Abstract: The invention provides a secure Wi-Fi communications method and system. In an embodiment of the invention, unique physical keys, or tokens, are installed at an access point and each client device of the network. Each key comprises a unique serial number and a common network send cryptographic key and a common network receive cryptographic key used only during the authentication phase by all components on the LAN. Each client key further includes a secret cryptographic key unique to each client device. During authentication, two random numbers are generated per communications session and are known by both sides of the wireless channel. Only the random numbers are sent across the wireless channel and in each case these numbers are encrypted. A transposed cryptographic key is derived from the unique secret cryptographic key using the random numbers generated during authentication. Thus, both sides of the wireless channel know the transposed cryptographic key without it ever being transmitted between the two.

Abstract: A system and method for sharing network resources; the system comprising at least one network switch, at least one computing device comprising at least one network connection and at least one storage device containing software capable of initializing and maintaining: (i) a management local area network (MLAN) comprising a virtual or physical firewall; and (ii) a plurality of client virtual local area networks (VLANs), wherein each client VLAN comprises a virtual firewall and a plurality of network resources.

Abstract: Techniques are disclosed for methods, architectures and security mechanisms for a third-party application to access content in a cloud-based platform. In one embodiment, a method includes, receiving, at the third-party application, metadata that identifies the file. The method further includes transmitting the metadata to a server which is associated with the third-party application. The metadata enables the server to request the file from the cloud-based environment.

Abstract: A system and method for identifying a threatening network is provided. The system comprises a network movement before/after algorithm that provides a graphical plot of changes in networks' communications activity from before to after a key event occurs, so that an analyst is able to identify anomalous behavior; a network progression algorithm that provides a graphical plot to analyze behavior in small increments of time without specification or emphasis upon a particular event, so that the analyst is able to see a trend in behavioral changes; a statistical network anomaly ranking algorithm that provides as output a ranked list of the networks; and an anomaly trend graphs algorithm that analyzes and visualizes the networks' anomaly scores over time, so that the analyst is able to see which networks are consistently suspicious, which networks accumulate more suspiciousness in response to an event, and which networks are trending toward more suspiciousness.

Abstract: Method for processing data, in which a Petri net is encoded, written into a memory and read and executed by at least one instance, wherein transitions of the Petri net read from at least one tape and/or write on at least one tape symbols or symbol strings, with the aid of at least one head. In an alternative, data-processing, co-operating nets are composed, the composition result is encoded, written into a memory and read and executed from the memory by at least one instance. In doing this, components can have cryptological functions. The data-processing nets can receive and process second data from a cryptological function which is executed in a protected manner. The invention enables processing of data which prevents semantic analysis of laid-open, possibly few processing steps and which can produce a linkage of the processing steps with a hardware which is difficult to isolate.

Abstract: A method, system, and computer program product for detecting and enforcing compliance with access requirements for a computer system in a restricted computer network. A compliance validation configuration file is created for the computer system. A maintenance service utility is configured to launch a compliance validation executable file at a specified time during operation of the computer system. A digital hash is generated for the compliance validation executable file and for the compliance validation configuration file. A determination is made if the computer system or a computer system user is a member of a configured restricted group. If the computer system or the computer system user is a member of a configured restricted group, a determination is made if a directory site code for a subnet of the restricted computer network to which the computer system is connected corresponds to a configured and allowed site.

Abstract: One or more techniques are provided for causing a location of a screen image associated with a resource to be adjusted on a display device. The adjustment may be based at least in part on determining that a control element receives focus. The resource may be associated with an application, such as an email application that may be hosted remotely from a client device. Access to one or more resources may be controlled or mediated. Access rights may be based at least in part on a determination of a geographic location of a client device. When the client device is located in a safe area, the client device may be provided access to the resource. When the client device is not located in a safe area, the client device might not be provided access to the resource or might not be provided full access to the resource.

Abstract: A data processing device for playing back a digital work reduces the processing load involved in verification by using only a predetermined number of encrypted units selected randomly from multiple encrypted units constituting encrypted contents recorded on a DVD. In addition, the data processing device improves the accuracy of detecting unauthorized contents by randomly selecting a predetermined number of encrypted units every time the verification is performed.

Abstract: A method for controlling fraud using a personal hybrid card and a verification process is disclosed. The method includes registering personal information of an individual in a database forming a registered account for the individual, and assigning a personal hybrid card to the individual with the registered account. The personal hybrid card includes a data storage and a copy of the personal information, including first biometric data stored in the data storage. The method continues by verifying, at an access point, that the individual with the personal hybrid card matches the first biometric data of the individual, that is stored on the personal hybrid card. Next, the individual's personal information is transmitted from the access point to the database for requesting verification of the individual to use the personal hybrid card, and receiving eligibility verification or denial of the individual for accessing services, benefits, programs, and combinations thereof.

Abstract: The invention relates to the field of anti-virus protection. The technical result of the invention lies in providing possibility for unblocking the computer with no data loss and computer resetting, for increasing the antivirus systems operation efficiency and consequently improving the computer systems security. A method for neutralizing malicious software blocking computer operation, the method being performed by means of a separate antivirus activation device developed for the antimalware procedure activation to be run by a PC user, the device comprising connectors for connection to a control bus, a controller and an activation unit. Computer unblocking and malware neutralizing procedure is activated after receiving an activation signal from the antivirus activation device.

Abstract: A computer-implemented method of pre-permissioning a computer application is disclosed. The method includes receiving a request from a user to install a software application, identifying one or more computing services required for operation of the software application, presenting the one or more computing services to the user for review, determining whether the user approves installation of the computer application, and installing the application on a computing device assigned to the user if the user approves installation of the computer application.

Abstract: Embodiments of the present disclosure provide systems and methods for implementing a secure processing system having a first processor that is certified as a secure processor. The first processor only executes certified and/or secure code. An isolated second processor executes non-secure (e.g., non-certified) code within a sandbox. The boundaries of the sandbox are enforced (e.g., using a hardware boundary and/or encryption techniques) such that code executing within the sandbox cannot access secure elements of the secure processing system located outside the sandbox. The first processor manages the memory space and the applications that are permitted to run on the second processor.

Abstract: In one embodiment, a method includes initializing a portion of a computing system in a pre-boot environment using a basic input/output system (BIOS) stored in a non-volatile storage of the computing system, launching a boot manager to enable a launch of an operating system (OS) payload, and if the OS payload is not successfully launched, executing an OS payload portion and an antivirus stack stored in the non-volatile storage to restore an integrity of the mass storage. Other embodiments are described and claimed.

Abstract: Among other disclosed subject matter, a computer-implemented method includes executing a plurality of virtual machines on a physical machine, wherein a first virtual machine of the plurality of virtual machines executes an encryption process. Execution of a hostile process that is configured to compromise the encryption process is detected, wherein the hostile process executes in a second virtual machine of the plurality of virtual machines. Migrating at least the second virtual machine to a different second physical machine based on the detection of the execution of the hostile process.

Abstract: Systems and methods disclosed herein provide a security component on a server that may be in communication with a database containing mobile device security information. The server security component may receive event information regarding a mobile device from a local security component on the mobile device. The event information may be processed by the server to assess the security state of the mobile device by comparing the event information to the mobile device security information. Based on the processing, an assessment of the security state of the mobile device may be output by the server for display.

Abstract: A computer-implemented method for combining static and dynamic code analysis may include 1) identifying executable code that is to be analyzed to determine whether the executable code is capable of leaking sensitive data, 2) performing a static analysis of the executable code to identify one or more objects which the executable code may use to transfer sensitive data, the static analysis being performed by analyzing the executable code without executing the executable code, 3) using a result of the static analysis to tune a dynamic analysis to track the one or more objects identified during the static analysis, and 4) performing the dynamic analysis by, while the executable code is being executed, tracking the one or more objects identified during the static analysis to determine whether the executable code leaks sensitive data via the one or more objects. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method for preventing malware attacks on mobile devices is presented. A server receives data from a mobile communications device and applies, by a known good component, logic on the data to determine if the data is safe. When the data is determined as being safe, the data is allowed to be processed by the mobile communications device. When the data is determined as not safe, a known bad component applies logic on the data to determine if the data is malicious. The data is rejected from being processed by the mobile communications device when the data is determined as being malicious. When the data is not malicious, a decision component performs an analysis on the data. If decision component determines the data to be safe, the data is allowed to be processed by the mobile communications device. Otherwise, the data is rejected from being processed.

Abstract: Described herein are techniques and mechanisms for access policy creation and enforcement. According to various embodiments, a message may be received via a communications interface. The message may include a request to perform an action within a proposal system. The proposal system may be operable to create a request for proposals based on user input. The request for proposals may describe a business need associated with a business entity. The proposal system may be further operable to process a plurality of proposal documents received in response to the request for proposals. The request may be associated with a user account. A determination may be made as to whether the requested action complies with an access policy. The requested action may be performed when it is determined that the requested action complies with the access policy.

Abstract: A method and system computes a basepoint for use in a signing operation of a direct anonymous attestation scheme. The method and system includes computing a basepoint at a host computing device and verifying the base point at a trusted platform module (TPM) device.

Abstract: Embodiments of the invention relate to efficiently storing encrypted data in persistent storage or passing to another data processing component. A downstream decrypter is utilized to act within the data path between a data generator and a storage server. The decrypter fetches an encryption key and any other necessary auxiliary information necessary to decrypt received data. Following decryption of the data, the decrypter has the ability to operate directly on plaintext and perform storage efficiency functions on the decrypted data. The decrypter re-encrypts the data prior to the data leaving the decrypter for persistent storage to maintain the security of the encrypted data.