Abstract: Techniques for preventing attacks of web servers are provided. In one embodiment, a secure web application firewall (“WAF”) service server is provided to protect one or more web servers from malicious activity. The secure WAF service server is located at a location that is remote from the one or more web servers. Incoming traffic to the web servers and outbound traffic from the web servers is directed through the secure WAF service server. A secure WAF associated with the secure WAF service server analyzes the incoming and outbound traffic and can perform various responsive actions if malicious activity is detected.

Abstract: A housing assembly adapted to fit into a mortised recess in a door is provided for accommodating components of an electronic lock mechanism. The housing assembly comprises a housing including opposed major side walls at least partially defining an opening into the housing. A circuit board comprising electronic circuitry for operating the lock mechanism is disposed in the housing. A bracket for holding batteries is adapted to be disposed in the opening in the housing. The bracket is accessible when the housing is in the mortised recess of the door such that the bracket is movable relative to the housing between a first position and a second position. In the first position the bracket is in the housing and in the second position the bracket is at least partially outside of the housing such that batteries may be inserted into or removed from the bracket.

Abstract: A URL verification service is provided that is used to evaluate the trustworthiness of universal resource locators (URLs). As a user browses the world wide web, the URL for a web page to which the user is browsing is captured by the service. The URL has a second level domain corresponding to a web site. The URL verification service identifies a proposed brand that should be associated with the URL if the URL is trustworthy. The proposed brand and the second level domain are used as database queries to query a database such as a search engine database. The results of the database query are processed to determine whether the URL is legitimately associated with the URL. To ensure that the proposed brand is identified accurately, the URL verification service gathers brand information using web page content, secure sockets layer certificate content, or other web site attributes.

Abstract: A system and method for protection of Web based applications are described. Anomalous traffic can be identified by comparing the traffic to a profile of acceptable user traffic when interacting with the application. Excessive access rates are one type of anomalous traffic that is detected by monitoring a source and determining whether the number of requests that the source generates within a specific time frame is above a threshold. The anomalous traffic, or security events, identified at the individual computer networks are communicated to a central security manager. The central security manager correlates the security events at the individual computer networks to determine if there is an enterprise wide security threat. The central security manager can then communicate instructions to the individual computer networks so as to provide an enterprise wide solution to the threat. Various responsive actions may be taken in response to detection of an excessive access rate.

Abstract: A system is provided that uses identity-based encryption (IBE) to support secure communications. Messages from a sender may be encrypted using an IBE public key and IBE public parameter information associated with a recipient. The recipient may decrypt IBE-encrypted messages from the sender using an IBE private key. A host having a service name may be used to store the IBE public parameter information. The sender may use a service name generation rule to generate the service name based on the IBE public key of the recipient. The sender may use the service name to obtain the IBE public parameter information from the host.

Abstract: An intrusion handling system for a packet network is provided according to an embodiment of the invention. The intrusion handling system includes a communication interface configured to receive or detect a network event that is directed to a network address. The intrusion handling system further includes a processing system coupled to the communication interface and configured to receive the network event from the communication interface, determine whether to yield the network address, respond to the network event in order to retain the network address, and not respond to the network event in order to yield the network address.

Abstract: A method of managing video data storage in a video surveillance system is disclosed. The disclosed methods extend the amount of calendar time for which video and image data can be stored on a storage device. The disclosed methods apply decision criteria, such as rules, configuration data and preferences, to support intelligent automatic reduction of stored surveillance data such that images and video data of most interest are maintained while less important data is deleted, compressed or archived.

Abstract: Systems and methods to passively scan a network are disclosed herein. The passive scanner sniffs a plurality of packets traveling across the network. The passive scanner analyzes information from the sniffed packets to build a topology of network devices and services that are active on the network. In addition, the passive scanner analyzes the information to detect vulnerabilities in network devices and services. Finally, the passive scanner prepares a report containing the detected vulnerabilities and the topology when it observes a minimum number of sessions. Because the passive scanner operates passively, it may operate continuously without burdening the network. Similarly, it also may obtain information regarding client-side and server side vulnerabilities.

Abstract: Methods and apparatus for a video surveillance system is provided. The video surveillance system includes an input device for generating a movement command, at least one camera configured to receive the movement command, wherein the at least one camera includes a decoder configured to decode the movement command into at least one of a pan command, a tilt command, and a camera control command, a menu code segment programmed to control a menu cursor using at least one of the received pan, tilt, and camera control commands, and a memory configured to store camera configuration parameters received from the menu, and a monitor configured to display at least one of an image generated by the at least one camera and a menu display generated by the at least one camera.

Abstract: An efficient multicast key management is achieved by using seals. A security server generates a seal. In one embodiment, the seal contains a key. In another embodiment, the seal contains information for generating a key. An application server requests the seal from the security server and broadcasts the seal to a plurality of recipients. A recipient wishing to encrypt or decrypt a data stream transmits the received seal to the security server to be opened. If the recipient is authorized, the security server transmits a permit to the authorized recipient. In one embodiment, the recipient generates a key from the permit. In another embodiment, the permit is the key. If the recipient is a sender, the recipient encrypts data using the key and broadcasts the same encrypted data stream to all receivers. If the recipient is a receiver, the recipient decrypts an encrypted data stream using the key. In one embodiment, a seal with a corresponding offset value is sent periodically in a data stream.

Abstract: The device of the present invention, having at least one activation button, is further equipped with a sensor adapted to detect conditions under which unintentional triggering of the activation button is likely. The sensor is operatively coupled with the activation button to suspend its effect when the target conditions are being detected. The undesired side-effects of false button activations, including battery drain and activation counter drift, are thus avoided, increasing the device's lifespan and user convenience. In a particular embodiment, the sensor is a decoy button located near the activation button, which serves to de-activate the activation button.

Abstract: The present invention relates to the field of pocket-size electronic devices, including credit card sized devices such as authentication tokens. It consists of an improvement of the well-known “raised ridge” to protect individual buttons from false key presses, obtained by applying embossing. A known problem with applying embossing to cards containing electronic components, is the fact that the embossing process may damage the components or the wiring inside the card. In the process according to the invention, an embossed ridge of a judiciously designed shape is used to avoid such damage.

Abstract: Characters on an on-screen keypad are hidden once a cursor is placed over the keypad. This prevents any spyware from screen logging the key selection as the characters on the keypad are not visible at the moment a key is selected. The keys of the keypad are optionally color-coded to help a user remember the location of the key with the desired character once the cursor is over the keypad.

Abstract: The present invention relates to the field of authentication of users of services over a computer network, more specifically within the paradigms of federated authentication or single sign-on. A known technique consists of associating different trust levels to different authentication mechanisms, wherein the respective trust levels give access to different information resources, notably to provide the possibility to protect more sensitive resources with a stronger form of authentication. The present invention provides a mechanism to allow the trust level to decrease without re-authenticating with the single sign on system, down to the level at which it is no longer sufficient to obtain access to a desired resource. Only then, the user needs to reauthenticate.

Abstract: In general, in one aspect, the invention relates to a method for accessing encrypted data by a client. The method includes receiving from the client by a server client information derived from a first secret wherein the client information is derived such that the server can not feasibly determine the first secret. The method also includes providing to the client by the server intermediate data, which is derived responsive to the received client information, a server secret, and possibly other information. The intermediate data is derived such that the client cannot feasibly determine the server secret. The method also includes authenticating the client by a device that stores encrypted secrets and is configured not to provide the encrypted secrets without authentication. After the authenticating step, the method also includes providing the encrypted secrets to the client. The encrypted secrets 5 are capable of being decrypted using a third secret that is derived from the intermediate data.

Abstract: A permanent magnet degausser includes at least one magnetic field generator comprising magnetic elements arranged near a media conveyance path and a conveyor for transporting magnetic media through a magnetic media conveyance path. A passive belt or protector plate may be provided to assist the passage of the magnetic media through the applied magnetic field. The conveyor may be a continuous motion conveyor belt including cleats for holding the magnetic media or a reciprocal media conveyor including magnetic storage media bin. The magnetic field generator may include permanent magnets of varying intrinsic coercivities and/or remanences.

Abstract: A system for authenticating messages using keystroke dynamics identifying a composer of a message using diagraphs transmitted by the use of an input device. Keystrokes are gathered by modules that determine the timing factors between each keystroke and diagraph that is created by the message composer. Once sufficient keystrokes and diagraphs are monitored that allows a generation of an identifier of a unique message composition rhythm, a unique signature of the message creator is stored within the created message. This authentication method is embedded within a message. When a user tries to access or authenticate a message, the user will be verified against the authorized signature contained within the message or authorized database of readers. If a match occurs, the user will then be allowed to access the message.

Abstract: A permanent magnet degausser includes at least one magnetic field generator comprising magnetic elements arranged near a media conveyance path and a conveyor for transporting magnetic media through a magnetic media conveyance path. A passive belt or protector plate may be provided to assist the passage of the magnetic media through the applied magnetic field. The conveyor may be a continuous motion conveyor belt including cleats for holding the magnetic media or a reciprocal media conveyor including magnetic storage media bin. The magnetic field generator may include permanent magnets of varying intrinsic coercivities and/or remanences.

Abstract: Systems and methods for the processing of images over bandwidth-limited transmission interfaces, such as processing of high resolution video images over standard analog video interfaces, using multi-stream and/or multi-resolution analog methodology. The disclosed systems and methods may also be implemented to provide video resolutions across standard analog video interfaces in a manner that supports digital capture and imaging techniques to obtain useful information from digitally zoomed and enhanced video.

Abstract: Cryptographic Key Management System facilitating secure access of data portions to corresponding groups of users. In an embodiment, corresponding group key (asymmetric key pair) is provided for each group, with the private key being stored in a secure format requiring the user credentials for decryption. In addition, a data key required to decrypt a data portion of interest is encrypted using the group public key. Thus, when a user attempts to access a data portion, the user credentials are used to decrypt the group private key, which is then used to decrypt the data key. The data key is then used to decrypt the data portion of interest.