Abstract: A method for providing analysis and detection of malicious software may include directing a comparison of patterns within sample code to a predetermined set of malicious software patterns, determining whether the sample code is likely to be malicious software based on the comparison, and, in response to a determination that the sample code is likely to be malicious software, determining a malicious software cluster with which the sample code is associated based on the patterns within the sample code. A corresponding computer program product and apparatus are also provided.

Abstract: A system and method are provided that allow an application on a first terminal to inquire about available network communication associations that it can use to send data to another terminal, thereby avoiding the establishment of a new network communication association with the other terminal. A security information module may serve to collect and/or store information about available network communication associations between the first terminal and another terminal across different layers. The security information module may also assess a trust level for the network communication associations based on security mechanisms used to establish each association and/or past experience information reported for these network communication associations. Upon receiving a request for available network communication associations, the security information module provides this to the requesting application which can use it to establish communications with a corresponding application on the other terminal.

Abstract: Disclosed herein are system, method, and computer program product embodiments for adapting to malware activity on a compromised computer system. An embodiment operates by detecting an adversary operating malware on a compromised system. A stream of network communications associated with adversary is intercepted. The stream of network communications includes a command and control channel of the adversary. The stream of network communications is accessed. An emulation of the command and control channel is provided. An analysis of the accessed stream of traffic is executed. A plurality of response mechanisms is provided. The plurality of response mechanisms is based in part on the analysis of the stream of network communications and a custom policy language tailored for the malware.

Abstract: One feature pertains to an efficient algorithm to protect the integrity of a plurality of data structures by computing an aggregate message authentication code (MAC) over the plurality of data structures. An aggregate MAC may be constructed from a plurality of MAC values associated with a plurality of data structures. The aggregate MAC binds the plurality of data structures and attests to their combined integrity simultaneously. Rather than checking the integrity of a data structure when it is accessed, the aggregate MAC is periodically checked or verified, to ascertain the integrity of all data structures. If the aggregate MAC computed is different from the previously stored aggregate MAC, then all data structures that are part of the aggregate MAC are discarded.

Abstract: A system of credential management and identity verification includes a portable input device and an application that, when executed on the input device, authenticates a user of the input device and provides associated credentials to a computing device. The application detects a request for credentials presented by a proximate computing device. Then, the application alerts a user of the computing device to confirm his identity by submitting one of a biometric or non-biometric authenticating input to the input device. The authenticating input is received by the input device and used to verify the identity of the user. If the identity is verified, the application transmits the associated encrypted credentials and mask data to the computing device. The input device may be a pointing device connected wirelessly or via wired connection to the computer. User authentication data is provided to the input device at an initial or predetermined time.

Abstract: A system and method remotely enrolls, authenticates and provides unified authentication services in an ASP setting to a user to access requested information via a communication medium. A filter is coupled to client side components via the communication medium and a user management component coupled to the client side components via the communication medium. The user management component allows end-users to register their credentials only once. In addition, the user management component allows end-users to define the level of protection of access to their web application accounts. This includes accounts that have been configured specifically for use with the present invention and particular user credentials and accounts that have been subsequently set up but configured to use the same user credentials. The present invention can then reuse those credentials to authenticate the user to one or more potentially unrelated web applications.

Abstract: Aspects of the present disclosure are directed to methods and systems for protecting sensitive data in a hosted service system. The system includes a host system and the host system includes a key management system (KMS) and a metadata service system (MSS). The KMS and the MSS are communicatively coupled to each other. The system further includes a database management system (DBMS) having a database, a query pre-parser, and a results handler. The query pre-parser and the results handler are communicatively coupled to the KMS and the MSS, and the system also includes a processing application adapted to process at least some data received from a tenant system.

Abstract: A gaming system for performing integrity checks of a gaming machine is described. The gaming system includes a host server comprising having a processor, an interface for communicating with a plurality of gaming machines, an oversight module, and a database of expected gaming machine configurations. The gaming system further includes the plurality of gaming machines configured to present game play of a wager-based game. Each gaming machine includes a cabinet, a display coupled to the cabinet, and a processor coupled to the cabinet. The gaming system is configured to perform an integrity check of the plurality of gaming machines through the host server.

Abstract: A computer system includes memory configured to store information regarding predetermined conditions of an encryption operation and a processor configured to analyze an inbound key and an outbound key of the encryption operation. The processor is also configured to determine that the encryption operation includes a translation from a first class of encryption to a second class of encryption based on the analyzing the inbound key and the outbound key, and to determine whether the translation is permitted based on the predetermined conditions.

Abstract: Network communication and provisioning systems and methods are provided to enable automatic provisioning of an appliance to provide encryption services for email messages and other types of electronic messages addressed to or from an email domain.

Abstract: A user device collects timing data that indicates screen touch timing behavior during multiple touch events associated with at least one of a hold time for a particular button or a transition time between two particular buttons. The user device also collects force data indicating screen touch force behavior during the multiple touch events. The user device identifies a user biometric pattern for the touch event based on the timing data and the force data, and stores the user biometric pattern.

Abstract: Circuits, methods, and systems are provided for securing an integrated circuit device against Differential Power Analysis (DPA) attacks. Plaintext (e.g., configuration data for a programmable device) may be encrypted in an encryption system using a cryptographic algorithm. Ciphertext may be decrypted in a decryption system using the cryptographic algorithm. The encryption and/or decryption systems may obfuscate the plaintext, the ciphertext, and/or the substitution tables used by the cryptographic algorithm. The encryption and/or decryption systems may also generate cryptographic key schedules by using different keys for encrypting/decrypting different blocks and/or by expanding round keys between encryption/decryption blocks. These techniques may help mitigate or altogether eliminate the vulnerability of cryptographic elements revealing power consumption information to learn the value of secret information, e.g., through DPA.

Abstract: A microcontroller includes on-chip key storage slots stored in a non-volatile memory, wherein selecting which key is to be used is restricted to software, wherein a predetermined key storage slot stores a Key Encrypt Key (KEK), and a register flag is provided for determining whether the predetermined key storage slot stores a key for encrypting/decrypting data or the KEK for encrypting/decrypting a key.

Abstract: Methods, systems, and computer program products for protecting information on a user interface based on a viewability of the information are disclosed. According to one method, a viewing position of a person other than a user with respect to information on a user interface is identified. An information viewability threshold is determined based on the information on the user interface. Further, an action associated with the user interface is performed based on the identified viewing position and the determined information viewability threshold.

Abstract: A request to obtain data items associated with an entity is received from a client device. One or more computing devices determine whether access to the data items is restricted by an access control policy and whether the client device complies with the access control policy. In response to determining that the client device complies with the access control policy, at least a portion of the data items that the access control policy permits the client device to access are identified. An integration of the at least a portion of the data items with additional data items is initiated.

Abstract: The present invention describes a method for authenticating a user of a mobile device by a verification authority, by making use of at least a personal identification number (PIN) and at least one cryptographic key, such that the PIN and the cryptographic key is known only to the user and the verification authority. The cryptographic key has at least one session key. Firstly, the user encodes the PIN by using at least one session key and then transfers the encoded PIN to a predefined address of the verification authority via the mobile device. Next, the verification authority decodes the PIN by using the cryptographic key authenticates the user if the decoded PIN matches a PIN stored corresponding to the user.

Abstract: The present invention relates to a method and a device for ensuring information integrity and non-repudiation over time. At least one example embodiment provides a mechanism for secure distribution of information, which information relates to an instance in time when usage of cryptographic key pairs associated with a certain brand identity commenced, as well as when the key pairs ceased to be used, i.e. when the key pairs were revoked. The mechanism further allows a company or an organization to tie administration of cryptographic key pairs and a procedure for verifying information integrity and non-repudiation to their own brand. This can be seen as a complement or an alternative to using a certificate authority (CA) as a trusted third party, which CA guarantees an alleged relation between a public key and the identity of the company or organization using the cryptographic key pair to which that public key belongs.

Abstract: Embodiments of methods and network devices for securing data within a network are generally described herein. One such method includes a key aggregation server receiving a request for an encryption key to secure the data. The server may query a plurality of network devices for a respective key from each queried network device. The server may then receive the respective key from each of the plurality of network devices and select a key element from each of the plurality of keys. An encryption key may be constructed from the key elements and transmitted to a client.

Abstract: A method includes receiving data related to an individual, the data comprising a plurality of elements of personally-identifying information (PII). The method further includes building, via the plurality of elements of the PII, a compositional key for the individual. In addition, the method includes storing the compositional key and a biometric print for the individual as a biometric record in a biometric repository. The method also includes, via the compositional key, providing a plurality of federated entity (FE) computer systems with access to the biometric repository.

Abstract: A system includes: a first radio base station including: a first processor which performs processes to transmit and receive a first encryption key, and an first interface which transmits or receives the encapsulated packet, the second radio base station includes: a second interface which transmits or receives the encapsulated packet; and a second processor which encrypts or decrypts the packet with the first encryption key, the host node includes: a third processor which encrypts or decrypts the packet, and during processing of a handover of the mobile station, the host node transmits the packet encrypted with the first encryption key to the first radio base station, the first radio base station transmits the packet to the second radio base station by the tunneling, and the second radio base station decapsulates the packet, decrypts the packet with the first encryption key, and then transmits the packet to the mobile station.