Abstract: The real-time cyber threat indicator verification mechanism technology (hereinafter “TIVM”) instantiates one or more virtual client emulators to access a source of a threat, in response to a received threat indicator, so as to evaluate validity and/or severity of the potential threat. In one embodiment, the TIVM may receive a cyber threat indicator having identifying information of a cyber threat source; instantiate, in response to the cyber threat indicator, a virtual client emulator; send a control message to cause the virtual client emulator to interact with the cyber threat source based on the identifying information; obtain a confidence indicator relating to the cyber threat indicator based on interaction between the virtual client emulator and the cyber threat source; and generate a cyber threat indicator confirmation report including the confidence indicator.

Abstract: Methods and systems for managing encrypted network traffic using spoofed addresses. One example method includes receiving a request to resolve a domain name; determining that the domain name is included in a predetermined set of domain names; associating a spoofed address with the domain name; sending a response to the request to resolve the domain name including the spoofed address; receiving a secure request for a resource, the secure request directed to the spoofed address; identifying a user identity associated with the secure request; determining that the secure request is directed to the domain name based on the association between the spoofed address and the domain name; and selectively decrypting and/or blocking the secure request based at least in part on determining that the secure request is directed to the domain name and based at least in part on the user identity associated with the secure request.

Abstract: Method to detect cloned software being used on a client user unit. An initialization phase comprises: defining a tag value as being equal to an initial random value, opening a new record storing the tag value and introducing the tag value into the client user unit. An operating phase comprises: preparing a client message comprising the request and a value depending on the tag value; sending the client message to the server; and checking if the tag value of the client message is correct with respect to the stored tag value. If they do not match, the requested service is denied. If they do match, the method sends a server message to the user unit; updates the tag value with a new tag value; and stores the new tag value on the server and user unit.

Abstract: An authentication system and method thereof capture an image of a user and extract biometric features of the user from the image to determine whether a stored biometric feature matches with the extracted biometric features. If there is a match, an interactive information is generated to invite the user to perform actions shown or specified or described by the interactive information. The user will be authenticated if an action of the user matches the required action in a timely fashion. An electronic device using the same is also provided.

Abstract: The present invention relates to data communication systems and protocols utilized in such systems.

Abstract: A computer-implemented method for identifying variants of samples based on similarity analysis may include (1) collecting, from security agents on endpoint computing systems, metadata attributes that describe samples identified by the security agents over an initial period of time, (2) collecting metadata attributes that describe a current sample identified after the initial period of time, (3) comparing at least two of the metadata attributes that describe the current sample with corresponding metadata attributes of the samples identified over the initial period of time, (4) designating the current sample as related to another sample from the samples identified over the initial period of time based on the comparison of the two metadata attributes, and (5) performing a security action to protect a user from malware based on the designation of the current sample as related to the other sample. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system, method, and device are presented for assessing a target network's vulnerability to a real cyberthreat based on determining policy-based synthetic tests configured to model the behavior of the cyberthreat. Real-time feedback from the target network (e.g., servers, desktops, and network/monitoring hardware and/or software equipment) are received, analyzed, and used to determine whether any modifications to the same or a new synthesized test is preferred. The technology includes self-healing processes that, using the feedback mechanisms, can attempt to find patches for known vulnerabilities, test for unknown vulnerabilities, and configure the target network's resources in accordance with predefined service-level agreements.

Abstract: A system includes reception of authorization information associated with one or more database server sessions of a first user, the authorization information associating the first user, a second user, and an authorization period, establishment of a first database server session of the first user, establishment of a second database server session of the second user, reception, from the second user, of a request to debug the first database server session, determination, based on the authorization information, that the second user is authorized to debug the first database server session, and, in response to the determination, attachment of the second database server session to the first database server session, and transmission of debugging information of the first database server session to the second user.

Abstract: A verification method and system are disclosed that verify a user. The user is provided a verification code via, for example, a website, to be communicated to the system via an application on a mobile communication device. If the correct verification code is communicated by the user, the user receives via the application a verification message containing another verification code, which the user submits to a website or on-line form or to another verification system for authentication.

Abstract: Techniques for process security validation are described herein. In one example, a method includes determining, via a processor, that a process is in a first idle state based at least in part on system activity and process activity being below an activity threshold. The method can include detecting, via the processor, that the first idle state of the process transitions to an active state of the process based at least in part on the system activity or the process activity being above the activity threshold, and detecting, via the processor, that the active state of the process transitions to a second idle state based at least in part on the system activity and the process activity being below the activity threshold. Furthermore, the method can include generating, via the processor, the security validation data in response to detecting that the process has executed malicious content during the active state.

Abstract: A computer implemented method for detecting vulnerability status of a target having interfaces and ports is provided. The method comprises tracking the occurrence of an event including at least one of a network interface becoming active and/or inactive, start and/or stop of a client network service using a port on an active network interface, start and/or stop of a server network service running on a port on an active network interface, and start and/or stop of a network service that does not entail the use of any port. A notification is generated that a possible vulnerability status altering event has occurred. Tracking the occurrence of the event includes tracking using at least one of an operating system (OS) service, an OS command, a hook, and an API.

Abstract: Systems, methods, and other embodiments associated with rotating keys for a memory are described. According to one embodiment, a memory system comprises a memory controller configured to control access to a memory and to process memory access requests. Rekeying logic is configured to rotate a first key that was used to scramble data in the memory and re-scramble the data with a second key by: determining when the memory controller is in an idle cycle and performing a rekeying operation on a portion of the memory during the idle cycle, and pausing the rekeying operation when the memory controller is not in an idle cycle to allow memory access requests to be performed and resuming the rekeying operation during a next idle cycle.

Abstract: A method of operating a portable terminal for encrypting application data is provided. The method includes receiving data input to an application, encrypting the received data by using at least one of an application unique key and a combination of a device unique key of the portable terminal and an application IDentification (ID) that is globally unique, and storing the encrypted data.

Abstract: Apparatus and methods for licensing include executing a base application on a device, initiating a transaction with an application store to obtain access to a subordinate licensable item that is usable by the base application, receiving a transaction receipt corresponding to the transaction for the subordinate licensable item, and obtaining, from a license server, a subordinate license that corresponds to the subordinate licensable item. Additionally, the apparatus and methods may include storing a base license for a base application on a device, acquiring a subordinate license for a subordinate licensable item usable by the base application, receiving a request to execute the base application, enforcing, by a license agent service on the device, the base license with respect to executing the base application, and enforcing, by the base application, the subordinate license during execution of the base application.

Abstract: The present invention relates to telemetry methods and systems and more particularly, to telemetry network connectivity systems, devices and methods. In accordance with various embodiments, a suite of software components configured to provide machine-to-machine network connectivity includes a configurable device translation server module, a complex message constructor and at least one database. In some embodiments the suite of software components, specifically the complex message constructor, may be configured to authenticate commands between an interface and the device translation server. Additionally, the suite of software components, specifically the complex message constructor, may be configured to manage messages between the interface and the device translation server. Managing messages may include initiating alerts and notifications based on a comparison of programming and substantially synchronous and stored information.

Abstract: A storage system for application servers is disclosed. The storage system comprises a network-attached storage device comprising a plurality of files that include a plurality of server applications in a plurality of network zone directories. Each of the network zone directories corresponds to one of a plurality of network zones. Access is restricted between each of the network zones. The storage system also comprises one or more application servers in each of the network zones. Each application server is configured to mount only a network zone directory of the network zone directories corresponding to a network zone of the network zones within which the corresponding application server resides based on a policy associated with the network-attached storage device and access one or more of the files including at least one server application of the server applications in the network zone directory.

Abstract: Exemplary embodiments provide various techniques for managing groups of authenticated entities. In one exemplary computer-implemented method, an entity accesses a group roster that includes a first group identifier identifying a first group, a first group digital certificate associated with the first group, and a first entity identifier identifying the entity being a member of the first group. The entity also receives a request to update the group roster. Here, the request includes a second group identifier identifying a second group and a second group digital certificate associated with the second group. In response to the request, the entity replaces the first group identifier in the group roster with the second group identifier. Additionally, in response to the request, the entity replaces the first group digital certificate with the second group digital certificate. The replacements change a membership of the entity from the first group to the second group.

Abstract: In a resource-on-demand environment, dynamically created server instances are allowed to boot from encrypted boot volumes. Access keys to the boot volumes are provided from a key provider that authenticates new instances based on possession of a security token that has been previously shared between the key provider and the new instance through an out-of-band communication.

Abstract: Embodiments compress and encrypt data in a single pass to reduce inefficiencies that occur from compression and encrypting data separately. Typically, compression and encryption are implemented in separate functional units. This has a few disadvantages: 1) encryption cannot make use of compression state to further secure the message, 2) processed data is read and written twice, 3) additional space, time, and resources are consumed, and 4) it is more prone to potential cipher-attacks since the encryption stage is independent from compression. Embodiments overcome these disadvantages by structuring these operations so that both compression and encryption is executed within the same processing loop. Thus: 1) encryption is stronger due to the dependence on the compression state, 2) I/O buffers are accessed only once reducing overhead, 3) system footprint is reduced, and 4) cipher analysis is more complex since the decryption process cannot be separated from the decompression process.

Abstract: Technologies are generally described for privacy protection for a life-log system. In some examples, a method performed under control of a life-log system may include receiving, from a user account, a request to change one or more real life-log data entries relating to a real event that are stored in a first part of a database; removing the one or more real life-log data entries relating to the real event from the first part of the database; and storing, in the first part of the database, one or more misleading life-log data entries relating to a false event corresponding to the real event.