Abstract: A system for securing and tracking usage of transaction services or computer resources by a client computer from a first server computer, which includes clearinghouse means for storing identity data of the first server computer and the client computer(s); server software means and client software means adapted to forward its identity data and identity data of the client computer(s) to the clearinghouse means at the beginning of an operating session; and a hardware key connected to the client computer, the key being adapted to generate a digital identification as part of the identity data; wherein the hardware key is implemented using a hardware token access system, a magnetic card access system, a smart card access system, a biometric identification access system or a central processing unit with a unique embedded digital identification.

Abstract: A trust propagation system is disclosed that propagates trust data based on established trust relationships. The trust system may automatically propagate trust data between parties A and C based on trust relationships with a common party B. Trust data may include authentication data such as biometric data, encryption data, passwords, etc. that may be used to conduct exclusive communications.

Abstract: A system and method for facilitating the establishment of a virtual private network between a network and a remote computer, the system having: a mobile device connectable to the remote computer and storing a user profile, virtual private network information, and password information; virtual private network software being located on one of the mobile device and the remote computer; an access point communicating with the network; and communication means for communications between the access point and one of the mobile device and the remote computer, wherein the user profile, virtual private network information, and password information is passed to the virtual private network software upon connection of the mobile device to the remote computer, the virtual private network software using the user profile, virtual private network information, and password information to establish a virtual private network through the communications means and the access point to the network.

Abstract: Methods, apparatuses, computer program products, devices and systems are described that carry out accepting from a user identifier encryption entity at least one encrypted identifier corresponding to a user having at least one instance of data for encryption; encrypting the at least one instance of data to produce level-one-encrypted data; associating the at least one encrypted identifier with the level-one-encrypted data, wherein a level-one decryption key for the level-one-encrypted data is inaccessible to the user identifier encryption entity; and transmitting the level-one-encrypted data and associated encrypted identifier.

Abstract: A computer-implemented method includes retrieving, by one or more processing devices and from one or more data repositories, user information; generating, based on the retrieved user information, a digital personal profile that is a composite of a set of pre-defined attributes; determining an aggregate strength of values of the set of pre-defined attributes in the digital personal profile; and generating, based on the determined aggregate strength, a digital security score that measures a level of online security of accessing resources over a computer network.

Abstract: Embodiments are directed towards managing network traffic that includes SSL secured NTLM acceleration. A Packet Traffic Management Computer (PTMC) may receive a challenge sent by a server computer before the challenge is provided to a client computer. After receiving the challenge from the server computer, the PTMC may generate a cookie that at least includes a session-ID that corresponds to the client computer. The PTMC may add the cookie to the challenge before the modified challenge is forwarded to the client computer. If response is received from the client computer and it includes the same cookie that was sent with the challenge. The session-ID may be extracted from the cookie and employed to determine which server computer should receive the message. If a server computer may be determined, the PTMC may forward the message to the determined server computer.

Abstract: A method for determining whether or not a monitor is registered with a security service. The method includes using a device search engine to perform a search for and find a monitor. Then it is determined whether or not the found monitor is registered with the security service. When the found monitor is not currently registered with the security service, an owner of the unregistered monitor is automatically contacted.

Abstract: A method and system for access credential functionality using biometrically generated public/private key pairs may involve generating an asymmetric encryption key pair using a biometric scan of a human user and a server identifier of a network server. The public key of the key pair may be sent to the network server from a client device operated by the human user. The network server may use the public key to authenticate that the client device is in possession of the private key, thereby authenticating the human user.

Abstract: An approach is provided for displaying moving graphic objects on the display screen of the information handling system that are selected by a user while the objects are moving. The system is unlocked in response to the set of graphic objects selected by the user and the selection order matching an expected set of graphic objects and an expected selection order. Unlocking of the system allows the user to interact with one or more applications of the information handling system and to access data stored on the information handling system.

Abstract: An information processing system in which a monitoring device can detect illegal and/or abnormal operations in a system to be monitored, without using detailed information of the system, is provided. In a target device 100, an operation data generation unit 130 generates operation data 140 as data of encoding a set of operations related to a predetermined program executed in an execution environment 120, and transmits the operation data to the monitoring device 200. In the monitoring device 200, an operation pattern storing unit 230 stores an operation pattern 240 as operation data related to a set of operations to be detected. An operation data decision unit 220 decides that the operation to be detected is executed in the execution unit when the operation data received from the target device 100 matches the operation pattern 240, and notifies of execution of the operation to be detected.

Abstract: The subject disclosure is directed towards providing a computing device with access to key that depends on the current software version, e.g., the software version of a security processor. If the software is compromised, another key becomes available with release of each new (non-compromised) software version. Keys for future versions cannot be derived, while keys for earlier versions can be derived from the current key. A secure boot process uses a secret to generate a first key, after which access to the secret is turned off. The first key is used with key blob data to compute a second key used for data decryption (and encryption) as needed. The key blob data may be global for all devices, and/or device specific; a hash stick comprising a set of derivable keys may be used at manufacturing time to generate the device-specific key blob data.

Abstract: Disclosed herein is a method for enforcing policy compliance on a device that includes detecting a compliance action associated with an electronic device. The compliance action initiates verification that the electronic device is in compliance with a policy. The method also includes sending configuration information for the electronic device to a compliance authenticator in response to the compliance action. The compliance authenticator verifies that the configuration information complies with a policy. Further, the method includes receiving an authentication certificate in response to the compliance authenticator verifying the configuration information complies with the policy. The authentication certificate expires after a predetermined period of time.

Abstract: A distributed multi-agent system and method is implemented and employed across at least one intranet for purposes of real time collection, monitoring, aggregation, analysis and modeling of system and network operations, communications, internal and external accesses, code execution functions, network and network resource conditions as well as other assessable criteria within the implemented environment. Analytical models are constructed and dynamically updated from the data sources so as to be able to rapidly identify and characterize conditions within the environment (such as behaviors, events, and functions) that are typically characteristic with that of a normal state and those that are of an abnormal or potentially suspicious state. The model is further able to implement statistical flagging functions, provide analytical interfaces to system administrators and estimate likely conditions that characterize the state of the system and the potential threat.

Abstract: A key-value storage device and method of using the same. In some embodiments, keys are stored in a key store in a first non-volatile memory and corresponding values associated with the keys are stored in a value store of a second non-volatile memory. An input command is received from a host device, the input command having a key associated with a value. Different first and second hash values are generated by applying a hash function to the key. The input command is executed responsive to the first and second hash values.

Abstract: A security circuit may include a functional circuit including a test chain that connects flip-flops to verify hardware of the functional circuit, the functional circuit configured to generate an output signal by encrypting an input signal based on a control signal, a mode signal, and the chain; and/or a test controller configured to generate the input, control, and mode signals, and configured to generate an authentication result based on the output signal. A security circuit may include a first device including a plurality of flip-flops in a test chain, the first device configured to receive first, second, and third signals, and configured to generate a fourth signal by encrypting the first signal based on the second and third signals and the chain; and/or a second device configured to generate the first, second, and third signals, and configured to generate an authentication result based on the fourth signal.

Abstract: A function performing apparatus includes a function performing unit, an operation unit, a processor and memory. The function performing apparatus receives a first instruction from a portable device, determines whether first authentication information is to be registered in an authentication memory, registers the first authentication information in authentication the memory, transmits the first authentication information, receives a second instruction including the first authentication information from the portable device, changes a state of the function performing apparatus from a non-permission state to a permission state if the second instruction is received while the first authentication information is registered in the authentication memory and changes the state from the non-permission state to the permission state if second authentication information is input to the function performing apparatus by the operation unit while the second authentication information is registered in the authentication memory.

Abstract: Methods, apparatuses, computer program products, devices and systems are described that carry out receiving level-one encrypted data including at least one associated encrypted identifier; encrypting with a level-two encryption key at least a part of the level-one encrypted data to produce level-two encrypted data; receiving a hash of the at least one associated encrypted identifier; associating the hash with the level-two encrypted data; and transmitting the level-two encrypted data and associated hash of the at least one associated encrypted identifier.

Abstract: A method for transmitting a sequence of data blocks to be transmitted includes: one first piece of authentication data and one second piece of authentication data different from the first are formed relative to a selected data block; the selected data block, the first piece of authentication data and the second piece of authentication data are transmitted to a receiver; and the receiver checks (i) a validity of the received data block with the aid of the received first piece of authentication data and (ii) a validity of the received first piece of authentication data with the aid of the received second piece of authentication data.

Abstract: Delivering author specific content includes identifying author specific content with tags inserted into its metadata across multiple online resources and delivering updates about the author specific content to a user specified activity stream.

Abstract: A system for securing and tracking usage of transaction services or computer resources by a client computer from a first server computer, which includes clearinghouse means for storing identity data of the first server computer and the client computer(s); server software means and client software means adapted to forward its identity data and identity data of the client computer(s) to the clearinghouse means at the beginning of an operating session; and a hardware key connected to the client computer, the key being adapted to generate a digital identification as part of the identity data; wherein the hardware key is implemented using a hardware token access system, a magnetic card access system, a smart card access system, a biometric identification access system or a central processing unit with a unique embedded digital identification.