Abstract: A system and method for mitigating the effects of malicious internet traffic, including DDOS attacks, by utilizing a DNS Traffic Analyzer and Firewall to analyze network traffic intended for a DNS server and preventing some network traffic from accessing the DNS server.

Abstract: Systems and methods for providing a multiple operating system rotation environment (“MORE”) moving target defense (“MTD”) computing system are described. The MORE-MTD system provides enhanced computer system security through a rotation of multiple operating systems. The MORE-MTD system increases attacker uncertainty, increases the cost of attacking the system, reduces the likelihood of an attacker locating a vulnerability, and reduces the exposure time of any located vulnerability. The MORE-MTD environment is effectuated by rotation of the operating systems at a given interval. The rotating operating systems create a consistently changing attack surface for remote attackers.

Abstract: In a method for unlocking an electronic device, a plurality of icons are preset and an icon is designated to be an unlocking icon for unlocking the electronic device. When the electronic device is locked, the icons are moving on the display device, and the moving icons is highlighted one by one according to a moving direction and a time interval. When a highlighted icon is touched and the highlighted icon is the unlocking icon, the electronic device is unlocked.

Abstract: The present invention provides a method and system for providing a view of sensitive information across an enterprise. The method includes finding locations of data stores across the enterprise and thereafter searching for sensitive information within the data stores, based on policies. Upon identifying the sensitive information, the sensitive information is optionally quarantined, masked, or encrypted, again based on policies. Information about the locations of the data stores, the sensitive information associated with the data stores, and the masking steps taken, is saved in a repository, and can be tagged. A user may then query the repository to retrieve one or more views of the sensitive information, gaining an overview of the compliance posture of the enterprise relative to one or more data compliance regulations, and for potential data exposure risk areas be able to drill down for actionable level of details.

Abstract: A memory controller encrypts contents of a page frame based at least in part on a frame key associated with the page frame. The memory controller generates a first encrypted version of the frame key based at least in part on a first process key associated with a first process, wherein the first encrypted version of the frame key is stored in a first memory table associated with the first process. The memory controller generates a second encrypted version of the frame key based at least in part on a second process key associated with a second process, wherein the second encrypted version of the frame key is stored in a second memory table associated with the second process, the first process and the second process sharing access to the page frame using the first encrypted version of the frame key and the second encrypted version of the frame key, respectively.

Abstract: An apparatus, device, methods, computer program product, and system are described that determine a virus associated with a communications network, and distribute an anti-viral agent onto the communications network using a bypass network, the bypass network configured to provide transmission of the anti-viral agent with at least one of a higher transmission speed, a higher transmission reliability, a higher transmission security, and/or a physically-separate transmission path, relative to transmission of the virus on the communications network.

Abstract: From a remote control device, a pairing command including an authentication key is transmitted to a slave device by an infrared ray remote control signal by first depression of a push button. The slave device transmits an authentication key, which is generated based on the received authentication key, through a wireless LAN. By second depression of the push button, the remote control device transmits a pairing command, which includes an authentication key, to a master device by an infrared ray remote control signal. The master device compares the authentication key, which is received through the wireless LAN, and the authentication key, which is received by the infrared ray remote control signal, with each other, and transmits a pairing authorization to the slave device through the wireless LAN if both of the authentication keys coincide with each other. The slave device receives the pairing authorization, and establishes pairing.

Abstract: A system that can control whether a recipient of an electronic message (e.g., a text message, a multimedia message, an e-mail message, etc.) with a forwarding-restricted attachment is permitted to forward the attachment to third parties can be implemented on the network without specialized hardware or software for the client devices. The sender of a text message may limit the downstream distribution of that text message through text message forwarding by associating a forwarding restriction flag with the message.

Abstract: An apparatus, method, system, and computer accessible medium are disclosed. In one embodiment the apparatus includes a first computing device having a processor coupled to memory. The apparatus also includes a first biometric reader unit to determine biometric signatures, the biometric reader unit communicatively coupled to the computing device. The memory stores a plurality of data files. The apparatus also includes a bio-packet generation unit to generate a packet comprising a first bio-identifier, the first bio-identifier comprising at least one biometric signature of a user. Finally, the apparatus includes a bio-packet transmission unit to send the generated packet to a remote server.

Abstract: Techniques for improving the security and availability of cryptographic key systems are described herein. A graph representation of a network of cryptographic key servers is created with vertices representing the servers and edges representing connections between pairs of servers. As cryptographic key events are received, the graph is used to locate the appropriate servers upon which to perform the operations associated with the events. In the event that the network requires repairing, the graph is first repaired obeying any constraints on the graph and then the network is updated to reflect alterations to the graph.

Abstract: Methods and systems for transmitting and receiving are disclosed. For example, a method for establishing secure communications can include measuring one or more human gestures using a sensor on a first device so as to create a first metric of the one or more human gestures, creating a strong encryption key based on the first metric, including time-based information incorporated into the first metric, and communicating to a second device using the strong encryption key to encrypt data sent to the second device.

Abstract: A user of a system defines a limited use access token for an external user for that external user to access defined resources of the system based on the user's account with the system. An access control system validates the access token when the external user attempts to access the defined resources and grants the external principal access to the defined resources.

Abstract: An application is implemented in the production environment in which the application will be used. Two or more backend systems are used to implement different versions of the application using the production environment in which the application will actually be used and accessed. Actual user data is received. A first portion of the actual user data is routed and processed in the production environment using a first version of the application and a first backend system of the two or more backend systems. A second portion of the actual user data is also routed and processed in the production environment but using a second version of the application and a second backend system of the two or more backend systems. The results data is then analyzed to evaluate the various versions of the application in the production environment.

Abstract: A method, non-transitory computer readable medium, and network traffic management apparatus that receives an authentication request from a user of a client computing device, the request comprising credentials for the user. A connection is established with a selected one of a plurality of active directory servers using a stored Internet Protocol (IP) address for the selected active directory server. At least a portion of a fully qualified domain name of the selected active directory server is received in response to an anonymous lightweight directory access protocol (LDAP) query sent to the selected active directory server using the established connection. The user of the client computing device is authenticated using the at least a portion of the fully qualified domain name and the credentials.

Abstract: The subject matter of this specification can be embodied in, among other things, a method that includes receiving at a computing device that is in a locked state, one or more user inputs to unlock the device and to execute at least one command that is different from a command for unlocking the device. The method further includes executing in response to the user inputs to unlock the device an unlocking operation by the device to convert the device from a locked state to an unlocked state. The method further includes executing the at least one command in response to receiving the user inputs to execute the at least one command. The at least one command executes so that results of executing the at least one command are first displayed on the device to a user automatically after the device changes from the locked state to the unlocked state.

Abstract: Described herein are apparatus, system, and method for providing memory access control to protect software (e.g., firmware backup) and other data. The method comprises providing, by a processor, a protected storage area in a memory for storing backup image of software; detecting corruption in the software; accessing the backup image of the software from the protected storage area; and updating the corrupted software using the backup image, wherein the protected storage area is a reserved storage area of the memory.

Abstract: A network security device and associated methods which protects a user's computer from the direct effects of software sent from a server by converting the data to a non-volatile information stream using two or more firewall isolation stages. The multistage functionality completely decouples the information communicated from the bulk of data sent from the server by converting the data into non-volatile information and eliminates risk from the even most aggressive adaptive malware by using an intermediate protocol translation between two of the stages contained in the decoupling firewall.

Abstract: A system, method and computer program product for anonymizing data. Datasets anonymized according to the method have a relational part having multiple tables of relational data, and a sequential part having tables of time-ordered data. The sequential part may include data representing a “sequences-of-sequences”. A “sequence-of-sequences” is a sequence which, itself, consists of a number of sequences. Each of these kinds of data may be anonymized using k-anonymization techniques and offers privacy protection to individuals or entities from attackers whose knowledge spans the two (or more) kinds of attribute data.

Abstract: Embodiments assess risk posed by changing a computer system present within a landscape of other computer systems. Agents provide a central assessment engine with data relevant to considerations such as system criticality, correlation between related systems, and dependence between different systems. The criticality parameter reflects an importance of a system and a corresponding change risk impact. System correlation is measured to allow comparison between systems, and a risk of failure of a change to the systems. Dependencies between systems are measured to define a set of systems to be changed in a coordinated manner. Change statistics collected in a database, may allow correlating systems across various customers, improving accuracy of risk prediction. Embodiments may facilitate iterative planning, where a different dependency permits the definition of smaller sets of systems offering lower risk of failure upon change implementation.

Abstract: Some embodiments include a method for processing a scan chain in an integrated circuit. The method can include: receiving, in the integrated circuit, the scan chain, wherein the scan chain includes a secret key pattern; separating the secret key pattern from the scan chain; comparing the secret key pattern to a reference key pattern; determining, based on the comparing the secret key pattern to the reference key pattern, that the secret key pattern does not match the reference key pattern; and generating a signal indicating that the secret key pattern does not match the reference key pattern.