Abstract: The present invention relates to data encryption and more particularly to data encryption for prevention of malware attacks designed to access user data. The present invention protects user data against regular malware and advance malware like rootkit attacks, zero day attacks and anti-malware disabler attacks. In one embodiment, the present invention uses encryption, application whitelisting, and application binding to prevent malware from accessing a victim's data files. In another embodiment, the present invention uses application path binding to further contain the malware from accessing the victim's data.

Abstract: A cloud application system installed in a client terminal that is connected to a cloud server via a network, the cloud application system comprising: a first driver controlling module configured to display a list of folders of a relevant user in the cloud server by communicating with the cloud server; a second cloud driver controlling module configured to encrypt a file of the cloud server to store it as the encrypted security file when the file is stored in the client terminal.

Abstract: A bipartite graph is generated which includes one or more source vertices and one or more destination vertices. For a given source vertex, a temporal behavioral matrix is generated using the bipartite graph where a first dimension of the temporal behavioral matrix is associated with time and a second dimension of the temporal behavioral matrix is associated with at least some of the one or more destination vertices. For the given source vertex, a model is generated using at least some portion of the temporal behavioral matrix. Anomaly detection is performed on at least part of the temporal behavioral matrix using the model.

Abstract: There is provided a method of a server system including identifying a first token and a second token based on an identifier received from a first external information processing apparatus, acquiring data from the first external information processing apparatus with use of the first token, generating a document from the acquired data, transmitting the second token to an authentication processing apparatus, acquiring a verification result of the second token from the authentication processing apparatus, and transmitting the generated document to a second external information processing apparatus with use of the second token.

Abstract: A method and system of verifying and authenticating personal history data of a subject comprising requesting the personal history data of the subject from a data base provider, searching the data base for the personal history data of the subject, transmitting the requested personal history data to the requester, reviewing the personal history data by the subject and verifying the accuracy of the personal history data by the subject and authenticating the verified personal history data by the subject.

Abstract: A client computer system receives a file that is at least partially encrypted. The client computer also receives a file manager and user input. In response to the user input matching data stored in an encrypted user profile, the client computer uses the file manager to decrypt the file based on a key stored in the encrypted user profile. The file is unusable if copied to another client computer, and the file manager manages usage of the file based on one or more terms of usage.

Abstract: According to an embodiment, a data management device includes a receiver; a first calculator; a second calculator; and a transmitter. The receiver is configured to receive at least one piece of encrypted data obtained by encrypting a piece of data and at least one message authentication code for the piece of encrypted data. The first calculator is configured to aggregate pieces of encrypted data received to calculate aggregated encrypted data corresponding to a sum of the pieces of data encrypted. The second calculator is configured to sum up message authentication codes received to calculate a total value of the message authentication codes for the aggregated encrypted data. The transmitter is configured to transmit the aggregated encrypted data and the total value of the message authentication codes.

Abstract: In some embodiments, a system includes a trusted network, an untrusted network, on-board equipment on-board a moving object, one or more first security devices on-board the moving object and communicatively connecting the on-board equipment and the untrusted network, and a security device bank communicatively connecting the trusted network and the untrusted network. The security device bank includes a common bus or the local network and one or more second security devices connected to the common bus or the local network.

Abstract: Methods and apparatus for supporting secure packet communications, e.g., sRTP/sRTCP, which are resistant to denial of service attacks are described. A received packet is identified to correspond to a particular stream being received, the stream having a current expected set of packet sequence numbers, e.g., a current window including a next expected packet sequence number and at least one packet sequence number in the expected packet window on each side of the expected packet sequence number. Unencrypted information from the received packet, e.g., a received packet sequence number, is used to determine at least one of: to drop the received packet, or to assign the packet to one of a plurality of policing levels. If the packet passes policing at its assigned policing level, the packet may undergo authentication and decryption to determine if it is a valid packet.

Abstract: A network security system including a first-level security profile engine and a second-level security profile engine is disclosed. In an example of operation, the first-level security profile engine assigns a first-level security profile for a first user device, the first user device requesting access to a network; the second-level security profile engine assigns a first second-level security profile to the first user device, the first second-level security profile providing first network configuration information for the first user device; a device selection engine receives a selection of a second user device associated with the first-level security profile; and the second-level security profile engine assigns a second second-level security profile to the second user device, the second second-level security profile providing second network configuration information for the second user device.

Abstract: An information processing apparatus includes a request information reception unit that receives a request for information processing from a client apparatus, an inquiry information transmission unit that inquires about the presence of authentication information for the information processing, first and second determination units, a prompt information transmission unit, an acquisition information reception unit, and a process start unit. If the first determination unit determines that any piece of the authentication information is missing, using a response to the inquiry, the second determination unit determines whether a second apparatus is to be prompted to obtain the missing authentication information, based on predetermined information. If the determination result is positive, the prompt information transmission unit transmits a prompt to the second apparatus.

Abstract: A system detects malware in a computing architecture with an unknown pedigree. The system includes a first computing device having a known pedigree and operating free of malware. The first computing device executes a series of instrumented functions that, when executed, provide a statistical baseline that is representative of the time it takes the software application to run on a computing device having a known pedigree. A second computing device executes a second series of instrumented functions that, when executed, provides an actual time that is representative of the time the known software application runs on the second computing device. The system detects malware when there is a difference in execution times between the first and the second computing devices.

Abstract: The present disclosure relates to the field of communications technologies and discloses a method, a device, and a communication system for establishing a connection with a network management system. The method includes: obtaining, by a relay node, a first IP address of the relay node; obtaining, by the relay node, an IP address of a security gateway by using the first IP address of the relay node; establishing, by the relay node, an IP security tunnel with the security gateway according to the IP address of the security gateway; obtaining, by the relay node, a second IP address of the relay node and an IP address of the network management system through the IP security tunnel; and establishing, by the relay node, a connection with the network management system by using the second IP address of the relay node and the IP address of the network management system.

Abstract: A constant multiplier inputs a base and a modulo n, performs modular exponentiation modulo n with a prescribed constant as the exponent and with base a, and outputs the result of this calculation as base b. A personal key converter inputs a personal key d and calculates a personal key d? as the quotient when d is divided by the prescribed constant. A correction key generator generates a correction key d? as the remainder of the aforementioned division. A first modular exponentiation unit performs modular exponentiation base b with d? as the exponent. A second modular exponentiation unit performs modular exponentiation base a with d? as the exponent, and outputs a correction value. A correction calculation unit multiplies the outputs of the first and second modular exponentiation units and outputs the result as the encryption processing result.

Abstract: A system for providing cost effective, secure key exchange from at least one first device to at least one second device through at least one proxy server is provided. The system includes a first key exchange message from the at least one first device to the at least one second device via the at least one proxy server. A second key exchange message from the at least one second device to the at least one first device via a media stream of the Internet is required to complete the computation of the session key. A method of securing a communication system is also set forth. The method includes the steps of providing a routing device for identifying a subscriber, and providing a master key exchange session, the master key exchange session including a key k to find a subscriber and a nonce r to answer a query to the subscriber, wherein the master key exchange session includes both the key k and the nonce r.

Abstract: Computers can be authenticated using a shared secret. During an authentication process, a server transmits an image to a client. A mobile device captures and analyzes the image. If the image contains the shared secret known only to the authentic server and the authentic mobile communication device, the mobile device can authenticate the server. The secret in the image can be readily analyzed. A single image may contain multiple shared secrets. Once the server has been authenticated, the user must modify the image in accordance with a shared modification secret to thereby authentic the user. The modified image is transmitted back to the authenticated server. If the image was properly modified, the user is authenticated.

Abstract: Systems and methods for detecting and preventing network security breaches are described. The systems and methods present a gateway-based packet-forwarding network security solution to not only detect security breaches but also prevent them by directly dropping suspicious packets and connections. The systems and methods employ multiple techniques to detect and prevent network security breaches, including stateful signature detection, traffic signature detection, and protocol anomaly detection.

Abstract: Aspects of the present disclosure are directed to methods and systems dynamic trust federation. In one aspect, a computer implemented method may include a security token that enables sign-on into a group applications based on applicable trust criteria. In one aspect, when a user interacts with one application in the group, the trust is elevated through the application internal authentication application program interface (API). The trust may be included in the security token to make available to other applications in the group. Applications can be in multiple groups with variable level of authentication based on location and other transactions variables.

Abstract: A method for low-level security based on the UID. In particular it enhances an RFID system by adding the ability to dynamically modify the UID of the smartcard or to randomly generate a new UID for the smartcard.

Abstract: A computer-implemented method for responding to security breaches may include (1) receiving a notification that a service provider has experienced a security breach, (2) identifying a first user account that is potentially affected by the security breach by identifying an account management database that stores users' account information for a plurality of different service providers and searching the account management database for user accounts associated with the service provider that experienced the security breach, and (3) performing, for the first user account that is potentially affected by the security breach, a security action that addresses the security breach. Various other methods, systems, and computer-readable media are also disclosed.