Abstract: Computerized methods and systems receive password-protected data from a network at an entity coupled to the network. The password-protected data is intended for receipt by a user of an endpoint coupled to the network, and a password is assigned to the password-protected data which allows access to the password-protected data. The entity attempts to access the password-protected data by applying a set of rules and policies to the password-protected data. The entity requests the assigned password from a user of the endpoint, based on the outcome of the rules and policies, to determine whether the password-protected data includes potentially malicious components.

Abstract: An authentication system and method is provided. The system: (a) provides a keyboard comprising a letters in a m×n format, ‘m’ represents rows, and n represents columns, each row or column includes a sub-set of the letters, (b) provides input receiving identifiers, each input receiving identifier specific to at least one row or column, (c) processes an input on at least one input receiving identifier from the set of input receiving identifiers, (d) identifies a first intended letter from a first sub-set of letters from a corresponding row or column based on the input, (e) repeats steps (c) and (d) until a last intended letter from a last sub-set of letters is identified to obtain intended identified letters, (f) performs a comparison between the intended identified letters with a pre-registered set of letters stored in a memory, and (g) triggers at least one action based on the comparison.

Abstract: A computer implemented method and apparatus comprises detecting a file content update on a first client computer system, the file to be synchronized on a plurality of different types of client computer systems in a plurality of formats. The method further comprises associating a security policy with the file, wherein the security policy includes restrictions to limit one or more actions that can be performed with the file, and synchronizing the file to a second client computing system while applying the security policy to provide controls for enforcement of the restrictions at the second client computer system.

Abstract: The present invention relates to use an Inertial Measurement Unit (IMU) to record the acceleration trajectory of a person's gait or pen-less handwriting motion or any predesignated gestures, and to convert the data to a unique biometric pattern. The pattern is unique for each case and can be used as biometric security authentication.

Abstract: A method, non-transitory computer readable medium and apparatus for controlling access of a custom browser function are disclosed. For example, the method includes a processor that sends a request to a third party website, receives a hypertext markup language code and a browser script, renders the hypertext markup language code, detects that the browser script is trying to access a custom browser function, compares one or more parameters associated with the custom browser function to an access control list to control an access of the custom browser function, and executes the custom browser function when a match of the one or more parameters is found in the access control list.

Abstract: Digital certificates include pointers to remote certificate information stores that maintain usage information associated with digital certificates. The pointers provide a mechanism for enabling the remote certificate information stores to be queried for usage information associated with a particular digital certificate. The usage information can be used to determine a validity of the digital certificate.

Abstract: Techniques for user authentication are provided. In one aspect, an authentication request form a user device may be received. The authentication request may include a username. A time stamp may be sent to the user device. An encrypted response may be received form the user device. The response may have been encrypted with a user and device specific authentication agent. The encrypted response may be based on the time stamp. The authentication agent may include user and device specific parameters.

Abstract: An electronic system is provided. The electronic system includes a first electronic device and a second electronic device. The first electronic device generates a new key every certain time period. The second electronic device establishes a connection with the first electronic device to receive the new key therefrom to store the new key as a latest received key. When the first electronic device receives an input event under a locked status, the first electronic device requests the second electronic device to transmit the latest received key thereto, determines that whether the latest received key is the same as the new key and switches to a power on and unlocked status automatically when the latest received key is the same s the new key.

Abstract: Providing security for one or more network flows may include a security deployment node decomposing one or more virtual security appliances (265) of a logical security architecture (255) into security modules (310). The security deployment node orders the security modules (310) into a sequence (320) that implements a selected workflow pattern (400). The selected workflow pattern (400) may be selected from a workflow pattern database, and may define the security to be provided for a flow, for example, according to known best practices. The sequence (320) is then divided into segments (330), and the segments (330) are assigned to different groups (220) of network nodes (230) in a network (200). For each segment (330), an assignment of each security module (310) in the segment (330) to a network node (230) within the group (220) to which the segment (330) is assigned is computed. The network (200) is then configured according to the assignments.

Abstract: Systems and methods for backing up data are provided. Data objects or blocks of data can be encrypted with individualized keys. The keys are generated from the unencrypted data objects or blocks. The encrypted data objects or blocks and fingerprints of the encrypted data objects or blocks can be uploaded to a datacenter. Even though the data objects or blocks are encrypted, deduplication can be performed by the datacenter or before the data object is uploaded to the datacenter. In addition, access can be controlled by encrypting the key used to encrypt the data object with access keys to generate one or more access codes. The key to decrypt the encrypted data object is obtained by decrypting the access code.

Abstract: In one embodiment, a data processing system includes a guest account that is configured to assist in the protection and recovery of the data processing system when it is lost or stolen. In one embodiment, the guest account can allow Internet access and can include a web browser to allow the guest, who might be a thief, to use the system to browse the Internet. While such use occurs, the system can perform actions specified by an authorized user of the system, and such actions can include determining a location of the system and transmitting the location to the authorized user, erasing data on the system, displaying a message, capturing an image, etc.

Abstract: The present application discloses a method and an apparatus for file identification. The method for file identification comprises: determining a virus family of each malicious file sample in a plurality of the file samples resulting in a plurality of virus families; dividing the plurality of the virus families into at least one sample group based on a number of the malicious files belonging to each of the plurality of virus families; training the malicious file samples in each of the at least one sample group with a different training rule to obtain at least one file identification model; and determining, using the at least one identification model whether a file is a malicious file. The method for file identification of the present application may provide different identification models for various types of malicious files and thus improves the accuracy of the file identification.

Abstract: Systems and methods for controlling access to an online account are described. An access control message including an action to be performed on an online account can be sent from a mobile device to a server. The server may identify the mobile device based on identifying information in the access control message. Upon identifying the mobile device, the server may determine whether the user has authority to initiate the action to be performed on the online account. Upon determining that a user of the mobile device does have authority to initiate the indicated action, the action indicated in the access control message may be taken with respect to the online account.

Abstract: A method of automatically modifying a computer data query is disclosed herein. The modification of the computer data query can be performed to restrict access to data. The computer data query can be modified by receiving the computer data query, identifying tables in the query and retrieving providers associated with the tables identified in the query. These providers can be linked to one or several predicates. These predicates can be retrieved and used to modify the query. The modified query can then be used to retrieve data from one or several tables identified within the query.

Abstract: Various embodiments are directed to a computer-implemented method for displaying a map of certificate relationships. A method can include retrieving certificate information for two or more servers and storing the retrieved certificate information in a memory. In addition, the method can include receiving a command to generate a map of certificate relationships. The command includes a command scope that identifies at least a first server of the two or more servers. Further, the method can include generating the map from the retrieved certificate information and rendering the map on a display device. The map includes the first server and a device having a certificate relationship with the first server.

Abstract: Various embodiments are directed to a computer-implemented method for displaying a map of certificate relationships. A method can include retrieving certificate information for two or more servers and storing the retrieved certificate information in a memory. In addition, the method can include receiving a command to generate a map of certificate relationships. The command includes a command scope that identifies at least a first server of the two or more servers. Further, the method can include generating the map from the retrieved certificate information and rendering the map on a display device. The map includes the first server and a device having a certificate relationship with the first server.

Abstract: The disclosed embodiments provide a system that authenticates a user. During operation, the system obtains a request to transfer an authentication of the user on a first electronic device to a second electronic device. Next, the system enables, in response to the request, an authentication mechanism for transferring the authentication of the user from the first electronic device to the second electronic device. Upon detecting use of the authentication mechanism on the first electronic device or the second electronic device, the system authenticates the user on the second electronic device without requiring authentication credentials for the user from the second electronic device.

Abstract: Systems and methods to manage a network include a security blade server configured to perform a security operation on network traffic, and a controller configured to virtualize a plurality of network devices. The controller is further configured to program the network traffic to flow through the security blade server to create a secure network channel. A software defined environment may includes an application program interface (API) used to program the flow of the network traffic. The controller may use the API to virtually and selectively position the security blade server as waypoint for the network traffic.

Abstract: Methods and systems are disclosed for providing user authentication based on users' access patterns to a plurality of digital objects. The plurality of digital objects may include software applications installed on user devices or data objects within a specific application (e.g., UI objects or database objects). The access patterns can include an order of access that a user routinely takes to access such objects. Historical user behavioral information can be collected and used to generate such patterns for users. The patterns may be compared with subsequent user behavioral information to determine authenticity of subsequent users associated with the subsequent user behavioral information. For example, a subsequent order of access to digital objects can be compared with historical access patterns to determine whether there is a match. Authentication may or may not be requested based on the result of such a comparison.

Abstract: Techniques are disclosed to increase security of a wireless access point (WAP). In embodiments, a cellular network provider has an arrangement with an owner of a WAP for cellular network customers to connect to the Internet through that WAP. The WAP may broadcast a SSID for cellular network customers only when a virtual private network (VPN) is established between the WAP and a server of the cellular network provider. If the VPN disconnects, then the WAP stops broadcasting this SSID until the VPN is re-established.