Abstract: A method for detecting a preset type of real-time event is provided. The method includes steps of: (a) a server loading or supporting other server to load a detection policy; and (b) the server detecting or supporting other server to detect an event in real-time from multiple input data by referring to the detection policy.

Abstract: A method for cyber security, including detecting, by a management server, a breach by an attacker of a resource within a network of resources, predicting, by the management server, an attacker target subnet, based on connections created during the breach, and isolating, by the management server, the target subnet in response to the predicting a target subnet.

Abstract: A system and method are described for establishing a secondary communication channel between an IoT device and a client device. For example, one embodiment of a method comprises: establishing a primary secure communication channel between the IoT device and an IoT service using a primary set of keys; performing a secondary key exchange using the primary secure communication channel, the client device and the IoT device each being provided with a secondary set of keys following the secondary key exchange; detecting that the primary secure communication channel is inoperative; and responsively establishing a secondary secure wireless connection between the client device and the IoT device using the secondary set of keys, the client device being provided with access to data and functions made available by the IoT device over the secondary secure wireless connection.

Abstract: Instructions and logic fork processes and establish child enclaves in a secure enclave page cache (EPC). Instructions specify addresses for secure storage allocated to enclaves of a parent and a child process to store secure enclave control structure (SECS) data, application data, code, etc. The processor includes an EPC to store enclave data of the parent and child processes. Embodiments of the parent may execute, or a system may execute an instruction to copy parent SECS to secure storage for the child, initialize a unique child ID and link to the parent's SECS/ID. Embodiments of the child may execute, or the system may execute an instruction to copy pages from the parent enclave to the enclave of the child where both have the same key, set an entry for EPC mapping to partial completion, and record a page state in the child enclave, if interrupted. Thus copying can be resumed.

Abstract: Disclosed in some examples are methods, systems, and machine readable mediums for secure end-to-end digital communications involving mobile wallets. The result is direct, secure, in-band messaging using mobile wallets that may be used to send messages such as payments, requests for money, financial information, or messages to authorize a debit or credit.

Abstract: Disclosed in some examples are methods, systems, and machine readable mediums for secure end-to-end digital communications involving mobile wallets. The result is direct, secure, in-band messaging using mobile wallets that may be used to send messages such as payments, requests for money, financial information, or messages to authorize a debit or credit.

Abstract: Disclosed in some examples are devices, systems, and machine readable mediums for establishing peer to peer mobile wallet communications (P2PMW) over short range wireless communication networks. These P2PMW communications allow exchange of information between two wallet clients. Example communications include payments, providing identification, providing loans, and the like. The use of P2PMW communications opens up the prospect of anyone accepting payment from anybody else at any time. All that is needed is a computing device with a mobile wallet. Example short range wireless communications include Wireless LANs (WLAN) such as WIFI (e.g., communicating according to an Institute for Electrical and Electronics Engineers (IEEE) 802.11 family of standards), BLUETOOTH® or the like.

Abstract: A system including a controller and a pool of computing resources to run virtual machines are configured to automatically provision each virtual machine with unique cryptographic constructs. The controller receives a request to instantiate a virtual machine based on an image/template. The controller determines an authentication credential for a registration authority that the virtual machine will use. The controller determines the computing resources to run the virtual machine, and instructs the computing resources to boot the virtual machine. The controller passes the authentication credential to the virtual machine. After receiving the authentication credential, the virtual machine authenticates the registration authority and sends a request for the cryptographic constructs. The virtual machine securely receives the cryptographic constructs from the registration authority, enabling the virtual machine to securely communicate with other computing entities.

Abstract: In one implementation, an example system may include a policy engine. The policy engine may receive a context of an application to request a set of network traffic and provide a policy rule to a network device of a network path. In another implementation, an example system may identify a party and a requested behavior of the service and maintain a context to determine a policy rule to regulate a set of network traffic associated with the service based on the party and the requested behavior. In another implementation, an example method may comprise receiving a service request and an authentication, identifying a party, identifying a behavior, and deploying a policy to a network device of a network based on the party and the behavior.

Abstract: An apparatus includes a first distributed control system (DCS) node. The first DCS includes at least one interface configured to communicate, over a network, with a second DCS node. The first DCS node also includes at least one processing device. The processing device is configured to exchange a security association policy with the second DCS node. The processing device is also configured to exchange public keys with the second DCS node using the security association policy. The processing device is also configured to send a public key of the second DCS node to a field programmable gate array of the first DCS node. The processing device is also configured to receive a shared secret from the field programmable gate array. The processing device is also configured to generate a hash of a message using the shared secret.

Abstract: A method, apparatus, and program product are provided for protecting a network from intrusions. An offending packet communicated by an offending host coupled to a protected network is detected. In response to the detection, a blocking instruction is returned to the offending host to initiate an intrusion protection operation on the offending host, where the blocking instruction inhibits further transmission of offending packets by the offending host. At the offending host, a blocking instruction is received with a portion of an offending packet. The offending host verifies that the offending packet originated from the host. In response to the verification of the offending packet originating from the host, an intrusion protection operation is initiated on the host thereby inhibiting transmission of a subsequent outbound offending packet by the host.

Abstract: Examples include techniques for compressing counter values included in cryptographic metadata. In some examples, a cache line to fill a cache included in on-die processor memory may be received. The cache arranged to store cryptographic metadata. The cache line includes a counter value generated by a counter. The counter value to serve as version information for a memory encryption scheme to write a data cache line to a memory location of an off-die memory. In some examples, the counter value is compressed based on whether the counter value includes a pattern that matches a given pattern and is then stored to the cache. In some examples, a compression aware and last recently used (LRU) scheme is used to determine whether to evict cryptographic metadata from the cache.

Abstract: Techniques for establishing a trusted cloud service are provided. Packages are created for services that include certificates, configuration information, trust information, and images for deploying instances of the services. The packages can be used to deploy the services in trusted environments and authenticated to deploy in sub environments of un-trusted environments. The sub environments are trusted by the trusted environments. Also, clouds are prospected for purposes of identifying desirable clouds and creating the packages for deployment.

Abstract: Embodiments of the invention are directed to a system, method, or computer program product for assessing network authentication requirements based on situational instance. In this regard, the invention dynamically determines specific user authentication requirements for accessing a service or executing an activity based on the determining the user's network connections, geographic location, and applications, in real-time. The invention provides a novel method for employing activity data provided by a plurality of users associated with historical activity information to vary the authentication requirements dynamically. Another aspect of the invention is directed to constructing geographic maps with predefined physical areas and overlaying graphical representations of activity data on the maps, in real-time.

Abstract: Embodiments disclosed describe a security awareness system may adaptively learn the best design of a simulated phishing campaign to get a user to perform the requested actions, such as clicking a hyperlink or opening a file. In some implementations, the system may adapt an ongoing campaign based on user's responses to messages in the campaign, along with the system's learned awareness. The learning process implemented by the security awareness system can be trained by observing the behavior of other users in the same company, other users in the same industry, other users that share similar attributes, all other users of the system, or users that have user attributes that match criteria set by the system, or that match attributes of a subset of other users in the system.

Abstract: A system for identifying a network intrusion includes four modules. The first module monitors network transmissions and creates a model of regular network activity. The second module receives the model of regular network activity and sets a threshold for irregular usage based on the model. The third module receives the threshold, compares a value of a candidate inter-nodal transmission of the network to the threshold, and identifies a potential intrusion when the value exceeds the threshold. The fourth module analyzes a transmission behavior of one or more nodes of the candidate inter-nodal transmission and identifies the network intrusion.

Abstract: An encryption device 200 outputs a ciphertext ct including a ciphertext c and a ciphertext c˜. The ciphertext c has been set with one of attribute information x and attribute information v related to each other. The ciphertext c˜ has been set with one of attribute information y and attribute information z related to each other. A decryption device 300 outputs a re-encryption key rk including a decryption key k*rk, a decryption key k˜*rk, and encrypted conversion information ?rk. The decryption key k*rk is obtained by converting the decryption key k* which is set with the other one of attribute information x and attribute information v, with conversion information W1,t. The decryption key k˜*rk has been set with the other one of the attribute information y and the attribute information z. The encrypted conversion information ?rk is obtained by encrypting the conversion information W1,t by setting one of attribute information x? and attribute information v? related to each other.

Abstract: A security gateway appliance is configured to evaluate network traffic according to security rules that classify traffic flows according to specifically identified application programs responsible for producing and/or consuming the network traffic and to enforce policies in accordance with network traffic classifications. The appliance includes an on-box anti-virus/anti-malware engine, on-box data loss prevention engine and on-box authentication engine. One or more of these engines is informed by an on-box dynamic real tie rating system that allows for determined levels of scrutiny to be paid to the network traffic. Security gateways of this type can be clustered together to provide a set of resources for one or more networks, and in some instances as the backbone of a cloud-based service.

Abstract: Methods and systems are provided for authenticating a message ?, at a user computer of a group signature scheme, to a verifier computer. The method includes, at the user computer, storing a user id m for the user computer and a user signing key which comprises a signature on the user id m under a secret key of a selectively-secure signature scheme. The user id m is an element of a predetermined subring, isomorphic to q[x]/(g(x)), of a ring R=q[x]/(f(x)), where f(x) and g(x) are polynomials of degree deg(f) and deg(g) respectively such that deg(f)>deg(g)>1. The method includes, at the user computer, generating a first cryptographic proof ?1 comprising a zero-knowledge proof of knowledge of the user signing key and including the message ? in this proof of knowledge. The user computer sends the message ? and a group signature, comprising the first proof ?1, to the verifier computer.

Abstract: Systems and methods for masking content of different types are described. The system may implement the method comprising receiving a request to mask input content that includes sensitive and non-sensitive data. The method also comprises parsing the input content to create a content specific structure (CSS) to organize the input content in a structured format. The CSS includes a plurality of CSS nodes. The method analyses each CSS node against a pre-defined privacy policy and identifies sensitivity of the each CSS node. The method also creates a generalized masking structure (GMS) by creating a GMS node corresponding to each CSS node. Each GMS node contains sensitivity information related to corresponding CSS node. Data represented by GMS is masked based upon the sensitivity information stored in it.