authentication data from a BAN enabled peripheral device through BAN by using the BAN enabled access module and allowing access to the wireless communication device if the collected biometric data and the received authentication data are valid.

Abstract: Methods and systems for determining consecutive matches are provided. According to one embodiment, a class definition and a data stream are received by a network security device. The data stream is partitioned into multiple data blocks each containing N data segments. Each data block is processed in parallel to compute: (i) a value (F) indicating whether every data segment value meets the class definition; (ii) a value (L) indicating a number of consecutive data segment values meeting the class definition starting from the left; (iii) a value (M) indicating a maximum number of consecutive data segment values meeting the class definition; and (iv) a value (R) indicating a number of consecutive data segment values meeting the class definition starting from the right. Corresponding values for each data block are then aggregated to determine a maximum number of consecutive data segment values meeting the class definition for the entire data stream.

Abstract: Methods and systems for activating a display security application and initiating a privacy measure on a computing device are provided. A user opens and turns on an application on the computing device, which monitors the security of the screen. The security feature recognizes when an unauthorized user is within viewing range of the display of the computing device. The user is prompted to initiate a privacy measure or ignore the unauthorized user. If the user initiates the privacy measure, the unauthorized user is prevented from seeing the content on the display. The user may terminate the privacy measure when the unauthorized user is no longer within viewing range of the display.

Abstract: A method of authorizing use of a computer program only able to be used when an authorized message is received from an authorizing system includes providing an authorization system, making a request to use a computer program, signalling the request to the authorization system, the authorization system recording the use of the computer program and providing the authorization message to the computer program upon receipt of the authorization message the computer program may be used.

Abstract: An integrated circuit has a first scan cell segment, a second scan cell segment connected to one or more hidden content, and a scan cell circuit connected to the first scan cell segment and the second scan cell segment. The scan cell circuit alternatively provides access to the first scan cell segment and the second scan cell segment based on a state of the scan cell circuit.

Abstract: A computing device may determine to capture biometric information in response to the occurrence of one or more trigger conditions. The trigger condition may be receipt of one or more instructions from one or more other computing devices, detection of potential unauthorized use by the computing device, normal operation of the computing device, and so on. The computing device may obtain biometric information and may store such biometric information. Such biometric information may be one or more fingerprints, one or more images of a current user of the computing device, video of the current user, audio of the environment of the computing device, forensic interface use information, and so on. The computing device may then provide the stored biometric information for identification of one or more unauthorized users.

Abstract: A transparent method, and systems, for secure file transmission from a first computing device of a sender to a recipient computing device, comprising the steps of: selecting a group, at least one recipient having a recipient computing device and a file from the first computing device; selecting a lockbox option at the first computing device to securely transmit the file to a lockbox situated at the at least one recipient computing device; iteratively selecting a location on at least one recipient computing device where the file is to be dispatched by performing a set of lockbox content version control operations at the first computing device until a valid location on the at least one recipient computing device is selected; dispatching the file at the valid location and presenting an indication that the file is dispatched with the lockbox option; and displaying the file.

Abstract: Various integrated circuits protect hidden content e.g., embedded instruments, keys, data, etc.) using scan cell circuit(s). For example, a first scan cell circuit is connected to the hidden content, and a second scan cell circuit is connected to the first scan cell circuit forming all or part of a serial data path. The first scan cell circuit provides access to the hidden content whenever the first scan cell circuit is in a first specified state and prevents access whenever the first scan cell circuit is in a different state. The first scan cell circuit does not interrupt the serial data path when the first scan cell circuit is in the different state. The second scan cell circuit changes an operational characteristic of the first scan cell circuit whenever the second scan cell circuit is in a second specified state. In some cases, the second scan cell circuit can be eliminated.

Abstract: A method, a secure device and a computer program product for securely managing files. The method includes providing a secure device, where the secure device is protected by design against malicious software or malware and adapted to establish a connection to a server via a host, the host connected to the server through a telecommunication network, upon receiving a request for using a file stored on the secure device, processing the request at the secure device according to an updated use permission associated to the file, where the updated use permission is obtained by instructing at the secure device to establish a connection between the secure device and the server via the host and updating at the device the use permission associated to the file, according to permission data sent from the server through the established connection.

Abstract: Example embodiments of the present invention relate to a method, an apparatus, and a computer program product for privacy audit support via provenance-aware systems. The method includes associating a first identifier with a first data object and associating a second identifier with a second data object derived from the first data object according to a control object. Metadata for the second data object identifying the first data object and identifying the control object then may be stored.

Abstract: A rules evaluation engine that controls user's security access to enterprise resources that have policies created for them. This engine allows real time authorization process to be performed with dynamic enrichment of the rules if necessary. Logging, alarm and administrative processes for granting or denying access to the user are also realized. The access encompasses computer and physical access to information and enterprise spaces.

Abstract: A computer-implemented system and method for secure electronic message exchange including coupling a control platform to a workstation of a plurality of workstations via a communications medium, where the control platform includes one or more apparatuses for monitoring, controlling, conversion, and billing, related to messages exchanged between a plurality of local users and a plurality of remote users. The system prevents forwarding or copying of a message sent by a local user of the plurality of local users and received by a remote user of the plurality of remote users, to another party by the control platform. The system and method also provides for authenticating the remote user with the control platform.

Abstract: An image forming apparatus controls the use of a remote user interface (RUI) by requesting authentication with an RUI access password from a client device in a case where the RUI access password is set. In a case of a department ID management setting, the security setting is different from the RUI access password setting. In this situation, the image forming apparatus requests authentication with the department ID, and then controls the use of the RUI based on the result of the authentication.

Abstract: Techniques for tagging packets within a network fabric. An authentication device for a network fabric receives a first packet originating from a source device, in transit to a destination device, corresponding to a first network flow. User identification information corresponding to an authenticated user of the source device is inserted into a Network Services Header of the first packet. Embodiments receive a second packet that corresponds to the first network flow at the authentication device, the second packet including service identification information within a Network Services Header of the second packet that identifies a service type of the network flow. Upon receiving a third packet for the first network flow, the authentication device inserts the user identification and the service identification information into a Network Services Header of the third packet.

Abstract: Various embodiments of systems and methods of network nodes authentication are described herein. In one aspect, a provisioning of an application in a specified computing environment is requested, where the application is operable of providing at least one kind of services to online clients. One or more servers are instantiated to deploy the application, where at least one of the servers may be a virtual machine. A globally unique identifier (GUID) for the application is generated and embedded in a security certificate associated with the deployed application. A correspondence between the GUID and the network address or the host name of the server is stored. In another aspect, a server request is forwarded for processing by the application or canceled based on a comparison between the network address or the host name of the server deploying the application, and the network address or the host name corresponding to the GUID.

Abstract: Embodiments of the present invention include a method for providing a secure domain name system (DNS) for machine to machine communications. In one embodiment, the method includes storing policy information for machine to machine communications in a global DNS registry database server. The method further includes communicating the policy information for machine to machine communications from the global DNS registry database server to a machine DNS registry server located in an Internet service provider (ISP) network, wherein a control signaling gateway located in the ISP network is configured to utilize the policy information for machine to machine communications to allow only registered controllers associated with a machine to communicate with the machine.