Abstract: This invention teaches a system and methods of detecting software vulnerabilities in a computer program by analyzing the compiled code and optionally the source code of the computer program. The invention models compiled software to examine both control flow and dataflow properties of the target program. A comprehensive instruction model is used for each instruction of the compiled code, and is complemented by a control flow graph that includes all potential control flow paths of the instruction. A data flow model is used to record the flow of unsafe data during the execution of the program. The system analyzes the data flow model and creates a security finding corresponding to each instruction that calls an unsafe function on unsafe data. These security findings are aggregated in a security report along with the corresponding debug information, any ancillary information, remediation recommendations and the optional source code information for each instruction that triggered the security finding.

Abstract: A shell device with minimal software and/or hardware resources can download from a server configuration information and/or user data in order to allow the shell device to communicate with other computing devices (whether cell phones, personal digital assistants, laptops, and the like). Various security features can also be used herein, including a shell device password and a server network access password. In another aspect, any time code and/or data is downloaded from the server to the shell device, such code and/or data resides on the shell device during the time of a communication between the server and the shell device; thereafter, it can be deleted, thereby returning the shell device to its minimalistic resource state. When the shell device contacts the server again and attempts to establish another communication, such code and/or data can be downloaded anew, and after the communication it can be deleted again.

Abstract: Systems and methods for optimizing an antivirus determination for executable files. Optimization by excluding from an antivirus check executable files such as dynamic libraries and/or resource files that do not contain executable code speeds up the overall antivirus determination. An optimization system generally includes an antivirus system. The antivirus system generally includes a check tool and an executable file detection system. The executable file detection system generally includes a breakdown tool, an analysis tool, and a database. The antivirus system can be operably coupled to an antivirus server via the Internet.

Abstract: Methods for assessing the current security state of a mobile communications device to determine access to specific tasks is presented. A security component on a server is configured to receive a request to access services from a mobile communications device for a specific task. The security component on the server is further configured to determine whether a security state for the mobile communications device is acceptable for access to the services. Based on the security state for the mobile device being determined to be acceptable for access to the services, access to the services is granted and a determination is whether the security state is acceptable for access to the specific task requested. Based on the security state being determined to be acceptable for access to the specific task requested, access to the specific task requested is granted by the server security component.

Abstract: The invention discloses a method for encrypting a 3D model file and system thereof. The system of the invention comprises a data reading module used to read data of the 3D model file; a mesh shifting module for selecting at least one triangle mesh and shifting the coordinates of the vertexes of the selected triangle mesh by a vector; a gap filling module for filling a gap generated from shifting the vertexes of the selected triangle mesh by the vector to generate a revised 3D model file; and a model generating module for storing the revised 3D model file to generate an encrypted 3D model file. Compared to the prior art, the invention provides the users for previewing the 3D model file, and the invention only provides the authorized users for correctly printing the original 3D model. Therefore, the invention can achieve the purpose for encrypting the 3D model file.

Abstract: An information processing apparatus includes a memory and a processor that is connected to the memory. The processor executes a process including: determining, when startup of an application is instructed, whether the application needs user authentication; executing, when it is determined that the user authentication is needed, the user authentication by starting up an authentication application that is different from the application; and executing, when the result of the user authentication indicates that the user authentication is successful, the application that is instructed to start up.

Abstract: Provided is a server connectable to a client for input of a string and that has an automaton defining a subsequent state for transition for each state and each character. This server has a key chain generating unit for generating a key chain for each combination of index, character and state expressing the position of each character in a string, the key chain having encrypted keys for the next index corresponding to the subsequent state of transition from the current state in accordance with the character on the basis of the key corresponding to the current state, and a providing unit for communicating with a client and providing to the client a key chain corresponding to each inputted key among a set of key chains for each index in a state concealing the inputted characters from the client.

Abstract: A security module is provided in a data recording medium, data to be written to the data recording medium is encrypted with an content key different from one data to another, and the content key is safely stored in the security module. Also, the security module makes a mutual authentication using the public-key encryption technology with a drive unit to check that the counterpart is an authorized (licensed) unit, and then gives the content key to the counterpart, thereby preventing data from being leaked to any illegal (unlicensed) unit. Thus, it is possible to prevent copyrighted data such as movie, music, etc. from being copied illegally (against the wish of the copyrighter of the data).

Abstract: In an embodiment, a system includes an electronic device having memory circuitry configured to store an application comprising a plurality of instructions. The system also includes processing circuitry configured to execute the application and an application authenticity check routine, wherein the application authenticity check routine includes instructions executable by the processing circuitry to use idle processing time to verify an authenticity of the application throughout execution of the application.

Abstract: A device, method, and system for secure mobile data storage includes a mobile data storage device having a short-range communication circuit, a long-range communication circuit, and a data storage for storing data. The mobile data storage device is used to store data used by a paired mobile communication device. The mobile data storage device and the mobile communication device communicate control signals over a wireless control link established using the short-range communication circuit and data over a wireless data link, different from the wireless control link, established using the long-range communication circuit. The mobile data storage device and/or mobile communication device may monitor a distance between the devices and perform a security function in response the devices being separated from each other. The mobile data storage device may backup data on a remote data server and/or repopulate data from the remote data server using the mobile communication device.

Abstract: A method includes, in a mobile communication terminal, receiving a signal, which carries media content that has been encrypted after being compressed in accordance with a compression protocol having a plurality of predefined configurations. Each configuration specifies a respective compression mode of the compression protocol. The received signal is decrypted, and one or more parameters that define a configuration of the compression protocol that was used for compressing the media content are determined from the decrypted signal. An absence of match is detected when the determined one or more parameters do not match any of the plurality of predetermined configurations of the compression protocol. An error in decrypting the received signal is identified based on detecting the absence of a match.

Abstract: Techniques are described for injecting noise in a timer value provided to an instruction requesting the timer value. A plurality of tasks may execute on a processor, wherein the processor may comprise one or more processing cores and each task may include a plurality of computer executable instructions. In accordance with one technique for injecting noise in the timer value, a request for a first timer value is received by one or more computer executable instructions belonging to a first task from the plurality of tasks, and in response, a second timer value is provided to the first task instead of the first timer value, wherein the second timer value is derived from the first timer value and a random number.

Abstract: Provided is a system and a method for generating and authenticating a digital signature on a physical document. The system and method includes the use of a document having a code embedded therein (e.g., a Radio Frequency Identification Code and/or a Near Field Communication Code), a first user computing device having a first user application software and a code reader, a second user computing device having a second user application software and a code reader, a printer for printing a digital signature on the document, and a main application server for generating, encrypting and authenticating a digital signature, the data integrity of the document and status of the document.

Abstract: In accordance with some embodiments, data may be collected from vehicles, and then reported to various subscribers with different levels of access privileges and pursuant different levels of security. In some embodiments, the data may be authenticated by a cloud service without revealing the identity of vehicle owner. This may provide enhanced privacy. At the same time, some types of the data may be encrypted for security and privacy reasons. Different information may be provided under different circumstances to different subscribers, such as the government, family members, location based services providers, etc.

Abstract: Methods and systems for firmware based system security, integrity, and restoration are disclosed, including (a) determining in a pre-boot environment which mode a security and policy enforcement platform (“platform”) should be loaded into firmware of a computing system; (b) if the determination made in step (a) is that it is the first time for the platform to be loaded, then loading the platform into a setup mode; (c) if the determination made in step (a), above, is that a valid certificate from the platform is on a file system accessible in the firmware of the computing system, then loading the platform into a configuration mode; and (d) if the determination made in step (a), above, is that the platform is set to an active/active-test mode, then loading the platform into the active/active-test mode. Other embodiments are described and claimed.

Abstract: A method is provided for implementing a mandatory access control model in operating systems which natively use a discretionary access control scheme. A method for implementing mandatory access control in a system comprising a plurality of computers, the system comprising a plurality of information assets, stored as files on the plurality of computers, and a network communicatively connecting the plurality of computers, wherein each of the plurality of computers includes an operating system that uses a discretionary access control policy, and wherein each of a subset of the plurality of computers includes a software agent component operable to perform the steps of intercepting a request for a file operation on a file from a user of one of the plurality of computers including the software agent, determining whether the file is protected, if the file is protected, altering ownership of the file from the user to another owner, and providing access to the file based on a mandatory access control policy.

Abstract: A policy controller (30) of a mobile network receives an authorization request (302) for a packet-based service from a node (80). In response to receiving the authorization request (302), the policy controller performs an authorization check (305) to determine an authorization status of the service and sends an authorization response (306) to the node (80). The authorization response (306) indicates the authorization status of the service. In response to the same authorization request (302), the policy controller (30) performs at least one further authorization check to redetermine the authorization status of the service. If the further authorization check indicates that the authorization status of the service has changed, the policy controller (30) sends a status change message (311) to the node. The status change message (311) indicates to the node (80) that the authorization status of the service has changed.

Abstract: Sets of multiple software programs selected from a set of candidate software programs are evaluated to determine if the applications can collude to violate a security policy and exhibit other undesirable properties. Intra- and inter-application data and control flows can be stored and newly introduced applications assessed based on stored data and control flows. An application provider can certify sets of applications as satisfying a security policy based on consideration of inter-application flows.

Abstract: In one embodiment, a trusted cloud service such as an “electronic vault” may store records of a consumer's electronic data file history. These documents may come from disparate providers and include financial statements and the like. The trusted vault cloud may act as an online notary to certify documents are legitimate and may be trusted. For example, a retailer may dispute whether the consumer paid a debt. To resolve the issue the retailer may access the cloud vault to retrieve a bank statement for the consumer, whereby the bank statement is electronically notorized by the vault cloud and is thus credible to the retailer. The retailer may then see proof the consumer had indeed paid a past debt to the retailer. Other embodiments are described herein.

Abstract: Enabling access control caches for co-processors to be charged using a VMX-nonroot instruction. As a result a transition to VMX-root is not needed, saving the cycles involved in such a transition.