Abstract: The present disclosure relates to systems, devices and methods for device security and trust score determinations. In one embodiment, a method includes requesting, by a first device, trust score data for a second device, wherein the first device requests trust score data from a trust score management server, and receiving, by the first device, trust score data from the trust score management server. The method also includes generating a first trust score for the second device and transmitting the first trust score for the second device with a trust score management server. The method also includes configuring, by the first device, at least one control parameter for operation of the first device with the second device based on the first trust score, wherein configuring adjusts a previous control parameter to restrict operation of the first device relative to the second device. Device and systems are provided to enhance network security.

Abstract: Disclosed is a system for notifying hacking to a user thereby ensuring verified connection of a client machine with a server intended to be connected is disclosed. The system acquires a server certificate comprising data structure. The data structure may be acquired upon receipt of a response to a request initiated by the client machine. In one aspect, the data structure may be referred to as a tree site to verifier pertaining to the request. The system further receives a validation acknowledgement indicating validity of the server certificate. The system further performs a reverse certificate look up verification process upon receipt of the acknowledgment.

Abstract: A method for authenticating an individual for login to a server computer includes receiving at the server computer data for a first authentication image from an electronic computing device. First attributes are identified of one or more similar geometrical shapes from the data for the first authentication image. A determination is made as to whether the first attributes of the one or more similar geometrical shapes from the data for the first authentication image correspond to second attributes from a second authentication image accessible on or by the server computer. When the first attributes correspond to the second attributes, the individual is authenticated on the server computer.

Abstract: A distributed security system includes a plurality of content processing nodes that are located external to a network edge of an enterprise and located external from one of a computer device and a mobile device associated with a user, and a content processing node is configured to monitor a content item that is sent from or requested by the external system; classify the content item via a plurality of data inspection engines that utilize policy data and threat data; and one of distribute the content item, preclude distribution of the content item, allow distribution of the content item after a cleaning process, or perform threat detection on the content item, based on classification by the plurality of data inspection engines; and an authority node communicatively coupled to the plurality of content processing nodes and configured to provide the policy data and the threat data for threat classification.

Abstract: Technologies are generally described for methods and devices for generating a final signature. The methods may comprise receiving a message by a processor. The methods may comprise generating a random number by a random number generator. The methods may comprise forwarding, by the processor, the random number to a cloaking element generator. The methods may comprise forwarding, by the processor, a private key to the cloaking element generator. The methods may comprise forwarding, by the processor, a group to the cloaking element generator. The methods may comprise forwarding, by the processor, a homomorphism to the cloaking element generator. The methods may comprise processing, by the cloaking element generator, the random number, the group, the private key, and the homomorphism to produce a cloaking element. The methods may comprise applying the cloaking element to transform the message into the final signature.

Abstract: Automated registration of one or more IoT devices seeking connection to one or more IoT platforms using a secure provisioning service. The secured provisioning service verifies and administers connection credentials to each IoT device, ensuring legitimate devices cannot be impersonated or controlled by unauthorized personnel. The provisioning service matches the IoT devices and metadata of each IoT device to the provisioning rules. Connection credentials and/or rules defining each IoT device's access to IoT platforms are based on the provisioning rules of the rules registry. Matching each IoT device to one or more provisioning rules offers flexibility to dynamically add, delete or amend one or more rules in a complex rules-based system, allowing for automatic updates to the connection credentials of each IoT device, wherein each IoT device can be provisioned or re-provisioned using the most up to date set of new or amended rules.

Abstract: A single Internet of Things (IoT) gateway flow computer (either on a gateway machine or a non-gateway machine) that controls flow through both of the following types of gateways: (i) cloud gateways; and (ii) edge gateways. Both overall configuration and sub-configuration are automatically and dynamically controlled by the single, system-wide IoT gateway flow computer.

Abstract: The system and method disclosed performs entity authentication through identification proofing. A relying party such as a corporation or other type of entity having a secure website, computer network and secure facility working a risk engine can determine the authenticity, validation and verification during registration of a user entity. The identification proofing is integrated with a risk engine. The risk engine is capable of using bio-behavior based information which may be continuously monitored.

Abstract: A Confidence Broker System is disclosed. One embodiment of the present invention includes a confidence broker (10) which communicates with a plurality of confidence producers (12A, 12B, 12C) and a plurality of confidence consumers (14A, 14B, 14C). Communications between these elements is conducted via a communications infrastructure (16). The confidence broker (10) also includes a communications interface (42) which is connected to a protocol converter (44). The protocol converter (44) is connected to a confidence normalizer (46). The confidence normalizer (46) is connected to a confidence mediator (48). The confidence mediator (48) is connected to a confidence mapper (50). The confidence mapper (50) is connected to the protocol converter (44). Each of the protocol converter (44), the confidence normalizer (46), the confidence mediator (48) and the confidence mapper (50) is connected to a storage device (52).

Abstract: A method of operating a mobile device includes displaying a user interface as an image, the user interface being composed of a plurality of widgets, storing a privacy policy identifying at least one of the widgets, capturing a screenshot image corresponding to the screenshot image, excluding the at least one of the widgets from the screenshot image to create a modified screenshot image, and transmitting the modified screenshot image over a network to a monitoring server.

Abstract: Methods and systems for ensuring security of in-car systems in vehicles, particularly, user data privacy and protection of in-car systems from cyber attacks, hacking etc. is provided. After a two-level authentication process, wherein user identification data, token and passwords are used and matched to authenticate the user, a secure OS container is created for use for the user accessing the IVI system of the vehicle. This container is created on the host root file system such that the environments of the container and the host root file system of the IVI system are sandboxed from each other.

Abstract: The invention relates to a method for linking a terminal (1) into a region (4a) of an interconnectable computer infrastructure (2) which is designed for a plurality of users (6, 6a), said region being allocated to a user (6a). A user certificate (12a) is generated for the region (4a) allocated to the user (6a) and is provided to the user (6a) and/or the interconnectable computer infrastructure (2). A terminal certificate (16a) which is compatible with the user certificate (12a) is generated, and the terminal certificate (16a) is entered into the terminal (1). The terminal (1) is registered in the interconnectable computer infrastructure (2) via a data connection (20), wherein the terminal certificate (16a) and/or a password which is encrypted using the terminal certificate (16a) is transmitted from the terminal (1) to the interconnectable computer infrastructure (2) via the data connection (20) for the registration process.

Abstract: One embodiment provides a method, including: providing, using a light source operatively coupled to an information handling device, illumination on an object; capturing, using a sensor operatively coupled to the information handling device, illumination reflectance from the object; determining, using a processor and based on the illumination reflectance, whether the object is associated with a human user and whether the human user is an authorized user; and authenticating, responsive to determining that the object is associated with the human user and that the human user is an authorized user, the human user. Other aspects are described and claimed.

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a data request is received. The request is associated with a network service. A single sign-on (SSO) token is received. The SSO token represents a user account authenticated with an identity manager. Authentication data for the network service is identified based on the SSO token. The authentication data can specify an authentication site of the network service. A navigation action is automatically performed on the authentication site. The requested data is received. A command to present on a client device the data is transmitted to the client device.

Abstract: Distributed systems and methods for encrypting data on a blockchain network are disclosed. One system comprises at least one injector coupled to a node on the blockchain, a controller coupled to the injector, and a generator coupled to the controller. The injector intercepts messages bound for the blockchain and encrypts data in the messages using encryption information received from the controller. The controller acquires encryption information from the generator, which generates encryption keys and derives encryption information from those encryption keys. The encryption information may be divided into multiple parts and distributed between a plurality of injectors. As a result, to assemble an encryption key for encrypting or decrypting data, an injector may have to cooperate with other injectors to acquire sufficient encryption information to re-assemble the encryption key.

Abstract: Techniques are provided for selecting attributes to cluster users for a user application entitlement evaluation.

Abstract: An information output device includes: a first output unit that outputs acquired information acquired by a sensor; and a second output unit that converts personal information included in the acquired information into attribute information from which identification of an individual is impossible, and outputs the attribute information.

Abstract: A security event identification system may enable obtaining, for each of the set of web requests, a screenshot of a corresponding web path resulting from the web request; applying a hash to each obtained screenshot; and determining, based on a comparison of the hashed screenshots, whether a security event exists related to the set of web requests.

Abstract: A user is assigned an initial risk score during a session with a messaging platform. During the session, the user attempts an operation with an external service. One or more additional authentication factors are requested from the user to dynamically lower the initial risk score. The lowered risk score is processed with the external service to perform the operation on behalf of the user during the session.

Abstract: Techniques for seamless certificate replacement for endpoints in hyperconverged infrastructure are disclosed. In one example, a certificate replacement request for an endpoint may be received. Upon receiving the certificate replacement request, a new certificate may be placed in the endpoint such that the endpoint includes an old certificate and the new certificate. Further, dependent endpoints having communication with the endpoint using the old certificate may be discovered and monitored. Furthermore, the new certificate of the endpoint may be placed in the discovered dependent endpoints and existing communication between the endpoint and each of the discovered dependent endpoints using the old certificate may be maintained. Upon completion of the existing communication, next communication between the endpoint and each of the discovered dependent endpoints may be enabled using the new certificate. Then, the old certificate may be decommissioned from the endpoint and the discovered dependent endpoints.