Abstract: The systems and methods enforcing communications semantics on a private network, comprising: establishing a secure and encrypted private network with a whitelist of two or more profiles using alias and digital keys; associating each profile with equal access and control irrespective of its associated computing device capability; embedding communication information at source or destination in secure endpoint object; embedding communication information in transit in a secure conversation object wherein each conservation object has one or more message objects with one or more attributes comprising of source address, destination address, time sent, or time received; enforcing one or more of distribution parameters or life cycle parameters for the communication information.

Abstract: In a network system that connects a site 100 and a site 200 to each other via an open network and a closed network, an interface 131 performs control so that format information of confidential information can pass but the confidential information cannot pass therethrough between a computer 111 and a computer 121. An interface 231 performs control so that format information of confidential information can pass but the confidential information cannot pass therethrough between a computer 211 and a computer 221.

Abstract: An apparatus may include a processor that may be caused to receive an authentication request to authenticate a user. The authentication request may include a one-time username associated with an identity of the user and a secret credential of the user. The processor may further identify, in a user registry, a unique user identifier based on the one-time username, and authenticate the user based on the unique user identifier and the secret credential. The apparatus may update the user registry to prevent the one-time username from being used again to identify the user for authentication.

Abstract: Various embodiments relating to exchanging a cryptographic key between a display device and an input device via electrostatic communication are disclosed. In one embodiment, an interactive communication device includes one or more electrodes and a radio transceiver. The one or more electrodes may be excited to capacitively couple with one or more electrodes of a proximate communication device so as to capacitively send a cryptographic key from the interactive communication device to the proximate communication device. The radio transceiver may be configured to communicate with a radio transceiver of the proximate communication device via a radio channel. The interactive communication device may be configured to subsequently exchange encrypted communications with the proximate communication device over the radio channel. The encrypted communications may be encrypted using the cryptographic key.

Abstract: The present invention provides the initiation of a transport layer security (TLS) session between a client device and a server using a firewall without interruption. The present invention holds a TLS hello message received from the client device until after the server has been validated. A firewall consistent with the present invention does not interrupt a transport layer control (TCP) connection that was established between the client device and the firewall before the TLS hello message was received by the firewall.

Abstract: An approach is provided in which an information handling system creates a first language profile corresponding to a first user account in response to determining that the first user account generated a first offensive message. The information handling system computes an accumulated risk score of the first user account based on correlating the first language profile to a second language profile corresponding to a second user account that generated a second offensive post. The accumulated risk score is based on a first risk score of the first user account and a second risk score of the second user account. In turn, the information handling system generates a notification in response to determining that the accumulated risk score reaches a risk threshold.

Abstract: A single sign-on is implemented in an online transaction processing system. A security token extracted from a transaction request is received. The security token is validated and, in response to a positive validation, security information is extracted. The security information is processed to validate the transaction request and a set of validation attributes is generated. The set of validation attributes is stored in a read-only data object. A transaction server is notified of the read-only data object to authorize processing of the transaction request by the transaction server.

Abstract: A method for booting and dumping a confidential image on a trusted computer system. Embodiments of the present invention disclose deploying a secure boot image and encrypted client data from a client to a trusted computer system. Embodiments of the present invention disclose booting a confidential image on a trusted computer system. Embodiments of the present invention also disclose a process of dumping a confidential image on the trusted computer system.

Abstract: A computer implemented anti-tamper system employing runtime profiling of software in order to decide where to inject integrity checks into the software, to enable verification of whether or not the software has been tampered with. Runtime profiling and analysis is used to record information about the application, in order to establish the locations and targets of runtime integrity checks in order to optimize protection security, while minimizing the performance penalty and the need for hand configuration.

Abstract: An approach for regional firewall clustering for optimal state-sharing of different sites in a virtualized/networked (e.g., cloud) computing environment is provided. In a typical embodiment, each firewall in a given region is informed of its peer firewalls via a registration process with a centralized server. Each firewall opens up an Internet protocol (IP)-based communication channel to each of its peers in the region to share state table information. This allows for asymmetrical firewall flows through the network and allows routing protocols to ascertain the best path to a given destination without having to take firewall placement into consideration.

Abstract: Embodiments of the present invention provide an approach for allowing a user to capture a set of values for a set of input parameters in a template that may be used for present and/or future provisioning of virtual resources. Under this approach, the template may be managed within a networked computing environment (e.g., cloud computing environment) for future use by the creating user or other authorized users. The next time the user is interacting with the environment, the set of templates available may be accessed, and the user can select/utilize a previously stored template. Once a template is chosen, the user may initiate a provisioning request from the environment's interface(s), which may include graphical user interfaces (GUIs), command lines, application programming interfaces (APIs), etc. In any event, the user may also have the opportunity to update any saved data and/or provide additional data.

Abstract: A virus detection engine determines that a file is suspected of being malware. A property is retrieved, along with the same file property of other executable files within the same folder. If the property value is similar to property values of the other files then the suspect file is benign. If the number of matches is greater than a threshold then the suspect file is benign. Other file properties of the suspect file are compared. If no file properties are similar to properties of the other files then the suspect file is malware and an alert is generated. The longest common subsequence compares property values. The same property value may be added to files within the same folder after these files are installed on the computer but before any detection takes place. A comparison of the same property values concludes that files are not malware, even if they are suspect.

Abstract: A system for and method of securely provisioning a module with cryptographic parameters, such as cryptographic keys and key tables, is presented. Such modules may be used to enable encrypted communications between mobile phones to which they are coupled. The system and method prevent a malevolent individual involved in manufacturing the modules from compromising the security of the module. In particular, the modules are provisioned by an entity different from the manufacturer.

Abstract: A method and system for remotely removing metadata from electronic documents includes receiving an electronic document from an electronic device, determining that the electronic document includes a pre-determined type of metadata, and generating a request for confirmation that at least a portion of the pre-determined type of metadata should be removed. Based on the confirmation, at least a portion of the pre-determined type of metadata is removed from the electronic document before it is transmitted.

Abstract: A processor can be used to ensure that program code can only be used for a designed purpose and not exploited by malware. Embodiments of an illustrative processor can comprise logic operable to execute a program instruction and to distinguish whether the program instruction is a legitimate branch instruction or a non-legitimate branch instruction.

Abstract: A communication system provides secure communication between two nodes in a self-organizing network without the need for a centralized security or control device. A first node of the two nodes is provisioned with one or more security profiles, auto-discovers a second node of the two nodes, authenticates the second node based on a security profile of the one or more security profiles, selects a security profile of the one or more security profiles to encrypt a communication session between the two nodes, and encrypts the communication session between the two nodes based on the selected security profile. The second node also is provisioned with the same one or more security profiles, authenticates the first node based on a same security profile as is used to authenticate the second node, and encrypts the communication session based on the same security profile as is used for encryption by the first node.

Abstract: A shared computing infrastructure has associated therewith a portal application through which users access the infrastructure and provision one or more services, such as content storage and delivery. The portal comprises a security policy editor, a web-based configuration tool that is intended for use by customers to generate and apply security policies to their media content. The security policy editor provides the user the ability to create and manage security policies, to assign policies so created to desired media content and/or player components, and to view information regarding all of the customer's current policy assignments. The editor provides a unified interface to configure all media security services that are available to the CDN customer from a single interface, and to enable the configured security features to be promptly propagated and enforced throughout the overlay network infrastructure.

Abstract: Dynamic risk communication associated with a computer device may include automatically detecting one or more security risk factors for the computer device based on current context information associated with the computer device. Whether an attempt is being made via the computer device to manipulate the one or more risk factors in an attempt to reduce a security level of a computer-implemented authentication procedure may be determined. Responsive to determining that the attempt is being made to manipulate the one or more risk factors, a new challenge for additional identification may be communicated for presentation on a user interface device of the computer device while suppressing one or more security risk factors from being presented on the user interface device. Responsive to determining that an attempt is not being made to manipulate the one or more risk factors, the new challenge and one or more security risk factors may be communicated.

Abstract: The present invention concerns an Interconnect device, comprising a first interface to a first network, a second interface to a second network, a bridge for connecting said first interface to said second interface, a router comprising routing means, and a local server. The interconnect device comprises means for detecting a device located on the first network which is able to communicate with a device located on said second network, and means for classifying the device as being a device of a first type or a device of a second type, The interconnect device comprises means for using the routing means for the first type device, and not using the routing means for the second type device.

Abstract: Some embodiments of proxy-less Secure Sockets Layer (SSL) data inspection have been presented. In one embodiment, a secured connection according to a secured network protocol between a client and a responder is setup via a gateway device, which is coupled between the client and the responder. The gateway device transparently intercepts data transmitted according to the secured network protocol between the client and the responder. Furthermore, the gateway device provides flow-control and retransmission of one or more data packets of the data without self-scheduling the packet retransmissions using timeouts and based on the packet retransmission logic of either the client-side or the responder side of the connection. The gateway device is further operable to perform security screening on the data.