Abstract: A public key authentication system and method for use in a computer system having a plurality of users. The system includes a virtual smart card server, storage connected to the virtual smart card server, and a virtual smart card agent connected to the virtual smart card server. The storage includes a plurality of virtual smart cards, wherein each virtual smart card is associated with a user and wherein each smart card includes a private key. The virtual smart card agent authenticates the user and accesses the authenticated user's virtual smart card to obtain the user's private key.

Abstract: An efficient symmetrical-cryptographic method for using a fast but insecure host to perform encryption/decryption based on a secret key in a secure, but slow hardware token, such as a smartcard or similar device, without revealing the secret key to the host, and such that the ciphertext and plaintext are exactly the same size. The present method is suitable for use in Digital Rights Management and Software Rights Management applications which require precise interchangeability of ciphertext and plaintext in pre-allocated areas of data storage.

Abstract: In one aspect, the present invention is directed to a method for detecting spyware activity, the method comprises the steps of: monitoring outgoing communication data sent from a user's computer; searching for predefined keywords within the communication data; indicating spyware activity in the user's computer by presence of at least one of the predefined keywords within the communication data, the keywords are selected from a group comprising: a signature of the spyware, personal information of the user, an addressee to where the communication data is sent. The method may further comprise: upon detecting a spyware activity in the user's computer, blocking communication from the computer. The method may further comprise removing the spyware. The blocking can be carried out at the user's computer, at the gateway to which the user's computer is connected, etc.

Abstract: A method and system for indicating an executable as Trojan Horse, based on the CRC values of the routines of an executable. The method comprising a preliminary stage in which the CRC values of the routines of known Trojan Horses are gathered in a database, and a stage in which indicating an executable as Trojan Horse is carried out by the correspondence of the CRC values of the routines of said executable to the CRC values of the known Trojan Horses, as gathered in said database. The system comprising means for calculating the CRC values of routines; means for identifying the borders of the routines of an executable; a database system, for storing the CRC values of routines of known Trojan Horses; and means for determining the correspondence between two groups of CRC values, thereby enabling detection of the correspondence of an executable to at least one known Trojan Horse.

Abstract: An authenticated digital confirmation of an installation or an update of a licensed computer data product, for providing the licensor with a validation that the installation/update was carried out as intended, and conveying relevant details of the installation/update. The installation/updating facility (internal software, external hardware device, or combination thereof) examines and documents the pre-installation/update state of the target computer system, performs the installation/update, examines and documents the post-installation/update state, and generates the confirmation, which is a summary or digest of the process and the status thereof. The confirmation is securely authenticated and sent to the licensor for validation, to be used for order fulfillment, billing and accounting, and other purposes.

Abstract: A public key authentication system and method for use in a computer system having a plurality of users. The system includes a virtual smart card server, storage connected to the virtual smart card server, and a virtual smart card agent connected to the virtual smart card server. The storage includes a plurality of virtual smart cards, wherein each virtual smart card is associated with a user and wherein each smart card includes a private key. The virtual smart card agent authenticates the user and accesses the authenticated user's virtual smart card to obtain the user's private key.

Abstract: A method for determining if a software program having a protective envelope has been cracked, and signaling an indication thereof. A direct determination is made of whether the protective envelope is intact or has been compromised by an attack, without requiring a license violation to occur. Executable code in the protective envelope generates an envelope confirmation which is validated by executable code in the program itself. Any disabling or separation of the envelope from the program will be detectable by the program at validation time. Provisions are made for a secure envelope confirmation, the use of arguments as input to the confirmation generation, and for incorporating information related to the computer and user to facilitate identifying the attacker. Signaled indications can include network messaging to alert the licensor that the program has been cracked.

Abstract: A method and system of computer program modules for extending the cover time of protection for a licensed software product, by increasing the difficulty and time required for an attacker to produce a workable cracked version of the program. When an attack is detected, critical information about the effectiveness of the attack are withheld from the attacker by simulating the behavior of a cracked program, thereby inducing the attacker to prematurely consider the attack successful. Latent license enforcement features are provided, whose activation is suspended until predefined environmental conditions are met.

Abstract: A method for issuing and updating a software program license for a computer, with a unique identifier data object embedded in the computer and referenced by the license. The unique identifier may also be used with a conventional computer fingerprint. The software program does not run on a computer without a license that references the unique identifier. The license is issued via a server over a network (such as the Internet) and must be regularly updated by the server. When updating, the present unique identifier is sent to the server, to verify that the unique identifier is the latest unique identifier issued for that license. If an unauthorized copy is made for operation on an unlicensed computer, such as by cloning the licensed computer, this is detected when the second computer is updated, because the unique identifier sent with the update request is no longer current.

Abstract: A method for preventing activating a malicious object passing through a checkpoint, and decreasing the overall inspection delay thereof, the method comprising the steps of: (a) at the checkpoint, creating an envelope file, being an executable file comprising: the object; code for extracting the object from the envelope file; and an indicator for indicating the integrity of the object; (b) forwarding the envelope file instead of the object toward its destination, while holding at least a part of the envelope file which comprises the indicator; (c) inspecting the object; and (d) setting the indicator on the envelope file to indicate the inspection result thereof, and releasing the rest of the envelope file.

Abstract: A user-computer interaction method for use by a population of flexibly connectible computer systems and a population of mobile users, the method comprising storing information characterizing each mobile user on an FCCS plug to be borne by that mobile user; and accepting the FCCS plug from the mobile user for connection to one of the flexibly connectible computer systems and employing the information characterizing the mobile user to perform at least one computer operation.

Abstract: What is provided is a computer-implemented method for protection of a program comprising a functional block, wherein the functional block is encrypted, additional code is added to the program and a protected program is thus generated, which is executable only in the presence of a predetermined license in a computer system which comprises a working memory, into which the protected program is loaded during execution, and a protection module for protection against unauthorized execution of the protected program, wherein, if the encrypted functional block is to be executed during execution of the protected program, the additional code is executed and, if a license is present, said additional code, together with the protection module, a) causes decryption of the functional block such that the functional block is present in the working memory of the computer system in decrypted form; b) allows execution of the decrypted functional block, and c) upon completion of execution of the decrypted functional block, causes

Abstract: A method of operating a computer system on which an application is installed comprises the steps of: verifying whether a predetermined run authorization for the application is present, and, in the absence of said predetermined run authorization, decreasing the speed of execution of the application on the computer system as compared to the speed of execution of the application in the presence of the predetermined run authorization.

Abstract: A method, system and computer-readable code for providing authentication services. In some embodiments, an attempt is made to match an IP address associated with a service and/or authentication request and user details of the request with an ISP account. In exemplary embodiments, if there is an indication that the IP address was issued by an ISP to a user matching the user details, the user is authenticated. In exemplary embodiments, a database of allowable dynamic and/or static IPs is maintained, and users are authenticated in accordance with contents of the maintained database. Systems, methods and computer-readable code for maintaining a database of allowable IPs are disclosed herein.

Abstract: Apparatus and methods for providing proxy and security services to one or more users via a publicly accessible network (e.g. the Internet) are disclosed Upon receiving a user request for content residing at a third-party location, a security server(s) retrieves the requested content from the third-party location, and monitors the retrieved content for suspected malicious code, which may be removed from the retrieved content before serving to the user. According to exemplary embodiments, the security server(s) is further operative to route value-added content to the user, for example, value-added content retrieved from various network sources. In some embodiments, this value-added content is associated with the request content from the third-party location. Exemplary value-added content includes but is not limited to advertisements (e.g. targeted advertisements), sponsored links, additional content mark-up, etc.

Abstract: The present invention, generally speaking, “instruments” an arbitrary software program, without changing the software program, to automate malfunction detection and reporting. Although users can be invited to enter a description of what the user was doing prior to receiving the error, report generation and transmission to a remote server can be fully automatic and transparent to the user. In the case of beta testing, therefore, a software developer is guaranteed to receive all pertinent information about malfunctions of an application without having to rely on “fallible humans” for this information. The effectiveness of beta testing, in terms of ultimately contributing to an improved product, is therefore greatly increased. Various kinds of malfunctions may be detected and reported, including an application “crashing,” becoming “hung,” etc.

Abstract: A system for preventing accurate disassembly of computer code. Such code masking, referred to as “obfuscation,” is useful to prevent unwanted parties from making copies of an original author's software, obtaining valuable information from the software for purposes of breaking into a program, stealing secrets, making derivative works, etc. The present invention uses assembly-language instructions so as to confuse the disassembler to produce results that are not an accurate representation of the original assembly code. In one embodiment, a method is provided where an interrupt, or software exception instruction, is used to mask several subsequent instructions. The instruction used can be any instruction that causes the disassembler to assume that one or more subsequent words, or bytes, are associated with the instruction. The method, instead, jumps directly to the bytes assumed associated with the instruction and executes those bytes for a different purpose.

Abstract: The present invention is directed to a method for indicating the integrity of a collection of digital objects, such as a software package, an email with attachments, etc.) The method comprising the steps of: Sealing the collection of digital objects by gathering the hash values of the digital objects into a binding file and digitally signing the binding file (the binding file may further comprise information about the relations between the objects); and Indicating the integrity of a sealed collection of digital objects by validating the integrity of its binding file via its digital signature; and validating the integrity of each object by the correspondence of its hash value with the corresponding hash value stored within the validated binding file.