Abstract: A method for incrementally fingerprinting a computing device includes steps for executing device-identification code programmed to retrieve a complete set of device configuration metrics from a web browser of the computing device, interrupting execution of the device-identification code after retrieval of a first subset of the device configuration metrics, generating a partial device fingerprint from the first subset, generating a temporary device identifier from the partial device fingerprint, and generating a subset indicator identifying the device configuration metrics that compose the first subset.

Abstract: Disclosed are various embodiments for assessing risk associated with a software application on a user computing device in an enterprise networked environment. An application rating is generated for the software application based at least in part on application characteristics. A risk analysis for the installation of the application is generated based at least in part on the application rating, the user computing device, and user information.

Abstract: A processing device is configured to obtain an address and a public key, both associated with an authentication service, to generate a symmetric key as a function of the public key, to configure an authentication token to incorporate the symmetric key, to encrypt the symmetric key utilizing the public key, and to transmit the encrypted symmetric key to the address so as to permit the authentication service to bind the symmetric key to an identifier of the authentication token. By way of example, the authentication token may comprise a software authentication token implemented on the processing device. One or more tokencodes generated by the authentication token utilizing the symmetric key are transmitted to the authentication service for authentication. The authentication by the authentication service is based on the symmetric key bound to the identifier of the authentication token.

Abstract: A method of filtering outbound Internet traffic includes connecting an appliance to a network (that includes an end user terminal and a router), altering the flow of network traffic to direct the end user terminal to route outbound Internet traffic through the appliance, and filtering the outbound Internet traffic with the appliance. The outbound Internet traffic is traffic to remote servers from the end user terminal. The appliance may alter the flow of network traffic by issuing a gratuitous ARP packet from the appliance to direct the end user terminal to route the outbound Internet traffic through the appliance instead of the router. The appliance may receive the outbound Internet traffic to remote servers from the end user terminal, monitor the outbound Internet traffic, filter the outbound Internet traffic to form allowed packets for the remote servers, and/or forward the allowed packets to the remote servers.

Abstract: Improved techniques involve testing periodicity at a given period based on locations of clicks within a sampling window whose duration is a multiple of the given period. Along these lines, when a testing server receives a click stream from a client machine, the testing server assigns a timestamp to each of the clicks in the click stream. The testing server generates a list of candidate periods at which periodicity of the click stream is to be tested. For each of the candidate periods, the testing server forms a sampling window whose duration is a multiple of that candidate period and tests whether the click stream is periodic based on the locations of the clicks within the sampling window. If indeed the testing server finds that the click stream is periodic at any of the candidate periods, the testing server may send an alert to a security entity to indicate that suspect activity has been identified.

Abstract: A method of enhancing security of at least one of a host computing device and a peripheral device coupled to the host computing device through a communication interface. Data is transparently received from the peripheral device or the host computing device, and the received data is stored. The stored data is analyzed to detect a circumstance associated with a security risk. If such a circumstance is not detected, then the data is transparently forwarded to the other of the peripheral device or the host. However, if a circumstance associated with a security risk is detected, then a security process, defined by a rule, is performed. Related apparatus are provided, as well as other methods and apparatus.

Abstract: The present invention is directed to systems and methods for establishing an electronic communications connection between secure communities. A secure community includes a collection of communication resources having an administrator that maintains control over the secure community. In an embodiment, a system for establishing an electronic communications connection between two or more secure communities includes a community gateway controller, an identification module, a secure community database configured to store secure community information, and an encryption compatibility module configured to determine a media transmission encryption scheme for a connection between a host secure community and a second secure community.

Abstract: A data storage system is provided. The system includes an electronic storage architecture configured to be coupled to a computing system and a storage medium. The architecture mediates the storing and accessing of data at the storage medium in response to the commands to write or read data. The architecture includes a file interface configured to process at least one attribute associated with data. The architecture includes a crypto interface configured to encrypt and decrypt the data based on the at least one attribute. The at least one attribute specifies a classification level of the data. The crypto interface includes cryptographic functions. Each cryptographic function is associated with a different classification level. The architecture includes a storage interface configured to provide a mapping between partitions on the storage medium and the cryptographic functions. Each of the partitions is associated with a different classification level.

Abstract: A method for secure communications between a transmitting computer and a receiving computer includes transmitting data from the transmitting computer over a first one-way link to a data security engine, receiving and validating the data within the data security engine, and, after validating the data, transmitting the data from the data security engine to the receiving computer over a second one-way link.

Abstract: A private overlay is provided for information networking that puts the user in charge of the user's personal information. User identity is separated from a numeric tag that points to the cell in which the user equipment can be paged. The private overlay is created by addition of a registration and certification authority such as Public Key Infrastructure and Certification Authority (PKI). The registration and certification authority provides the network and all subscribers with public encryption keys for the network and the users. Private decryption key are generated and stored locally in a suitable manner. With this addition, a private overlay to the existing cellular, wireless or utility distribution infrastructure can be established for a device that has registered with, e.g., a cellular or wireless network or with a utility distribution system.

Abstract: A trust-based approach for authorizing computing resources in a networked computing environment is provided. Specifically, in a typical embodiment, a candidate computing resource (e.g., a virtual machine) will submit a request to join a network computing environment (“environment”). Based on the request, a message will be communicated to previously authorized/joined computing resources to poll/solicit their votes as to whether the candidate computing resource should be trusted/authorized in the environment. Based on the responses submitted by the polled computing resources, the candidate computing resource may be authorized or denied membership in the environment. If authorized, a permission level may be set (e.g., as recommended by the polled computing resources).

Abstract: Collaborative computing and electronic records are disclosed. An entity that may be able to help achieve an objective is discovered and a connection to the entity established. A meta-language is used to exchange with the entity a description of the objective and a description of the entity. The meta-language is used to negotiate with the entity a contract to help achieve the objective. In the event a contract to help achieve the objective is reached, performing a self-configuration in accordance with the contract.

Abstract: A method for secure communications between a transmitting computer (24) and a receiving computer (22) includes transmitting data from the transmitting computer over a first one-way link (28) to a data security engine (26), receiving and validating the data within the data security engine, and, after validating the data, transmitting the data from the data security engine to the receiving computer over a second one-way link (30).

Abstract: An identification information management system according to the present invention comprises a plurality of terminals communicable with servers and a site management apparatus which manages site containing the terminals. The terminal has an identification information processing unit which assuming that a one-way hash function is f(x) and a terminal-unique ID is a, generates values x satisfying a conditional equation f(x)=a as identification information. When acquiring multiple items of identification information, the site management apparatus substitutes the identification information as the value x into f(x) and decides whether f(x)=a is satisfied, thereby deciding the terminals.

Abstract: A method for locking out a remote terminal unit includes: receiving a lockout request, wherein the lockout request includes at least a public key associated with a user, a user identifier, and a terminal identifier; identifying a user profile associated with the user based on the user identifier included in the received lockout request; verifying the public key included in the received lockout request and permission for the user to lockout a remote terminal unit associated with the terminal identifier included in the received lockout request based on data included in the identified user profile; generating a lockout permit, wherein the lockout permit includes at least the public key included in the received lockout request; and transmitting at least a lockout request and the generated lockout permit, wherein the lockout request includes an instruction to place a lockout on the remote terminal unit.

Abstract: Techniques for malware domain detection using passive Domain Name Service (DNS) are disclosed. In some embodiments, malware domain detection using passive DNS includes generating a malware association graph that associates a plurality of malware samples with malware source information, in which the malware source information includes a first domain; generating a reputation score for the first domain using the malware association graph and passive DNS information; and determining whether the first domain is a malware domain based on the reputation score for the first domain.

Abstract: A method for data matching includes providing two sets of encrypted data elements by converting data elements to respective sets of vectors and encrypting each vector with a public key of a homomorphic encryption scheme. Each data element includes a sequence of characters drawn from an alphabet. For pairs of encrypted data elements, a comparison measure is computed between the sets of encrypted vectors. An obfuscated vector is generated for each encrypted data element in the first set, which renders the first encrypted data element indecipherable when the comparison measure does not meet a threshold for at least one of the pairs of data encrypted elements comprising that encrypted data element. The obfuscated vectors can be decrypted with a private key, allowing data elements in the first set to be deciphered if the comparison measure meets the threshold for at least one of the data elements in the second set.

Abstract: The subject matter described herein includes methods, systems, and computer readable medium for scrambled communication of data to, from, or over a medium. According to one aspect, the subject matter described herein includes a method for communicating data in scrambled form to or over a medium. The method includes receiving analog or digital data to be transmitted to or over a medium. The method further includes modulating samples representing at least signal using the analog or digital data to produce data modulated signal samples. The method further includes scrambling the data modulated signal samples using a predetermined scrambling algorithm. The method further includes transmitting the scrambled data modulated signal samples to or over the medium. The method further includes descrambling samples received from the medium using the inverse of the predetermined scrambling algorithm to obtain the unscrambled modulated signal samples, which can then be demodulated to retrieve original data.

Abstract: Techniques for malware detection using clustering with malware source information are disclosed. In some embodiments, malware detection using clustering with malware source information includes generating a first cluster of source information associated with a first malware sample, in which the first malware sample was determined to be malware, and the first malware sample was determined to be downloaded from a first source; and determining that a second source is associated with malware based on the first cluster.

Abstract: A network security policy may be implemented at network switches as a set of active packet disposition directives. In a dynamically programmable network, the network switches can be dynamically reprogrammed with new packet disposition directives. A security mediation service permits such dynamic reprogramming as long as the new directives are consistent with the then-current network security policy. The security mediation service evaluates candidate packet disposition directives for conflicts with the currently active security policy, before instantiating the candidate packet disposition directives at the network switches.