Abstract: Disclosed is a method, for detecting anomalies in a computer application which is running on a device in a data communications system, thereby creating events in the computer application. Each event comprises an event code identifying the event. The method comprises obtaining (200) an event profile of the computer application, the event profile comprising each unique event code of events detected during a defined period of operation of the computer application. The method further comprises detecting (220) a first event from the computer application, and comparing (222) the event code of the first event with the event codes of the event profile. The method further comprises, if the first event does not match any event in the stored event profile, creating (224) a notification.

Abstract: A total property security system may be implemented to conduct security and surveillance operations. The system includes security operations centers that are connected to one or more sensors and vehicles for collecting and transmitting surveillance data to a database hosted on cloud services. The collected surveillance data is analyzed in order to automatically deploy security measures and/or recommend courses of action using a rules engine that can be configured to client-specific or user-specific security needs. The cloud services can provide a set of application program interface services that can act on the surveillance operations center. Sensor fusion data and other surveillance data can be also transmitted to vetted monitoring service providers on a subscription basis to provide physical security services to the area within the property perimeter. During the subscription period, the selected monitoring service providers can obtain time-based encryption token for accessing surveillance data.

Abstract: A mitigation system comprises a plurality of types of mitigation devices which execute a defense function against an attack, and a control device which selects, if it is detected that an attack has been performed on a network to be monitored, one of the plurality of types of mitigation devices, which executes a defense function in accordance with the type of the attack.

Abstract: User authentication techniques are provided using biometric representations of one-time passcodes. An exemplary method comprises initiating a challenge to a user in connection with an authentication request by the user to access a protected resource, wherein the challenge comprises a biometric encoding of a one-time passcode using a dictionary; processing a biometric representation by the user in response to the challenge in accordance with the biometric encoding and wherein the processing comprises determining a likelihood that the biometric representation by the user in response to the challenge matches the biometric encoding in the challenge; and resolving the authentication request based on the likelihood. The biometric encoding comprises, for example, a vocal passphrase and/or instructions for the user to perform a specified manipulation to a biometric sample of the user.

Abstract: Techniques for dynamic server groups that can be patched together using stream clustering algorithms, and learning components in order to reuse the repeatable patterns using machine learning are provided herein. In one example, in response to a first risk associated with a first server device, a risk assessment component patches a server group to mitigate a vulnerability of the first server device and a second server device, wherein the server group is comprised of the first server device and the second server device. Additionally, a monitoring component monitors data associated with a second risk to the server group to mitigate the second risk to the server group.

Abstract: An apparatus, a security device, a security system comprising the security device and the apparatus, and a method for generating an apparatus-specific apparatus certificate for the apparatus includes coupling the security device to the apparatus, a one-time useable private signing key being stored in the security device, storing apparatus-specific identification information in the security device, accessing the private signing key in the security device, generating the apparatus-specific apparatus certificate depending on the stored identification information in the security device, the apparatus-specific apparatus certificate being signed using the private signing key, and preventing a further access to the private signing key such that it becomes possible to generate an apparatus-specific apparatus certificate for an apparatus with little complexity, in particular without using a public key infrastructure.

Abstract: A system and method for securely verifying a connection between a remote device and an audio device. The method includes establishing a wireless connection between the remote device and the audio device. The remote device has an application configured to control operation of the audio device. An identity resolving key (IRK) for the application is obtained with the remote device. The IRK is transmitted to the audio device via the wireless connection. An instruction to is transmitted the audio device to generate a random resolvable address for the application using the IRK and to broadcast data containing the random resolvable address. The data containing the random resolvable address is received by the application of the remote device. An active audio connection between the remote device and the audio device is identified if the random resolvable address is able to be resolved by the application using the IRK.

Abstract: The disclosed computer-implemented method for protecting users may include (i) intercepting an attempt to login to a user account of an application using a login credential, (ii) preventing a user corresponding to the user account from revealing personally identifiable information by populating a field for the login credential with a value for an identity-masking persona as a substitute for the personally identifiable information, and (iii) enabling a completion of the attempt to login to the user account of the application using the value for the identity-masking persona, rather than the personally identifiable information, to provide the user with access to an online resource through the application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A neural mesh data protection grid disposed amidst a tunnel acting as a transmission path for transmitting large files (i.e., file transfer). The grid includes a virtual matrix of containerized security zones. Each security zone is configured to act as prospective point in the transmission path for the data file or a segment of the data file. Further, each containerized security zone includes logic that is configured to perform one or more security checks on the data. The neural aspect of the data protection grid means that the logic is further configured to determine, over time, a trust level for the containerized security zone based on the trust/confidence that the zone has attained.

Abstract: A method for variable length decoding, the method including: receiving, in a default word length mode, at least one first data word having a default first word length; combining the received at least one first data word as a first portion of data; receiving, after the at least one first data word, a transition word indicative of transitioning to a variable word length mode; receiving, after the transition word, a first word length word indicative of a second word length; receiving, after the first word length word, at least one second data word having the second word length; and combining the received at least one second data word as a second portion of the data.

Abstract: A computer-implemented method for performing authentication includes: determining, by a database server storing data in a blockchain ledger, a target ledger segment on which time service authentication is to be performed; generating a Merkle tree corresponding to the target ledger segment; determining a root hash of the Merkle tree, the root hash of the Merkle tree being based on a block hash of each data block in a set of one or more data blocks; executing a predetermined time capture process in a trusted execution environment to obtain a trusted time from an interface provided by a trusted time service organization; generating a digital signature for the trusted time and the root hash in the trusted execution environment; and generating a time service certificate including the trusted time, the root hash, and the digital signature.

Abstract: A system and method for facilitating authenticating a client application to enable communications with another server-side application running on a server in communication with the client application (client). An example embodiment involves providing an authenticator for the client to a shared library that is accessible to the client and server, and then registering the authenticator for the client at the server. After registration, the client sends a request message (addressed to a server-side application) and token to the server. The token is derived using the authenticator at the shared library. The server then uses the token to check that the authenticator associated with the received token is registered. The server then communicates with the shared library to authenticate the client by verifying that the received token identifies the client that has provided the authenticator to the shared library. Client identity is then set to enable communications with the server-side application.

Abstract: Methods and apparatus consistent with the present disclosure may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into. In certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. The present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. Malware can be detected using exception handling to track memory allocations of the program code included in the received data set.

Abstract: Embodiments of the present application relate to a method, device, and system for processing data. The method includes receiving a login request from a front-end device, the login request comprising account information of an account associated with the front-end device, determining a confirmation device associated with the front-end device based at least in part on the account information, generating an authentication request based at least in part on the account information, wherein said authentication request comprises said account information, obtaining confirmation information from the confirmation device, the confirmation information being generated based at least in part on the authentication request and confirming the login request, and authenticating, by the authentication system, the front-end device based at least in part on the confirmation information.

Abstract: A wireless access control method and device are provided. A method applied to a sender terminal includes: generating, by a terminal, an authentication code according to a protocol negotiated with a receiver when sending control-type data, combining, by the terminal, control-type data, the authentication code and a corresponding CRC check code to generate a message, and sending, by the terminal, the message to the receiver, such that the receiver can perform a CRC check on the received message, generates an authentication code according to the negotiated protocol if the CRC check is successful, determines whether the generated authentication code is the same as the received authentication code, if so, analyzes the received control-type data, and if not, discards the received control-type data.

Abstract: A computer-implemented method according to one embodiment of the present disclosure includes identifying, by a computer system, an asset associated with a group; detecting a change in an attribute of the asset; and in response to detecting the change in the attribute of the asset, modifying, by the computer system, a configuration setting for a firewall. Among other things, the embodiments of the present disclosure can perform dynamically configure and control security features in response to changes in the computing environment, including asset attribute changes, security events, operational events, user input and environmental changes. Embodiments of the present disclosure thereby help to quickly maintain or change the security posture of a system and maintain the level of compliance with set of predefined security benchmarks or codified best practices.

Abstract: The present disclosure provides an information handling system (IHS) and related methods that use physical presence verification to establish unique trust relationships between boot firmware and one or more individual applications provided within an IHS. The IHS and methods disclosed herein provide secure verification of user physical presence by verifying the physical presence of a user during a pre-boot phase of the boot firmware (i.e., before an operating system (OS) is loaded and running). After user physical presence is verified during the pre-boot phase, the IHS and methods disclosed herein generate a physical presence (PP) bind token during OS runtime that may be used to establish a unique trust relationship between the boot firmware and one or more individual applications provided within the IHS.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for proximity-based logical access. In some implementations, a method includes receiving, by a mobile electronic device, a request from a server system to approve a session for a logical resource accessed by a second electronic device. In response to receiving the request, the mobile electronic device, initiates communication over a wireless communication link using a radio of the mobile electronic device. The mobile electronic device receives data from the second electronic device over the wireless communication link, the received data from the second electronic device indicating a session identifier. After receiving the data from the second electronic device, the mobile electronic device provides a response to the server system that indicates approval of the session and indicates the session identifier.

Abstract: Systems and methods provide for text mining, and in particular text mining of screens, of endpoint and other target computers and devices, of an enterprise or network. The text mining from the screen is based on the text that the end point user actually sees, as is actually displayed on the screen. As a result of the text mining, action can be taken against the endpoint computer.

Abstract: A system featuring a cloud-based malware detection system for analyzing an object to determine whether the object is associated with a cyber-attack. Herein, subscription review service comprises a data store storing subscription information. The subscription information includes identifier for the customer and one or more identifiers each associated with a corresponding customer submitter operable to submit an object to the cloud-based malware detection system for analysis. The first customer submitter receives credentials provided by the subscription review service to establish communications with the cloud-based malware detection system.