Abstract: A system and methods for detecting and mitigating golden SAML attacks against federated services is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to create a security cookie for each valid authentication session; wherein subsequent access requests accompanied by authentication objects are validated by checking for a valid security cookie.

Abstract: A system and methods for mitigating golden ticket attacks within a domain is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to retrieve the new authentication object from the authentication object inspector, calculate a cryptographic hash for the new authentication object, and store the cryptographic hash for the new authentication object in a data store; wherein subsequent access requests accompanied by authentication objects are validated by comparing hashes for each authentication object to previous generated hashes.

Abstract: A system for detecting and mitigating attacks using forged authentication objects within a domain is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to retrieve the new authentication object from the authentication object inspector, calculate a cryptographic hash for the new authentication object, and store the cryptographic hash for the new authentication object in a data store; wherein subsequent access requests accompanied by authentication objects are validated by comparing hashes for each authentication object to previous generated hashes.

Abstract: A system for cybersecurity rating using active and passive external reconnaissance, that uses a web crawler that sends message prompts to external hosts and receives responses from external hosts, a time-series data store that produces time-series data from the message responses, and a directed computational graph module that analyzes the time-series data to produce a weighted score representing the overall cybersecurity state of an organization.

Abstract: A system and method for geolocation-aware, cyber-enabled infrastructure inventory and asset management with state prediction capability. The system tracks tangible and intangible assets, including states associated with each asset such as the location, condition, and value of each asset. Physical assets may be cyber-enabled by attaching wireless computing devices to some or all of the physical assets to provide data about the physical assets using sensors of the computing devices, including but not limited to, such data as location, conditions of storage, and hours of operation or use. Data for each item is stored in a multi-dimensional time series database, which keeps a historical record of the states of each item. Unknown or future states can be predicted by applying predictive models to the time series data. Parametric evaluations of current and predicted future states can be used to optimize the assets against an objective.

Abstract: A system and method for dynamic geospatially-referenced cyber-physical infrastructure inventory and asset management using state models, wherein a computing device with a geolocation device and wireless networking capability is attached to each of a plurality of physical assets, and used to periodically determine a state of the physical asset to which it is attached using the geolocation device, periodically generate a status update message and send it to a remote computer, and wherein the remote computer stores the status of the physical asset as time series data in a state model and, if a status message is not received in a defined period of time, applies a machine learning algorithm to the state model to predict a current or future state of that particular physical asset.

Abstract: A system for detecting and mitigating forged authentication object attacks is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to retrieve the new authentication object from the authentication object inspector, calculate a cryptographic hash for the new authentication object, and store the cryptographic hash for the new authentication object in a data store; wherein subsequent access requests accompanied by authentication objects are validated by comparing hashes for each authentication object to previous generated hashes.

Abstract: An intelligent peer-to-peer fundraising campaign platform is provided for managing charitable and for profit campaigns. The platform includes capabilities for creating and managing campaigns by supporters, retrieving person data for supporters and leads for the campaign, relationship data and other attributes including affinity data, donation history data, potential and financial data and storing such data in the form of social graph. The campaign platform also helps supporters of a campaign to identify leads, send personalized communication to the leads for enlisting support to the campaign, determine donor outcomes with respect to each personalized communication sent to the lead; and updating or reinforcing a donor prediction model based on the donor outcome.

Abstract: A system and method for crowdsourced innovation and automated process implementation, wherein individuals and businesses use a distributed computational graph module with crowdsourcing-technology to develop ideas and create process workflows for implementing those ideas. The developed process workflows are implemented through a system which automatically integrates heterogenous Internet resources such as electronic commerce, recruiting, and management platforms into a single portal. Businesses and other collaboration initiatives are supported via crowdsourced labor that are automatically orchestrated by the distributed computational graph workflows and user interface that provide a comprehensive and convergent solution for process management.

Abstract: A system and methods for mitigating golden ticket attacks within a domain is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to retrieve the new authentication object from the authentication object inspector, calculate a cryptographic hash for the new authentication object, and store the cryptographic hash for the new authentication object in a data store; wherein subsequent access requests accompanied by authentication objects are validated by comparing hashes for each authentication object to previous generated hashes.

Abstract: A system and methods for sandboxed malware analysis and automated patch development, deployment and validation, comprising a business operating system, vulnerability scoring engine, binary translation engine, sandbox simulation engine, at least one network endpoint, at least one database, a network, and a combination of machine learning and vulnerability probing techniques, to analyze software, locate any vulnerabilities or malicious behavior, and attempt to patch and prevent undesired behavior from occurring, autonomously.

Abstract: A system for providing a large set of data resources for nearly any client with a centralized collection of historical data, and a server through which changing datasets located on provider networks may be accessed through the system without having to upload them to the system. The system providers a marketplace for buying and selling of data, optionally including blockchain technology to allow for secure and/or anonymous transactions.

Abstract: A system for detecting and mitigating attacks using forged authentication objects within a domain is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to retrieve the new authentication object from the authentication object inspector, calculate a cryptographic hash for the new authentication object, and store the cryptographic hash for the new authentication object in a data store; wherein subsequent access requests accompanied by authentication objects are validated by comparing hashes for each authentication object to previous generated hashes.

Abstract: A system for probe-based risk analysis for multi-factor authentication having a multi-dimensional time series data server configured to monitor and record a network's traffic data and to serve the traffic data to other modules and a directed computational graph module configured to probe connection destinations for a response, analyze any received responses, and determine a verification score needed before granting access based at least in part on the analysis of the received responses. A plurality of verification methods build up a user's verification score to required level to gain access.

Abstract: A system and methods for detecting and mitigating golden SAML attacks against federated services is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to create a security cookie for each valid authentication session; wherein subsequent access requests accompanied by authentication objects are validated by checking for a valid security cookie.

Abstract: A system and method for creating and implementing data processing workflows using a distributed computational graph comprising modules that represent various stages within a data processing workflow. Each module represents one or more data processing steps, with some of the modules representing data processing performed by a cloud-based service and containing code for interfacing with the application programming interface (API) of that cloud-based service. A series of modules and their interconnections specify the workflow. Data is processed according to the workflow by implementing the data processing step represented by each module, some of which may access cloud-based data processing services. The result is that users can create complex data processing workflows that utilize cloud-based services to process data without having to know how to access the cloud-based data processing services, or even know that they exist.

Abstract: A system and method that uses midservers located between the business enterprise computer infrastructure and the cloud-based infrastructure to collect, aggregate, analyze, transform, and securely transmit data from a multitude of computing devices and peripherals at an external network to a cloud-based service.

Abstract: A system for enforcing compliance and testing for software development, comprising an indexing service configured to create a dataset by processing and indexing source code of a project by a developer, perform a code audit on the indexed source code, store results from the code audit in the dataset, gather additional information relating to the provided project, store the additional information in the dataset, and store the dataset into memory; and a monitoring service configured to continuously monitor the project for source code changes and make changes to the dataset as needed. Further comprising an enforcement module to automatically verify code and other media related to the software development process by ensuring obligations from a rules database are met and where not able to automate the compliance check forward to an appropriate authority, receive back the manually reviewed compliance check, then produce and implement automated recommendations for compliance adherence.

Abstract: A system and method for meta-indexing, search, compliance, and test framework for software development using smart contracts is provided, comprising an indexing service configured to create a dataset by processing and indexing source code of a project provided by a developer, perform a code audit on the indexed source code, store results from the code audit in the dataset, gather additional information relating to the provided project, store the additional information in the dataset, and store the dataset into memory; and a monitoring service configured to continuously monitor the project for at least source code changes and make changes to the dataset as needed. Additionally, a smart contract authority creates and enforces smart contracts for every transaction taking place upon the software essentially mandating and guaranteeing the security and authenticity of the software during the software's development and use.

Abstract: A system for autonomous risk assessment and quantification for insurance policies for computer and information technology related risks, including but not limited to losses due to system availability, cloud computing failures, current and past data breaches, and data integrity issues. The system will use a variety of current risk information to assess the likelihood of operational interruption or loss due to both accidental issues and malicious activity. Based on these assessments, the system will be able to autonomously issue policies, adjust premium pricing, process claims, and seek re-insurance opportunities with a minimum of human input.