Abstract: The present disclosure is directed towards systems and methods for scanning of a target range of IP addresses to verify security certificates associated with the target range of IP addresses. Network traffic may be monitored between a plurality of clients and a plurality of servers over an IP address space. Traffic monitors positioned intermediary to the plurality of client and the plurality of servers can identify a target range of IP addresses in the address space for targeted scanning. The target range of IP address may be grouped into a priority queue and a scan can be performed of the target range of IP addresses to verify a security certificate associated with each IP address in the target range of IP addresses. In some embodiments, a rogue security certificate is detected that is associated with at least one IP address in the target range of IP addresses.

Abstract: Methods and systems for secure messaging may involve receiving an encrypted message from a node, decrypting the message using a default key, sending a message, rotating a group key, and distributing a key rotation message. The message received may be to discover a master of a group. The message sent may welcome the node into the group as a member. The welcome message may be encrypted with the default key and may include information to determine the group key. The group key may be rotated based on an expiration of a group key rotation window. The group key may become a prior group key and the rotated group key may be a current group key. The key rotation message may be encrypted with one of the default key or the prior group key and may include information to determine the current group key.

Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for layering authorization of resource distribution documents within an entity. In this way, the invention generates a multi-step layering process for resource distribution document generation. As such, each individual involved in resource distribution document generation process may add a unique layer to the resource distribution document prior to being authorized for use. Once the several layers have all been applied to the resource distribution document, the document becomes authenticated and approved for use. In some embodiments, the layers may include physical layers on the resource distribution document, such as account numbers, signature lines or the like. In some embodiments, the layers may include digital layers that combine to create a digital or physical marking on the resource distribution document identifying authentication for depositing.

Abstract: In one embodiment, a device generates one or more time series of characteristics of client-server communications observed in a network for a particular client in the network. The device partitions the one or more time series into sets of time windows based on patterns present in the characteristics of the client-server communications. The device compares the characteristics of the client-server communications from the partitioned time windows to determine measures of behavioral similarity between the compared time windows. The device provides the measures of behavioral similarity between the compared time windows as input to a machine learning-based malware detector. The device causes performance of a mitigation action in the network when the machine learning-based malware detector determines that the particular client in the network is infected with malware.

Abstract: Techniques are described for delivering one or more first resources of a page using a first security level, and delivering one or more second resources of a page using a second, different security level. A page is generated to include elements identifying resources to be presented in the page, and the elements may include security level identifiers indicating a security level to be employed in communicating the corresponding resource. Each security level may be associated with a set of security measures that ensure the integrity or confidentiality of the resource while it is communicated. The use of multiple security levels to communicate multiple resources may provide appropriate security for each resource, reducing latency and overhead in page generation, communication, and rendering.

Abstract: The present invention relates to systems and methods for detecting anomalies in computer network traffic with fewer false positives and without the need for time-consuming and unreliable historical baselines. Upon detection, traffic anomalies can be processed to determine valuable network insights, including health of interfaces, devices and network services, as well as to provide timely alerts in the event of attack.

Abstract: A method of authenticating the legitimacy of a request for a resource from a resource provider by a user, including providing an authentication process in which a resource provider message is received and de-assembled, the integrity of the user request message is confirmed, a result indicator as to the legitimacy of the resource provider message is created by performing two or more authenticity checks, and an authentication result is sent.

Abstract: Sensitive data is protected in a software product. A source file of the software product is compiled to generate an object file, in which the source file includes at least one piece of sensitive data marked with a specific identifier. The object file has a secure data section for saving storage information of the at least one piece of sensitive data at compile-time and run-time. The object file is linked to generate an executable file. The executable file updates the secure data section at run-time. Sensitive data is also protected when a core dump is generated.

Abstract: A home network system using a Z-Wave network includes a wired/wireless Z-Wave bridge having a Z-Wave communication unit to which a plurality of home automation devices are accessed through the Z-Wave network and an Ethernet communication unit which is accessed to a main server through the Internet, and a main server providing an application for a remote control of the home automation device, and performing MAC authentication to allow access to the wired/wireless Z-Wave bridge upon request by the portable terminal, in which the MAC authenticated portable terminal of the wired/wireless Z-Wave bridge is accessed to the home automation devices to perform remote control.

Abstract: A first apparatus performs a pairing providing process of displaying a provision string on the first apparatus and transmitting the provision string to a server apparatus, the provision string being of a given number of digits that changes every given amount of time in such a manner that, every given amount of time, the provision string is subjected to carrying and a new character is added to the rightmost digit of the provision string. A second apparatus transmits an acceptance string to the server apparatus, the acceptance string being input from the second apparatus based on the provision string displayed on the first apparatus. The server apparatus compares the provision string with the acceptance string, and determines that pairing is established between the first apparatus and the second apparatus when the provision string and the acceptance string match each other.

Abstract: The present invention discloses a method for controlling transmission security of an industrial communication flow based on an SDN architecture. The method comprises: designing a flow security control module in a management controller, performing in-depth parsing on industrial communication flow data, matching the parsing result with each preset industrial rule policy, and executing a control processing operation of the industrial rule policy, to implement transmission control of an industrial communication flow. The management controller comprises an industrial rule policy database used for storing all industrial rule policies set by a user. An SDN switch maintains a structure of a flow table, and an industrial communication flow is forwarded according to the flow table. The flow table comprises a security control identifier used for indicating whether security transmission of this communication flow needs to be controlled.

Abstract: The present disclosure generally relates to an interface system and method of interfacing to generate data compatible with an external system in an oil and gas asset supply chain, and in particular to an interface and interface method for generating secure and verifiable data to prevent tampering, injection of unwanted data resulting from an unauthorized access along a supply chain. An interface generates and transforms data in an oil and gas supply chain for compatibility with external systems. Collected data is captured by an industrial control system sensor or data collector, which is transferred in a secure intermediary hardware platform to interface with a software component. The collected data is then modified using a business rules engine to create enhanced data and events created from the enhanced data.

Abstract: Disclosed methods and systems discover trust and security information indicative of trust and security capabilities of information handling resources. Based on the trust and security information and a corresponding algorithm, a trust index may be calculated for a particular system. Trust index values may be used to influence subsequent placements of virtual machines, application services, or other objects. Discovery may include invoking resource-specific trust and security discovery adapters to access a resource manifest indicating an interface and trust and discovery artifacts associated with the resource of interest and determine which, if any, of the applicable trust and discovery artifacts are implemented in the applicable system.

Abstract: Disclosed are various examples of securely distributing certificates to client devices. A uniform resource locator (URL) is sent to a client device, wherein the URL represents an address from which the client device can request a user certificate. A certificate for a registration authority is sent to the client device, wherein the certificate comprises a first public key and a first private key. A certificate signing request (CSR) received from the client device at the URL is decrypted, wherein the CSR is encrypted with the first public key. The CSR is validated based at least in part on the URL sent to the client device. The user certificate is then sent to the client device.

Abstract: There is provided a data processor implemented method for dynamic authentication of an object. There is also provided non-transitory computer readable storage mediums and systems for carrying out dynamic authentication of an object.

Abstract: In one implementation, a method for providing security on externally connected controllers includes receiving, at a server system, operation information for a plurality of instances of a controller, the plurality of instances being installed across a plurality of devices; statistically analyzing, by the server system, the operation information; identifying, by the server system, one or more anomalous controller behaviors based on the statistical analysis; and providing, by the server system, information regarding the one or more anomalous controller behaviors on the controller as potential security threats.

Abstract: An incident manager application (IM) for responding to data security incidents in enterprise networks is disclosed. An IM tracks the incidents in an enterprise network by storing incident objects and incident artifact (IA) metadata created for the incidents, where the incident objects and IAs include information concerning the incidents. Incident response team (IRT) personnel of the enterprise networks can define action conditions within the IM that are associated with the incident objects. When the information within the incident objects and/or IAs meets the defined action conditions, the IM includes the objects that cause the action conditions to be satisfied in messages. Devices such as user account databases and configuration servers within the enterprise network can then download the messages and execute actions that reference the objects extracted from the downloaded messages to implement a response to the incidents.

Abstract: The present invention provides a method of identifying aggregating and mathematically ranking security alert data having the steps of identifying a plurality of alerts, selecting a subset of the plurality alerts based on at least one preselected theme, applying a function to the subset of the plurality alerts to compute an aggregate risk score, the function based on at least one factor and prioritizing the aggregate risk score in a risk score list.

Abstract: An example system includes a plurality of containers associated with a plurality of tenants. The plurality of containers are to execute code in isolation for the associated plurality of tenants. The system also include a container daemon communicatively coupled to the plurality of containers via an internal proxy. The container daemon is to provide a service to the plurality of containers. The internal proxy is to receive a daemon access policy. The internal proxy is to further intercept a daemon command from a container. The internal proxy is to detect that the container is allowed access to the container daemon based on the daemon access policy. The internal proxy is to also generate a modified daemon command and forward the modified daemon command to the container daemon.

Abstract: In one embodiment, a system includes a sender host having a processing circuit and logic integrated with and/or executable by the processing circuit. The logic is configured to cause the processing circuit to select a plurality of base parameters commonly identifiable by a sender host and a receiver host and determine at least one external event that triggers a change in selection of the plurality of base parameters to a plurality of changed parameters. The logic also causes the processing circuit to generate a unique security key using the plurality of base parameters in response to a determination that the at least one external event has not occurred, generate the unique security key using the plurality of changed parameters in response to a determination that the at least one external event has occurred, and send, by the sender host, a message including the unique security key to the receiver host.