Abstract: Techniques are disclosed relating to user authentication. In some embodiments, a computing system maintains an exception handler of a software development platform. The exception handler is executable to process a particular type of exception that causes an authentication of users of applications running on the software development platform. The computing system may receive, at the exception handler, an indication of the particular type of exception thrown by a particular application. In response to receiving the indication of the particular type of exception, the exception handler issues to a web browser interacting with the application, a request that the web browser redirect to an authentication server configured to perform an authentication of a user of the particular application. The computing system receives, from the authentication server, a result of the performed authentication and returns the result to the particular application.

Abstract: The disclosed embodiments relate to securely transferring data between a source node and a destination node using an application whitelist. A control flow may be established between a source node and a perimeter gateway. The perimeter controller may receive a request to establish a node flow between an application executing on the source node and the destination node. The perimeter controller may determine whether the first application is included in an application whitelist that includes applications allowed to transfer data to nodes in a private network via a node flow. A node flow between the source node and destination node may be established upon determining that the first application is included in the application whitelist to facilitate secure data transfer between the source node and destination node.

Abstract: A method to fabricate a tamper respondent assembly is provided. The tamper respondent assembly includes an electronic component and an enclosure at least partly enclosing the electronic component. A piezoelectric sensor is integrated in the enclosure. The integrating includes providing a base structure that includes a first conductive layer, depositing a piezoelectric layer on the first conductive layer, covering the piezoelectric layer with a second conductive layer, and providing sensing circuitry for observing sensing signals of the piezoelectric layer. The piezoelectric layer includes a plurality of nanorods. Aspects of the invention further relates to a corresponding assembly and a corresponding computer program product.

Abstract: A user's session of a web application or a website in a web browser is recorded and replayed while protecting private and sensitive data from unauthorized access. All the captured data needed to re-create (replay) the user's session in the browser itself is recorded and exported on demand. The need to transmit potentially sensitive and private data continuously to external server(s) is eliminated while still guaranteeing availability of a record of user activity leading up to any point of interest during the user's session. By encrypting recording information and redacting all non-layout content (e.g. text nodes, images, inputs) from the browser DOM before capturing the DOM, the visual layout of the page is maintained and the probability of leaking the user's sensitive or private information is reduced. The replaying user is still able to derive meaningful information about the user's interaction with the web application or website without jeopardizing privacy.

Abstract: The subject disclosure relates to systems and methods for providing privacy for information. In one non-limiting embodiment, a system includes an environment monitoring component configured to monitor an aspect of an environment; and a privacy component configured to: determine whether factors associated with the environment are triggered; and obscure access or provide access to data or a program associated with the factors based on determining that the factors are triggered. Factors can be based on the time and the location or network connectivity of a device associated with the system, the detected presence or absence of an authorized person other than the user logged into the device or the privacy state of the user logged into the device. Motion detectors, cameras, biometric sensors and other devices can be employed in the determination of whether to provide or obscure access to the information.

Abstract: An electronic access control system and method comprising a computer platform product configured to enable an integrated end-user interface for administration and control of disparate wireless security locking devices from multiple vendors. Embodiments of an electronic access control system and method may incorporate a predefined data routing routine to enable support of a variety of devices and products from different manufacturers. An instance of computer program product executing on a mobile electronic device may process a predefined data structure for device interfacing without the need to exchange proprietary information with the device. Exemplary embodiments may incorporate multiple levels of a secured method for defining multivendor applications and connected devices. An application and/or application interface may enable an end-user to integrate one or more vendor specific software systems for the management of multiple electronic access control devices within a single integrated platform.

Abstract: A method comprising inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; assessing reputation and skills of one or more of the researchers, and accepting a subset of the researchers who have a positive reputation to perform the investigations of the computer vulnerabilities; assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher from among the subset of the researchers; using a computer that is logically interposed between the particular researcher and the particular network under test, monitoring communications between the particular researcher and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulnerability of the particular network under test.

Abstract: A method of operation and non-transitory computer readable medium are provided for a mobile communications device which includes memory storing program instructions and a processor coupled to a first input that passively collects input data and a second input that collects response data based on a challenge. A statistical behavioral model is generated based upon passively collected input data for the user. A level of assurance (LOA) is determined based upon the statistical behavioral model and the passively collected input data from the first input. The LOA is compared with a threshold and based on the comparison: the mobile device operation is enabled as a result of determining that the LOA meets or exceeds the threshold without requiring response data from the at least one second input, otherwise, the challenge is generated and the mobile device operation is enabled responsive to valid response data from the second input.

Abstract: An encryption key distribution system includes: a key distribution ECU that transmits an encryption key; and a key reception ECU that receives the encryption key, the key distribution ECU: transmits the encryption key to the key reception ECU; and determines completion of transmission of the encryption key, based on a result of determination as to whether first verification data transmitted from the key reception ECU matches second verification data of the encryption key which is calculated from a common key stored in the key distribution ECU and an identifier of the key reception ECU, the key reception ECU: records the received encryption key in the key reception ECU; calculates the first verification data from the same common key as the common key stored in the key reception ECU and the identifier of the key reception ECU; and transmits the calculated first verification data to the key distribution ECU.

Abstract: Embodiments are described herein for document authentication certification using information stored on a distributed ledger such as a blockchain. A distributed ledger may securely store document data describing the document. Use of a distributed ledger may provide an immutable, readily auditable record of the history of the document. Each user participating in the system may be assigned a unique identifier to be used for conducting transactions on the distributed ledger network. A user may also be provided with a digital security token such as a cryptographic key that is useable to authenticate the user and enable access to the document data stored on the distributed ledger(s).

Abstract: A method including receiving a record in a first timeframe; establishing a plurality of threat vectors for the record; merging the plurality of threat vectors to the record; generating a risk valuation for the record based on the plurality of threat vectors; merging the risk valuation to the record to form a risk event; and storing the risk event in a computer-readable data store.

Abstract: Methods and systems for providing integration between an enterprise security management configuration tool and third party network traffic software are disclosed. By defining a software interface through which configuration data for third party networking devices can be queried and configuration data accessed, the enterprise security management configuration tool can compare overall network traffic to the configuration provided by the third party networking software to assess an overall security level within an enterprise network.

Abstract: A system and method for scoring an interaction using an analytical model and authorization decisions is disclosed. The method includes receiving from an access device an authorization request message for an interaction between a user and a resource provider. An analytical model comprising a neural network with at least one long short-term memory determines a score based on data in the authorization request message. The analytical model was formed using interaction data from prior authorization request messages, and authorization response messages from an authorizing computer. The authorization request message and the score is transmitted to the authorizing computer and an authorization response message, including an indication of whether the interaction was approved or declined, is received. Then the analytical model is updated based upon data in the authorization request message and the indication in the authorization response message to form an updated analytical model.

Abstract: A method for transferring electronic evidence is provided. The law enforcement agencies can make efficient use of social media and other forms of public communications to make a public appeal for information on crimes and other investigations wherein the public appeals allow members of the public to easily submit information and/or media files from smartphones and other computers in a way that allows the submission to be linked to the public appeal (e.g. the specific case file or the attributes of the case file) so that the submission data can be found and accessed by law enforcement investigators.

Abstract: Methods, systems, and computer program products are included for the intelligent garbage collection of containers. An example method includes providing a garbage collection data structure, the garbage collection data structure including metadata and one or more resource consumption parameters corresponding to the container. The one or more resource consumption parameters are analyzed by a machine-learning function. Based on the analyzing, the container is classified into one or more classes, the one or more classes including at least one of a suspicious container class, a malicious container class, or a normal container class. Based on the classifying, one or more garbage collection actions are performed on the container, including at least one of generating an alert corresponding to the container or reducing the resource consumption of the container.

Abstract: One embodiment of the presently-disclosed invention relates to an intrusion prevention system that includes a plurality of FPGA instances and a plurality of compute instances in a cloud network. The plurality of FPGA instances perform pre-processing that determines whether data packets received from the network gateway are associated with suspicious flows. The data packets associated with the suspicious flows are communicated from the plurality of FPGA instances to a plurality of compute instances in the cloud network. The plurality of compute instances perform post-processing that determines whether a suspicious flow is malicious. Other embodiments, aspects and features are also disclosed.

Abstract: Disclosed herein is a network encryption method for realizing encryption of a local area network at the bottom layer driver of a network card of an embedded device. By using such method, an encryption protocol is performed on the network card driver, thereby achieving encryption and decryption of all network data in the network card driver within the local area network, and achieving encryption of all data above network linking layer, so as to achieve unified encryption of all data in the local area network, resulting in enhanced safety of transmission of network data. Moreover, since encryption of the network data is performed in the network driver, developers do not need to focus on encryption situation.

Abstract: Methods, systems, and computer-readable media for automated packetless network reachability analysis are disclosed. An analysis is performed of network configuration data for a network comprising a host computer. Based at least in part on the analysis, one or more ports at the host computer that are reachable from another computer are determined. Based at least in part on the analysis, one or more routes to the one or more ports are determined. A report is generated that is descriptive of the one or more ports and the one or more routes.

Abstract: A decentralized and distributed secure home subscriber server is provided. First data can be sent representing a first nonce string to a mobile device; and in response to receiving second data representing the first nonce string and a second nonce string, a communication channel can be established with the mobile device as a function of the first nonce string.

Abstract: Example methods are provided for a network device to perform packet capture in a software-defined networking (SDN) environment. One example method may comprise detecting an egress packet that includes an inner header addressed from a first node to a second node; and identifying a security policy applicable to the egress packet by comparing one or more fields in the inner header with one or more match fields specified by the security policy. The method may further comprise: based on the security policy, capturing the egress packet in an unencrypted form; performing encryption on the egress packet to generate an encrypted packet that includes the egress packet in an encrypted form; and sending the encrypted packet to the second node.