Abstract: A data security device for providing a network transport connection via a transparent network proxy that employs different encryption security mediums along a communications session between two endpoints by emulating one of the endpoints at an intermediate node such that the communication session appears as an atomic, secure connection to the endpoints yet provides appropriate security over the end-to-end connection. A sender node sends a connection request to establish a secure communication session with an intended receiver node. A transparent proxy on an intermediate node receives the request and establishes the link employing an encryption mechanism. The transparent proxy establishes a second link with the intended receiver, and applies a second, less expensive encryption mechanism. The transparent proxy combines the two links to form the trusted, secure connection but incurring only the mitigated expense over the second link.

Abstract: Novel tools and techniques for filtering network traffic in an anycasting environment includes receiving network traffic addressed to a plurality of anycasted servers at an edge router, the plurality of anycasted servers comprising one or more anycasted servers. The network traffic is received from the edge server at least one data scrubbing appliance. The at least one data scrubbing appliance filters out undesirable traffic from the network traffic. The at least one data scrubbing appliance “on-ramps” the filtered network traffic to the plurality of anycasted servers. The filtered network traffic is transmitted to the plurality of anycasted servers in a load balanced manner.

Abstract: A memory access circuit and a corresponding method are provided. The memory access circuit includes a crypto block in communication with a memory that encrypts data of a data block on a block basis. The memory access circuit also includes a fault injection block configured to inject faults to the data in the data block. The memory access circuit further includes a data scrambler and an address scrambler. The data scrambler is configured to scramble data in the memory by shuffling data bits within the data block in a plurality of rounds and mash the shuffled data bits with random data. The address scrambler is configured to distribute the scrambled data across the memory. A memory system including the memory access circuit is also disclosed to implement the corresponding method.

Abstract: A method for balancing load among firewall security devices in a network is disclosed. According to one embodiment, a switch causes firewall security devices (FSDs) of a cluster to enter into a load balancing mode. Responsive to receiving a heartbeat signal from an FSD, information regarding the FSD and the port on which the heartbeat signal was received are added to a table maintained by the switch that maps outputs of a load balancing function to ports of the switch. A received packet is forwarded to an FSD of the cluster by: (i) extracting a configurable number of bit values from a configurable set of bit positions within the packet; (ii) determining the output of the load balancing function; (iii) identifying the port to which the FSD is coupled based on the output and the table; and (iv) transmitting the packet to the FSD via the identified port.

Abstract: Methods and systems for balancing load among firewall security devices (FSDs) are provided. According to one embodiment, session data, including session entries representing previously established traffic sessions from a particular source to a particular destination and forming an association between the previously established session and a particular FSD, is maintained for each port of a session-aware switching device. When a TCP SYN packet is received, the switching device: (i) reduces its vulnerability to a DoS attack by foregoing installation of a forward session entry for the forward traffic session within the session data until a processed TCP SYN/ACK packet associated with the corresponding reverse traffic session is received; (ii) selects an FSD to associate with the forward traffic session and a corresponding reverse traffic session by performing a load balancing function on the TCP SYN packet; and (iii) causes the TCP SYN packet to be processed by the selected FSD.

Abstract: A system and method in a virtual universe system for triggering scans of virtual items and inventories of virtual items and for scanning the virtual items and inventories wherein the scans may be triggered by an avatar moving or teleporting from one region to another, or by an avatar picking up, dropping off, or accepting or purchasing an item. The degree of scanning may depend upon factors such as location where these scan triggers occur. The signature of the item may be identified by the scan process. The item signature may be compared against signatures of known malicious items stored in an inventory item signatures database and a summary of the signature comparison may be sent to a resident and stored in the resident's inventory.

Abstract: Embodiments of computer-implemented methods, systems, and non-transitory computer-readable medium having one or more computer programs stored therein are provided to transfer contents of transactional data between two or more networks configured to have different levels of network protection. Generated data barcodes can be decoded to produce contents of transactional data to be transmitted between two or more networks configured to have different levels of network security protection, and decoded contents of the transactional data can then be securely communicated back to the sender for comparison by generating validation barcodes to be decoded by the sender. Generated verification barcodes can then be decoded to produce verification data. Verification data can confirm success of the transmission of contents of transactional data encoded in the data barcodes. Decoded contents of transactional data can then be stored responsive to an indication of successful transmission.

Abstract: The present invention relates to methods and arrangements in a telecommunication system to override current access rights. The telecommunication system comprises an Access Point IAP; MSC, SGSN associated with a Configuration Unit ICU. The method comprises receiving to the Access Point IAP; MSC, SGSN from the Configuration Unit ICU, a request to monitor a system member MS, SIM. The method further comprises receiving to the Access Point from the Configuration Unit, a request to override deprived access rights for the system member MS, SIM. The method further comprises overriding in the Access Point IAP; MSC, SGSN, the deprived access rights for the member.

Abstract: A wearable device is provided that is used while being worn on a body of a user. The wearable device includes a biometric-information authentication portion that acquires biometric information from the user for biometric authentication. The wearable device acquires biometric information from a portion in contact with or in the vicinity of the user's body to perform the biometric authentication without requesting the user to operate for the biometric authentication.

Abstract: A network component comprising at least one processor configured to implement a method comprising granting a user restricted access at a reduced rate without authenticating the user, attempting to authenticate the user, and granting the user unrestricted access at a full rate if the user authentication is successful. Included is a method comprising authenticating a user device, a user line, or both using a first communication, and authenticating a user using a second communication separate from the first communication. Also included is an apparatus comprising an access node (AN) configured to couple to an access network and communicate with a user equipment (UE) via the access network, wherein the UE is authenticated using either line authentication or device authentication based on the access network.

Abstract: A method is provided in one example embodiment that includes generating a fingerprint based on properties extracted from data packets received over a network connection and requesting a reputation value based on the fingerprint. A policy action may be taken on the network connection if the reputation value received indicates the fingerprint is associated with malicious activity. The method may additionally include displaying information about protocols based on protocol fingerprints, and more particularly, based on fingerprints of unrecognized protocols. In yet other embodiments, the reputation value may also be based on network addresses associated with the network connection.

Abstract: A method of detecting malware on a computer and comprising scanning a system memory of the computer, and/or code being injected into the system memory, for known strings indicative of banking trojans. These strings may be Universal Resource Locators and/or partial Universal Resource Locators.

Abstract: A system obtains a key and first and second plaintext, where the first plaintext is identical to the second plaintext. The system uses the key to encrypt the first plaintext to a first ciphertext and the second plaintext to a second ciphertext using a same encryption algorithm, where the first ciphertext is different than the second ciphertext.

Abstract: Various embodiments of a system and method for multipronged authentication are described. Embodiments may include a client system that implements a runtime component configured to consume content. The client system may be configured to implement a digital rights management component configured to perform one or more cryptographic operations and also authenticate the runtime component. The client system may receive encrypted content from a remote computer system and receive a given authentication component from a remote computer system; that authentication component may be configured to authenticate the runtime component. The client system may, based on authentication of the runtime component by both the digital rights management component and the given authentication component, decrypt at least a portion of the encrypted content.

Abstract: A password protocol uses a multiple word password and provides prompts to a user allowing the user to select the next word in the password from a set of words. The selection of a word causes a client to perform a cryptographic operation and generate a new selection of words. After the password is completely entered, a key is generated from the words selected.

Abstract: In some embodiments, the invention involves a system and method relating to secure booting of a platform. In at least one embodiment, the present invention is intended to securely boot a platform using one or more signature keys stored in a secure location on the platform, where access to the signature is by a microcontroller on the platform and the host processor has no direct access to alter the signature key. Other embodiments are described and claimed.

Abstract: A system and method for providing a normalized security list including a first module configured to generate a first normalized security list of user identifications within a network and a second module configured to generate a second normalized security list of user identifications within the network. The system and method may also include an equalizer module configured to compare the first normalized security list with the second normalized security list, equalize the first normalized security list based on the second normalized security list, and equalize the second normalized security list based on the first security list. The system and method may also include a processing module configured to perform an audit of user identifications within the network by processing the first equalized normalized security list and the second equalized normalized security list and generating audit results based on the processing.

Abstract: Novel, Internet-related architectures, methods and devices are proposed that are based on a fundamentally different philosophy: hosts (e.g., source and destination nodes) are given the ability to specify their access control policies to the network they are a part of, and the network enforces these policies. The architecture proposed is mobility friendly to the ever increasing number of mobile hosts and is scalable as well.

Abstract: A method and apparatus for network security elements using endpoint resources. An embodiment of a method includes receiving a request for access to a network at an endpoint server. The method further includes detecting that the request for access to the network includes a request that is unauthorized. The request for access to the network is directed to a network security element.

Abstract: A communication system includes a multifunctional apparatus, an authentication information input device, an I/F converter, and a control server. The control server includes an authentication information input device driver for controlling the operation of the authentication information input device via the I/F converter over a network and a multifunctional apparatus control section for controlling operation of the multifunctional apparatus. The authentication information input device driver causes the authentication information input device to acquire authentication information from a user, and receives, via the network, the authentication information acquired by the authentication information input device. Moreover, in cases where an authenticating section of the control server performs an authentication process with use of the authentication information and authentication is completed successfully, the multifunctional apparatus control section permits the use of the multifunctional apparatus.