Abstract: An electronic resource tracking and storage computer system is provided that communicates with a distributed blockchain computing system that includes multiple computing nodes. The system includes a storage system, a transceiver, and a processing system. The storage system includes an resource repository and transaction repository that stores submitted blockchain transactions. A new resource issuance request is received, and a new resource is added to the resource repository in response. A new blockchain transaction is generated and published to the blockchain. In correspondence with publishing to the blockchain, the transaction storage is updated with information that makes up the blockchain transaction and some information that was not included as part of the blockchain transaction. The transaction storage is updated when the blockchain is determined to have validated the previously submitted blockchain transaction.

Abstract: A secure VPN connection is provided based on user identify and a hardware identifier. A client application may initiate the VPN connection. A client device user may provide identification information to the application, which then sends a VPN connection request to a remote VPN gateway. The VPN gateway may require an equipment identifier to establish the secure VPN gateway. If the hardware ID is registered, the secure VPN connection is established. If the hardware ID is not registered with the VPN gateway, the connection may be denied. In some instances, a connection may be established with an unregistered equipment ID based on settings at the VPN gateway.

Abstract: The invention is a method for deploying a trusted identity for a user issued by an issuer. The user has a user device configured to send a request for signature to an issuer device handled by the issuer. The request comprises a user public key allocated to the user. The issuer device is configured to compute an issuer signature by signing both the user's trusted identity and the user public key using an issuer private key allocated to the issuer. A block chain transaction containing the issuer signature is created and submitted to a Block Chain for transaction verification and storage.

Abstract: A configuration for a security analysis tool is received from a user. The configuration includes two or more configuration items. Each configuration item is a parameter in the configuration of the security analysis tool that has a plurality of possible values. A correlation between the two or more configuration items is determined. The correlation is based on one or more pre-determined empirical correlations.

Abstract: Information can be added to the headers of email messages to ensure the messages are delivered using encryption, without the user having to manage keys or perform the encryption. A user can select an option in an email program that causes a flag to be added to the message header. Each mail server along the delivery path can provide (or expose) information about the type(s) of encryption supported, and if the encryption is not sufficient then the message will not be delivered to that server. This ensures the transport will remain encrypted before delivering the message to the next hop along the path. If the message cannot be delivered encrypted then the message will not be transmitted past that point. An end user then only needs to click a button or perform another such action to ensure encrypted message delivery.

Abstract: Data DNA modeling is used to represent data and the relationship this data has with other data. When an information access request from a user is detected, an asset DNA associated with the user is retrieved and analyzed against the information access request. Using the asset DNA, it can be determined whether the information access request is a normal request or a suspicious request. If the user is unknown, a generic asset DNA can be created and populated with the data from the information access request. The system checks the newly created asset DNA against other similar asset DNA to determine whether there is any abnormality associated with this newly created asset DNA.

Abstract: An apparatus and security method are provided. The apparatus includes at least one communication interface and a controller. The controller is configured to discover, using the at least one communication interface, an external electronic device available for a communication connection with the apparatus, the discovering including receiving information from the external electronic device, adjust a security level for the apparatus based at least in part on the information, and control at least part of the apparatus using the adjusted security level.

Abstract: Disclosed is a computerized system for neutralizing misappropriated electronic files. The system typically includes a processor, a memory, and an electronic file neutralizing module stored in the memory. The system is typically configured for: determining that a first electronic file has been misappropriated; determining one or more identifying characteristics of the first electronic file; creating a second electronic file, wherein the second electronic file has different content than the first electronic file but comprises the one or more identifying characteristics of the first electronic file; and submitting the second electronic file to a third party providing a content inspection system that neutralizes malicious electronic documents.

Abstract: End-to-end device authentication is provided. A dispenser receives an authorization token and a dispense amount from a host. The authorization token and the dispense amount are validated and when validation is successful, the dispenser dispenses the dispense amount.

Abstract: The present invention provides for managing and controlling data file transfer exchange to and from file hosting services, such as cloud-based file hosting services. Specifically, the present invention control what data files are authorized for uploading to the file hosting service and downloading from the file hosting service, as well as, controlling the access to such files after uploading or downloading the data file.

Abstract: Electronic content, for example, a web page, is configured for display by a web browser application to include content that is not included in or referenced by the web page. The web page includes a first locator for first content. A second locator for second content is associated with the first locator in a database or other memory structure. In response to a request for the web page, the second locator is obtained. Access to the second locator may be secured. The second locator may be swapped with the first locator to cause the web browser application to obtain the second content instead of the first content. In the alternative, the second content may be obtained and provided to the web browser instead of, or in addition to, the first content.

Abstract: Embodiments herein provide, for example, a method that includes generating a shared symmetric key to exchange authentication information among a communications group; distributing the generated shared symmetric key to each communicating party in the communications group; exchanging authentication information among members of the communications group, where each communicating party: encrypts the authentication information using the generated shared symmetric key and sends the encrypted authentication information to other members of the communications group, and receives encrypted authentication information from another communicating party in the communications groups and decrypts the received encrypted authentication information using the generated shared symmetric key.

Abstract: An applet may be downloaded or provided to a web browser when a user visits a site in order to protect data input by the user from being captured by malicious software, such as key loggers. The applet may present a user input field in the web browser and may generate a random sequence of low-level key stroke or mouse click events within the input field when the user enters information, such as a username and/or password. A listening key logger will receive a large amount of random data, whereas the applet will receive and buffer the actual user data that may be communicated to a remote site access by the user.

Abstract: A secure VPN connection is provided based on user identify and a hardware identifier. A client application may initiate the VPN connection. A client device user may provide identification information to the application, which then sends a VPN connection request to a remote VPN gateway. The VPN gateway may require an equipment identifier to establish the secure VPN gateway. If the hardware ID is registered, the secure VPN connection is established. If the hardware ID is not registered with the VPN gateway, the connection may be denied. In some instances, a connection may be established with an unregistered equipment ID based on settings at the VPN gateway.

Abstract: Systems for forensic steganography. A server is interfaced with storage facilities that store an object accessible by two or more users, each of which users are associated with respective profiles comprising one or more user-specific attributes. A method detects a user request to view the object. User-specific attributes are encoded into a steganographic message, which is formatted for saving into one or more locations in the object, thus generating a protected object. The protected object is delivered to the requesting user. Encoding, application and formatting techniques are configured to make the steganographic message undetectable by human viewing of the protected object. A web crawler or other policing technique can detect misappropriation in the form of unauthorized dissemination by detecting the presence of the encoded steganographic message embedded in the protected object.

Abstract: A multi-tier platform provides security at a perimeter of a computer system, where an intermediate layer interacts between a web layer and an application layer. A data request that is associated with a data set is received at the web layer and passed to the intermediate layer. The intermediate layer determines the authoritative source for the data set and whether the data set has a static or dynamic value. If the value is static, the intermediate layer accesses the value stored at the intermediate layer. However, if the value is dynamic, the intermediate layer queries the source registered to the data set, obtains the value from the authoritative source, and returns the dynamic value via the web layer, where the registered source may be internal or external to the computer system. Consequently, the intermediate layer may function as an aggregate layer that supports both database and messaging services.

Abstract: A physically unclonable function generating system and related methods. Implementations may include comparing at least one physical parameter of a memory cell with a threshold value of the physical parameter and identifying a relationship of the at least one physical parameter of the memory cell to the threshold value. Implementations may also include associating one of a 0, 1, or X state to the memory cell based on the relationship of the at least one physical parameter to the threshold value and programming at least one state storage memory cell to store a programmed value corresponding with the associated 0, 1, or X state. Implementations may include including the programmed value of the at least one state storage memory cell in a PUF data stream.

Abstract: Disclosed in the authentication and authorization of a client device to access a plurality of resources, requiring a user of a client device to enter only one set of login information. Authentication and authorization of a client device to access a plurality of resources after an initial set of login information is received by a networked computing environment. After the initial set of login information is received, a series of steps are performed that may be entirely transparent to the user of the client device.

Abstract: In some implementations, a data unit may be hashed to generate a hash. A cryptographic structure, such as a Merkle tree or other cryptographic structure, maybe generated based on the hash and published on a block chain or distributed ledger. A proof associated with the data unit may be provided. The proof may allow for independent verification that the data unit is certified. Responsive to obtaining the data unit as at least one data unit to be verified, the data unit may be hashed. The associated proof may be obtained, where the obtained proof includes an index describing a position of the hash among one or more other hashes in the published cryptographic structure. The cryptographic structure may be reconstructed based on the index of the proof. Certification of the data unit may be verified by proving that the hash belongs to a root of the published cryptographic structure.

Abstract: The present disclosure relates to systems, methods, and non-transitory computer readable storage medium for detecting a tunnel routing loop attack on a computer network. A method of the presently claimed invention receives a packet of data over an automatic tunnel. When the received packet includes an Internet protocol version 6 (IPv6) packet headers in the received packet may be extracted from the received packet. When an extracted header is a tunnel routing loop attack (TRLA) header, address information included in the TRLA header may be matched to a destination address that the IPv6 packet is about to be tunneled through. When the address information included in the TRLA header matches the destination address that the IPv6 packet is about to be tunneled through the IPv6 packet is dropped because the match indicates that that a loop is about to be formed.