Abstract: A computer-implemented method for alternating malware classifiers in an attempt to frustrate brute-force malware testing may include (1) providing a group of heuristic-based classifiers for detecting malware, wherein each classifier within the group differs from all other classifiers within the group but has an accuracy rate that is substantially similar to all other classifiers within the group, (2) including the group of classifiers within a security-software product, and (3) alternating the security-software product's use of the classifiers within the group in an attempt to frustrate brute-force malware testing by (a) randomly selecting and activating an initial classifier from within the group and then, upon completion of a select interval, (b) replacing the initial classifier with an additional classifier randomly selected from within the group. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for protecting information elements transmitted to mobile stations from intruders. The technique can involve applying a randomized mask over an information element and then providing a scrambled cyclic redundancy check (CRC) value. A seed for the randomized mask can be different from a seed for the scrambled CRC value.

Abstract: A method of obtaining access to an Internet service using a multi-step challenge response test is presented. The method calculates a threshold probability for access to the Internet service and generates a number of challenge-response tests. Each of the challenge-response tests is rendered on a display of a client device. An input corresponding to the response to one of the challenge-response tests is received and an authentication probability is calculated after each response. The authentication probability is evaluated after each response and if the authentication probability is higher than the threshold probability access to the Internet service is provided.

Abstract: A technique for addressing geographical location issues in a computing environment includes receiving, at a data processing system, location information indicating a permissible geographical location in which a virtual machine image for a consumer may be deployed. A request for an exception to deploy the virtual machine image outside of the permissible geographical location is issued, from the data processing system. An exception grant or an exception denial is received, at the data processing system, from the consumer in response to the request. The virtual machine image is deployed, using the data processing system, to one or more servers in the computing environment that are outside of the permissible geographical location in response to receipt of the exception grant. The virtual machine image is deployed, using the data processing system, to one or more servers in the computing environment that are within the permissible geographical location in response to receipt of the exception denial.

Abstract: A dual cryptographic keying system. In particular implementations, a method includes responsive to an initial session key negotiation, storing security association information for a tunnel in a security association memory; responsive to a session key renegotiation, storing security association information for the tunnel in a cache; decrypting received packets associated with the tunnel conditionally using the security association information in the cache or the security association information in the security association memory; and upon an expiration condition, overwriting the security association information, for the tunnel, in the security association memory with the security association information, for the tunnel, copied from the cache.

Abstract: A phishing processing method includes: an information input web page comprising an information input interface, through which information is transmitted to an information receiving address, is received. Determine if the information input web page is a phishing web page. If it is determined that the information input web page is the phishing web page, fake input information is transmitted to the information receiving address. When information for verification is received from an information transmitting address, if the received information for verification is the fake input information is determined. If the received information for verification is the fake input information, it is determined that the information transmitting address is a malicious address.

Abstract: Some embodiments provide a reporting system for improved granular real-time performance statistics reporting in a distributed platform. The reporting system includes a statistic server and a portal. The statistics server is communicably coupled to servers of the distributed platform that produce statistical data related to the distribution of content and execution of services for different customers. The statistics server aggregates the statistical data from the plurality of servers in an optimized staggered manner during a recurring interval. This reduces the amount of statistical data that is passed at any particular instance in time from the servers the statistics servers. The statistics server incrementally updates a real-time performance report for a particular customer as the statistical data is aggregated for the particular customer so that the computational and memory overhead for deriving the performance report in real-time is reduce.

Abstract: A computer generates a reputation score for a file based at least in part on the lineage of the file. A security module on a client monitors file creations on the client and identifies a parent file creating a child file. The security module provides a lineage report describing the lineage relationship to a security server. The security server uses lineage reports from the client to generate one or more lineage scores for the files identified by the reports. The security server aggregates the lineage scores for files reported by multiple clients. The aggregated lineage scores are used by the security server to generate reputation scores for files. The reputation score for a file indicates a likelihood that the file is malicious. The security server reports the reputation scores to the clients, and the clients use the reputation scores to determine whether files detected at the clients are malicious.

Abstract: In an SS7 network, each of a plurality of Signal Transfer Points is fronted by a front-end processor (STP-FEP) that has a network presence. The STP-FEP implements at least the MTP2 layer of the SS7 protocol stack and implements security rules at the MTP2 and MTP3 layers.

Abstract: A security module on a client detects a signed file at the client and reports signing information identifying a certificate used to sign the file and a file identifier identifying the file to a security server. The security server uses the signing information to determine whether the certificate is compromised. If the certificate is compromised, the security server compares a discovery date of the file with a compromise date of the certificate. The security server generates trust data assigning a trust level to the file responsive to the comparison. The trust data assign a low trust level to the file if the comparison indicates that the file discovery date is after the compromise date and assign a high trust level to the file if the comparison indicates that the file discovery date is not after the compromise date. The security server provides the trust data to the client.

Abstract: Disclosed is a method for implementing a symmetric key encryption algorithm against power analysis attacks, including: generating and storing an affine transform table; generating and storing a masked inversion table; and operating a masked S-box using the affine transform table and the masked inversion table.

Abstract: Systems, methods and computer readable media that provide stateless fault tolerance and load balanced data collection using overlay namespaces are described. A cluster is used. Each node of the cluster may be a monitoring system. A data provider process may run on each node in the cluster. Each node has an overlay namespace which comprises one or more links to namespaces on other nodes, and local viewpoints of those linked namespaces. When a node detects a resource waiting to be monitored, it queries other nodes to determine whether object creation for that resource is allowed. It creates an object only if no other node is creating or has created an object for that resource.

Abstract: A valid entry point for each boot driver running under an operating system is gleaned. When the operating system is rebooted, a security boot driver is loaded prior to loading other boot drivers. The security boot driver reads the actual entry points of each boot driver, before the boot drivers have run. The security boot driver compares the actual entry points to the corresponding valid entry points. Responsive to an actual entry point not matching its corresponding valid entry point, it is determined that the boot driver is infected. Infected boot drivers are corrected, by replacing their actual entry points with the corresponding, valid entry points. After infected boot drivers have been corrected, the infecting malicious code can be identified and disabled. Sections of boot drivers other than entry points can be gleaned, read and compared, up to entire boot drivers.

Abstract: The present invention provides an information processing device, an authentication system, etc. that save a server the trouble of updating a database, etc., even when a software module in a client device is updated, and that are capable of verifying whether software modules that have been started in the client device are valid. The terminal device A100 holds private keys 1 and 2, and performs authentication processing with the terminal device B101 using the private key 2. The private key 1 has been encrypted such that the private key 1 is decryptable only when secure boot is completed. The private key 2 has been encrypted such that the private key 2 is decryptable using the private key 1 only when the application module X that has been started is valid. When the authentication processing is successful, the terminal device B101 verifies that the terminal device A100 has completed secure boot and the application module X that has been started in the terminal device A100 is valid.

Abstract: A system and system for controlling the execution of executable files. The executables are identified by either a cryptographic digest or a digital certificate. The cryptographic digest is computed from the binary image of the executable. An executable that is attempting to execute is intercepted by a protection module that consults a database of stored rules over a secure channel to determine whether or not the executable can be identified as a permitted executable and whether or not it has permission to execute on a particular computer system under certain specified conditions. If a stored permission is available, it is used to control the execution. Otherwise, the user is consulted for permission.

Abstract: A method of managing a digital certificate by a computer system can include the steps of receiving, the at the computer system, a business request for a digital certificate from a requester and transmitting, by the computer system, the request to a first approver. The method can further include, upon approval by the first approver, transmitting, by the computer system, the request to a second approver, upon approval by the second approver, transmitting, by the computer system, the request to a certificate manager, transmitting, by the computer system, the request to an implementer and receiving, by the computer system, from the implementer, technical information related to the request and transmitting, by the computer system, a certificate to a certificate supplier.

Abstract: A system and method transfers information relating to quality or standards of an organization from a server to a wireless handheld computing device and from the wireless handheld computing device to the server in real-time or near real-time. Each member of an organization can have the same policies and procedures as soon as any of the policies and procedures are updated. The inventive system can allow an organization to also measure compliance and conformance with the distributed policies and procedures. With the handheld computing devices, each member of an organization can complete tests that are closely tied to the distributed policies and procedures. The results of these tests can be transmitted in real-time or near real-time from the handheld computing devices to a central computer server so that an organization can track current performance of all its members relative to the policies and procedures and relative to each other.

Abstract: A method for synchronizing local clocks in a distributed computer network, wherein end systems and switches of the network executes the method as a synchronization state machine, which uses three different frame types. The states in the state machine belong to an unsynchronized or to a synchronized set of states. All end systems being configured as Synchronization Master periodically send coldstart frames in one of the unsynchronized states, all end systems being configured as Synchronization Master react to the reception of a coldstart frame by sending a coldstart acknowledgment frame a first timeout after the reception of the coldstart frame on all replicated communication channels. First timeout is reset when a consecutive coldstart frame is received before the coldstart acknowledge is sent, and all Synchronization Masters react to the reception of a coldstart acknowledgment frame by starting a second timeout and enter a synchronized state when the second timeout expires.

Abstract: A data communication system performs transmission and reception of data by token passing and updates data by an arithmetic process of data transmitted to and received from a slave station. The data communication system includes a management master station that updates data of slave stations, and a local station that updates data of slave stations. The management master station performs a data update when a token frame destined to the management master station is received, and the local station determines a destination of token frames transmitted from the slave stations, and performs a data update when a destination is the management master station.

Abstract: A system and method for establishing a connection on a mobile computing device includes generating a secret on a trusted platform of the mobile computing device. The secret is transported to a subscriber identity module (SIM)/Smartcard on the mobile computing device. A secure local communication channel is established between the trusted platform and the SIM/Smartcard using the secret.