Abstract: A system and method in a virtual universe system for triggering scans of virtual items and inventories of virtual items and for scanning the virtual items and inventories wherein the scans may be triggered by an avatar moving or teleporting from one region to another, or by an avatar picking up, dropping off, or accepting or purchasing an item. The degree of scanning may depend upon factors such as location where these scan triggers occur. The signature of the item may be identified by the scan process. The item signature may be compared against signatures of known malicious items stored in an inventory item signatures database and a summary of the signature comparison may be sent to a resident and stored in the resident's inventory.

Abstract: Methods and apparatus to configure virtual private mobile networks are disclosed. Example methods include provisioning a virtual private mobile network within a wireless network, and, after provisioning the virtual private mobile network, determining whether a first communication from a user equipment matches a security event profile. When the first communication matches the profile, the example methods include transmitting, from the wireless network via a first base transceiver station, an instruction to cause the user equipment to be communicatively coupled to the virtual private mobile network. The example methods further include instructing the user equipment to transmit a second communication through a second base transceiver station that is physically separate from the first base transceiver station and through the virtual private mobile network. In the example methods, the virtual private mobile network is isolated in a wireless spectrum from other portions of the network.

Abstract: A system and method for efficiently determining that a received file is not malware is presented. In operation, when a file is received at a computing device, an evaluation is made as to whether the file includes user-modifiable, or superficial, data areas, i.e., areas of the file that by their nature do not typically carry or embed malware. If the file includes superficial data areas, those superficial data areas are filtered out and a file signature is generated based on the remaining portions of the received file. The file can then be compared to a list of know malware to determine if the file is malware. Alternatively, the file can be compared to a list of known, trusted files to determine whether the file is trustworthy.

Abstract: An apparatus and method for pairing a base and a detachable device. A query module queries a detachable device in response to the detachable device connecting to a base. The detachable device provides a display for the base if the detachable device and base are connected. A determination module determines if the detachable device is paired with the base. A credential module obtains a pairing credential for a pairing in response to the determination module determining that the detachable device is unpaired with the base.

Abstract: Provided is a method for securely exchanging information during application startup. A processor may send a request for a passphrase to one or more remote devices using a first out-of-band message. The processor may receive, from at least one of the remote devices, a response that includes the passphrase. The response may be a second out-of-band message. The processor may decrypt application startup data that is stored in a first configuration file for the application using the received passphrase. The application startup data may be necessary for the application to execute. The processor may then execute the application using the decrypted application startup data.

Abstract: A method and apparatus for fine-grained, trust-based rate limiting of network requests distinguishes trusted network traffic from untrusted network traffic at the granularity of an individual user/machine combination, so that network traffic policing measures are readily implemented against untrusted and potentially hostile traffic without compromising service to trusted users. A server establishes a user/client pair as trusted by issuing a trust token to the client when successfully authenticating to the server for the first time. Subsequently, the client provides the trust token at login. At the server, rate policies apportion bandwidth according to type of traffic: network requests that include a valid trust token are granted highest priority. Rate policies further specify bandwidth restrictions imposed for untrusted network traffic.

Abstract: Provided is a method for securely exchanging information during application startup. A processor may send a request for a passphrase to one or more remote devices using a first out-of-band message. The processor may receive, from at least one of the remote devices, a response that includes the passphrase. The response may be a second out-of-band message. The processor may decrypt application startup data that is stored in a first configuration file for the application using the received passphrase. The application startup data may be necessary for the application to execute. The processor may then execute the application using the decrypted application startup data.

Abstract: A method and apparatus for network security elements using endpoint resources. An embodiment of a method includes receiving a request for access to a network at an endpoint server. The method further includes detecting that the request for access to the network includes a request that is unauthorized. The request for access to the network is directed to a network security element.

Abstract: A method for reacting to system calls made to a kernel of a computerized system, the method includes controlling an execution of at least one system call by the kernel in response to a result of a comparison between information of system calls mane to a kernal and between data structure elements (DEs) of a non-executable control data structure that includes fields that correspond to the system call type fields, to the system call initiator fields and to the system call request fields of the segments of the first control data structure. The method also includes (A) Receiving a first control data structure. The first control data includes multiple segments. Each segment includes a system call type field, at least one system call initiator field and at least one system call request field. And (B) Converting the first control data structure into the non-executable control data structure.

Abstract: Architecture that provides Internet Protocol security (IPsec) certificate exchange based on certificate attributes. An IPsec endpoint can validate the security context of another IPsec endpoint certificate by referencing certificate attributes. By facilitating IPsec certificate exchange using certificate attributes rather than solely certificate roots, it is now possible to build multiple isolated network zones using a single certificate authority rather than requiring one certificate authority per zone. Moreover, the ability to use certificate attributes during the IPsec certificate exchange can be leveraged for more focused communications such as QoS (quality of service). Certificate attributes can be utilized to identify the security context of the endpoint. The IPsec certificate use can be locked down to a single IP or group of IPs.

Abstract: This invention relates to a method of healthcare data handling by a trusted agent possessing or having an access to decryption keys for accessing healthcare data. A request is received from a requestor requesting accessing healthcare data. A log is generated containing data relating to the request or the requestor or both. Finally, the requestor is provided with an access to the healthcare data.

Abstract: For an antivirus scan during a data scrub operation, an antivirus scan is concurrently performed as an overlap with the data scrub operation, wherein the data scrub operation periodically inspects and corrects memory errors. The antivirus scan concurrently performing as an overlap with the data scrub operation is increased if a reduction in disk access by a host application is detected. A number of antivirus scan input/output (I/O) operations and data scrub I/O operations is reduced.

Abstract: An apparatus for setting an email security and method thereof are displayed. The present invention includes receiving an email from a email server, deleting partial information of the email according to a security level of the email, and displaying the partial information deleted email.

Abstract: A method of requesting and issuing a certificate from certification authority for use by an initiating correspondent with a registration authority is provided. The initiating correspondent makes a request for a certificate to the registration authority, and the registration authority sends the request to a certificate authority, which issues the certificate to the registration authority. The certificate is stored at a location in a directory and this location is associated with a pointer such as uniform resource locator (URL) that is derived from information contained in the certificate request. The initiating correspondent computes the location using the same information and forwards it to other corespondents. The other correspondents can then locate the certificate to authenticate the public key of the initiating correspondent.

Abstract: Various embodiments of a system and method for multipronged authentication are described. Embodiments may include a client system that implements a runtime component configured to consume content. The client system may be configured to implement a digital rights management component configured to perform one or more cryptographic operations and also authenticate the runtime component. The client system may receive encrypted content from a remote computer system and receive a given authentication component from a remote computer system; that authentication component may be configured to authenticate the runtime component. The client system may, based on authentication of the runtime component by both the digital rights management component and the given authentication component, decrypt at least a portion of the encrypted content.

Abstract: For an antivirus scan during a data scrub operation, an antivirus scan is concurrently performed as an overlap with the data scrub operation, wherein the data scrub operation periodically inspects and corrects memory errors. The antivirus scan concurrently performing as an overlap with the data scrub operation is increased if a reduction in disk access by a host application is detected. A number of antivirus scan input/output (I/O) operations and data scrub I/O operations is reduced.

Abstract: Embodiments are directed towards detecting and thwarting incoming network requests by either throttling and/or redirecting the attack requests towards a honeypot. As network requests are received, TCP segments are examined to identify a presence of attack signatures before returning an ACK. Such attack signatures may identified based on an absence of referrer headers, an invalid cookie, known improper sender addresses, known valid sender addresses, examination of OSI layer 4 and/or above content of a packet, or the like. If an attack is identified, throttling may be employed by responding to the attack requests by dropping and/or rejecting packets within the request, acknowledging the client device's packets at a byte level, modifying a round trip time (RTT) calculation by responding at a defined slowed rate, and/or redirecting client requests to a honeypot.

Abstract: Architecture that creates and applies a virtual firewall profile for each network to which a multi-homed device is connected. In one implementation, the virtual profiles can be based on address ranges of the networks. This ensures seamless concurrent connectivity of the multi-homed device to multiple networks.

Abstract: A method for generating an n-bit result includes a secured containment device (SCD) receiving a request to generate the n-bit result. The request includes an n-bit generator input and a master secret identifier. The request is sent from an application executing on a host system using an input/output (I/O) interface. The SCD disables all I/O interfaces on the SCD between the host system and the SCD. After disabling all the I/O interfaces on the SCD between the host system and the SCD, the SCD provides the n-bit generator input and the master secret identifier to a secured hardware token over a second I/O interface, receives the n-bit result from the secured hardware token over the second I/O interface, enables at least the first I/O interface after the n-bit result is generated, and provides, after enabling the first I/O interface, the n-bit result to the application using the first I/O interface.

Abstract: Methods and apparatus to configure virtual private mobile networks for security are disclosed. A disclosed example method includes identifying, in a wireless network, a communication from a user equipment that matches a security event profile, transmitting, from the wireless network, an instruction to enable the user equipment to be communicatively coupled to a virtual private mobile network, the virtual private mobile network being provisioned for security within the wireless network, and enabling the user equipment to transmit a second communication through the virtual private mobile network securely isolated from other portions of the wireless network.