Abstract: A method and circuit for implementing Electronic Fuse (eFuse) visual security of stored data using embedded dynamic random access memory (EDRAM), and a design structure on which the subject circuit resides are provided. The circuit includes EDRAM and eFuse circuitry having an initial state of a logical 0. The outputs of the eFuse and an EDRAM are connected through an exclusive OR (XOR) gate, enabling EDRAM random data to be known at wafer test and programming of the eFuse to provide any desired logical value out of the XORed data combination.

Abstract: The present disclosure describes methods and apparatus for implementing a signature-based sleep recovery operation flow for booting a system-on-chip (SoC). When the SoC begins its normal boot flow, a controller retrieves a sleep recovery signature from a register and compares the retrieved sleep recovery signature to a default signature. If the sleep recovery signature matches the default signature, the SoC enters a ROM checksum fail debug flow and, upon satisfying the requirements of the ROM checksum fail debug flow, enters a sleep recovery boot flow, which restores the SoC to the operational state it was in prior to entering the sleep mode. If the sleep recovery signature does not match the default signature, the SoC continues with the normal boot flow or, by use of external pins, can be forced into a normal debug mode flow so that the boot code can be debugged.

Abstract: Methods, apparatus and system of detecting data security are provided herein. Data for detection are acquired. Whether the data for detection are to be updated for a first time is determined. When the data for detection are to be updated for the first time, the data for detection can be updated, encrypted, and stored as first encrypted data. When the data for detection are not to be updated for the first time, the data for detection can be acquired and encrypted to provide second encrypted data. The second encrypted data are compared with the stored first encrypted data to determine whether the second encrypted data having been unauthorizedly modified. The present disclosure is simple to be implemented without relying on specific logical of a certain application. Development costs, maintenance costs and occupancy of server resources can be reduced. System performance and user experience can be improved.

Abstract: An apparatus and method for searching for similar malicious code based on malicious code feature information. The apparatus includes a malicious code registration unit for registering input new malicious code as a new malicious code sample, and extracting and registering detailed information of the new malicious code sample, a malicious code analysis unit for analyzing the detailed information of the new malicious code sample, a malicious code DNA extraction unit for extracting malicious code DNA information including malicious code feature information, a malicious code DNA comparison unit for comparing the extracted malicious code DNA information with malicious code DNA information of prestored malicious code samples, and calculating similarities therebetween, and a similar malicious code search unit for calculating, based on the calculated similarities, all similarities between the new malicious code sample and prestored malicious code samples, and extracting a specific number of malicious code samples.

Abstract: The present invention provides methods and systems to protect an organization's secure information from unauthorized disclosure. The present system uses protect agents installed across various egress points (e.g., email server, user's computer, etc.) to monitor information disclosed by a user. The present system also provides the use of fingerprint servers to remotely maintain a database of fingerprints associated with the organization's secure data. In one embodiment, the protect agents transmit fingerprints associated with the user's information to the fingerprint server utilizing a local network or the public internet. The protect agents then receive a comparison analysis from the fingerprint servers and execute appropriate security action based on the analysis. In one embodiment, a combination of the local network and public internet is utilized to achieve remote agent lookups.

Abstract: Several embodiments of systems incorporating nonvolatile memory devices are disclosed herein. In one embodiment, a system can include a central processor (CPU) and a nonvolatile memory device operably coupled to the CPU. The nonvolatile memory device can include a memory that stores pre-measurement instructions that are executable by the nonvolatile memory upon startup, but not executable by the CPU upon startup. In operation, the pre-measurement instructions direct the nonvolatile memory to take a measurement of at least a portion of its contents and to cryptographically sign the measurement to indicate that the measurement was taken by the nonvolatile memory device. In one embodiment, the CPU can use the measurement to determine whether the nonvolatile memory device is trustworthy.

Abstract: A device may receive a digital voucher, a customer certificate, and configuration information for automatically configuring the device. The digital voucher may include a first customer identifier that identifies a customer associated with the device and a device identifier that identifies the device. The customer certificate may include a second customer identifier that identifies the customer and a customer public key associated with the customer. The configuration information may include information that identifies a configuration for automatically configuring the device. The device may validate at least one of the digital voucher, the customer certificate, or the configuration information. The device may configure the device, using the configuration, based on validating at least one of the digital voucher, the customer certificate, or the configuration information.

Abstract: Disclosed are a method and a device for extracting a characteristic code of an APK virus. The method comprises: scanning a designated file in an Android installation package APK; extracting an operation instruction in the designated file, and judging whether the operation instruction contains virus information; and if yes, generating a characteristic code of the virus according to the operation instruction. In the application, the characteristic code of the virus APK can be accurately and effectively extracted, so as to facilitate improvement of efficiency and accuracy of identification of the virus APK and a variation thereof, thereby improving the security of an APK application.

Abstract: A method for assessing security risks associated with a cloud application to which one or more connected applications are coupled begins by configuring a security risk assessment application to function as a connected application. The security risk assessment application collects “first” data associated with one or more accounts, and “second” data associated with the one or more connected applications coupled to the cloud application. After receiving the first and second data, the security risk assessment application instantiates that data into a generic “data object” that the system uses to represent each account and each of the connected applications. Each such data object thus is populated either with the first data or the second data, depending on whether the data object represents an account or a connected application. A risk assessment is then applied to the generic data object to assess a security risk associated with the cloud application.

Abstract: Systems and methods for cryptographic suite management are described. A system for cryptographic suite management has a cryptographic suite management unit comprising a series of APIs enabling diverse applications to call cryptographic functions. The system enables: multiple applications on an interface to access shared cryptographic resources; applications across multiple devices to share and license cryptographic resources between devices; encryption, decryption and sharing of data between devices having different cryptographic implementations; the definition, distribution and enforcement of policies governing the terms of use for cryptographic implementations, systems and methods to secure and protect shared and dynamically loaded cryptographic providers; use by an application of multiple cryptographic resources and the management of cryptographic provider bundles and associated policies across one or many cryptographic suite management unit instances.

Abstract: A download security system (100) includes a server (102) and an information processing apparatus (10). The information processing apparatus (10) includes a flash memory (64) for storing data downloaded from the server (102) and a memory controller (62). A transition command for a transition to a writable mode to the flash memory (64) is transmitted from the server (102), and in response to the transition command, a memory controller (62) makes a transition to the writable mode. The data downloaded from the server (102) is written to the flash memory (64) by the memory controller (62) in the writable mode.

Abstract: A device, system, and method for providing processor-based data protection on a mobile computing device includes accessing data stored in memory with a central processing unit of the mobile computing device and determining that the accessed data is encrypted data based on a data included in one or more control registers of the central processing unit. If the data is determined to be encrypted data, the central processing unit is to decrypt the encrypted data using a cryptographic key stored in the central processing unit. The encrypted data may also be stored on a drive of the mobile computing device. The encryption state of the data stored on the drive is maintained in a drive encryption table, which is used to update a memory page tables and the one or more control registers.

Abstract: A server determines whether a the stored on a computing device matches a file stored on the server by comparing hash values for a first portion of the files. Based on the comparing, the server determines whether to upload the first portion of the file. The server uploads second portion of the file. The server generates the file for download by appending the first portion of the file stored on the server to the second portion of the file uploaded from the computing device.

Abstract: A method and apparatus to securely distribute embedded firmware to a module in an industrial control system is disclosed. A security certificate corresponding to the firmware is generated utilizing a proprietary algorithm. The certificate includes an identifier corresponding to the module on which the firmware is to be loaded and an identifier corresponding to a removable medium on which the firmware is distributed. The removable medium is inserted into the module in the industrial control system on which the firmware is to be loaded. The module reads the security certificate and verifies that the firmware is intended for the module and verifies that the security certificate includes the identifier for the removable medium which was inserted into the module. If the firmware is intended for the module and the security certificate includes the identifier for the removable medium, the module loads the firmware from the removable medium.

Abstract: A method of retrieval of items of particular relevance from a particular domain. A processor receives from a remote computing device a resource-identifying string that has a combination of a predefined notation and a resource-related sub-string. The processor uses the resource-identifying string to retrieve a subset of data items from within a data set, the subset of data items relating to a subset of resources within a set of resources available to be served by the particular domain over a distributed network. The processor uses the subset of data items to generate a list of the subset of resources and serves the list to the remote computing device.

Abstract: A method and circuit for implementing Electronic Fuse (eFuse) visual security of stored data using embedded dynamic random access memory (EDRAM), and a design structure on which the subject circuit resides are provided. The circuit includes EDRAM and eFuse circuity having an initial state of a logical 0. The outputs of the eFuse and an EDRAM are connected through an exclusive OR (XOR) gate, enabling EDRAM random data to be known at wafer test and programming of the eFuse to provide any desired logical value out of the XORed data combination.

Abstract: Systems and methods are provided that may be implemented to deliver firmware for pre-boot updates of targeted information handling system device/devices using custom update capsules (e.g., such as custom unified extensible firmware interface capsules) and a separately-stored firmware update package that is remotely or locally stored. The custom update capsules may contain instruction payload information that may be used to determine location and desired components of the separately-stored firmware update package, and that also may be used to determine whether existing driver/drivers are to be retained in a firmware module in system memory or to be unloaded and replaced with a new (e.g., upgraded or downgraded) driver version in a firmware module in system memory as part of the firmware update.

Abstract: Systems and methods for universal interception of events. The methods involve: intercepting functions performed by an OS object manager which specify Physical Events (“PEs”) occurring therein, each PE comprising a real-time event occurring in an OS in runtime; obtaining PE information indicating which PEs are specified by the intercepted functions being performed by the OS object manager; analyzing the PE information to identify Virtual Events (“VEs”) which are associated with each PE, where each VE comprises an event occurring when one of a plurality of operations is performed by an OS subsystem which facilitates an occurrence of a respective PE; filtering VE information specifying the VEs identified as being associated with the PEs so as to generate filtered information specifying only select ones of the VEs; and placing the filtered information is a queue for subsequent processing to detect malware threats to a computing device.

Abstract: According to a first aspect of the present invention there is provided a method of protecting a computer system from malware, which malware attempts to prevent detection or analysis when executed in an emulated computer system. The method comprises determining if an executable file should be identified as being legitimate and, if not, executing the executable file while providing indications to the executable file that it is being executed within an emulated computer system.

Abstract: Feedback received from users regarding potential problems with an application, service, or other source of electronic content can be configured to include additional information that help triangulate the source of the problem. Content provided by third parties can be combined with content from a primary provider, but the primary provider often will be unable to determine the precise instance of third party content that a user received that might have posed a problem for the user, as may relate to malware or another such issue. By configuring feedback submissions from users to automatically include identifying information, and by logging session data for various users, a content provider can analyze and filter the data to determine likely sources of the problem, and deactivate or otherwise address those sources. Further, the content provider can analyze the information to locate any users likely to have been exposed to the same third party content.

Abstract: A first candidate answer to a time-sensitive question received by a question answering (QA) system is identified using a first document. A first temporal confidence subscore of the first candidate answer is then calculated using a first temporal confidence rule. A first general confidence score is then generated based on at least the first temporal confidence subscore. A second candidate answer to the question is identified using a second document. A second temporal confidence subscore of the second candidate answer is then calculated using a second temporal confidence rule. A second general confidence score is then generated based on at least the second temporal confidence subscore. The first general confidence score and the second general confidence score are then compared. Based on this comparison, a final answer is selected from the first candidate answer and the second candidate answer.

Abstract: A computer-implemented method includes identifying first code for a content that has not been analyzed for purposes of transforming the first code before serving the code in response to future requests for the first code; analyzing the first code to identify portions of the first code that can be changed without affecting a manner in which the first code will function on client devices; subsequently receiving a request for the content; applying rules generated from analyzing the first code to a currently-served version of the first code, so as to obfuscated the currently-served version of the first code; and providing the obfuscated version of the currently-served version of the first code to a computing device that provide the request.

Abstract: A method, and system for implementing enhanced fast full synchronization for remote disk mirroring in a computer system. A source backup copy is made locally available to a target for remote disk mirroring. Sectors are identified that are different between the source and target. A hash function is used over a block to be compared, with an adaptive number of tracking sectors per block, starting with a minimum block size.

Abstract: According to one embodiment, a threat detection platform is integrated with at least one virtual machine that automatically performs a dynamic analysis of a received object and monitors the processing during the dynamic analysis for a change to a file system within the virtual machine wherein the change involves a lure file placed in the file system. The file system is configured based on a received configuration file. Upon detection of a change in the file system associated with a lure file, the changes associated with the lure file during processing are compared to known file activity patterns of changes caused by file altering malware to determine whether the object includes file altering malware.

Abstract: A computing device includes a processor and a persistent memory for storing information about a first public key associated with a first asymmetric key pair for authenticating the source of a digital certificate. The computing device also includes a second memory for storing one or more current key version indicators. Each of the current key version indicators is associated with a corresponding secondary public key, and the one or more current key version indicators are used by the processor to determine the trust of the corresponding secondary public key.

Abstract: A client module downloaded by web browser from a server receives authentication information to open a smart card in a card reader and to initiate a secure network connection to a first server module running on a server. The client module calls a second server module running on the server. And the client module receives a new application for the smart card. Then the client module causes the smart card to delete an old application and load the new application. Each of the operations performed by client module occurs in a single session.

Abstract: A first candidate answer to a time-sensitive question received by a question answering (QA) system is identified using a first document. A first temporal confidence subscore of the first candidate answer is then calculated using a first temporal confidence rule. A first general confidence score is then generated based on at least the first temporal confidence subscore. A second candidate answer to the question is identified using a second document. A second temporal confidence subscore of the second candidate answer is then calculated using a second temporal confidence rule. A second general confidence score is then generated based on at least the second temporal confidence subscore. The first general confidence score and the second general confidence score are then compared. Based on this comparison, a final answer is selected from the first candidate answer and the second candidate answer.

Abstract: A method in a wireless sensing device for authenticating a gateway device of a sensor network is described. The method includes receiving a certificate where the certificate was generated by the management server upon a determination that the gateway device and the wireless sensing device are associated and is a digital document including data and a digital signature, where the digital signature was generated by the management server based on the data and a private key of the management server, and where the data includes a first identifier and a second identifier; confirming that the wireless sensing device is authorized to upload data to the gateway device; in response to the confirming that the wireless sensing device is authorized to upload data to the gateway device, uploading to the gateway device data indicative of a plurality of sensor measurements taken over time to be transmitted to the management server.

Abstract: A method for tracking machines on a network of computers includes determining one or more assertions to be monitored by a first web site which is coupled to a network of computers. The method monitors traffic flowing to the web site through the network of computers and identifies the one or more assertions from the traffic coupled to the network of computers to determine a malicious host coupled to the network of computers. The method includes associating a first IP address and first hardware finger print to the assertions of the malicious host and storing information associated with the malicious host in one or more memories of a database. The method also includes identifying an unknown host from a second web site, determining a second IP address and second hardware finger print with the unknown host, and determining if the unknown host is the malicious host.

Abstract: A method, and system for implementing enhanced fast full synchronization for remote disk mirroring in a computer system. A source backup copy is made locally available to a target for remote disk mirroring. Sectors are identified that are different between the source and target. A hash function is used over a block to be compared, with an adaptive number of tracking sectors per block, starting with a minimum block size.

Abstract: A computer program includes a plurality of different types of computer program instructions. Prior to execution of the computer program, the computer the computer program instructions of each of the types. At a time during execution of the computer program, the computer counts the computer program instructions of each of the types. The computer, in response to determining that the count for one of the instruction types determined prior to execution of the computer program differs by at least an associated threshold value from the count for the same instruction type determined during execution, makes a record that the computer program has an indicia of maliciousness.

Abstract: A system and method for stemming flow of information from a negative campaign are described. A status for each node of a set of preselected nodes in a social network graph is identified. The status indicates whether a node has been infected with information from a negative campaign. A source and a flow of the negative campaign are identified based on the status of the nodes from the set of preselected nodes and a topology of the social network graph. A susceptibility score is computed for one or more nodes of the social network. The susceptibility score is computed using a measure of vulnerability of nodes that have not received the information based on the flow of the negative campaign, and a measure of reachability of nodes from the source. Nodes susceptible to adopting and spreading the information from the negative campaign are identified based on the susceptibility score.

Abstract: The software application for implementing intrusion prevention devices of the present invention has an information flow schema, mathematical calculation algorithm and a Web portal. The devices have built-in intelligence, which is used to match user's implementation requirements.

Abstract: A device receives data, identifies a context associated with the data, and identifies a script, within the data, associated with the context. The device parses the script to identify tokens, forms nodes based on the tokens, and assembles a syntax tree using the nodes. The device renames one or more identifiers associated with the nodes and generates a normalized text, associated with the script, based on the syntax tree after renaming the one or more identifiers. The device determines whether the normalized text matches a regular expression signature and processes the data based on determining whether the normalized text matches the regular expression signature. The device processes the data by a first process when the normalized text matches the regular expression signature or by a second process, different from the first process, when the normalized text does not match the regular expression signature.

Abstract: System and methods for a membership-based service or network to enable access to membership-related services are provided. A portal application for members, which is accessible via a mobile device of a member, transforms the mobile device of the member into a membership card, an instrument to provide information employable to access membership services, and an apparatus to access the membership-related services. A membership management server supports the portal application and facilitates provision of services to members by a membership provider.

Abstract: Methods and systems for automatic correction of security downgraders. For one or more flows having one or more candidate downgraders, it is determined whether each candidate downgrader protects against all vulnerabilities associated with the candidate downgrader's respective flow. Candidate downgraders that do not protect against all of the associated vulnerabilities are transformed, such that the transformed downgraders do protect against all of the associated vulnerabilities.

Abstract: Disclosed are an apparatus and method of verifying an application installation procedure. One example method of operation may include receiving an application at a computer device and initiating the installation of the application on the computer device. The method may also provide executing the application during the installation procedure and creating a hash value corresponding to the executed application data. The method may further provide storing the hash value in memory and comparing the hash value to a pre-stored hash value to determine whether to continue the installation of the application.

Abstract: In an embodiment, a system includes an electronic device having memory circuitry configured to store an application comprising a plurality of instructions. The system also includes processing circuitry configured to execute the application and an application authenticity check routine, wherein the application authenticity check routine includes instructions executable by the processing circuitry to use idle processing time to verify an authenticity of the application throughout execution of the application.

Abstract: Method, device, and storage medium to receive a request to authorize a release of protected resource data, wherein the request includes a device identifier that identifies a requesting device of the request and one or more indicators that indicate one or more instances of the protected resource data being requested; identify a sensitivity level for each indicator of the protected resource data; identify, based on the device identifier, contextual information that indicates a preferred type of consent of the requesting device in response to a determination that at least one of the one or more indicators require consent from a resource owner of the protected resource data; select a type of consent based on the contextual information and the one or more sensitivity levels; and transmit a request, to a user device associated with the resource owner, for consent from the resource owner according to the type of consent.

Abstract: Disclosed are systems and methods for controlling installation of programs on a computer. An exemplary system is configured to detect installation of an unknown program on a computer; suspend installation of the unknown program; execute the unknown program in a secure environment; detect undesirable actions of the unknown program, including: actions performed by the program without knowledge of a user, actions for accessing personal user data on the computer, and actions effecting user's working with other programs or operating system of the computer; determine whether the unknown program is undesirable or not based on the detected undesirable actions of the program; when the unknown program is determined be undesirable, prompt the user to select whether to allow or prohibit installation of the undesirable program on the computer; and when the unknown program is determined not to be undesirable, allow installation of the unknown program on the computer.

Abstract: One or more wireless communications device may include one or more domains that may be owned or controlled by one or more different owners. One of the domains may include a security domain having ultimate control over the enforcement of security policies on the one or more wireless communications devices. Another one of the domains may include a system-wide domain manager that is subsidiary to the security domain and may enforce the policies of one or more subsidiary domains. The system-wide domain manager may enforce its policies based on a privilege level received from the security domain. The privilege level may be based on the level of trust between an external stakeholder, such as an owner of a domain that is subsidiary to the system-wide domain manager, and the security domain.

Abstract: The present embodiments provide a method and system for rapidly scanning a file, wherein the method includes obtaining a data packet, the data packet comprising secure file characteristic information for determining whether a file in a system is a secure file, and scanning file characteristic information of files in the system one by one, if the currently scanned file characteristic information matches secure file characteristic information in the data packet identifying a file as a secure file, skipping an anti-virus scanning for the current file, and continuing to scan a next file. By using the data packet, when a new user performs a first scanning, a file with identical characteristic information as that in the data packet can be skipped, which can reduce the time for the first scanning.

Abstract: A first display server and a second display server execute on a processing device. The first display server provides a secure environment for data presented in first application windows of the first display server and the second display server provides an unsecure environment for data presented in second application windows of the second display server. The processing device receives at least one user command to copy data from one of the first application windows of the first display server to one of the second application windows of the second display server. The processing device prompts a user to perform an authentication upon receiving the at least one user command. In response to the user successfully performing the authentication, data is copied from said one of the first application windows to said one of the second application windows.

Abstract: Secure and remote operation of a remote computer from a local computer over a network includes authenticating at least one remote computer for connection to at least one computer over the network and/or at least one local computer for connection to at least one remote computer over the network; establishing a secure connection therebetween; and integrating a desktop of at least one remote computer on a display of at least one local computer. Functions that are performed may include one or more of: integrating a file structure of accessible files accessed at the second or first computer, into a file structure contained at the first or second computer, respectively; at least one of integrating a desktop of the second computer on a display of the first computer and integrating a desktop of the first computer on a display of the second computer; and directly operating the second computer from the first computer or the first computer from the second computer.

Abstract: A packet analysis apparatus and method and a VPN server, which secure evidence against a situation in which a hacker disguises a packet as a normal packet to make an attack using a VPN server as a router. The packet analysis apparatus includes a packet classification unit for gathering and classifying packets which are used between a host and the VPN server and plaintext packets which are used between the VPN server and a target. A first comparative analysis unit compares contents of an encapsulated IP datagram of each encrypted VPN packet, obtained by decrypting the encrypted VPN packet, with contents of a plaintext IP datagram included in each plaintext packet and present for a target to which the host desires to transfer the encrypted VPN packet. A second comparative analysis unit compares lengths of the encapsulated IP datagram and the plaintext IP datagram with each other.

Abstract: A nonvolatile memory device generates a signature using a private key and contents within the memory device. The signature is stored in a secure area within the nonvolatile memory device. A processor having the same private key also generates a signature that is stored in the clear. The processor validates the contents of the nonvolatile memory by comparing the signatures.

Abstract: The invention relates to a device for monitoring physical objects that comprises one or more short-range remote readers (13), memory elements (5) to be attached to physical objects, and a controller (15) adapted for executing a reading function capable of interaction with the one or more remote readers in order to acquire data contained in adjacent memory elements, and for executing an integrity validation function capable of distinguishing, from the acquired data, individual identifiers particular to each of the memory elements as well as group description data stored in at least some of said memory elements, and of checking the sufficiency of group description data while checking the compliance of individual identifiers with corresponding group description data.

Abstract: A method and a system for secure transfer of an application from a server (S) into a reading device unit (2) with authentication of a user with a data carrier unit (1), the server (S) making available the application, wherein, between the data carrier unit (1) and the server (S), a first cryptographically secured channel (K1) is set up based on first cryptographic information (A), and between a security module (3) of the reading device unit (2) and the server (S) a second cryptographically secured channel (K2) is set up based on second cryptographic information (B). The application is transferred from the server to the reading device unit via the second cryptographically secured channel (K2).

Abstract: A repackaged mobile app that has been unpacked and repackaged back is detected based on similarity of app labels of a target mobile app being evaluated and a reference mobile app. The similarity of the sound of the app label of the target mobile app to the sound of the app label of the reference mobile app may be determined. The similarity of the appearance of the app label of the target mobile app to the appearance of the app label of the reference mobile app may also be determined. The target mobile app may be deemed to be a repackaged mobile app when the app labels of the target and reference mobile apps are deemed to be similar (which may include being the same) but the target and reference mobile apps have different identifiers.

Abstract: An apparatus for cryptographic pre-boot authentication includes a cryptographic processor configured to perform cryptographic operations. The cryptographic processor includes a portion dedicated to the boot interface. The apparatus also includes a storage device storing machine readable code and a processor executing the machine readable code. The machine readable code includes a storage module storing a first cryptographic key on the cryptographic processor. The machine readable code further includes an encryption module encrypting an electronic message with a second cryptographic key. The machine readable code also includes a decryption module decrypting the electronic message with the first cryptographic key where an authorized user is granted access to a device upon successful decryption of the electronic message.