Abstract: A system and method for isolating secure communication events from a non-secure application are described herein. The method can include the steps of intercepting a communication event from an external communications network or an external communications device and determining whether the communication event is a secure communication event. If the communication event is a secure communication event, the secure communication event can be processed by a secure application. In addition, the secure communication event can be prevented from being processed by the non-secure application.

Abstract: According to one embodiment, a transparent security gateway is coupled between a client end station (CES) and a web application server (WAS). The security gateway monitors an encryption protocol handshake between the CES and the WAS to capture, using a provided private key of the WAS, a generated symmetric key to be used for an encryption layer connection. Using the captured symmetric key, the security gateway receives an encrypted connection record of the encryption layer connection, decrypts the encrypted connection record to yield a plaintext connection record, modifies the plaintext connection record, encrypts the modified plaintext connection record using the symmetric key, and transmits one or more packets carrying the encrypted modification plaintext connection record instead of the received encrypted connection record such that neither the CES or WAS is aware of the modification of the encrypted data.

Abstract: System for remote firmware updates of mail processing device from a remote data server including: file download servers connected to the remote data server for receiving encrypted files encrypted from a list of binary files corresponding to firmware of a mail processing device to update; web servers providing a web service application for downloading files and connected to the remote data server and the files download servers for retrieving the encrypted files associated with a personalized files catalog retrieved from the remote data server; and a user computer system connected to the web servers for receiving the encrypted files for download onto a storage device to plug into the mail processing device. The mail processing device decrypts the encrypted files with file decryption keys previously provided with the personalized files catalog and installs the files before connecting to the remote data server for report the outcome of the installation.

Abstract: A system is disclosed comprising multiple sets of client computers each client computer having installed thereon an application program The application program comprising client computer specific log-in information, a database system coupled to the set of client computers via a network. The database system having a log-in component for logging-in the client computers, and being partitioned into multiple relational databases each one of which is assigned to one set of the sets of client computers. Each database further storing encrypted data items, each data item being encrypted with one of the user or user-group specific cryptographic keys, the key identifier of the cryptographic key with which one of the data items is encrypted being stored in the database as an attribute of the one of the encrypted data items. The log-in component comprising assignment information indicative of the assignment of the databases to the set of client computers.

Abstract: A method for encryption of blocks of data (201-206) is provided including the steps of: encrypting (301) a block of data using a current random number (211-216) generated for the block of data (201-206); encoding (303) the current random number using one or more of a set of previous random numbers, each of the set of previous random numbers having been used to encrypt a previously sent block of data; and transmitting (304) the encrypted block of data (241-246) with the one or more versions of the encoded current random number (272-276), each version for a different one of the previous random numbers.

Abstract: A method may include, in a computing device including a processor, memory, an operating system, and at least one installed application, detecting an attempted exploitation of at least one known vulnerability associated with the device. The attempted exploitation may be logged. At least one remedial action may be performed on the device based on the logged attempted exploitation. The known vulnerability may be associated with the operating system and/or the at least one installed application. The at least one known vulnerability may include one or more of at least one known coding flaw in the operating system or in the at least one installed application, at least one known weakness in a protocol running on the computing device, a known family of coding flaws in the operating system or in the at least one installed application, an unauthorized triggering of premium SMS services, and/or triggering of a hostile misconfiguration.

Abstract: A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.

Abstract: A method, computer-readable storage device and apparatus for encrypting a broadcast message of a base station are disclosed. For example, the method selects an encryption key for the broadcast message and encrypts the broadcast message using the encryption key to create an encrypted broadcast message. The method then transmits an identifier of the encryption key and transmits the encrypted broadcast message over a broadcast channel. A method for decrypting a broadcast message that is encrypted is also disclosed.

Abstract: Methods and systems allow a user to log in to a device so that a number of apps become accessible on the device without the user repeatedly logging in to each different app as the user launches multiple apps. A mechanism of providing a master token with a quality score and providing sub-tokens for each app that can use the sub-token and the score quality to evaluate the level of security provided by the initial login allows each app to skip its own login process and provides a level of enhanced efficiency and convenience for the user. A method includes authenticating a user; creating a master token on the user device; creating a sub-token of the master token for an app launched on the device; the app skipping the login process of the app in response to the sub-token so that the app proceeds directly to validating a transaction.

Abstract: Embodiments of the present invention disclose a method, computer program product, and system for managing participants of a web conference that follows a first web conference. A computer determines that a second web conference will use a web conference channel continuously following the completion of a first web conference using the web conference channel. The computer determines that a participant of the first web conference that is connected to the web conference channel at the start of the second web conference is not authorized to attend the second web conference and the computer disconnects from the web conference channel the participant that is not authorized to attend the second web conference.

Abstract: Embodiments of the present invention disclose a method, computer program product, and system for managing participants of a web conference that follows a first web conference. A computer determines that a second web conference will use a web conference channel continuously following the completion of a first web conference using the web conference channel. The computer determines that a participant of the first web conference that is connected to the web conference channel at the start of the second web conference is not authorized to attend the second web conference and the computer disconnects from the web conference channel the participant that is not authorized to attend the second web conference.

Abstract: A method of authorizing a user at a location is disclosed. A user data input device is used for receiving of user information. In dependence upon stored policy data, a location of the workstation and other characteristics thereof, an authorization method for the user is determined. In the authorization method, the user is first identified with the security server and then optionally authorized thereby. The stored policy data results in different determined methods for different authorization procedures based upon the user data and the characteristic of the user data input device and the workstation.

Abstract: A mobile carrier may selectively offload backhaul data traffic between cell sites and the core network to existing alternative relay networks to increase available backhaul bandwidth to meet higher data traffic demands without adding additional network ‘infrastructure. Data traffic may be offloaded from a cellular network to the alternative relay network based on at least one of a bandwidth capacity of the alternative relay network, a bandwidth availability of the alternative relay network, or a data class of the data. The amount of data that is offloaded to the alternative relay network may then be adjusted based on a blocking probability that is calculated for the alternative relay network.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths. A keyed information dispersal algorithm (keyed IDA) may also be used. The key for the keyed IDA may additionally be protected by an external workgroup key, resulting in a multi-factor secret sharing scheme.

Abstract: A system and method for designating and administering authority in a trusted environment is provided. In some embodiments, a determination is made that a transfer of the authority to a second computing entity is warranted. The second computing entity is opportunistically contacted, and during the opportunistic contact, the authority is passed from the first computing entity to the second computing entity. The passing of the authority from the first computing entity to the second computing entity tasks the second computing entity with updating members of the group of the passing of the authority. The passing of authority may include providing an outstanding group update to the second computing entity and may also include tasking the second computing entity with completing the outstanding group update.

Abstract: Methods and systems for protecting de-duplication repositories against a malicious attack are disclosed. One method receives at least one block of data to store in a data storage system. A de-duplication engine comprising a secret key is utilized to generate a secret key hash of the at least one block of data. A comparison of the secret key hash of the at least one block of data with a secret key hash table of previously stored data on the data storage system to identify duplicated data, the secret key hash comparing protecting the data storage system against a malicious attack.

Abstract: A method for automated network deployment of cloud services into a network is suggested. The method includes receiving a certain cloud service with a certain resource protection template specifying an isolation policy for isolating zones in the network, receiving certain customer protection parameters specifying customer needs regarding protection in the network, providing security requirements by matching the received resource protection templates and the received customer protection parameters, and automatically deploying the certain cloud service into the network by using the provided security requirements.

Abstract: A system including a server system, a user terminal and a hardware token, for providing secure access to a data record. The server system comprises storage means (1) for storing a plurality of data records, a data record (2) having associated therewith a sequence of secrets (14) shared with a hardware token (60) corresponding to the data record (2), the server system (100) further being arranged for storing user authentication information (3). User authenticating means (10) are provided for receiving authentication credentials (11) of a user from a user terminal (200) and authenticating the user as an authorized user, based on the authentication credentials (11) of the user and the stored authentication information (3). Secret-receiving means (9) are provided for receiving a representation of a secret (13) revealed by a hardware token (60) and information identifying the data record corresponding to the hardware token from the terminal.

Abstract: Provided are an authentication method that includes connecting an optical disc drive (ODD) for driving a medium and a host device for reproducing contents stored in the medium using an interface. An authentication for reproducing the contents is performed by mutually exchanging data between the host device and the ODD via the authentication area of the ODD for storing the data. Accordingly, the ODD may convert a file from the optical disc, which is in an intrinsic format, into a format that is recognizable by a host device.

Abstract: A storage device is coupled to a computing system comprising an operating system and application software. Access to the storage device is blocked by a kernel filter driver, except exclusive access is granted to a first anti-virus engine. The first anti-virus engine is directed to scan the storage device for malicious software and report results. Exclusive access may be granted to one or more other anti-virus engines and they may be directed to scan the storage device and report results. Approval of all or a portion of the information on the storage device is based on the results from the first anti-virus engine and the other anti-virus engines. The storage device is presented to the operating system and access is granted to the approved information. The operating system may be a Microsoft Windows operating system. The kernel filter driver and usage of anti-virus engines may be configurable by a user.