Abstract: Methods and systems for authenticating and confidence marking e-mail messages are described. One embodiment describes a method of authenticating an e-mail message. This method involves extracting a plurality of e-mail headers associated with the e-mail message, and identifying a sending edge mail transfer agent (MTA). The method then calls for determining if the sending edge MTA is authorized to send the e-mail message.

Abstract: Embodiments are described for generating, by a processor, a first event record in response to an event being performed by a computer; and generating, by the processor, a second event record in response to the first event record being generated, wherein the second event record comprises a signature corresponding to the first event record.

Abstract: A computer-implemented method of obfuscating communication traffic patterns may include detecting, at a first communications device, data communication sessions with a second communications device via the computer server using a network protocol. At the first device, a first traffic pattern is accessed based on the data communication sessions over a first predefined time period. At the first communications device, a second traffic pattern is accessed based on the data communication sessions over a second predefined time period that occurs after the first predefined time period. At the first communications device, based on a randomization process, a dummy data communication pattern is generated for transmission to the second communication devices, whereby the dummy data communication pattern is appended to the second traffic pattern for obfuscating a traffic pattern change between the first and the second traffic pattern at the computer server used to establish the communication sessions.

Abstract: Providing rich contextual information to a user in an authentication agnostic way with respect to the user. A method includes, at an application, receiving a request from a first user to access functionality of the application. The request from the first user comprises information identifying a second user who has consented to their social media information being used by the application. The method further includes sending information to the identity provider which includes information identifying the second user. The identity provider is managed by an entity separate from the application. The method further includes receiving, at the application, social media information common between the first user and the second user. The method further includes providing at least a portion of the common social media information, to the first user, in an authentication agnostic way with respect to the first user's authentication to the application.

Abstract: Disclosed herein are systems and methods that allow for secure access to websites and web-based applications and other resources available through the browser. Also described are systems and methods for invocation of a secure web container which may display data representative of a requesting party's application at a user's machine. The secure web container is invoked upon receipt of an API call from the requesting party. Thus, described in the present specification are systems and methods for constructing and destroying private, secure, browsing environments (a secure disposable web container), insulating the user and requesting parties from the threats associated with being online for the purposes of providing secure, policy-based interaction with a requesting party's online services.

Abstract: Methods for managing access to protected resources within a computing environment and detecting anomalies related to access control events are described. An access control system may acquire a request for access to a protected resource, identify a username associated with the request, acquire contextual information associated with the request for access (e.g., a time of day associated with a location of a device making the request), acquire a baseline set of rules for the username, detect a deviation from the baseline set of rules based on the contextual information, acquire additional authentication information in response to detecting the deviation, authorize access to the protected resource based on the additional authentication information, generate a record of the request for access including the contextual information, and update the baseline set of rules if an intrusion to the access control system has not been detected within a threshold period of time.

Abstract: Various configurations and methods for securing and validating trusted input output (IO) data communications within fabric interconnects of processing circuitry are disclosed herein. As an example, a technique for secure routing of trusted software transactions includes operations of a crypto engine and an IO hub to validate trusted transactions such as DMA read and write transactions received from a trusted IO controller, and configuring the fabrics of the circuitry to prevent re-routing or tampering of data from the trusted transactions. In an example, hardware-based identification and verification of the trusted transactions may be performed with use of content addressable memory at the crypto engine and the respective unsecure fabrics, to identify and enforce the trusted transactions that cannot be re-routed. As a result, rogue agents or entities connected to the unsecure fabrics cannot interfere with or intercept data for trusted transactions.

Abstract: A protocol for issuing and controlling digital certificates is described in which an identity management system is used to identify a user requesting a digital certificate and is also used to issue the digital certificate itself. Accordingly, an IDM-based PKI system is provided.

Abstract: A message checking apparatus comprising one or more processors, the message checking apparatus includes: a uniform resource locator(URL) extracting unit to check, when a message is received, whether a URL is included in the message and extract the URL from the message; a communication unit to download an application using the URL; and an authorization/application program interface(API) verifying unit to check whether an authorization or API having a security risk is included in the application to be downloaded through the communication unit and then determine whether the URL is malicious based thereon.

Abstract: A hardware cipher module to cipher a packet. The cipher module includes a key scheduling engine and a ciphering engine. The key scheduling engine is configured to receive a compact key and iteratively generate a set of round keys, including a first round key, based on the compact key and determine, based upon a cipher mode indication and a type of ciphering whether to generate a key-scheduling-done indication after the first round key is generated and before all of the set of round keys are generated or to generate the key-scheduling-done indication after all of the set of round keys is generated. The ciphering engine is configured to begin to cipher the packet with one of the set of round keys as a result of receiving the key schedule done indication.