Abstract: Disclosed embodiments relate to uniquely identifying and validating identities based on electronic file fingerprints. Techniques include identifying an identity associated with a computing device; accessing fingerprinting data associated with an electronic file stored on or transmitted from the computing device; generating, based on a diversity of different properties of the fingerprinting data, a profile for the electronic file; accessing a repository storing profiles corresponding to a plurality of identities; comparing the generated profile with one or more of the stored profiles; determining whether the generated profile matches a stored profile, from the repository of stored profiles, associated with the identity; and validating, conditional on the matching, the identity.

Abstract: A method and system for classifying malicious locators where a processor is trained on a set of known malicious locators using a non-supervised learning procedure. Once trained, the processor may classify new locators as being generated by a particular generation kit.

Abstract: A computer-implemented method for detecting anomalous behavior of one or more computers in a large group of computers comprises (1) receiving log files including a plurality of entries of data regarding connections between a plurality of computers belonging to an organization and a plurality of websites outside the organization, each entry being associated with the actions of one computer, (2) applying a first plurality of algorithms to determine features of the data which may contribute to anomalous behavior of the computers, and (3) applying a second plurality of algorithms to determine which computers are behaving anomalously based upon the features.

Abstract: Techniques for passively providing AAA support for an IoT device in a network are disclosed. A set of data packets transmitted by an IoT device is obtained. At least one packet included in the set of data packets is analyzed. A message, including information associated with the IoT device, is transmitted on behalf of the IoT device.

Abstract: The invention relates generally to monitoring and managing network components, such as monitoring the network components to determine the vulnerabilities of network components, implementing remediation plans for the vulnerabilities, instituting remediation suppression for the vulnerabilities, and taking consequence actions for the vulnerabilities when remediation is no longer suppressed and fails to be implemented. Remediation suppression may be implemented for the vulnerability when the vulnerability is determined to be an acceptable vulnerability. The remediation suppression may be based on a request from a user, based on organization policy, and/or based on logic determining that the vulnerability is acceptable. When the remediation suppression occurs at least a part of the remediation plan, consequence action, and/or reporting is suppressed.

Abstract: A method for managing certificates includes the steps of transmitting, over an electronic network by an electronic device of a client, a certificate request to a certificate management portal separate from the client, establishing an interaction with an electronic interface of a certificate authority by the certificate management portal; generating, by the certificate authority, a certificate package, delivering the generated certificate package to the certificate management portal, and downloading from the certificate management portal, by the client, at least one certificate of the delivered certificate package.

Abstract: Aspects of the present disclosure involve a system and method for implementing hacker traffic barriers. The current disclosure presents a system and method that provides securely associates a primary trusted device with a user, authorizes web browser authentication, and provides both intrinsic and explicit checks for authorizing access to an account.

Abstract: According to one embodiment, a malware detection software being loaded into non-transitory computer readable medium for execution by a processor. The malware detection software comprises exploit detection logic, rule-matching logic, reporting logic and user interface logic. The exploit detection logic is configured to execute certain event logic with respect to a loaded module. The rule-matching logic includes detection logic that is configured to determine whether an access source is attempting to access a protected region and determine whether the access source is from a dynamically allocated memory. The reporting logic includes alert generating logic that is configured to generate an alert while the user interface logic is configured to notify a user or a network administrator of a potential cybersecurity attack.

Abstract: Described is a system that efficiently detects ransomware attacks within a storage environment. The system may perform a specialized validation by comparing a sampling of backup data obtained from a storage environment with a sampling of data maintained by a specialized validation database. Accordingly, if there is a discrepancy between the samples, the system may issue an alert indicating the original backup data may be encrypted as part of a ransomware attack. The system may utilize the specialized sampling as a validation technique in addition, or as an alternative, to relying on data fingerprints for validation. For example, malicious code may be configured to cause the storage environment to provide fingerprints prior to an unauthorized encryption as an attempt to deceive certain validation processes. Accordingly, to counteract such attempts, the system may rely on the sampling of data, instead of relying solely on a fingerprint comparison.

Abstract: Systems and methods for discovering and provisioning computing devices within a computing environment. An example method may comprise: loading a first kernel from a removable storage, wherein the first kernel identifies device information of the computing device when executed; transmitting a provisioning request comprising the device information to a provisioning device over a network; receiving provisioning data and a second kernel over a network, the second kernel comprising an operating system installer; and overwriting the first kernel with the second kernel.

Abstract: A system and method for tracking and authenticating software code transition during various phases of software development and deployment in a DevOps platform is provided. The present invention provides for creating, modifying and deleting one or more code authentication elements including respective policies within a distributed ledger. The code authentication elements are mapped with one or more event types in respective one or more tools of a DevOps platform. Information associated with occurrence of an event in one or more tools of the DevOps platform are retrieved. The retrieved event information is parsed to extract event type and a code authentication element is invoked based on the identified event type. The invoked code authentication element authenticates software code transition to appropriate tool of DevOps platform based on one more defined policies. A result representative of authentication success or failure is stored in the distributed ledger for tracking and auditing.

Abstract: Techniques and architectures for privilege escalation detection. User login information for multiple users in a multiuser secure computing environment is analyzed to generate multiple user evaluations. The multiple user evaluations are analyzed to generate at least a population evaluation for the multiuser secure computing environment. Node scores are generated for nodes in the population evaluation to determine one or more entry nodes for the multiple users in the multiuser secure computing environment. The node scores are compared to one or more threshold values to determine whether the user login information corresponding to one or more of the multiple users indicates a privilege escalation condition. A security response action occurs in response to detecting a privilege escalation condition.

Abstract: Wireless communication between two electronic devices may be used to determine a distance between the two devices, even in the presence of an otherwise-disruptive attacker. A wireless receiver system of one device may receive a true wireless ranging signal from a first transmitting device and a false wireless ranging signal from an attacker. The wireless receiver system may correlate the wireless signals with a known preamble sequence and perform channel estimation using the result, obtaining a channel impulse response for the wireless signals. The wireless receiver system may filter the channel impulse response for the plurality of wireless signals by removing at least part of the channel impulse response due to the false wireless ranging signal while not removing at least part of the channel impulse response due to the true wireless ranging signal. The receiver system may perform a wireless ranging operation using the filtered channel impulse response.

Abstract: A computer-implemented method for information protection comprises: committing a transaction amount of a transaction with a first commitment scheme to obtain a transaction commitment value, committing a change of the transaction with a second commitment scheme to obtain a change commitment value, the first commitment scheme comprising a transaction blinding factor, and the second commitment scheme comprising a change blinding factor; encrypting a first combination of the change blinding factor and the change with a first key; transmitting the transaction blinding factor, the transaction amount, and the transaction commitment value to a recipient node associated with a recipient for the recipient node to verify the transaction; in response to that the recipient successfully verifies the transaction, obtaining an encrypted second combination of the transaction blinding factor and the transaction amount encrypted with a second key.

Abstract: A user provides retailer-specific consents for access and use to private/sensitive information of the user. The private/sensitive information is centrally stored in a privacy vault. Retail services (retailer) that the user subscribes to are provided a user-specific and consent-specific token representing the user and consents to usage of specific private/sensitive information of the user. When the retailer has a need for user-specific private/sensitive information, the retailer presents the user-specific and consent-specific token to the privacy vault. Assuming, the retailer was given access to the requested private/sensitive information defined in the token, the privacy results returns the requested information to the retailer; otherwise, an unauthorized message is returned from the privacy vault to the retailer. The user defines the consents to each retailer and a record of the consents is maintained in the privacy vault.

Abstract: An electronic storage system and a method of data management includes the steps of: partitioning source data into a plurality of portions of data; storing each of the plurality of portions of data in each of a plurality of storage peers respectively; and storing a plurality of indices in a plurality of storage peers; wherein each of the plurality of indices corresponds to each respective portion of partitioned data; and wherein each of the plurality of storage peers is arranged to store the plurality of indices and the plurality of portions of data in corresponding pairs.

Abstract: An authentication method includes an enrolment stage comprising: receiving fuzzy data from a noisy authentication factor and fixed authentication data; generating a secret string independently from the received fuzzy data and the received fixed authentication data; deriving metadata from the fuzzy data and the secret string and helper data from the secret string and metadata; encrypting the helper data using the fixed authentication data as encryption key; outputting the encrypted helper data as public data, and an authentication stage including receiving the public data output during the enrolment stage, decrypting the received public data using the fixed authentication data as decryption key, recovering the helper data and the metadata from the decrypted public data, reproducing the secret string using the further fuzzy data and the recovered metadata, validating the reproduced secret string using the recovered helper data, and releasing the reproduced secret string if the validating yields a positive outco

Abstract: Optimizing ingestion of security structured data into a graph database for security analytics is provided. A plurality of streams of information is received from a plurality of security information sources. Respective subsets of information are ingested from each of the plurality of security information sources to generate small subgraphs of security information. Each of the small subgraphs comply to a schema used by a master knowledge graph. A batch process is performed to ingest a plurality of small subgraphs into the master knowledge graph.

Abstract: A server computing device can determine if a software application executing on a client computing device has not been tampered. Software executes on the server device and communicates either directly or indirectly with an attestation service; a client software application running on the client computing device communicates with the same attestation service. A client software application that is able to calculate a cryptographic hash fingerprint of its executing code image communicates to the attestation service to prove it is untampered with. The attestation service then generates a pass or fail attestation result. The attestation result is communicated between the attestation service and the server computing device. The behaviour of the server computing device is controlled in a way that is conditional on whether a prior attestation of the client software was a pass or fail attestation result.

Abstract: The present invention relates to methods, network devices, and machine-readable media for an integrated environment and platform for automated processing of reports of suspicious messages, and further including automated threat simulation, reporting, detection, and remediation, including rapid quarantine and restore functions.