Abstract: A public key authentication system and method for use in a computer system having a plurality of users. The system includes a virtual smart card server, storage connected to the virtual smart card server, and a virtual smart card agent connected to the virtual smart card server. The storage includes a plurality of virtual smart cards, wherein each virtual smart card is associated with a user and wherein each smart card includes a private key. The virtual smart card agent authenticates the user and accesses the authenticated user's virtual smart card to obtain the user's private key.

Abstract: An efficient symmetrical-cryptographic method for using a fast but insecure host to perform encryption/decryption based on a secret key in a secure, but slow hardware token, such as a smartcard or similar device, without revealing the secret key to the host, and such that the ciphertext and plaintext are exactly the same size. The present method is suitable for use in Digital Rights Management and Software Rights Management applications which require precise interchangeability of ciphertext and plaintext in pre-allocated areas of data storage.

Abstract: In one aspect, the present invention is directed to a method for detecting spyware activity, the method comprises the steps of: monitoring outgoing communication data sent from a user's computer; searching for predefined keywords within the communication data; indicating spyware activity in the user's computer by presence of at least one of the predefined keywords within the communication data, the keywords are selected from a group comprising: a signature of the spyware, personal information of the user, an addressee to where the communication data is sent. The method may further comprise: upon detecting a spyware activity in the user's computer, blocking communication from the computer. The method may further comprise removing the spyware. The blocking can be carried out at the user's computer, at the gateway to which the user's computer is connected, etc.

Abstract: A method and system for indicating an executable as Trojan Horse, based on the CRC values of the routines of an executable. The method comprising a preliminary stage in which the CRC values of the routines of known Trojan Horses are gathered in a database, and a stage in which indicating an executable as Trojan Horse is carried out by the correspondence of the CRC values of the routines of said executable to the CRC values of the known Trojan Horses, as gathered in said database. The system comprising means for calculating the CRC values of routines; means for identifying the borders of the routines of an executable; a database system, for storing the CRC values of routines of known Trojan Horses; and means for determining the correspondence between two groups of CRC values, thereby enabling detection of the correspondence of an executable to at least one known Trojan Horse.

Abstract: An authenticated digital confirmation of an installation or an update of a licensed computer data product, for providing the licensor with a validation that the installation/update was carried out as intended, and conveying relevant details of the installation/update. The installation/updating facility (internal software, external hardware device, or combination thereof) examines and documents the pre-installation/update state of the target computer system, performs the installation/update, examines and documents the post-installation/update state, and generates the confirmation, which is a summary or digest of the process and the status thereof. The confirmation is securely authenticated and sent to the licensor for validation, to be used for order fulfillment, billing and accounting, and other purposes.

Abstract: A method of obfuscating executable computer code to impede reverse-engineering, by interrupting the software's execution flow and replacing in-line code with calls to subroutines that do not represent logical program blocks. Embodiments of the present invention introduce decoy code to confuse attackers, and computed branching to relocated code so that actual program flow cannot be inferred from disassembled source representations.

Abstract: A network load-balancing cluster configured to function as a transparent bridge, by connecting the load-balancing nodes in series rather than in parallel, as is done in prior-art configurations. A load-balancing algorithm and method are disclosed, by which each node in the configuration independently determines whether to process a data packet or pass the data packet along for processing by another node. To support this, load-balancing nodes are equipped with both software and hardware data pass-through capabilities that allow the nodes to pass along data packets that are processed by a different nodes.

Abstract: A method for preventing activating a malicious object passing through a checkpoint, and decreasing the overall inspection delay thereof, the method comprising the steps of: (a) at the checkpoint, creating an envelope file, being an executable file comprising: the object; code for extracting the object from the envelope file; and an indicator for indicating the integrity of the object; (b) forwarding the envelope file instead of the object toward its destination, while holding at least a part of the envelope file which comprises the indicator; (c) inspecting the object; and (d) setting the indicator on the envelope file to indicate the inspection result thereof, and releasing the rest of the envelope file.

Abstract: In one aspect, the present invention is directed to a communication interface such as a USB and a Firewire, for transferring data between a peripheral and a host, the interface comprising: a first connector, at the host side, through which the host communicates with the peripheral; a second connector, at the peripheral or at an extension cable connected to the peripheral, through which the peripheral communicates with the host upon mating between the first connector and the second connector; a switch coupled to the second connector, the switch operative for modifying a service provided by the peripheral to the host, and/or a modifying a connectivity between the host and the peripheral. According to a preferred embodiment of the invention, the switch does not harm waterproof characteristic of the peripheral.

Abstract: A method and system for preventing the exploitation of email messages in attacks on computer systems. Invalid formatting is often used by attackers to introduce undesirable content into email, because email handling applications and utilities are often insensitive to deviations from the standards, and invalid formatting can allow undesirable content to go undetected. According to the present invention, an original email message is decomposed into component parts, which are formatted according to email message standards. Format-compliant components are inspected for undesirable content and reassembled into a replacement email message that is sent to the destination of the original email message. Components with undesirable content are sanitized.

Abstract: A method of assigning a predetermined IP address to a device for installation on a private network. This IP address can be assigned before installation into any private network without having to be reassigned and without creating addressing conflicts, thereby simplifying the installation process. A registered global IP address is obtained from an Internet Registry and assigned to a multiplicity of devices. Exactly one such device is installed on the private network. The device has an internal router that captures data packets associated with the global IP address, so that this traffic is not put onto a public network connected to the private network. Because the registered global IP address is unique and intended for public networks, no other device on the private network has this address. Thus, the device's assigned IP address is guaranteed not to conflict with existing IP address assignments on the private network.

Abstract: A user-computer interaction method for use by a population of flexibly connectible computer systems and a population of mobile users, the method comprising storing information characterizing each mobile user on an FCCS plug to be borne by that mobile user; and accepting the FCCS plug from the mobile user for connection to one of the flexibly connectible computer systems and employing the information characterizing the mobile user to perform at least one computer operation.

Abstract: A method, system and computer-readable code for providing authentication services. In some embodiments, an attempt is made to match an IP address associated with a service and/or authentication request and user details of the request with an ISP account. In exemplary embodiments, if there is an indication that the IP address was issued by an ISP to a user matching the user details, the user is authenticated. In exemplary embodiments, a database of allowable dynamic and/or static IPs is maintained, and users are authenticated in accordance with contents of the maintained database. Systems, methods and computer-readable code for maintaining a database of allowable IPs are disclosed herein.

Abstract: Apparatus and methods for providing proxy and security services to one or more users via a publicly accessible network (e.g. the Internet) are disclosed Upon receiving a user request for content residing at a third-party location, a security server(s) retrieves the requested content from the third-party location, and monitors the retrieved content for suspected malicious code, which may be removed from the retrieved content before serving to the user. According to exemplary embodiments, the security server(s) is further operative to route value-added content to the user, for example, value-added content retrieved from various network sources. In some embodiments, this value-added content is associated with the request content from the third-party location. Exemplary value-added content includes but is not limited to advertisements (e.g. targeted advertisements), sponsored links, additional content mark-up, etc.

Abstract: A system for preventing accurate disassembly of computer code. Such code masking, referred to as “obfuscation,” is useful to prevent unwanted parties from making copies of an original author's software, obtaining valuable information from the software for purposes of breaking into a program, stealing secrets, making derivative works, etc. The present invention uses assembly-language instructions so as to confuse the disassembler to produce results that are not an accurate representation of the original assembly code. In one embodiment, a method is provided where an interrupt, or software exception instruction, is used to mask several subsequent instructions. The instruction used can be any instruction that causes the disassembler to assume that one or more subsequent words, or bytes, are associated with the instruction. The method, instead, jumps directly to the bytes assumed associated with the instruction and executes those bytes for a different purpose.

Abstract: The present invention is directed to a method for indicating the integrity of a collection of digital objects, such as a software package, an email with attachments, etc.) The method comprising the steps of: Sealing the collection of digital objects by gathering the hash values of the digital objects into a binding file and digitally signing the binding file (the binding file may further comprise information about the relations between the objects); and Indicating the integrity of a sealed collection of digital objects by validating the integrity of its binding file via its digital signature; and validating the integrity of each object by the correspondence of its hash value with the corresponding hash value stored within the validated binding file.

Abstract: The invention contains an application operating environment in which acceptable and/or suspect activities may be defined for an application so that unacceptable application behavior can be prevented. This is done by providing a definition table identifying the types of access and actions that the application is allowed and preventing it from carrying out other types of access and actions. The definition table may be built up using a learning process during use of the application. The environment also provides a means of checking information output to a network against a list of confidential information.

Abstract: The present invention is directed to a method for emulating an executable code, whether it is a human-readable code (e.g., macro and script) or a compiled code (e.g. Windows executable). At the design time, one or more content attributes are defined for the variables of the code. A content attribute indicates a property with relevance to maliciousness, e.g. Windows directory, a random value, “.EXE” at the right of a string, etc. A content attribute may be implemented, for example, by a flag. Also defined at the design time, is a list of malicious states, where a malicious state comprises at least the combination of a call to a certain system function with certain content, as the calling parameter(s). When emulating an assignment instruction, the attributes of the assigned variable are set according to the assigned content. When emulating a mathematical operator, a content mathematics is also applied. When emulating a function call, the current state (i.e.

Abstract: A system for preventing accurate disassembly of computer code. Such code masking, referred to as “obfuscation,” is useful to prevent unwanted parties from making copies of an original author's software, obtaining valuable information from the software for purposes of breaking into a program, stealing secrets, making derivative works, etc. The present invention uses assembly-language instructions so as to confuse the disassembler to produce results that are not an accurate representation of the original assembly code. In one embodiment, a method is provided where an interrupt, or software exception instruction, is used to mask several subsequent instructions. The instruction used can be any instruction that causes the disassembler to assume that one or more subsequent words, or bytes, are associated with the instruction. The method, instead, jumps directly to the bytes assumed associated with the instruction and executes those bytes for a different purpose.