Abstract: A computer-implemented security system and method provides signature pathway authentication and identification. The system and method include establishing a user-defined cognitive signature pathway through multiple graphical zones of a graphical user interface. The signature pathway enables authorized user access to an otherwise secured location. Subsequent entries of the signature pathway entered via the graphical user interface are then validated. For all valid entries of the signature pathway, user access is allowed to the secured location.

Abstract: This application relates to a client-server architecture that enables user accounts registered with a service to be discoverable to other users of the service. A discovery protocol includes accessing personal information data stored in an address book of a client device, obfuscating the personal information data, transmitting a request to a service to determine if the obfuscated personal information data matches any potential contacts that have registered as discoverable with the service, and comparing information related to the potential contacts with the contacts included in the address book to determine if the contacts in the address book match any of the potential contacts.

Abstract: A method may include receiving a request to obtain a data file from a nearest remote computing system in a blockchain network and requesting a transaction history of the data file from the blockchain network. The method may also include determining the nearest remote computing system to the requesting computing system based on the transaction history, where the nearest remote computing system stores a copy of the transaction history and the data file and determining the data file stored on the nearest remote computing system is the same as the requested data file by comparing a first hash value associated with the requested data file to a second hash value associated with the data file stored on the nearest remote computing system. The method may also include receiving the requested data file from the nearest remote computing system; and sending the requested data file to the requesting computing system.

Abstract: A method performed by a network device includes: receiving an input indicating a change in an auxiliary network from a first configuration to a second configuration, wherein the auxiliary network is configured to obtain copies of packets from a traffic production network; determining a first network policy, wherein the first network policy is for application in the auxiliary network when the auxiliary network is in the first configuration; and determining a second network policy by the network device based on the received input and the first network policy, wherein the second network policy is for application in the auxiliary network when the auxiliary network is in the second configuration.

Abstract: Methods and apparatus are disclosed for security event detection through virtual machine introspection. Example methods involve monitoring usage of a plurality of resources by a first virtual machine executing on a computing device by a monitoring agent, the monitoring agent executing on the computing device separate from the first virtual machine. Example methods further involve detecting a potential security event by comparing the usage of the plurality of resources to resource usage patterns. Example methods further involve assigning a severity level to the detected potential security event, and initiating a security action defined for the assigned severity level.

Abstract: A device may receive behavior information that identifies a first user, of a first set of users, in association with a behavior. The behavior may relate to one or more requests, from a client device being used by the first user, to access a network resource. The device may determine, based on a model, whether the behavior is normal. The model may include a normal behavior pattern based on behavior information associated with the first set of users. The device may provide an instruction to allow the client device to proceed with the behavior or provide an instruction to disallow the client device from proceeding with the behavior based on determining whether the behavior is normal. The device may update the model based on the behavior information that identifies the first user and that identifies the behavior.

Abstract: For secure communications, a processor determines if a correspondent device is trusted. In response to the correspondent device not being trusted, the processor terminates communications with the correspondent device. In response to the correspondent device being trusted, the processor exchanges unencrypted communications with the correspondent device over an IP interface.

Abstract: Systems and methods provide for communication of transaction data that is formatted according to a transaction type that is support by an access device. First transaction data may be formatted according to a first type of transaction supported by a first access device and second transaction data may be formatted according to a second type of transaction supported by a second access device. The first transaction data may be transmitted over a first communication link to the first access device and the second transaction data may be transmitted to the second access over a second communication link.

Abstract: Provided are systems and methods for hardware attestation. Hardware attestation can ensure that only trusted hardware components are being used in a computing system. In various implementations, the computing system can include a hardware component coupled to the motherboard, where the hardware component is independent of the main processor of the computing system. The hardware component can determine whether a particular component connected to the motherboard includes an identification code, where the identification code can be used to attest to an identity of the particular component. The hardware component can further determining whether the identification code matches an expected value. The hardware component can further configure the particular component based on whether the identification code matches the expected value.

Abstract: A compute resource provider system is shown having an encryption agent that obtains a cryptographic key for a virtual machine and sends the cryptographic key to a host agent. The host agent receives the cryptographic key from the encryption agent and stores the received cryptographic key to a user key vault. The host agent generates a key vault secret reference (KVSR) locator pointing to the cryptographic key stored in the user key vault, associates the KVSR with the virtual diskset, and sends a success message to the encryption agent. The encryption agent receives the success message from the host and, responsive thereto, encrypts the virtual diskset using the cryptographic key. Subsequently, another host agent uses the KVSR to obtain the cryptographic key from the key vault and boot the virtual machine with the encrypted virtual diskset.

Abstract: A provider network includes a service that creates virtual private network (VPN) endpoint nodes. Application programming interfaces are available that the creation of VPN endpoint nodes, peer them together, and attach them to respective virtual private networks to thereby establish communication tunnels between pairs of virtual private networks. Each VPN endpoint node may be implemented as a fault tolerant endpoint node in which the node is created as a plurality of virtual machines. Each of the virtual machines is configured from a common machine image that includes software capable of causing the respective virtual machine to configure a tunnel such as an IPSec tunnel. One of the virtual machines, however, is operated in an active mode, while another virtual machine is configured to operate in a standby mode.

Abstract: In a network system (100) for wireless communication an enrollee (110) accesses the network via a configurator (130). The enrollee acquires a data pattern (140) that represents a network public key via an out-of-band channel by a sensor (113). The enrollee derives a first shared key based on the network public key and the first enrollee private key, and encodes a second enrollee public key using the first shared key, and generates a network access request. The configurator also derives the first shared key, and verifies whether the encoded second enrollee public key was encoded by the first shared key, and, if so, generates security data and cryptographically protects data using a second shared key, and generates a network access message. The enrollee processor also derives the second shared key and verifies whether the data was cryptographically protected and, if so, engages the secure communication based on the second enrollee private key and the security data.

Abstract: A computer implemented method of correlating between detected access events to access client terminals in a monitored location and physical activity of people in the monitored location, comprising detecting one or more access events to access one or more of a plurality of client terminals located in a monitored location and operatively connected to a first network, obtaining sensory activity data from one or more activity detectors deployed in the monitored location to capture physical activity of people in the monitored location wherein the activity detector(s) are operatively connected to a second interconnection isolated from the first network, analyzing the sensory activity data to identify a spatiotemporal activity pattern of one or more persons in the monitored location, correlating between the access event(s) and the spatiotemporal activity pattern(s) to validate the access event(s) and initiating one or more actions according to the validation.

Abstract: In some examples, a system receives anomaly scores regarding an entity from a plurality of detectors, produces a weighted anomaly score for the entity based on the anomaly scores and respective weights assigned to the plurality of detectors, the weights based on historical performance of the plurality of detectors, determines an impact based on a context of the entity, wherein the impact is indicative of an effect that the entity would have on a computing environment if the entity were to exhibit anomalous behavior, and computes a risk score for the entity based on the weighted anomaly score and the determined impact.

Abstract: Disclosed herein are embodiments of systems and methods for zero-knowledge multiparty secure sharing of voiceprints. In an embodiment, an illustrative computer may receive, through a remote server, a plurality of encrypted voiceprints. When the computer receives an incoming call, the computer may generate a plaintext i-vector of the incoming call. Using the plaintext i-vector and the encrypted voiceprints, the computer may generate one or more encrypted comparison models. The remote server may decrypt the encrypted comparison model to generate similarity scores between the plaintext i-vector and the plurality of encrypted voiceprints.

Abstract: A system and method for automatically completing one or a plurality of computer forms is disclosed using personal data from a local source. The form completion tool is initiated by a user to automatically complete in the one or multiple forms using personal data and code stored in user's personal computing devices. The personal data is independent of source of forms, obtained from the user with their authorization, and stored in a predefined format on the personal computing device. The code is independent of personal data and specific to each source of forms. The form completion tool may encrypt and decrypt the personal data when needed using an authentication technique to assure the identity and authority of the user to read or write the personal data.

Abstract: A system for secure network access by unattended devices is described. The system describes how unattended devices that have encrypted data at rest and/or require secure authentication to an open network may procure the access credentials for authentication and/or decryption. With these access credentials, then the unattended devices may exchange information with and/or receive updates from servers on the network.

Abstract: A system, method, and computer program product are provided for end-to-end security of centrally accessible group membership information. In use, membership information defining a user group in a messaging system is accessed from a central server, where the membership information includes (1) at least one change to members of the user group, and (2) for each change of the at least one change, a digital signature of a user that made the change. Additionally, a verification process on the membership information is performed, including: for each change of the at least one change, verifying the digital signature of the user that made the change. Further, members of the user group are determined, as a result of the verification process, and at least one action is performed in association with the members of the user group.

Abstract: Some embodiments provide a method for an electronic device. The method receives, through a communication address, an invitation to access a shared data asset via a cloud services platform. When the communication address is not associated with any account on the cloud services platform, the method identifies whether the device is associated with a cloud services account. When the device is associated with a cloud services account, the method prompts for input of a password for the cloud services account in order for the communication address to be associated with the cloud services account and for access to be enabled to the shared data asset.

Abstract: Identifying and detecting threats to an enterprise system groups log lines from enterprise data sources and/or from incoming data traffic. The process applies artificial intelligence processing to the statistical outlier in the event of the statistical outliers comprises a sparsely labelled real data set, by receiving the sparsely labelled real data set for identifying malicious data and comprising real labelled feature vectors and generating a synthetic data set comprising a plurality of synthetic feature vectors derived from the real, labelled feature vectors. The process further identifies the sparsely labelled real data set as a local data set and the synthetic data set as a global set. The process further applies a transfer learning framework for mixing the global data set with the local data set for increasing the precision recall area under curve (PR AUC) for reducing false positive indications occurring in analysis of the threats to the enterprise.