Abstract: Embodiments described herein are implemented in authentication brokering systems where an authentication broker issues security tokens that represent its authentications of users. Client devices operated by the users store the security tokens and send them to resource providers. The resource providers authenticate and grant access to the users based on validation of the security tokens. Authentication related messages exchanged between the resource providers and the authentication broker are used to exchange authentication risk data that is obtained or derived by the resource providers and the authentication broker. The resource providers obtain authentication risk data directly from the authentication broker and indirectly, via the authentication broker, from each other. As security tokens are used or managed, authentication risk data is shared among the participants in the authentication brokering system.

Abstract: A system and method for Media Resource Control Protocol (MRCP) access control for a mobile device. An entity requesting to utilize MRCP resources establishes a relationship with a MRCP resource provider. The MRCP resource provider maintains account information for the entity, and the entity receives a unique account number for identification purposes. The entity requests from the MRCP resource provider generation of at least one MRCP access PIN associated with the account information, and provides a data string associated with the MRCP access PIN to the MRCP resource provider.

Abstract: A compiled security program is received, for example, by an electronic tool. The compiled security program is in a form that is generally unreadable to a human user. The compiled program is automatically and electronically analyzed to determine permissible computer function calls that can be made by the security program. A security policy is generated by the analysis. Subsequently, the security policy can be utilized by an operating system. The operating system compares the sys calls requested by the security program as the program is executed. If the requested sys call does not match the approved sys calls, then an action can be taken.

Abstract: In one example, a method includes defining a token protocol, creating, based on the token protocol, a set of tokens, each of the tokens being associated with data of an encrypted dataset, where the tokens exclude positional information regarding the data with which they are associated, encrypting the tokens, and creating an encrypted search index that includes the encrypted tokens.

Abstract: A method, system and software for assessing an entity (15) at a first user terminal (13) connected to a data network (10). A control system (11) is used to receive an access request (101) from the entity (15) or an assessing user (16) at a second user terminal (14). The control system (11) invokes or facilitates transmission of a time-delimited sequence of unpredictable prompts (18) to the entity (15) for a performance of visible prompted actions (20). A video recording (21) of the prompted action performance is stored in a data store (61) and the control system performs an automated assessment of the video recording (21) by a gesture recognition system (67d) and generates an assessment signal respectively including a positive or negative indication of whether or not said entity (15) validly performed said prompted actions.

Abstract: According to one embodiment, an authentication system includes an authentication device. The authentication device includes a biometric scanner, a processor, and an interface. The biometric scanner receives biometric data for a user. The processor authenticates the user by comparing the received biometric data for the user to predetermined biometric information for the user. The processor generates an authentication token in response to the authentication. The processor continuously authenticates the user. The interface communicates the authentication token to a content providing device, the authentication token indicating the authentication of the user. The interface receives content from the content providing device in response to the authentication token.

Abstract: A user manages security of one or more user devices by manipulating one or more sensors located in the user's mouth in a predetermined pattern corresponding to a password. The matching of the predetermined pattern to the password unlocks at least a portion of at least one user device.

Abstract: The disclosed computer-implemented method for managing computing device access to local area computer networks may include (i) receiving, at a router computing device, a request to connect a client computing device to a local area computer network, (ii) determining whether the client computing device has prior authorization to connect to the local area computer network, (iii) sending, when the client computing device is determined to not have prior authorization, a request to an administrator computing device for authorization to connect the client computing device to the local area computer network, (iv) receiving, from the administrator computing device, an instruction to allow the client computing device to connect or to block the client computing device from connecting, and (v) performing a security action to block or allow the client computing device's request based on the instruction. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system of a first network, which is intermediate a second network and a third network, connects a host of the second network to a host of the third network. The system includes at least one processor programmed to receive a domain name service (DNS) request for a hostname corresponding to the host of the third network from the host of the second network. An internet protocol (IP) address of the first network allocated and an IP address of the host of the third network is determined from the hostname. The allocated IP address is mapped to the determined IP address and the allocated IP address is returned to the host of the second network in response to the DNS request.

Abstract: A configuration is received for an agent associated with an application to monitor application transactions. The agent monitors incoming and outgoing application transactions using the agent and transmits monitored transaction data to a monitoring server for anomalous transaction detection. The agent receives instructions from the monitoring server to perform an action based on the transmitted monitored transaction data and reports the status of the performed action to the monitoring server.

Abstract: A request is received for personal data associated with a user from an application. One or more policies are established for release of the requested personal data. The requested personal data is provided to the application in encrypted form. One or more decryption keys are then sent to the application in accordance with the established policies, the one or more decryption keys being utilizable for decrypting the encrypted personal data.

Abstract: Provided is a device that performs wireless communication with a second communication terminal via a server, the device including a communication determiner that determines whether to perform communication in a long-range wireless communication mode, which is a communication mode for communicating with the second communication terminal by using the server; a communicator, which, based on the determination, transmits a connection request to the server and receives a response message including authentication information for establishing communication with the second communication terminal from the server; and a controller, which controls the first communication terminal to perform wireless communication with the second communication terminal in response to the response message.

Abstract: A system and method for selectable privacy modes are disclosed. A plurality of privacy mode definitions are stored with each privacy mode definition including a respective control state definition for each function in a plurality of functions of an electronic device. The plurality of functions includes at least two of communications functions, sensor functions, application functions, or combinations of these. An input indicating a selected privacy mode definition from within the plurality of privacy mode definitions is received. A respective control state of each function in the plurality of functions is set based on each respective control state definition in the selected privacy mode definition.

Abstract: A system for detecting an advanced persistent threat (APT) attack on a private computer network includes hosts computers that receive network traffic and process the network traffic to identify an access event that indicates access to a critical asset of an organization that owns or maintains the private computer network. The critical asset may be a computer that stores confidential data of the organization. Access events may be stored in an event log as event data. Access events indicated in the event log may be correlated using a set of alert rules to identify an APT attack.

Abstract: An apparatus in one embodiment comprises at least one processing device having a processor coupled to a memory. The processing device implements a messaging policy enforcement server that receives from a first client device metadata of an encrypted message to be sent from the first client device to a second client device. The received metadata comprises a first key utilized by the first client device to encrypt the message with the first key being encrypted utilizing a second key associated with the second client device. The messaging policy enforcement server processes the received metadata to determine one or more policies applicable to the encrypted message and to generate a further encrypted version of the encrypted first key utilizing one or more additional keys corresponding to the one or more policies. The further encrypted version of the encrypted first key is sent to the second client device in modified metadata of the encrypted message.

Abstract: A user manages security of one or more user devices by manipulating one or more sensors located in the user's mouth in a predetermined pattern corresponding to a password. The matching of the predetermined pattern to the password unlocks at least a portion of at least one user device.

Abstract: Embodiments of the present invention may involve providing security to a computing device. The providing security to a computing device may involve performing crypto-operations. A security system may include a central processing unit and a pre-processing unit. The pre-processing unit may be configured for receiving an incoming encapsulated request, parsing header infrastructure information of the encapsulated request, decapsulating the request, and providing the decapsulated request to the central processing unit for further processing.

Abstract: The present disclosure discloses a system and method for providing multi-factor authorization for IEEE 802.1x-enabled networks. Specifically, a network device authenticates a client device to obtain access to network resources in a network via a network authentication protocol. The network device then detects a device quarantine trigger indicating an increased level of suspicion that a current user of the client device is a non-authenticated user. In response to the device quarantine trigger, the network device temporarily places the client device from an authenticated state to a quarantined state pending completion of a particular workflow by the current user. The client device has limited access to the network resources while in the quarantined state regardless of a previous successful user and/or device authentication.

Abstract: A system that incorporates teachings of the subject disclosure may include, for example, a method for detecting, by a first device including a least one processor and a first Universal Integrated Circuit Card (UICC), a second device having a second UICC, detecting, by the first device, that the second UICC is unprovisioned, selecting, by the first device, one of a plurality of selectable options, where the selection identifies a first network operator selected from a plurality of network operators, receiving, by the first device, first credential information of the first network operator, and transmitting, by the first device, to the second device the first credential information for enabling the second device to facilitate establishment of communication services with network equipment of the first network operator according to the first credential information. Other embodiments are disclosed.

Abstract: A processing device in one embodiment comprises a processor coupled to a memory and is configured to obtain a plurality of security alerts in a computer network, to process the security alerts to extract a plurality of markers from each of the security alerts, to compute at least one relevance score relating a given one of the security alerts to another one of the security alerts based at least in part on distance measures computed between markers shared by the given security alert and the other security alert, and to adjust at least one operating characteristic of a network security system of the computer network based at least in part on the relevance score. The relevance score may be computed as a function of a number of markers shared by the given security alert and the other security alert.