Abstract: A drive preserves a default input password. When there is no password input from the user, the default input password is regarded as a user input password and is compared and collated with a password for access protection, thereby controlling the access protection. In this instance, if the default input password and the password for access protection have the same value, a collation coincidence is obtained. The drive permits the access without needing a password input of the user.

Abstract: Providing a user with assurance that a networked computer is secure, typically before completion of the log-in operation. This can be accomplished by extending the local log-in process to perform a host assessment of the workstation prior to requesting the user's credentials. If the assessment finds a vulnerability, the log-in process can inform the user that the machine is or may be compromised, or repair the vulnerability, prior to completion of the log-in operation. By performing vulnerability assessment at the level of the workstation, a network server is able to determine whether the workstation is a “trusted” platform from which to accept authentication requests. If the vulnerability assessment shows that the workstation is compromised, or if the possibility of remote compromise is high, the network server can elect to fail the authentication on the grounds that the workstation cannot be trusted.

Abstract: A probe attached to a customer's network collects status data and other audit information from monitored components of the network, looking for footprints or evidence of unauthorized intrusions or attacks. The probe filters and analyzes the collected data to identify potentially security-related events happening on the network. Identified events are transmitted to a human analyst for problem resolution. The analyst has access to a variety of databases (including security intelligence databases containing information about known vulnerabilities of particular network products and characteristics of various hacker tools, and problem resolution databases containing information relevant to possible approaches or solutions) to aid in problem resolution. The analyst may follow a predetermined escalation procedure in the event he or she is unable to resolve the problem without assistance from others.

Abstract: A computer system including a processor, an access token communicator capable of being coupled to the processor and adapted to read an access token, an input device coupled to the processor that is able to receive verification data that confirms authorized access of the access token, and software executable on the processor that includes instructions to control access to the processor and including code to access the access token and the verification data, code to verify the validity of the access token using the verification data, code to set security policies in the processor, and code to control access to resources in the processor based on the security policies. In addition, a method for reading an access token, verifying the validity of the access token, setting security policies in a computer system, and unlocking a computer system and a nonvolatile storage device attached to the computer system.

Abstract: A method and apparatus for securing a token from unauthorized use is disclosed. The method comprises the steps of receiving a first message transmitted from a host processing device and addressed to a PIN entry device according to a universal serial bus (USB) protocol; accepting a PIN entered into the PIN entry device; and transmitting a second message comprising at least a portion of the first message and the PIN from the PIN entry device to the token along a secure communication path.

Abstract: An information processor equipped with a password storage for storing a password, which is inputted from outside for unlocking a password-locked condition of a storage device when booting the information processor. During a resume process, a controller unlocks the password-locked condition of the storage device using the password previously stored in the password storage. With this arrangement, when the information processor resumes its normal operating condition from a power saving mode, the operator does not need to input a password even if the information processor is installed in an unattended environment or a far remote local area.

Abstract: A System for providing data security in a first device driver operably installed in a computer operating system having a layered plurality of device drivers (81, 82, 83, 84) for accessing data in a data storage device. The first device driver detects an I/O request, and determines whether the first device driver is functionally uppermost in the layered plurality of device drivers. If the first device driver is functionally uppermost in the layered plurality of device drivers, the method performs the I/O request (80) in the first device driver. If the device driver is not functionally uppermost in the layered plurality of device drivers, the method denies the I/O request in the first device driver, and allows the I/O request to be performed by the next lowest-level driver in the layered plurality of device drivers.

Abstract: A method and apparatus for verifying the integrity of devices on a target network. The apparatus has security subsystems and a master security system hierarchically connected to the security subsystems via a secure link. The target network includes various intrusion detection devices, which may be part of the security subsystem. Each intrusion detection device generates a plurality of event messages when an attack on the network is detected. The security subsystem collects these event messages, correlates, and analyzes them, and performs network scanning processes. If certain events warrant additional scrutiny, they are uploaded to the master security system for review.

Abstract: One embodiment of the present invention provides a system for managing public keys through a server that stores associations between public keys and email addresses. This system operates by receiving a first message from a client containing a request for approval of a client public key along with the client public key. In response this request for approval, the system sends a second message to the client containing a request for identity confirmation that includes the client public key. If a third message is received from the client containing an affirmative response to the request for identity confirmation, the system stores an association between a client email address and the client public key in a database. This allows other clients to look up the client public key in the database.

Abstract: A networked computer system 10 having enhanced communications security aspects.

Abstract: A method and system for authenticating access to a storage area network (SAN) is disclosed in which a password is retrieved from a first copy of a password table in response to an access (login) request, the first copy of the password table residing on a switch and corresponding to a switch port. The password is used to retrieve a response from the first copy of the password table. The response is encrypted according to a first copy of an encryption key stored on the switch. The encrypted password is then sent to the node requesting access to the SAN, where it is decrypted according to a second copy of the encryption key residing on the node. The decrypted password is used to retrieve a response from a second copy of the password table residing on the node. The response is encrypted according to the second copy of the encryption key and sent back to the switch port. The response received from the node is then compared with the response determined from the first copy of the password table.

Abstract: The invention provides a system and method for providing security against unauthorized access to a java enabled network device. The system includes multiple conventional class loaders, code verifiers, security managers, access managers, SAMs, a certificate authority and a policy server. The SAM verifies the authenticity of the entity and either allows a download/access to a device or rejects the download/access to a network device. The certificate authority is a repository for public key certificates and may be a part of the secure network or part of the unsecured network. The policy server is a repository for the rights (privileges) an entity is entitled to on the secure network. The code verifiers verify that the Byte Code is valid java code. The security manager is the conventional security manager. The class loader loads the code to the device and the access manager assigns access levels to each Java thread that is created.

Abstract: A method of on-line authentication includes having a user present one or more fingerprints for authentication during an on-line transaction, such as an Internet transaction. The user provides the fingerprints by placing the appropriate finger on the print pad of the fingerprint reader associated with the client computer that the user is using. The method includes receiving through the computer network a communication indicating that authentication is needed, obtaining a first number that indicates how many fingerprints will be requested for authentication, randomly selecting which fingerprints will be requested, sending through the computer network one or more requests for entry of the randomly selected fingerprints, receiving fingerprint data through the computer network in response to the one or more requests for entry of the randomly selected fingerprints, and comparing the received fingerprint data to fingerprint data stored in a database.

Abstract: The mobile application security system and method in accordance with the invention increases the overall level of security in using a mobile application. In a preferred embodiment, the system may use a client/server architecture wherein each host of a mobile application is treated as a client and a central computer is treated as the server. In operation, any time that a mobile application is going to jump between hosts, it must first pass through the central computer so that the central computer may perform various security checks. The security checks ensure that the security of the mobile application is not compromised and overcomes the above problems with typical mobile application systems.

Abstract: There is disclosed an apparatus and method for protecting a first computer system against an intrusion such as a computer virus or an unauthorized access. The apparatus comprises a second computer system that is coupled to the first computer system in a manner that permits the second computer system to receive all computer communications that are directed to the first computer system. The second computer system detects an intrusion before the intrusion reaches the first computer system. The second computer system deletes the intrusion by deleting the operating system and all other data on the second computer system. After the compromised operating system and data have been erased, a clean version of the operating system and data is supplied to the second computer system from a restoration controller within the second computer system, or from the first computer system, or from a backup copy of the clean version of the data.

Abstract: A data processing device (1) which includes a circuit (2) with data processing means (17) which are suitable for processing data (DA) while utilizing a characteristic value (CV) and with sequencing means (15) which are arranged to execute an algorithm in order to control the data processing means (17) in conformity with this algorithm which comprises a given number N of sub-algorithms containing identical successions of algorithm steps, is additionally provided with order fixation means (29) which co-operate with the sequencing means (15) and whereby, each time when the algorithm is executed, an order can be fixed from a plurality of feasible orders for the execution of the N sub-algorithms.

Abstract: A system and method of providing security mechanisms for securing traffic communicated from a server system to a client system independent of the state of the client system. The server system determines whether the client system has entered an operational state. When the client system is operational, key exchange processes are initiated between the two systems, the results of the key exchange processes being the parameters for use in securing traffic communication between the two systems. The results are stored in the client system. The results are inhibited from being updated in the client system until the server system is successful in completely executing another set of key exchange processes. The results are updated with the results obtained from successful execution of the other set of key exchange processes if the execution of the other set is successful. The traffic communication is thus secured based on whatever results are stored in the client system.

Abstract: A system is provided for establishing a secure link among multiple users on a single machine with a remote machine. The system includes a subsystem to filter traffic so that traffic from each user is separate. The subsystem generates and associates a Security Association (SA) with at least one filter corresponding to the user and the traffic, and employs the SA to establish the secure link. An Internet Key Exchange module and a policy module may be included to generate and associate the security association, wherein the policy module is configured via Internet Protocol Security (IPSEC).

Abstract: A personal key having an inexpensive and robust integrated USB connector is disclosed. The apparatus comprises a circuit board having a processor and a plurality of conductive traces communicatively coupling the processor to a peripheral portion of the circuit board. The plurality of conductive traces includes, for example, a power trace, a ground trace, and at least two signal traces. The apparatus also comprises a first housing, having an aperture configured to accept the periphery of the circuit board therethrough, thereby presenting the plurality of conductive traces exterior to the aperture. The apparatus also comprises a shell, surrounding the plurality of conductive traces, the shell including at least one locking member interfacing with the first housing.

Abstract: Disclosed is a Security Indications and Warning (SI&W) Engine usable in conjunction with an audit agent. The audit agent forwards normalized audits to the SI&W Engine. The SI&W Engine groups the normalized audits into related groupings. Gauges are used to count the number of occurrences of audited events. A statistical engine provides statistical representations of the number of events per user, per session and per node. A predetermined number of criteria are defined a particular gauge or gauge pair. There may be many criteria for a particular network. When a predetermined number of criteria within a criteria set are triggered, an indicator is triggered. More complex indicators can use combinations of lower level indicators to provide further indications of potential security threads. Thus, a hierarchical system of gauges, criteria and indicators is used to measure boundary violations and breaches of different barriers.