Abstract: A webshell detection and response system is provided. The webshell detection and response system may collect information from a detection target server through an information collection script inserted into a webpage home path of the detection target server without installing a separate web shell detection application compiled in the form of binary file in the detection target server, and determine whether the detection target server is infected with a webshell remotely using the collected information.

Abstract: A secure VPN connection is provided based on user identify and a hardware identifier. A client application may initiate the VPN connection. A client device user may provide identification information to the application, which then sends a VPN connection request to a remote VPN gateway. The VPN gateway may require an equipment identifier to establish the secure VPN gateway. If the hardware ID is registered, the secure VPN connection is established. If the hardware ID is not registered with the VPN gateway, the connection may be denied. In some instances, a connection may be established with an unregistered equipment ID based on settings at the VPN gateway.

Abstract: A data conversion algorithm achieving efficient data diffusion is achieved. For example, in a configuration where a various processes are executed on two data segments which are resultants of dividing a rectangular matrix of data containing arranged one-byte data blocks into two parts to perform data conversion, efficient data scrambling with less operation cost is achieved by executing a linear conversion process on one of the data segments, an exclusive OR operation between the two data segments, a shift process on one of the data segments, and a swap process between the two data segments. Moreover, cryptographic processing with a high security level is achieved by including nonlinear conversion or key application operation on the data segments.

Abstract: A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss.

Abstract: In a method and appliance for authenticating, by an appliance, a client to access a virtual network connection, based on an attribute of a client-side certificate, a client authentication certificate is requested from a client. A value of at least one field in the client authentication certificate received from the client is identified. One of a plurality of types of access is assigned responsive to an application of a policy to the identified value of the at least one field, each of the plurality of access types associated with at least one connection characteristic.

Abstract: In a network connecting device connectable to a network, a connection approval/disapproval determination section determines approval/disapproval of connection to a network in accordance with a connection approval/disapproval determination rule managed by a connection approval/disapproval determination rule management section. When there is a security problem in a content of the connection approval/disapproval determination rule if a connection is to be formed, the security problem is solved by having a user re-input authentication information in the content of the connection approval/disapproval determination rule.

Abstract: An instance of a vulnerability risk management (VRM) module and a vulnerability management expert decision system (VMEDS) module are instantiated in a cloud. The VMEDS module imports scan results from a VRM vulnerability database and saves them as vulnerabilities to be reviewed in a VMEDS database. The VMEDS module converts vulnerabilities into facts. The VMEDS module builds a rule set in the knowledge base to verify whether certain vulnerabilities are false positives. Rules related to a vulnerability are received in plain English from a web-based front-end application. The VMEDS module tests each rule against all of the facts using the Rete algorithm. The VMEDS module executes the action associated with the rule derived from the Rete algorithm. The VMEDS module stores the results associated with the executing of the action in the VMEDS database and forwards the results to the VRM module.

Abstract: In the conventional method of maintaining the confidential a program, wherein a program to be executed in an information processing device is stored in a hard disk, etc., in an encrypted state and the program is decrypted when it is executed, because a decrypted program is written in memory, the program may be illicitly analyzed by a third person. Provided is memory management method wherein code information or data of a program written in a virtual memory is data which is encrypted and inaccessible by a CPU, and when code fetching or data access to the encrypted area occurs, an interruption process is performed wherein with respect to a management unit of the memory management device including the area, an inaccessible state is changed to an accessible state to perform decryption.

Abstract: Threat intelligence is collected from a variety of different sources. The threat intelligence information is aggregated, normalized, filtered and scored to identify threats to an information network. Threats are categorized by type, maliciousness and confidence level. Threats are reported to network administrators in a plurality of threat feeds, including for example malicious domains, malicious IP addresses, malicious e-mail addresses, malicious URLs and malicious software files.

Abstract: Systems and methods for preparing and submitting documents to a regulatory agency in an on-line environment are provided, which are used for the purpose of complying with various securities regulations. The systems generally include a server that hosts a website in which a user may access, prepare, and submit one or more of various standardized reports to the regulatory agency through an on-line portal. The systems further include a database that includes (i) a listing of the standardized reports (and a listing of data fields included within such reports) and (ii) a listing of acceptable data types for each of such data fields. The website is preferably configured to display all of such data fields for a single standardized report within a single graphical user interface of the website.

Abstract: A cloud center infrastructure system may include a service aggregator connected directly to a provider network. The service aggregator may be configured to receive, via the provider network, a data unit from a customer device, associated with a customer; identify a first device, associated with a first traffic processing service, based on a sequence of traffic processing services associated with the customer; and send the data unit to the first device, wherein the first device is located in a cloud services center, and wherein the first device is connected to the service aggregator over a Layer 2 connection.

Abstract: Methods and apparatus for integrating digital rights management (DRM) systems with native HTTP live streaming. Several methods for integrating a DRM system with HTTP live streaming on an operating system (OS) platform are described. In each of these methods, a manifest is delivered to an application on a device; the application then accesses a remote DRM server to obtain a license and one or more keys for the content. The DRM server enforces the rights of the client in regard to the indicated content. The application may modify the manifest to indicate a method for obtaining the key. The application delivers the manifest to the OS, which uses the indicated method (e.g., a URL) to obtain the key. While similar, the methods primarily differ in the manner in which the OS is directed to obtain the key.

Abstract: Automatically classifying security vulnerabilities in computer software applications by identifying candidate security vulnerabilities in a learning set including at least a first computer software application, classifying each of the candidate security vulnerabilities using predefined classifications, determining, for each of the candidate security vulnerabilities, values for predefined properties, creating a set of correlations between the property values and the classifications of the candidate security vulnerabilities, identifying a candidate security vulnerability in a second computer software application, determining, for the candidate security vulnerability in the second computer software application, values for the predefined properties, and using the set of correlations to classify the candidate security vulnerability in the second computer software application with a classification from the predefined classifications that best correlates with the property values of the candidate security vulnerabili

Abstract: An IP multimedia gateway (IMG) may be operable to identify a client device which may not currently possess a security capability that is compatible with a security capability of a service manager for receiving a service from the service manager. A security process between the client device and the service manager may be enabled by the IMG to enable the client device to receive the service from the service manager. The client device may be local to the IMG or remote with respect to the IMG. The IMG may enable an authentication process between the client device and the service manager by performing authentication translation. The IMG may enable a cryptography process between the client device and the service manager by performing cryptography translation. The IMG may enable an authorization process for authorizing the client device to access a particular content by performing access control conversion.

Abstract: Providing secure web application development and operation. In a web development environment, code developed for the web application is analyzed to identify vulnerabilities and remedial actions are identified. The remedial actions may be automatically invoked or a developer can be prompted to take particular actions to remediate the vulnerability.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for accessing services from a virtual machine. One of the methods includes receiving requests for long-term security tokens from a host machine, each request comprising authentication information for a respective service account. The method include providing long-term security tokens to the host machine, wherein the long-term security tokens can be used to generate short-term security tokens for a virtual machine executing on the host machine. The method also includes generating by a process executing in a host operating system of the host machines a short-term security token based on a long-term security token of the long-term security tokens for use by a virtual machine executing on the host machine to access one of the respective service accounts, wherein the short-term security token is useable for a pre-determined amount of time.

Abstract: Disclosed is a data processing apparatus providing a predetermined function by executing a program for the data processing apparatus, including a first storage unit that stores encoded execution starting data for starting execution of the program; a first decode key storage unit that stores a first decode key capable of decoding the encoded execution starting data; a start up unit that obtains the first decode key from the first decode key storage unit when turning on the power is accepted and decodes the encoded execution starting data by the first decode key to start executing the program; and an authentication confirmation unit that sends a request for authentication to an external apparatus after the start up unit starts executing the program and starts providing the predetermined function when obtaining an authentication result indicating the apparatus is authenticated from the external apparatus.

Abstract: According to one embodiment, an electronic apparatus comprises a communication module and a connection control module. The communication module is configured to execute close proximity wireless transfer. The connection control module is configured to start an operation of establishing a connection between the communication module and an external device which is in close proximity to the communication module if an identifier of the external device wirelessly transmitted from the external device is included in a connection permission list. The connection control module is configured to display a password entry screen if the identifier is not included in the connection permission list, and to add, if a password entered on the password entry screen matches with a registered password, the identifier to the connection permission list and start the operation of establishing the connection between the communication module and the external device.

Abstract: A cipher communication method for an encryption apparatus an includes: receiving a second encryption key while performing a cipher communication using a first encryption key; storing encryption key input information on the first and second encryption keys in a static region; copying the stored encryption key input information into a dynamic region; selecting any one of the first and second encryption keys based on the copied encryption key input information and current time information; generating encryption key position information and encryption key selection information on the selected encryption key; and transmitting a cipher text and the encryption key selection information to another encryption apparatus connected to the encryption apparatus through a network such that the another encryption apparatus acquires an encryption key to decrypt the cipher text.

Abstract: The successful authenticating of a Network Access Identifier (NAI) process is enabled by an authenticating method and a mobile terminal for a Code Division Multiple Access (CDMA) EVolution to packet Data Optimized (EVDO) network.