Abstract: Concepts and technologies are disclosed herein for scored factor-based authentication. A verification service can receive an authentication request from a requestor, wherein the authentication request identifies a transaction. The verification service can determine a risk associated with the transaction, an authentication score based upon the risk, and a plurality of groups of authentication factors, each of which can satisfy the authentication score. The verification service can provide factor group data identifying the plurality of groups of authentication factors to the requestor.

Abstract: An apparatus and a method provide a solution for a computer system. The apparatus may include a package containing or referencing a plurality of software components of the solution and containing a solution definition defining in logical terms the topology requirements of the solution. The plurality of software components may be packaged as installable units which comprise a descriptor providing requirements of a target hosting environment for the software component and the software component to be installed. The solution definition of the package may include target hosting environments of the software components of a solution being defined in terms of requirements each software component has on its own target hosting environment and requirements the solution imposes on the target hosting environments.

Abstract: Hierarchical predicate encryption (HPE) for inner products with enhanced efficiency of operations. A cryptographic processing system includes a key generation device, an encryption device, and a decryption device. The key generation device generates, as a decryption key skL, a vector in which predicate information v{right arrow over ( )}t is embedded in a basis vector of a basis B*t for each integer t of t=1, . . . , L. The encryption device generates, as a ciphertext ct, a vector in which attribute information x{right arrow over ( )}t is embedded in a basis vector of a basis Bt for at least some integer t of t=1, . . . , L. The decryption device performs a pairing operation on the decryption key skL generated by the key generation device and the ciphertext ct generated by the encryption device, and decrypts the ciphertext ct.

Abstract: A method for detecting and preventing a Distributed Denial of Service (DDoS) attack in a cloud computing environment including a plurality of clients connected to a server, the method includes collecting, by the server, file deoxyribonucleic acid (DNA) extracted from a file currently being executed by each of the clients and traffic information about network traffic caused by the file, from each client by using an agent that is installed in the client and that monitors the file currently being executed by the client. Further, the method includes analyzing, by the server, a risk level of a DDoS attack based on whether the file DNA of the file is malicious or unidentified and based on the traffic information. Furthermore, the method includes sending a command related to whether to block the file to the client according to the analyzed risk level.

Abstract: Hostile attacks against a computer program are prevented when the program is executed in a computing environment that is controlled by the attacker. A preposition is run in a secure computing environment instead of the original call site, i.e. the IF antecedent, which has a TRUE consequence and a FALSE consequence are run in a secure computing environment. Embodiments of the invention also allow an insecure call site to detect modifications by a hostile attacker surreptitiously. In embodiments of the invention, a script is generated by a script generator from the IF antecedent and TRUE and FALSE consequence source code, for example relative to a call site. The original source code is modified to call the script engine, rather than the preposition. At run-time a script engine executes this script.

Abstract: A method and system for determining whether user accounts in a client-server architecture are legitimate is described, the method and system including determining a first integer value, hereinafter denoted N, and a second integer value, hereinafter denoted K, such that K<N, receiving a request at a server from one client device of a plurality of client devices, the request including a unique user identification and a password, the request being a request to access an object, the unique user identification and password being associated with a particular user, sending from the server, at least K times, to one client device of the plurality of client devices a share to be stored in a state object stored on the one client device to which any share is sent on behalf of the server, verifying at the server that one client device of the plurality of client devices has at least K stored shares in the state object, as a positive result of the verifying, flagging in a database that a user account associated with the

Abstract: A system and method for categorizing content on a webpage is disclosed. The method comprises receiving a request for a webpage from a user's computer. Next, the system determines whether there is dynamic content on the webpage by analyzing the address, links, reputation, type, style and other indicators of being able to easily change the webpage. If the webpage contains content that can be changed, then the webpage is analyzed to determine a current categorization thereof. If the webpage does not have dynamic content then the categorization of the webpage will remain the same thereby freeing system resources by only analyzing dynamic webpages.

Abstract: An adaptable network security system includes trust mediator agents that are coupled to each network component. Trust mediator agents continuously detect changes in the security characteristics of the network and communicate the detected security characteristics to a trust mediator. Based on the security characteristics received from the trust mediator agents, the trust mediator adjusts security safeguards to maintain an acceptable level of security. Trust mediator also uses predetermined rules in determining whether to adjust security safeguards. Despite inevitable changes in security characteristics, an acceptable level of security and efficient network operation are achieved without subjecting users of the network to over burdensome security safeguards.

Abstract: A threat detection system for detecting threat activity in a protected computer system includes anomaly sensors of distinct types including user-activity sensors, host-activity sensors and application-activity sensors. Each sensor builds a history of pertinent activity over a training period, and during a subsequent detection period the sensor compares current activity to the history to detect new activity. The new activity is identified in respective sensor output. A set of correlators of distinct types are used that correspond to different stages of threat activity according to modeled threat behavior. Each correlator receives output of one or more different-type sensors and applies logical and/or temporal testing to detect activity patterns of the different stages. The results of the logical and/or temporal testing are used to generate alert outputs for a human or machine user.

Abstract: A system is described for receiving a stream of events and scoring the events based on anomalousness and maliciousness (or other classification). The system can include a plurality of anomaly detectors that together implement an algorithm to identify low-probability events and detect atypical traffic patterns. The anomaly detector provides for comparability of disparate sources of data (e.g., network flow data and firewall logs.) Additionally, the anomaly detector allows for regulatability, meaning that the algorithm can be user configurable to adjust a number of false alerts. The anomaly detector can be used for a variety of probability density functions, including normal Gaussian distributions, irregular distributions, as well as functions associated with continuous or discrete variables.

Abstract: Method for encrypting information transferred between two mobile telephones, each having a security module and where a security application contains encryption and decryption algorithms. The security application is stored on an SD card introduced into a card-holder location in the relevant telephone, then transferred from the card to the security module with a session key stored on the card, a key stream forms in the card on the basis of the session key, and during encryption is transferred from the card to the security module where encryption takes place, such encrypted stream of data is transmitted by the telephone, the stream of data is received by a second mobile telephone, decryption takes place with a corresponding key stream in the security module of the second telephone and the corresponding key stream is formed in the SD card of the second telephone on the basis of the session key.

Abstract: A device and method are provided for a device that communicates security information to a user entering content into the device. In an aspect, the device may access content from a server over a connection through the network. The device displays the content on a user interface of the device. The device detects information entered into a field of the displayed content and evaluates a security state of the device. If the security state is below a security threshold and, if the entered information is identified as protected information based on stored criteria, the device displaying a visual indication on the user interface.

Abstract: Utilizing an image on a computing device to serve as a template for locking/unlocking the computing device. The image includes a plurality of portions that are defined and thereafter identified and presented to a user via a touch screen. A user selects portions/zones that are defined within the image in a specified sequence and this sequence is stored as a lock/unlock code for unlocking the computing device. In an embodiment, in addition to the specified sequence of selections, a movement or sequence of movements may be also be stored as part of the lock/unlock code.

Abstract: Described herein are methods, network devices and machine-readable storage media for detecting whether a message is a phishing attack based on the collective responses from one or more individuals who have received that message. The individuals may flag the message as a possible phishing attack, and/or may provide a numerical ranking indicating the likelihood that the message is a possible phishing attack. As responses from different individuals may have a different degree of reliability, each response from an individual may be weighted with a corresponding trustworthiness level of that individual, in an overall determination as to whether a message is a phishing attack. A trustworthiness level of an individual may indicate a degree to which the response of that individual can be trusted and/or relied upon, and may be determined by how well that individual recognized simulated phishing attacks.

Abstract: Facilitating management of digital certificates is addressed. More specifically, digital certificates as well as public and private keys can be stored in a centrally accessible location and dynamically acquired from the location as needed. Additionally, binding of digital certificates and associated keys can be implicit and determined as a function of a host name provided during protocol negotiation, for example.

Abstract: A computer-implemented method may intercept a file-system call associated with a media file. The computer-implemented method may determine an attribute of the media file. The computer-implemented method may also identify a parental-control policy associated with the attribute of the media file. The computer-implemented method may further apply the parental-control policy to the media file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An analysis trigger monitoring system is provided in one or more virtual assets. One or more analysis trigger parameters are defined and analysis trigger data is generated. The analysis trigger monitoring systems are used to monitor at least a portion of the message traffic sent to, or sent from, the one or more virtual assets to detect any message including one or more of the one or more analysis trigger parameters. A copy of at least a portion of any detected message including one or more of the one or more analysis trigger parameters is then transferred to one or more analysis systems for further analysis using a second communication channel.

Abstract: A service management apparatus is provided that allows management of a shared license among devices, including a user storage unit storing a user and at least one associated terminal; a license information storage unit storing a license including a terminal to be permitted to use a predetermined service and license information for identifying a setting limitation; a setting request reception unit receiving a setting request for the license including information for identifying the terminal that has issued the setting request and the user; an associated terminal identification processing unit identifying the terminal that is associated with the user included in the request; a license identification processing unit identifying the license that each terminal to be identified is permitted to use and is settable to the terminal that has issued the request; and a license setting processing unit setting the identified license to the terminal that has issued the request.

Abstract: Subscriber (user) data is encrypted and stored in a service provider cloud in a manner such that the service provider is unable to decrypt and, as a consequence, to view, access or copy the data. Only the user knows a user-specific secret (e.g., a password) that is the basis of the encryption. The techniques herein enable the user to share his or her data, privately or publicly, without exposing the user-specific secret with anyone or any entity (such as the service provider).

Abstract: A server for providing premium communication services via an untrusted network. The server comprises a processor, memory, and an application that is configured to receive a request from an untrusted communication device to access a premium communication service via the untrusted network, wherein the request comprises an internet protocol (IP) address, match the IP address from the request with a previously stored source IP address associated with a message sent by a trusted mobile communication device, wherein the device is authorized to access the premium communication service via the untrusted network, determine if the request is received within a time period indicated by a previously assigned time-to-live value associated with authentication extension, upon determining that the request is received within the indicated time period, generate a cookie associated with the communication device, and send the cookie to the communication device via the untrusted network.