Abstract: A method, system and computer-readable medium for providing a user identity-based secure channel between a digital telephone and a service provider is presented. At the service provider, an encrypted voice transmission from a digital telephone is decrypted. The voice transmission was encrypted at the digital telephone by using a user voice encryption key that was created in the digital telephone. The user voice encryption key was created at the digital telephone by inputting a telephone identifier and a called telephone number into a public encryption key algorithm that is supplied by the service provider. By decrypting the encrypted voice transmission, the service provider is able to extract the voice transmission, the telephone identifier, and the called telephone number, thus allowing the service provider to route the voice transmission to an appropriate answering party at the service provider.

Abstract: According to one embodiment of the present invention, there is provided a method of authorizing a computing device to access a network, comprising receiving authentication data including a user identifier from the computing device, determining whether approval to verify the authentication data is given, and where it is so determined, authorizing the device to access the network upon verification of the authentication data.

Abstract: A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method, an authentication video is displayed on a display. In response to receiving an input at a point in time in the video that matches a pre-selected time reference point, positive authentication is indicated.

Abstract: A method, performed by a network device, may include generating a virtual Layer 3 device for a customer's network. The method may further include establishing a Layer 2 connection between the customer's network and the generated virtual Layer 3 device; establishing a Layer 3 connection between the generated virtual Layer 3 device and a Layer 3 network; and configuring the generated virtual Layer 3 device to function as an edge router for the customer's network.

Abstract: A cloud based security method and processing node includes monitoring data traffic between a user and an external network, wherein the monitoring is performed by a processing node comprising a first server in a cloud based system, detecting a security incident, if an archiving rule exists based on the security incident, providing a notification to a second server within an organization's domain, wherein the user is part of the organization, and wherein the notification includes private data associated with the security incident based on the archiving rule, and storing non-private data in the cloud based system based on the archiving rule.

Abstract: A first component of a cryptographic key is received from a user via a user interface of a user computing device. A second component of the cryptographic key is received via a short-range communication interface that communicatively couples the user computing device to a physically separate storage device. The cryptographic key is generated based at least on the first component and the second component. The cryptographic key is then used to encrypt and/or decrypt data.

Abstract: An enhanced whitelisting module associated within a system whitelists unknown files for execution on the system. The whitelisting module may oversee the computation of a hash of a file loaded into the memory and comparison of the hash to hashes within a hash table generated from clean files located on a clean system. The whitelisting module may communicate to a device internal and/or external to the system to retrieve the hash table of clean files. In certain embodiments, a rolling hash (or other piecewise hash) may be used to determine the location and/or extent of the differences between a modified file and a clean file.

Abstract: A scanning system, method and computer program product are provided. In use, portions of data are scanned. Further, access to a scanned portion of the data is allowed during scanning of another portion of the data.

Abstract: A method and system for authenticating a computing device for data usage accounting are described herein. As an example, the method can be practiced on a computing device that includes secure applications and unsecure applications. A data session request for a secure application can be received, and in response to the data session request, a data session connection can be initiated. As part of initiating the data session connection, an authentication package uniquely associated with the computing device can be sent to the authentication server. If the computing device is authenticated, the data session connection can be established to enable data exchange and data accounting in which the authenticating may be performed exclusively for the secure applications.

Abstract: An input including a second level domain is received. The second level domain is associated with a particular top level domain. A policy associated with the top level domain is obtained. A determination is made as to whether connection information is consistent with the policy. Content is displayed based on the determination.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for performing multi-factor authentication. In one aspect, a method includes determining that a user has successfully completed an authentication factor, determining whether a mobile device associated with the user is proximate to a computer; and authenticating the user based on determining that the user has successfully completed the authentication factor, and that the mobile device is proximate to the computer.

Abstract: Security analysis and vulnerability testing results are “packaged” or “bound to” the actual software it describes. By linking the results to the software itself, downstream users of the software can access information about the software, make informed decisions about implementation of the software, and analyze the security risk across an entire system by accessing all (or most) of the reports associated with the executables running on the system and summarizing the risks identified in the reports.

Abstract: A computer readable medium that includes computer readable program code embodied therein. The computer readable medium causes the computer system to receive, by a data link rule enforcer, a packet from a packet source of the packets, and obtain a data link rule applying to a data link. The data link is operatively connected to the packet source, and the data link is associated with a media access control (MAC) address. The computer readable medium further causes the computer system to determine, by the data link rule enforcer, whether the packet complies with the data link rule, and drop, by the data link rule enforcer, the packet when the packet fails to comply with the data link rule.

Abstract: Secure transmission of electronic data via a data communication link is provided between a device and an additional device with independent transmission channels, wherein at least one of the devices is a medical device. Secure transmission comprises the following steps or means: providing a password in the device, receiving the password in the a additional device separate from the data communication link, selecting one of the independent transmission channels, encrypting the channel identification of the selected independent transmission channel using the received password in the additional device, transmitting the encrypted channel identification from the additional device to the device via the data communication link and decrypting the encrypted channel identification in the device, providing a session key in the device and the additional device and transmitting encrypted electronic data between the device and the additional device via the independent transmission channel.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for overriding a soft website block. One of the methods includes receiving, from a user device, a request to access a resource, determining, using a first policy group for the user device, that the user device should be prevented from accessing the resource, providing, to the user device and based on determining that the user device should be prevented from accessing the resource, instructions for the presentation of a user interface including a user credentials field, receiving user credentials from the user device, determining that the user credentials are the same as credentials used to log onto the user device, and allowing the user device access to the resource.

Abstract: Various techniques for providing product configuration as a Web Service are disclosed. One method involves receiving a Web Service signature requesting access to a product configuration session to configure a product and accessing information representing an instance of the product, in response to receipt of the Web Service signature. A responsive Web Service signature, containing information such as the price of the instance of the product, whether the instance of the product represents a valid configuration, and/or indicative of options available to further configure the product, can be returned to the application that requested access to the session. The requester can request multiple changes to the instance of the product, and validation of those changes can be delayed until after all of the changes have been applied (as opposed to each change being validated independently). A single configurator can handle requests received via multiple different sales channels.

Abstract: Systems and techniques for sharing security data are described herein. Security rules and/or attack data may be automatically shared, investigated, enabled, and/or used by entities. A security rule may be enabled on different entities comprising different computing systems to combat similar security threats and/or attacks. Security rules and/or attack data may be modified to redact sensitive information and/or configured through access controls for sharing.

Abstract: Techniques and tools for quantum key distribution (“QKD”) between a quantum communication (“QC”) card, base station and trusted authority are described herein. In example implementations, a QC card contains a miniaturized QC transmitter and couples with a base station. The base station provides a network connection with the trusted authority and can also provide electric power to the QC card. When coupled to the base station, after authentication by the trusted authority, the QC card acquires keys through QKD with a trusted authority. The keys can be used to set up secure communication, for authentication, for access control, or for other purposes. The QC card can be implemented as part of a smart phone or other mobile computing device, or the QC card can be used as a fillgun for distribution of the keys.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for securing data. One of the methods includes receiving, by the map reduce framework, data for analysis. The method includes identifying, by the map reduce framework, private data in received data. The method includes encrypting the private data. The method includes storing the encrypted private data in a location separate from the received data. The method includes obfuscating the private data by adding a reference to the location of the encrypted private data in the received data.

Abstract: Various systems and methods for providing access to a dynamically generated rules table as a Web Service are disclosed. One method involves receiving a Web Service request from a requester and then dynamically generating a rules table, in response to receipt of the Web Service request. Dynamically generating the rules table includes accessing one or more matrices that store information associated with multiple different rules tables. For example, dynamic generation of the rules table can involve accessing a dimension matrix that stores information identifying one or more input criteria and one or more results included in the rules table, selecting information from a rules matrix based upon the criteria and results identified by the dimension matrix, and then storing the selected information from the rules matrix in the rules table.