Abstract: A universal access method performed by a mobile device includes receiving a signal from a security access point that requests authentication information from the mobile device through near field communication (NFC), selecting one of first authentication information and second authentication information corresponding to the security access point, and transferring the selected authentication information to the security access point through NFC.

Abstract: A configuration is received for an agent associated with an application to monitor application transactions. The agent monitors incoming and outgoing application transactions using the agent and transmits monitored transaction data to a monitoring server for anomalous transaction detection. The agent receives instructions from the monitoring server to perform an action based on the transmitted monitored transaction data and reports the status of the performed action to the monitoring server.

Abstract: Source code of a plurality of web pages including script code is statically analyzed. A page including a potential vulnerability is identified based on the static analysis. A page not including a potential vulnerability is identified based on the static analysis. The web page including the potential vulnerability is dynamically analyzed using a set of test payloads. The page not including the potential vulnerability is dynamically analyzed using a subset of the set of test payloads, the subset including fewer test payloads than the set of test payloads.

Abstract: Source code of a plurality of web pages including script code is statically analyzed. A page including a potential vulnerability is identified based on the static analysis. A page not including a potential vulnerability is identified based on the static analysis. The web page including the potential vulnerability is dynamically analyzed using a set of test payloads. The page not including the potential vulnerability is dynamically analyzed using a subset of the set of test payloads, the subset including fewer test payloads than the set of test payloads.

Abstract: Confirming access for a user includes capturing an image of the user, capturing information on an identity badge worn by the user, and denying access to a resource in response to the information being inconsistent with the image. Confirming access for a user may also include denying access in response to the information being inconsistent additional information about the user stored in a database. The information may include a picture of the user. The resource may include access to an area. The resource may include access to a computer. Confirming access for a user may also include, following allowing access to the computer, periodically recapturing the image of the user and recapturing the information on the identity badge and denying access to the computer in response to the information being inconsistent with the image. The information may include a visual code that identifies the user.

Abstract: A system includes a first network with a first computer and a first release computer; a second network with a second computer and a second release computer; a perimeter network with a first data server and a second data server; wherein the first network and the second network connect via a firewall to the perimeter network; the first data server has a storage area accessible to the first computer and a storage area inaccessible to the first computer and the second computer; and the system is configured to carry out the method.

Abstract: A method, system and software for assessing an entity (15) at a first user terminal (13) connected to a data network (10). A control system (11) is used to receive an access request (101) from the entity (15) or an assessing user (16) at a second user terminal (14). The control system (11) invokes or facilitates transmission of a time-delimited sequence of unpredictable prompts (18) to the entity (15) for a performance of visible prompted actions (20). A video recording (21) of the prompted action performance is stored in a data store (61) and the control system performs an automated assessment of the video recording (21) by a gesture recognition system (67d) and generates an assessment signal respectively including a positive or negative indication of whether or not said entity (15) validly performed said prompted actions.

Abstract: A method and apparatus for performing authentication may comprise: determining a first value of a dynamic password applicable for a first scenario, the dynamic password having a plurality of values for a plurality of scenarios defined by at least one parameter; authenticating a user in the first scenario by a device based on the first value of the dynamic password; determining a second value of the dynamic password applicable for a second scenario; and authenticating the user in the second scenario by the device based on the second value of the dynamic password.

Abstract: This invention provides a simple and secure PIN unblock mechanism for use with a security token. A set of one or more passphrases are stored on a remote server during personalization. Likewise, the answers to the passphrases are hashed and stored inside the security token for future comparison. A local client program provides the user input and display dialogs and ensures a secure communications channel is provided before passphrases are retrieved from the remote server. Retrieval of passphrases and an administrative unblock secret from the remote server are accomplished using a unique identifier associated with the security token, typically the token's serial number. A PIN unblock applet provides the administrative mechanism to unblock the security token upon receipt of an administrative unblock shared secret. The remote server releases the administrative unblock shared secret only after a non-forgeable confirmatory message is received from the security token that the user has been properly authenticated.

Abstract: A method for securing communications for a given network topology is provided. The method comprises generating by a node N(i) of the network, security parameters for the node N(i); transmitting by the node N(i), said security parameters to a controller for the network; maintaining by the controller said security parameters for the node N(i); receiving by the controller a request from a node N(j) for the security parameters for the node N(i); retrieving by the controller the security parameters for the node N(i); and transmitting by the controller said security parameters to the node N(j).

Abstract: Apparatus and techniques for determining whether a domain name has been generated by a domain generation algorithm (DGA) are disclosed. A first domain name is classified as either a likely domain generation algorithm (DGA) domain name or a likely non-DGA domain name, based on one or more features of the first domain name. In addition, statistics are determined regarding requests for the first domain name. Additional domain names are identified that share an infrastructure with the first domain name. A determination is made regarding whether the first domain name and/or one or more of the additional domain names are likely to have been generated by a DGA, based on a result of one or more of the classifying, the statistics, or the identifying. A security vulnerability related to one or more of the likely DGA domain names is then mitigated.

Abstract: A user manages security of one or more user devices by manipulating one or more sensors located in the user's mouth in a predetermined pattern corresponding to a password. The matching of the predetermined pattern to the password unlocks at least a portion of at least one user device.

Abstract: A high-performance handheld mobile computing resource need not be provided a display or any peripheral devices to augment the performance of a client device. The mobile computing resource may include a motherboard, a central processing unit (CPU), a read-only memory (ROM), a random access memory (RAM), a basic input/output system (BIOS), and an operating system (OS). A wireless module may be provided to enable wireless services. A power module may be provided to allow the mobile computing resource to serve as a power source. The mobile computing resource may serve as local cloud computation and storage resources to the client device, or as a remote desktop computer.

Abstract: A system includes reception of data at a computing network, generation of alerts at the computing network based on received data and on cyber sensor data, the cyber sensor data defining data attribute, reception of alerts from the computing network at a defense engine, detection of events based on the received alerts at the defense engine, generation threat data based on the detected events, generation of first cyber sensor data based on the threat data, and initiation of deployment of the first cyber sensor data within the computing network.

Abstract: Embodiments of an invention for establishing secure channels between a protected execution environment and fixed-function endpoints are disclosed. In one embodiment, and system includes an architecturally protected memory, a processing core communicatively coupled to the architecturally protected memory, and a key distribution engine. The processing core is to implement an architecturally-protected execution environment by performing at least one of executing instructions residing in the architecturally protected memory and preventing an unauthorized access to the architecturally protected memory.

Abstract: Providing revocation status of at least one associated credential includes providing a primary credential that is at least initially independent of the associated credential, binding the at least one associated credential to the primary credential, and deeming the at least one associated credential to be revoked if the primary credential is revoked. Providing revocation status of at least one associated credential may also include deeming the at least one associated credential to be not revoked if the primary credential is not revoked. Binding may be independent of the contents of the credentials and may be independent of whether any of the credentials authenticate any other ones of the credentials. The at least one associated credential may be provided on an integrated circuit card (ICC). The ICC may be part of a mobile phone or a smart card.

Abstract: Some embodiments implement end-to-end certificate pinning for content intake from various content providers and for content distribution to various end users. To ensure secure retrieval of content provider content, the content distributor pins the content provider to one or more certificate authorities. Accordingly, the content distributor only retrieves content from a sender identified as the content provider when the sender identity is verified with a certificate issued by a certificate authority pinned to the content provider. To ensure secure delivery of content from the content distributor to an end user, the content distributor modifies the pinset of the user browser to pin the content distributor to one or more certificate authorities. Thereafter, the user browser only accepts content from a sender identified as the content distributor when the sender identity is verified with a certificate issued by a certificate authority pinned to the content distributor in the browser pinset.

Abstract: An electronic circuit with protection against eavesdropping, including a first circuit element embedded in the electronic circuit, a second circuit element embedded in the electronic circuit, one or more connection lines between the first circuit element and the second circuit element, a first monitoring unit in the first circuit element for measuring capacitance of at least one of the connection lines between the first circuit element and the second circuit element, wherein the first monitoring unit is configured to identify changes in capacitance of the connection lines and to initiate actions to prevent eavesdropping in response to identifying changes.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. The methods include monitoring of user-side input-unit interactions, in general and in response to an interference introduced to user-interface elements. The monitored interactions are used for detecting an attacker that utilizes a remote access channel; for detecting a malicious automatic script, as well as malicious code injection; to identify a particular hardware assembly; to perform user segmentation or user characterization; to enable a visual login process with implicit two-factor authentication; to enable stochastic cryptography; and to detect that multiple users are utilizing the same subscription account.

Abstract: Described are a system and method for presenting security information about a current site or communications session. Briefly stated, a browsing software is configured to receive a certificate during a negotiation of a secure session between a local device and a remote device. The certificate includes security information about a site maintained at the remote device. The security information is displayed to a user of the browsing software in a meaningful fashion to allow the user to make a trust determination about the site. Displaying the security information may include presenting a certificate summary that includes the most relevant information about the certificate, such as the name of the owner of the site and the name of the certificating authority of the certificate.