Abstract: Apparatus and methods disclosed herein provide technical solutions improving the security of email messages. An email message may be encrypted so that a predetermined passcode is not required to access the email message. Apparatus and methods may route email messages through a remote portal. The email message may only be transmitted to the recipient via the portal. In some instances, the contents of an email message may not be transmitted from the portal to the recipient. Rather, the recipient may only access the email message from within the portal. Such restricted access may be preferably less complex because the recipient's computer terminal may automatically connect to the portal.

Abstract: Apparatus and methods for reverse identification and authentication are provided. The apparatus and methods may include a server receiving a request from a user device to authenticate an entity, forming a communication channel between the entity and the user device, requesting the entity provide authentication credentials, and authenticating the entity. When the entity is authenticated, the server may notify the user through the authentication channel, a mobile device application, or another method. An entity may proactively authenticate itself to a user through the central server, in anticipation of a communication between the entity and user.

Abstract: A telecommunications network server system provides a digital identifier to a user device. The digital identifier may include identification data corresponding to a user of the user device. In addition, the telecommunications network server system receives, from one or more third-party systems, requests to authenticate the user for an electronic transaction with the respective third-party system. The telecommunications network server system provides a unique electronic transaction code to each third-party system. Responsive to receiving from the user device one of the unique electronic transaction codes, the telecommunications network server system provides, to the respective third-party system, authentication of the user.

Abstract: Provided are methods and apparatuses for hardening a communication device, which methods and apparatuses make it possible to identify a use of at least one port, by which port a request is submitted to the communication device by a message, and to output a signal for blocking the at least one port if, after a specifiable time period, either the use of the port in question is detected as low or no use of the port in question is detected. Embodiments can be used to harden communication devices in a production line, in a hospital and/or in a power supply network.

Abstract: Techniques for distributed offload leveraging different offload devices are disclosed. In some embodiments, a system, process, and/or computer program product for distributed offload leveraging different offload devices includes receiving a flow at a firewall of a security service (e.g., a cloud-based security service); inspecting the flow at the firewall to determine meta information associated with the flow; and offloading the flow to an offload entity (e.g., a SmartNIC, software executed on a Network Interface Card (NIC), and/or a network device, such as a network router and/or network switch) based on the meta information associated with the flow (e.g., an application identification associated with the flow determined using deep packet inspection) and based on a policy.

Abstract: Disclosed herein is an identity network that provides a universal, digital identity for users to be authenticated by an identity provider for relying parties upon sign-in to the relying party. The identity network receives the sign-in request from a relying party for a user using a user device. The identity network can provide a session identifier to the relying party for the request and launch an identity provider application associated with the user via a software development kit in the relying party application. The user may sign-in to the identity provider via the software development kit, thereby authenticating the user for the relying party. Additionally, the identity provider may generate a risk validation score and provide it to the relying party that provides a confidence value that the user is validly using the user device and a risk score based on device activity on the identity network.

Abstract: Systems, methods, and software products provide increased trust in authentication of a user to an authentication server when a trusted witness client device witnesses the authentication of the user on the user's root client device. Both the root and the witness client devices cooperate to present the user with an interactive task during the authentications and each client device independently captures movement of the user performing the interactive task, during which, the user is authenticated to the root client device. An increased level of trust in the authentication of the user is achieved by the authentication server when the captured movements match expected movements of the user performing the interactive task and the authentication server has proof that the witness client devices witnessed a successful authentication.

Abstract: A system for data security includes a processor and a computer-readable storage medium having instructions stored thereon that cause the processor to perform operations including: (i) logging data access events initiated by a user; (ii) generating a user profile of the user, the user profile including a size and a type of data accessed by each data access event; (iii) receiving a new data access event initiated by the user including a size and a type of data requested by the new data access event; (iv) comparing the size and the type of the requested data of the new data access event to the user profile; (v) determining that the new data access event initiated by the user does not correspond to the data included in the user profile; (vi) restricting the requested data associated with the new data access event; and (vii) transmitting the restricted data to the user.

Abstract: An electronic message analysis and marking system comprising: a gateway computer system in communications with a message transport system adapted to receive an original incoming electronic message from a sender message system prior to the original incoming electronic message extending into a perimeter of a recipient message system, analyze the original incoming electronic message according to a set of warning criteria, and modify the original incoming electronic message to provide a modified incoming electronic message; and, a gatekeep service in communications with the gateway computer system and a recipient's computer service wherein the gatekeeper service is adapted to receive the modified incoming electronic message, retrieve a trigger from the modified incoming electronic message and perform one or more actions according to the trigger.

Abstract: An information processing device includes an element extraction unit that extracts elements relating to actions of an attacker from each input log, a generation unit that generates a parser based on definition information defining the actions of the attacker in a formal grammar, the parser detecting, from a log, a log string having a feature corresponding to an action defined by the definition information, a parsing unit that detects, from a log consisting of the elements extracted by the element extraction unit, log strings having features corresponding to the actions defined by the definition information by using the parser, and a reconstruction unit that reconstructs the log strings detected by the parsing unit, adds a label indicating an action defined by the definition information to each of the reconstructed log strings, and outputs the labeled log strings as a log corresponding to a series of actions of the attacker.

Abstract: A method of authenticating a secondary communication device based on authentication of a primary mobile communication device is disclosed. Trust is established with the primary mobile communication device by a device authentication server (DAS). The DAS receives an authorization code request from a secondary application operating on the secondary communication device, and transmits an authorization code to the secondary communication device. The DAS receives the authorization code from a primary application operating on the primary mobile communication device. The DAS authorizes the secondary application based on the trust with the primary mobile communication device and the authorization code from the primary application. The DAS transmits a secondary token to the secondary application at the secondary communication device to allow initialization of a communication session from the secondary application on behalf of the primary mobile communication device.

Abstract: Disclosed herein is an identity network that provides a universal, digital identity for users to be authenticated by an identity provider for relying parties upon sign-in to the relying party. The identity network receives the sign-in request from a relying party for a user using a user device. The identity network can provide a session identifier to the relying party for the request and launch an identity provider application associated with the user via a software development kit in the relying party application. The user may sign-in to the identity provider via the software development kit, thereby authenticating the user for the relying party. Additionally, the identity provider may generate a risk validation score and provide it to the relying party that provides a confidence value that the user is validly using the user device and a risk score based on device activity on the identity network.

Abstract: A computer-implemented method includes receiving training data including a plurality of API requests from a plurality of client devices. The method includes generating a plurality of permissible API sessions based on the training data. The method includes applying a sequence embedding technique to the plurality of permissible API sessions to generate a plurality of embeddings. The method includes applying a dimensionality reduction technique to the plurality of embeddings to generate a plurality of compact embeddings. The method includes applying a clustering technique to the plurality of compact embeddings to determine a plurality of different clusters of the compact embeddings. The method includes generating a plurality of patterns based on the plurality of different clusters. Each of the plurality of patterns is descriptive of permissible API sessions associated with a corresponding cluster of the plurality of different clusters.

Abstract: Embodiments described herein provide for a satellite device that can be associated with a user account of a minor aged (e.g., child or adolescent) user that does not have a smartphone that can be used as a companion device to the satellite device. The satellite device can be configured to be used as a primary device, without reliance upon a paired smartphone. Certain information can be synchronized with the satellite device via the association with the family account. During initial configuration, a set of cryptographic keys can be generated to associate the account of the satellite device with the set of accounts in the family. The satellite device can then access calendars, media, or other data that is shared with user accounts within a family of user accounts.

Abstract: For each network resource request received at a server of a cloud-based service, a determination of whether that request originated from a second network resource is made. For each such request where the network resource originated from the second network resource, a referrer indication is logged that indicates the second network resource is a referrer to that network resource. A network resource relevance dataset is generated based on the referrer indications of the second network resources. A relevance metric is associated with each second network resource based on a total number of referrer indications. A search request is received from a client device. Based at least in part on the network resource relevance dataset, search results are determined. The search results are transmitted to the client device.

Abstract: A method (600) for identifying malicious software includes receiving and executing a software application (210), identifying a plurality of uniform resource identifiers (220) the software application interacts with during execution of the software application, and generating a vector representation (260) for the software application using a feed-forward neural network (170) configured to receive the plurality of uniform resource identifiers as feature inputs. The method also includes determining similarity scores (262) for a pool of training applications, each similarity score associated with a corresponding training application and indicating a level of similarity between the vector representation for the software application and a respective vector representation for the corresponding training application.

Abstract: A server of a distributed cloud computing network receives, over a tunnel established between a customer-premises equipment and the compute server, traffic from an Internet-of-Things (IoT) device that is connected to the CPE. The server enforces an egress traffic policy to determine whether the traffic is permitted to be transmitted to the destination. If the traffic is not permitted to be transmitted to the destination, the server drops the traffic. If the traffic is permitted to be transmitted to the destination, the server transmits the traffic to the destination.

Abstract: An identifying device (10) includes a preprocessing (11) that extracts a communication connection pattern including a set of a communication source identifier and a communication destination identifier from traffic data, a comparing unit (131) that adds an ID to a communication connection pattern group including a new communication connection pattern not included in a whitelist when the new communication connection pattern is present in the communication connection pattern group, a graph feature amount generating unit (14) that generates a graph feature amount of the communication connection pattern group to which the ID has been added and adds this ID to the graph feature amount, an abnormality determining unit (16) that determines whether the generated graph feature amount is normal using a model (161) having learned the graph feature amount, and an identifying unit (132) that retrieves a new communication.

Abstract: A virtualized gateway for applications in a zero trust network access environment is managed from a cloud-based threat management facility for an enterprise network. In order to facilitate creation of a new, centrally managed gateway, a one-time passcode for registration of the gateway to the threat management facility is encoded onto a virtual disk and distributed to a host platform along with a base gateway image for the gateway. This advantageously permits the new gateway to boot and securely register with the threat management facility without further administrative intervention.

Abstract: Embodiments facilitate interoperability and secure determination of healthcare costs. An entity may receive a first Electronic Health Record (EHR) sub-block with patient medical coverage information and first treatments and may transmit a first Device Drug Information (DIR) sub-block comprising first treatment classes corresponding to each first treatment, first treatment class members corresponding to each first treatment class, and corresponding first treatment class member cost information. In response, the entity may receive a second EHR sub-block comprising second treatments each: associated with a corresponding first treatment, and selected from corresponding first treatment class members. Upon receipt of a transaction confirmation, the entity may augment a multi-dimensional blockchain with a multi-dimensional block formed by linking: a DIR block including second treatment information, an EHR block including information based on the second EHR sub-block and a transaction block.