Abstract: A message including a digital signature of a message originator is received at a processor. In response to determining that the message originator is authorized by a data protection policy to originate the message, a determination is made as to whether a specific authorized certificate issuer is configured for the message originator within a data protection policy. In response to determining that the specific authorized certificate issuer is configured for the message originator within the data protection policy, a determination is made as to whether a message originator certificate used to generate the digital signature of the message originator is issued by the specific authorized certificate issuer configured for the message originator within the data protection policy.

Abstract: The invention relates to a method for the use of a mobile appliance which is not associated with a motor vehicle using a motor vehicle, wherein a program which can be executed on the mobile appliance and a digital certificate associated with the program are stored in the mobile appliance, wherein the digital certificate is transmitted from the mobile appliance to the motor vehicle, wherein the digital certificate is verified in the motor vehicle, wherein—if verification of the digital certificate is successful—information associated with the program which can be executed on the mobile appliance is presented using a display in the motor vehicle, and wherein the program which can be executed on the mobile appliance is used using a user arrangement, associated with the display, in the motor vehicle.

Abstract: A security device may receive a request from an attacker device and intended for a server device. The security device may identify the request as being associated with a malicious activity. The malicious activity may include one or more undesirable tasks directed to the server device. The security device may generate an unsolvable challenge-response test based on identifying the request as being associated with the malicious activity. The unsolvable challenge-response test may be generated using at least one construction technique and may be configured in an attempt to block the attacker device without making the attacker device aware that the attacker device is being blocked. The security device may provide the unsolvable challenge-response test to the attacker device, and may receive a solution associated with the unsolvable challenge-response test. The security device may notify the attacker device that the solution is incorrect regardless of whether the solution is actually correct.

Abstract: Systems and methods are provided for determining an authentication attempt threshold. Authentication systems often have predetermined authentication attempt thresholds that may not be sufficient for some users and do not necessarily provide any increased security. Systems and methods provided for determining an authentication thresholds described herein may determine the authentication threshold based on certain factors in a user's authentication attempt history that may provide information about a user's probability of a successful authentication to provide additional security for users more likely to successfully authenticate while providing additional assistance to users who may be less likely to successfully authenticate.

Abstract: Systems and methods described herein relate to role-based authorization systems which allow customization of role templates as well as the ability, using roles, for one user to act on behalf of another user.

Abstract: The invention is directed to a system to authenticate an electronic message to a recipient in a sender's handwriting. The system has a server including a processor and a software application configured to execute instructions related to: identifying the electronic message composed by the sender, converting the electronic message composed by the sender into the sender's handwriting, where the sender's handwriting is in an electronic format; the electronic format defining a sender's electronic handwriting message, formatting the sender's electronic handwriting message to correspond to the formatting of the electronic message composed by the sender, encrypting the sender's electronic handwriting message to restrict readability of contents, and transmitting the sender's electronic handwriting message to the recipient.

Abstract: A method of scanning secure data in a data store is performed in a manner that does not expose the scan data, the files being searched, or information about when matches occur between the scan data and the files. During the scan process, encrypted versions of searched files are compared to encrypted versions of match strings, and any resulting match data is encrypted before being written into a results file. In addition, to disguise when match entries are written, during the scan one or more encrypted dummy items are written into the results file.

Abstract: A system for securing an electronic device may include a memory, a processor; one or more operating systems residing in the memory for execution by the processor; and a security agent configured to execute on the electronic device at a level below all of the operating systems of the electronic device accessing the memory. The security agent may be further configured to: (i) trap attempted accesses to the memory, wherein each of such attempted accesses may, individually or in the aggregate, indicate the presence of self-modifying malware; (ii) in response to trapping each attempted access to the memory, record information associated with the attempted access in a history; and (iii) in response to a triggering attempted access associated with a particular memory location, analyze information in the history associated with the particular memory location to determine if suspicious behavior has occurred with respect to the particular memory location.

Abstract: A device may detect an attack. The device may receive, from a client device, a request for a resource. The device may determine, based on detecting the attack, a computationally expensive problem to be provided to the client device, where the computationally expensive problem requires a computation by the client device to solve the computationally expensive problem. The device may instruct the client device to provide a solution to the computationally expensive problem. The device may receive, from the client device, the solution to the computationally expensive problem. The device may selectively provide the client device with access to the resource based on the solution.

Abstract: A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user's position or department), behavioral attributes, and other criteria.

Abstract: The present invention discloses methods and devices for securing keys for a non-secure computing-environment.

Abstract: A system and method for providing a variety of medium access and power management methods are disclosed. A defined frame structure allows a hub and a node to use said methods for secured or unsecured communications with each other. Contended access is available during a random access phase. The node uses an alternate doubling of a backoff counter to reduce interference and resolve collisions with other nodes attempting to communicate with the hub in the random access phase. Non-contended access is also available, and the hub may schedule reoccurring or one-time allocation intervals for the node. The hub and the node may also establish polled and posted allocation intervals on an as needed basis. The node manages power usage by being at active mode at times during the beacon period when the node is expected to transmit or receive frames.

Abstract: A method for operating a computing system with a trusted processor include generating a secret cryptographic key based on a physically unclonable function in at least one hardware component in the trusted processor, generating a first public key and first private key using first secret cryptographic key, and executing instruction code corresponding to a first software program. The method further includes generating output data with the trusted processor during execution of the first software program, generating encrypted data corresponding to the output data using the first public key for at least a portion of the encryption, generating a signature of the encrypted data, and transmitting with an input/output (I/O) interface operatively connected to the trusted processor the encrypted data and the signature for storage in an untrusted memory.

Abstract: The invention relates to an external connector for the production of an electronic card comprising an insulating support that defines an outside face and an inside face opposite one another and a plurality of external metal contact pads. This external connector additionally comprises a plurality of metal projections located on the side of the inside face of the insulating support and respectively connected electrically to at least one subassembly of the plurality of external metal contact pads and/or to contact pads linked to an electronic unit, which is arranged on the inside face of the insulating support, wherein these metal projections are intended to be inserted into individual cavities of the body of the electronic card, and metal contact pads linked to an electronic unit inside the card body and/or an antenna incorporated in this card body are located at the base of these cavities.

Abstract: Methods, systems, and apparatus are disclosed for generating one or more device identifiers based on a public key associated with a respective device. Various embodiments include condensing and/or hashing a device public key to generate the corresponding device identifier. By using the relationship between a device public key and its device identifier, public key exchanges are implemented to verify this relationship and facilitate device enrollment into one or more networks. The embodiments further describe enrolling one or more devices into networks and/or authorizing devices to enroll one more devices into networks based on public key exchanges and verification that the one or more device identifiers match the respective public keys. Embodiments for authorizing other devices describe a first device enrolling a second device in a first network and authorizing a third device to enroll the second device in a second network using an exchange of public keys and/or messages.

Abstract: A technique performs authentication before delivering a token to a client device. The technique involves receiving a first message from a first application on the client device, the first message including a token request and a first set of authentication factors. The technique further involves receiving a second message from a second application on the client device, the second message including an authentication request and a second set of authentication factors. The technique further involves generating a result message which (i) provides access to a token for use by the client device when the first set of authentication factors is consistent with the second set of authentication factors, and (ii) rejects the token request when the first set of authentication factors is inconsistent with the second set of authentication factors. The client device may be a mobile device, and the first and second messages may be received via wireless communications.

Abstract: A computer-implemented method for identifying URLs that link to potentially malicious resources may include (1) compiling a set of URLs that link to at least one potentially malicious resource, (2) identifying a common pattern of characters included in the set of URLs that link to the potentially malicious resource, (3) deriving a regular expression capable of being used to identify additional URLs that link to one or more potentially malicious resources based at least in part on the common pattern of characters, and then (4) identifying at least one additional URL that links to at least one potentially malicious resource by (i) applying the regular expression to the additional URL and then (ii) determining that the additional URL links to the potentially malicious resource based at least in part on applying the regular expression to the additional URL. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present invention relates to a method, computer program product and system for de-identifying data, wherein a de-identification protocol is selectively mapped to a business rule at runtime via an ETL tool.

Abstract: Methods for preventing activation of hardware backdoors installed in a digital circuit, the digital circuit comprising one or more hardware units to be protected. A timer is repeatedly initiated for a period less than a validation epoch, and the hardware units are reset upon expiration of the timer to prevent activation of a time-based backdoor. Data being sent to the hardware unit is encrypted in an encryption element to render it unrecognizable to a single-shot cheat code hardware backdoor present in the hardware unit. The instructions being sent to the hardware unit are reordered randomly or pseudo-randomly, with determined sequential restraints, using an reordering element, to render an activation instruction sequence embedded in the instructions unrecognizable to a sequence cheat code hardware backdoor present in the hardware unit.

Abstract: A method and apparatus for secure communication in a digital two way radio protocol is disclosed herein. The method includes the step of, at an originating radio, generating at least one control value (505). The method further includes the step of generating an encryption key based on the at least one control value and a personal identification code at the originating radio (510). The method further includes the steps of encrypting data traffic with the encryption key to provide encrypted data traffic at the originating radio (515), transmitting the at least one control value to at least one target radio (525), and transmitting the encrypted data traffic to the at least one target radio (530).