Abstract: A flexible hybrid firewall architecture that allows a mix of firewalls at end points in front of a target and at the initiator points. Groups of Priv-IDs may be created where each group is isolated from other worlds, with all firewalls controlled by a device management and security module.

Abstract: Aspects of the present invention provide an approach for providing network intrusion detection and prevention service (NIDPS) capabilities to a microservice in a networked computing environment. In an embodiment, a set of rules for accessing the microservice is retrieved. A NIDPS microservice is created within the environment of the microservice fabric that supports the microservice using the set of rules. The NIDPS microservice is established as a proxy communications destination for communications to the microservice such that communications that are intended for the microservice are instead rerouted to the NIDPS microservice. These communications are filtered by the NIDPS microservice according to the set of rules (e.g., to remove any communications that are determined to be threats).

Abstract: A method, an apparatus, and a system for controlling an intelligent device are provided. The device transmits a control request including a first intelligent device identifier corresponding to a first intelligent device to be controlled. In response to transmitting the control request, the device receives a first verification character string that corresponds to the control request. The first verification character string is transmitted to a first wearable device locally establishing a data connection with the first wearable device. First signed information is received from the first wearable device. The first signed information is a result of performing a signature on first to-be-signed information and includes the first verification character string. The first signed information and operation information for controlling the first intelligent device are transmitted.

Abstract: A detection module monitors, at a network layer, the network traffic between a client computer and a server computer. The detection module extracts application layer data from the network traffic and decodes the application layer data to identify a remote file operation that targets a shared file stored in the server computer. The detection module evaluates the remote file operation to determine if it is a malicious remote file operation. The detection module deems the remote file operation to be malicious when the remote file operation will corrupt the shared file.

Abstract: Methods and devices for accessing protected applications. A client device accessing a protected application executing on the application server is provided. The client device configured to establish a session between the client device and the application server based on an exchange of authentication credential information between the client device and the application server; generate an authentication token from the authentication credential information associated with the protected application; transfer the authentication token to the remote server for storage at the remote server; and transmit a directive to the remote server to access the protected application executing on the application server, where the directive includes an identifier associated with the authentication token for accessing the protected application.

Abstract: The present disclosure describes systems and methods for detection and mitigation of malicious activity regarding user data by a network backup system. In a first aspect, a backup system receiving and deduplicating backup data from a plurality of computing devices may detect, based on changes in uniqueness or shared rates for files, atypical modifications to common files, and may take steps to mitigate any potential attack by maintaining versions of the common files prior to the modifications or locking backup snapshots. In a second aspect, the backup system may monitor file modification behaviors on a single device, relative to practices of an aggregated plurality of devices. Upon detection of potentially malicious modification activity, a previously backed up or synchronized store of data may be locked and/or duplicated, preventing any of the malicious modifications from being transferred to the backup system.

Abstract: A method for selecting an alternative digital content item can include assigning a digital content license to access a first digital content item to a user account, the digital content license to access the first digital content item permitting a user of the user account to attend a scheduled presentation of the first digital content item at an exhibitor location; receiving, from a client device associated with the user account, a request to use the digital content license to attend a scheduled presentation of an alternate digital content item; determining that the digital content license to the first digital content item is eligible to secure a digital credential to attend a scheduled presentation of an alternate digital content item; identifying a set of alternate digital content items that can be accessed by the user; and providing, to the client device, data identifying the set of alternate digital content items.

Abstract: Described are various embodiments of a hardware security module. For example, in one embodiment, a hardware security module is described to comprise: two or more hardware ports, each one of which operable to electronically receive given input hardware port-specific cryptographic data thereon to initiate execution of an internal cryptographic process as a function thereof; two or more segregated hardware port-specific storage spaces each operatively linked to a corresponding one of said hardware ports via a corresponding hardware link, and storing respective secured hardware port-specific cryptographic data thereon exclusively retrievable as a function of said given input hardware port-specific cryptographic data corresponding thereto; and a cryptographic engine operable to execute said cryptographic process based on said secured port-specific cryptographic data retrieved from said segregated hardware port-specific storage spaces as a function of said given input port-specific cryptographic data.

Abstract: A fingerprint recognition method includes obtaining, by the mobile terminal, verification information and to-be-verified fingerprint information in a first operating system. The method includes, if the mobile terminal determines, in the first operating system according to the verification information, to perform first-type verification on the to-be-verified fingerprint information, directly invoking, by the mobile terminal, the first fingerprint interface in the first operating system to verify the to-be-verified fingerprint information. The method additionally includes, if the mobile terminal determines, in the first operating system according to the verification information, to perform second-type verification on the to-be-verified fingerprint information, switching, by the mobile terminal, from the first operating system to the second operating system, and invoking the second fingerprint interface in the second operating system to verify the to-be-verified fingerprint information.

Abstract: A method, apparatus and computer program product are provided for implementing an improved directory services system. An example of the method includes transmitting an access request to a directory services server, the access request comprising user credentials, receiving, in response to validation of the user credentials by the directory services server, a directory services response from the directory services server, the directory services response comprising one or more fields of directory services data generated by the directory services server, translating the directory services response to generate a generic data object, wherein the generic data object comprises one or more values derived from the one or more fields of directory service data included in the directory services response, and providing the generic data object to an application.

Abstract: A computing device has first and second operating systems with access to first and second memories, respectively. The second memory is provided for secure computing resources and is not accessible by applications in the first operating system. A software module executable within the first operating system receives requests for secure computing resources, adds access credentials and passes the requests to a software module in the second operating system.

Abstract: Systems and methods for fraud containment are provided in accordance with an embodiment of the invention. A fraud event may be detected. One or more devices that may be used in perpetrating the fraud event may be detected. Additionally one or more potential fraud victims, who may be grouped into victim circles may be detected. The threat level to the victims and/or victim circles may be assessed. In some instances, behavioral profiles may be utilized to make fraud assessments. Based on the threat level, recommendations for fraud containment responses may be provided.

Abstract: A terminal apparatus and a control method are disclosed. The terminal apparatus comprises: an input part for receiving a fingerprint; a control part for performing an authentication procedure with respect to the input fingerprint; and a display part for outputting a notification message if fingerprint authentication with respect to the input fingerprint is completed, wherein the control part sets a fingerprint authentication cancellation mode if contact of the fingerprint lasts for a first predetermined time or more after the fingerprint authentication was completed and can cancel authentication of the fingerprint if a predetermined condition is met.

Abstract: A user authentication tool continuously authenticates the user of a computing device during an electronic communication session. A trusted user profile includes keypad pressure applied by the trusted user when depressing characters on a virtual keypad displayed on the computing device touch screen. Keypad pressure applied by the current user of the computing device is continually monitored during the current electronic communication session. The monitored keypad pressure applied by the current user is compared to the keypad pressure in the trusted user profile. A confidence score is generated based upon the compared keypad pressures of the current user and the trusted user, the confidence score being indicative of the likelihood that the current user is the trusted user of the computing device. The computing device is automatically required to re-authenticate the current user as the trusted user if the generated confidence score is below a predefined minimum confidence threshold.

Abstract: A pre-encryption process for symmetric encryption processes that inputs a bit stream into any existing or future encryption standard to increase encryption complexity with a disproportionate increase in processing time. The first encoding step is the two-stage generation of two strong keys based on a seed strong crypto key and known information from the Source Data bit stream. The second step is to split and encode the bit stream based on entropy levels. After entropy coding, the aligned bit streams are multiplexed in a cyclic fashion to generate one resulting bit stream. The third step is to slice the resulting bit stream into blocks, encrypting each block and adding each block to a coded output bit stream. Each new strong crypto key is derived from the previous crypto key and the previous pre-processed bit stream data. The decoding process is provided that is a simplified inverse of the encoding process.

Abstract: A computer implemented method of detecting unauthorized access to a protected network by monitoring a dynamically updated deception environment, comprising launching, on one or more decoy endpoints, one or more decoy operating system (OS) managing one or more of a plurality of deception applications mapping a plurality of applications executed in a protected network, updating dynamically a usage indication for a plurality of deception data objects deployed in the protected network to emulate usage of the plurality of deception data objects for accessing the deception application(s) wherein the plurality of deception data objects are configured to trigger an interaction with the deception application(s) when used, detecting usage of data contained in the deception data object(s) by monitoring the interaction and identifying one or more potential unauthorized operations based on analysis of the detection.

Abstract: Functionality is described herein for performing at least one network connectivity task on a client device with the aid of one or more assistant devices. In some implementations, a client device (such as a smartphone, desktop personal computing device, etc.) relies on an assistant device to assist it in updating its programs, including its driver programs. In other implementations, a client device relies on an assistant device in establishing a network connection with a network-accessible entity. Functionality is also described herein for performing at least one program execution task on a client device with the aid of one or more assistant devices. For instance, the client device may rely on the assistant device to assist it in executing a driver program. The driver program, in turn, enables the client device to interact with a peripheral device or some other component.

Abstract: An out-of-band Domain Name System (DNS) security technique uses a cryptographic blockchain for securing and validating DNS data in a chain of custody that exists outside the DNS namespace, allowing validated access to cached DNS information without requiring real-time access to root servers.

Abstract: A method and system for detecting malicious behavior from smart appliances within a network. Smart appliances have a certain level of intelligence that allows them to perform a specific role more effectively and conveniently. Network traffic data and identification data is collected about smart appliances within a network. The data is sent to a behavior analysis engine, which computes confidence levels for anomalies within the network traffic that may be caused by malicious behavior. If the behavior analysis engine determines that malicious behavior is present in the network, it sends an instruction to a network traffic hub to block network traffic relating to the anomaly. In some embodiments, network traffic is blocked based on source-destination pairs. In some embodiments, network traffic is blocked from a device outside the network that is determined to be malicious.

Abstract: Methods and apparatus, including computer program products, are provided for adaptive security. In one aspect there is provided a method. The method may include receiving, at a user equipment, at least one policy update representative of a rule defining at least one of a security level and an operation allowed to be performed at the security level; monitoring a configuration of the user equipment to determine whether the configuration of the user equipment violates the at least one policy update; and adapting, based on the monitoring, at least one of a security indicator at the user equipment and the operation at the user equipment. Related apparatus, systems, methods, and articles are also described.