Abstract: A method performed at a first electronic device includes: (i) storing a privacy table that comprises random numbers at the first electronic device, (ii) transmitting the privacy table to a second electronic device over an encrypted channel, (iii) receiving a first message for transmission to the second electronic device, (iv) generating a map based on the privacy table, (v) generating a primary key based on the map and the privacy table, and (vi) encrypting the first message using the primary key to form an encrypted first message. The method also includes (vii) transmitting the map and the encrypted first message to the second electronic device, thereby enabling the second electronic device to decrypt the encrypted first message by recreating the primary key based on the map and the privacy table and decrypting the encrypted first message using the recreated primary key.

Abstract: A method performed at a first electronic device includes: (i) storing a privacy table that comprises random numbers at the first electronic device, (ii) transmitting the privacy table to a second electronic device over an encrypted channel, (iii) receiving a first message for transmission to the second electronic device, (iv) generating a map based on the privacy table, (v) generating a primary key based on the map and the privacy table, and (vi) encrypting the first message using the primary key to form an encrypted first message. The method also includes (vii) transmitting the map and the encrypted first message to the second electronic device, thereby enabling the second electronic device to decrypt the encrypted first message by recreating the primary key based on the map and the privacy table and decrypting the encrypted first message using the recreated primary key.

Abstract: A method performed at a first electronic device includes: (i) storing a privacy table that comprises random numbers at the first electronic device, (ii) transmitting the privacy table to a second electronic device over an encrypted channel, (iii) receiving a first message for transmission to the second electronic device, (iv) generating a map based on the privacy table, (v) generating a primary key based on the map and the privacy table, and (vi) encrypting the first message using the primary key to form an encrypted first message. The method also includes (vii) transmitting the map and the encrypted first message to the second electronic device, thereby enabling the second electronic device to decrypt the encrypted first message by recreating the primary key based on the map and the privacy table and decrypting the encrypted first message using the recreated primary key.

Abstract: A method performed at a first electronic device includes: (i) storing a privacy table that comprises random numbers at the first electronic device, (ii) transmitting the privacy table to a second electronic device over an encrypted channel, (iii) receiving a first message for transmission to the second electronic device, (iv) generating a map based on the privacy table, (v) generating a primary key based on the map and the privacy table, and (vi) encrypting the first message using the primary key to form an encrypted first message. The method also includes (vii) transmitting the map and the encrypted first message to the second electronic device, thereby enabling the second electronic device to decrypt the encrypted first message by recreating the primary key based on the map and the privacy table and decrypting the encrypted first message using the recreated primary key.

Abstract: A method and system for mitigating a malware attack are disclosed herein. A malware detection module iterates over a virtual memory address space associated with a process executing on a computer system. The malware detection module identifies a region of memory likely to be vulnerable to a malware attack. Responsive to identifying the region of memory, a thread hollowing module determines a specific process thread associated with the identified region of memory. The thread hollowing module renders the specific process thread inoperable.

Abstract: A method and system for mitigating a malware attack are disclosed herein. A malware detection module iterates over a virtual memory address space associated with a process executing on a computer system. The malware detection module identifies a region of memory likely to be vulnerable to a malware attack. Responsive to identifying the region of memory, a thread hollowing module determines a specific process thread associated with the identified region of memory. The thread hollowing module renders the specific process thread inoperable.

Abstract: The present disclosure generally relates to computer security and malware protection. In particular, the present disclosure is generally directed towards systems and methods for detecting and mitigating a code injection attack. In one embodiment the systems and methods may detect a code injection attack by scanning identified sections of memory for non-operational machine instructions (“no-ops”), detecting a code injection attack based on the scan(s) and mitigating the code injection attack by taking one or more defensive actions.

Abstract: The present disclosure generally relates to computer security and malware protection. In particular, the present disclosure is generally directed towards systems and methods for detecting and mitigating a code injection attack. In one embodiment the systems and methods may detect a code injection attack by scanning identified sections of memory for non-operational machine instructions (“no-ops”), detecting a code injection attack based on the scan(s) and mitigating the code injection attack by taking one or more defensive actions.

Abstract: A method and system for mitigating a malware attack are disclosed herein. A malware detection module iterates over a virtual memory address space associated with a process executing on a computer system. The malware detection module identifies a region of memory likely to be vulnerable to a malware attack. Responsive to identifying the region of memory, a thread hollowing module determines a specific process thread associated with the identified region of memory. The thread hollowing module renders the specific process thread inoperable.

Abstract: The present disclosure generally relates to computer security and malware protection. In particular, the present disclosure is generally directed towards systems and methods for detecting and mitigating a code injection attack. In one embodiment the systems and methods may detect a code injection attack by scanning identified sections of memory for non-operational machine instructions (“no-ops”), detecting a code injection attack based on the scan(s) and mitigating the code injection attack by taking one or more defensive actions.

Abstract: A method for digital immunity includes identifying a call graph of an executable entity, and mapping nodes of the call graph to a cipher table of obscured information, such that each node based on invariants in the executable entity. A cipher table maintains associations between the invariants and the obscured information. Construction of an obscured information item, such as a executable set of instructions or a program, involves extracting, from the cipher table, ordered portions of the obscured information, in which the ordered portions have a sequence based on the ordering of the invariants, and ensuring that the obscured information matches a predetermined ordering corresponding to acceptable operation, such as by execution of the instructions represented by the obscured information, or steganographic target program (to distinguish from the executable entity being evaluated). The unmodified nature of the executable entity is assured by successful execution of the steganographic target program.

Abstract: A system for creating a log of a conversation includes a convener computer and a plurality of conversation computers interconnected by a computer network. The system includes an arbiter computer and a plurality of conversation computers interconnected by a computer network. The arbiter computer creates a public key pair comprising a new public key and a new private key, and causes the new public key to be transmitted to the conversation computers. The conversation computers receive the public key and transmit messages during the conversation. The arbiter computer uses the new private key to encrypt messages transmitted by at least some of the conversation computers during a conversation among the conversation computers, and to store the encrypted messages in a message log. The conversation computers cause messages in the message log to be decrypted using the new public key.

Abstract: The invention is a method and system for integrating a security key infrastructure with applications programs on a computer system. A security key infrastructure service request is transmitted from a first application program to a security integration module. In the security integration module, a first policy is requested from a policy server and a first security key infrastructure is selected to service the security key infrastructure service request, according to the first policy. The security key infrastructure service request is transmitted from the security integration module to the selected first security key infrastructure.

Abstract: A system for certifying authorizations includes an authorizing computer and an authorized computer interconnected by a computer network. The authorizing computer creates a public key pair comprising a new public key and a new private key, and creates an authorization certificate that certifies that a holder of the authorization certificate is authorized to perform an action referred to in the authorization certificate. The authorization certificate includes the new public key. The authorizing computer causes the authorization certificate and the new private key to be transmitted to the authorized computer. The authorized computer receives the authorization certificate and the new private key and decrypts messages using the new private key as evidence that the authorized computer has obtained the authorization certificate legitimately.

Abstract: A system for creating a log of a conversation includes a convener computer and a plurality of conversation computers interconnected by a computer network. The system includes an arbiter computer and a plurality of conversation computers interconnected by a computer network. The arbiter computer creates a public key pair comprising a new public key and a new private key, and causes the new public key to be transmitted to the conversation computers. The conversation computers receive the public key and transmit messages during the conversation. The arbiter computer uses the new private key to encrypt messages transmitted by at least some of the conversation computers during a conversation among the conversation computers, and to store the encrypted messages in a message log. The conversation computers cause messages in the message log to be decrypted using the new public key.