Abstract: A method for authentication, by a host device, of a storage device having a plurality of unit storage areas comprises acquiring information on the distribution of locations of defect referenceive areas to be used for uniquely identifying the storage device, sampling the unit storage areas of the storage device, identifying the distribution of locations of physically defective areas among the sampled areas, determining the similarity between the acquired distribution of locations and the identified distribution of location, and authenticating the storage device according to the result of the determination.

Abstract: A method and apparatus are utilized to conveniently and swiftly render stored information inaccessible. Sensitive information is stored in an encrypted form and by eliminating the key or keys which are needed for decryption, the stored information becomes virtually destroyed. A variety of mechanisms and policies can be used to manage, set and eliminate decryption keys. In some cases decryption keys can be stored in volatile storage elements so that by merely interrupting power to the storage element, the decryption keys are eliminated. In this way, a manually controlled mechanism can be used to allow a user to accomplish a “self-destruct” of the stored information instantly without the need for the operation of any processor and without the need to change any stored information.

Abstract: Provided is an intrusion detection system configured to detect anomalies indicative of a zero-day attack by statistically analyzing substantially all traffic on a network in real-time. The intrusion detection system, in some aspects, includes a network interface; one or more processors communicatively coupled to the network interface; system memory communicatively coupled to the processors. The system memory, in some aspects, stores instructions that when executed by the processors cause the processors to perform steps including: buffering network data from the network interface in the system memory; retrieving the network data buffered in the system memory; applying each of a plurality of statistical or machine-learning intrusion-detection models to the retrieved network data; aggregating intrusion-likelihood scores from each of the intrusion-detection models in an aggregate score, and upon the aggregate score exceeding a threshold, outputting an alert.

Abstract: A method for configuring signaling radio bearer in a wireless communications system includes not ciphering a non-concatenated message on a radio resource control layer or its lower layer and transmitting a concatenated message and the non-concatenated message on different signaling radio bearers, wherein a non-concatenated message consists of a Non-Access Stratum message only and a concatenated message consists of both Non-Access Stratum message and Access Stratum message.

Abstract: Systems, methods, and software for processing received network traffic content in view of content detection data and configuration data to either block, permit, or to further evaluate network traffic content when entering a network.

Abstract: Methods and systems for detecting an electronic intrusion are described. The system receives a notification, over a network, from a first application server that is hosting a first electronic service that is hosting a first user account. The notification reports the detection of a user activity associated with the first user account. The first user account is monitored for user activity. Next, the system may identify the notification reporting the detection of the user activity associated with the first user account as a possible electronic intrusion into the first account.

Abstract: A computer-implemented method for use in evaluating at least one threat to a complex system includes identifying one or more physical components of the complex system and modeling the one or more physical components with interactive software multi-agents. The multi-agents are programmed to monitor and control at least one function of the modeled physical components. One or more threats to a target of the complex system are identified. Each threat is defined as a cyber threat or physical threat and the target is defined as a cyber component or physical component. The method includes simulating an attack on the complex system by the identified threat and assessing an impact of the attack on the complex system.

Abstract: In one embodiment, a processor includes a microcode storage including processor instructions to create and execute a hidden resource manager (HRM) to execute in a hidden environment that is not visible to system software. The processor may further include an extend register to store security information including a measurement of at least one kernel code module of the hidden environment and a status of a verification of the at least one kernel code module. Other embodiments are described and claimed.

Abstract: A method includes receiving a status update from a client device, the status update reflects at least one change associated with the client device, updating a model of the client device based on the status update, receiving data to be screened for a virus, the data is received after an updating of the model of the client device, and screening the model of the client device for the virus. Systems and articles of manufacture are also disclosed.

Abstract: In one embodiment, the present invention includes a system-on-a-chip (SoC) with first and second cores, interface logic coupled to the cores, chipset logic coupled to the interface logic, and a virtual firewall logic coupled between the chipset logic and the second core. The interface logic may include a firewall logic, a bus logic, and a test logic, and the chipset logic may include a memory controller to provide for communication with a memory coupled to the SoC. In some system implementations, both during test operations and functional operations, the second core can be disabled during normal operation to provide for a single core SoC, enabling greater flexibility of use of the SoC in many different implementations. Other embodiments are described and claimed.

Abstract: Disclosed are systems, apparatus, devices, methods, computer program products, computer media, and other implementations, including a method that includes communicating data representative of one or more location-based restrictions corresponding to a venue area to a mobile device determined to be located within the venue area, and controlling, by at least one venue server, use at the mobile device of services available at the venue area from one or more nodes associated with the venue area based, at least in part, on a determination, by the at least one venue server, of whether the mobile device complies with the location-based restrictions corresponding to the venue area.

Abstract: A method and system is provided by which unauthorized changes to the registry may be detected and that provides the capability to verify whether registry, or other system configuration data, changes that occur on a computer system are undesirable or related to possible malware attack before the changes become effective or are saved on the system. A method for verifying changes to system configuration data in a computer system comprises generating an identifier representing an entry in the system configuration data, packaging the identifier, and sending the packaged identifier to a client for verification. The identifier may be generated by hashing the first portion of the entry and the second portion of the entry to generate the identifier, or by filtering the first portion of the entry and hashing the filtered first portion of the entry and the second portion of the entry to generate the identifier.

Abstract: A software protection system comprises a memory system and a microprocessing system. The memory system is configured to store a software program comprised of a plurality of program instructions that, when executed, have a program order. The microprocessing system is coupled to the memory system and is configured to, when executing the software program, determine a next program instruction of the plurality of program instructions in the program order based on an order identifier, fetch the next program instruction from the memory system, determine if the next program instruction requires decrypting, decrypt the next program instruction responsive to determining that the next program instruction requires decrypting, and execute the next program instruction.

Abstract: A method of validating parameters of a request from a Web client to a Web application. The validation rules are sent to a Web client, together with a response to a Web client. The parameters in a response are updated by the Web client. The updated parameters are sent in a subsequent request to the Web client, along with the validation rules. The updated parameters are validated using the validation rules in the request, thus achieving stateless validation. The validation rules are preferably digitally signed.

Abstract: Methods and systems are disclosed for implementing a secure application execution environment using Derived User Accounts (SAE DUA) for Internet content. Content is received and a determination is made if the received content is trusted or untrusted content. The content is accessed in a protected derived user account (DUA) such as a SAE DUA if the content is untrusted otherwise the content is accessed in a regular DUA if the content is trusted.

Abstract: A computer-implemented method for managing malware signatures. The method may include maintaining a set of active malware signatures and maintaining a set of dormant malware signatures. The method may also include providing the set of active malware signatures for use in malware detection more frequently than the set of dormant malware signatures and determining that a first malware signature from the set of dormant malware signatures triggers one or more positive malware detection responses. The method may further include, in response to the determination, moving the first malware signature from the set of dormant malware signatures to the set of active malware signatures. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In one embodiment, a proxy receives, from a client node, a file to be stored by a cloud storage server, where the proxy and the client node are part of a private network that does not include the cloud storage server. The proxy retrieves an encryption key associated with a user of the client node and encrypts the file using the encryption key. The proxy then transmits the encrypted file to the cloud storage server.

Abstract: Methods and systems for automated retrieval of content embedded in or referred to in a message received in a user account are provided. A UCM and/or a UCR may access a user account and retrieve a message from the account. The message may be then analyzed to extract information related to the content that may be included in the message. The content associated with the extracted information is accessed and retrieved. The retrieved content is presented to the user.

Abstract: A computer-implemented method for applying data loss prevention policies to closed-storage portable devices may include (1) injecting a data loss prevention component into at least one application process that is running on a computing device, (2) intercepting, via the data loss prevention component, an attempt by the application process to transfer a file to a closed-storage portable device that is connected to the computing device, (3) identifying a data loss prevention policy that applies to the attempt by the application process to transfer the file, (4) determining that the attempt by the application process to transfer the file violates the data loss prevention policy, and (5) performing a security action in response to determining that the attempt by the application process to transfer the file violates the data loss prevention policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer network and corresponding method for providing, as part of a web portal session, access for a user to a web application running on a server. The network includes first and second traffic managers connected via an intermediate web server. The first traffic manager includes an interface for receiving from the user, as part of the portal session, a request for access to the web application and for passing the request to the intermediate web server; and for forwarding to the second traffic manager. The second traffic manager includes an interface for receiving the request from the first traffic manager via the intermediate web server and for passing the received request to the web application.