Abstract: Various techniques for detection of malware using an instrumented virtual machine environment are disclosed. In some embodiments, detection of malware using an instrumented virtual machine environment includes instantiating a first virtual machine in the instrumented virtual machine environment, in which the first virtual machine is configured to support installation of two or more versions of a resource; installing a first version of the resource on the first virtual machine and monitoring the instrumented virtual machine environment while executing the first version of the resource with a malware sample opened using the first version of the resource; and installing a second version of the resource on the first virtual machine and monitoring the instrumented virtual machine environment while executing the second version of the resource with the malware sample opened using the second version of the resource.

Abstract: Selective data encryption of a file, in particular an H.264/MPEG-4 AVC data stream. If a first unit in the data stream is to be encrypted, it is encrypted and the encryption is put into a further unit, preferably in the data stream. A substitution unit is generated and put in the place of the first unit; if necessary, at least one header value is taken from the first unit for use in the substitution unit. A decryptor receives the encrypted data stream, extracts and decrypts the further unit and replaces the substitution unit with a regenerated first unit.

Abstract: A method and apparatus of monitoring computer devices operating on a network is disclosed. Computer devices are all different and require monitoring settings that are tailored to their specific requirements. One example of the present invention may include a method of monitoring at least one computer device operating on a network. The method may include receiving audit information representing attributes of the computer device and storing the audit information in memory. The method may also include comparing the audit information to a predefined monitor set of objects to be monitored. The method may further include creating a new monitor set based on the comparison of the audit information and the predefined monitor set. The new monitor set is different from the predefined monitor set and is generally used to monitor objects which are included in the audited device. The method may also include monitoring the at least one computer device based on the new monitor set.

Abstract: A method and apparatus of monitoring computer devices operating on a network is disclosed. One example method may include discovering and monitoring a plurality of network devices operating on a network. The method may include scanning the network to discover various network devices and determining a device type of each of the network devices. The method may also include determining attributes corresponding to each of the network devices, monitoring the attributes corresponding to each of the network devices and compiling a list of attribute information based on the monitoring operation and storing the list of attribute information in a memory. The device discovery and monitoring may be performed autonomously without user intervention allowing computer devices to be discovered and monitored as they are added to the network.

Abstract: An authentication method and system oriented to a heterogeneous network are disclosed. After receiving a service request sent by a virtual terminal, a unified authentication platform generates a service token according to the service request, and sends the service token to the virtual terminal and a target network; the virtual terminal submits the service token to the target network, and requests the target network to provide service data; and the target network compares the service token submitted by the virtual terminal with the service token sent to the target network by the unified authentication platform, and provides the service data to the virtual terminal when the service token submitted by the virtual terminal is consistent with the service token sent to the target network by the unified authentication platform.

Abstract: A method of updating firmware of a near field communication (NFC) device includes copying metadata, which is included in a firmware image file, from an application processor to the NFC device. One of a certification success signal and a certification fail signal is provided from the NFC device to the application processor after the NFC device verifies an integrity of the metadata. Firmware data, which is included in the firmware image file, is copied from the application processor to the NFC device when the application processor receives the certification success signal from the NFC device.

Abstract: A system for controlling access includes a computing device, configured to: determine a first identifier associated with a first access point being used by the computing device to access a network; determine first access control data associated with the first identifier and a first application executing on the computing device; and control access to data over the network by the first application based on the first access control data.

Abstract: A device receives, from a user equipment (UE), a first request to access a first packet data network (PDN), and receives authentication information from the UE. The device also grants, based on the first request, the UE access to the first PDN when the authentication information authenticates the UE. The device further receives, from the UE, a second request to access a second PDN, and determines whether a re-authentication timer associated with the second PDN has expired before granting the UE access to the second PDN.

Abstract: In an approach for providing auditable retrieval of privileged credentials in a privilege identity management (PIM) system, a processor invokes a checkout of a PIM credential, based on, at least, a determination that a PIM server cannot be accessed. A processor receives a request to access the PIM credential by a user. A processor receives validation of the request to access the PIM credential and an identity of the user. A processor retrieves the PIM credential from a database, wherein the database stores a plurality of PIM credentials owned by a system owner.

Abstract: Client and server computers on a network can be authenticated using a shared secret. During a log-on and authentication process, the server transmits an image to the client. A mobile communication device captures and analyzes the image. If the image contains the shared secret, the mobile device can authenticate the server. The secret in the image can be a geometric relationship between elements of the picture, a mathematical relationship between elements, a particular number or types of elements in the picture, colors of elements, or combinations of the above. A single image may contain multiple shared secrets. The mobile device can readily analyze the image to determine if it contains the shared secret and thereby authenticate the server.

Abstract: Non-harmful data mimicking computer network attacks may be inserted in a computer network. Anomalous real network connections may be generated between a plurality of computing systems in the network. Data mimicking an attack may also be generated. The generated data may be transmitted between the plurality of computing systems using the real network connections and measured to determine whether an attack is detected.

Abstract: A method for entering password and a portable electronic device using the same, a method for unlocking the portable electronic device and a data authenticating method are provided, wherein the portable electronic device includes a touch screen. The method includes displaying an interface for entering a somatosensory password, measuring and recording at least one angle variation of the portable electronic device on at least one dimension, and generating a somatosensory signal data set according to the at least one angle variation of the portable electronic device on the at least one dimension. The method further includes generating a user password data according to the somatosensory signal data set, encrypting the user password data according to an encryption algorithm to generate an encrypted user password data, and transmitting the encrypted user password data to an authentication unit.

Abstract: A system differentiates good content from bad content in a user-provided content system. Messages are analyzed for features that characterize messages. A feature may occur in one or more messages. A feature that has more than a threshold number of occurrences in messages in a time interval is identified for further analysis. Enhanced authentication is requested from senders of the messages with occurrences of the identified feature. Based on the rate at which senders of the messages pass authentication, the content associated with the message is determined to be good content or bad content. Subsequent messages are blocked or successfully delivered based on whether features occurring in the messages are indicative of good content or bad content.

Abstract: A system, method, and nodes for managing shared security keys between a User Equipment, UE, an authentication node such as an SCF/NAF, and a service node such as a BM-SC or AS. The SCF/NAF allocates to each BM-SC, a different SCF/NAF identifier such as a fully qualified domain name, FQDN, from the FQDN space the SCF/NAF administers. The SCF/NAF then locally associates these allocated FQDNs with the connected BM-SCs and with different services. The network sends the correct FQDN to the UE in a service description for a desired service, and the UE is able to derive a security key using the FQDN. When the UE requests the desired service, the SCF/NAF is able to associate the service identifier with the correct FQDN and an associated BM-SC. The SCF/NAF uses the FQDN to obtain the security key from a bootstrapping server and sends it to the associated BM-SC. As a result, the UE and the associated BM-SC share a specific security key.

Abstract: Systems and methods for authenticating a user include a wearable user device receiving a first request to access a secure system. A plurality of authentication elements are then displayed on a display device to a user eye in a first authentication orientation about a perimeter of an authentication element input area. A user hand located opposite the display device from the user eye is then detected selecting a sequence of the plurality of authentication elements. For each selected authentication element in the sequence, the wearable user device moves the selected authentication element based on a detected movement of the user hand and records the selected authentication element as a portion of an authentication input in response to the user hand moving the selected authentication element to the authentication element input area. The user is authenticated for the secure system if the authentication input matches stored user authentication information.

Abstract: Provided are techniques for verifying, by a first device, that a management key block of a second device is valid. A management key block that includes a plurality of verification data, each of the plurality associated with a plurality of security classes ranked from a high to low, is generated. The first device, which is associated with a security class that is higher than a security class associated with the second device, verifies a management key block of the second device by calculating a management key precursor associated with the higher security class and verifying verification data associated with the higher security class. In this manner, the second device is unable to pass an unauthorized, or “spoofed,” management key block.

Abstract: Provided are techniques for verifying, by a first device, that a management key block of a second device is valid. A management key block that includes a plurality of verification data, each of the plurality associated with a plurality of security classes ranked from a high to low, is generated. The first device, which is associated with a security class that is higher than a security class associated with the second device, verifies a management key block of the second device by calculating a management key precursor associated with the higher security class and verifying verification data associated with the higher security class. In this manner, the second device is unable to pass an unauthorized, or “spoofed,” management key block.

Abstract: Methods and apparatus are provided for signing data transactions using one-time authentication passcodes. User authentication passcodes are generated by generating a time-based user authentication passcode based on a forward-secure pseudorandom number, wherein the generated time-based user authentication passcode is used for authentication of the user; and generating an event-based user authentication passcode based on a forward-secure pseudorandom number, wherein the generated event-based user authentication passcode is used to sign one or more data transactions. The generation of an event-based user authentication passcode can be performed on-demand. The generation of the event-based user authentication passcode can optionally be performed substantially simultaneously with the generation of the time-based user authentication passcode.

Abstract: Methods and systems for evaluating and rating privacy risks posed by applications intended for deployment on mobile platforms. Validating the “intent” of a mobile platform application vis-à-vis its impact on user privacy, as viewed from an end-user's perspective allows those end-users to make better-informed decisions concerning the downloading, installation and/or operation of mobile platform applications. In making such assessments user preferences can be taken into account. Privacy scores are provided through sales channels for the applications, thereby affording potential users the opportunity to assess whether they wish to incur the associated privacy risk, before purchasing a subject application.

Abstract: Methods and systems for accessing databases using a common web interface are provided. A method for transmitting data retrieved from an endpoint device to a client device using a common web interface includes providing the common web interface to the client device. The common web interface allows access to a plurality of endpoint devices, each endpoint device comprising a unique endpoint address. The method further includes receiving, by a computer, identification data from the client device, retrieving an endpoint address for one of the plurality of endpoint devices based on the identification data, connecting to the endpoint device corresponding to the endpoint address, retrieving data from the endpoint device, and transmitting the retrieved data to the client device.