Abstract: Methods, apparatuses, computer program products, devices and systems are described that carry out accepting from a user identifier encryption entity at least one encrypted identifier corresponding to a user having at least one instance of data for encryption; encrypting the at least one instance of data to produce level-one-encrypted data; associating the at least one encrypted identifier with the level-one-encrypted data, wherein a level-one decryption key for the level-one-encrypted data is inaccessible to the user identifier encryption entity; and transmitting the level-one-encrypted data and associated encrypted identifier.

Abstract: Technologies are described herein for extending a federated graph with third-party data or metadata. A federated facet provider service registers with a federated graph provider service as a provider of a facet for a resource in a graph. For example, the federated facet provider service can provide a callback uniform resource locator (“URL”) or a uniform resource identifier (“URI”) template for resolving the callback URL. When the federated graph provider service receives a request for a facet from a service client, the federated graph provider service determines a callback network address for the federated facet provider service and obtains an authentication token for the federated facet provider service. A response is provided to the service client that causes the service client to redirect to the federated facet provider service to obtain the requested facet utilizing the authentication token. The federated facet provider service provides the requested facet directly to the service client.

Abstract: A single system for detecting and blocking all cases of null-byte injection in all text data received for a network, before the text reaches potentially vulnerable services in the network. A set of directed graphs is received, each one of the directed graphs corresponding to a singly encoded null-byte that is encoded according to a corresponding character encoding method contained within a set of character encoding methods. The set of directed graphs is used to generate an output finite-state machine that models detection of at least one multiply encoded null-byte that is encoded according to at least one of the character encoding methods contained in the set of character encoding methods. The output finite-state machine is loaded into an attack detection and prevention system that receives input text, and that detects null-bytes, including multiply encoded null-bytes, within the input text.

Abstract: A computerized network defense system includes a user interface component for displaying an interactive landscape to an agent, including a graphical representation of (1) network components and interconnections within a computer network, (2) activity within the computer network, and (3) threat information associated with the activity. The activity and threat information is presented in visual association with corresponding network components and interconnections. Agent interaction with the landscape includes (a) selectively highlighting specific network components or interconnections, specific activity, and specific threat information represented on the interactive landscape, (b) causing additional more detailed information about a highlighted item to be displayed in a display element separate from the multidimensional graphical representation (e.g., pop-up box), and (c) selecting and directing use of remediation tools for remediation actions to counteract threat-associated activity.

Abstract: First and second security rules are accessed in a configuration file. Comparison points for comparing the first and second security rules are determined. Each comparison point identifies respective rule parameters of the first and second security rules. Respective weights are assigned to the comparison points. For each comparison point, the respective rule parameters are compared against each other to produce a corresponding comparison score indicative of a level similarity. Each comparison score is weighted by the weight assigned to the comparison point corresponding to the comparison score. The weighted comparison scores are combined into a total score indicative of an overall level of similarity between the first and second security rules.

Abstract: According to one embodiment, a method includes informing a second peer about a security issue in one or more secure transmission control protocol/user datagram protocol (TCP/UDP) using a first peer of the one or more TCP/UDP sessions. The method also includes performing at least one action at the first peer in response to detecting the security issue. The at least one action resolves the security issue, avoids the security issue, or resolves and avoids the security issue. Also, the at least one action includes informing, via a socket call or an extension of a socket call on the one or more TCP/UDP sessions, one or more applications operating on the second peer to limit information exchange based on a severity of the security issue. Other systems, methods, and computer program products are described in accordance with more embodiments.

Abstract: A device and a method for identifying whether a network node is infected by malware, including identifying indicator events for each of a plurality of anomaly indicators, by counting the number of occurrences of an anomaly indicator in at least one of a network node and an entire network during a predetermined time duration and if the number of occurrences of the anomaly indicator during the predetermined time duration is greater than a predetermined event threshold, identifying an indicator event associated with the anomaly indicator during the predetermined time duration and assigning an expiration duration for the indicator event, determining whether the identified indicator events fulfill at least one predetermined infection rule, and if the indicator events fulfill the at least one predetermined infection rule, identifying the network node as infected by malware.

Abstract: Disclosed are techniques for use in authentication. In one embodiment, the techniques comprise a method. The method comprises the step of receiving a request comprising a plurality of attributes. The method also comprises determining whether to grant authentication or to perform an assessment of at least some of the attributes. The said determination is dependent on whether one of the attributes corresponds with a predictor.

Abstract: Techniques and mechanisms for exchanging encrypted communications wirelessly with an accommodation-capable ophthalmic device. In an embodiment, a controller of the ophthalmic device is configured to encrypt data to be sent from the ophthalmic device to an auxiliary device or to decrypt data received by the ophthalmic device from the auxiliary device.

Abstract: A method, performed by a User Equipment device (UE), for obtaining a key for direct communication with a device over an air interface, wherein the UE has previously acquired a transaction identifier received from a Bootstrapping Server Function (BSF), in a Generic Bootstrapping Architecture (GBA), procedure, is provided. The method comprises storing the transaction identifier, sending the transaction identifier to the device and requesting key generation for direct communication with the device. If the transaction identifier is invalid, the method further comprises receiving from the device a device identifier and key generation information, deriving a session shared key from at least the key generation information, and deriving a direct communication key from at least the session shared key and the device identifier.

Abstract: In some embodiments, a content management system can initiate a scan of a content item when the content management system detects that activity associated with the content item triggers a scan policy. In some embodiments, a content management system can initiate a scan of a user's account when the content management system detects that activity associated with the content item triggers a scan policy. A scan policy can specify, for example, a number of shares, downloads and/or previews of the content item allowable in a period of time. When the number of shares, downloads, and/or previews exceeds the specified number in the policy in the specified period of time, the content management system can initiate a scan (e.g., virus scan, malware scan, etc.) of the content item and/or the user's account.

Abstract: Systems, methods, and software described herein provide enhancements for implementing security actions in a computing environment. In one example, a method of operating an advisement system to provide actions in a computing environment includes identifying a security incident in the computing environment, identifying a criticality rating for the asset, and obtaining enrichment information for the security incident from one or more internal or external sources. The method also provides identifying a severity rating for the security incident based on the enrichment information, and determining one or more security actions based on the enrichment information. The method further includes identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, and identifying a subset of the one or more security actions to respond to the security incident based on the effects.

Abstract: Disclosed are examples of managing access sessions for a computing device. In some examples, a computing device obtains a key and timeout data from secured storage. The computing device determines whether an access session has expired based on the timeout data. Responsive to determining that the access session has expired, the computing device erases the key from the secured storage.

Abstract: A system and method for enabling access of content in a home network are provided. The method includes receiving a content on a source device. Further, the method includes setting content sharing preferences by the source device. The content sharing preferences indicate whether a device is authorized to access the content. The method includes encrypting the content on the source device. Further, the method includes storing the encrypted content in a shared storage device. The method includes receiving a request from a device for decryption of the encrypted content. Further, the method includes decrypting the content by the source device based on the content sharing preferences. Furthermore, the method includes providing the decrypted content to the device, thereby enabling access of the content to the device.

Abstract: A system for operating an enterprise computer network including multiple network objects, said system comprising monitoring and collection functionality for obtaining continuously updated information regarding at least one of access permissions and actual usage of said network objects, and entitlement review by owner functionality operative to present to at least one owner of at least one network object a visually sensible indication of authorization status including a specific indication of users which were not yet authorized by said at least one owner of said at least one network object.

Abstract: Dynamic data masking by intercepting data derived from a database, creating a tabular representation of the data, and masking any of the data in accordance with a masking policy that specifies which of the data are to be masked if a masking condition is met, where the masking condition references the tabular representation of the data using a tabular positional reference.

Abstract: An information processing device that is connected to another information processing device includes a memory storing a program, a first authentication information for each user to access the information processing device and a second authentication information in association with the first authentication information for the each user to access the another information processing device; and a processor that performs the program so as to execute a method including the steps of receiving an acquisition request that is sent from a client device according to the first authentication information, transmitting a list including files that are accessible according to the second authentication information in association with the first authentication information of the received acquisition request, receiving an execution request to execute at least one of the files and the folders that are included in the list, and executing a process according to the execution request by using the second authentication information.

Abstract: Provided is contextual and time sensitive out of band transactional signing. The transactional signing includes providing a token code in response to a request to initiate a transaction within a secure network. The request is received over a first channel and the token code is provided over a second channel. The first channel and the second channel are different channels. The transactional signing also includes evaluating a received context, wherein the context is appended to the token code. In addition, the transactional signing includes selectively allowing the transaction based on the context appended to the token code.

Abstract: A system to identify and counter computer malware. The system comprises a processor, a memory, a data store comprising information about known computer malware, wherein the information about known computer malware is partitioned into a plurality of malware families, and comprising a plurality of mappings, wherein each mapping associates one malware family with at least one countermeasure for mitigating a risk to an information technology asset posed by the known computer malware associated with the malware family, and an application stored in the memory. The application analyzes a software artifact, determines characteristics of the software artifact, and determines a plurality of metrics, each metric representing a degree of match between the software artifact and one of the plurality of malware families. Based on the plurality of metrics, the application further determines a malware family that best matches the software artifact.

Abstract: The present disclosure is directed to providing a network user the ability to travel between different zones or locations within a network environment, such as, for example, a hospitality location, without requiring a user to re-login to the new location, while requiring a user to re-login to other locations within the network environment.