Abstract: A security system, including a receiver for receiving a downloadable, a scanner, coupled with the receiver, for scanning the downloadable to identify suspicious computer operations therein, a code modifier, coupled with the scanner, for overwriting the suspicious computer operations with substitute computer operations, if at least one suspicious computer operation is identified by the scanner, and for appending monitoring program code to the downloadable thereby generating a modified downloadable, if at least one suspicious computer operation is identified by the scanner, and a processor, coupled with the code modifier, for executing programmed instructions, wherein the monitoring program code includes program instructions for the processor to validate input parameters for the suspicious computer operations during run-time of the downloadable. A method is also described and claimed.

Abstract: A method for secure printing is presented. A document management system (DMS) is provided within a server computer for storing, displaying and printing a plurality of documents. At least a portion of the documents require authentication information for displaying and printing. A web-based capture protection system is provided that prevents proprietary content displayed on a display device from being screen-captured. The web-based capture protection system is combined with the DMS to augment the DMS with capture protection of displayed documents, including intercepting retrieval requests from a client computer to display documents from the DMS.

Abstract: A method for altering text displayed in a formatted page, including locating a buffer of memory locations containing contents of a formatted page, locating a first text string between two markers within the buffer, the first string being an encrypted text including N characters, replacing the first text string with a second text string within the buffer, the second string being a decrypted text including M characters, where M is less than N, and inserting N-M special fill characters in the N-M unfilled memory locations between the markers within the buffer, so as to avoid the need to move the markers closer together.

Abstract: A system for secure communication, including a first security computer communicatively coupled with a client computer via an SSL connection, including a certificate creator, for receiving certificate attributes of a server computer certificate and for creating a signed certificate therefrom, and an SSL connector, for performing an SSL handshake with the client computer using the signed certificate created by said certificate creator, and a second security computer communicatively coupled with a server computer via an SSL connection, and communicatively coupled with the first security computer via a non-SSL connection, including an SSL connector, for performing an SSL handshake with the server computer using a signed certificate provided by the server computer, and a protocol appender, for appending attributes of the signed certificate provided by the server computer within a message communicated to the first security computer. A method is also described and claimed.

Abstract: Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java™ applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides, within a server, firewall or other suitable “re-communicator,” for monitoring information received by the communicator, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information, more suitably by forming a protection agent including the MPC, protection policies and a detected-Downloadable.

Abstract: A method for computer security, including receiving content including potentially malicious executable code (“CODE-A”), intended for downloading at a client computer, scanning CODE-A to derive a profile thereof, determining, based on the derived profile of CODE-A, an appropriate computer account from among a plurality of computer accounts, under which CODE-A may be processed by the client computer, wherein each computer account of the plurality of computer accounts has associated therewith a security context within which an executable run under such account is processed, combining (i) information about the determined computer account name and (ii) CODE-A, with executable wrapper code (“CODE-B”) into combined code (“CODE-C”), and forwarding CODE-C to the client computer for processing. A system and a computer-readable storage medium are also described and claimed.

Abstract: Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java™ applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides, within a server, firewall or other suitable “re-communicator,” for monitoring information received by the communicator, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information, more suitably by forming a protection agent including the MPC, protection policies and a detected-Downloadable.

Abstract: A security system, including a receiver for receiving a downloadable, a scanner, coupled with the receiver, for scanning the downloadable to identify suspicious computer operations therein, a code modifier, coupled with the scanner, for overwriting the suspicious computer operations with substitute computer operations, if at least one suspicious computer operation is identified by the scanner, and for appending monitoring program code to the downloadable thereby generating a modified downloadable, if at least one suspicious computer operation is identified by the scanner, and a processor, coupled with the code modifier, for executing programmed instructions, wherein the monitoring program code includes program instructions for the processor to validate input parameters for the suspicious computer operations during run-time of the downloadable. A method is also described and claimed.

Abstract: A method for scanning files for security, including receiving an unfamiliar file for scanning, if the determining indicates that the mime type is suitable for analysis, then processing a buffer of file data from the unfamiliar file, including generating a histogram of frequencies of occurrence of bytes within a buffer of file data from the unfamiliar file, excluding a designated set of bytes, and if the generated histogram of frequencies of occurrence of the non-excluded bytes deviates substantially from a reference distribution, then signaling that the unfamiliar file is potentially malicious. A system and a computer-readable storage medium are also described and claimed.

Abstract: A computer gateway for an intranet of computers, including a scanner for scanning incoming files from the Internet and deriving security profiles therefor, the security profiles being lists of computer commands that the files are programmed to perform, a file cache for storing files, a security profile cache for storing security profiles for files, and a security policy cache for storing security policies for client computers within an intranet, the security policies including a list of restrictions for files that are transmitted to intranet computers. A method and a computer-readable storage medium are also described and claimed.

Abstract: A method and system for protecting digital images copied from a video RAM, including the steps of transmitting stored pixel data from a computer memory to a video RAM, identifying protected pixel data within the stored pixel data, modifying the stored pixel data, thereby generating modified pixel data within which individual pixel datum is recognizable as being protected or unprotected, and, in response to pixel data being copied from the video RAM, replacing individual pixel datum copied from the video RAM, that is protected, with substitute pixel datum.

Abstract: A system for appending security information to search engine results, including a search engine for locating, in a computer network, web pages that include at least one designated search term, for issuing a security analysis request to a content security scanner to assess at least one designated web page for potential security risks, and for preparing a search results summary that includes links to the located web pages and security assessments for the located web pages, a client computer communicatively coupled with the search engine for issuing a search request with at least one user designated search term, to the search engine, and for receiving the search results summary from the search engine, and a content security scanner communicatively coupled with the search engine for assessing security of content in at least one designated web page. A method and computer-readable storage media are also described and claimed.

Abstract: A system for appending security information to search engine results, including a search engine for locating, in a computer network, web pages that include at least one designated search term, for issuing a security analysis request to a content security scanner to assess at least one designated web page for potential security risks, and for preparing a search results summary that includes links to the located web pages and security assessments for the located web pages, a client computer communicatively coupled with the search engine for issuing a search request with at least one user designated search term, to the search engine, and for receiving the search results summary from the search engine, and a content security scanner communicatively coupled with the search engine for assessing security of content in at least one designated web page. A method and computer-readable storage media are also described and claimed.

Abstract: A method for providing textual information in a network environment, the method comprising: receiving a request via a network for text-editable textual information; converting the text-editable textual information into a non-text-editable textual format on line upon receiving the request; and sending the non-text-editable textual information via the network. Network-based systems are also disclosed.

Abstract: A method for protecting digital images distributed over a network, including the steps of receiving a request from a client computer running a network browser, for an original layout page containing references to digital images therein, parsing the original layout page for the references to digital images, generating a modified layout page from the original layout page by replacing at least one of the references to digital images in the original layout page with references to substitute data, and sending the modified layout page to the client computer. A system is also described and claimed.

Abstract: A method for authenticating a software library, including inserting an encrypted checksum into a software library, and in response to loading the software library calculating a checksum of the software library, requesting the encrypted checksum from the library, decrypting the encrypted checksum, and checking whether or not the decrypted checksum agrees with the calculated checksum. A system is also described and claimed.

Abstract: A method for protecting digital images distributed over a network, including the steps of receiving a request from a client computer running a network browser, for an original layout page containing references to digital images therein, parsing the original layout page for the references to digital images, generating a modified layout page from the original layout page by replacing at least one of the references to digital images in the original layout page with references to substitute data, and sending the modified layout page to the client computer. A system is also described and claimed.

Abstract: Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java™ applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides, within a server, firewall or other suitable “re-communicator,” for monitoring information received by the communicator, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information, more suitably by forming a protection agent including the MPC, protection policies and a detected-Downloadable.

Abstract: A method for altering text displayed in a formatted page, including locating a buffer of memory locations containing contents of a formatted page, locating a first text string between two markers within the buffer, the first string being an encrypted text string including N characters, replacing the first text string with a second text string, the second string being a decrypted text string including M characters, where M is less than N, and inserting N?M special fill characters in the N?M unfilled memory locations between the markers, so as to avoid the need to move the markers closer together.

Abstract: A policy-based cache manager, including a memory storing a cache of digital content, a plurality of policies, and a policy index to the cache contents, the policy index indicating allowable cache content for each of a plurality of policies, a content scanner for scanning a digital content received, to derive a corresponding content profile, and a content evaluator for determining whether a given digital content is allowable relative to a given policy, based on the content profile. A method is also described and claimed.