Abstract: Systems and methods related to a VPN controller are provided. In some embodiments, a first VPN controller is configured to establish a VPN tunnel with a client endpoint, wherein the VPN tunnel is established using an authentication process of the client endpoint, route a L2 request to a second VPN controller via an established communication tunnel between the first VPN controller and the second VPN controller by identifying a Generic Routing Encapsulation (GRE) header of the L2 request and based on the GRE header of the L2 request, directing the L2 request to a responsive L2 device accessible by the second VPN controller, receive an encapsulated L2 response from the second VPN controller identifying acceptance of the L2 request, and enable an electronic communication between the client endpoint and the responsive L2 device at least via the VPN tunnel between the client endpoint and the first VPN controller.

Abstract: A system and method for altering client fingerprint that includes editing data components of network communication from a client device to a server, which comprises editing network protocol data from the client during negotiation of a cryptographic protocol; selectively enabling access to library components specified in the edited client network protocol data; and sending a client communication to the server using the edited client network protocol data.

Abstract: Technologies are provided for prevention of organizational data leakage across platforms based on device status. A device management service may include status information for a client device and/or a connection in a token provided to the client device and update the status in response to changes. An applicable data protection policy may be determined based on the detected status and optionally based on data being accessed. An instruction may be transmitted to a client application executed on the client device based on the applicable data protection policy thereby enforcing the data protection policy at the server. The instruction may cause a script executed at the client application to disable one or more user interface controls associated with functionality such as downloading, synchronizing, printing, etc. of the organizational data to prevent leakage of organizational data.

Abstract: Provided is a method for validating a predetermined digital certificate having a validation device, wherein the validation device stores approval information that specifies which digital certificates of a plurality of digital certificates are permissible digital certificates, and wherein the validation device further stores trust information which indicates a trust level of the permissible digital certificates. The method includes determining, while taking account of the approval information, whether the predetermined digital certificate is permissible for the planned use under the current conditions; and if it is determined that the predetermined digital certificate is permissible, determining the trust level of the predetermined digital certificate by taking into consideration the trust information for the planned use and the current conditions, is provided.

Abstract: A computer-implemented method of transferring a data string from an application to a data protection device. To provide a computer-implemented method of transferring a data string from an application to a data protection device that the database query contains the data string and the database query is coded in a database language.

Abstract: This application provides an acknowledgment packet transmission method and a communications device. The method includes: receiving, by a first device, data sent by a second device; sending, by the first device, the acknowledgment packet to the second device, where the acknowledgment packet includes an acknowledgment field, the acknowledgment field carries data lengths of K groups of data packets, and the data lengths vary with a data amount included in each group of data packets received/lost by the first device.

Abstract: A method for assessing and improving network performance using video session data. Control plane signaling data comprising geographic location data from network monitoring equipment connected to a communications network is collected. Video session data comprising data of a plurality of video sessions from video monitoring equipment connected to the communications network is collected. The plurality of video sessions are associated with a plurality of mobile devices streaming videos on the respective mobile device across the communications network. The video session data and control plane signaling data within a cell of the communications network is correlated. The correlated data is provided to a communications network provider. The communications network is reorganized according to the correlated data.

Abstract: A message processing server includes a message processor and a database of multi-layer tokens. Each token in the database includes a plurality of encrypted data layers. The first layer includes a first data pointer. A primary layer includes the first layer and identifies a reference data value. The message processor receives from a communications device an authentication request identifying a first data value, validates the authentication request from the first data value and the reference data value configured in one of the multi-layer tokens, receives a first authorization message including a first cryptographic key, derives a first decrypted data layer from the first cryptographic key and the first encrypted data layer of the one multi-layer token, and validates the first data pointer by receiving confirmation of the first data pointer pointing to a database entry comprising a second data value less than the reference data value.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network monitoring, user account compromise determination, and user behavior database system. The system monitors network actions of user accounts including user account access across multitudes of network accessible systems, determines user account transitions, and determines different types of high-risk user behavior indicative of compromise. Network actions can be obtained from generated information by the network accessible systems, and correlated across additional data sets including contextual ones. User interfaces are generated describing network actions of user accounts, and are configured for user interaction, which cause generation of updated user interfaces and access to electronic data sources to determine information relevant to the user interaction.

Abstract: The present disclosure describes techniques for configuring and participating in encrypted audio calls, audio conferences, video calls, and video conferences. In particular, a call initiator generates a meeting identifier and a first meeting key, which are encrypted using a first encryption key and distributed to one or more participants of the call. The one or more participants decrypt the meeting identifier and the first meeting key, and use that information to participate in the encrypted call. Further, participants respond to the encrypted communication data by encrypting their reply data with the first meeting key. The call initiator decrypts the reply data using the first meeting key.

Abstract: According to an implementation of the disclosure, a computing device may record substantially all the network traffic being transported over a first node of a network over a period of time. The computing device may receive an authenticated request from a forensics system that includes access criteria. The first computing device may determine a relevant encrypted and unencrypted portion of the network traffic based on the access criteria. Based on unencrypted portion, the computing device may recalculate an encryption key applicable to the encrypted portion. The computing device may then replicate the relevant portion and the encryption key to the forensics system for forensic analysis.

Abstract: A computing device may detect events such as a break-in, fire, flood, movement of people between different areas or zones within a defined area, cyberattacks, movement of devices away from the defined area, etc. If an event is detected, the computing device may take action to protect devices, data on the devices, and/or accounts accessible by the devices. The devices may encrypt, backup data, and/or delete data. The computing device may communicate with other computing devices about events that have been detected.

Abstract: A communication control method executed by a processor included in a communication control device that controls communication with a communication device, the method includes, when a communication access to the communication device is detected, specifying a related characteristic corresponding to the communication device by referring to a first memory that stores communication device-related characteristics, determining a security function corresponding to the specified related characteristic by referring to a second memory that stores executable security functions for the communication device-related characteristics, and executing the security function determined at the determining for the communication device of the communication access.

Abstract: In various embodiments, a Data Model Adaptive Execution System may be configured to take one or more suitable actions to remediate an identified risk in view of one or more regulations (e.g., one or more legal regulations, one or more binding corporate rules, etc.). For example, in order to ensure compliance with one or more standards related to the collection and/or storage of personal data, an entity may be required to modify one or more aspects of a way in which the entity collects, stores, and/or otherwise processes personal data (e.g., in response to a change in a legal or other requirement). In order to identify whether a particular change or other risk trigger requires remediation, the system may be configured to assess a relevance of the risk posed by the risk and identify one or more processing activities or data assets that may be affected by the risk.

Abstract: Examples provide a deep packet inspection for performing security operations on network data packets by a plurality of enhanced packet analyzers. A copy of a mirrored network data packet is sent to each of the packet analyzers. Each packet analyzer performs one or more security operations on the copy in parallel, and generates an allow recommendation or a deny recommendation. If all the recommendations are allow recommendations, a virtual network interface controller (VNIC) routes the network data packet to its destination. If at least one of the recommendations is a deny recommendation, the VNIC discards the network data packet.

Abstract: A computer system extracts features of documents that mention malware programs to determine textual features that correspond to individual ones of the malware programs. The computer system performs analysis of samples of malware programs to determine features corresponding to the samples. The computer system performs clustering using the textual features and using the features that correspond to the samples of the malware programs. The clustering creates clusters of data points, each data point corresponding to an individual one of the malware programs. The clusters contain data points considered by the clustering to be similar. The computer system outputs indications of the clusters to allow determination of whether data points in the clusters correspond to individual ones of specific malwares. Apparatus, methods, and computer program products are disclosed.

Abstract: A more efficient internet-of-things (IoT) manufacturing process can be achieved using hash functions to authenticate and identify IoT devices. Device data comprising manufacturer name data, device name data, software version data, and/or hardware version data can be feed through a hash function to generate hashed data. Additionally, same and/or similar data can be hashed via a manufacturing process. The two outputs from both sets of data can then be matched to determine the authentication of a device. Based on the authenticity of the device being verified, the IoT device can undergo a certification process as a part of the manufacturing process. This manufacturing process comprising hashed data can eliminate current manufacturing processes and allow for a unique identifier to be associated with the IoT device.

Abstract: Systems, methods, and computer-readable media for creating service chains for inter-cloud traffic. In some examples, a system receives domain name system (DNS) queries associated with cloud domains and collects DNS information associated the cloud domains. The system spoofs DNS entries defining a subset of IPs for each cloud domain. Based on the spoofed DNS entries, the system creates IP-to-domain mappings associating each cloud domain with a respective IP from the subset of IPs. Based on the IP-to-domain mappings, the system programs different service chains for traffic between a private network and respective cloud domains. The system routes, through the respective service chain, traffic having a source associated with the private network and a destination matching the IP in the respective IP-to-domain mapping.

Abstract: An application using a virtual private network (VPN) is programmed to transmit proxy traffic to a remote proxy server. Traffic to the proxy server is intercepted, shifted to user space, and processed according to one or more options. Traffic may be terminated by a local proxy that resolves domain names in traffic and requests referenced content. Intercepted traffic may include plain text data in headers that is encrypted before forwarding to a different proxy server. Traffic may be evaluated, such as a User Agent string in order to determine routing choices, such as blocking, throttling, local termination, transmitting through a VPN, or other options. Multiple VPNs may operate on the same user computer and proxy traffic may be intercepted and processed by transmitting it through a VPN, bypassing all VPNs, or routing through a different VPN.

Abstract: A cloud device is configured in an email transmission pathway. The cloud device receives an email attachment whose maliciousness status is determined to be unknown. The cloud device encrypts the email attachment and delivers the encrypted attachment to the recipient. When the recipient attempts to access the encrypted attachment, the cloud device re-determines the maliciousness status of the attachment. If the re-determined maliciousness status is benign, the cloud device allows the encrypted attachment to be decrypted and opened locally on the recipient's device. If the re-determined maliciousness status is still unknown, the cloud device provides a cloud-based viewing solution to the recipient using an isolation service.

Abstract: Methods, systems, and devices for server-initiated secure sessions are described, A browser application may connect to a portal, where the portal may transmit a command to a server agent to initiate a secure session with an endpoint device. The server agent may be housed in a destination server, and may establish a secure connection with an intermediary server using a secure communication protocol. The secure connection may be made by directing the destination server to open an outbound connection through a firewall of the destination server, A browser session may be redirected to the intermediary server from the browser application, and the intermediary server may route the browser session traffic to the secure connection.

Abstract: A method for identifying a network application. The method includes analyzing metadata and source code of a network application to extract a set of application tokens, generating an index document of the network application based on the set of application code tokens, wherein the index document is included in a library of index documents corresponding to a number of network applications, extracting a set of packet header tokens from a packet header of a packet in a flow, comparing the set of packet header tokens to the set of index documents to generate a number of match scores, wherein each match score represents a similarity measure between the set of packet header tokens and one index document, and determining, based on a highest match score corresponding to a particular network application, that the flow is generated by the particular network application.

Abstract: A transmission/reception device with wake-up radio for a node with limited resources such as an IoT network node. The device includes a permanently powered auxiliary circuit, capable of detecting a wake-up token, and a main circuit, normally in the idle state and activated by the auxiliary circuit when a wake-up token is detected. The next wake-up token is calculated by the main circuit by applying a one-way function to at least part of a message exchanged on the main radio through a secure communication.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identifying a digital certificate associated with data and assigning a reputation to the digital certificate, where the digital certificate is classified as trusted if the digital certificate is included in an entry in a whitelist and the digital certificate is classified as untrusted if the digital certificate is included in an entry in a blacklist.

Abstract: Techniques for inspecting network traffic are disclosed. An application executing as an operating system extension that uses a virtual private network (VPN) stack of the operating system intercepts an Internet protocol (IP) packet for delivery to a remote computer system. A determination is made of an action to take in response to intercepting the packet. The determined action is taken.

Abstract: In various embodiments, a Data Model Adaptive Execution System may be configured to take one or more suitable actions to remediate an identified risk in view of one or more regulations (e.g., one or more legal regulations, one or more binding corporate rules, etc.). For example, in order to ensure compliance with one or more standards related to the collection and/or storage of personal data, an entity may be required to modify one or more aspects of a way in which the entity collects, stores, and/or otherwise processes personal data (e.g., in response to a change in a legal or other requirement). In order to identify whether a particular change or other risk trigger requires remediation, the system may be configured to assess a relevance of the risk posed by the risk and identify one or more processing activities or data assets that may be affected by the risk.

Abstract: A method for detecting malicious code fragments based on data-flow isolation is provided. The method may include isolating data flows associated with a computing program for a user device. The method may further include mapping steps for the isolated data flow to modules associated with the computing program and the user device. The method may further include comparing the mapped steps to determine connections between the isolated data flows. The method may further include, based on the comparison of the mapped steps and the modules, determining whether the isolated data flows comprise malicious data flow deviations. The method may also include, in response to the determination that the isolated data flows comprise malicious data flow deviations, determining whether the computer program is malicious by weighing security risks associated with the malicious data flow deviations based on security risk factors.

Abstract: In one embodiment, a proxying agent loaded at application startup loads a circuit breaker framework into a class loader, and also loads a circuit breaker proxy into an extension class loader seen by the proxying agent and by the application. The proxying agent may also instrument selected methods of the application, such that, when calling to run an instrumented method: an ID of the circuit breaker proxy is set to a trackable context, and the proxy execution may be held until exit of the run method (and if exit of the run method is due to a particular exception, an exception of the proxy may also be set to reflect the particular exception). The circuit breaker may then monitor the proxy for latency, exceptions, and circuit breaker trip criteria, and stops the run method in response to the latency, exceptions, or circuit breaker trip criteria surpassing a particular respective threshold.

Abstract: Techniques for inspecting network traffic are disclosed. An application executing as an operating system extension that uses a virtual private network (VPN) stack of the operating system intercepts an Internet protocol (IP) packet for delivery to a remote computer system. A determination is made of an action to take in response to intercepting the packet. The determined action is taken.

Abstract: Systems and methods for receiving a request to analyze trust of a client system and perform actions based on a client trust profile. A trust rating server device receives a request from a client computing device to analyze the trust on the device. The request identifies at least one credential or certificate installed on the device for example. The credential or certificate is obtained and analyzed to identify key information that relates to trust, such as level of encryption, country or entity of origin, duration of credential, certifying authority, etc. A rating is established using the key information and compared to a profile or other metric. One or more credentials or certifications may be blocked, disabled, enabled or removed based on a user's profile. Trust credentials are continuously monitored on the device for changes, and new credentials are blocked that do not meet thresholds established in the user's profile.

Abstract: The present disclosure relates to generating an identifier, an encrypted value that is an original value encrypted, and a Message Authentication Code (MAC) at a server device, and to generating a message including a message header and a message body, said message header including the identifier and the MAC, and said message body including the encrypted value, and said that the MAC key used to compute the message authentication code is included in the original value to be encrypted, and further relates to transmitting the message to a client device.

Abstract: The application provides a managing method and device for a sensor access authority, and relates to the field of information security. The method includes: determining a second sensor corresponding to a first sensor and having a type different from the first sensor in response to adjustment of an access authority of an application program to the first sensor, and then adjusting the access authority of the application program to the second sensor. The second sensor corresponding to a first sensor is determined when an access authority of an application program to the first sensor is adjusted, and the access authority of the application program to the second sensor is adjusted, thereby avoiding the second sensor collecting and leaking privacy information of the user and protecting privacy security of the user.

Abstract: A means of using a virally connected network of friends to assist each other to recover encrypted data should any single person lose their encryption key, without noticeably risking the security of the encrypted data to any persons with access to the encrypted data or to the Internet, including the virally connected network of friends.

Abstract: A request to install an application on a device may be received, and data associated with the device and a set of users associated with the device may be received. Acceptance factors specified in a terms and conditions document associated with the application to be installed on the device may be identified. A terms and conditions implication of installing the application on the device may be determined based on the acceptance factors. Based on the terms and conditions implication, a rule may be dynamically generated to control at least a running of the application on the device. The rule may be activated or caused to be activated on the device. The activation of the rule may control the running of the application on the device.

Abstract: Techniques are disclosed relating to detecting that a client system is an emulated computer system based on its computational performance of one or more challenge problems. In some embodiments, a server computer system may receive, from a client system, a request to access a web service. The server computer system may determine reported technical features of the client system and select a particular challenge problem to provide to the client system. The server computer system may determine an expected response time of the particular challenge problem for the client system. The server computer system may receive a challenge response from the client system that includes a proposed solution to the particular challenge problem. The server computer system may then determine whether to authorize the request based on a measured response time by the client system and the expected response time of the particular challenge problem for the client system.

Abstract: In one embodiment, a method includes receiving data associated with a cluster at a computer and processing the data at the computer to automatically generate a description of the cluster. The data includes cluster data comprising data within the cluster and non-cluster data comprising a remaining set of the data. The description comprises a minimal set of features that uniquely defines the cluster to differentiate the cluster data from non-cluster data. An apparatus and logic are also disclosed herein.

Abstract: With regard to a method for transmitting and receiving data in a wireless communication system in the present specification, a method implemented by a first network node is characterized by comprising: transmitting a control message, including information pertaining to terminal context retention properties, to a terminal; receiving a first message including a first information block from the terminal; carrying out a verification process on the terminal on the basis of the received first message; and transmitting a second message to the terminal according to the results of the verification of the terminal, wherein the terminal context retention properties represent at least one of whether terminal context is retained or whether terminal context can be changed.

Abstract: A method and system for communicating between a managed device and a device manager is provided by sending the managed device a message over a first communications channel, and then initiating communication between the managed device and the device manager over a second communications channel in response to the message, wherein the first communications channel and the second communications channel are of different types.

Abstract: Apparatuses and methods for authenticating a user to a host by an agent are disclosed. In the method the agent receives a connection request to the host from the user. In response to the received connection request, the agent determines an ephemeral authenticator, and acquires using the ephemeral authenticator a second authenticator. The second authenticator is based at least in part on use of the ephemeral authenticator. The agent then authenticates the user to the host using the second authenticator.

Abstract: A non-transitory computer readable storage medium having stored thereon instructions, the instructions being executable by one or more processors to perform operations including: receiving, by a calibration module executed by the one or more processors, a calibration request including (i) a workload type, (ii) a list of compute nodes belonging to a distributed computer system, and (iii) one or more frequencies; responsive to identifying the workload type as a clustered workload type, instructing a plurality of compute nodes on the list of compute nodes to begin processing a workload of the workload type; and responsive to identifying the workload type as a clustered workload type, instructing a compute node on the list of compute nodes to begin processing the workload of the workload type is shown.

Abstract: A computerized method to identify potentially malicious code in a network is described. Herein, information associated with a threat is analyzed to yield intelligence that includes instructions or indicators related to the threat. Based on the intelligence, a determination is made as to an endpoint device, which includes an endpoint agent, is to (i) receive at least one of the instructions or the indicators, (ii) conduct an examination of memory of the endpoint device for data corresponding to any of the instructions or the indicators, and (iii) obtain results of the examination. Verification information, including at least a portion of the results of the examination by the endpoint device and an identifier for the endpoint device, is gathered and correlated to determine whether such information corresponds to a verified threat. Thereafter, a notification, including a portion of the verification information, is sent to identify the verified threat.

Abstract: Systems and methods are disclosed for generating a distributed execution model with untrusted commands. The system can receive a query, and process the query to identify the untrusted commands. The system can use data associated with the untrusted command to identify one or more files associated with the untrusted command. Based on the files, the system can generate a data structure and include one or more identifiers associated with the data structure in the distributed execution model. The system can distribute the distributed execution model to one or more nodes in a distributed computing environment for execution.

Abstract: A confirmation apparatus includes a determination unit configured to determine whether an information processing apparatus that has transmitted a security confirmation instruction executes communication via a firewall, a setting unit configured to set predetermined ports as inspection targets in a first case where the determination unit determines that the information processing apparatus executes communication via the firewall, and set ports listed in a used port list received from the information processing apparatus as the inspection targets in a second case where the determination unit determines that the information processing apparatus executes communication without interposing the firewall, an inspection unit configured to inspect ports set as the inspection targets by the setting unit, and a notification unit configured to notify the information processing apparatus of an inspection result acquired by the inspection unit.

Abstract: A method for the transmission and adaption of data can include the steps of generating generic requirement documents, identifying a plurality of suitable communication patterns on the basis of the generic requirement documents, determining currently available transport options and their service quality across at least one communication network, and selecting a communication pattern from a plurality of suitable communication patterns based on the network transmission qualities of the at least one communication network. The method can utilize a first functional layer and a second functional layer that are integrated between a software application layer and a network access layer that each receive input documents that are independent of each other. The input documents of the second functional layer can contain transport-related information while the input documents of the first functional layer can contain application-related information.

Abstract: A method, system and computer-usable medium for adaptively remediating multivariate risk, comprising: detecting a violation of a multivariate security policy, the multivariate security policy comprising a plurality of variables; identifying a variable from the plurality of variables associated with a cause of the violation; associating an entity with the variable associated with the cause of the violation; and, adaptively remediating a risk associated with the entity.

Abstract: Disclosed herein is an apparatus for supporting authentication between devices, which includes a certificate information storage unit for storing certificate data of a first terminal for managing a certificate; a communication unit for receiving a request for a certificate of the first terminal, which uses a signature value and certificate-related information corresponding to the first terminal, from a second terminal and returning information corresponding to a valid certificate of the first terminal to the second terminal in order to enable the second terminal to authenticate the first terminal; and a certificate verification unit for verifying whether a certificate of the first terminal is valid.

Abstract: A full-text index can be created for each mailbox of an EDB to facilitate the performance of complex queries to quickly search for email data. In this way, relevant email data can be identified and retrieved quickly and efficiently from the full-text index rather than from the EDB. To create such indexes, each email in a mailbox can be retrieved and processed to convert the email from its native format into textual name/value pairs which can then be submitted for indexing. This use of name/value pairs to index each email enables the emails across all mailboxes to be efficiently queried using any possible combination of values.

Abstract: In a system for configuring a web application firewall, one or more parameters of the firewall are adjusted such that a test configured for exposing a vulnerability of an application protected by the application firewall is blocked by the firewall and another test configured to invoke functionality of the application but that does not expose or exploit any security vulnerability is not blocked by the firewall. A notification is provided to a user if such a firewall configuration is not found after a specified number of attempts.

Abstract: One embodiment provides a method comprising, in a training phase, receiving one or more malware samples, extracting multi-aspect features of malicious behaviors triggered by the malware samples, determining evolution patterns of the malware samples based on the multi-aspect features, and predicting mutations of the malware samples based on the evolution patterns. Another embodiment provides a method comprising, in a testing phase, receiving a new mobile application, extracting a first set of multi-aspect features for the new mobile application using a learned feature model, and determining whether the new mobile application is a mutation of a malicious application using a learned classification model and the first set of multi-aspect features.

Abstract: An application triggering method and device are provided in the field of terminals. The terminal device sets at least two different triggering passwords for at least two instances of an application corresponding to an application icon on a user interface on the display. The terminal device acquires an input password after a triggering operation over the application icon is detected on the user interface. The terminal device triggers a target instance of the application according to the input password, where the target instance refers to an instance for which one of the at least two different triggering passwords is the same as the input password.