Abstract: Assigning clients to VLANs on a digital network. A client attaching to a digital network through a network device is initially assigned to a first VLAN. This VLAN may have restricted access and is used for authentication. The device snoops DHCP traffic on this first VLAN rewriting DHCP traffic from the client to request a short lease time for the client. A short lease time may be on the order of 30 seconds. The device optionally rewrites DHCP traffic to the client on the first VLAN to assure a short lease time is returned; this rewriting supports DHCP servers which do not issue short leases. Traffic on this first VLAN may be limited to authentication such as captive portals, 802.1x, Kerberos, and the like. If client authentication on the first VLAN does not succeed, when the short lease expires, the client will receive another short lease on the first VLAN. The network device snoops authentication traffic.

Abstract: Techniques for automatically performing one or more actions responsive to a successful login. In one embodiment, an action automatically performed responsive to the login uses content created prior to the login.

Abstract: The present invention provides a data transmitting apparatus in which a device information obtaining unit obtains device information of a device connected to the data transmitting apparatus; a verification unit verifies validity of a data receiving apparatus, based on the device information obtained by the device information obtaining unit; and a control unit performs control as to whether to obtain the device information through a wireless communication unit or obtain the device information through a wire communication unit, and as to whether to transmit image information encrypted by a first encryption unit from the wireless communication unit or transmit image information encrypted by a second encryption unit from the wire communication unit when the verification unit verifies that the data receiving apparatus is authorized.

Abstract: A method is disclosed for adjusting a security interface display on an electronic device. The method comprises a user of an electronic device requesting a change in the display of an interface for entering security code information on the device. The device presents to the user a variety of options related to the manner in which the graphical elements of the security interface may be displayed. The user may select any one or more of the display options. The electronic device thereafter displays a security interface with graphical elements displayed according to the user's selection.

Abstract: Herewith disclosed a method and system for computerized managing a plurality of data protection (DP) resources. The computerized management comprises obtaining data related to at least part of the DP resources among said plurality of DP resources, wherein at least part of data is obtained by automated collecting; accommodating the obtained data in a data repository thus giving rise to accommodated data; processing the accommodated data, said processing resulting in at least one of the following: a) identifying one or more data protection (DP) schemes characterizing DP resources and/or relationship thereof; and b) identifying one or more data protection (DP) gaps.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for monitoring the generation of link files by processes on a computer and performing protection processes based on whether the link files target malicious objects or are generated by malicious processes.

Abstract: In embodiments according to the present invention an encryption switch is used to authorize access to LUNs from client VMs present in the cloud provider network. The encryption switch includes responder side software for an authentication protocol and an agent in the client VM includes the requestor side of the authentication protocol. The certificate of the client is securely provided to the encryption switch, which associates the client VM with the LUN. The client private key is securely provided to the client VM, which retains it only non-persistently. The client VM requests LUN access and performs an authentication handshake with the encryption switch. If successful the client VM than has access to the LUN. As the original certificate is linked to the client, if the client is itself a VM, should the client be moved to a different host, the certificate moves with it and LUN accessibility is maintained.

Abstract: A computer-implemented method for identifying fraudulent websites. The method may include identifying a fraudulent-website toolkit. The fraudulent-website toolkit may be programmed for use in creating a fraudulent website. The method may also include determining a characteristic of the fraudulent-website toolkit and using the characteristic of the fraudulent-website toolkit to identify a website created using the fraudulent-website toolkit. The website created using the fraudulent-website toolkit may be identified by searching for websites that comprise the characteristic of the fraudulent-website toolkit. The website created using the fraudulent-website toolkit may also be identified by determining that a web browser is attempting to access the website. Various other methods and computer-readable media are also disclosed.

Abstract: An encryption switch which is used in a cloud environment to secure data on the LUNs used by the clients. A client provides a certificate to the cloud service. The encryption switch develops a cloud crypto domain (CCD) as a secure area, with the data at rest on the LUNs encrypted. The encryption switch develops a master key for client use in the CCD, which is provided to the client encrypted by the client's public key. Data encryption keys (DEKs) are created for each LUN and provided to the client. The DEKs are stored in a key vault by the client for use if needed. The cloud service provisions a client VM to be used with the encrypted LUN and develops a nexus between the LUN and the client VM for the encryption switch to use in data operations. The client communicates through the client VM to access the LUN.

Abstract: Example embodiments provide various techniques for securing communications within a group of entities. In one example method, a request from an entity to join the group is received and a signed, digital certificate associated with the entity is accessed. Here, the signed, digital certificate is signed with a group private key that is associated with a certification authority for the group. The signed, digital certificate is added to a group roster, and this addition is to admit the entity into the group. The group roster with the signed, digital certificate is itself signed with the group private key and distributed to the group, which includes the entity that transmitted the request. Communication to the entity is then encrypted using the signed, digital certificate included in the group roster.

Abstract: According to a first aspect of the present invention there is provided a method of detecting malware in a mobile telecommunications device 101. In the method, maintaining a database 109 of legitimate applications and their respective expected behaviors, identifying legitimate applications running on the device 101, monitoring the behavior of the device 101, comparing this monitored behavior with that expected according to the database 109 for those legitimate applications identified as running on the device 101, and analyzing deviations from the expected behavior of the device 101 to identify the potential presence of malware.

Abstract: An integrated secured open database connectivity (ODBC) application programming interface (API) arrangement is provided. The arrangement includes a driver manager, which is configured for at least handling a function call from an application program. The arrangement also includes a set of drivers, which is configured for at least accessing a data source and applying the function call to the data source. The arrangement further includes a security module, which is configured for performing at least one of scanning the function call for malicious content and preventing an unauthorized user from accessing the data source.

Abstract: Invoking a computer implemented service includes receiving a request from a first user to access a service associated with a second user. The request is associated with a security token for the first user and an identity token for the second user. The acceptability of the security token is determined to authenticate the first user, and the acceptability of the identity token is determined to securely identify the second user. The first user is able to access the service associated with the second user conditioned on the security token being determined to be acceptable and the identity token being determined to be acceptable.

Abstract: Techniques are provided to receive at an encryption device from a control device an encryption request comprising a message and an identifier for a device. The control device and the device are associated with a security provider that provides secure content to the device using the message encrypted with a device key that is securely embedded in the device and also stored on the encryption device. The encryption device is associated with a key provider and the device key is not divulged to the security provider. At the encryption device, the device key is retrieved based on the identifier. The message is encrypted with the device key using a predetermined algorithm, and the encrypted message is then sent to the control device.

Abstract: A single sign-on (SSO) system uses simple one-to-one trust relationships between individual applications and an SSO service to extend log in services from one application to another. Each application retains its own login policies and can separately make a decision whether to trust the SSO request or challenge the user for login credentials. By structuring the SSO system to use simple identity mapping, there is no requirement for consolidating user identity records from multiple applications into a single database with its attendant overhead and dependency risks.

Abstract: The invention relates to a method for the temporary personalization of a communication device (1). After producing a communication connection (4) between the communication device (1) and an authentication device (2), an authentication request (6) is transmitted from the authentication device (2) to the communication device (1). A unique feature (7) of the user is then acquired and transmitted to the authentication device (2) by acquisition means of the communication device (1), where it is compared to a stored reference feature (30). Upon correspondence, a user identification (10) is transmitted to the communication device (1). The invention further relates to a communication device and an authentication device which are implemented to carry out the method.

Abstract: A local proxy system includes a storage device having a local proxy and a physical port connection. The local proxy is part of a split proxy configuration having a local proxy and a remote proxy. The physical port connection is operative to receive commands from a host via an internet application protocol; and to transmit commands to the host via a modem control protocol, to thereby function as a gateway for conveying these commands to a remote proxy, via the host. Also provided is a method of optimizing communication over a network; and a local proxy system that includes a storage device having a local proxy. The storage device is in connection with a host via a physical port connection complying with a standard storage device interface.

Abstract: An apparatus and method for establishing a trusted path between a user interface and a trusted executable, wherein the trusted path includes a hypervisor and a driver shim. The method includes measuring an identity of the hypervisor; comparing the measurement of the identity of the hypervisor with a policy for the hypervisor; measuring an identity of the driver shim; comparing the measurement of the identity of the driver shim with a policy for the driver shim; measuring an identity of the user interface; comparing the measurement of the identity of the user interface with a policy for the user interface; and providing a human-perceptible indication of whether the identity of the hypervisor, the identity of the driver shim, and the identity of the user interface correspond with the policy for the hypervisor, the policy for the driver shim, and the policy for the user interface, respectively.

Abstract: A system is configured to receive a list of applications installed on a user device; obtain application profiles that identify risk levels associated with the applications; obtain a user profile that identifies a job level, security risk level, or an access level to confidential information associated with the user of the user device; identify a highest risk level authorized for the user device based on whether the job level is greater than a first threshold, the security risk level is greater than a second threshold, or the access level is greater than a third threshold; determine whether any of the risk levels are greater than the highest risk level; and transmit a notification that one of the applications is to be removed from the user device when one of the risk levels, associated with the one of the applications, is greater than the highest risk level.

Abstract: A new identification (ID) technology comprising unified and standardized object identification within Cyber Space is disclosed based upon intrinsic properties of the entity to be identified. This Cyber Gene ID (or Cyber ID) technology extracts intrinsic information from either the physical users or their cyberspace counterparts, and such information is categorized into client parameters, dynamic parameters, static parameters, cloud parameters, connection parameters and user parameters.