Abstract: In one aspect, the disclosure provides: A method comprising: inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; assessing reputation and skills of one or more of the researchers, and accepting a subset of the researchers who have a positive reputation and sufficient skills to perform the investigations of the computer vulnerabilities; assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher from among the subset of the researchers; using a computer that is logically interposed between the particular researcher and the particular network under test, monitoring communications between the particular researcher and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulnera

Abstract: Remote media access is facilitated. According to an example embodiment, remote-user media access is facilitated using media provided by a subscriber media source, over a packet-based network. This access is facilitated in an environment involving subscriber users that provide media for transfer over a packet-based network to a remote device. A host server receives a request for access to media content provided by a subscriber. The request is authorized as a function of authorization criteria. In response to the request being authorized, a media source associated with the subscriber is controlled to provide requested media for access at a remote device. A media player is displayed at the remote device, and the media is provided for access via the media player.

Abstract: A method for providing access to media content is performed at a device with a processor and memory storing instructions for execution by the processor. The method includes receiving, from a client device, a request for access to a media item. The method further includes obtaining user information associated with a user identifier corresponding to the request. Obtaining the user information includes, if the user identifier corresponds to a first type of user identifier, retrieving the user information from a database; and if the user identifier corresponds to a second type of user identifier different from the first type of user identifier, extracting the user information from the user identifier. The method further includes performing a media access operation based on the request and the user information associated with the user identifier.

Abstract: Embodiments of intelligent facility devices for use in controlled facility environments are described. In various embodiments, the intelligent facility devices provide limited or controlled access to data networks for inmates of a controlled facility. An embodiment of a method may include receiving a request for access to a network from a user interface device. The method may also include determining an authorized duration of network access for the user interface device. Additionally, the method may include establishing a temporary network access session between the user interface device and the network for the authorized duration of network access.

Abstract: An embedded guard-sanitizer apparatus is disclosed including a processor, a volatile, high-to-low working memory partition connected to the processor, and a volatile, low-to-high working memory partition connected to the processor. The embedded guard-sanitizer further includes a high-side, input/output section providing an interface to a high-side network or data bus, and configured to send messages to the high-to-low working memory, and to receive messages from the low-to-high working memory, and a low-side, input/output section providing an interface to a low-side network or data bus, and configured to send messages to the low-to-high working memory, and to receive messages from the high-to-low working memory.

Abstract: A first node of a networked computing environment initiates each of a plurality of different types of man-in-the middle (MITM) detection tests to determine whether communications between first and second nodes of a computing network are likely to have been subject to an interception or an attempted interception by a third node. Thereafter, it is determined, by the first node, that at least one of the tests indicate that the communications are likely to have been intercepted by a third node. Data is then provided, by the first node, data that characterizes the determination. In some cases, one or more of the MITM detection tests utilizes a machine learning model. Related apparatus, systems, techniques and articles are also described.

Abstract: The invention provides systems and methods for risk assessment using a variable risk engine. A method for risk assessment may comprise setting an amount of real-time risk analysis for an online transaction, performing the amount of real-time risk analysis based on the set amount, and performing an amount of time-delayed risk analysis. In some embodiments, the amount of real-time risk analysis may depend on a predetermined period of time for completion of the real-time risk analysis. In other embodiments, the amount of real-time risk analysis may depend on selected tests to be completed during the real-time risk analysis.

Abstract: Disclosed are a system, device and method for network authorization based on no password or a random password, the device comprising: a memory having instructions stored thereon; at least one processor to execute the instructions to cause: obtaining information carried in a consult message by accessing a server, wherein the consult message is generated and sent to the server by a network access device upon reception of a connection establishment request message, and the consult message comprises network communication address information identifying uniquely the master control device and information of whether a terminal device is allowed to access a network; generating an instruction notification comprising instruction information according to user input information, wherein the instruction information comprises physical address information of the terminal device and information of whether allowing the terminal device to access the network; and sending the instruction notification so that the network access d

Abstract: Embodiments of systems and methods disclosed herein provide a simple and effective method for authentication and key exchange that is secure from man-in-the-middle attacks and is characterized by perfect forward secrecy. More specifically, in certain embodiments, the systems and methods are disclosed that enable secure communications between a local device and a remote device(s) via a protocol that uses a Central Licensing Authority that shares derived secrets with the endpoints, without sharing the secrets themselves. The derived secrets may be comprised of public information, taking the form of nonces, in order to protect the system against replay-style attacks. Each endpoint can generate its own nonce with sufficient entropy such that neither endpoint is dependent on the trustworthiness of the other.

Abstract: A method and apparatus for patch validation via replay and remediation verification is provided.

Abstract: Access to a user profile of a user device at a location may be provided to a destination device upon detecting that the location is within a proximity of a destination location. An expiring token may be generated, associated with the user profile, and communicated to the second device. Access to the user profile provided to the destination device may be terminated upon an expiration of the expiring token.

Abstract: Access to a user profile of a user device at a location may be provided to a destination device upon detecting that the location is within a proximity of a destination location. An expiring token may be generated, associated with the user profile, and communicated to the second device. Access to the user profile provided to the destination device may be terminated upon an expiration of the expiring token.

Abstract: A method for generating an identifier of a key includes that: when a user equipment (UE) transfers from an evolved UMTS terrestrial radio access network (EUTRAN) to a universal terrestrial radio access network (UTRAN) or a global system for mobile communications (GSM), or an enhanced data rate for GSM evolved radio access network (GERAN), an identifier of a system key after transfer is generated by mapping an identifier KSIASME for an access security management entity, and a mobile management entity generates an identifier of a ciphering key (CK) and an integrity key (IK) by mapping the KSIASME, and then sends the generated identifier to a serving GPRS support node (SGSN), when the UE transfers from the EUTRAN to the UTRAN, the SGSN stores the ciphering key, the integrity key and the identifier thereof, and when the UE transfers from the EUTRAN to the GERAN, the SGSN assigns the value of the identifier of the ciphering key and the integrity key to an identifier of a ciphering key of the GERAN.

Abstract: A method of operating a server comprises receiving an authorization request comprising a password, accessing an expiry date for the password, transmitting a response comprising the expiry date, ascertaining whether the password has expired, and receiving a new password, if the password has expired. Optionally, the transmitted response further comprises a date representing the last use of the password and/or an integer value representing a retry parameter.

Abstract: A management entity receives from multiple security devices corresponding native security policies each based on a native policy model associated with the corresponding security device. Each security device controls access to resources by devices associated with the security device according to the corresponding native security policy. The management entity normalizes the received native security policies across the security devices based on a generic policy model, to produce a normalized security policy that is based on the generic policy model and representative of the native security polices.

Abstract: Systems and methods are described herein for extrapolating trends in trust scores. A trust score may reflect the trustworthiness, reputation, membership, status, and/or influence of the entity in a particular community or in relation to another entity. An entity's trust score may be calculated based on data from a variety of data sources, and this data may be updated periodically as data is updated and new data becomes available. However, it may be difficult to update a trust score for an entity due to a scarcity of information. The trust score for such entities may be updated based on trends observed for the updated trust scores of other entities over a similar period of time. In this manner, trust scores may be updated for entities for which updated data is not available.

Abstract: A first node of a networked computing environment initiates each of a plurality of different man-in-the middle (MITM) detection tests to determine whether communications between first and second nodes of a computing network are likely to have been subject to an interception or an attempted interception by a third node. Thereafter, it is determined, by the first node, that at least one of the tests indicate that the communications are likely to have been intercepted by a third node. Data is then provided, by the first node, data that characterizes the determination. Related apparatus, systems, techniques and articles are also described.

Abstract: Systems and methods to safeguard data and hardware may include a memory configured to store a first image and sensitive data, and an optical sensor configured to capture a second image. A sensor signal comprising the captured second image may be generated. A controller having access to the memory may be configured to receive the sensor signal. The controller may be further configured to compare the stored first image to the captured second image, and based on the comparison, to determine whether the sensitive data is accessed.

Abstract: Implementations of the present disclosure relate to systems and methods for service authorization. A server terminal device may receive user authentication information that is stored on the auxiliary device for user authentication associated with an authentication device. Based on the user authentication information, the server terminal device may then determine whether the authentication device meets the authentication condition. The implementations further relate to methods and systems for requesting service authorization.

Abstract: Disclosed are systems and method for generating a set of antivirus records to be used for detection of malicious files on a user's devices. An exemplary method includes maintaining, by a server, a database of malicious files; generating, by the server, at least one antivirus record for each malicious file; calculating an effectiveness of each antivirus record by determining how many different malicious files were detected using each antivirus record; generating a set of most effective antivirus records; and transmitting, by the server, the set of most effective antivirus records to a client device.