Abstract: A terminal authentication method comprises sending, by a terminal by using a first application, an HTTP traffic request; receiving an HTTP traffic response that includes a JavaScript tag and that is sent by an access device; obtaining an address of a portal server from the JavaScript tag by using the first application; and performing the terminal's authorization and authentication based on the address of the portal server.

Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.

Abstract: A communication system and method for the utilization of authentication protocols to authenticate computing devices. An authentication service provider can authenticate a computing device after a first authentication by an authentication protocol. Computing devices can use the authentication to receive additional credential to access one or more service providers.

Abstract: A digital authentication system includes an authentication device and a central computer device. The authentication device includes a signal identification module, a display, and a signal feedback unit. The central computer device includes an authentication module and a communication module. The authentication module includes at least one positioning location information, at least one authentication licensing information, and at least one time information. The communication module is configured to transmit the positioning location information and the time information to the authentication device. The authentication device is configured to activate the signal identification module according to the positioning location information and the time information. When the activated signal identification module receives an external authentication signal, the display displays an authentication result, and the signal feedback unit returns an authentication license to the central computer device.

Abstract: A multi-port PUF circuit based on MOSFET current division deviations comprises a reference source, a row decoder, a column decoder, a timing controller and 32 PUF arrays. Each PUF array comprises 512 PUF cells arranged in 128 rows and 4 columns, an arbiter, a 1st inverter, a 2nd inverter, a 3rd inverter, a 4th inverter and eight transmission gates. The reference source is connected to the PUF arrays. The mth output terminal of the row decoder is connected to the mth row selective signal input terminals of the 32 PUF arrays. The jth output terminal of the column decoder is connected to the jth selective signal input terminals of the 32 PUF arrays. The 1st output terminal of the timing controller is connected to the control terminal of the row decoder. The 2nd output terminal of the timing controller is connected to the control terminal of the column decoder. The multi-port PUF circuit has the advantages of small circuit area and low power consumption while ensuring circuit performance.

Abstract: An apparatus and method for performing operation being secure against side channel attack are provided. The apparatus and method generate values equal to values obtained through an exponentiation operation or a scalar multiplication operation of a point using values extracted from previously generated parameter candidate value sets and an operation secure against side-channel attack, thereby improving security against side-channel attack without degrading performance.

Abstract: When tenants migrate data from on-premises archiving solutions to a hosted service, tenants should maintain just enough data for compliance purposes and dispose of data that is no longer needed to reduce overall liability and compliance risk exposure. Embodiments are directed to providing selective import of data to a hosted service through a security and compliance system associated with the hosted service to reduce overall liability and compliance risk exposure. Data, usage pattern and security compliance policies associated with a tenant of the hosted service may be analyzed. A model for importing tenant data may be created based on the analysis. A suggestion may be presented to the tenant based on the model, where the suggestion includes a filter for importing tenant data. In response to receiving a confirmation to implement the suggestion, the filter may be applied to the tenant data as it is imported to the hosted service.

Abstract: Systems and processes for automatically configuring user authentication rules for each of a plurality of users for use in transactions. A neural network engine receives first party preferences data from a first party computer that includes user authentication requirement criteria associated with a plurality of transaction types, and receives at least two of user behavior data, user historical data, authenticator data associated with a mobile device of the user, and mobile device metadata. The neural network engine then generates an output value based on this data, transmits the output value to a score comparator for comparison to a required score specified by the first party, and receives feedback data from the score comparator when the output value is not within a tolerance of the required score. When the output value is within the tolerance, then the neural network engine generates user authentication rules recommendations and transmits them to the first party computer.

Abstract: In some examples, with respect to zone based key version encoding, data that is to be encrypted may be ascertained, and a key, including a key version, that is to be used to encrypt the ascertained data may be ascertained. Encrypted data may be generated by encrypting the ascertained data based on the ascertained key, and a zone representing the key version may be determined. Further, encrypted zoned data may be generated by applying the determined zone to the encrypted data to encode the key version, and the encrypted zoned data including the encoded key version may be stored.

Abstract: A computer-implemented method and computer program product for protecting a computer-driven system from a security threat. The computer-driven system includes a processor host running an operating system in a virtualized environment in communication over a network with a plurality of electronic devices. A set of protocols governs communications over the network between the processor and the devices. The method includes receiving a driver call made to a specific driver, the driver call being generated by the operating system in response to a system call made by an application as well as interrupting transmission of the driver call to the specific driver; and performing a series of paravirtualization processes.

Abstract: For remediation of security incidents occurring in a network, forensic data which is collected from devices connected to a network is analyzed. A security incident is detected based on the analysis of the forensic data. Based on detecting the security incident, a source which is affected by the security data is identified based, at least in part, on attributes of the forensic data. The affected source is isolated from the network. Information about the affected source in association with an indication of the security incident and an indication of the isolating is stored.

Abstract: Disclosed are a malicious code deactivating apparatus and a method of operating the same. The malicious code deactivating apparatus and the method of operating the same provide a high security malicious code deactivating apparatus for preliminarily performing a malicious code inspection on a target process and then executing the target process in a terminal unit, by including a monitor, a comparator, a controller, an analyzer, and a storage.

Abstract: A computer system encodes a plurality of components of a data set into a probabilistic data structure and digitally signs the probabilistic data structure. The computer system provides the digital signature for the probabilistic data structure and the probabilistic data structure to various entities. An entity can verify an individual component of the data set within the probabilistic data structure by verifying the individual component against the probabilistic data structure and the digital signature of the probabilistic data structure.

Abstract: An authentication system includes a processor, a non-transitory computer readable medium, and one or more programs stored on the computer readable medium, where the processor, under control of the programs implements at least one neural network trained to produce first feature vectors from facial features extracted from a population of first facial images and, after training, configured to produce a second feature vector from facial features extracted from a second facial image, a discriminative classifier trained to identify closely matching ones of the first feature vectors and configured to identify whether at least one first feature vector and the second feature vector meet a correlation threshold. The authentication system may also include an access interface configured to allow access if the correlation threshold is met.

Abstract: A cloud-based method of service function chaining using Security Assertion Markup Language (SAML) assertions includes receiving configuration information related to any of users, services, and correspondence between the users and the services; responsive to a request from a user, generating a SAML assertion for the request and attaching a stack of service tags with the SAML assertion, wherein the stack of service tags defines a service chain for the user and for the request; and providing the SAML assertion with the stack of service tags to the user in response to the request. The method can further include providing the SAML assertion by the user to one or more services, wherein each of the services creates a context based on the stack of service tags. Each of the services identifies itself in the stack and sends the SAML assertion to a next service or application in the stack.

Abstract: A system for a dynamically evolving cognitive architecture for the development of a secure key and confidence level based data derived from biometric sensors and a user's behavioral activities. The system comprises one or more processors, one or more sensors, one or more databases, and non-transitory computer readable memory. The non-transitory computer readable memory comprises a plurality of executable instructions wherein the instructions, when executed by the one or more processors, cause the one or more processors to process operations comprising creating a set of policies based on user data sets and inputs, creating a faceted classification, establishing a Trust Level, processing sensor data, comparing data to one or more databases, correlating data, updating Trust Levels, updating security keys, and storing the keys in memory. In certain embodiments, the stored data is used to create a usage schema independent from a user's actual identity.

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

Abstract: Systems, methods, and computer-readable storage devices storing instructions for homomorphic encryption via finite ring isomorphisms are provided. An example method includes selecting a polynomial f(x) of exact degree n with small coefficients in a ring Fq[x] and selecting a polynomial h(y) of exact degree n in a ring Fq[y]. The method includes constructing an isomorphism from the ring Fq[x]/(f(x)) to the ring Fq[y]/(h(y)) and constructing an inverse isomorphism from the ring Fq[y]/(h(y)) to the ring Fq[x]/(f(x)). The method includes encrypting a message using said isomorphism from the ring Fq[x]/(f(x)) to the ring Fq[y]/(h(y)) and transmitting the encrypted message to a remote computer. The method also includes receiving one or more encrypted response messages from the remote computer based at least in part on the transmitted message and decrypting the one or more encrypted response messages.

Abstract: A malicious object detection system for use in managed runtime environments includes a check circuit to receive call information generated by an application, such as an Android application. A machine learning circuit coupled to the check circuit applies a machine learning model to assess the information and/or data included in the call and detect the presence of a malicious object, such as malware or a virus, in the application generating the call. The machine learning model may include a global machine learning model distributed across a number of devices, a local machine learning model based on use patterns of a particular device, or combinations thereof. A graphical user interface management circuit halts execution of applications containing malicious objects and generates a user perceptible output.

Abstract: A user authentication method includes receiving a first input image including information on a first modality; receiving a second input image including information on a second modality; determining at least one first score by processing the first input image based on at least one first classifier, the at least one first classifier being based on the first modality; determining at least one second score by processing the second input image based on at least one second classifier, the at least one second classifier being based on the second modality; and authenticating a user based on the at least one first score, the at least one second score, a first fusion parameter of the at least one first classifier, and a second fusion parameter of the at least one second classifier.