Abstract: In an example, a security-connected platform is provided on a data exchange layer (DXL), which provides messaging on a publish-subscribe model. The DXL provides a plurality of DXL endpoints connected via DXL brokers. In one case, DXL endpoints designated as producers are authorized to produce certain types of messages, including security-related messages such as object reputations. Other DXL endpoints are designated as consumers of those messages. A domain master may also be provided, and may be configured to provide physical and logical location services via an asset management engine.

Abstract: A closed-loop system is operatively connected with a block chain distributed network for using the block chain distributed network for facilitating operation of a transaction record sharing system between member institutions comprising a host system and a source system. Host and source institutions function to share the transaction records from member institutions such that a host institution that is a member of the block chain may obtain the transaction records of all source institutions of the block chain. The transaction records are validated on the block chain such that the transaction records are secure represent a source of truth.

Abstract: In an example, a context-aware network is disclosed, including threat intelligence services provided over a data exchange layer (DXL). The data exchange layer may be provided on an enterprise service bus, and may include services for classifying objects as malware or not malware. One or more DXL brokers may provide messaging services including, for example, publish-subscribe messaging and request-response messaging. Advantageously, DXL endpoint devices must make very few assumptions about other DXL endpoint devices.

Abstract: A computing system includes: a control circuit configured to: determine a privacy baseline for controlling communication for a user, determine an application-specific privacy setting for controlling communication for a first executable program associated with the user, generate a user-specific privacy profile based on the privacy baseline and the application-specific privacy setting, the user-specific privacy profile for controlling an application set including a second executable program; and a storage circuit, coupled to the control circuit, configured to store the user-specific privacy profile.

Abstract: A device may determine that a first wireless local area network (WLAN) connection, established with a first WLAN access point using an extensible authentication protocol, has been dropped. The device may store a pairwise master key identifier, associated with the first WLAN access point, based on determining that the first WLAN connection has been dropped. The device may detect a WLAN signal, associated with the first WLAN access point or a second WLAN access point, after determining that the first WLAN connection has been dropped. The device may provide the pairwise master key identifier to the first WLAN access point or the second WLAN access point based on detecting the WLAN signal. The device may establish a second WLAN connection with the first WLAN access point or the second WLAN access point based on providing the pairwise master key identifier and without re-authenticating using the extensible authentication protocol.

Abstract: The present invention is directed to a method for providing secure dynamic address resolution and communication directly between two nodes, without communication to third party DNS and/or MX server(s). A first a second node are initially paired, which may include the identification of an authentication scheme and creating a DNS record with the current address of the other node, the address of the other node may be dynamically updated. Further secure transmission of messages may be implemented, which include first resolving based on the DNS record a current address of the other node, authentication the destination node, and transmitting a message upon successful authentication. Dynamic message encryption and the provision of a DNS cache may further be implemented.

Abstract: Technologies for securely exchanging sensor information include an in-vehicle computing system of a vehicle to establish a trusted execution environment and a secure communication channel between the trusted execution environment and a corresponding trusted execution environment of a coordination server. A private key is bound to the trusted execution environment of the in-vehicle computing system. The in-vehicle computing system confirms the authenticity of the coordination server, receives sensor data generated by a sensor of the vehicle, and generates an attestation quote based on the trusted execution environment of the in-vehicle computing system. The in-vehicle computing system further transmits, to the coordination server over the secure communication channel, the sensor data, the attestation quote, and a cryptographically-signed communication signed with the private key.

Abstract: A device for providing hierarchical threat intelligence includes a non-transitory machine-readable storage medium storing instructions that cause the device to receive, a plurality of calculated threat scores for a plurality of threat management devices, wherein the threat scores are respectively associated with context information, determine a first threat scores for a first entity based on a first subset of the calculated threat scores, determine a second threat score for a second entity based on a second subset of the calculated threat scores, receive update information of one of the calculated threat scores of the first subset from a listener of the threat management devices, and update the first threat score based on the update information.

Abstract: Techniques for implementing face-controlled liveness verification are provided. In one embodiment, a computing device can present, to a user, a sequential series of targets on a graphical user interface (GUI) of the computing device, where each target is a visual element designed to direct the user's attention to a location in the GUI. The computing device can further determine whether the user has successfully hit each target, where the determining comprises tracking movement of a virtual pointer controlled by the user's gaze or face pose and checking whether the user has moved the virtual pointer over each target. If the user has successfully hit each target, the computing device can conclude that the user is a live subject.

Abstract: A method and an electronic device are disclosed herein. The electronic device includes a communication unit, a storage unit and at least one processor, which executes the method, including detecting a request for establishing a call session, generating a new security key from a preset security key, renewing the preset security key by setting the generated new security key as a current preset security key, and establishing the call session based on the generated new security key.

Abstract: A system for providing data communication is provided. The system includes at least one computer test tool configured to perform one or more diagnostic tests on a computer network. The system further includes at least one communication device configured to couple to the at least one computer test tool to receive and cache test data from the at least one computer test tool and to wirelessly couple to a communication network. In addition, the system includes a cloud-based server configured to couple to the communication network so as to receive test data transmitted from the at least one communication device wherein the test data is encrypted in the at least one computer test tool and decrypted in the cloud-based server.

Abstract: A method and apparatus for authenticating a user is disclosed that includes measuring biometric information of the user to create biometric measurement information, determining whether a private key included in a user authentication request signal matches a private key issued in advance to the user, comparing pre-set biometric authentication information for the user with the biometric measurement information, calculating a matching ratio when a match is detected, authenticating the user having provided the biometric information as an authorized user based on a result of comparison of the calculated matching ratio with a pre-determined biometric authentication threshold value, and providing an updated private key to the information processing device based on a result of comparison of the calculated matching ratio with a pre-determined updated threshold value.

Abstract: A computing system includes: a control circuit configured to: determine a privacy baseline for controlling communication for a user, determine an application-specific privacy setting for controlling communication for a first executable program associated with the user, generate a user-specific privacy profile based on the privacy baseline and the application-specific privacy setting, the user-specific privacy profile for controlling an application set including a second executable program; and a storage circuit, coupled to the control circuit, configured to store the user-specific privacy profile.

Abstract: The present disclosure describes systems and methods for detection and mitigation of malicious activity regarding user data by a network backup system. In a first aspect, a backup system receiving and deduplicating backup data from a plurality of computing devices may detect, based on changes in uniqueness or shared rates for files, atypical modifications to common files, and may take steps to mitigate any potential attack by maintaining versions of the common files prior to the modifications or locking backup snapshots. In a second aspect, the backup system may monitor file modification behaviors on a single device, relative to practices of an aggregated plurality of devices. Upon detection of potentially malicious modification activity, a previously backed up or synchronized store of data may be locked and/or duplicated, preventing any of the malicious modifications from being transferred to the backup system.

Abstract: A biometric image output control method in a biometric authentication device comprises the step of generating a biometric image by imaging an living body to be authenticated; determining whether an imaging environment; if the imaging environment satisfies a predetermined recognition condition, controlling a change rate of a size of a biometric image, a change rate of a focal point of the biometric image and a change rate of a brightness of the biometric image according to a distance to the living body to be authenticated; and if the imaging environment does not satisfy the predetermined recognition condition, overly controlling at least one of the change rate of the size of the biometric image, the change rate of the focal point of the biometric image and the change rate of the brightness of the biometric image according to the distance.

Abstract: A mobile device sends a network attach request to a network node, and receives an authentication challenge from the network node, where the authentication challenge includes an authentication token, a random number, and a time variable associated with a current time at the network node. A microprocessor smart card of the mobile device retrieves the time variable from the authentication challenge, and starts a clock counter based on the retrieved time variable. The microprocessor smart card uses a current time represented by the clock counter to perform time expiration validation tests on certificates during Public Key Infrastructure (PKI) authentication or on authentication tokens during token-based authentication.

Abstract: Some embodiments provide distributed rate limiting to combat network based attacks launched against a distributed platform or customers thereof. The distributed rate limiting involves graduated monitoring to identify when an attack expands beyond a single server to other servers operating from within the same distributed platform distribution point, and when the attack further expands from one distributed platform distribution point to other distribution points. Once request rates across the distributed platform distribution points exceed a global threshold, a first set of attack protections are invoked across the distributed platform. Should request rates increase or continue to exceed the threshold, additional attack protections can be invoked. Distributed rate limiting allows any server within the distributed platform to assume command and control over the graduated monitoring as well as escalating the response to any identified attack.

Abstract: A system for mitigating network attacks is provided. The system includes a protected network including a plurality of devices. The system further includes one or more attack mitigation devices communicatively coupled to the protected network. The attack mitigation devices are configured and operable to employ a recurrent neural network (RNN) to obtain probability information related to a request stream. The request stream may include a plurality of at least one of: HTTP, RTSP and/or DNS messages. The attack mitigation devices are further configured to analyze the obtained probability information to detect one or more atypical requests in the request stream. The attack mitigation services are also configured and operable to perform, in response to detecting one or more atypical requests, mitigation actions on the one or more atypical requests in order to block an attack.

Abstract: Enhanced security is provided for cloud based matching systems by using the principle of Independence of Irrelevant Alternatives (IIA). The client uses IIA to transform alternative data before sending it to the cloud, and then does the reverse transformation on the matching results generated by the cloud service provider to rebuild the matching results for the alternative data. Using this protocol, the client does not disclose its own data in a form that is usable by the cloud service provider, and the cloud service provider does not disclose to the client the provider's proprietary coefficient beta information.

Abstract: Even when an intermediate server exists, a plurality of servers simultaneously authenticates a user securely. A user apparatus disperses a password. The user apparatus obtains a ciphertext, which is obtained by encrypting a dispersed value. The intermediate server transmits the ciphertext to an authentication server. The authentication server decrypts the ciphertext to obtain the dispersed value. The authentication server determines a verification value. The authentication server obtains a ciphertext. The intermediate server decrypts the ciphertext to obtain the verification value. The intermediate server verifies whether a sum total of the verification values is equal to 0 or not. The authentication server determines a verification value. The authentication server obtains a ciphertext. The authentication server decrypts the ciphertext to obtain the verification value. The authentication server verifies whether a sum total of the verification values is equal to 0 or not.