Abstract: An electronic device connects to a network associated with a service provider via a router at a home location. During a time interval, the electronic device provides information specifying a network address of the router to an authentication computer when the electronic device is connected to a network. The authentication computer uses the received information to determine a connection pattern of the electronic device. Moreover, the authentication computer identifies that the electronic device is at the home location based on the connection pattern. Then, the authentication computer provides, to an accounting computer associated with the service provider, a request to allow the electronic device to access a wireless network associated with the service provider at a remote location (which is other than the home location).

Abstract: Described are architectures, systems, processes and methods for security that, at their core, are adaptive and changing at determined intervals so as to present a different environment, a portion of which is a varied attack surface, to the communications world exterior to the system. In one aspect is described improved security architecture, system and methods based upon multiple processors, operating systems and communication channels, in which at least some processors each perform as an input system connectable to a network, and are dissimilar in some manner, the manner of dissimilarity being controlled by a control system that is not connected to the network. Additionally in this aspect, an execution system is included which performs execution based upon received inputs to the input system, which are passed to the execution system once validated as being safe and not compromised.

Abstract: A storage device of a data center may protect data stored on a storage medium of the storage device using a data security mechanism. The data security mechanism may include a signal generator configured to generate a proximity signal and one or more storage devices including a storage medium, a proximity detection component and a destruction device. The proximity detection component may be configured to detect the proximity signal and to determine whether the storage device has been removed from an assigned location. The storage destruction mechanism may be configured to destroy at least a portion of the data stored on the storage device in response to the proximity detection component detecting that the storage device has been removed from the assigned location.

Abstract: Policy-based client-server systems and methods for attestation in managing and securing mobile computing devices. Attestation provides the means to make efficient, secure, and reproducible use of knowledge possessed by trusted expert parties and authorities within the expression and enforcement of policies for controlling use of, and access to, onboard software and hardware, network capabilities, and remote assets and services. Aspects of secure attestation of applications that use shared and dynamically loaded libraries are presented, as well as potential business models for attestation used in such a policy-based system. The system of the present invention resolves attestation record conflicts using digital certificates and digital signatures.

Abstract: A computer-implemented system and method for secure electronic message exchange including coupling a control platform to a workstation of a plurality of workstations via a communications medium, where the control platform includes one or more apparatuses for monitoring, controlling, conversion, and billing, related to messages exchanged between a plurality of local users and a plurality of remote users. The system prevents forwarding or copying of a message sent by a local user of the plurality of local users and received by a remote user of the plurality of remote users, to another party by the control platform. The system and method also provides for authenticating the remote user with the control platform.

Abstract: Network security management technology as disclosed herein generates and dynamically updates an intuitive, interactive visualization of a computer network in live operation. The network security management technology interprets human user interactions, such as gestures, as network directives. The network directives may be implemented by the network in response to security events.

Abstract: A system and method are provided for detecting fraud and/or misuse of data in a computer environment through generating a rule for monitoring at least one of transactions and activities that are associated with the data. The rule can be generated based on one or more criteria related to the at least one of the transactions and the activities that is indicative of fraud or misuse of the data. The rule can be applied to the at least one of the transactions and the activities to determine if an event has occurred, where the event occurs if the at least one criteria has been met. A hit is stored if the event has occurred and a notification can be provided if the event has occurred. A compilation of hits related to the rule can be provided.

Abstract: A method, system and computer program product for session completion through co-browsing is claimed. The method can include establishing a content browsing session between a first computing device and a content server serving access to content to the first computing device and maintaining state data for the content browsing session. A co-browsing arrangement of the content can be created as between the first computing device and a second computing device and at least a subset of the state data can be cloned for use by the second computing device during co-browsing of the content. Thereafter, a modified form of the subset of the state data can be received from the second computing device resulting from the co-browsing of the content by the second computing device and the modified form of the subset of the state data can be provided to the first computing device for use during the content browsing session.

Abstract: Techniques for recovering from unexpected removal of (or other unexpected power loss) a flash memory device from a computer system. An interpolated device driver notes whenever the flash memory device is unexpectedly removed, or otherwise unexpectedly powers off or enters a locked state. If the flash memory device is reinserted, the interpolated device driver reinitializes the flash memory device, and satisfies any flash memory device security protocol, so the flash memory device and the computer system can be restored to their status just before unexpected removal. The interpolated device driver caches requests to the flash memory device, and when status is restored to just before removal, replays those requests to the flash memory device, so the flash memory device responds to those requests as if it had ever been removed. The computer system does not notice any break in service by the flash memory device due to removal and reinsertion.

Abstract: Consolidating encrypted image backups without decryption. In one example embodiment, a method for consolidating encrypted image backups without decryption may include individually encrypting, using a single encryption key, each block in a first set of blocks in a source storage, storing the first set of encrypted blocks in a first encrypted image backup, individually encrypting, using the single encryption key, each block in a second set of blocks in the source storage, storing the second set of encrypted blocks in a second encrypted image backup, and creating a consolidated encrypted image backup that includes a single encrypted block for each of multiple unique block positions represented by the first and second sets of encrypted blocks without decrypting any of the encrypted blocks.

Abstract: Methods, systems, computer-readable media, and apparatuses for providing anti-rollback protection in a device which has no internal non-volatile memory are presented. One embodiment is a device for providing anti-rollback protection. The device may obtain a firmware version number associated with a first firmware installation for the device, wherein the device is implemented on a substrate that includes no non-volatile memory. The device may obtain a lowest acceptable firmware version number, wherein the lowest acceptable firmware version number is stored in a secure element environment, wherein the secure element environment utilizes memory separated from the substrate. The device may compare the firmware version number and the lowest acceptable firmware version number, wherein if the firmware version number is less than the lowest acceptable firmware version number, then disallow the first firmware installation.

Abstract: A system and method to communicate secure information between computing machines using an untrusted intermediate with resilience to disconnected network topology. The system and method utilize agnostic endpoints that are generalized to be interoperable among various systems, with their functionality based on their location in a network. The system and method enable horizontal scaling on the network. One or more clusters may be set up in a location within a network or series of networks in electronic communication, e.g., in a cloud or a sub-network, residing between a secure area of the network(s) and an unsecure area such as of an external network or portion of a network. The horizontal scaling allows the system to take advantage of a capacity of a local network. As long as an agent has connectivity to at least one locale of the network, the agent is advantageously operable to move data across the system.

Abstract: Information source agent systems and methods for distributed content storage and management using content signatures that use file identicality properties are provided. A data management system is provided that includes a content engine for managing the storage of file content, a content signature generator that generates a unique content signature for a file processed by the content engine, a content signature comparator that compares content signatures and a content signature repository that stores content signatures. Information source agents are provided that include content signature generators and content signature comparators. Methods are provided for the efficient management of files using content signatures that take advantage of file identicality properties. Content signature application modules and registries exist within information source clients and centralized servers to support the content signature methods.

Abstract: A method, system, mediation server, client, and computer program for deleting a copied file in which a master file is duplicated while maintaining a certain level of security. A mediation server receives and stores a copied file in which a master file stored in a server is duplicated, generates private-key information and public-key information, and transmits the generated public-key information and the copied file to a client. The client receives and stores the copied file and the public-key information. In a case where the copied file is updated, the client encrypts difference information on the difference arising in the updating using the public-key information and transmits the difference information to the mediation server. The client determines whether the condition for being secure is satisfied when a process for updating the copied file becomes possible. When determining that the condition is not satisfied, the client deletes the copied file.

Abstract: A method to augment a plurality of IPS or SIEM evidence information is provided. The method may include monitoring a plurality of processes associated with a computer system. The method may also include identifying a plurality of processes that have network activity. The method may further include capturing the identified plurality of processes that have network activity. The method may also include storing the identified captured plurality of processes that have network activity. The method may include monitoring a plurality of selected programs associated with an operating system of the computer system. The method may also include identifying a plurality of selected programs that have network activity. The method may further include capturing a plurality of screen capture images associated with the identified plurality of selected programs. The method may include storing, by the second component the captured plurality of system process activity.

Abstract: A network is protected from e-mail viruses through the use of a sacrificial server. Any executable programs or other suspicious parts of incoming e-mail messages are forwarded to a sacrificial server, where they are converted to non-executable format such as Adobe Acrobat PDF and sent to the recipient. The sacrificial server is then checked for virus activity. After the execution is completed, the sacrificial server is rebooted.

Abstract: A method for securing a computer system includes detecting a malware attack on a honeypot node, and, based on the detected malware attack, automatically generating investigation directives for verifying whether an endpoint of the computer system is subject to the malware attack. The investigation directives are distributed to one or more software agents that are each associated with one or more endpoints of the computer system. At least one infected endpoint in the computer system, which is subject to the malware attack, is identified by the software agents using the investigation directives.

Abstract: A method to augment a plurality of IPS or SIEM evidence information is provided. The method may include monitoring a plurality of processes associated with a computer system. The method may also include identifying a plurality of processes that have network activity. The method may further include capturing the identified plurality of processes that have network activity. The method may also include storing the identified captured plurality of processes that have network activity. The method may include monitoring a plurality of selected programs associated with an operating system of the computer system. The method may also include identifying a plurality of selected programs that have network activity. The method may further include capturing a plurality of screen capture images associated with the identified plurality of selected programs. The method may include storing, by the second component the captured plurality of system process activity.

Abstract: From a log of a machine, an entry is selected relating to providing a subservice in processing a service request from a requestor associated with a key. The log entry includes a subsequence of machines used and a cost of providing the subservice. A set of entries is selected from the log, an entry including the subsequence and a second cost of providing the subservice but in processing a different service request from a different requestor associated with a different key. A distance is computed between the cost and the second cost. A number of occurrences of the subsequence with the key is determined. Using the number and the distance for the subsequence, a value pair is computed. Responsive to an aggregate number in the value pair not exceeding a threshold count. The processing of the service request is output as a suspect for using an improper sequence of machines.

Abstract: Methods and systems for authenticating a user device employ a database of global network latencies categorized and searchable by location and calendar date-time of day usage, providing network latency by geography and by time. The database is constructed using voluminous daily data collected from a world-wide clientele of users who sign in to a particular website. Accuracy of the latency data and clock skew machine identification is made practical and useful for authentications using a service provider-proprietary, stable reference clock, such as an atomic clock, so that internal clock jitter of a service provider performing authentications does not affect the network latency time and clock skew identification of user devices. Increased authentication confidence results from using the database for correcting network latency times and user device signatures generated from the clock skew identifications and for cross checking the authentication using comparisons of initial registration to current sign in data.