Abstract: A method of managing a file of a subscriber authenticating module embedded in a terminal device and a module for authenticating a subscriber by using the method. The method of managing the file includes configuring a file structure for one or more profiles and managing one or more files included in the file structure in response to a request. Thus, the method is efficient for a multiple-profile environment.

Abstract: The invention relates to providing alternate user communication based on user identification. A communication from a user may be received, and the communication may include an authentication credential from the user. When the user is determined to be an unauthorized user based on the authentication credential, the communication may be extended in order to capture more information from the unauthorized user, and to deter the unauthorized user from making other unauthorized access attempts. In addition to the extension of the communication with the unauthorized user, one or more additional alternate treatments may be presented to the unauthorized user in order to identify, track, and/or prevent access by the unauthorized user.

Abstract: A stochastic model is described for cybersecurity using a host access attack graph to determine network security risk. The model uses Markov chains in conjunction with vulnerability metrics to analyze risks associated with a number of different types of computing devices in various types of networks. The model can be used to identify critical nodes in a host access attack graph where attackers may be most likely to focus. Based on that information, a network administrator can make appropriate, prioritized decisions for system patching. Further, a flexible risk ranking technique is described, where the decisions made by an attacker can be adjusted using a bias factor. The model can be generalized for use with complicated network environments.

Abstract: In an embodiment, a computer system configured to improve security of client computer interacting with server computers comprises one or more processors; a digital electronic memory storing a set of program instructions which when executed using the one or more processors cause the one or more processors to: process a first set of original instructions that produce a first set of outputs or effects; generate a first set of interpreter instructions that define a first interpreter; generate a first set of alternate instructions from the first set of original instructions, wherein the first set of alternate instructions is functionally equivalent to the first set of original instructions when the first set of alternate instructions is executed by the first interpreter; send, to the first client computer, the first set of alternate instructions and the first set of interpreter instructions.

Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for vulnerability assessment and hash generation for exterior data deployment. In this way, the system utilizes a vulnerability assessment to generate a permit to send approval for dissemination of data, files, or the like outside of the entity via an electronic communication. The vulnerability assessment determines a permit to send status for the communication. The system may then generate a hash for the communication and embed the hash within the data of the communication. Upon sending, the entity will only permit communications with a known hash embedded therein from being transmitted outside of the internal entity network.

Abstract: The disclosure is directed to a system for improving security of SSL communications. The system can include an device intermediary between one or more servers, one or more clients, a plurality of agents, and a web service. The servers can be configured to receive SSL connections and issue SSL certificates. The device can include a virtual server associated with a respective one of the servers, such that the SSL certificate of the respective server is transmitted through the device. The device can generate service fingerprints for the one or more servers. Each service fingerprint can include information corresponding to an SSL certificate of the virtual server, one or more DNS aliases for a virtual IP address of the respective virtual server, one or more port numbers serving the SSL certificate, and an IP address serviced by the device. The device also can transmit the service fingerprints to a web service.

Abstract: The present disclosure provides a password management process and system. The updating of the password data in the process and system is performed based, at least in part, on the functional account data and corresponding scheduling data, said scheduling data representing criteria for updating the password of, at least, the particular functional account.

Abstract: Aspects of the present disclosure involve systems, methods, computer program products, and the like, for data center redundancy in relation to a computer network. In particular, the present disclosure provides for one or more available redundant data centers, or bunkers, associated with a computer network. In one embodiment, the bunker data centers are configured to absorb traffic intended for an application operating on a data center when the traffic threatens to overwhelm the application. For example, during a distributed denial of service (DDOS) attack, the bunker data centers are configured to absorb some of the traffic from the DDOS attack to prevent the application that is the target of the attack from being overwhelmed.

Abstract: A service controller includes a network interface for coupling to a local area network of a hospitality establishment, and one or more processors coupled to the network interface. The one or more processors are configured to detect a device identifier of a user device on a local area network of a hospitality establishment, determine whether a guest of the hospitality establishment is associated with the device identifier, and automatically activate a service for the user device at the hospitality establishment in response to detecting the device identifier on the local area network when a guest of the hospitality establishment is determined to be associated with the device identifier.

Abstract: In an approach, a certificate authority management device comprises a computing device with an operating system that supports certificate authority software, a power port with shutter door, a first key slot for an administrative user to enable use of the certificate authority management device in response to an insertion of a first key, a second key slot for management of a plurality of hybrid security keys in response to an insertion of a second key, and a touchscreen with graphical user interface.

Abstract: Embodiments herein relate to a method and an information appliance device having a unique access card for preventing security breach in the information appliance device. A multimedia content server transmits a one-time access key to both the information appliance device and a user of the information appliance device. The user must input the access key to the information appliance device. The information appliance device verifies the access key and provides access to the user for the multimedia services, by activating a periodic activation key upon successful verification of the access key. Therefore, even if unauthorized user tries to skip the access key verification process through modification of access cards used in information appliance device, the unauthorized user cannot access the multimedia service due to lack of the periodic activation key required for activating multimedia service. Hence, security breach such as, cloning or duplication of the access cards will be minimized.

Abstract: The public enclave key of each enclave in an enclave pool may be registered in an enclave pool registry, and the registry updated each time there is an enclave pool membership change. A shared enclave pool key may be derived from the public enclave key of each enclave of the enclave pool. The shared enclave pool key may be stored, in a shared key ledger, as a first version of the shared enclave key, and an updated version of the shared key may be generated and stored as another version each time there is an enclave pool membership change. The output of a cryptlet that executed in multiple enclaves may be signed with the enclave private key of each enclave in which the cryptlet executed. Each enclave signature may be compared against each version of the of the shared enclave pool key in the shared key ledger.

Abstract: In systems and methods of managing a document with an authenticated document biosignature, a processor of a verification device may receive an image based on a user selection. The processor may calculate a base verification score associated with a user based on at least one identification input, the identification input including one or more identification features, wherein at least one of the identification features includes a biometric identification feature. The processor of the verification device may generate a glyph based on the selected image, the base verification score and the at least one identification input. The glyph may be associated with a document, and may be used to verify the identity of the user associated with the glyph.

Abstract: The present disclosure is directed towards systems and methods for evaluating or mitigating a network attack. A device determines one or more client internet protocol addresses associated with the attack on the service. The device assigns a severity score to the attack based on a type of the attack. The device identifies a probability of a user account accessing the service during an attack window based on the type of attack. The device generates an impact score for the user account based on the severity score and the probability of the user account accessing the service during the attack window. The device selects a mitigation policy for the user account based on the impact score.

Abstract: A system and method are provided to select mitigation parameters. The method includes receiving selection of at least one mitigation parameter, accessing a selected portion of stored network traffic or associated summaries that corresponds to a selectable time window, applying a mitigation to the selected portion of the stored network traffic or associated summaries using the selected at least one mitigation parameter, and outputting results of the applied mitigation.

Abstract: A request is received from a deployer associated with an application to create an instance broker service instance. A request is received from the deployer to bind the instance broker service instance to the application. Instance broker credentials associated with the instance broker service instance are received and provided to the application. The application uses the instance broker credentials to access the instance broker service instance and determines whether to create a new service instance using the instance broker service instance.

Abstract: Systems, methods, and related technologies for device compliance monitoring are described. In certain aspects, one or more compliance rules associated with a device classification are used to determine a compliance level of a device. The one or more compliance rules may be based on a standard. An action can be initiated based on the compliance level.

Abstract: An online system determines the likelihood of an interaction between a user and a content item being an invalid interaction. The online system receives an indication of an interaction of a client device with a content item. The online system identifies a device ID for the client device and determines whether the device ID is associated with one or more browser IDs. If the device ID is not associated with any browser ID, the received interaction is likely an invalid interaction. The online system may further determines the likelihood of an online publisher manufacturing interactions. The online system determines a number of invalid interactions and a number of valid interactions associated with the online publisher. The online system determines a ratio between the number of invalid and valid interactions. If the ratio is larger than a threshold value, the online system determines that the online publisher is likely manufacturing interactions.

Abstract: The disclosed computer-implemented method for authenticating applications installed on computing devices may include (i) requesting to download, onto an endpoint device, an application from a host server, (ii) receiving the application from the host server after the host server has (a) generated an authentication token to be used to authenticate the application on the endpoint device and (b) embedded the authentication token within a filename of the application, (iii) installing the application onto the endpoint device, (iv) identifying the authentication token within the filename of the application, and (v) using the authentication token to authenticate the endpoint device to the application such that a user of the endpoint device is provided access to the application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Disclosed is a system having a plurality of user devices, a plurality of databases, and servers in communication over a network. Each of the devices synchronizes one or more address books comprising contact information. The contact information is enhanced and then cleansed. The enhanced contact information is then hashed so that the personally identifiable information is made unavailable. The system then identifies common contacts representing the same real person and creates a single composite view of the person. Thereafter, the system shares the single composite view between users while obfuscating information that personally identifies such contacts.