Abstract: In one embodiment, attack observations by a first node are provided to a user interface device regarding an attack detected by the node. Input from the user interface device is received that confirms that a particular attack observation by the first node indicates that the attack was detected correctly by the first node. Attack observations by one or more other nodes are provided to the user interface device. Input is received from the user interface device that confirms whether the attack observations by the first node and the attack observations by the one or more other nodes are both related to the attack. The one or more other nodes are identified as potential voters for the first node in a voting-based attack detection mechanism based on the attack observations from the first node and the one or more other nodes being related.

Abstract: A determination is made regarding whether a firewall will block a network packet. The network packet indicates a set of one or more characteristics. A test packet is generated that indicates the set of characteristics. The test packet is sent to the firewall without using a network. A test result is received from the firewall. The test result is stored.

Abstract: A browser application has at least two web browser objects for browsing Private PAIR while hiding multi-page navigation from a user. The browser application is configured to automatically download XML data from Private PAIR, and generate one or more reports therefrom, including a Daily Updates report, a Cross Checker report, and a Docket Listing report. The browser application is preferably configured to selectively provide limited access to Private PAIR by restricting user navigation to programmatic navigation.

Abstract: An authentication device may provide an authentication code to a third party device. The third party device may provide a third party service to which a client device has requested access. The authentication device may receive the authentication code from a mobile device that is different from the client device. The authentication device may determine a third party device identifier included in the authentication code. The third party device identifier may identify the third party device that provides the third party service. The authentication device may determine a transaction identifier included in the authentication code. The authentication device may selectively provide the transaction identifier to the third party device, identified by the third party device identifier, to cause the third party device to selectively permit the client device to access the third party service.

Abstract: Methods and systems are provided for network security. In one embodiment, the method involves receiving a data packet (e.g., from a firewall). The method also involves running an inspection of the received data packet within a virtual network, the virtual network duplicating at least a portion (e.g., servers(s) and/or application(s)) of a protected network. The method further involves sending the inspected data packet, or portion and/or modified version thereof, to the protected network, in response to the data packet passing the inspection within the virtual network. The method also involves blocking passage of the data packet to the protected network, in response to the data packet failing the inspection.

Abstract: According to an example, a method for data trend analysis may include retrieving data from data sources, associating the data with a time, and identifying co-occurrences of terms and concepts within the data. In response to determining that co-occurrences of term and concept pairs reach a predefined threshold, the method may include adding the term and concept pairs to an ontology. The method may include logging occurrences of terms in the ontology within the data with respect to associated data times, identifying a plurality of time periods, and for one of the plurality of time periods and for the logged terms, determining a first score indicative of a weighted term frequency metric for a logged term within the data during the one time period, and determining a second score indicative of a commonality of a presence of the logged term within the data among the plurality of time periods.

Abstract: A computer-readable medium embodies a computer program for registering a mobile device. The computer program comprises computer-readable program code for: generating a first message including a first code in response to receiving a request to register the mobile device for use with a future session with an entity, sending the first message including the first code, receiving a second message including the first code and at least a portion encrypted using a private key associated with the mobile device, and registering the mobile device for use with the future session based on at least the portion of the second message being encrypted using the private key associated with the mobile device.

Abstract: A computer-implemented system and method for providing secure data processing in a cloud using discrete homomorphic encryption is provided. Plaintext data items are homomorphically encrypted into queries, which are transmitted to a discrete homomorphic encryption server. From the server are received identifiers associated with the queries. The identifiers are transmitted to a computing server in a cloud-computing environment, where at least one of the identifiers is processed. The plaintext data items are encrypted into ciphertext data items and transmitted to a storage server in the environment requested to store the items in a storage. References for storage locations of the ciphertext data items are received and associated with identifiers for the queries encrypted from the same plaintext data item as the ciphertext data items at the locations. The ciphertext data item whose location is identified by the reference associated with the identifier in the processing result is retrieved and decrypted.

Abstract: A security device may receive, from a server device, a response to a request. The request may be provided by an attacker device and may include a plurality of input values. The security device may determine the plurality of input values, included in the request, based on receiving the response. The security device may modify the response to form a modified response. The response may be modified to include information associated with the plurality of input values. The response may be modified in an attempt to prevent the attacker device from identifying a vulnerability, associated with the server device, based on the plurality of input values being included in the response. The security device may provide the modified response to the attacker device.

Abstract: An automated secure record management system and method that receives a plurality of digitally signed records subsequent to a resetting of a running counter. In response to each received digitally signed record, the automated secure record management system and method increments the running counter. Further, upon receiving an accumulation record, automated secure record management system and method compares a value of the running counter and a signature record number of the accumulation record, such that a notification is generated whenever the comparison detects that the value of the running counter is not equal to the signature record number.

Abstract: A device executes debugging instructions received from a debugging computer. The device receives a debugging establishment request from the debugging computer. The device transmits a unique identifier associated with the device and a secured expiration value to the debugging computer. The device receives a transport layer security (TLS) certificate from the debugging computer and establishes a secured and authenticated link with the debugging computer using the TLS certificate. The device enables a debugging mode, responsive to determining that an identifier in the TLS certificate matches the unique identifier and that a secured expiration value in the TLS certificate is valid and within a predefined validity range, and executes, in the debugging mode, debugging instructions received from the debugging computer.

Abstract: A method of pairing a first device with a second device is disclosed. Accordingly, an image that includes encoded data is generated. The encoded data includes a unique identifier for identifying the first device and an arbitrary security code. The first device displays the image on a display. The second device captures the image using an image sensing device. The encoded data is decoded to generate a decoded data. The second device sends the decoded data to a server that is communicatively connected to the first device and the second device. Upon receiving the decoded data and using the unique identifier, the server communicates with the first device to verify the arbitrary security code.

Abstract: An example method includes receiving a request for a cloud capability set during an Internet Key Exchange negotiation associated with a virtual private network (VPN) tunnel between a subscriber and a cloud, wherein the cloud capability set comprises one or more cloud capabilities, mapping the request to one or more cryptographic modules that can support the cloud capability set, and offloading the VPN tunnel to the one or more cryptographic modules. The request can be an Internet Security Association and Key Management Protocol (ISAKMP) packet listing the one or more cloud capabilities in a private payload. The method may further include splitting the VPN tunnel between the cryptographic modules if no single cryptographic module can support substantially all the cloud capabilities in the cloud capability set. In some embodiments, the request is compared with a service catalog comprising authorized cloud capabilities.

Abstract: In one embodiment, a method includes maintaining a domain information cache. The method further includes receiving credentials from a client system. The credentials correspond to a user of the client system. The method also includes storing the credentials in a security cookie. In addition, the method includes, based, at least in part, on the domain information cache, resolving the credentials to an authentication server associated with a domain of the user. Also, the method includes authenticating, using the credentials, an identity of the user with the authentication server. Additionally, the method includes, responsive to successful authentication, building a list of groups and users to which the user belongs. Moreover, the method includes compiling a list of authorized resources to which the user has access. In addition, the method includes providing the list of authorized resources to the client system.

Abstract: The present invention uses Server-based Certificate Validation Protocol (SCVP) to validate the public key digital signature certificate of an email signer (or the public key encryption certificate of an email recipient) by using a modified SCVP server such that a trustworthiness indicator based on certificate policies is included in an SCVP server response that maps the certificate policies asserted in the public key certificate of the email signer (or email recipient(s)) to graphically represent the degree of trust that can be attributed to the identities bound to public key certificates containing one or more certificate policies. The graphical representation of a trust level may appear directly in an email client and is based on the level of trust attributable to the binding between the public key distributed via a public key certificate (for signing or encryption) and the identity/attributes of the “subject” or “entity” contained in that certificate.

Abstract: A method, device, and system for browser-based application security verification is disclosed. A client device requests a browser-based application from a web server. An application security module of the client device intervenes and transmits an application verification request to a cloud service system. The cloud service system retrieves data regarding the security of the application and source from cloud resources and a local database of the cloud server. The cloud service system then uses the data to authenticate the source and verify the security of the browser-based application. The cloud service system provides the client device with a recommendation regarding the security of the browser-based application and updates its local database. The client device may then consider the recommendation in determining whether to download or execute the browser-based application and provide feedback to the cloud service system.

Abstract: A method and apparatus for classifying and combining computer attack information identifying as malicious events, events in a network that cause organizationally or functionally distant entities to become closer to each other, the method comprising identifying as malicious events, events in a network that cause organizationally or functionally distant entities to become closer to each other.

Abstract: The concept of a secure call indicator is introduced. In general, the secure call indicator is capable of inspecting the security of signaling associated with Session Initiation Protocol (SIP) messages and comparing the security with media descriptions of the actual media path of the SIP messages. Furthermore, the secure call indicator may be configured to indicate the security associated with a communication session via a physical or virtual notification system.

Abstract: Watermarking method and apparatus for tracking hacking and method and apparatus for blocking hacking of content are provided. The watermarking method includes: obtaining device information from a reception device, with which content is shared, through a determined network channel; generating watermark data based on the obtained device information; and generating watermarked multimedia content by inserting the generated watermark data into content. The method of blocking hacking of content includes: if hacked content is found, detecting watermark data from the hacked content; detecting transmission and reception device information from the detected watermark data; and extracting a progress route of the content based on the detected transmission and reception device information and performing revocation on a hacked device.

Abstract: The system and method monitor a secure Web Real Time Communication (WebRTC) session between browsers. To do so, a WebRTC application receives a first WebRTC offer with a fingerprint of a first browser to establish a secure communication session. The WebRTC application sends session information and the fingerprint of the first browser to a media relay. The WebRTC application receives a fingerprint of a media relay. A second WebRTC offer with a fingerprint of the media relay is sent to a second browser. An answer to the second WebRTC offer is received. Session information and the fingerprint of the second browser are sent to the media relay so the media relay can decrypt the secure communication session. The first WebRTC offer is answered. A secure communication session is established via the media relay using the fingerprints. The media relay, based on the fingerprints, can monitor the secure communication session.