Abstract: A system and a method are disclosed for verifying a suspicious electronic communication. To this end, a secure communications service may detect an electronic communication comprising an identifier of a purported originator of the electronic communication and an identifier of an intended recipient, and determine that an attribute of the electronic communication corresponds to a suspicious attribute. Responsively, the service may intercept the electronic communication and storing the electronic communication in purgatory memory, so as to prevent the electronic communication from being populated in a private repository of the intended recipient, transmit a verification message, and receive a reply to the verification message that verifies the authenticity of the electronic communication.

Abstract: In an embodiment, the disclosed technologies implement scaling operations for clusters of server nodes hosting stateful services. An embodiment includes a cluster manager computer calling a first instance of scaling status functions for a first stateful service and a second instance of scaling status functions for a second stateful service, the first stateful service being programmed to implement a different service than the second stateful service. The cluster manager computer is programmed to implement different scaling operations for the first stateful service and the second stateful service, each set of the scaling operations being optimized for respective services.

Abstract: The present invention extends to methods, systems, and computer program products for configuring, enforcing, and monitoring separation of trusted execution environments. Firmware images consistent with configuration of multiple separate execution domains can be generated without requiring changes to existing application source code. A cryptographically signed firmware image can be loaded at a processor to form multiple separate execution domains at the processor. Communications can be secured across separate execution domains without using shared memory.

Abstract: Systems and methods are disclosed for, without access to the original set of data elements from which the online filter was originally constructed, converting online filters to other types of filters. To convert a particular type of online filter to either an offline filter or a different type of online filter, the system, in various embodiments, first determines the types/formats of each of the relevant filters. Then, in various embodiments, the system extracts the appropriate data representations from the original online filter. In various embodiments, the system converts the extracted data representations into the data representation format of the new filter. The system, in various embodiments, then constructs the new filter from the converted data representations.

Abstract: A network-accessible service provides an enterprise with a view of identity and data activity in the enterprise's cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. Using a domain-specific query language, the system enables rapid interrogation of a complete and centralized data model of all data and identity relationships. The data model also supports a cloud “least privilege and access” framework. Least privilege is a set of minimum permissions that are associated to a given identity; least access is a minimal set of persons that need to have access to given piece data. The framework maps an identity to one or more actions collected in cloud audit logs, and dynamically-build a compete view of an identity's effective permissions. The resulting least privilege and access policies are then applied natively to a given cloud environment to manage access.

Abstract: Access privileges of at least one identity to resources are adjusted within an authorization system of a computing environment. Over a detection period, accesses by the identity to the resources are detected and a usage score is computed as a usage function of a measure of use by the identity of access privilege(s) it has been granted to at least one of the resources relative to a measure of a set of possible grantable privileges. In accordance with a least privilege security policy, and according to the usage score, the set of access privileges granted to the identity may then be adjusted.

Abstract: A method for facial analytics includes capturing a series of images of individuals from a camera into a circular buffer and selecting a plurality of images from the buffer for analysis in response to a trigger event, wherein the plurality of images are chronologically proximate before and/or after the trigger event in time. The method includes analyzing the plurality of images to determine image quality and selecting one of the plurality of images based on image quality to form a cropped facial image most likely to result in positive facial recognition matching. Methods of signaling to control the pedestrian traffic flow can maximize the individuals' facial alignment to the capturing camera's field of view. Non-relevant facial images associated with individuals outside a given region of interest can be discarded. Facial recognition is run on the resultant cropped facial image. Output can be displayed with information from the facial recognition.

Abstract: A cloud authentication system is disclosed. A request for an authentication setup for a first user of a first service provider is received. Additional information, such as authentication criteria, can further be received, such as from the first service provider. A set of stimuli to associate with a first user profile of the first user of the first service provider is stored.

Abstract: A device, system, and method, according to various embodiments, can include, for example, a hybrid cloud network, one or more personal cloud virtual LANs, and a home area network. The hybrid cloud network can be configured to provide public access and private access. The one or more personal cloud virtual LANs are provided at an overlapping segment of the hybrid cloud network to provide privacy within the hybrid cloud network. The home area network can include a single purpose computer configured as a gateway for the hybrid cloud network and configured to establish a site-to-site secure connection with the one or more personal cloud virtual LANs.

Abstract: Disclosed is a method and apparatus for performing steps to cause encoded information to be stored at a client device during a first network session between a server and the client device. To cause encoded information to be stored at a client device, the server first determines a set of network resource requests that encode the information. These network resource requests may include requests for one or more specific URLs and/or requests for one or more files. The server then causes the client device to initiate the network resource requests. The server may cause this initiation by, for example, redirecting the client device to the network resources. The client device initiating the network resource requests causes data representative of the network resource requests to be stored at the client device.

Abstract: In an embodiment, the disclosed technologies monitor electronic message traffic between a network and a recipient computer system. An embodiment includes extracting, from an electronic message received from the network, a sending domain and message data, computing a lookalike score based on the sending domain, and assigning a message type to the electronic message based on the message data. The lookalike score and the message type may be used to determine whether the electronic message is a spoofing attack such as a business email compromise (BEC) attack. In response to determining that the electronic message is malicious, an embodiment may cause the network to at least one of modify, delay, re-route, or block transmission of the electronic message to the recipient computer system.

Abstract: Techniques are provided for detecting compromised web pages in a runtime environment. A first version of a web page is retrieved and loaded in a browser comprising a browser extension configured to detect event listeners added when web pages are loaded by the browser. First data is generated describing a first set of event listeners detected by the browser extension when the first version of the web page is loaded. At a second time a second version of the web page is retrieved and loaded in the browser. Second data is generated describing a second set of event listeners detected by the browser extension when the second version of the web page is loaded. It is determined that the web page is compromised based on comparing the first data and the second data. In response to determining that the web page is compromised, a threat response action is performed.

Abstract: Embodiments described herein provide for detecting whether an Automatic Number Identification (ANI) associated with an incoming call is a gateway, according to rules-based models and machine learning models generated by the computer using call data stored in one or more databases.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprises an authentication server for caller ID verification. When a caller makes a phone call, the server receives the phone call and verifies whether the phone call is from a registered device associated with the phone number. The server queries the registered device to retrieve one or more current call states via an authentication function on the registered device. The server compares the states and/or state transitions to the observed states and/or state transitions of the phone call. If the registered device states and/or state transitions match the observed phone call states and/or state transitions, the server verifies that the phone call is from the registered device and not some imposter's device. If there is no such match, the server rejects the phone call before the call phone is connected or terminates the phone call after the phone call is connected.

Abstract: A method for producing linkage values to be contained within pseudonym digital certificates of a security credential management system for connected vehicles, including the following steps: providing a linkage value function that expresses linkage values as a function of a number of input parameters that include a linkage seed input from a pseudonym certificate authority processor entity and a plurality of inputs from a registration authority processor entity including a vehicle identifier and at least one index relating to a time period for the linkage value; producing a Boolean circuit representative of the function for a particular combination of the number of input parameters; and executing a garbled circuit protocol on the Boolean circuit between the registration authority processor entity and the pseudonym certificate authority processor entity, whereby the pseudonym certificate authority processor entity privately derives a linkage value for the particular combination of the number of input parameters.

Abstract: In one embodiment, data at rest is securely stored. A data safe performing data plane processing operations in response to requests of received read data requests, received write data requests, and received read information responses, with the data safe being immutable to processing-related modifications resulting from said performing data plane processing operations. In one embodiment, performing these data plane processing operations does not expose any pilot keys outside the data safe in clear form nor in encrypted form. The pilot keys are used to encrypt information that is subsequently stored in a storage system. One embodiment uses pilot keys to encrypt data that is subsequently stored in a storage system. One embodiment uses data cryptographic keys to encrypt data, uses the pilot keys to cryptographically-wrap (encrypt) the data cryptographic keys, and stores the cryptographically wrapped data keys and encrypted data in a storage system.

Abstract: Surrogate browsing techniques are disclosed. A request for a page is received, from a client, by a surrogate. The specified page is requested by the surrogate from a site. Data received from the site in response to the request is rendered at the surrogate. A representation of the page is transmitted to the client.

Abstract: In one embodiment, data at rest is securely stored. A data safe performing data plane processing operations in response to requests of received read data requests, received write data requests, and received read information responses, with the data safe being immutable to processing-related modifications resulting from said performing data plane processing operations. Performing these data plane processing operations does not expose any pilot keys outside the data safe in plaintext form nor in encrypted form. The pilot keys are used to encrypt information that is subsequently stored in a storage system. In one embodiment, the information encrypted and decrypted by the data safe includes data structure instances including feature-preserving encrypted entries generated using feature-preserving encryption on corresponding plaintext data items.

Abstract: A threat monitoring and vulnerability management system is disclosed. The system includes one or more sensors configured to scan a frequency spectrum of a project 25 (P25) network and to collect data on the P25 network.

Abstract: A method for imaging includes illuminating a vehicle undercarriage with illumination in an atmospheric absorption band, imaging the vehicle undercarriage to form an image, wherein scanning includes filtering out illumination returned from the vehicle undercarriage that is outside the atmospheric absorption band. The method includes forming an image with the filtered illumination returned from the vehicle undercarriage.