Abstract: Described embodiments include an apparatus, comprising a communication interface and a processor. The processor is configured to obtain an NT Local Area Network Manager (NTLM) authentication token, which authenticates a client device to a service using an NTLM authentication protocol. The processor is further configured to, subsequently to obtaining the NTLM authentication token, receive, via the communication interface, from another processor that belongs to the client device, a challenge that was sent to the client device by the service in response to a request, from the client device, to access the service. The processor is further configured to, using the NTLM authentication token, compute a response to the received challenge, and to communicate the computed response to the client device, without exposing the NTLM authentication token to the client device. Other embodiments are also described.

Abstract: Sensitive data is protected in a software product. A source file of the software product is compiled to generate an object file, in which the source file includes at least one piece of sensitive data marked with a specific identifier. The object file has a secure data section for saving storage information of the at least one piece of sensitive data at compile-time and run-time. The object file is linked to generate an executable file. The executable file updates the secure data section at run-time. Sensitive data is also protected when a core dump is generated.

Abstract: Challenge-response authentication process of a secure element (SE) in a micro controller unit (MCU) devoid of a random number generator. The process includes the following steps conducted by the micro controller unit (MCU): receipt of at least one random datum (T, IDX) generated randomly by the secure element (SE), generation of a challenge datum (Z) specific to the micro controller unit (MCU) from the received random datum (T, IDX), sending of the generated challenge datum (Z) to the secure element (SE), receipt of a response datum (R) generated by the secure element (SE) as a function of the challenge datum (Z), and determination of an authentication result as a function of the received response datum.

Abstract: A method for providing a message hidden service in a chatting window, including: A) confirming whether a received message is a message set as a hidden message from a transmitter when the message is received from a chatting server; (B) confirming whether the received message is set in a hidden setting mode from the receiver when the confirmed result is confirmed as the hidden message; (C) displaying the received hidden message on an independent position separately from a region of the display unit of the device by instructing the received message to be processed by a hidden message processing unit when the received message is the hidden message set by the transmitter and set in the hidden mode state set by the receiver, and (D) hiding the hidden message displayed on the display unit after a predetermined constant time.

Abstract: An online system determines the likelihood of an interaction between a user and a content item being an invalid interaction. The online system receives an indication of an interaction of a client device with a content item. The online system identifies a device ID for the client device and determines whether the device ID is associated with one or more browser IDs. If the device ID is not associated with any browser ID, the received interaction is likely an invalid interaction. The online system may further determine the likelihood of an online publisher manufacturing interactions. The online system determines a number of invalid interactions and a number of valid interactions associated with the online publisher. The online system determines a ratio between the number of invalid and valid interactions. If the ratio is larger than a threshold value, the online system determines that the online publisher is likely manufacturing interactions.

Abstract: The disclosed computer-implemented method for detecting covert channels structured in Internet Protocol (IP) transactions may include (1) intercepting an IP transaction including textual data and a corresponding address, (2) evaluating the textual data against a model to determine a difference score, (3) determining that the textual data is suspicious when the difference score exceeds a threshold value associated with the model, (4) examining, upon determining that the textual data is suspicious, the address in the transaction to determine whether the address is invalid, (5) analyzing the transaction to determine a frequency of address requests that have been initiated from a source address over a predetermined period, and (6) identifying the transaction as a covert data channel for initiating a malware attack when the address is determined to be invalid and the frequency of the address requests exceeds a threshold value. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present invention relates to systems and methods for detecting anomalies in computer network traffic with fewer false positives and without the need for time-consuming and unreliable historical baselines. Upon detection, traffic anomalies can be processed to determine valuable network insights, including health of interfaces, devices and network services, as well as to provide timely alerts in the event of attack.

Abstract: A cyber attack information processing apparatus includes a memory and a processor configured to, when a first system obtains first information regarding a cyber attack from a first terminal, store the first information in a state that the first information is accessible to a second terminal that is capable of accessing the first system, convert the first information having a first data structure into second information having a second data structure usable by a second system wherein the second information is to be provided for the second system, when the second system obtains third information regarding another cyber attack, convert the third information having the second data structure into fourth information having the first data structure, and provide the second terminal with the fourth information.

Abstract: Disclosed is a secure document management system, for example, for documents pertaining to drug discovery. A document and its metainformation are obtained, and value features are extracted from the document based on identification of concepts associated with the document. An importance score of the document is determined based on the value features and the metainformation. A summarized view of the document is constructed based on the value features, the metainformation, the concepts and the importance score. A unique identifier is generated for the document and associated with the summarized view and the concepts of the document. A search query is processed, and the summarized view of the document is retrieved and displayed based on the query. A request for accessing the document is validated, and document access is allowed when the request is validated successfully. The document management may, for example, be facilitated using a blockchain platform.

Abstract: A Man in the Middle (MitM) computer receives a first session identifier from a client for a first communication session between the client and a server, and monitors Transport Layer Security (TLS) communication sessions between the client and the server, where the first session identifier is one of an unknown session identifier and an invalid session identifier. In response to receiving the first session identifier from the client, the MitM computer performs one of: requesting a second session identifier from the server for a second communication session if the first session identifier is an unknown session identifier; and transmitting, to the client, an instruction to flush a session cache in the client, where flushing the session cache in the client forces the client and the server to establish a full TLS handshake in order to obtain a session key if the first session identifier is an invalid session identifier.

Abstract: In one implementation, a method for providing security on externally connected controllers includes receiving, at a server system, operation information for a plurality of instances of a controller, the plurality of instances being installed across a plurality of devices; statistically analyzing, by the server system, the operation information; identifying, by the server system, one or more anomalous controller behaviors based on the statistical analysis; and providing, by the server system, information regarding the one or more anomalous controller behaviors on the controller as potential security threats.

Abstract: A method is provided for protecting a vehicle network of a vehicle against manipulated data transmission, in which the vehicle network includes multiple network nodes, and at least one first network node in the vehicle network in a normal mode checking a first received message as to whether the first received message is a message assigned to the first network node in the normal mode, but which the first network node did not transmit. The first network node in a diagnostic mode further checks a second received message as to whether the second received message is a message assigned to the first network node in the normal mode or in the diagnostic mode, but which the first network node did not transmit.

Abstract: Event information of a computing device is obtained. The event information characterizes events occurring at the computing device. Two or more of the events are grouped into an event group. The event group defines an activity. The event group is classified to classify the activity. The activity and one or more related activities are chained into a sequence. The sequence defines a behavior. Context is added to the sequence to determine a contextual behavior. A security threat is detected based on the contextual behavior.

Abstract: An electronic device includes a communication interface and at least one processor configured for: transmitting to or receiving from a second electronic device over proximity-based communication channel an introduction message including a first encryption key; receiving, from a server via the at least one communication interface, a challenge notification providing notification of a challenge to be completed to initiate a data process, the challenge notification including or providing access to at least one data field associated with a verification challenge; identifying, from the at least one data field, an encrypted challenge response value; decrypting the encrypted challenge response value with a key corresponding to the first encryption key; and transmitting the decrypted challenge response value to the server to complete the challenge to initiate the data process.

Abstract: A GUI to configure user access to a secure device. For signals received by a secure device from a user device, the GUI enables a user to intuitively configure a range of signal strength of such signals required to allow user devices access to the secure device or an application residing thereon. The GUI may present a distance range icon that visually presents a range of signal strength as a distance, each point along the length corresponding to a signal strength value. The GUI may include a control for controlling the distance range icon, and may present a user device icon for a user device currently within the signal reception range of the secure device. The user device icon may be presented in spatial relation to the distance range icon, thereby visually informing a user of the relative distance of the user device from the secure device.

Abstract: Systems and methods are disclosed for enhancing cybersecurity in a computer system by detecting safeness levels of executables. An installation lineage of an executable is identified in which entities forming the installation lineage include at least an installer of the monitored executable, and a network address from which the executable is retrieved. Each entity of the entities forming the installation lineage is individually analyzed using at least one safeness analysis. Results of the at least one safeness analysis of each entity are inherited by other entities in the lineage of the executable. A backtrace result for the executable is determined based on the inherited safeness evaluation of the executable. A total safeness of the executable, based on at least the backtrace result, is evaluated against a set of thresholds to detect a safeness level of the executable. The safeness level of the executable is output on a display screen.

Abstract: Techniques for secure pairing for devices with Near Field Communications (NFC) tags equipped with authentication are provided. In one aspect a device with a passive near field communication tag including a private key for authentication is provided. The device may send a challenge request to a host device including an active NFC tag via a wireless communication protocol. The challenge request may be combined with a shared secret value known to the device and the host device to create a challenge request seed. The challenge request seed may be combined with the private key to compute a verified challenge request response. A challenge request response may be received from the host device via the wireless communication protocol. The challenge request response and verified challenge request response may be compared to authenticate the host device to the device.

Abstract: Examples of the present disclosure describe systems and methods relating to user-session management in a zero-knowledge environment. When a user authenticates with a computing service to begin a session, a credential-cipher key is used to encrypt the user's authentication credentials, thereby generating session-resume data. The computing service stores the credential-cipher key, such that it is not retained by the user's computing device. Accordingly, when the user resumes the session, a resume request is generated to retrieve the credential-cipher key from the computing service, wherein the request is validated before providing the key. Upon successful validation, the computing service provides the credential-cipher key, which is then used to decrypt the session-resume data and regain access to the user's authentication credentials.

Abstract: A voiceprint certification method is provided. The method is applicable to an electronic device which records a plurality pieces of user information and a plurality of voiceprints of a plurality of verification words corresponding to each piece of user information. The method includes: receiving first user information among the plurality pieces of user information; selecting at least one first verification word from the verification words corresponding to the first user information and generating a random verification sentence including the at least one first verification word, to prompt a user to read the random verification sentence; and certifying the user by comparing a user input sentence with the random verification sentence and by determining whether a voiceprint corresponding to the first verification word in the user input sentence matches the voiceprint of the first verification word corresponding to the first user information recorded in the electronic device.

Abstract: Disclosed are systems and methods generating a convolution function for training a malware detection model. An example method comprises generating, by a processor, a plurality of behavior patterns based on one or more logs of commands executed on a computing device, calculating, by the processor, an effectiveness of each of a plurality of methods for machine learning based on the plurality of behavior patterns, determining, by the processor, a preferred method for machine learning from the plurality of methods for machine learning by selecting the preferred method as a method with the greatest effectiveness from the plurality of methods for machine learning, obtaining, by the processor, parameters of the malware detection model by applying convolution functions to the plurality of behavior patterns, training, by the processor, the malware detection model to detect malicious files using the preferred method for machine learning.