Abstract: A computer-implemented method for user-directed malware remediation may include 1) identifying a window within a graphical user interface of a computing environment, 2) identifying a user-directed interface event directed at the window, 3) determining, based at least in part on the user-directed interface event, that a process represented by the window poses a security risk, and 4) performing a remediation action on the process based on determining that the process poses the security risk. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: This invention provides a novel method, system, and apparatus allowing an authorized user access to controlled assets when a passcode method malfunctions, such as when a user forgets a password, a token malfunction, or a biometric mismatch. The invention allows temporary access to an access control system without knowing the password and without sending the user the password or a new random password. The user is able to set a new password without knowing the previous password. Furthermore, stored encrypted data is preserved and made accessible once again via the new passcode. This invention works for many authentication methods such as restoring access when a password, token, access card, or biometric sample is used.

Abstract: There is provided a communication device in which a network access authenticating unit executes a network access authentication process with an authentication server to establish a connection to a network, the authentication process including generation of information shared with the authentication server, a communication unit receives an authentication result message from the authentication server when succeeding in the network access authentication process, the authentication result message containing an authentication result indicating success in the network access authentication process and an encrypted network key; a key transport key generating unit generates a key transport key by use of the information generated in the network access authentication process; and a network key acquiring unit acquires a network key by decrypting the encrypted network key contained in the authentication result message with the key transport key, the communication unit encrypts data with the network key and transmits encry

Abstract: An approach is provided for selecting a security policy. A security policy manager determines one or more factors for adjusting a safety score associated with a device. The safety score is based, at least in part, on a context associated with the device. The security policy manager then processes and/or facilitates a processing of the one or more factors and the safety score to calculate an adjusted safety score, and determines to select a security policy based, at least in part, on the adjusted safety score.

Abstract: A system is described that can perform a method for receiving a request to modify a universal integrated circuit card, generating a package comprising configuration data for modifying the universal integrated circuit card, instructing an over-the-air system to transmit the package encrypting the package with a transport key to generate an encrypted package, and transmitting the encrypted package to a communication device communicatively coupled to the universal integrated circuit card to provision the universal integrated circuit card. The system can also perform a method of providing a mobile network operator trusted service manager system information relating to the configuration data to enable the mobile network operator trusted service manager system to manage content and memory allocation of the universal integrated circuit card.

Abstract: A method for secure direct link communications between multiple wireless transmit/receive units (WTRUs). The WTRUs exchange nonces that are used for generating a common nonce. A group identification information element (GIIE) is generated from at least the common nonce and is forwarded to an authentication server. The authentication server generates a group direct link master key (GDLMK) from the GIIE to match WTRUs as part of a key agreement group. Group key encryption key (GKEK) and a group key confirmation key (GKCK) are also generated based on the common nonce and are used to encrypt and sign the GDLMK so that base stations do not have access to the GDLMK. Also disclosed is a method for selecting a key management suite (KMS) to generate temporal keys. A KMS index (KMSI) may be set according to a selected KMS, transmitted to another WTRU and used to establish a direct link.

Abstract: Systems and methods are disclosed for embedding information in software and/or other electronic content such that the information is difficult for an unauthorized party to detect, remove, insert, forge, and/or corrupt. The embedded information can be used to protect electronic content by identifying the content's source, thus enabling unauthorized copies or derivatives to be reliably traced, and thus facilitating effective legal recourse by the content owner. Systems and methods are also disclosed for protecting, detecting, removing, and decoding information embedded in electronic content, and for using the embedded information to protect software or other media from unauthorized analysis, attack, and/or modification.

Abstract: A security module on a computing device applies security rules to examine content in a network cache and identify suspicious cache content. Cache content is identified as suspicious according to security rules, such as a rule determining whether the cache content is associated with modified-time set into the future, and a rule determining whether the cache content was created in a low-security environment. The security module may establish an out-of-band connection with the websites from which the cache content originated through a high security access network to receive responses from the websites, and use the responses to determine whether the cache content is suspicious cache content. Suspicious cache content is removed from the network cache to prevent the suspicious cache content from carrying out malicious activities.

Abstract: In a case where another user's communication terminal (nTE113) departs from a group, user's communication terminal (TEb14) updates encryption information, using the terminal individual information of only the communication terminals (nTE213 and nTE313) which remain in the group (PNy). User's communication terminal (TEb14) encrypts the PN-shared key (KPNy), using the updated encryption information. User's communication terminal (TEb14) transmits the encrypted shared key information obtained from this encryption to a management device (PNSP11), and updates the encrypted shared key information stored in the management device (PNSP11).

Abstract: In one embodiment, a processor includes a microcode storage including processor instructions to create and execute a hidden resource manager (HRM) to execute in a hidden environment that is not visible to system software. The processor may further include an extend register to store security information including a measurement of at least one kernel code module of the hidden environment and a status of a verification of the at least one kernel code module. Other embodiments are described and claimed.

Abstract: Systems and methods provide a storage media on a portable physical object associated with a set of credentials that enables access to a set of computing resources associated with a set of Web services. In some embodiments, information including a set of credentials is prepackaged onto the storage media of the portable physical object. A pre-activated subscription to the set of Web services in a distributed system is provisioned. Access to the set of Web services is enabled when the portable physical object is coupled with a computing device and the set of credentials is authenticated. In some embodiments, the portable physical object is purchased by a user on a prepaid basis without requiring the user to register an account with the set of Web services, allowing the user to remain anonymous with respect to interaction with the set of Web services.

Abstract: Information leaked from smart cards and other tamper resistant cryptographic devices can be statistically analyzed to determine keys or other secret data. A data collection and analysis system is configured with an analog-to-digital converter connected to measure the device's consumption of electrical power, or some other property of the target device, that varies during the device's processing. As the target device performs cryptographic operations, data from the A/D converter are recorded for each cryptographic operation. The stored data are then processed using statistical analysis, yielding the entire key, or partial information about the key that can be used to accelerate a brute force search or other attack.

Abstract: A random bit stream generator includes an internal state memory for storing a current internal state of the random bit stream generator and a periodic bit sequence generator configured to provide a periodic bit sequence. An output function receives a bit sequence portion of the periodic bit sequence and a first internal state portion of the current internal state. A new output bit of the random bit stream is determined, by the output function, based on a Boolean combination of the bit sequence portion and the first internal state portion. A feedback arrangement feeds the new output bit back to the internal state memory by performing a Boolean combination involving the new output bit and a second internal state portion of the current internal state to determine a next internal state of the random bit generator.

Abstract: A security tool can utilize a vulnerability in a computing system or credentials for the computing system to gain access to the computing system. Once access is gained, the security tool can deliver an agent to the computing system. The agent can execute, detected or undetected, on the computing system in order to establish a network link between the computing system and the security tool. Once established, the security tool creates a virtual network interface on the computing system on which it is running and instructs the agent to relay network traffic between the virtual network interface of the computing system executing the security tool and the existing network interfaces of computing system executing the agent.

Abstract: According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended with a mechanism for identifying connections with clients that have exhibited attack characteristics (for example, characteristics indicating a DoS attack), and for transitioning internal ownership of those connections such that server resources consumed by the connection are reduced, while keeping the connection open. The connection thus moves from a state of relatively high resource use to a state of relatively low server resource use, and the server is able to free resources such as memory and processing cycles previously allocated to the connection. In some cases, the server maintains the connection for at least some time and uses it to keep the client occupied so that it cannot launch—or has fewer resources to launch—further attacks, and possibly to gather information about the attacking client.

Abstract: To prevent specification and tracking of a terminal across a plurality of service providers when a user uses a plurality of services. An ID authentication system according to the present invention is an ID authentication system including a terminal apparatus, a service providing apparatus, and an authentication server. A terminal apparatus 100 includes a one-time ID automatic generator 120 for generating a one-time ID, a one-time ID transmitter 130 for transmitting the one-time ID to the service providing apparatus, and a user ID transmitter 140 for transmitting to the authentication server the one-time ID and an ID to uniquely identify a user. An authentication server 200 includes an authentication information manager 220 that stores authentication information of the user used by a plurality of service providing apparatuses.

Abstract: A computer-implemented method for managing malware signatures. The method may include maintaining a set of active malware signatures and maintaining a set of dormant malware signatures. The method may also include providing the set of active malware signatures for use in malware detection more frequently than the set of dormant malware signatures and determining that a first malware signature from the set of dormant malware signatures triggers one or more positive malware detection responses. The method may further include, in response to the determination, moving the first malware signature from the set of dormant malware signatures to the set of active malware signatures. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A service provider may provide one or more services to and/or for a client. Providing a service may involve receiving a service request including a security token at the service provider and determining whether the security token is valid. Providing the service may also involve determining a session security token if the security token is valid and generating a service response including the session security token. Providing the service may further involve receiving a service request including the session security token, determining whether the session security token is valid, and, if the session security token is valid, generating a second service response.

Abstract: A secure motherboard for a computer, wherein each user accessible peripheral port is protected by hardware based peripheral protection circuitry soldered to the motherboard. The protection circuitry provides security functions decreasing the vulnerability of the computer to data theft. User input ports such as keyboard and mouse peripheral ports are coupled to the computer through a security function that enforce unidirectional data flow only from the user input devices to the computer. Display port uses a security function which isolates the EDID in the display from the computer. Authentication device such as smart card reader is coupled to the computer via a port having a security function which enumerates the authentication device before coupling it to the computer.

Abstract: A computer-implemented method may include maintaining a set of password-protection policies configured to prevent unauthorized access to a mobile device at different physical locations. The computer-implemented method may also include identifying a current physical location of the mobile device and searching a database that stores the set of password-protection policies for a particular password-protection policy that corresponds to the current physical location of the mobile device. The computer-implemented method may further include identifying, based on the search of the database, the particular password-protection policy that corresponds to the current physical location of the mobile device and then implementing the particular password-protection policy on the mobile device in response to the identification of the particular password-protection policy. Various other methods, systems, and computer-readable media are also disclosed.