Abstract: Provided are techniques for controlling access to computing resources comprising generating a first fingerprint corresponding to a first executable file; storing the fingerprint in a non-transitory computer-readable storage medium; receiving a request to execute a second executable file on a computing system; generating a second fingerprint corresponding to the second executable file; determining whether or not the first fingerprint matches the second fingerprint; and, in response to determining that the first and second fingerprints match, executing the executable file on the computing system; and, in response to determining that the first and second fingerprints do not match, preventing the executable file from executing on the computing system.

Abstract: Methods, computer program products, computer systems, and the like, which protect messages in an electronic messaging system, are disclosed. The methods, computer program products, computer systems, and the like include detecting an occurrence of an event, and, in response to the detecting the occurrence of the event, scanning a message. The occurrence of the event indicates that the message should be scanned. The message includes recipient information, which identifies a recipient of the message, and is stored in a message store. The message has been received at a message destination associated with the recipient. The scanning uses a malware definition. The scanning is performed prior to the message being retrieved from the message store in response to a request by the recipient to retrieve the message from the message store. The event is other than the request by the recipient to retrieve the message from the message store.

Abstract: A method of encrypting data is provided. The method includes generating a key and encrypting data using the key. Generating the key includes determining a number of coefficients for a polynomial having a number of variables and selecting a polynomial level from the number of coefficients. Generating the key also includes selecting a first value based on the polynomial level, generating a vector (c) having coefficients based on the polynomial level, and generating a vector (t) based on the polynomial level. Furthermore, generating the key includes generating a vector (t?) based on a product of the vector (c) and the vector (t) and calculating a second value based on the first value, the vector (t), and the product. In addition, generating the key includes comparing the second value with the polynomial level and returning the coefficients of the vector (c) as the number of coefficients for the polynomial.

Abstract: A method for protecting a ciphering algorithm executing looped operations on bits of a first quantity and on a first variable initialized by a second quantity, wherein, for each bit of the first quantity, a random number is added to the state of this bit to update a second variable maintained between two thresholds.

Abstract: Systems, methods, and other embodiments associated with secure service discovery in a neighbor awareness network are described. According to one embodiment, a device includes service logic configured to generate a discovery communication that is associated with a service provided in a neighbor awareness network (NAN). The NAN includes a plurality of remote devices. Encoding logic configured to generate a secure identifier from a unique identifier of the service by, (i) encoding the unique identifier, and (ii) truncating the encoded unique identifier to form the secure identifier. The secure identifier is inserted in the discovery communication.

Abstract: A computer-implemented method includes security settings data associated with one or more profiles of a protected social entity on one or more social networks is scanned, and the security settings data associated with the one or more profiles of the protected social entity is assessed. A first security risk score for the protected social entity is determined based on the assessment of the security settings data, and the first security risk score is provided to the protected social entity.

Abstract: A method, system and computer-readable medium for establishing secure connections using compressed cryptographic chaining certificates, the method including receiving a first compact representation corresponding to a certificate for validating a first entity at a second entity, retrieving a local list of one or more compact representations corresponding to one or more certificates locally available to the second entity, comparing the first compact representation to the one or more compact representations within the local list, determining if the first compact representation matches at least one of the one or more compact representations, retrieving the certificate corresponding to the at least one of the one or more compact representations if the first compact representation matches the at least one of the one or more compact representations and validating the first entity using the retrieved certificate corresponding to the at least one of the one or more compact representations.

Abstract: A semiconductor device includes a serial communication interface connector, a non-volatile semiconductor memory, a memory controller, and a memory reader/writer. The serial communication interface connector is capable of being connected to a serial communication interface terminal of electronic equipment. The memory controller includes a memory interface connected to the non-volatile semiconductor memory and a copyright protection function and controls the non-volatile semiconductor memory. The memory reader/writer includes a controller interface connected to the memory controller and a serial communication interface connected to the serial communication interface connector.

Abstract: A system that safely executes a native code module on a computing device. During operation, the system receives the native code module, which is comprised of untrusted native program code expressed using native instructions in the instruction set architecture associated with the computing device. The system then loads the native code module into a secure runtime environment, and proceeds to execute a set of instructions from the native code module in the secure runtime environment. The secure runtime environment enforces code integrity, control flow integrity, and data integrity for the native code module. Furthermore, the secure runtime environment moderates which resources can be accessed by the native code module on the computing device and/or how these resources can be accessed. By executing the native code module in the secure runtime environment, the system facilitates achieving native code performance for untrusted program code without a significant risk of unwanted side effects.

Abstract: Described herein are methods and systems for updating digital certificates on a computer and testing to confirm that the update was performed correctly. The testing may involve confirming that a server's common name (CN) and/or a server's subject alternative name (SAN) matches the domain name server (DNS) name utilized to access the server, confirming that, for all the certificates sent in chain, each certificate's expiration date is less than or equal to the expiration date of that certificate's parent certificate, confirming that the certificates' authority key identifier (AKI), subject key identifier (SKI), and/or authority information access (AIA) are in compliance, and comparing available cipher suites to a list of pre-approved cipher suites.

Abstract: A server may store one or more accounts. Each account may be associated with an authentication code and a total number of information devices that are allowed to be registered. The authentication codes may be provided to users for registering information devices. The information device may transmit a connection request, including an entered authentication code, to a server. Upon receiving the connection request, the server may determine whether to register the particular information device. The server may determine whether the information device is allowed to be registered based on registerable information, which is associated with an account that is associated with the received authentication code and which represents a remaining number of information devices that are allowed to be registered using the associated authentication code. If the information device is allowed to be registered, the server may send authentication information to the information device, so it may transmit state information.

Abstract: Example embodiments disclosed herein relate to implementing an authorization cache. An authorization fact is determined based on a grant. The authorization fact is cached. The grant is revoked. The authorization fact is revoked based on a grant index.

Abstract: A method and system for low-memory footprint fingerprinting and indexing for efficiently measuring document similarity and containment are described. A method may include extracting, by a processor, content from a set of one or more data files. The method may also determine a size of the content and apply a hash function to the content to generate multiple hashes. The method selects a constrained set of the hashes to generate a fixed-size fingerprint representative of the content when the size of the content is greater than a threshold size. The method stores the fixed-size fingerprint representative of the content in an endpoint index for at least partial file content matching by an endpoint device. The method may employ a statistical-based optimization to speed-up query time.

Abstract: Blocking transmission of tainted data using dynamic data tainting is described. For example, sensitive information is stored on a client device as tainted data. The client device generates a data request for retrieving data from a non-trusted entity via a network. A gateway is communicatively coupled to the client device and the network. The gateway receives computer code from the non-trusted entity via the network. The gateway executes the computer code. The gateway tracks the execution of the computer code to determine whether the computer code attempts to access tainted data and transmit the tainted data to an outside entity. The gateway blocks the transmission of the tainted data to the outside entity responsive to determining that the computer code has attempted to access tainted data and transmit the tainted data to an outside entity.

Abstract: Methods and computer program products relate to single sign on (SSO) availability including identifying a set of single sign on applications in a system in which a user authentication for a first application is used for other applications in the set of applications monitoring the set of applications to determine availability of single sign on for each application, and providing an indication of the availability of single sign on for each application.

Abstract: A global policy store, in which policies applicable to multiple applications in an enterprise environment can be stored, can be stored in association with that environment. An application-level policy combining algorithm can be associated with a specific application to resolve conflicts between the results of evaluating policies that pertain to that application's resources. A persistent model is defined for an Extensible Access Control Markup Language (XACML) target definition.

Abstract: A method includes receiving a first analytics set performed on a first network security appliance operated internal to a first organization, receiving a second analytics set performed on a second network security appliance operated internal to a second organization, processing the first analytics set and the second analytics set, and responsive to the processing, disseminating to the second network security appliance information indicating that the second analytics set has also been performed on at least the first network security appliance, without revealing an identity of the first organization. In one embodiment at least part of the first analytics set or the second analytics set is hashed.

Abstract: A computer chassis for a telecommunications system, the chassis comprising a first chassis management blade comprising a chassis management application, a plurality of first platform blades, each of the platform blades running a function, the first platform blade functions including at least two of DNS, PCRF, AAA, SAN, DRA, DEG, HSS, NSE, OAP, SDHLR/SMD, SPS functions a plurality of process cards, each process card having a plurality of processors, and wherein the first chassis management application assigns processing requests received from the platform blade functions to one or more of the processors.

Abstract: A method in a wireless sensing device for authenticating a gateway device of a sensor network is described. The method includes receiving a certificate where the certificate was generated by the management server upon a determination that the gateway device and the wireless sensing device are associated and is a digital document including data and a digital signature, where the digital signature was generated by the management server based on the data and a private key of the management server, and where the data includes a first identifier and a second identifier; confirming that the wireless sensing device is authorized to upload data to the gateway device; in response to the confirming that the wireless sensing device is authorized to upload data to the gateway device, uploading to the gateway device data indicative of a plurality of sensor measurements taken over time to be transmitted to the management server.

Abstract: Example embodiments of the present invention relate to a method and apparatus for distributively storing a data object from a client node to a logical storage group in a network. The method includes selecting a plurality of storage nodes in the network. Portions of storage available at each selected storage node are then allocated as storage units. Further, the data object may be divided by the client node into a plurality of chunks. Each respective chunk is then encoded by the client node as a plurality of fragments. Storage units allocated at each selected storage node are then assigned to the logical storage group to store respective fragments of the data object.