Abstract: Aspects may relate to a server comprising: an interface to receive a service request; and a processor coupled to the interface to receive the service request, the processor configured to: implement a firewall appliance for the service request; operate a first micro-security application to generate an anomaly alert for the service request; and operate a second micro-security application to receive the anomaly alert from the first micro-security application or from another server's micro-security application and to determine whether the service request corresponds to a non-benign behavior.

Abstract: A method for transforming untrusted applications into trusted executables through static previrtualization is disclosed. For example, the method receives an untrusted application and extracts a system call from the untrusted application. The method then determines if the system call is privileged or non-privileged. If the system call is privileged, the method replaces the system call with a hypercall. If the system call is non-privileged, it is replaced with a library call. The method repeats this process for additional system calls in the untrusted application to create a trusted executable. The method then forwards the trusted executable.

Abstract: A method for transforming untrusted applications into trusted executables through static previrtualization is disclosed. For example, the method receives an untrusted application and extracts a system call from the untrusted application. The method then determines if the system call is privileged or non-privileged. If the system call is privileged, the method replaces the system call with a hypercall. If the system call is non-privileged, it is replaced with a library call. The method repeats this process for additional system calls in the untrusted application to create a trusted executable. The method then forwards the trusted executable.

Abstract: The present invention is directed towards systems and methods for transmitting a DNS beacon for storage. A method according to one embodiment comprises generating one or more data items for logging and transmitting a DNS request to an authoritative DNS server for a logging domain, with the host name of the DNS request comprising the one or more data items for logging. The DNS request, which comprises the data items for logging, is stored on a storage device.

Abstract: The present invention is directed towards systems and methods for transmitting a DNS beacon for storage. A method according to one embodiment comprises generating one or more data items for logging and transmitting a DNS request to an authoritative DNS server for a logging domain, with the host name of the DNS request comprising the one or more data items for logging. The DNS request, which comprises the data items for logging, is stored on a storage device.

Abstract: The present invention is directed towards systems and methods for transmitting a DNS beacon for storage. A method according to one embodiment comprises generating one or more data items for logging and transmitting a DNS request to an authoritative DNS server for a logging domain, with the host name of the DNS request comprising the one or more data items for logging. The DNS request, which comprises the data items for logging, is stored on a storage device.

Abstract: A system, method and article of manufacture are provided for pricing a cryptographic service. A request for a cryptographic service is received. An identification is made of one or more of a computational burden required to perform the cryptographic service, a privacy level of the cryptographic service, and/or a speed of performing the cryptographic service. A price of the cryptographic service is determined based on the computational burden, privacy level, and/or speed. A method is also provided for pricing a cryptographic service based on a compactness of a cryptographic message. A request for encrypting a message is received. The message is encrypted and is also compressed during the encryption. An amount of compression of the message is determined. A price of the encryption is determined based on the amount of compression.

Abstract: The present invention is directed towards systems and methods for transmitting a DNS beacon for storage. A method according to one embodiment comprises generating one or more data items for logging and transmitting a DNS request to an authoritative DNS server for a logging domain, with the host name of the DNS request comprising the one or more data items for logging. The DNS request, which comprises the data items for logging, is stored on a storage device.

Abstract: A system, method and article of manufacture are provided for affording a cryptographic service utilizing a server on a network. Initially, a client is identified utilizing the network. A first key is established, and a tunnel is generated on the network. Thereafter, information is received at the server from the client utilizing the tunnel. Such information is encrypted by the client using the first key. At the server, cryptographic work is performed using the first key.

Abstract: A system, method, and article of manufacture are provided for pricing a cryptographic service on a network utilizing one or more cryptoservers. A request for a cryptographic service is received from a user utilizing a network. The request is received by a cryptographic service provider. A contract is generated based on a variable pricing scheme in response to the request. The contract is sent from the cryptographic service provider to the user utilizing the network. A method is also provided for auditing a security provision on a network utilizing a cryptoserver. A cryptographic key is obtained such as by obtaining it from a trusted source or generating the key. A plurality of users are allowed to request that a cryptoserver use the cryptographic key to sign a message in violation of a security provision. It is determined whether the cryptoserver signed the message in response to the request.

Abstract: A print management system includes a policy that determines a protection level for a document to be printed. The document is printed using forgery detection and deterrence technologies, such as fragile and robust watermarks, glyphs, and digital signatures, that are appropriate to the level of protection determined by the policy. A plurality of printers are managed by a print management system. Each printer can provide a range of protection technologies. The policy determines the protection technologies for the document to be printed. The print management system routes the print job to a printer that can apply the appropriate protections and sets the appropriate parameters in the printer. Copy evidence that can establish that a document is a forgery and/or tracing information that identifies the custodian of the document and restrictions on copying of the document and use of the information in the document are included in the watermark that is printed on the document.

Abstract: A system, method and article of manufacture are provided for secure operation of a network device. A digital certificate is assigned to a network user. A command for operation of a network device and the digital certificate are received from the network user. A cryptographic key stored in the network device is utilized to authenticate the digital certificate of the network user. Operation of the network device is enabled if the digital certificate of the network user is authenticated. According to another aspect of the present invention, a system, method and article of manufacture are provided for secure identification of a network device. A digital certificate is assigned to a network device. A command for operation of the network device is received from a network user. The digital certificate is sent to the network user. The network user utilizes a cryptographic key to authenticate the digital certificate of the network device.

Abstract: A system for controlling access to online content referenced in a hardcopy document. A user requesting access to online content available on a server responds to an authentication challenge from the server using a password mechanism printed in the hardcopy document. The password mechanism allows the user to identify a password for responding to an authentication request by the server. After authenticating the user, the server initiates a state change to enable subsequent access to the online content by the user with a different password that is also identified with the password mechanism.

Abstract: A system, method and article of manufacture are provided for transition state-based cryptography in an application including at least one state having a state key associated with it. A request for access is sent to a server utilizing a network upon reaching a state in the application. The request includes a state key associated with the state. A reply is received from the server in response to the request. The reply includes an access key for providing the access if the state key is valid. According to another embodiment of the present invention, a method is provided for transition state-based cryptography in an application including at least one state having a state key associated with it. A request for access is received from a client to a server utilizing a network. The state key is verified at the server. A reply is sent from the server in response to the request. The reply includes an access key for providing the access if the state key is verified.

Abstract: A symmetric key encryption system includes a printer or copier for performing decryption in two passes. During a first pass an encrypted image is decrypted to define a first partially decrypted image and during a second pass a complement of the encrypted image is decrypted to define a second partially decrypted image. The first partially decrypted image is formed when the encrypted image is rendered onto a first recording medium through a stencil. The stencil, which is a random arrangement of holes, is overlaid on the first recording medium to permit only selected portions of the encrypted image to be rendered on the recording medium. During the second pass, the complement of the encrypted image is rendered on a second recording medium through a complement of the stencil to yield the second partially decrypted image. Overlaying and aligning the first partially decrypted image and the second partially decrypted image finally decrypts the encrypted image.