Abstract: A system and method for downloading software is provided. When software is required to be downloaded to the mobile terminal, a software downloading tool on the computer terminal establishes a connection with the mobile terminal via a preloader port of the mobile terminal and sends a download agent to the mobile terminal. A preloader program of the mobile terminal checks whether the download agent is signed and encrypted by a private key matched with an RSA public key in the preloader program, and if yes, the mobile terminal utilizes the DA download agent to download the software. The method can effectively prevent illegal tools from having communication capability with the mobile phone by USB connection for data deletion or tampering, and reduce the possibility that a hacker damages “limiting function” of the mobile phone.

Abstract: The invention provides multiple secure virtualized environments operating in parallel with optimal resource usage, power consumption and performance. The invention provides a method whereby virtual machines (VMs) have direct access to the computing system's hardware without adding traditional virtualization layers while the hypervisor maintains hardware-enforced isolation between VMs, preventing risks of cross-contamination. Additionally, some of the VMs can be deactivated and reactivated dynamically when needed, which saves the computing system resources. As a result, the invention provides bare-metal hypervisor use and security but without the limitations that make such hypervisors impractical, inefficient and inconvenient for use in mobile devices due to the device's limited CPU and battery power capacity.

Abstract: A shoe is provided for use by a user and for use with an external reset system that is operable to transmit a reset signal. The shoe comprises a sole, a detector, a memory, a controller, and a receiver. The sole has a top surface for supporting the foot of the user when being worn by the user. The detector generates a parameter signal based on a detected parameter. The controller generates a control signal to activate said detector. The controller further generates a modification signal based on the received reset signal. The memory stores parameter data based on the parameter signal. The memory further modifies the stored parameter data based on the modification signal. The receiver receives the reset signal.

Abstract: A method to enforce secure boot policy in an IHS configured with a plurality of virtual machines. The method includes detecting a request for a virtual machine to access a service processor. In response to detecting the request, the method includes triggering a handshake request between a hypervisor boot emulator and the service processor to initiate a sequence of authentication steps to access a corresponding secure partition of memory from among a plurality of secure partitions of memory associated with the service processor. Each secure partition of memory has a corresponding virtual platform key for preserving secure access to the corresponding secure partition of memory stored in a secure platform. The method further includes dynamically generating unlock keys, derived in part by the corresponding virtual platform key, to authenticate a requesting virtual machine as a valid virtual machine to obtain access to a corresponding secure partition of memory.

Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. The methods include monitoring of user-side input-unit interactions, in general and in response to an interference introduced to user-interface elements. The monitored interactions are used for detecting an attacker that utilizes a remote access channel; for detecting a malicious automatic script, as well as malicious code injection; to identify a particular hardware assembly; to perform user segmentation or user characterization; to enable a visual login process with implicit two-factor authentication; to enable stochastic cryptography; and to detect that multiple users are utilizing the same subscription account.

Abstract: A system and method for homomorphic encryption in a healthcare network environment is provided and includes receiving digital data over the healthcare network at a data custodian server in a plurality of formats from various data sources, encrypting the data according to a homomorphic encryption scheme, receiving a query at the data custodian server from a data consumer device concerning a portion of the encrypted data, initiating a secure homomorphic work session between the data custodian server and the data consumer device, generating a homomorphic work space associated with the homomorphic work session, compiling, by the data custodian server, a results set satisfying the query, loading the results set into the homomorphic work space, and building an application programming interface (API) compatible with the results set, the API facilitating encrypted analysis on the results set in the homomorphic work space.

Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosing operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. Dark space in a network (unused IP addresses, unused ports and absent applications, and invalid usernames and passwords) is consumed by a BotSink such that attempts to access Darkspace resources will be directed to the BotSink, which will engage the source host of such attempts.

Abstract: Systems and methods for fast storage allocation for encrypted storage are disclosed. An example method may include receiving, by a processing device executing a hypervisor, an identification of a first storage block that has been released by a first virtual machine; tracking, by the hypervisor, an encryption status corresponding to the first storage block to indicate whether the first storage block contains encrypted content; receiving a request to allocate storage to a second virtual machine; analyzing, by the hypervisor, the first storage block to determine that the first storage block contains encrypted content in view of the encryption status corresponding the first storage block; and allocating the first storage block containing the encrypted content to the second virtual machine without clearing the encrypted content of the first storage block.

Abstract: The present embodiments relate to methods and apparatuses for side-band management of security for server computers. According to certain aspects, such management is directed to the security of data that is stored under the local control of the server, as well as data that flows through the network ports of the server. Such locally stored data is secured by encryption, and the encryption keys are managed by a management entity that is separate from the server. The management entity can also manage the security of network data flowing through the server using its own configuration of network security applications such as firewalls, monitors and filters.

Abstract: A technique injects code into a suspicious process containing malware executing on a node to enable remediation at the node. Illustratively, the technique may inject code into the suspicious process during instrumentation of the malware in a micro-virtual machine (VM) to monitor malicious behavior and to enable remediation of that behavior at a node embodied as an endpoint. According to the technique, code may be injected into the suspicious process during instrumentation in the micro-VM of the endpoint to restore states of kernel resources (e.g., memory) that may be infected (i.e., altered) by behavior (actions) of the malware.

Abstract: Embodiments include processes, systems, and devices for initiating proximity actions upon the activation of a proximity connection. A proximity service receives an indication from a proximity provider that a proximity connection is established, and then determines a joint proximity context of the proximity connection. The proximity service then initiates a proximity action to facilitate a proximity function indicated by the joint proximity context. Joint proximity contexts include indications that an application has queued content to be shared with a proximity device, that an application has registered to publish messages on a namespace, that an application has subscribed to messages on a namespace, that an application has registered to find a peer application on a proximity device to enable multi-user collaboration, and that a device seeks to pair with another device.

Abstract: Embodiments of systems and methods for fraud review are disclosed. The systems may comprise multi-tiered computing systems which may receive fraud alerts from multiple sources. A computing system in a tier may receive a fraud alert and use one or more fraud risk metrics to determine whether the fraud alert should be escalated. If the computing system determines that the fraud alert should be escalated, the computing system may transmit an escalation message to a higher tier computing system. If the computing system determines that the fraud alert should not be escalated, the computing system may transmit a message to a fraud prevention computing system. In some embodiments, the computing system may determine that the fraud alert is a false positive and transmit a false positive message to the source of the fraud alert such as a lower tier computing system.

Abstract: The invention presented herein is a system and method for automatically discovering communication capabilities for direct communication between endpoints across one or more unknown networks, the system comprising: a plurality of network-enabled endpoints configured with a module in wireless communication with a management database, the module configured to establish a communication path for direct communication between the network-enabled endpoints, independent of a NAT router.

Abstract: In one embodiment, a request may be received from a first cloud network of a hybrid cloud environment to transmit data to a second cloud network of the hybrid cloud environment, wherein the request can include a security profile related to the data. The security profile may be automatically analyzed to determine access permissions related to the data. Based at least in part on the access permissions, data can be allowed to access to the second cloud network.

Abstract: A computer program product according to some embodiments causes a processor to perform operations including disassembling executable code of an application program to provide disassembled code, identifying first wrapping code in the disassembled code, receiving second wrapping code, generating a consolidated application wrapper that manages operation of both the first wrapping code and the second wrapping code, inserting the second wrapping code and the consolidated application wrapper into the disassembled code to form modified disassembled code, and assembling the modified disassembled code to form modified executable code.

Abstract: Various embodiments are generally directed to techniques of creating or managing one or more virtual services using at least one application programming interface (API). At a plugin layer, a plugin integrator programmatically interfaces with and integrates one or more virtualization tools. The plugin integrator may be programmatically interfaced with the at least one API. At least one proxy agent may be used to run or consumer the one or more virtual services. The at least one API and the at least one proxy agent may be implemented in an abstraction layer.

Abstract: An electronic device having at least one operational setting, such as a power setting, with at least a first state and a second state. The electronic device may also include an access controller that can receive state data and authorization data from an external source such as a remote control. The access controller may enable a state of the operational setting upon receipt of proper authorization data received from or related to the output from at least one biometric sensor associated with the remote control.

Abstract: A method, computer product and computerized system, the method comprising: obtaining computer code, wherein the computer code is comprised of code blocks arranged in a first order and providing a functionality, wherein each code block of the code blocks comprises one or more program instructions; determining, by a processor, one or more constraints on reordering the code blocks in a second order, such that a second computer code comprising the code blocks arranged in the second order, when executed, provides the functionality; and providing the constraints to an automatic solver for determining the second order.

Abstract: System, computer program product, and method embodiments for communication between a kernel operational on a storage subsystem and a key manager (KM) through a hardware management console (HMC) to provide encryption support are provided. In one embodiment, pursuant to a data request by the kernel to the KM, data including a data payload is sent by the KM to the kernel to provide encryption support, the data payload corresponding to an event flow suborder type selected by the kernel for an event flow.

Abstract: Embodiments generally relate to out-of-band management of a computing system. The present technology discloses enable a primary service controller to provide a centralized configuration of multiple secondary service controllers so that they can share a same configuration. It can utilize an authentication-free protocol to modify and manage credentials for a large number of service controllers.

Abstract: A method and apparatus for a certificate authority system providing authentication to a plurality of devices associated with an organization are described. The method may include receiving, at the certificate authority system, a request from a device to sign authentication information of the device, wherein the device is associated with the organization. The method may also include sending a challenge to the device to perform an action with a system other than the certificate authority system, and receiving the response to the challenge from the device. Furthermore, the method may include verifying that the response was generated correctly based on the challenge, and signing the authentication information of the device with one or more keys of the certificate authority system as an authentication of an identity of the device.

Abstract: Technology is described for distributing an environment event stream and rendering of video for a three dimensional (3D) virtual environment using a distributed system. A method may include receiving an environment event stream from a first computing node. The environment event stream may be used by a virtual environment engine to modify a 3D virtual environment. A destination computing node for the environment event stream may be determined using a destination address stored by a broadcast repeater. Another operation may be sending the environment event stream from the broadcast repeater to the destination computing node at the destination address. In addition, a video of an environment copy of the 3D virtual environment may be rendered as modified by the environment event stream from a perspective of a virtual camera to provide rendering of the 3D virtual environment that is distributed.

Abstract: A method for processing content stored on a component is disclosed. A first partition of a first memory is encrypted with a first encryption key and a second partition of the first memory is encrypted with a second encryption key. The second encryption key is different from the first encryption key. The first encryption key is stored in a storage register of the component and the second encryption key is stored in a first location of a non-volatile memory. A memory address of the first location is stored in the first partition of the first memory.

Abstract: A method for execution by one or more processing modules of one or more computing devices of a dispersed storage network (DSN), the method begins by identifying, for data stored within a DSN memory, one or more encryption keys used to encrypt data stored within the DSN memory. The method continues by identifying, for data stored within a portion of the DSN memory requiring sanitization, a master key of the one or more encryption keys that encrypts all of the data stored within the portion to be sanitized. The method continues by determining, if the master key is not used to encrypt data stored outside of the portion to be sanitized. The method continues, if the master key is not used to encrypt data stored outside of the portion to be sanitized, by sanitizing the data stored within a portion of the DSN memory by erasing the master key.

Abstract: Various embodiments are generally directed an apparatus and method for receiving information to write on a clustered system comprising at least a first cluster and a second cluster, determining that a failure event has occurred on the clustered system creating unsynchronized information, the unsynchronized information comprising at least one of inflight information and dirty region information, and performing a resynchronization operation to synchronize the unsynchronized information on the first cluster and the second cluster based on log information in at least one of an inflight tracker log for the inflight information and a dirty region log for the dirty region information.

Abstract: A computer security architecture applies selected rules from among a set of rules defining one or more security policies to a given set of security context parameters to produce security verdicts, each representing whether a certain action requested by a subject entity is permissible. Each security policy is associated with a corresponding communication interface. A plurality of gateway engines are each associated with at least one of the subject entities and dedicated to interfacing with the security server. Each of the gateway engines carries out monitoring of requested actions by the associated subject entity and, for each requested action, identifies a security context. A security policy is determined for the requested action based on a corresponding security context, and a security verdict is obtained via a communication interface corresponding to the applicable security policy.

Abstract: Techniques described herein leverage a trusted entity within a domain to enable devices to establish trust with one another so they can securely discover each other and connect to one another. In various examples discussed herein, a device is configured to provide trust information to, and/or receive trust information from, the trusted entity. The trust information may include, for example, a public key of an encryption key pair, a certificate signed by the trusted entity proving authenticity, and/or a hash function and a hash seed used to compute a series of results that form a hash chain. The device may use the trust information to discover another device and to connect to the other device securely and automatically (e.g., with no user involvement or limited user involvement). Moreover, the device may use the trust information to dynamically change a MAC address being used to communicate with the other device.

Abstract: The disclosed computer-implemented method for protecting automated execution environments against enumeration attacks may include (1) monitoring a file that is undergoing a malware analysis in an automated execution environment, (2) while monitoring the file, detecting one or more behaviors exhibited by the file during the malware analysis in the automated execution environment, (3) determining, based at least in part on the behaviors exhibited by the file, that the file is attempting to discover one or more resources used in connection with the malware analysis, and then in response to determining that the file is attempting to discover the resources used in connection with the malware analysis, (4) terminating the malware analysis in an effort to undermine the file's attempt to discover the resources used in connection with the malware analysis. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A new device for detection and prevention of an attack on a vehicle via its communication channels, having: an input-unit configured to collect real-time and/or offline data from various sources such as sensors, network based services, navigation applications, the vehicles electronic control units, the vehicle's bus-networks, the vehicle's subsystems, and on board diagnostics; a database, for storing the data; a detection-unit in communication with the input-unit; and an action-unit, in communication with the detection unit, configured for sending an alert via the communication channels and/or prevent the attack, by breaking or changing the attacked communication channels. The detection-unit is configured to simultaneously monitor the content, the meta-data and the physical-data of the data and detect the attack.

Abstract: Methods and systems for key material management are disclosed. One system can include a virtual machine monitor (VMM) running on a host device and a number of virtual machines (VMs) running on the VMM, wherein the VMM is configured to perform key management to provide access by the number of VMs to key material required for the VMs to perform key management operations.

Abstract: Aspects of the subject matter described herein relate to a simplified login for mobile devices. In aspects, on a first logon, a mobile device asks a user to enter credentials and a PIN. The credentials and PIN are sent to a server which validates user credentials. If the user credentials are valid, the server encrypts data that includes at least the user credentials and the PIN and sends the encrypted data to the mobile device. In subsequent logons, the user may logon using only the PIN. During login, the mobile device sends the PIN in conjunction with the encrypted data. The server can then decrypt the data and compare the received PIN with the decrypted PIN. If the PINs are equal, the server may grant access to a resource according to the credentials.

Abstract: Applications and users can be restricted from making persistent changes to artifacts on a protected volume. In Windows-based systems that include a file-based write filter, a policy-based write filter can be positioned below the file-based write filter and can examine any write requests that target artifacts of a protected volume and are not redirected by the file-based write filter. The policy-based write filter can examine the write requests against any applicable policies to determine whether the write requests should be allowed to proceed. If the policy-based write filter determines that a write request is not allowed by policy, it can fail the write request to thereby prevent the targeted artifact from being updated in the protected volume.

Abstract: A method begins by a processing module receiving a checked write slice request from a requesting entity. The method continues by determining that locally stored encoded data slices do not include the requested encoded data slice. The method continues by identifying an alternate location for the requested encoded data slice. The method continues by determining whether the alternate location is associated with storage of the encoded data slice. The method continues when the alternate location is associated with the storage of the encoded data slice, by issuing a favorable checked write slice response to a requesting entity. The method can include facilitating transfer of the requested encoded data slice from the alternate location to the storage unit for storage.

Abstract: Systems and methods of disarming malicious code in protected content in a computer system having a processor are provided. The method includes determining that a received input file intended for a recipient is protected, the recipient may be connected to a network; accessing a credential associated with the intended recipient for accessing the protected input file; accessing the content of the protected input file based on the credential; modifying at least a portion of digital values of the content of the input file configuring to disable any malicious code included in the input file, thereby creating a modified input file; and protecting the modified input file based on the credential associated with the intended recipient. The method also includes forwarding the protected modified input file to the intended recipient in the network.

Abstract: In embodiments of the present invention improved capabilities are described for the operation of a threat management facility, wherein the threat management facility may provide for a plurality of computer asset protection services to a corporate computer network. The threat management facility may provide a policy management service as one of the plurality of protection services, wherein the policy management service may be adapted to provide corporate policy updates to a plurality of computer facilities associated with the corporate computer network. In addition, the corporate policy updates, and a related corporate policy, may relate to the acceptability of an operation of a computer application.

Abstract: Techniques to contain lateral movement of attackers through just-in-time (JIT) provisioned accounts comprising an account management component to receive a request from a first account via a client device for a second account to access a server device in a set of server devices, an account authorization component to authorize the request for the second account based at least partially on account information associated with the first account, an account provisioning component to provision the second account to enable a client to access the server device, and an account notification component to provide account information associated with the second account to a client via the client device. Other embodiments are described and claimed.

Abstract: Migrating support for a web browsing session between a virtual machine and a host operating system. A web session is supported by a first virtual machine which executes on a computer system. Upon receiving a request for the web session to enter an unprotected mode, support for the web session is migrated from the first virtual machine to a host operating system of the computer system. In unprotected mode, web sessions are supported by the host operating system rather than by a virtual machine. After migrating support for the web session to the host operating system, a visual cue indicating that the unprotected mode is active is displayed. After receiving a request to exit the unprotected mode, support for the web session is migrated from the host operating system to a second virtual machine executing on the computer system and the visual cue is removed.

Abstract: An apparatus and method for hardware protection of a virtual machine monitor (VMM) runtime integrity watcher is described. A set of one or more hardware range registers that protect a contiguous memory space that is to store the VMM runtime integrity watcher. The set of hardware range registers are to protect the VMM runtime integrity watcher from being modified when loaded into the contiguous memory space. The VMM runtime integrity watcher, when executed, performs an integrity check on a VMM during runtime of the VMM.

Abstract: A method at an authentication server for multi-factor authentication of an electronic device, the method including receiving at the authentication server a request for authentication of the electronic device; sending information to the electronic device; receiving a response based on the information sent to the electronic device, the response further including an authentication time limit; authenticating the response; and storing the response and time limit upon verification of the response.

Abstract: Providing streaming of applications from streaming servers onto clients. The applications are contained within isolated environments, and the isolated environments are streamed from the servers onto clients. The system may include the option of running both in on-line and off-line. When on-line, the system may include authentication of the streaming servers and authentication of clients and credentialing of the isolated environments and applications the clients are configured to run. The system may further include encrypted communication between the streaming servers and the clients. When off-line, the system may include the ability to run already installed isolated environments without requiring credentialing. The system may further include a management interface where administrators may add, remove and configure isolated environments, configure client policies and credentials, and force upgrades.

Abstract: A storage-area network (SAN) system includes one or more storage drives directly connected to a fabric. Each storage drive provisions and operates a drive volume, and creates a security token for the drive volume. The system includes a client computing device directly connected to the fabric, and that executes a SAN software agent to create, mount, and use a logical volume realized by drive volumes of the storage drives. The client computing device accesses each drive volume using the security token for the drive volume. The system includes a SAN manager directly connected to the fabric that manages the drive volumes of the storage drives, manages the logical volume that the SAN software agent operates, receives from each storage drive the security token for the drive volume of the storage drive, and sends the security token for the drive volume of each storage drive to the SAN software agent.

Abstract: A system for distributing virtual entity behavior profiling in cloud deployments is disclosed. In particular, the system may include conducting entity behavior profiling closer to where data and data logs are generated, such as at a hypervisor server, in a distributed fashion. By doing so, the system may reduce bandwidth consumption typically associated with transferring data to a central processing system, may be able to use more data collected closer to sources of data generation, and may provide faster reaction times because of the faster processing of data enabled by the system. Additionally, the system may assist with reducing false positives associated with malware detection and other compromises associated with entities by aggregating the results of distributed computations at different sites.

Abstract: A computer implemented method is disclosed for obfuscating an algorithm. The computer-implemented method includes (1) receiving ciphertext input data, and (2) executing obfuscated program instructions using the ciphertext input data and an obfuscation key. The ciphertext input data is based on plaintext input data encrypted using an input encryption key. The obfuscated program instructions are configured for concealing initial program instructions. The initial program instructions are configured for (1) receiving the plaintext input data, (2) providing plaintext output data based on an algorithm, and (3) providing ciphertext output data. The ciphertext output data is configured for decryption to provide the plaintext output data.

Abstract: A computing system and method to implement a three-dimensional virtual reality world having user created virtual objects. During the creation of a virtual object, a user of the virtual reality world identifies components and/or resources of the virtual object, such as a mesh model defining the shape of the virtual object, an image specifying the appearance of the virtual object, and a script defining the run time behavior of the virtual object. The computer system examines the components and/or resources duration the creation process of the virtual object to detect and/or address security threats and/or performance hurdles. Before the approval of the publication of the virtual object in the virtual world, the computer system performs a simulation of the rendering of the virtual object to detect security threats and evaluate performance impacts.

Abstract: A communication terminal device includes: an application acquisition section that acquires an application prepared to operate an image forming apparatus; an instruction acceptance section that accepts an operation instruction for processing indicated by the application; a processing executing section that makes the application runnable under an operating system of the communication terminal device and executes, in accordance with the application, the processing indicated by the operation instruction accepted by the instruction acceptance section; and a communication section that sends to the image forming apparatus a result of the processing executed by the processing executing section and an operation request.

Abstract: A method of a first device and an electronic device are provided. The method includes receiving a request signal related to contents stored in the first device from a second device communicatively coupled to the first device; transmitting the contents to the second device in response to the request signal, wherein the contents are security applied contents; and releasing the security of the contents by authenticating a user related to the contents.

Abstract: A method for authorizing I/O (input/output) commands in a storage cluster is provided. The method includes generating a token responsive to an authority initiating an I/O command, wherein the token is specific to assignment of the authority and a storage node of the storage cluster. The method includes verifying the I/O command using the token, wherein the token includes a signature confirming validity of the token and wherein the token is revocable.

Abstract: An individualized software container is provided. The software container may be created by a remote entity. The software container may be located on a computer of a local entity. The software container may provide an entity separation between the local entity and at least one other entity. The software container may encompass a plurality of containers. The software container may communicate with a plurality of other software containers. The plurality of other software containers may be associated with at least one other entity. The software container may host its own database. The software container may include a plurality of security features associated with the remote entity. The software container may include a container-encrypted fingerprint (“CEF”). The CEF may enable encrypted end-to-end connection between the software container and the remote entity. The CEF may leverage fingerprinting and/or tokenization of the software container.

Abstract: The invention relates to a method for computer systems based on the ARM processor, for example mobile devices, wherein the ARM processor provides fully hardware isolated runtime environments for an operating system (OS) and Trusted Execution Environment (TEE) including an embedded trusted network security perimeter. The isolation is performed by hardware ARM Security Extensions added to ARMv6 processors and greater and controlled by TrustWall software. The invention therefore comprises an embedded network security perimeter running in TEE on one or more processor cores with dedicated memory and storage and used to secure all external network communications of the host device. The invention addresses network communications control and protection for Rich OS Execution Environments and describes minimal necessary and sufficient actions to prevent unauthorized access to or from external networks.