Abstract: A system, method, and computer program product for implementing a phishing assessment that includes a phishing server that implements one or more phishing assessments; the phishing server: identifies legitimate target domain names to be used in the phishing assessment, generates one or more pseudo domain names and pseudo web pages, where the pseudo domain name are visually similar to an identified target domain name and the pseudo web page includes one or more characteristics and attributes of a legitimate web page.

Abstract: Methods, systems, computer-readable media, and apparatuses for providing control word and associated entitlement control message (ECM) functionalities are presented. In some embodiments, a computing device may cache concurrently a first set of control words and a first set of entitlement control messages (ECMs) associated with the first set of control words. The computing device may encrypt a transport stream with a particular control word of the first set of control words. The computing device may insert a particular ECM, of the first set of ECMs, corresponding to the particular control word into the transport stream sent to a device downstream from the computing device. In some embodiments, a computing device may reuse control words and associated ECMs.

Abstract: Some embodiments of the invention provide a method that performs security operations for packets that are processed by a forwarding element. The method of some embodiments receives, at a security agent operating on a physical machine, a packet from a forwarding element that also operates on the physical machine. The method then determines whether a security rule is stored for the packet at the security agent. When no security rule is stored for the packet, the method transmits the packet to a default security controller of several security controllers that store security rules for a network and process packets according to the stored security rules. When the security rule is stored for the packet, the method processes the packet according to the stored security rule for the packet.

Abstract: Disclosed are various embodiments for virtualized network honeypots. In one embodiment, client computing devices that are coupled to a network are each configured with both a primary operating system and a honeypot operating system. The primary operating system is configured to provide workstation functionality for a user having permission, and the honeypot operating system is configured to route unauthorized network traffic to a honeypot server. The honeypot server is configured to provide a honeypot environment that mimics characteristics of client or server computing devices.

Abstract: The description relates to enhancing user experience with devices, such as host and peripheral devices. One example relates to devices that can automatically power down when packaged for shipping and power up when opened by the user. Another example allows automatic, secure pairing between sets of host and peripheral devices without any affirmative user actions.

Abstract: A file validation method and system is provided. The method includes retrieving from an authoritative source system, an artifact file. Identification information identifying a requesting user of the artifact file is recorded and associated metadata and a modified artifact file comprising the metadata combined with the artifact file are generated. An encryption key including a first portion and a second portion is generated and the first portion is stored within a central key store database. An encrypted package comprising the modified artifact file and the second portion of the key is generated.

Abstract: Customers can utilize resources of a multi-tenant environment to provide one or more services available to various users. In order to simplify the process for these customers, the multi-tenant environment can include an infrastructure wherein a portion of the resources provide an authentication and/or authorization service that can be leveraged by the customer services. These resources can logically sit in front of the resources used to provide the customer services, such that a user request must pass through the authorization and authentication service before being directed to the customer service. Such resources can provide other functionality as well, such as load balancing and metering.

Abstract: An audio/video content management apparatus, for use with an external hard drive, includes a control circuit that performs a trust token generation operation. The trust token generation operation includes obtaining first identification information and hard drive identification information, encrypting and combining the first identification information and the hard drive identification information as a trust token, and sending the trust token to the external hard drive. The control circuit also performs a trust token validation operation including obtaining the first identification information, the hard drive identification information, and the trust token from the external hard drive.

Abstract: An apparatus includes a boundary module that determines if a mobile device is within a secure area. The mobile device includes a computing device capable of connecting to a wireless network. The apparatus includes a download module that downloads a latest version of a file from a secure server to the mobile device in response to the boundary module determining that the mobile device has entered the secure area. The apparatus includes a copy module that copies the file from the mobile device to the secure server in response to the boundary module determining that the mobile device has left the secure area and a deletion module that deletes the file from the mobile device in response to determining that the mobile device has left the secure area and in response to having completed copying the file from the mobile device to the secure server.

Abstract: There is provided a method and system for managing security compatibility of electronic content. The method includes: receiving electronic content; parsing the electronic content into one or more elements; determining a content security profile of the electronic content; determining an element security profile of the one or more elements of the electronic content; determining whether the element security profile of the one or more elements is compatible with the content security profile; and for each of the one or more elements: if the element security profile is not compatible with the content security profile, modifying the element to have a compatible element security profile, otherwise, not modifying the element.

Abstract: Lateral movement detection may be performed by employing different detection models to score logon sessions. The different detection models may be implemented by and/or utilize counts computed from historical security event data. The different detection models may include probabilistic intrusion detection models for detecting compromised behavior based on logon behavior, a sequence of security events observed during a logon session, inter-event time between security events observed during a logon session, and/or an attempt to logon using explicit credentials. Scores for each logon session that are output by the different detection models may be combined to generate a ranking score for each logon session. A list of ranked alerts may be generated based on the ranking score for each logon session to identify compromised authorized accounts and/or compromised machines. An attack graph may be automatically generated based on compromised account-machine pairs to visually display probable paths of an attacker.

Abstract: Methods and apparatus for providing access to content across a plurality of devices and environments. In one embodiment, a downloadable rights profile is utilized in order for a user device to determine whether to provide content to a subscriber. The user device is first registered to content delivery the network; the device then requests a rights profile indicating the rights of the subscriber associated with the device to access content. The rights profile is transmitted to the device. The rights profile may be configured to be valid only for a pre-determined time, thus enabling a subscriber's rights to be updated (including revoked). Security mechanisms may also be utilized to ensure access to content is limited only to authorized subscribers. In another embodiment, a user-based authentication procedure is utilized, thereby making the rights determination and content provision process completely agnostic to the underlying hardware.

Abstract: An authentication method for a communication network includes a registration step, an inquiry step, an answering step and a verification step. The authentication method further includes an emergency authentication mode if a response code is not received by a requesting end within a predetermined period of time or if a first confirmation code is verified to be incorrect by a requesting end. In another embodiment, an authentication method for a communication network includes a registration step, a first inquiry step, a second inquiry step, a first answering step, a second answering step and a verification step. The authentication method in the other embodiment also includes an emergency authentication mode if a second response code is not received by the requesting end within a predetermined period of time or if a third tested code is verified to be incorrect.

Abstract: The present invention relates to a method and system for providing access to a device for a user. The method comprises the steps of receiving an access attempt from the user to the device, identifying the user attempting to access the device, retrieving personal information from a database related to the user, the personal information comprising personal traits of the user, selecting a visual challenge configured based on the personal information, issuing the visual challenge to the user, receiving visual input corresponding to an eye-movement of the user relating to the visual challenge, determining whether the user passed the visual challenge based on the received visual input corresponding to an eye movement of the user, and allowing access to the device for the user if the user passes the visual challenge, or denying access to the device for the user if the user fails the visual challenge.

Abstract: A method includes determining a topic and a media type of a communication to be sent from a sending communication device to a designated receiving communication device, assigning one or more security requirements to the communication based on the topic and the media type, identifying a security state of the receiving communication device for receiving the communication via the media type, and transmitting the communication from the sending communication device to the receiving communication device only in response to the security state of the receiving communication device satisfying the one or more security requirements.

Abstract: Access control for shared computing resources in a hierarchical system is provided herein. An as-needed, “lazy evaluation” approach to access control is described in which an effective access control list for a computing resource is determined after a request is received from a user to access the resource. When resources are shared, access control policies are created and stored in association with the shared resource but are not stored in association with hierarchically related lower-level resources. When an access request for a resource is received, access control policies are collected for levels of a computing resource hierarchy that are higher than the hierarchy level of the resource. An effective access control list is determined based on permissions specified in the collected access control policies. The effective access control list represents an effective propagation of access control policies of higher hierarchy levels to the computing resource.

Abstract: A computer system that interfaces with a blockchain is provided. The computer system receives match data for a match between a first data transaction request that is associated with a first identifier and a second data transaction request that is associated with a second identifier. A first blockchain transaction is generated based on the match data and stored to a blockchain. At least one further blockchain transaction is generates that splits the match into two different transactions—one between the first identifier and an intermediary and the second between the intermediary. These are recorded to the blockchain via the further blockchain transactions.

Abstract: A Key Generation System (KGS) includes a key server, a first network element, and a second network element. The first and second network elements register with the key server and receive first and second KGS key seeds and first and second KGS identifiers, respectively. The first network element transmits the first KGS identifier to the second network element and obtains the second KGS identifier. The first network element computes a shared key based on the first KGS key seed and the second KGS identifier. The second network element receives the first KGS identifier from the first network element and computes the shared key based on the second KGS key seed and the first KGS identifier.

Abstract: A network authentication system and method is described for authenticating multiple profile accesses from a single remote device. A device remote from a web server, yet connected to the web server via, for example, the Internet, can allow multiple users to register their profiles within the device. The profiles are registered using a pre-existing user ID and password corresponding to, for example, the user's financial accounts. Multiple profiles and, specifically, the indicia of those profiles, can appear on the display of the remote device allowing each user the ability to select their own registered profile. Access to a profile is granted when the user enters their private PIN. Once the PIN is entered, the private information such as financial account information will be securely forwarded from the web server to the remote device.

Abstract: The method disclosed herein provides for performing device security corrective action based on loss of proximity to another device, such as a key device. While a mobile communication device is locked, a mobile communication device determines whether or not a key device is within a specified distance. If the key device is not within the specified distance from the mobile communication device, a notification may be displayed on the mobile communication device. If a user responds to the notification, the user may prevent or alter the mobile communication device from performing at least one device security corrective action. If, however, the user does not respond to the notification within a specified time period, the at least one device security corrective action is performed on the mobile communication device.