Abstract: A system for analyzing a computing system for potential breach points, the system comprising a memory device having executable instructions stored therein, and a processing device, in response to the executable instructions, configured to parse a breach scenario file, the breach scenario file comprising a graph including action component nodes connected by edges, determine a root node from the action component nodes, execute the root node with breach point data, generate a root node return value based on the execution of the root node, the root node return value including a modified copy of the breach point data, determine children nodes from the action component nodes connected to the root node, execute the children nodes wherein each execution of the children nodes produces children node return values for a subsequent one of the children nodes, and return a final return value from the execution of the children nodes.

Abstract: A method for providing connection between applications and a data repository is described. The method includes receiving a communication from an application for the data repository. The application is authenticated. In response to the application being authenticated, the credentials for the data repository are obtained from a data vault. The credentials are used to access the data repository while the application is free of the credentials.

Abstract: Methods and systems for identity-based firewall policy evaluation and for encoding entity identifiers for use in identity-based firewall policy evaluation. A packet from a sender entity to a recipient entity is intercepted. A determination is made whether the sender entity is permitted to communicate with the recipient entity according to a firewall policy, wherein the firewall policy indicates a plurality of entity identifiers, and each entity identifier is unique among the plurality of entity identifiers. Rules for communications among the plurality of entities include a list of pairs of entities which are permitted to communicate with each other. The packet is forwarded to the recipient entity when it is determined that the sender entity is permitted to communicate with the recipient entity. At least one mitigation action is performed when it is determined that the recipient entity is not permitted to communicate with the sender entity.

Abstract: A method including transmitting, by a transmitting device, verification information including a current fingerprint associated with a first instance of a source application stored on the transmitting device; receiving, by the transmitting device, a determination result determined based at least in part on a comparison of the current fingerprint with a verification fingerprint associated with a second instance of the source application stored on another device; and selectively transmitting, by the transmitting device, transmission data utilizing the first instance of the source application based at least in part on the determination result. Various other aspects are contemplated.

Abstract: An example device includes a physical storage medium, a wireless power circuit, and a portable sealed housing containing the physical storage medium and the wireless power circuit. The physical storage medium stores a first security protocol to activate the wireless power circuit, and a second security protocol to allow data transfer between the physical storage medium and a host device.

Abstract: A method and system for detecting vulnerable wireless networks coexisting in a wireless environment of an organization are provided. The method includes receiving intercepted traffic, wherein the intercepted traffic is transmitted by at least one wireless device operable in an airspace of the wireless environment, wherein the intercepted traffic is transported using at least one type of wireless protocol; analyzing the received traffic to detect at least one active connection between a legitimate wireless device of the at least one wireless device and at least one unknown wireless device, wherein the legitimate wireless device is at least legitimately authorized to access a protected computing resource of the organization; and determining if the at least one detected active connection forms a vulnerable wireless network.

Abstract: Computer-implemented methods, systems and computer program products leveraging collection and analysis of anonymized biological data, location data, individual IDs and time data from groups of individuals within a surrounding environment. The anonymized data can be combined with sources of map data and available historical data to help provide context about the surrounding environment of the users and stored for analysis and decision-making that physically impacts and alters the surrounding environment. At periodic or sporadic intervals, the collected data is extracted and analyzed. Based on the analysis of the anonymized data, physical changes are dynamically implemented within the physical environment, including remotely altering the physical environment by instructing changes to surrounding environment over a computer network such as modifying one or more settings of IoT devices positioned within the surrounding environment analyzed.

Abstract: The present innovative solution solves the problem of managing secure documents so that they can be verified, and protected from tampering and illegal printing. A legal document is converted to a secure document by embedding into the legal document one or more security codes that have been encrypted with a standard of proprietary cryptographic algorithm. The security codes are supplemented by a QR code associated with the archive location of each page of the secure document, and stored at a server or database. The security codes stored in the document and can be printed together with the document, as a form of watermark, using UV-sensitive ink or toner at a security printer. The security codes are encrypted and can be printed on varying locations in the secure document pages, which are defined in a geolocation template, separately transmitted in encrypted format.

Abstract: A system that provides responses to requests obtains a key that is used to digitally sign the request. The key is derived from information that is shared with a requestor to which the response is sent. The requestor derives, using the shared information, derives a key usable to verify the digital signature of the response, thereby enabling the requestor to operate in accordance with whether the digital signature of the response matches the response.

Abstract: A method for delegated authorization at a service communications proxy (SCP) includes intercepting, from a consumer network function (NF) that does not support access token based authorization, a service based interface (SBI) request. The method further includes operating as an access token authorization client to obtain a first access token on behalf of the consumer NF. The method further includes using the first access token to enable the consumer NF to access the service provided by a first producer NF that requires access-token-based authorization. The SCP may also function as an access token authorization server on behalf of an NRF that does not support access-token-based authorization.

Abstract: Systems and methods are provided which allow for motion-based authentication of a user using magnified motion. Very small or imperceptible motions of a user may be captured and magnified to determine characteristics of the motions that may be used as a motion-based credential for user authentication. The motions, which may be very small and imperceptible to an observer, may be difficult for potential attackers to observe and copy, but may be useful when magnified.

Abstract: Systems and methods are disclosed for providing a secure communication between a first network and a second network. The method may include receiving, at a Secure Access Smart Hub (SASH), a signal from the first network requesting a communication connection; establishing a first connection between the first network and the SASH; establishing a second connection between the SASH and the second network; receiving, at the SASH, data from the first network having a first protocol; translating the data having the first protocol into data having a second protocol; and transmitting the data from the SASH to the second network.

Abstract: Provided are exemplary systems and methods for secure intelligent networked architecture, processing and execution. Exemplary embodiments include an intelligent networked architecture comprising an intelligent agent, a secure cloud of a plurality of specialized intelligent historical agents, a plurality of secure cloud based specialized insight servers configured to transform secure digital data into a scrubbed situational deployment trigger, and an intelligent operational agent configured to receive the scrubbed situational deployment trigger.

Abstract: A personalized card may be generated using a card-personalization system accessible via multiple access points on a network. In some aspects, the personalized card may include a physical card having an image selected by a user in a card-personalization process. The user may be assigned a code that may both authenticate the user to access the card-personalization system and identify a position of the user in the card-personalization process. The card-personalization process may include a selection process for selecting an image, an approval process for approving the image, and a creation process for generating the personalized card including the image.

Abstract: An obfuscation circuit relies on a tamper-resistant nonvolatile memory which encodes a trusted Boolean function. The Boolean function is used to enable several operations relating to circuit obfuscation, including obfuscation of logic circuitry, obfuscation of operand data, and release of IP blocks. The tamper-resistant nonvolatile memory is part of a trusted integrated circuit structure, i.e., one fabricated by a trusted foundry, separate from another integrated circuit structure which contains the various operational logic circuits of the design and is fabricated by an untrusted foundry. The Boolean function is encoded based on a look-up table implemented as a cascaded multiplexer circuit. Multiple obfuscation functions can be so encoded. The obfuscation functions may be reprogrammed using a protocol that relies on symmetric keys, one of which is stored in the tamper-resistant nonvolatile memory.

Abstract: Embodiments of the present invention provide a system for secure communication of information that may be used to authorize communications or transfer of resources by use of an intelligent resource instrument with nano display. The provided systems, methods, and computer program products are designed to select and display viewable information, simultaneously record EEG readings for a user, and use this information to verify user identity. Upon verification of user identity, the intelligent resource instrument may be activated for use in a resource transfer.

Abstract: A system to control application access is disclosed. The system facilitates user interaction with a target application from a local browser in an additional secure approach. Here, an intermediate browser is communicatively coupled with the client browser to enable access of a user to the target application based on predefined levels of authorization. The system provides a way to define control profiles to control the application interaction based on administrator's needs. The user may access only a specific control profile of the target application.

Abstract: Blockchain validation systems including a blockchain configured banking core (BCBC) hosted on a server, a blockchain configured component coupled to the BCBC, permitting transfer of data records to the BCBC for storage thereon, and a number of blockchain configured federation proxies facilitating identification of access rules and execution of blockchain validation mechanisms. Methods for blockchain validation involving permitting interaction amongst a plurality of external computing systems associated with a plurality of entities in a manner bypassing a BCBC hosted on a server, through a blockchain configured component accessible by the external computing systems, permitting data record transfer to the BCBC over an independent verification network, managing the data records using blockchain configured federation proxies, and selectively distributing data records to the entities.

Abstract: Systems, methods, and software can be used to handle security events of a device based on remediation actions and recovery actions. In some aspects, a method comprises: receiving, by a security gateway, a security event notification associated with a device; determining, by the security gateway and based on the security event notification, a risk level of the device; determining, by the security gateway and based on the risk level, a set of remediation actions and recovery actions; and sending, by the security gateway, an action plan indicating the set of remediation actions and recovery actions.

Abstract: Aspects of the present disclosure provide for a security model for enabling multiple connectivity and service contexts while sharing a single connectivity context to establish a network connection. A context (e.g., connectivity context, service context, security context) is a set of information describing the connectivity, service, or security established between two or more entities. The connectivity context and service context may be established at different network nodes or entities. In one aspect of the disclosure, a connectivity context includes an Evolved Packet System (EPS) Mobility Management (EMM) context or both an EMM context and an EPS Session Management (ESM) context.