Abstract: Systems and methods are provided for a media provider to allow a user to access media objects with a third-party partner that authenticates the user and authorizes the user to access certain media objects. The media provider offers access to media objects, such as video content or audio content. The partner, through a relationship with the media provider, similarly offers access to the media provider's media objects, for example, as a service or benefit to the partner's customers or users. In particular, a partner integration server mediates user authentication and authorization by the partner. The partner integration server also allows the media provider to easily and flexibly to add and integrate additional partners.

Abstract: Cyberattacks are rampant and can play a major role in modern warfare, particularly on a widely adopted platforms such as the MIL-STD-1553 standard. To protect a 1553 communication bus system from attacks, a trained statistical or machine learning model can be used to monitor commands from a bus controller of the 1553 communication bus system. The statistical and/or machine learning model can be trained to recognize communication anomalies based at least on the probability distribution of patterns of one or more commands. The statistical model can be stochastic model such as a Markov chain that describes a sequence of possible commands in which the probability of each command depends on the occurrence of a group of one or more commands.

Abstract: Aspects of the disclosure relate to preventing unauthorized access to secured information systems. A computing platform may receive, from an end user desktop computing device, a request to login to a user account associated with a user account portal. In response to receiving the request, the computing platform may generate an authentication token in an authentication database and may send a notification to at least one registered device linked to the user account. After sending the notification, the computing platform may receive, from the at least one registered device, an authentication response message. If the authentication response message indicates that valid authentication input was received, the computing platform may update the authentication token to indicate that the request to login to the user account has been approved. After updating the authentication token, the computing platform may provide, to the end user desktop computing device, access to a portal interface.

Abstract: A method includes: accessing an attack record defining actions representing a previous known attack on a second computer network; initializing an attack graph; for each action, defining a set of behaviors—analogous to the action and executable by an asset on a target network to emulate an effect of the action on the second computer network—and storing the set of behaviors in a node in the attack graph; connecting nodes in the attack graph according to an order of actions in the known attack; scheduling the asset to selectively execute analogous behaviors stored in the set of nodes in the attack graph; accessing alerts generated by a set of security tools deployed on the target network; and characterizing vulnerability of the target network based on alerts, in the set of alerts, indicating detection and prevention of behaviors executed by the asset according to the attack graph.

Abstract: Preventing misuse of a cryptographic key by receiving a request to carry out a cryptographic operation using a cryptographic key from a requesting entity, distributing the request to a quorum comprising multiple computerized devices, receiving a decision from the multiple computerized devices on whether or not the cryptographic operation using the cryptographic key is allowed, and carrying out the cryptographic operation using the cryptographic key according to the decision from the multiple computerized devices.

Abstract: A computer-implemented method is for providing a digital certificate to a device. In an embodiment, the method is based on receiving, from the device, authentication data via a secure communication channel. Furthermore, the method is based on receiving, from the device, or determining, by the server, a first certificate identifier. In particular, the first certificate identifier is a hash value. Further aspects of the method are verifying the authentication data and receiving, from the device, a first public key created by the device. In an embodiment, the method is furthermore based on sending a first certificate signing request related to a first domain name based on the first public key to a certificate authority. Herein, the first domain name comprises the certificate identifier, and a domain related to the first domain name is controlled by the server. In particular, the first domain name is a wildcard domain.

Abstract: A system includes an interface and a processor. The interface is configured to receive, at an application routing platform, an API call for an application platform comprising a signed tenant token. The processor is configured to determine that the signed tenant token is valid; determine an application platform token for the application platform; associate a root certificate with the application platform token; determine routing information to the application platform based at least in part on the API call; and provide the application platform the API call and the application platform token using the routing information to enable access to the application platform, wherein the application platform determines whether the application platform token is valid using the root certificate and executes the API call in response to a determination that the application platform token is valid.

Abstract: Examples disclosed herein relate to processing health information of a computing device according to a deep learning model to determine whether an anomaly has occurred. Multiple computing devices can be part of a system. One of the computing devices includes a host processing element, a management controller separate from the host processing element, and a deep learning model that includes parameters that are trained to identify anomalistic behavior for the computing device. The management controller can receive health information from multiple components of the computing device and process the health information according to the deep learning model to determine whether an anomaly occurred.

Abstract: A power is computed at high speed with a small number of communication rounds. A secret computation system that includes three or more secret computation apparatuses computes a share [a?] of the ?-th power of data “a” from a share [a] of data “a” while data “a” is concealed. The share [a] of data “a” and an exponent ? are input to an input unit (step S11). A local operation unit computes the pu-th power of a share [at] of the t-th power of data “a” without communication with the other secret computation apparatuses (step S12). A secret computation unit uses secret computation that requires communication with the other secret computation apparatuses to compute a multiplication in which at least one of the multiplicands is [ a ( t * p ^ u ) ] , the computation result of the local operation unit, to obtain the share [a?] (step S13). An output unit outputs the share [a?] (step S14).

Abstract: The technology disclosed describes a system. The system comprises a network security system interposed between clients and cloud applications. The network security system is configured to process an incoming request from a client and generate metadata. The network security system is further configured to transmit the incoming request to a cloud application. The network security system is further configured to configure the metadata to expire after an expiration window. The network security system is further configured to receive, after the expiration window, a further incoming request from the client. The further incoming request is directed towards the cloud application and subject to policy enforcement that requires the expired metadata. The network security system is further configured to hold the further incoming request and transmit a synthetic request to the cloud application. The synthetic request is configured to retrieve the expired metadata from the cloud application.

Abstract: Disclosed are hybrid authentication systems and methods that enable users to seamlessly sign-on between cloud-based services and on-premises systems. A cloud-based authentication service receives login credentials from a user and delegates authentication to an on-premises authentication service proxy. The login credentials can be passed by the cloud-based authentication service to the on-premises authentication service proxy, for instance, as an access token in an authentication header. The access token can be a JavaScript Object Notation (JSON) Web Token (JWT) token that is digitally signed using JSON Web Signature. Some embodiments utilize a tunnel connection through which the cloud-based authentication service communicates with the on-premises authentication service proxy. Some embodiments leverage an on-premises identity management system for user management and authentication.

Abstract: Malware is detected and mitigated by differentiating HTTP error generation patterns between errors generated by malware, and errors generated by benign users/software. In one embodiment, a malware detector system receives traffic that includes HTTP errors and successful HTTP requests. Error traffic and the successful request traffic are segmented for further analysis. The error traffic is supplied to a clustering component, which groups the errors, e.g., based on their URI pages and parameters. During clustering, various statistical features are extracted (as feature vectors) from one or more perspectives, namely, error provenance, error generation, and error recovery. The feature vectors are supplied to a classifier component, which is trained to distinguish malware-generated errors from benign errors. Once trained, the classifier takes an error cluster and its surrounding successful HTTP requests as inputs, and it produces a verdict on whether a particular cluster is malicious.

Abstract: The present invention is generally directed to the detection of an intrusion event in a computer network and a control network. More particularly, the present invention provides a system, framework, architecture, etc. for intrusion detection functions for network elements and control elements used in high demand and/or mission critical environments, including, but not limited to, power stations, sub-stations, intelligent transportation systems (ITS), rail, traffic control systems, chemical, oil & gas, critical manufacturing, and industrial applications.

Abstract: Method and apparatus are disclosed for attack tolerant implementations of public key digital signatures based on a cloud of dedicated local devices. A system includes a first security device, a second security device, and a computing device remote from the first and second security devices. The first security device stores a first private key and, in response to receiving a message, generates a first signature based on a message received from the computing device and the first private key. The second security device stores a second private key that is independent from the first private key and, in response to receiving a message, generates a second signature based on a message received from the computing device and the first private key. The computing device generates a composite cryptographic signature based on the first signature and the second signature.

Abstract: An apparatus and method for mapping user-associated data to an identifier. The apparatus includes a processor configured to store a plurality of user identifiers. User identifiers may be determined by way of user or by machine-learning modules or the like. Apparatus receives user-associated data from a user to be stored in a resource data storage system. User-associated data may include a plurality of data sets to be mapped to an identifier. Mapping a data set to an identifier may be user determined or use a machine-learning module. Apparatus is configured to update the immutable sequential listing associated with the data set with the mapped identifier.

Abstract: Apparatus and method for local authentication of a collection of processing devices, such as but not limited to storage devices (e.g., SSDs, etc.). In some embodiments, an edge computing device is coupled between the collection of processing devices and an external network. The edge computing device performs a network authentication over the external network with a remote server using an edge token. The edge computing device further performs a local authentication of the collection using storage tokens of the respective processing devices, with the local authentication not utilizing the external network or the remote server. Both the edge token and the storage tokens may be generated from a client token of a client device.

Abstract: An attack communication detection device that is robust against a deviation from the design value of a communication interval is provided.

Abstract: Various embodiments of the present application set forth a computer-implemented method that includes generating, based on a resource file stored at an endpoint device, a credential data packet for authenticating with a first application executing in a first network, where the resource file includes a set of encryption keys associated with a plurality of applications including the first application, and where the credential data packet is encrypted with a device key signed by the endpoint device, and the credential data packet is signed by an endpoint device management (EDM) key extracted from the set of encryptions keys included in the resource file, sending, by the endpoint device, the credential data packet to the first application via a trusted communication channel, and receiving, by the endpoint device and in response to the credential data packet, an authorization packet from the first application via the trusted communication channel.

Abstract: A method for displaying an attack vector available to an attacker of a networked system including a plurality of network nodes. One or more penetration tests of the networked system are carried out, by a penetration testing system. Based on results of the penetration tests, the attack vector available to an attacker of the networked system is identified. A critical path of the attack vector is determined, and is displayed by displaying the network nodes included in the critical path as a continuous ordered sequence of network nodes. In some embodiments, one or more auxiliary paths of the attack vector may be determined, and may be displayed.

Abstract: One variation of a method for emulating a known attack on a computer network includes: generating a set of data packets by recombining packet fragments within a packet capture file representing packet fragments transmitted between machines during a prior malicious attack on a second network; defining transmission triggers for transmission of the set of data packets between pairs of agents connected to a target network based on timestamps of packet fragments in the packet capture file; initiating transmission of the set of data packets between the pairs agents according to the set of transmission triggers to simulate the malicious attack on the target network; and, in response to absence of a security event related to the simulation in a log of a security technology deployed on the target network, generating a prompt to reconfigure the security technology to respond to the malicious attack.