Abstract: Aspects of the disclosure relate to preventing unauthorized access to secured information systems using multi-push authentication techniques. A computing platform may receive an event request associated with a group of enrolled devices. The computing platform may load multi-push settings and identify one or more user devices linked to the group of enrolled devices. Then, the computing platform may generate one or more notifications for the one or more user devices, and each notification may be generated for a corresponding user device based on device-specific user account state information. After sending the one or more notifications, the computing platform may generate one or more event execution commands based on prompt response information received from the one or more user devices and may send the one or more event execution commands to an event management computer system, which may execute an event corresponding to the event request.

Abstract: Machine logic (for example, software) for protecting sensitive and confidential user data and sending the protected user data to an authorized third party for predictive analytics purposes. The machine logic rules perform linear transformation operations on the sensitive and confidential user data in order to obscure the underlying data before it is sent to an authorized third party for performing predictive analysis of the underlying data. After performing predictive analysis on the obscured data by the authorized third party, the owner of the sensitive and confidential data takes a consequential action (that is, the owner of the data makes a business-related decision) based on the prediction.

Abstract: Techniques are described for authenticating an individual based at least partly on a tremor signature of the individual. Motion data is collected through motion sensor(s), such as accelerometers, gyroscopic motion sensors, and so forth, of a portable computing device that is being held, worn, or is otherwise in contact with the user. Based on the collected motion data, a tremor signature may be determined and compared to a previously determined model for the user, and an authentication determination may be made based on the comparison. The tremor signature may be used in combination with other information to authenticate the user. For example, the tremor signature may be used in combination with location information and/or other biometric data such as a fingerprint scan, image of the user's face, audio recording of the user's voice, the user's heartbeat, a cardiac electrical signature, bio-electrical impedance, and so forth.

Abstract: The present invention provides a method and apparatus for verifying images based on image verification codes, the method comprising selecting an identification image and multiple candidate images from an image gallery, where the candidate image comprise interference images and correct images corresponding to the identification image. The method also includes providing hint information for the identification image, the candidate images, and relationships between the identification image and the correct images. The method also includes receiving selection information of images selected from the candidate images. The method also includes determining if the verification passed when the correct images are determined to have been selected based on the selection information or, determining that verification has failed when the correct images are determined not to have been selected based on the selection information.

Abstract: An information processing device according to the present invention includes: a cluster analyzer that determines a cluster identifier indicating a cluster that is a result of classifying an alert, receives a classification result of the alert, and generates alert information that is information including the alert, the cluster identifier, and the classification result; a rule generator that calculates a number of occurrence times of a pattern that is a combination of information and includes the cluster identifier, extracts a frequent pattern, generates a classification rule used in setting of the classification result, and updates a previously generated old classification rule with a newly generated classification rule; and a rule applicator that sets the classification result included in the alert information.

Abstract: A method includes detecting a storage device. The method also includes performing a check-in process so that the storage device is recognizable by one or more protected nodes within a protected system and not recognizable by nodes outside of the protected system while the storage device is checked-in. The method further includes storing data associated with one or more cyber-security threats on the storage device. The method may also include detecting the storage device a second time and retrieving audit data on the storage device, where the audit data identifies which of the one or more protected nodes accessed the data on the storage device. The method may further include performing a check-out process so that the storage device is recognizable by the nodes outside of the protected system and not recognizable by the one or more protected nodes within the protected system while the storage device is checked-out.

Abstract: An information processing system may be configured to count the number of one or more first time periods being included in a target time period. Each of the one or more first time periods has a plurality of communications each of which satisfies at least a condition. The plurality of communications includes two communications which are more distant from each other than a second time period which is shorter than the first time period.

Abstract: An example device includes one or more memories; and one or more processors, communicatively coupled to the one or more memories, to, during a loading process of a boot process of an operating system, identify a file to be loaded for the operating system, where the operating system is being loaded during the boot process; identify a manifest of the file; verify the manifest of the file based on a supplied signature of the manifest; identify a fingerprint, associated with the file, in a fingerprint library; calculate a hash of the file; compare the hash of the file and the fingerprint; and verify the file based on the hash of the file matching the fingerprint associated with the file.

Abstract: A system and method to support authentication or device pairing. A respective indication is received from a respective output of each respective contact element within a plurality of contact elements. The respective output indicates a touching of the respective contact element. Based on receiving the respective indication, a respective state associated with the respective contact element is changed. The respective contact element is controlled to change its respective visual state to correspond to its respective state. Based on receipt of the respective indication, it is determined whether the respective states of the plurality of contact elements match a determined pattern. Based on a determination that the respective states of the plurality of contact elements match the determined pattern, access to an operation is authorized.

Abstract: A cryptographic accelerator (processor) retrieves data blocks for processing from a memory. These data blocks arrive and are stored in an input buffer in the order they were stored in memory (or other known order)—typically sequentially according to memory address (i.e., in-order.) The processor waits until a certain number of data blocks are available in the input buffer and then randomly selects blocks from the input buffer for processing. This randomizes the processing order of the data blocks. The processing order of data blocks may be randomized within sets of data blocks associated with a single read transaction, or across sets of data blocks associated with multiple read transactions.

Abstract: In general, certain embodiments of the present disclosure provide systems and methods for dynamic network data validation. In various embodiments, a system is provided comprising a content server configured to store network profile information as a deserialized data structure. A first client device, corresponding to a first user, is configured to transmit one or more data packets to the content server, including identifying information of a second user. A dispatch server is configured to transmit a call to action item to a second client device corresponding to the second user. An organizational database is configured to provide a unique identifier to authenticate the second user. The content server is further configured to, upon authentication of the second user, authorize the second client device to access the network profile information to receive validation information corresponding to the network profile information. The network profile information is updated by the validation information.

Abstract: A method and apparatus for data security incorporating device state. The method includes encrypting sensitive data written to an electronic device while the electronic device is in a locked state using a public key of an asymmetric master key pair. The method also includes, in response to detecting that the electronic device enters an unlocked state, converting asymmetric encryption of the sensitive data into symmetric encryption of the sensitive data using a symmetric master key. Encrypting of the sensitive data may include encrypting the sensitive data using a data encryption key (DEK) and encrypting the DEK using the public key. Converting of the asymmetric encryption of the sensitive data into the symmetric encryption may include decrypting the encrypted DEK using a private key of the asymmetric master key pair and re-encrypting the DEK using the symmetric master key without decrypting and re-encrypting the sensitive data.

Abstract: There is disclosed a computing apparatus, including: a hardware platform; a service mapping requirements table including a plurality of components and having associated therewith a plurality of service requirements; an isolation platform; and a security policy engine configured to: receive a new appliance image for the isolation platform; scan the new appliance image and build a bill of materials (BoM) for the new container image, the BoM including a plurality of components; search the service mapping requirements table for the plurality of components and identify service requirements for the components; and generate a security policy for the new appliance image.

Abstract: A management server disposed outside a firewall and supporting connection of communications between a control target device disposed inside the firewall and a cloud server disposed outside the firewall, includes a server-side session establishing portion to, based on a request from a relay device disposed inside the firewall, establish a session with the relay device, a device information acquiring portion to acquire device information about the control target device from the relay device via the established session, and an update determining portion to, in response to reception of a request of connecting to the control target device from the cloud server, determine whether to update the device information.

Abstract: Techniques are disclosed for restricting access to resources accessible in a SSO session. An access management system may provide access one or more resources by implementing an SSO system to provide a SSO session. An SSO session may provide an authenticated user with access to protected resources to which the user is entitled to access. In some instances, a user sharing a computer with other users may want to access a particular protected resource so as to restrict other users sharing the computer from accessing other protected resources accessible to the user in an SSO session. The access management system may enable the user to dynamically choose, such as during login, the protected resources which to restrict and/or permit. Upon successful authentication, a session may be established for only those protected resources that are permitted based on the user's selection, while the other resources are restricted.

Abstract: Autonomous devices and systems, methods, and program products for authorizing and performing autonomous devices transactions are disclosed. An autonomous device can be configured to generate a first hash value of a chain of hash values by applying a hash algorithm to first data including first new data and a first previous hash value of the chain of hash values, the first previous hash value computed by applying the hash algorithm to first previous data. The device can transmit to a transaction computer system the first hash value and the first new data. The device can generate and transmit to the transaction computer system a first signed electronic transaction request comprising first transaction data comprising a sending account identifier associated with the autonomous device, a destination account identifier, a transaction amount, and a timestamp. The device can digitally sign the transaction request using a private key of an asymmetric key pair.

Abstract: A firewall monitors network activity and stores information about that network activity in a network activity log. The network activity is analyzed to identify a potential threat. The potential threat is further analyzed to identify other potential threats that are related to the potential threat, and are likely to pose a future risk to a protected network. A block list is updated to include the potential threat and the other potential threats to protect the protected network from the potential threat and the other potential threats.

Abstract: Setting a budget of alerts for single or multiple risk score types, adjusting a working threshold based on the set budget, wherein adjusting the working threshold is done by defining an reference threshold for an alert, providing a history of recorded risk scores within a budget sliding interval window and adjusting the working threshold such that a number of alerts which would have been provided by the recorded risk scores is calculated to stay within the set budget, and using the adjusted working threshold to normalize and optionally combine incoming risk scores so as to determine whether an incoming risk score should receive an alert.

Abstract: A method for implementing a pseudo-random function (PRF) using a white-box implementation of a cryptographic function in N rounds, including: receiving an input to the PRF; receiving a cryptographic key in a first round; encrypting, using the white-box implementation of the cryptographic function and the cryptographic key, an input message that is one of M possible input messages based upon a portion of the input to produce a first output; for each succeeding round: encrypting, using the white-box implementation of the cryptographic function and an ith cryptographic key, further input messages that are one of M possible input messages based upon a further portion of the input to produce an ith output, wherein the ith cryptographic key is the output from the preceding round, wherein the white-box implementation of the cryptographic function only produces a correct output for the M possible input messages and produces an incorrect output for input messages that are not one of the M possible input messages.

Abstract: Systems, methods, circuits and computer-readable mediums for message authentication with secure code verification are provided. In one aspect, a system includes a client device storing a code and a security device coupled to the client device. The security device is configured to receive a property of the code generated by the client device, verify correctness of the property of the code based on information associated with the code to determine that the code is an authorized code, the information being stored within the security device. In response to determining that the code is the authorized code, the security device enables to access data stored within the security device and generate a property of a message based on the data.