Abstract: Disclosed are devices, systems, apparatus, methods, products, and other implementations, including a method that includes receiving a block of information from non-processor memory at an interface between the non-processor memory and processor memory comprising two or more processor memory levels, determining whether the block of information received from the non-processor memory at the interface corresponds to encrypted instruction code, and decrypting the block of information at the interface between the non-processor memory and the processor memory for storage in one of the two or more levels of the processor memory in response to a determination that the received block of information corresponds to the encrypted instruction code. The block of information is stored at the one of the two or more levels of the processor memory without being decrypted when the received block of information is determined to correspond to data.

Abstract: Managing transfer of device ownership is provided. A digitally signed state change request for a device that includes at least one of a new device owner, a new designated successor device owner, and a new device ownership reversibility control bit is accepted. A stored state for the device that includes at least one of a current device owner, a previous device owner, a designated successor device owner, and a current device ownership reversibility control bit is read. The previous device owner is replaced with the current device owner, the current device owner is replaced with the new device owner, the designated successor device owner is replaced with the new designated successor device owner, and the new device ownership reversibility control bit is set in response to the new device ownership reversibility control bit being included in the digitally signed state change request.

Abstract: Embodiments of the present invention provide systems and methods for exchanging information. Communications between an intrusion prevention system (IPS) and at least one end-point are facilitated by controlling network traffic flow in an IPS and the at least one end-point and formation of an information plane. The formed information plane allows attributes of the IPS and the at least one end-point to reside in the formed information plane. A network access policy (NAP) works in conjunction with an IPS and leverages created customized network objects (CNOs). Upon analyzing data packets, the data packets may or may not be forwarded to the IPS.

Abstract: Encrypted data transmitted from a second entity to a first entity may be received. The encrypted data may be encrypted by a location based public key based on a public key and a location associated with the second entity. A location associated with the first entity may be identified. A location based private key may be generated based on a private key that corresponds to the public key and the location associated with the first entity. Furthermore, the encrypted data may be decrypted with the location based private key when the location associated with the first entity matches the location associated with the second entity.

Abstract: Embodiments described herein relate to a device operable to process input for a picture password for proof of knowledge. In some embodiments, the device includes a display, an input subsystem, processor(s), and memory containing instructions executable by the processor(s) such that the device is operative to display, on the display of the device, an image for the picture password proof of knowledge. The image is associated with an overlaid grid comprising a plurality of elements, and each element corresponds to a distinct area of the image. The device is further operative to, determine an offset to be used and, in response to receiving an input via the input subsystem at a first location of the display, highlight an element of the overlaid grid at a second location on the first image on the display. The second location is offset from the first location by the offset.

Abstract: A watermark generator for providing a watermark signal as a sequence of subsequent watermark coefficients based on a stream of subsequent stream values representing discrete valued data includes a differential encoder. The differential encoder is configured to apply a phase rotation to a current stream value of the stream values representing the discrete valued data or to a current watermark symbol, the current watermark symbol corresponding to a current stream value of the stream values representing the discrete valued data, to obtain a current watermark coefficient of the watermark signal. The differential encoder is configured to derive a phase of a previous spectral coefficient of a watermarked signal which is a combination of the host signal and the watermark signal, and to provide the watermark signal such that a phase angle of the phase rotation applied to the current stream value or the current watermark symbol is dependent on the phase of the previous spectral coefficient of the watermarked signal.

Abstract: An apparatus for identifying related code variants or text samples includes processing circuitry configured to execute instructions for receiving query binary code, processing the query binary code to generate one or more query code fingerprints comprising compressed representations of respective functional components of the query binary code, generating token sequence n-grams of the fingerprints, hashing the n-grams, partitioning samples by length to compare selected samples based on length, and identifying similarity via dynamic decimation of token sequence n-grams.

Abstract: A computer program product for cross-site request forgery (CSRF) prevention is provided and includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and executable by a processing circuit to cause the processing circuit to issue a server request for a certificate, which is associated with a user, responsive to a client request to visit a uniform resource indicator (URI) being received, validate the certificate upon receipt in fulfillment of the server request, compare a referrer listed in a header of the client request with a list of certificate elements in the certificate, authenticate the user in accordance with correlation between the referrer and at least one of the certificate elements and authorize the client request to visit the URI upon the user being authenticated.

Abstract: Systems and techniques for securing accessible computer-executable program code and systems are provided. One or more base functions may be generated and blended with existing program code, such that it may be difficult or impossible for a potential attacker to distinguish the base functions from the existing code. The systems and code also may be protected using a variety of other blending and protection techniques, such as fractures, variable dependent coding, dynamic data mangling, and cross-linking, which may be used individually or in combination, and/or may be blended with the base functions.

Abstract: A computer program product for cross-site request forgery (CSRF) prevention is provided and includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and executable by a processing circuit to cause the processing circuit to issue a server request for a certificate, which is associated with a user, responsive to a client request to visit a uniform resource indicator (URI) being received, validate the certificate upon receipt in fulfillment of the server request, compare a referrer listed in a header of the client request with a list of certificate elements in the certificate, authenticate the user in accordance with correlation between the referrer and at least one of the certificate elements and authorize the client request to visit the URI upon the user being authenticated.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for site codes for website authentication are disclosed. In one aspect, a method includes receiving, a request to start a new authenticated session of the web page on the client device. The method includes generating an optical machine-readable code and a security image. The method includes transmitting (i) the security image, (ii) the optical machine-readable code, and (iii) instructions for the server to provide the security image and the optical machine-readable code for simultaneous display. The method includes receiving extracted data that the mobile device extracted from the optical machine-readable code in response to the mobile device optically detecting the optical machine-readable code using a camera of the mobile device. The method includes verifying an identity of the user based on a comparison of the extracted data and data corresponding to the optical machine-readable code.

Abstract: Certificates issued by a CA are distributed across multiple CRLs. Each certificate issued by the CA is assigned to a specific CRL, and the address of that CRL is written to the appropriate field of the certificate, such that an authenticating application can subsequently determine if the certificate is revoked. When the CA revokes a specific one of the issued certificates, it determines to which CRL the revoked certificate is assigned, and updates the specific CRL accordingly. In some embodiments, a single one of the multiple CRLs is active for assignment of certificates at any given time, and each certificate issued by the CA is assigned to the currently active CRL. In other embodiments, assignments of issued certificates are distributed between different ones of a pre-determined number of multiple CRLs by applying a statistical distribution formula to each issued certificate to determine a corresponding target CRL.

Abstract: A communications system is provided. A network device (9) controls the setting up of a device to device communication link, as sent between a device in the core network (7) and the base station(s) (5) servicing the relevant mobile devices (3), including disclosure of the common security information for two mobile devices to communicate securely over the direct device to device communications link.

Abstract: A network adapter system and associated method are provided. The network adapter system includes a processor positioned on a network adapter coupled between a computer and a network. Such processor is configured for scanning network traffic transmitted between the computer and the network.

Abstract: A method for providing authentication of a user of a recipient unit when the recipient unit is off-line includes storing one or a plurality of one-time challenge-reply sets based on an on-line communication with a sender unit. In one example, each of the one-time challenge-reply sets includes at least a one-time challenge-reply pair for use in off-line authentication of the user for a particular resource available through the recipient unit. When the user is offline, the method includes selecting at least one of the plurality of stored one-time challenge-reply sets for off-line authentication of the user for the particular resource available through the recipient unit. The one-time challenge-reply sets may be associated with an article.

Abstract: A method and system for distributed security for a plurality of devices in a communication network, each of the devices being responsible for generating, distributing and controlling its own keys for access to the communication network and using the keys to establish a trusted network, each device's membership to the communication network being checked periodically by other devices by using a challenge response protocol to establish which devices are allowed access to the communication network and the trusted network.

Abstract: A data transmitting method suitable to a client and a server is provided. The method includes the following steps. The client generates an initial value. The server generates a first time in response to the initial value. The client generates a second time and a first verification hash code related with the first time and the second time. The server generates a random variable and a second verification hash code related with the first time, the random variable and the first verification hash code. The client generates a first transmitting data and a third verification hash code related with the first transmitting data, the first verification hash code and the second verification hash code. The server generates a first response message and a fourth verification hash code related with the first response message, the second verification hash code and the third verification hash code.

Abstract: The subject disclosure is directed towards running script through a malware detection system including an emulator environment to detect any malware within the script. Statistics are collected as part of processing the script, with parameterized heuristic analysis used to determine whether to run the emulation. The processing through the malware detection system may be iterative, to de-obfuscate layers of obfuscated malware. The emulator may be updated via signatures.

Abstract: A system comprises a memory, interface, and processor. The system is operable to store a plurality of attestations, where at least one of the plurality of attestations comprise a reason statement for signing an artifact. The system is further operable to display at least one of the plurality of attestations and receive a first selection of a first attestation. The system generates an expanded artifact by concatenating the artifact and the first attestation. The system creates a first digital signature based on the expanded artifact creates a first enhanced digital signature by applying the first digital signature and the first attestation. Further, the system stores the first enhanced digital signature.

Abstract: A system and method of guaranteeing the presence of secure and tamper-proof remote files over a distributed communication medium, such as the Internet, is provided. The system and method automatically detects, and then self-repairs corrupt, modified or non-existent remote files. The method first performs an integrity check on a remote file and then determines whether the integrity check passed. If the integrity check passed, then the user goes through the authentication process as normal. If the integrity check fails, then the present invention redirects to an install module in order to prepare to reinstall the remote file. Via the install module, the present invention then reinstalls the remote file and the user is then taken through the authentication process as normal.