Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. Signaling methods are used to notify virtual machine instances of serialization events in order to prevent keying material from being stored persistently.

Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. If the keys used to encrypt the data have not been exposed during serialization operation, they may be deleted or destroyed enabling the destruction of data encrypted with the keys.

Abstract: A computer device displays email messages received in connection with a user account and a user selectable icon to report suspicious email. The computer device receives user selections of the icon and an associated suspicious email message among the received email messages. Responsive to the selection, the computer device automatically collects information from the host, the user account, and the email message, determines an initial threat priority for the email message based on the collected information, generates threat indicators based at least on each file attachment of the email message, if any, determines malware, if any, in the email message based on the threat indicators, and creates an event ticket for the suspicious email message having fields populated based on the collected information, the initial threat priority, the threat indicators, and the determined malware.

Abstract: The present invention relates to a method, an apparatus, and a system for protecting cloud data security. A key management center encrypts original data M sent by a first terminal using a key K, and uploads encrypted data C1 to a cloud server. When the key management center receives a request from a second terminal for the data M, it generates encrypted data C2, which is generated by first encrypting C1 with a key Kb of the second terminal and then decrypted by the key K that was used to encrypt the original data M to generate C1. The key management center then sends the encrypted data C2 to the second terminal. The second terminal decrypts the encrypted data C2 using its own key Kb to obtain the original data M.

Abstract: A local gateway device receives email across the internet from a sender of the email and forwards it across the internet to an email filtering system. The email filtering system analyzes the email to determine whether it is spam, phishing or contains a virus and sends it back to the local gateway device along with the filtered determination. The local gateway device forwards the received email and the filtered determination to a local junk store which handles the email appropriately. For example, if the email has been determined to be spam, phishing or containing a virus, the junk store can quarantine the email and if the email has been determined to be non-spun and/or not phishing and/or not containing a virus, the junk store can forward the email to a local mail server for delivery.

Abstract: Systems and methods for system login and single sign-on are described. A first application of a first system receives a request to access a protected application of a second system. An assertion is generated in response to the request. The assertion asserts an identity in the first system of a user generating the request. The assertion is validated and first account information corresponding to the assertion is extracted. The first account information is information of a first account of the user in the first system. Second account information is determined that is information of a second account of the user in the second system. A mapping is generated between the first account and the second account using the first account information and the second account information. The mapping is used to provide access to the protected application by the requestor.

Abstract: A method for safely downloading an application, including: after a successful mutual authentication of a card and a card connector, adopting an all-cipher text communication means, and controlling the number of installations of an application by a card activation operation, so as to realize secure downloading of the application. The present invention realizes all-cipher text communication of a card and a card connector, and the issuing frequency of the card is controllable; by means of such a method, the independence and security of the application can be ensured when issuing a card, while the issuing frequency of the card is limited, intermediaries and clients are prevented from arbitrarily downloading an application, and the security is relatively high.

Abstract: Provided is a distributed control method of data by a client connected to a first server and a network and a distributed control apparatus. The distributed control method includes: registering at least one piece of characteristic information of the client in the first server; generating a uniform resource locator (URL) address in a URL format based on the registered at least one piece of characteristic information; and acquiring data stored on the second server, wherein the acquired data is mirrored from data stored on the first server by using the generated URL address.

Abstract: A data communication authentication system (10) and method are described. One or more locator nodes (20) are installable at a location (30), the or each locator node (20) including an identifier (21) and a communication system (22) and being arranged to provide said identifier via said communication system (22). The communication authentication system (10) is arranged to generate an authentication code for the location (30) in dependence on identifiers (21) from the one or more locator nodes at the location and is arranged to provide said authentication code on demand for inclusion in a data communication originating locally to said location (30).

Abstract: A method, apparatus and computer program product for performing authorization control in a cloud storage system. The method comprises: receiving an access request to a file block, wherein the file block is embedded with tag data comprising at least file block authorization information; retrieving the file block; extracting the file block authorization information from the tag data; determining whether the access request matches the file block authorization information; and performing the access request if the access request matches the file block authorization information. Effective authorization control may be performed in a cloud storage system.

Abstract: A method includes performing on a computing system a source-to-sink reachability analysis of code of an application. The reachability analysis is performed using a static analysis of the code and determines flows from sources of information to sinks that use the information. The method includes determining scopes for corresponding security sensitive operations using the determined flows, each of the security sensitive operations corresponding to statements in the code and one or more flows. A scope for a security sensitive operation includes a block of statements in the code that correspond to a set of one or more flows ending at a sink. The method includes, for each of one or more selected scopes, moving statements in a corresponding block of statements that are independent of a security sensitive operation in the block to code before or after the block. Apparatus and program products are also disclosed.

Abstract: A method, apparatus and computer program product for performing authorization control in a cloud storage system. The method comprises: receiving an access request to a file block, wherein the file block is embedded with tag data comprising at least file block authorization information; retrieving the file block; extracting the file block authorization information from the tag data; determining whether the access request matches the file block authorization information; and performing the access request if the access request matches the file block authorization information. ,Effective authorization control may be performed in a cloud storage system.

Abstract: The embodiments provide for binding files to an external drive, a secured external drive, or portable data locker. The files are bound in order to help restrict or to prevent access and modification by certain computers or users. Computers or users that are authorized or within the authorized domain are permitted full access. The files stored on the external drive may be bound in various ways. The files may be encapsulated in a wrapper that restricts the use and access to these files. The bound files may require execution of a specific application, plug-in, or extension. A computer may thus be required to execute program code that limits the use of the secured files. In one embodiment, the external drive provides the required program code to the computer. In other embodiments, the required program code may be downloaded from a network or provided by an external authority.

Abstract: This disclosure describes a global attacker database that utilizes device fingerprinting to uniquely identify devices. For example, a device includes one or more processors and network interface cards to receive network traffic directed to one or more computing devices protected by the device, send, to the remote device, a request for data points of the remote device, wherein the data points include characteristics associated with the remote device, and receive at least a portion of the requested data points. The device also includes a fingerprint module to compare the received portion of the data points to sets of data points associated with known attacker devices, and determine, based on the comparison, whether a first set of data points of a first known attacker device satisfies a similarity threshold. The device also includes an security module to selectively manage, based on the determination, additional network traffic directed to the computing devices.

Abstract: Systems and methods for defeating malware with polymorphic software are described. The system generates randomized relocatable image information by randomizing a plurality of function information that is included in relocatable image information. The plurality of function information includes a first function information. The first function information includes a first location that is used to enter the first function information. The randomizing further includes updating instruction information in the randomized relocatable image information. Updating the instruction information further includes updating relative address information utilized to enter the first function via the first location based on a new location of the first function in the randomized relocatable image information.

Abstract: Methods and systems for obscuring the location of critical system files are provided. In particular, the locations of files stored within a file system are selected by applying various inputs to a hash algorithm. For system files, the inputs applied to the hash algorithm can include a user name and password. For data files, the information provided to the hash algorithm can include the file name. In addition to providing random file locations, a file system in accordance with embodiments of the present invention can homogenize other information, including file names, sizes and creation dates.

Abstract: A method and structure for a secure object, as tangibly embodied in a computer-readable storage medium. The secure object includes a cryptographically protected region containing at least one of code and data, an initial integrity tree that protects an integrity of contents of the cryptographically protected region; and an unprotected region that includes a loader, an esm (enter secure mode) instruction, and one or more communication buffers.

Abstract: A method and apparatus for managing a key for secure storage of data. The apparatus includes a main controller configured to process a command, a cipher unit configured to encrypt a first key to form an encrypted key or encrypt data to form encrypted data based on a result of the main controller processing the command, and decrypt the encrypted key or the encrypted data based on the result of the main controller processing the command, a hash unit configured to hash the first key according to control of the main controller, a decrypted key memory configured to store the first key, and an encrypted key memory configured to store the encrypted key.

Abstract: Method and arrangement in a mediating function (204) for supporting detection of fraud in a network, when a network security function (200) is employed for analyzing activities in the network in view of predefined alert criteria, and a fraud detection function (202) is employed for analyzing e.g. charging information of users. When a first alert is received from a first one of the network security function and the fraud detection function, indicating that the predefined alert criteria of said first function have been satisfied, the alert criteria of the second one of said network security function and fraud detection function are modified based on the received first alert. Thereby, the network security and fraud detection functions can be correlated and made more efficient regarding accuracy and/or speed in detecting fraud.

Abstract: A message screening system includes routing to a supervisory recipient an electronic message directed to an intended recipient. The supervisory recipient then is allowed to screen the electronic message by approving or rejecting the electronic message. The electronic message then is forwarded to the intended recipient if the electronic message is approved by the supervisory recipient.