Abstract: An analysis trigger monitoring system is provided in one or more virtual assets. One or more analysis trigger parameters, including security threat patterns, are defined and analysis trigger data is generated. The one or more analysis trigger monitoring systems are used to monitor at least a portion of the message traffic sent to, or sent from, the one or more virtual assets to detect any message including one or more of the one or more analysis trigger parameters. Any detected message is identified as a potential security threat and is assigned a threat score, which is provided to the virtual asset. A copy of at least a portion of any detected message including one or more of the one or more analysis trigger parameters is then transferred to one or more analysis systems for further analysis using a second communication channel.

Abstract: A method to authenticate a first computer system over a network to a second computer system is disclosed. A login user interface (UI) is presented to a user of the first computer system while disconnected from the second computer system. The login UI presents at least one input field to receive login input from the user and a security indicator that has been previously selected by the user and that is local to the first computer system. Login input is selectively received from the user based on a determination that the user recognizes the security indicator as having been previously selected by the user. A connection is established between the first computer system and the second computer system over the network. The received user input is transmitted using the established connection to the second computer system for authentication of the first computer system.

Abstract: NAT systems are identified by detecting highly authenticated operations being made by multiple users from IP addresses. Users of a web service are authenticated in response to performing highly authenticated operations, such as identity proofing or multifactor authentication. Successful highly authenticated operations are tracked. A NAT system operating in conjunction with a specific IP address is identified, in response to a threshold number of different users successfully performing highly authenticated operations from the specific IP address within a specific amount of time. The total number of users behind the identified NAT system is estimated, based on the rate at which different users successfully perform operations from the specific IP address. One or more additional action(s) are taken to manage the processing of traffic originating from the specific IP address, taking into account that multiple users are operating behind the identified NAT system. An example action is rate limiting.

Abstract: Methods, systems, and computer program products for managing access of user information by third party applications are provided herein. A method includes compiling a set of user instructions for providing access of user resources to one or more third party applications, wherein the set of user instructions specifies a context in which each of multiple items of the user resources at one or more application programming interface providers can be accessed by the third party applications; mapping a request from one of the third party applications for access to one or more items of the user resources to the application programming interface providers, which correspond to one or more entities maintaining the user resources; and granting access to the one or more items of the user resources to said one third party application through the application programming interface providers based on the set of user instructions.

Abstract: The disclosed computer-implemented method for generating repair scripts that facilitate remediation of malware side-effects may include (1) identifying a potentially malicious file located on a computing system, (2) determining at least one potential side-effect of the potentially malicious file, (3) generating, based at least in part on the potential side-effect of the potentially malicious file, a repair script that facilitates remediation of the potential side-effect, and then (4) remedying the potential side-effect by directing the computing system to execute the repair script. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method of authentication using an authenticator computing device and at least two registered user devices is described. In operation, the authenticator computing device receives a request to access a resource from one of a plurality of user devices registered to a user. The authenticator computing device generates an authentication challenge in response to the request and the authentication challenge is then transmitted to a subset of the plurality of user devices. One or more of the user devices then subsequently generates and transmits a response to the authentication challenge to the authenticator computing device. The authenticator computing device then determines whether the responses received from the one or more user devices in the subset constitutes a valid response and then grants one or more of the user devices access to the resource if the responses received from the user devices constitutes a valid response to the authentication challenge.

Abstract: Methods, and mobile devices implementing the methods, use application-specific and/or application-type specific classifier to improve the efficiency and performance of a comprehensive behavioral monitoring and analysis system predicting whether a software application is causing undesirable or performance depredating behavior. The application-specific and application-type specific classifier models may include a reduced and more focused subset of the decision nodes that are included in a full or more complete classifier model that may be received or generated in the mobile device. The locally generated application-specific and/or application-type specific classifier models may be used to perform real-time behavior monitoring and analysis operations by applying the application-based classifier models to a behavior/feature vector generated by monitoring mobile device behavior.

Abstract: The disclosed computer-implemented method for analyzing suspected malware may include (1) identifying a file suspected of including malware, (2) performing a static analysis of the file to identify at least one indication of an attack vector that the file uses to attack computing systems, (3) obtaining, from at least one computing system, telemetry data that identifies at least one indication of an attack vector that the file uses to attack computing systems, (4) constructing, using the indications obtained from the static analysis and the telemetry data, an execution profile that describes an execution environment that provides the attack vectors indicated by the static analysis and the telemetry data, and (5) configuring the execution environment described in the execution profile to test the file for maliciousness. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user's interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.

Abstract: A cryptographic representation of value is adapted to goods in production and products at various stages through a supply chain as represented by their stock keeping units or SKU's that refer to a unique identifier or code for the particular stock keeping unit. Embodiments of the invention disclose the generation of a universal unique, yet deterministic, key-pair for all SKUs, shipping cartons, and items, i.e. for every single SKU, shipping carton and item on the globe.

Abstract: An adaptable network security system includes trust mediator agents that are coupled to each network component. Trust mediator agents continuously detect changes in the security characteristics of the network and communicate the detected security characteristics to a trust mediator. Based on the security characteristics received from the trust mediator agents, the trust mediator adjusts security safeguards to maintain an acceptable level of security. Trust mediator also uses predetermined rules in determining whether to adjust security safeguards. Despite inevitable changes in security characteristics, an acceptable level of security and efficient network operation are achieved without subjecting users of the network to over burdensome security safeguards.

Abstract: Disclosed are methods, apparatus, systems, and computer-readable storage media for modifying permission sets and validating permission set assignments to users. In some implementations, a computing device receives a request to create a permission set containing one or more permissions and assign the permission set to a first user. The first user is associated with a first user constraint that defines a first group of permissions available to the first user. The computing device may determine that the permission set to be assigned to the first user does not violate the first user constraint, and may assign the permission set to the first user.

Abstract: The disclosure relates to a trust heuristic model for reducing a control load in an IoT resource access network. For example, an authenticating node may challenge a client node that requests access to a resource and grant the access if the client node correctly responds to the challenge or alternatively deny the access if the client node incorrectly responds to the challenge. Furthermore, based on the response to the challenge, the client node may be assigned a trust level, which may be dynamically updated based on successive challenge-and-response exchanges and/or interactions with other IoT network nodes. For example, to reduce the resource access control load, subsequent challenge-and-response intervals may be increased or eliminated if the client node correctly responds to successive challenges over time, while client nodes that incorrectly respond to successive challenges over time may be blocked from accessing the resource or banned from the IoT network.

Abstract: An apparatus includes a memory; and a processor coupled to the memory and configured to: authenticate an identification for accessing a first service by comparing a password associating with the identification with an first encrypted password that is generated by encrypting the password on the basis of a first encryption policy to authenticate an access to the first service; and provide a second service with the identification and the password to cause to generate information when an authentication of the identification is successful, the information being accessed to authenticate the identification when the second service is accessed based on the identification and the password.

Abstract: In one embodiment, a method includes detecting a request from a user agent of a client computing device of a user to access a communication network through the router; and automatically redirecting the user agent from a first network resource to second network resource. The first network resource is configured to authenticate the user to provide access to the communication network. The second network resource is configured to authenticate the user to provide access to a particular domain of the communication network. The method also includes providing to the user agent access to the particular domain of the communication network if the second network resource successfully authenticates the user.

Abstract: An anti-malware program monitors the behavior of a system after a system restore to determine the likelihood of a hidden infection of malicious code still existing after the system restore. The anti-malware program observes the dynamic behavior of the system by monitoring conditions that are likely to signify the possibility of an infection thereby necessitating the need to initiate anti-malware detection. The anti-malware program may observe the restoration history, system settings, malware infection history, to determine the likelihood of an existing hidden infection after a system restore.

Abstract: A system, method, and computer program product are provided for a pre-deactivation grace period on a processing device (e.g., mobile device). In operation, a deactivation request is detected for a deactivation event. Further, the commencement of the deactivation event is delayed for a predetermined time period, in response to the deactivation request. Additionally, the deactivation event is commenced, after the predetermined time period. To return to full functionality of the processing device while in the deactivation grace period all that may be required is entry of a authentication information (e.g., password) that is weaker than a stronger authentication information initially used to log into the processing device.

Abstract: A message link server maintains secure message links with device link agents on each of a plurality of wireless end-user devices. Plural network elements send messages to the message link server, the messages targeted for delivery of message content to specific software components on respective ones of the wireless end-user devices. A message buffering system in the server buffers messages targeted to each device until one of several triggers occur, such that messages that do not have time-critical messaging needs may be buffered until the occurrence of a trigger other than the receipt of that message by the server.

Abstract: Secure transfer of mobile application content is disclosed. A state-related event associated with a managed application in a managed set of applications may be detected. It may be determined that content from the managed application is stored at a public storage location on a mobile device. At least a portion of the content may be transferred to a secure storage location accessible to the managed set.

Abstract: Authenticated hardware and authenticated software are cryptographically associated using symmetric and asymmetric cryptography. Cryptographically binding the hardware and software ensures that original equipment manufacturer (OEM) hardware will only run OEM software. Cryptographically binding the hardware and software protects the OEM binary code so it will only run on the OEM hardware and cannot be replicated or altered to operate on unauthorized hardware. In one embodiment, critical security information associated with the equipment is loaded from a memory at startup time. The critical security information is stored in the memory, in encrypted form, using a unique secret value. The secret value is used to retrieve a chip encryption key and one or more image authentication keys that can be used to associate program code with an original equipment manufacturer. These keys are used to authenticate the program code.