Abstract: A public key authentication system and method for use in a computer system having a plurality of users. The system includes a virtual smart card server, storage connected to the virtual smart card server, and a virtual smart card agent connected to the virtual smart card server. The storage includes a plurality of virtual smart cards, wherein each virtual smart card is associated with a user and wherein each smart card includes a private key. The virtual smart card agent authenticates the user and accesses the authenticated user's virtual smart card to obtain the user's private key.

Abstract: An efficient symmetrical-cryptographic method for using a fast but insecure host to perform encryption/decryption based on a secret key in a secure, but slow hardware token, such as a smartcard or similar device, without revealing the secret key to the host, and such that the ciphertext and plaintext are exactly the same size. The present method is suitable for use in Digital Rights Management and Software Rights Management applications which require precise interchangeability of ciphertext and plaintext in pre-allocated areas of data storage.

Abstract: In one aspect, the present invention is directed to a method for detecting spyware activity, the method comprises the steps of: monitoring outgoing communication data sent from a user's computer; searching for predefined keywords within the communication data; indicating spyware activity in the user's computer by presence of at least one of the predefined keywords within the communication data, the keywords are selected from a group comprising: a signature of the spyware, personal information of the user, an addressee to where the communication data is sent. The method may further comprise: upon detecting a spyware activity in the user's computer, blocking communication from the computer. The method may further comprise removing the spyware. The blocking can be carried out at the user's computer, at the gateway to which the user's computer is connected, etc.

Abstract: A method and system for indicating an executable as Trojan Horse, based on the CRC values of the routines of an executable. The method comprising a preliminary stage in which the CRC values of the routines of known Trojan Horses are gathered in a database, and a stage in which indicating an executable as Trojan Horse is carried out by the correspondence of the CRC values of the routines of said executable to the CRC values of the known Trojan Horses, as gathered in said database. The system comprising means for calculating the CRC values of routines; means for identifying the borders of the routines of an executable; a database system, for storing the CRC values of routines of known Trojan Horses; and means for determining the correspondence between two groups of CRC values, thereby enabling detection of the correspondence of an executable to at least one known Trojan Horse.

Abstract: An authenticated digital confirmation of an installation or an update of a licensed computer data product, for providing the licensor with a validation that the installation/update was carried out as intended, and conveying relevant details of the installation/update. The installation/updating facility (internal software, external hardware device, or combination thereof) examines and documents the pre-installation/update state of the target computer system, performs the installation/update, examines and documents the post-installation/update state, and generates the confirmation, which is a summary or digest of the process and the status thereof. The confirmation is securely authenticated and sent to the licensor for validation, to be used for order fulfillment, billing and accounting, and other purposes.

Abstract: A method of obfuscating executable computer code to impede reverse-engineering, by interrupting the software's execution flow and replacing in-line code with calls to subroutines that do not represent logical program blocks. Embodiments of the present invention introduce decoy code to confuse attackers, and computed branching to relocated code so that actual program flow cannot be inferred from disassembled source representations.

Abstract: A public key authentication system and method for use in a computer system having a plurality of users. The system includes a virtual smart card server, storage connected to the virtual smart card server, and a virtual smart card agent connected to the virtual smart card server. The storage includes a plurality of virtual smart cards, wherein each virtual smart card is associated with a user and wherein each smart card includes a private key. The virtual smart card agent authenticates the user and accesses the authenticated user's virtual smart card to obtain the user's private key.

Abstract: A network load-balancing cluster configured to function as a transparent bridge, by connecting the load-balancing nodes in series rather than in parallel, as is done in prior-art configurations. A load-balancing algorithm and method are disclosed, by which each node in the configuration independently determines whether to process a data packet or pass the data packet along for processing by another node. To support this, load-balancing nodes are equipped with both software and hardware data pass-through capabilities that allow the nodes to pass along data packets that are processed by a different nodes.

Abstract: A method for determining if a software program having a protective envelope has been cracked, and signaling an indication thereof. A direct determination is made of whether the protective envelope is intact or has been compromised by an attack, without requiring a license violation to occur. Executable code in the protective envelope generates an envelope confirmation which is validated by executable code in the program itself. Any disabling or separation of the envelope from the program will be detectable by the program at validation time. Provisions are made for a secure envelope confirmation, the use of arguments as input to the confirmation generation, and for incorporating information related to the computer and user to facilitate identifying the attacker. Signaled indications can include network messaging to alert the licensor that the program has been cracked.

Abstract: A method for issuing and updating a software program license for a computer, with a unique identifier data object embedded in the computer and referenced by the license. The unique identifier may also be used with a conventional computer fingerprint. The software program does not run on a computer without a license that references the unique identifier. The license is issued via a server over a network (such as the Internet) and must be regularly updated by the server. When updating, the present unique identifier is sent to the server, to verify that the unique identifier is the latest unique identifier issued for that license. If an unauthorized copy is made for operation on an unlicensed computer, such as by cloning the licensed computer, this is detected when the second computer is updated, because the unique identifier sent with the update request is no longer current.

Abstract: A method and system of computer program modules for extending the cover time of protection for a licensed software product, by increasing the difficulty and time required for an attacker to produce a workable cracked version of the program. When an attack is detected, critical information about the effectiveness of the attack are withheld from the attacker by simulating the behavior of a cracked program, thereby inducing the attacker to prematurely consider the attack successful. Latent license enforcement features are provided, whose activation is suspended until predefined environmental conditions are met.

Abstract: A method for preventing activating a malicious object passing through a checkpoint, and decreasing the overall inspection delay thereof, the method comprising the steps of: (a) at the checkpoint, creating an envelope file, being an executable file comprising: the object; code for extracting the object from the envelope file; and an indicator for indicating the integrity of the object; (b) forwarding the envelope file instead of the object toward its destination, while holding at least a part of the envelope file which comprises the indicator; (c) inspecting the object; and (d) setting the indicator on the envelope file to indicate the inspection result thereof, and releasing the rest of the envelope file.

Abstract: In one aspect, the present invention is directed to a communication interface such as a USB and a Firewire, for transferring data between a peripheral and a host, the interface comprising: a first connector, at the host side, through which the host communicates with the peripheral; a second connector, at the peripheral or at an extension cable connected to the peripheral, through which the peripheral communicates with the host upon mating between the first connector and the second connector; a switch coupled to the second connector, the switch operative for modifying a service provided by the peripheral to the host, and/or a modifying a connectivity between the host and the peripheral. According to a preferred embodiment of the invention, the switch does not harm waterproof characteristic of the peripheral.

Abstract: A method and system for preventing the exploitation of email messages in attacks on computer systems. Invalid formatting is often used by attackers to introduce undesirable content into email, because email handling applications and utilities are often insensitive to deviations from the standards, and invalid formatting can allow undesirable content to go undetected. According to the present invention, an original email message is decomposed into component parts, which are formatted according to email message standards. Format-compliant components are inspected for undesirable content and reassembled into a replacement email message that is sent to the destination of the original email message. Components with undesirable content are sanitized.

Abstract: A method of assigning a predetermined IP address to a device for installation on a private network. This IP address can be assigned before installation into any private network without having to be reassigned and without creating addressing conflicts, thereby simplifying the installation process. A registered global IP address is obtained from an Internet Registry and assigned to a multiplicity of devices. Exactly one such device is installed on the private network. The device has an internal router that captures data packets associated with the global IP address, so that this traffic is not put onto a public network connected to the private network. Because the registered global IP address is unique and intended for public networks, no other device on the private network has this address. Thus, the device's assigned IP address is guaranteed not to conflict with existing IP address assignments on the private network.

Abstract: A user-computer interaction method for use by a population of flexibly connectible computer systems and a population of mobile users, the method comprising storing information characterizing each mobile user on an FCCS plug to be borne by that mobile user; and accepting the FCCS plug from the mobile user for connection to one of the flexibly connectible computer systems and employing the information characterizing the mobile user to perform at least one computer operation.

Abstract: What is provided is a computer-implemented method for protection of a program comprising a functional block, wherein the functional block is encrypted, additional code is added to the program and a protected program is thus generated, which is executable only in the presence of a predetermined license in a computer system which comprises a working memory, into which the protected program is loaded during execution, and a protection module for protection against unauthorized execution of the protected program, wherein, if the encrypted functional block is to be executed during execution of the protected program, the additional code is executed and, if a license is present, said additional code, together with the protection module, a) causes decryption of the functional block such that the functional block is present in the working memory of the computer system in decrypted form; b) allows execution of the decrypted functional block, and c) upon completion of execution of the decrypted functional block, causes

Abstract: A method of operating a computer system on which an application is installed comprises the steps of: verifying whether a predetermined run authorization for the application is present, and, in the absence of said predetermined run authorization, decreasing the speed of execution of the application on the computer system as compared to the speed of execution of the application in the presence of the predetermined run authorization.