Abstract: The present invention includes systems and methods for providing cybersecurity to web-enabled applications for protection of critical software and host systems. The present invention is operable to build a Hidden Markov model of an application using automated analysis of code and documentation in order to characterize potential state and state transitions. The present invention is also operable to use additional data such as timing and proximity to assess incoming data. Incoming messages are then assigned a trust score based on Bayesian calculations.

Abstract: A computer-implemented method includes receiving, via processing circuitry and from a customer interface device (CID), a customer communication and first authentication data, searching, via the processing circuitry, a database for a customer account corresponding to the customer communication, receiving, at the processing circuitry and from the database, first registered data corresponding to the customer account, and determining, via the processing circuitry, a first security challenge having a first security level category of a plurality of security level categories.

Abstract: A system may identify a security intent policy model associated with an initial time. The system may generate one or more delta snapshots that respectively indicate one or more incremental changes to the security intent policy model at times subsequent to the initial time. The system may determine that the system is to deploy an updated version of the security intent policy model to a device and may thereby determine a previous deployment time at which the system deployed a previous version of the security intent policy model to the device. The system may generate, based on the one or more delta snapshots and the previous deployment time, a cumulative delta snapshot, and may thereby update a low-level security intent policy model associated with the device. The system may generate, based on the low-level security intent policy model, device-level security configuration information for the device.

Abstract: Systems and methods for proactively monitoring the inherent cyber-tech risk of software and hardware components are disclosed. In one embodiment, a method for proactively monitoring a cyber risk of a computer program may include: (1) receiving, by a product/version risk assessment computer program executed by an electronic device and from a user computer program executed by a use electronic device, an identification of a plurality of proposed components to include in the computer program; (2) retrieving, by the product/version risk assessment computer program, vulnerability information for each of the plurality of proposed components, wherein the vulnerability information identifies a security vulnerability for the proposed component; (3) generating, by a product/version risk scoring computer program, a risk score for the computer program under development based on the vulnerability information; and (4) returning, by the vulnerability assessment computer program, the risk score to the user computer program.

Abstract: An improvement to a system for identity verification is provided in which data records are continuously updates to provide the validation, verification and trusted confidence values of an entity (an individual person or organization) for each type and level of identification needed. In addition to the iterative updating of conventional data, the historical change in recorded data is compared with newly received entity identification verification parameters, with changes and an analysis of the changes also iteratively tracked and stored as part of the data record with continuous updating. The data record may also include emotional, mood or feelings responses to emotional, mood or feeling prompts. Similarly, the historical change in emotional, mood or feeling responses is compared with newly received responses to similar or different prompts, with changes and an analysis of the changes also iteratively tracked and stored as part of the data record with continuous updating.

Abstract: A technique is provided that integrates authentication from a mobile device (e.g., using biometrics, social informational data, questions and answers, and more) to allow login to laptops and desktops while they are disconnected from the Internet using a USB cable connection, Bluetooth or local wifi or any other similar protocol and/or connected to Internet without USB. The technique provides a cloud clearinghouse that ties a person's or entity's mobile device(s) to an identity that's used to authenticate a person (could be the same person) on a laptop, desktop, or similar computer system.

Abstract: The present disclosure relates to a method and a device for authenticating a device using wireless LAN. A method of an access point in a wireless communication system, according to an embodiment of the present invention, comprises the steps of: receiving a request message for wireless LAN access of a second terminal from a first terminal; performing an authentication procedure for the second terminal based on identification information of the second terminal and authentication information of the first terminal included in the request message; and transmitting a response message including an authentication result for the second terminal to the first terminal.

Abstract: A network isolation device includes an internal network interface to connect the network isolation device to one or more devices and an external network interface to connect the network isolation device to an external network. The network isolation device further includes an airgap device that operates to (i) close an air gap to connect the one or more devices to the external network, (ii) open the air gap to disconnect the one or more devices from the external network.

Abstract: Securely storing data includes encrypting the data using a random key to provide obfuscated data, scrambling the obfuscated data to provide scrambled obfuscated data, generating a scramble schema indicating how to unscramble the scrambled obfuscated data, encrypting the scrambled obfuscated data to provide encrypted scrambled obfuscated data, splitting the scramble schema, and distributing separate portions of the scramble schema and separate portions of the encrypted scrambled obfuscated data to separate entities. The data may be private key data. Securely storing data may also include concatenating the random key on to the obfuscated data prior to scrambling the obfuscated data, wherein the random key is scrambled together with the obfuscated data. Scrambling the obfuscated data may use a Fisher Yates Shuffle mechanism. Securely storing data may also include generating and distributing a symmetric authentication key that is used to authenticate a first entity to a second entity.

Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.

Abstract: Techniques are described herein that are capable of using graph enrichment to detect a potentially malicious access attempt. A graph that includes nodes and configuration-based links is generated. The nodes represent respective resources. Behavior-based links are added to the graph based at least in part on traffic logs associated with at least a subset of the resources. An attempt to create a new behavior-based link is identified. A probability of the new behavior-based link being created in the graph is determined. The probability is based at least in part on the configuration-based links and the behavior-based links. The new behavior-based link is identified as a potentially malicious link based at least in part on the probability being less than or equal to a threshold probability. A security action is performed based at least in part on the new behavior-based link being identified as a potentially malicious link.

Abstract: A client communications device and method for generating a user message comprising an assertion for verification by a remote server device is described. Payload data for the user message as generated by a secure application resident on the communications device is received. Biometric authentication of the user is performed as a first level security mechanism. If biometric authentication of the user is successful, a digital signature is generated based on the message payload as a second level security mechanism. The digital signature is generated using a private signature key stored in a secure element of the client device. A third level security mechanism is applied by authenticating the user message using a secure application-specific key. In implementations, the digital signature is generated in a secure environment of the client device which has sole access to the secure element after successful biometric authentication.

Abstract: Techniques are provided for access control of protected data using storage system-based multi-factor authentication. One method comprises obtaining, in a storage system, an input/output request for data; determining, by the storage system, whether a multi-factor authentication is required for the requested data; initiating, by the storage system, a multi-factor authentication of a user associated with the input/output request, in response to a result of the determining, to obtain a verification result; and processing, in the storage system, the input/output request for the data based at least in part on the verification result. The data may be marked as protected data using a manual process and/or an automated process that processes one or more smart tags associated with the data. The marking of the data as protected data may comprise marking a partition comprising the data, marking a protected folder comprising the data, and/or marking a protected file comprising the data.

Abstract: A method for connecting a field device to a first cloud based service platform includes reading-out a first ticket from the field device using the first service device, wherein the first ticket includes at least one piece of information identifying the field device. The first ticket is transmitted to a second cloud based service platform from the first service device. The method also includes mutual associating and verifying of the first ticket and a second ticket produced at the manufacturer and stored in the second service platform. In the case of successful verifying, the connecting information for the first cloud based service platform is transmitted from the second cloud based service platform to the first service device. A communication connection between the first service device and the first cloud based service platform is established based on the connecting information transmitted from the second service platform.

Abstract: Methods and systems describe linking mobile applications to website providers using an intermediary database that is populated based on mobile application metadata in order to provide secure communication of user data encrypted specifically for given website providers. The methods and systems accomplish this by receiving, at an intermediary database, a first communication from a background application implemented on a mobile device, wherein the first communication comprises a first access point address and is generated based on a request, by a first access point, for first user information for use by a first provider, wherein the first provider provides the first access point. However, as opposed to simply generating a random alternative content for the first communication, the system performs an additional step to ensure that the alternative content is specific to the provider and may be used across all access points for the provider.

Abstract: Provided herein are systems and methods for global data objects on a data platform where the global data objects are accessible at an organization level. In particular, an organization-level global data object provided by various embodiments can be used as a generic organization object that is owned by a specific organization, and can be managed (e.g., created, deleted, or modified) by use of a leader-based model.

Abstract: Embodiments of systems and methods to provide a firmware update to devices configured in a redundant configuration in an Information Handling System (IHS) are disclosed. In an illustrative, non-limiting embodiment, an IHS may include computer-executable instructions to receive a password comprising a first plurality of characters, concatenate a second plurality of characters to the hashed password to form a patched password, encrypt the patched password, and send the hashed patched password to a server IHS for authentication. The second characters are configured to continually change value over time.

Abstract: Various embodiments of the present disclosure provide techniques for facilitating a credential-less exchange over a network using a plurality of identifier mapping and member interfaces. The techniques may include initiating the presentation of an enrollment user interface via a client device of a user and receiving selection data indicative of a selection of a service provider instrument from the enrollment user interface. The techniques include generating a matching code for authenticating the user, providing the matching code to a service provider platform, and receiving the matching code from a partner platform. In response to an authentication of the user based on the matching code, the techniques may include generating an UUEK for the user that may be used to replace persistent credentials.

Abstract: In one embodiment, a device of a data mesh generates a first metadata layer for the data mesh that comprises metadata regarding a dataset having a plurality of data sources. The device identifies user role-specific metadata associated with a particular user role and based at least in part on the metadata regarding the dataset. The device generates a second metadata layer for the data mesh that comprises the user role-specific metadata associated with the particular user role. The device provides the user role-specific metadata for presentation to a user associated with the particular user role.

Abstract: A communications system is provided. A network device controls the setting up of a device to device communication link, as sent between a device in the core network and the base station(s) servicing the relevant mobile devices, including disclosure of the common security information for two mobile devices to communicate securely over the direct device to device communications link.