Abstract: A method for identifying and reporting interrupt behavior includes incrementing a counter when an interrupt signal is a designated type and is not received from an approved peripheral device, and performing a corrective action when the counter reaches a threshold value. In some embodiments, the designated type of the interrupt signal comprises a System Management Interrupt (SMI), which has the capability of halting operations at all processors within a system to execute associated instructions within a protected circumstance, resuming normal operations for each of the plurality of processors when the corrective action has been completed. In another embodiment, the corrective action includes creating a report identifying, within the same protected circumstance, the interrupt signal as an SMI. In some embodiments, the method performs a different corrective action when an interrupt signal is a designated type and is received from an approved peripheral device and decrements a counter.

Abstract: Systems and methods for providing access to secure information are disclosed. In one aspect, a computer-implemented method for providing access to secure information comprises receiving a first one-time password (OTP) from a computing device, and verifying whether the first OTP is valid. The method also comprises, if the first OTP is valid, performing the steps of generating a second OTP for accessing the secure information, and transmitting the second OTP to the computing device. In another aspect, a computer-implemented method for providing access to secure information comprises generating a first one-time password (OTP), and transmitting the first OTP to an OTP device. The method also comprises, in response to the first OTP, receiving a second OTP from the OTP device, and sending the second OTP to a system that controls access to the secure information, wherein the first OTP is different from the second OTP.

Abstract: An authentication and authorization plug-in model for a cloud computing environment enables cloud customers to retain control over their enterprise information when their applications are deployed in the cloud. The cloud service provider provides a pluggable interface for customer security modules. When a customer deploys an application, the cloud environment administrator allocates a resource group for the customer's application and data. The customer registers its own authentication and authorization security module with the cloud security service, and that security module is then used to control what persons or entities can access information associated with the deployed application. To further balance the rights of the various parties, a third party notary service protects the privacy and the access right of the customer when its application and information are deployed in the cloud.

Abstract: This disclosure describes systems and associated processes that provide digital rights management for applications. In some embodiments, these system and processes couple DRM protection with individual applications, rather than with a centralized service. For instance, these systems and processes can be implemented in the context of an application store or distribution service that distributes applications for purchase or for free to user devices. Developers can submit applications to the application distribution service for distribution to end users. In response to receiving an application from a developer, the application distribution service can modify the application to include DRM features. The application distribution service can accomplish this modification without input from or the knowledge of the developer. The DRM features included in the modified application can prevent or otherwise reduce copying or modifying of the application.

Abstract: A device wirelessly receives first and second identifiers contemporaneously from a network. The first identifier indicates that the network operates in a first mode that is not secure. The second identifier indicates that the network operates in a second mode that is secure. In response to wirelessly receiving the first and second identifiers, the device wirelessly connects to the network in the first mode to determine whether the network accepts the device for the second mode, irrespective of whether the network previously accepted the device for the second mode, and irrespective of whether the device already stores authentication information for the second mode. In response to determining that the network accepts the device for the second mode, the device wirelessly connects to the network in the second mode to securely communicate with the network in response to the authentication information.

Abstract: The invention relates to a method for generating a data authentication key for allowing data communication over a wireless channel between a first mobile device and a second mobile device, comprising: associating said mobile devices to each other by means of said key. The invention comprises: allowing a shared physical or mechanical condition to be applied generally simultaneously upon said devices; detecting, in said first mobile device, said condition; defining, in said first mobile device, said authentication key based on the detected condition; and transmitting said key to said second mobile device. The invention also relates to a mobile device configured for generating a data authentication key for allowing data communication over a wireless channel to a further mobile device.

Abstract: A method of detecting malicious software (malware) includes receiving a file and storing a memory baseline for a system. The method also includes copying the file to the system, executing the file on the system, terminating operation of the system, and storing a post-execution memory map. The method further includes analyzing the memory baseline and the post-execution memory map and determining that the file includes malware.

Abstract: At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model includes a plurality of message model sections. A representation of the at least one of an HTTP request message and an HTTP response message is parsed into message sections in accordance with the message model sections of the HTTP message model. A plurality of security rules are bounds to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition, which is based, at least in part, on a corresponding given one of the message sections. The at least one of an HTTP request message and an HTTP response message is processed in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided.

Abstract: According to one embodiment, an authenticator which authenticates an authenticatee, which stores first key information (NKey) that is hidden, includes a memory configured to store second key information (HKey) which is hidden, a random number generation module configured to generate random number information, and a data generation module configured to generate a session key (SKey) by using the second key information (HKey) and the random number information. The authenticator is configured such that the second key information (HKey) is generated from the first key information (NKey) but the first key information (NKey) is not generated from the second key information (HKey).

Abstract: Novel methods, components, and systems that enhance traditional techniques for detecting malicious software are presented. More specifically, we describe methods, components, and systems that leverage important contextual information from a client system (such as recent history of events on that system) to detect malicious software that might have otherwise gone ignored. The disclosed invention provides a significant improvement with regard to detection capabilities compared to previous approaches.

Abstract: Enforcing a policy is described. A mapping between an IP address of a device and a user identity is identified, at least in part by correlating event information. A policy is applied to the device based at least in part on the user identity. One example of an event is an access to a mail server, such as an access to a Microsoft Exchange server.

Abstract: The present disclosure provides a computer-readable medium, method and system for determining security vulnerabilities for a plurality of application programs used to provide television services to a customer device over a communications network. The method includes running a first scanning program against a first application program relating to a control panel for the customer device; running a second scanning program against a second application program that provides Internet content to the customer device; running a third scanning program against a third application program that relates to a component management system of customer premises equipment; and correlating security vulnerabilities identified utilizing the first, second, and third scanning programs.

Abstract: In one embodiment, a processor includes at least one execution unit. The processor also includes a Return Oriented Programming (ROP) logic coupled to the at least one execution unit. The ROP logic may validate a return pointer stored on a call stack based on a secret ROP value. The secret ROP value may only be accessible by the operating system.

Abstract: Enforcing a policy is described. A mapping between an IP address of a device and a user identity is identified, at least in part by correlating event information. A policy is applied to the device based at least in part on the user identity. One example of an event is an access to a mail server, such as an access to a Microsoft Exchange server.

Abstract: Methods, systems, and apparatus, including computer programs, for managing keys for virtual machines (VM). One method includes receiving a first public key associated with a first user from a first client machine (CM), receiving a second public key associated with a second user from a second CM, and updating metadata associated with a project that includes a first VM and a second VM to include the first and the second public keys. The first public key and a corresponding first private key were generated on the first CM in response to a determination that the first CM lacked a private key for communication with the first VM by the first user. The second public key and a corresponding second private key were generated on the second CM in response to a determination that the second CM lacked a private key for communication with the second VM by the second user.

Abstract: An edge computing platform that provides on-demand delivery of Rich Internet Applications and other applications is disclosed. One embodiment includes an optional manager node and content distribution network (CDN) that include one or more compute nodes. The CDN collects information pertaining to execution of a software application. The CDN aggregates the information and transfers the aggregated information to the manager node. The manager node analyzes the information from the CDN and transfers results of the analysis to the CDN. The CDN receives a software application that is designed to be dynamically updated when executed at the clients. The CDN modifies the software application based on the information from the manager node. The CDN receives a request that pertains to the software application from a client device. The CDN transfers at least a portion of the modified software application to the client.

Abstract: The disclosure addresses the detection of anomalous activity. Some embodiments are directed towards a system for receiving an indication relating to a plurality of controls, identification information associated with a responsible account, and instructions from a responsible account associated with the monitoring of thresholds of controls being monitored. The plurality of user account may be organized into groups based upon information relating to the user accounts, and instructions may be applied to the groups to create a dynamic security policy.

Abstract: Provided are a method, system, and article of manufacture for iterative data secret-sharing transformation and reconversion. In one aspect, data secret-sharing transformation and reconversion is provided in which each bit of an input stream of bits of data is split, on a bit by bit basis, into a pair of secret-sharing bits, and the secret-sharing bits of each pair of secret-sharing bits are separated into separate streams of secret-sharing bits. In this manner, one secret-sharing bit of each pair of secret-sharing bits may be placed in one stream of secret-sharing bits and the other secret-sharing bit of each pair may be placed in another stream of secret-sharing bits different from the one stream of secret-sharing bits. Confidentiality of the original input stream may be protected in the event one but not both streams of secret-sharing bits is obtained by unauthorized personnel.

Abstract: Authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device.

Abstract: A method for generating a practically infinite sequence of pseudo-random numbers that is indistinguishable from a true random source. The method utilizes a discrete set of prime numbers, converting each to a corresponding irrational sequence of numbers, i.e., a MIRP, and arranging said MIRPs into a MIRP Stack that extends into a practically infinite non-repeating MIRP Field, from which an even longer unique sequence of pseudo-random numbers are generated.