Abstract: A computer-implemented method for managing malware signatures. The method may include maintaining a set of active malware signatures and maintaining a set of dormant malware signatures. The method may also include providing the set of active malware signatures for use in malware detection more frequently than the set of dormant malware signatures and determining that a first malware signature from the set of dormant malware signatures triggers one or more positive malware detection responses. The method may further include, in response to the determination, moving the first malware signature from the set of dormant malware signatures to the set of active malware signatures. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: To prevent specification and tracking of a terminal across a plurality of service providers when a user uses a plurality of services. An ID authentication system according to the present invention is an ID authentication system including a terminal apparatus, a service providing apparatus, and an authentication server. A terminal apparatus 100 includes a one-time ID automatic generator 120 for generating a one-time ID, a one-time ID transmitter 130 for transmitting the one-time ID to the service providing apparatus, and a user ID transmitter 140 for transmitting to the authentication server the one-time ID and an ID to uniquely identify a user. An authentication server 200 includes an authentication information manager 220 that stores authentication information of the user used by a plurality of service providing apparatuses.

Abstract: A system, method and computer program product for identifying malicious code running on a computer, including an operating system running on the computer with a data storage device; and a trusted software component running simultaneously with the operating system. An online snapshot process of a current state of the data storage device copies data blocks from the storage device to intermediate storage. Processes running under the control of the operating system have access to the data storage device. A scanning procedure runs under control of the trusted software component that has access to data representing the snapshot of the data storage device from the trusted software component. The scanning procedure analyzes the snapshot of the data storage device for the malicious code, and, in response to a “write” directed to a data block in the snapshot area of the storage device, that data block is written to the intermediate storage.

Abstract: Systems and methods are provided for determining a presence of a watermark in electronic data. In certain embodiments, a plurality of keys is generated, and a plurality of payloads are retrieved from electronic data using the keys. A statistical indicia of randomness is generated based on the payloads, and the presence of a watermark is determined when the indicia is below a threshold.

Abstract: Aspects of the subject technology relate to systems, methods, and machine-readable media for performing a cryptographic operation. A system can be configured to submit a request, to a security device, for a decrypted user encryption key, wherein the security device is configured to decrypt the user encryption key by unbinding the user encryption key using a user authorization key. The system can receive, in response to the submitted request, the decrypted user encryption key and decrypt authorization data for a cryptographic key using the decrypted user encryption key. The system can submit a request for the security device to load the cryptographic key, wherein authorization data is used to authorize the request, and submit a request for the security device to perform a cryptographic operation using the loaded cryptographic key.

Abstract: Login credentials for at least one website, such as a social networking website, are received from a user purporting to act on behalf of an entity, for example, in the context of registering the entity with a system for electronic bill payment. Social data relating to the entity is retrieved from the websites using the login credentials. The social data comprises a plurality of social connections, each reflecting a respective relationship between the entity and a respective third party. A plurality of relevant social connections comprising at least a subset of the plurality of social connections is determined, each social connection of the plurality of relevant social connections reflecting a relationship to a respective third party that is deemed to be reliable. A reliability rating of the entity is then determined based on the plurality of relevant social connections.

Abstract: A method and apparatus are utilized to conveniently and swiftly render stored information inaccessible. Sensitive information is stored in an encrypted form and by eliminating the key or keys which are needed for decryption, the stored information becomes virtually destroyed. A variety of mechanisms and policies can be used to manage, set and eliminate decryption keys. In some cases decryption keys can be stored in volatile storage elements so that by merely interrupting power to the storage element, the decryption keys are eliminated. In this way, a manually controlled mechanism can be used to allow a user to accomplish a “self-destruct” of the stored information instantly without the need for the operation of any processor and without the need to change any stored information.

Abstract: A computer is configured to receive an authentication request that identifies one or more authentication form factors, and for each form factor identified, further identifies at least one parameter. The computer is further configured to generate a risk score for the authentication request using the parameter, the risk score being based at least in part on a complexity associated with each of the one or more authentication form factors. The computer is further configured to provide the risk score to a requester.

Abstract: Methods and apparatus, including computer program products, related to relationship-based authorization. In general, data characterizing a request for authorization to a computer-based resource is received, and the authorization may be provided based on one or more relationships of a requesting principal. A determination may be made as to whether a requesting principal is authorized, which may include determining whether the requesting user has a relationship with a principal that has management rights of the computer-based resource and determining whether the relationship allows for an access, such as a use of the computer-based resource, if the requesting principal has a relationship with the other principal. If there is no such relationship, a determination may be made as to whether an organization of the requesting principal has a relationship with the other principal that allows for the access.

Abstract: A secure data processing method includes the following steps: padding (E206) a memory area (MAC?) with a pad value (A); writing (E208) a first datum in the memory area (MAC?); in the area, reading (E210) a second datum with at least one part of the first datum as it was written in the memory area (MAC?); and executing an operation (E210) using the second datum.

Abstract: One or more online configuration settings are received prior to deployment and execution of a software appliance. Once the configuration settings have been received, the online configuration settings can be utilized to configure a software appliance image prior to executing the image at a host computer. Once the application of the configuration settings to the image has been completed, the image may executed at a host computer.

Abstract: A method and system for a user to obtain a derived value Kr of m bits, in which, given two pseudo-random functions g0 and g1 from m bits to m bits, said user obtains, on the basis of an input parameter consisting of a word r of n bits, a derived value Kr=grn? . . . gr2?gr1 (S), where, for i=1, . . . , n, gri=g0 if ri=0, and gri=g1 if ri=1, and where S is a master value of m bits which is not disclosed to said user. This method comprises the following steps: a search is conducted, from among a set of words of m bits Uj, where j=1, . . . , p, recorded in a table TU and equal to Uj=gvl(j)(j)? . . . gv2(j)?gv1(j) (S), where, for i=1, . . . , l(j), the indices vi(j) are predetermined bits, for a word U? equal to U?=grl(?)? . . . gr2?gr1 (S); said derived value Kr is thereafter obtained by calculating Kr=grn? . . . grl(?)+1 (U?). Application to the encryption/decryption of pay-per-use digital contents, and to authentication.

Abstract: A system for processing electronic transactions according to policies is disclosed. The system includes a user module configured to store computer-readable information related to a user, and a policy module configured to store a plurality of policies for electronic transactions. Each policy for an electronic transaction includes a permission to access a physical space or item by a user. The system also includes a processor configured to receive a request to complete an electronic transaction by the user, and configured to dynamically apply, upon receipt of the request by the processor, the plurality of policies to the user based on the request to complete the electronic transaction. Methods and machine-readable mediums are also disclosed.

Abstract: A system and method for distinguishing human input events from malware-generated events includes one or more central processing units (CPUs), one or more input devices and memory. The memory includes program code that when executed by the CPU causes the CPU to obtain a first set of input events from a user utilizing the input device. The first input events are used to obtain or derive a feature indicative of the user, such as a multi-dimensional feature vector as provided by a support vector machine. Second input events are then obtained, and the second input events are classified against the feature to determine if either the user or malware initiated the second input events.

Abstract: A method and apparatus for securely and remotely enabling the playing of a media program encrypted by a content encryption key over the Internet is disclosed. A license encryption key and a content decryption key are separately and securely transmitted to the receiver. The license encryption key is stored in the CAM and later used to decrypt the content encryption key so that the media program may be recovered.

Abstract: A memory device is provided. The memory device includes a memory configured to store information. The memory device also includes a memory controller in communication with the memory. The memory controller is configured to encrypt the information to define a parameter and access an account on a second memory device based on the parameter to gain access to content. The content is stored in the second memory device and the memory device and the second memory device are configured to be removably coupled to a computing device.

Abstract: Method for providing access to private digital content installed on a content server C(s), wherein a content manager server C(a) has a number of clients potentially interested in the private content; the method comprising the following steps performed at the content management server C(a): establishing a first communication channel with a client C(b) of the number of clients; receiving a query for private digital content from the client C(b) and sending an appropriate response, causing the client to establish a second communication channel with the content server; establishing a secure session with the content server C(s) over the first and second communication channel; establishing a new session key for the secure session and transmitting said new session key to the client C(b), so that the client can obtain the queried private digital content from the content server as if the client is the content management server.

Abstract: A computer-implemented method for detecting illegitimate applications may include 1) identifying an installation of an application on a computing system, 2) determining, in response to identifying the installation of the application, that at least one system file with privileged access on the computing system has changed prior to the installation of the application, 3) determining that the application is illegitimate based at least in part on a time of the installation of the application relative to a time of a change to the system file, and 4) performing a remediation action on the application in response to determining that the application is illegitimate. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and a system for detecting one or more security vulnerabilities. The method comprises providing test instructions for an application, such as a web application or a client server application, adding test code to a code segment of the application according to the test instructions, sending at least one message to the application according to the test instructions at runtime thereof, monitoring test information pertaining to at least one reaction of the application to the at least one message during an execution of the test code, performing an analysis of the at least one reaction, and detecting a presence or an absence of at least one security vulnerability according to the analysis.

Abstract: A method of operating a host computer having a web-browser with the capability of executing at least one web-browser add-on to provide a web application access to a smart card to protect the smart card from security threats associated with being connected to the Internet. Prior to establishing a connection between a web application executing in the web browser, verifying that the web application has been authorized to connect to a smart care using the web-browser add-on to provide a web application access to a smart card.