Abstract: A method of retrieval of items of particular relevance from a particular domain. A processor receives from a remote computing device a resource-identifying string that has a combination of a predefined notation and a resource-related sub-string. The processor uses the resource-identifying string to retrieve a subset of data items from within a data set, the subset of data items relating to a subset of resources within a set of resources available to be served by the particular domain over a distributed network. The processor uses the subset of data items to generate a list of the subset of resources and serves the list to the remote computing device.

Abstract: A method and circuit for implementing Electronic Fuse (eFuse) visual security of stored data using embedded dynamic random access memory (EDRAM), and a design structure on which the subject circuit resides are provided. The circuit includes EDRAM and eFuse circuity having an initial state of a logical 0. The outputs of the eFuse and an EDRAM are connected through an exclusive OR (XOR) gate, enabling EDRAM random data to be known at wafer test and programming of the eFuse to provide any desired logical value out of the XORed data combination.

Abstract: Systems and methods are provided that may be implemented to deliver firmware for pre-boot updates of targeted information handling system device/devices using custom update capsules (e.g., such as custom unified extensible firmware interface capsules) and a separately-stored firmware update package that is remotely or locally stored. The custom update capsules may contain instruction payload information that may be used to determine location and desired components of the separately-stored firmware update package, and that also may be used to determine whether existing driver/drivers are to be retained in a firmware module in system memory or to be unloaded and replaced with a new (e.g., upgraded or downgraded) driver version in a firmware module in system memory as part of the firmware update.

Abstract: Systems and methods for universal interception of events. The methods involve: intercepting functions performed by an OS object manager which specify Physical Events (“PEs”) occurring therein, each PE comprising a real-time event occurring in an OS in runtime; obtaining PE information indicating which PEs are specified by the intercepted functions being performed by the OS object manager; analyzing the PE information to identify Virtual Events (“VEs”) which are associated with each PE, where each VE comprises an event occurring when one of a plurality of operations is performed by an OS subsystem which facilitates an occurrence of a respective PE; filtering VE information specifying the VEs identified as being associated with the PEs so as to generate filtered information specifying only select ones of the VEs; and placing the filtered information is a queue for subsequent processing to detect malware threats to a computing device.

Abstract: According to a first aspect of the present invention there is provided a method of protecting a computer system from malware, which malware attempts to prevent detection or analysis when executed in an emulated computer system. The method comprises determining if an executable file should be identified as being legitimate and, if not, executing the executable file while providing indications to the executable file that it is being executed within an emulated computer system.

Abstract: Feedback received from users regarding potential problems with an application, service, or other source of electronic content can be configured to include additional information that help triangulate the source of the problem. Content provided by third parties can be combined with content from a primary provider, but the primary provider often will be unable to determine the precise instance of third party content that a user received that might have posed a problem for the user, as may relate to malware or another such issue. By configuring feedback submissions from users to automatically include identifying information, and by logging session data for various users, a content provider can analyze and filter the data to determine likely sources of the problem, and deactivate or otherwise address those sources. Further, the content provider can analyze the information to locate any users likely to have been exposed to the same third party content.

Abstract: A first candidate answer to a time-sensitive question received by a question answering (QA) system is identified using a first document. A first temporal confidence subscore of the first candidate answer is then calculated using a first temporal confidence rule. A first general confidence score is then generated based on at least the first temporal confidence subscore. A second candidate answer to the question is identified using a second document. A second temporal confidence subscore of the second candidate answer is then calculated using a second temporal confidence rule. A second general confidence score is then generated based on at least the second temporal confidence subscore. The first general confidence score and the second general confidence score are then compared. Based on this comparison, a final answer is selected from the first candidate answer and the second candidate answer.

Abstract: A computer-implemented method includes identifying first code for a content that has not been analyzed for purposes of transforming the first code before serving the code in response to future requests for the first code; analyzing the first code to identify portions of the first code that can be changed without affecting a manner in which the first code will function on client devices; subsequently receiving a request for the content; applying rules generated from analyzing the first code to a currently-served version of the first code, so as to obfuscated the currently-served version of the first code; and providing the obfuscated version of the currently-served version of the first code to a computing device that provide the request.

Abstract: According to one embodiment, a threat detection platform is integrated with at least one virtual machine that automatically performs a dynamic analysis of a received object and monitors the processing during the dynamic analysis for a change to a file system within the virtual machine wherein the change involves a lure file placed in the file system. The file system is configured based on a received configuration file. Upon detection of a change in the file system associated with a lure file, the changes associated with the lure file during processing are compared to known file activity patterns of changes caused by file altering malware to determine whether the object includes file altering malware.

Abstract: A method, and system for implementing enhanced fast full synchronization for remote disk mirroring in a computer system. A source backup copy is made locally available to a target for remote disk mirroring. Sectors are identified that are different between the source and target. A hash function is used over a block to be compared, with an adaptive number of tracking sectors per block, starting with a minimum block size.

Abstract: A computing device includes a processor and a persistent memory for storing information about a first public key associated with a first asymmetric key pair for authenticating the source of a digital certificate. The computing device also includes a second memory for storing one or more current key version indicators. Each of the current key version indicators is associated with a corresponding secondary public key, and the one or more current key version indicators are used by the processor to determine the trust of the corresponding secondary public key.

Abstract: A first candidate answer to a time-sensitive question received by a question answering (QA) system is identified using a first document. A first temporal confidence subscore of the first candidate answer is then calculated using a first temporal confidence rule. A first general confidence score is then generated based on at least the first temporal confidence subscore. A second candidate answer to the question is identified using a second document. A second temporal confidence subscore of the second candidate answer is then calculated using a second temporal confidence rule. A second general confidence score is then generated based on at least the second temporal confidence subscore. The first general confidence score and the second general confidence score are then compared. Based on this comparison, a final answer is selected from the first candidate answer and the second candidate answer.

Abstract: A client module downloaded by web browser from a server receives authentication information to open a smart card in a card reader and to initiate a secure network connection to a first server module running on a server. The client module calls a second server module running on the server. And the client module receives a new application for the smart card. Then the client module causes the smart card to delete an old application and load the new application. Each of the operations performed by client module occurs in a single session.

Abstract: A method for tracking machines on a network of computers includes determining one or more assertions to be monitored by a first web site which is coupled to a network of computers. The method monitors traffic flowing to the web site through the network of computers and identifies the one or more assertions from the traffic coupled to the network of computers to determine a malicious host coupled to the network of computers. The method includes associating a first IP address and first hardware finger print to the assertions of the malicious host and storing information associated with the malicious host in one or more memories of a database. The method also includes identifying an unknown host from a second web site, determining a second IP address and second hardware finger print with the unknown host, and determining if the unknown host is the malicious host.

Abstract: A method in a wireless sensing device for authenticating a gateway device of a sensor network is described. The method includes receiving a certificate where the certificate was generated by the management server upon a determination that the gateway device and the wireless sensing device are associated and is a digital document including data and a digital signature, where the digital signature was generated by the management server based on the data and a private key of the management server, and where the data includes a first identifier and a second identifier; confirming that the wireless sensing device is authorized to upload data to the gateway device; in response to the confirming that the wireless sensing device is authorized to upload data to the gateway device, uploading to the gateway device data indicative of a plurality of sensor measurements taken over time to be transmitted to the management server.

Abstract: A computer program includes a plurality of different types of computer program instructions. Prior to execution of the computer program, the computer the computer program instructions of each of the types. At a time during execution of the computer program, the computer counts the computer program instructions of each of the types. The computer, in response to determining that the count for one of the instruction types determined prior to execution of the computer program differs by at least an associated threshold value from the count for the same instruction type determined during execution, makes a record that the computer program has an indicia of maliciousness.

Abstract: A method, and system for implementing enhanced fast full synchronization for remote disk mirroring in a computer system. A source backup copy is made locally available to a target for remote disk mirroring. Sectors are identified that are different between the source and target. A hash function is used over a block to be compared, with an adaptive number of tracking sectors per block, starting with a minimum block size.

Abstract: A system and method for stemming flow of information from a negative campaign are described. A status for each node of a set of preselected nodes in a social network graph is identified. The status indicates whether a node has been infected with information from a negative campaign. A source and a flow of the negative campaign are identified based on the status of the nodes from the set of preselected nodes and a topology of the social network graph. A susceptibility score is computed for one or more nodes of the social network. The susceptibility score is computed using a measure of vulnerability of nodes that have not received the information based on the flow of the negative campaign, and a measure of reachability of nodes from the source. Nodes susceptible to adopting and spreading the information from the negative campaign are identified based on the susceptibility score.

Abstract: The software application for implementing intrusion prevention devices of the present invention has an information flow schema, mathematical calculation algorithm and a Web portal. The devices have built-in intelligence, which is used to match user's implementation requirements.

Abstract: A device receives data, identifies a context associated with the data, and identifies a script, within the data, associated with the context. The device parses the script to identify tokens, forms nodes based on the tokens, and assembles a syntax tree using the nodes. The device renames one or more identifiers associated with the nodes and generates a normalized text, associated with the script, based on the syntax tree after renaming the one or more identifiers. The device determines whether the normalized text matches a regular expression signature and processes the data based on determining whether the normalized text matches the regular expression signature. The device processes the data by a first process when the normalized text matches the regular expression signature or by a second process, different from the first process, when the normalized text does not match the regular expression signature.

Abstract: System and methods for a membership-based service or network to enable access to membership-related services are provided. A portal application for members, which is accessible via a mobile device of a member, transforms the mobile device of the member into a membership card, an instrument to provide information employable to access membership services, and an apparatus to access the membership-related services. A membership management server supports the portal application and facilitates provision of services to members by a membership provider.

Abstract: Disclosed are an apparatus and method of verifying an application installation procedure. One example method of operation may include receiving an application at a computer device and initiating the installation of the application on the computer device. The method may also provide executing the application during the installation procedure and creating a hash value corresponding to the executed application data. The method may further provide storing the hash value in memory and comparing the hash value to a pre-stored hash value to determine whether to continue the installation of the application.

Abstract: Methods and systems for automatic correction of security downgraders. For one or more flows having one or more candidate downgraders, it is determined whether each candidate downgrader protects against all vulnerabilities associated with the candidate downgrader's respective flow. Candidate downgraders that do not protect against all of the associated vulnerabilities are transformed, such that the transformed downgraders do protect against all of the associated vulnerabilities.

Abstract: In an embodiment, a system includes an electronic device having memory circuitry configured to store an application comprising a plurality of instructions. The system also includes processing circuitry configured to execute the application and an application authenticity check routine, wherein the application authenticity check routine includes instructions executable by the processing circuitry to use idle processing time to verify an authenticity of the application throughout execution of the application.

Abstract: Disclosed are systems and methods for controlling installation of programs on a computer. An exemplary system is configured to detect installation of an unknown program on a computer; suspend installation of the unknown program; execute the unknown program in a secure environment; detect undesirable actions of the unknown program, including: actions performed by the program without knowledge of a user, actions for accessing personal user data on the computer, and actions effecting user's working with other programs or operating system of the computer; determine whether the unknown program is undesirable or not based on the detected undesirable actions of the program; when the unknown program is determined be undesirable, prompt the user to select whether to allow or prohibit installation of the undesirable program on the computer; and when the unknown program is determined not to be undesirable, allow installation of the unknown program on the computer.

Abstract: Method, device, and storage medium to receive a request to authorize a release of protected resource data, wherein the request includes a device identifier that identifies a requesting device of the request and one or more indicators that indicate one or more instances of the protected resource data being requested; identify a sensitivity level for each indicator of the protected resource data; identify, based on the device identifier, contextual information that indicates a preferred type of consent of the requesting device in response to a determination that at least one of the one or more indicators require consent from a resource owner of the protected resource data; select a type of consent based on the contextual information and the one or more sensitivity levels; and transmit a request, to a user device associated with the resource owner, for consent from the resource owner according to the type of consent.

Abstract: One or more wireless communications device may include one or more domains that may be owned or controlled by one or more different owners. One of the domains may include a security domain having ultimate control over the enforcement of security policies on the one or more wireless communications devices. Another one of the domains may include a system-wide domain manager that is subsidiary to the security domain and may enforce the policies of one or more subsidiary domains. The system-wide domain manager may enforce its policies based on a privilege level received from the security domain. The privilege level may be based on the level of trust between an external stakeholder, such as an owner of a domain that is subsidiary to the system-wide domain manager, and the security domain.

Abstract: A first display server and a second display server execute on a processing device. The first display server provides a secure environment for data presented in first application windows of the first display server and the second display server provides an unsecure environment for data presented in second application windows of the second display server. The processing device receives at least one user command to copy data from one of the first application windows of the first display server to one of the second application windows of the second display server. The processing device prompts a user to perform an authentication upon receiving the at least one user command. In response to the user successfully performing the authentication, data is copied from said one of the first application windows to said one of the second application windows.

Abstract: The present embodiments provide a method and system for rapidly scanning a file, wherein the method includes obtaining a data packet, the data packet comprising secure file characteristic information for determining whether a file in a system is a secure file, and scanning file characteristic information of files in the system one by one, if the currently scanned file characteristic information matches secure file characteristic information in the data packet identifying a file as a secure file, skipping an anti-virus scanning for the current file, and continuing to scan a next file. By using the data packet, when a new user performs a first scanning, a file with identical characteristic information as that in the data packet can be skipped, which can reduce the time for the first scanning.

Abstract: A packet analysis apparatus and method and a VPN server, which secure evidence against a situation in which a hacker disguises a packet as a normal packet to make an attack using a VPN server as a router. The packet analysis apparatus includes a packet classification unit for gathering and classifying packets which are used between a host and the VPN server and plaintext packets which are used between the VPN server and a target. A first comparative analysis unit compares contents of an encapsulated IP datagram of each encrypted VPN packet, obtained by decrypting the encrypted VPN packet, with contents of a plaintext IP datagram included in each plaintext packet and present for a target to which the host desires to transfer the encrypted VPN packet. A second comparative analysis unit compares lengths of the encapsulated IP datagram and the plaintext IP datagram with each other.

Abstract: Secure and remote operation of a remote computer from a local computer over a network includes authenticating at least one remote computer for connection to at least one computer over the network and/or at least one local computer for connection to at least one remote computer over the network; establishing a secure connection therebetween; and integrating a desktop of at least one remote computer on a display of at least one local computer. Functions that are performed may include one or more of: integrating a file structure of accessible files accessed at the second or first computer, into a file structure contained at the first or second computer, respectively; at least one of integrating a desktop of the second computer on a display of the first computer and integrating a desktop of the first computer on a display of the second computer; and directly operating the second computer from the first computer or the first computer from the second computer.

Abstract: A nonvolatile memory device generates a signature using a private key and contents within the memory device. The signature is stored in a secure area within the nonvolatile memory device. A processor having the same private key also generates a signature that is stored in the clear. The processor validates the contents of the nonvolatile memory by comparing the signatures.

Abstract: A method and a system for secure transfer of an application from a server (S) into a reading device unit (2) with authentication of a user with a data carrier unit (1), the server (S) making available the application, wherein, between the data carrier unit (1) and the server (S), a first cryptographically secured channel (K1) is set up based on first cryptographic information (A), and between a security module (3) of the reading device unit (2) and the server (S) a second cryptographically secured channel (K2) is set up based on second cryptographic information (B). The application is transferred from the server to the reading device unit via the second cryptographically secured channel (K2).

Abstract: The invention relates to a device for monitoring physical objects that comprises one or more short-range remote readers (13), memory elements (5) to be attached to physical objects, and a controller (15) adapted for executing a reading function capable of interaction with the one or more remote readers in order to acquire data contained in adjacent memory elements, and for executing an integrity validation function capable of distinguishing, from the acquired data, individual identifiers particular to each of the memory elements as well as group description data stored in at least some of said memory elements, and of checking the sufficiency of group description data while checking the compliance of individual identifiers with corresponding group description data.

Abstract: A repackaged mobile app that has been unpacked and repackaged back is detected based on similarity of app labels of a target mobile app being evaluated and a reference mobile app. The similarity of the sound of the app label of the target mobile app to the sound of the app label of the reference mobile app may be determined. The similarity of the appearance of the app label of the target mobile app to the appearance of the app label of the reference mobile app may also be determined. The target mobile app may be deemed to be a repackaged mobile app when the app labels of the target and reference mobile apps are deemed to be similar (which may include being the same) but the target and reference mobile apps have different identifiers.

Abstract: An apparatus for cryptographic pre-boot authentication includes a cryptographic processor configured to perform cryptographic operations. The cryptographic processor includes a portion dedicated to the boot interface. The apparatus also includes a storage device storing machine readable code and a processor executing the machine readable code. The machine readable code includes a storage module storing a first cryptographic key on the cryptographic processor. The machine readable code further includes an encryption module encrypting an electronic message with a second cryptographic key. The machine readable code also includes a decryption module decrypting the electronic message with the first cryptographic key where an authorized user is granted access to a device upon successful decryption of the electronic message.

Abstract: A system, method, and computer program product are provided for implementing asymmetric AES-CBC (Advanced Encryption Standard-Cipher Block Chaining) channels usage between encryption and decryption of data. In operation, data to be written to memory is identified. In addition, the data is encrypted utilizing a first AES-CBC channel. Additionally, at least one of a plurality of AES-CBC channels is utilized to decrypt the data to achieve a determined performance target.

Abstract: A method begins by a processing module generating an integrity check value for each encoded data slice of a set of encoded data slices to produce a set of integrity check values. The method continues with the processing module encoding the set of integrity check values to produce encoded integrity check values. The method continues with the processing module sending the encoded integrity check values for storage in a memory system.

Abstract: An apparatus and method for providing home evolved node-B (H(e)NB) integrity verification and validation using autonomous validation and semi-autonomous validation is disclosed herein.

Abstract: Systems and methods of determining compliance of content in a website or web application are disclosed. The systems and methods comprise a compliance tool to retrieve data associated with website or web application content. The compliance tool can scan the data to determine references to network locations. The compliance tool can compare the references to one or more approval rules to determine whether the references comply with the approval rules. A report can be compiled and outputted that indicates which references comply and which references do not comply with the approval rules. A user can have the option to add non-complying references to an approved list. The compliance tool can further remove non-complying references from the website or web application data and/or register non-complying references with a firewall.

Abstract: The invention relates to a method for obfuscating a computer program. Said method comprises the following steps: a—selecting a numerical variable V used by said program or an instruction of said program using said numerical value V, b—defining at least one operation which provides said numerical value V when executed, c—substituting at least one line of said program using the numerical value V for at least one new program line performing the operation that supplies the value of said numerical variable V.

Abstract: A non-transitory computer-readable recording medium has stored therein a patch scheduling program that causes a computer to execute a process. The process includes managing, aggregating, determining, and scheduling. The managing includes managing a system including a plurality of software that control a plurality of virtual machines. The aggregating includes aggregating virtual machines including a similar trend regarding a predetermined index thereof with a mutually-same virtual software. The determining includes determining a time period during which the virtual machines are to be moved, based on the trends of the virtual machines aggregated with the mutually-same virtual software and based on moving time of the move of the virtual machines to a different virtual software included in the plurality of virtual software. The scheduling includes scheduling applying a patch to each of the plurality of virtual software at the determined time periods.

Abstract: Customers can utilize resources of a multi-tenant environment to provide one or more services available to various users. In order to simplify the process for these customers, the multi-tenant environment can include an infrastructure wherein a portion of the resources provide an authentication and/or authorization service that can be leveraged by the customer services. These resources can logically sit in front of the resources used to provide the customer services, such that a user request must pass through the authorization and authentication service before being directed to the customer service. Such resources can provide other functionality as well, such as load balancing and metering.

Abstract: A data loss prevention (DLP) manager running on a security virtual machine manages DLP policies for a plurality of guest virtual machines. The DLP manager identifies a startup event of a guest virtual machine, and installs a DLP component in the guest virtual machine. The DLP component communicates with the DLP manager operating within the security virtual machine. The DLP manager also receives file system events from the DLP component, and enforces a response rule associated with the guest virtual machine if the file system event violates a DLP policy.

Abstract: The present disclosure relates generally to digital watermarking and grocery/retail store checkout. One claim recites a system comprising: a 2D camera for capturing imagery of packaged items, the packaged items including digital watermarking printed on product packaging; one or more processors programmed for: prioritizing at least some image areas from within at least one captured imagery frame for digital watermark detection based on: i) area brightness, and on ii) area frame location; and detecting digital watermarks from one or more image areas prioritized from the prioritizing image areas, in which the detecting digital watermarks analyzes image areas in order of prioritization. Of course, other features, combinations and claims are also provided.

Abstract: In order for intermediary WAAS devices to process and accelerate ICA traffic, they must decrypt the ICA traffic in order to examine it. Disclosed is a mechanism by which the ICA traffic may be re-encrypted for transport over the WAN in a manner that does not require explicit configuration by the administrator of the WAAS devices. For example, VDI traffic may be intercepted and all data redundancy elimination messages may be encrypted and sent to a peer network device.

Abstract: A system that incorporates the subject disclosure may include, for example, a system for receiving a request to modify a universal integrated circuit card, generating a package comprising configuration data for modifying the universal integrated circuit card, encrypting the package with a transport key to generate an encrypted package, transmitting the encrypted package to a communication device communicatively coupled to the universal integrated circuit card to provision the universal integrated circuit card, and providing a mobile network operator trusted service manager system information relating to the configuration data to enable the mobile network operator trusted service manager system to manage content and memory allocation of the universal integrated circuit card. Other embodiments are disclosed.

Abstract: A method of extending trust from a trusted processor to a graphics processing unit to expand trusted processing in an electronic device comprises inserting a trusted kernel into the graphics processing unit, monitoring the activity level of the graphics processing unit, suspending graphics processing on at least a portion of the graphics processing unit, repurposing a portion of the graphics processing unit to perform trusted processing, and releasing the portion of the graphics processing unit from trusted processing.

Abstract: A method, system, and apparatus for verifying integrity and execution state of an untrusted computer. In one embodiment, the method includes placing a verification function in memory on the untrusted computer; invoking the verification function from a trusted computer; determining a checksum value over memory containing both the verification function and the execution state of a processor and hardware on the untrusted computer; sending the checksum value to the trusted computer; determining at the trusted computer whether the checksum value is correct; and determining at the trusted computer whether the checksum value is received within an expected time period.

Abstract: In one embodiment, a processor includes at least one execution unit. The processor also includes a Return Oriented Programming (ROP) logic coupled to the at least one execution unit. The ROP logic may validate a return pointer stored on a call stack based on a secret ROP value. The secret ROP value may only be accessible by the operating system.