Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for performing delegated authorization, including: maintaining resources associated with a resource owner; receiving an access request from a client application requesting access to the resources; performing a first authentication of the resource owner; determining that the first authentication was successful, and providing to the resource owner a request to delegate access to the resources to the client application; receiving a selection of one or more delegated access permissions for the one or more resources to be delegated to the client application; determining that at least one of the one or more delegated access permissions is for a critical resource, and performing a second authentication by requesting multi-factor credentials from the resource owner; authenticating the multi-factor credentials; determining that the second authentication was successful; and granting an access token to the client application

Abstract: Methods for externally-delegated access control and authorization of applications and resources are performed by systems and devices. A request for access by a user to a resource of a first application is received from a client device. A memory data structure that associates the resource of the first application with an application identifier and permission information is accessed to obtain the application identifier and the permission information. A query is provided to a second application, identified by the application identifier, which has a different authorization model than the first application. The query includes a user identifier and the permission information. The second application performs a permission check and authorization for the user based on the query. A query response that includes an access indication is the received from the second application. The request is granted or denied based on the access indication.

Abstract: Systems and methods are provided for managing personal identifying information (PII). An exemplary method includes receiving, from a requestor, a request related to PII for an individual. In connection therewith, a computing device determines whether a restriction on the PII or the individual applies to the request, and then broadcasts the request, subject to the determined restriction, to a service provider of a service associated with the individual where the service provider is a controller of PII of the individual. The computing device also compiles a reply to the request, based on a response from the service provider, where the reply includes the PII, and transmits the reply to the requestor. The computing device then logs multiple interactions related to the request in an audit data structure, thereby permitting compliance with PII controls to be demonstrated.

Abstract: This disclosure relates method and system for protecting a computing device from a malware. In one embodiment, the method may include determining a digital trust certificate of a set of computing instructions to be executed by the computing device. The set of computing instructions may form a part of a boot process of the computing device, and may be a firmware, a boot loader, a kernel, a system driver, a start-up file, or an antimalware. The method may further include establishing a chain of trust by validating the digital trust certificate with the computing device. The digital trust certificate may be pre-registered with a local database, accessible by the computing device, by communicating with a centralized certificate authority and policy server. Upon a positive establishment of the chain of trust, the method may further include allowing an execution of the set of computing instructions by the computing device.

Abstract: The present invention relates to a security device which performs processes such as authentication or cryptography, for example a security device for securely holding a key used in a cryptographic process, and a security method therefore.

Abstract: Systems for dynamically authenticating users are provided. A system may receive a request to access functionality. In response to the received request, an authentication grid may be dynamically generated. The authentication grid may include a plurality of fields, each identifiable by a field identifier, and including one or more characters that may be used to authenticate a user. The authentication grid may be transmitted to a computing device of a user. A character for authentication may be identified by the system. In some arrangements, the system may generate a request for user input including a character appearing in the authentication grid. The user may identify the field and input the character appearing in the field. The system may receive the requested character and may compare it to the identified character for authentication. If the received character and the identified character match, functionality may be enabled. If a match does not exist, functionality may be disabled.

Abstract: A system, an apparatus, a computer program product and a method for obfuscation-based security and authentication. The method comprises: obtaining a different key for each different device; obfuscating an interface layer utilized by components of the device to interact, using the key, to produce an obfuscated interface layer; and providing, directly or indirectly, the two components with the key to allow the two components to utilize the obfuscated interface layer to interact with each other. The system comprises a plurality of devices that are instances of a same device and a server coupled to a memory retaining a plurality of keys, each of which is used to obfuscate interface layers of a different device to produce heterogeneous set of devices instead of a homogenous set of devices. Communications and operations with the plurality of devices are performed in an obfuscated manner through the server.

Abstract: Disclosed are systems and methods for detecting distributed denial-of-service (DDoS) attack. An exemplary method includes receiving one or more requests from a first user for a service executing on a server, and generating a first vector associated with the first user comprised of a plurality of characteristics indicative of the first user accessing the service; calculating a comparison between the first vector and a reference vector, wherein the reference vector comprises an averaged distribution of characteristics for a plurality of users accessing the service, and determining that the service is under a denial-of-service attack based on the comparison between the first vector and the reference vector.

Abstract: Disclosed is a method of performing, by a first device, short-range wireless communication with a second device, the method including receiving, from the second device, second authentication information encrypted using first authentication information of the first device, decrypting the encrypted second authentication information by using the first authentication information, determining a secret key based on the decrypted second authentication information, and performing communication between the first device and the second device by using the determined secret key.