Abstract: The present disclosure describes one or more systems, methods, routines and/or techniques for detection of infected network devices via analysis of responseless outgoing network traffic. A computer implemented method may include executing a routine that receives as input first packet information. The method may include executing a routine that analyzes the first packet information to determine whether the first packet information identifies an outgoing network packet that is associated with the initiation of a network communication. The method may include executing a routine that causes storage and/or tracking, in one or more data stores, of the first packet information if the first packet information is determined to be a potential responseless packet. The method may include executing a routine that causes removal and/or ends tracking of the first packet information if the first packet information is determined to not be a responseless packet based on analysis of second packet information.

Abstract: An information device performs data processing by executing program codes loaded in a memory with a central control unit. The information device includes a detection unit which detects a timing when any one of the program codes is called, a return address acquisition unit which sequentially acquires return addresses of the program codes loaded in the memory at the timing detected by the detection unit, and a termination unit which searches for an illegal access based on destination addresses that are respectively pointed by the return addresses sequentially acquired by the return address acquisition unit at the timing detected by the detection unit and which terminates the data processing when the illegal access is detected.

Abstract: Disclosed are various embodiments for a social networking behavior-based identity system that employs social networking data that a user has elected to share through an opt-in procedure. First social networking data is stored in association with a user identity. An assertion of the user identity is received from a client after the first social networking data is stored. Second social networking data is received in response to receiving the assertion of the user identity. An identity confidence level as to whether the user identity belongs to a user at the client is generated based at least in part on a comparison of the second social networking data with the first social networking data.

Abstract: An indication of a configuration request for an electronic device is received. An indication of an access request for the electronic device is received after receiving the indication of the configuration request. The indication of the access request comprises biometric data. The biometric data is validated against previously captured biometric data. If the biometric data is valid based, at least in part, on said validation of the biometric data, a user profile associated with the biometric data is accessed and access to the electronic device is authorized in accordance with the user profile. If the biometric data is not valid based, at least in part, on said validation of the biometric data, a notification that an unauthorized access has been attempted is generated and transmitted.

Abstract: Detecting a suspicious element in a web page is disclosed. The page is analyzed, such as through static analysis and/or dynamic analysis techniques. A suspicious element in the page is detected. A report that includes a copy of at least a portion of the suspicious element is provided as output.

Abstract: A method is provided of protecting a computer against malware affection. The computer has a data storage and an operating system for managing the data storage. The method comprises providing a filter module in the operating system which operates to detect an attempt to store data in the data storage, to determine a data format of the data to be stored in the data storage, and to prevent storage of the data if the data format is determined to relate to a predefined type. The filter module may be provided as a file system filter driver in a kernel of the operating system. The filter module may be arranged to operate between an input/output manager of the operating system and a driver associated with the data storage. The input/output manager and driver associated with the data storage may form part of the kernel of the operating system.

Abstract: The invention relates to a method for distribution of a set of credentials from a credential issuer to a credential user. The credential user is provided with a user device. A first channel and a second channel are provided for communication between the user device and the credential issuer. A shared key is distributed between the user device and the credential issuer by means of the second channel. A binary representation of the set of credentials with a predefined maximum level of deviation from a uniform distribution is generated. The binary representation of the set of credentials is encrypted by means of the shared key. The encrypted set of credentials is distributed via the first channel from the credential issuer to the user device. The encrypted set of credentials is decrypted by the user device by means of the shared key.

Abstract: Systems and methods for providing secured network access are provided. A user device located within range of a branded hotspot initiates a request for the secured network access. The request concerns secured network access at the hotspot by the user device and includes a unique pre-shared key. A query regarding the unique pre-shared key is sent to a database, which retrieves information regarding a corresponding pre-shared key. That information is sent to the hotspot controller, which allows the user device secured network access as governed by one or more parameters associated with the pre-shared key.

Abstract: Secure configuration of a mobile application (“app”) includes sending the required configuration data for the app to the user's mobile computing device in a communication, for example an email with an attachment. A verification value is included in the attachment to protect the authenticity and integrity of the configuration data. A challenge code is issued to the user (or group of users). The challenge code is used to verify the configuration data.

Abstract: In one embodiment, an authenticator in a communication network maintains a persistent authenticator epoch value that increments each time the authenticator restarts. The authenticator also maintains a persistent per-supplicant value for each supplicant of the authenticator, each per-supplicant value set to a current value of the authenticator epoch value each time the corresponding supplicant establishes a new security association with the authenticator. To communicate messages from the authenticator to a particular supplicant, each message uses a per-supplicant replay counter having a security association epoch counter and a message counter specific to the particular supplicant. In particular, the security association epoch counter for each message is set as a difference between the authenticator epoch value and the per-supplicant value for the particular supplicant when the message is communicated, while the message counter is incremented for each message communicated.

Abstract: A system and method for detecting a security breach of an electronic device are provided. The system includes a sensor assembly having at least one IR LED which outputs IR light, and an IR sensor which detects the IR light output by the IR LED and outputs corresponding IR detection signals. The system further includes a processor which generates an IR profile of an interior of the enclosure with reference to the IR detection signals output by the IR sensor. The processor determines that there has been a security breach of the enclosure at least in response to detecting IR activity in the enclosure from the IR detection signals that does not correspond to the IR profile. Output signals from a various other sensors may be used to confirm whether the security breach has occurred.

Abstract: A method for protecting digital media content from unauthorized use on a client, is described. The method comprising the steps of receiving from a server on the client a list of processes, instructions, activity descriptions or data types that must not be active simultaneously with playback of the digital media content (“the blacklist”). The method further comprising checking, on the client, for the presence of any items on the list; and continuing interaction with the server, key management and playback of protected content only if no items on the list are detected on the client. A system is also described.

Abstract: Provided are an apparatus and method for blocking a zombie behavior process. The apparatus includes a security policy storage configured to store zombie-behavior-type-specific traffic characteristics and security policies, a traffic monitor configured to monitor traffic generated on the computer and detect abnormal traffic exceeding a predetermined reference value, a process and traffic analyzer configured to find an abnormal process causing the abnormal traffic and detect a zombie behavior type associated with the abnormal process by analyzing the abnormal traffic on the basis of the zombie-behavior-type-specific traffic characteristics stored in the security policy storage, and a process handler configured to handle the process whose zombie behavior type has been detected according to a security policy defined for the detected zombie behavior type.

Abstract: In some embodiments, a malware analysis system includes receiving a potential malware sample from a firewall; analyzing the potential malware sample using a virtual machine to determine if the potential malware sample is malware; and automatically generating a signature if the potential malware sample is determined to be malware. In some embodiments, the potential malware sample does not match a preexisting signature, and the malware is a zero-day attack.

Abstract: Systems and methods for calculating threat scores for individuals within an organization or domain are provided. Aspects of the invention relate to computer-implemented methods that form a predictive threat rating for user accounts. In one implementation, a first threat score representing a first time period may be calculated. The first threat score may be compared with aspects of the same user accounts for a second time period. Weighting schemes may be applied to certain activities, controls, and/or user accounts. Further aspects relate to apparatuses configured to execute methods for ranking individual user accounts. Certain embodiments may not block transmissions that violate predefine rules, however, indications of such improper transmission may be considered when constructing a threat rating. Blocked transmissions enforced upon a user account may also be received. Certain activity, such as accessing the internet, may be monitored for the presence of a security threat and/or an ethics threat.

Abstract: A pre-registration procedure is utilized to create a user profile for a user of a multi-factor authentication (“MFA”) service. A client application installation procedure is utilized to install a client application on a computing device that is to be utilized as an authentication factor for the MFA service. A computing device enrollment procedure is utilized to enroll the computing device on which the client application was installed for the MFA service. A voice enrollment procedure is utilized to create a voice print for the user of the computing device that is to be utilized as an authentication factor for the MFA service. An authentication procedure is utilized to provide multi-factor authenticated access to a service, such as an online service that provides access to sensitive account information.

Abstract: Systems and methods for providing secured network access are provided. A user device located within range of a branded hotspot initiates a request for the secured network access. The request concerns secured network access at the hotspot by the user device and includes a unique pre-shared key. A query regarding the unique pre-shared key is sent to a database, which retrieves information regarding a corresponding pre-shared key. That information is sent to the hotspot controller, which allows the user device secured network access as governed by one or more parameters associated with the pre-shared key.

Abstract: A method and apparatus for integrating Sudo rules into a Lightweight Directory Access Protocol (LDAP) repository. An LDAP directory server receives a request to add a sudo rule to the LDAP repository. The sudo rule defines at least one sudo command and one or more entities associated with the execution of the sudo command. The LDAP directory server creates an LDAP entry for the sudo rule, and links in the LDAP entry of the sudo rule an LDAP entry of the sudo command and LDAP entries of the entities associated with the execution of the sudo command.

Abstract: An apparatus and method for implementing a secure quantum cryptography system using two non-orthogonal states. For each qubit, the emitter station prepares a quantum system in one of two non-orthogonal quantum states in the time-basis to code bit values. Intra- and inter-qubit interference is then used to reveal eavesdropping attempts. Witness states are used to help reveal attacks performed across the quantum system separation.

Abstract: A system and method in one embodiment includes modules for identifying an asset with a vulnerability risk, identifying a service running on a port on the asset, identifying a connection to the port, calculating an operational dependence role of the asset as a function of the service and the connection, and modifying the vulnerability risk based on the operational dependence role. Other embodiments include identifying a protocol of a data packet at the port, classifying the protocol into a protocol category with a protocol importance score, calculating a connection average for the asset, classifying the connection average into a connection category with a connection score, and calculating a service dependence score. Other embodiments include calculating a host dependence score, assigning a data importance score to data communicated by the asset, and calculating the operational dependence role as a function of the host dependence score and data importance score.