Abstract: Devices, systems, and methods for preparing an electronic lock controller to obtain a digital certificate that verifies authenticity of the electronic lock controller are provided. The method involves physically marking an electronic lock controller with a mark containing digitally signed lock information. The digitally signed lock information includes a hardware identifier, and is digitally signed at a server using a private key of the server. The method further involves loading the electronic lock controller with self-provisioning instructions to cause the electronic lock controller to obtain a digital certificate that includes the public key of the electronic lock controller and the hardware identifier, the digital certificate having been signed by a private key of the server.

Abstract: A system and method for comprehensive cybersecurity threat assessment of software applications based on the totality of vulnerabilities from all levels of the software supply chain. The system and method comprising analyzing the code and/or operation of a software application to determine components comprising the software, identifying the source of such components, determining vulnerabilities associated with those components, compiling a list of such components, creating a directed graph of relationships between the components and their sources, and evaluating the overall threat associated with the software application based its software supply chain vulnerabilities.

Abstract: Systems and methods for managing digital identities. In some embodiments, a method is provided, comprising acts of: receiving a request to validate at least one statement about a user; identifying, from the request, a reference to a distributed ledger, the reference comprising an identifier for the distributed ledger and an identifier for a transaction recorded on the distributed ledger; identifying, based at least in part on the identifier for the distributed ledger, at least one node of a network of nodes managing the distributed ledger; and communicating with the at least one node to validate the at least one statement about the user.

Abstract: A coordination support system includes circuitry configured to: accept login information including user identification information and coordination identification information of a coordination process to be executed from a device; determine whether coordination setting for execution of the coordination process identified by the coordination identification information is configured; store an authentication ticket and a temporary token in association with each other based on a determination that the coordination setting is not configured, the authentication ticket indicating authentication of use of a function of the service providing apparatus executing the coordination process, and the temporary token indicating permission of use of the service providing apparatus; and transmit setting information including address information and the temporary token to a destination indicted by a communication address of a user identified by the user identification information, the address information indicating a storage lo

Abstract: A system and method for automated cybersecurity defensive strategy analysis that predicts the evolution of new cybersecurity attack strategies and makes recommendations for cybersecurity improvements to networked systems based on a cost/benefit analysis. The system and method use machine learning algorithms to run simulated attack and defense strategies against a model of the networked system created using a directed graph. Recommendations are generated based on an analysis of the simulation results against a variety of cost/benefit indicators.

Abstract: In one embodiment, an apparatus comprises a processor to read a data line from memory in response to a read request from a VM. The data line comprises encrypted memory data. The apparatus also comprises a memory encryption circuit in the processor. The memory encryption circuit is to use an address of the read request to select an entry from a P2K table; obtain a key identifier from the selected entry of the P2K table; use the key identifier to select a key for the read request; and use the selected key to decrypt the encrypted memory data into decrypted memory data. The processor is further to make the decrypted memory data available to the VM. The P2K table comprises multiple entries, each comprising (a) a key identifier for a page of memory and (b) an encrypted address for that page of memory. Other embodiments are described and claimed.

Abstract: Systems are provided for anonymously tracking and/or analysing Web-based flow or movement of individual subjects and/or objects. In particular, there is provided a system for enabling anonymous estimation of the amount and/or flow of individuals, in a population moving and/or coinciding between two or more Web-based subject states. The system receives identifying data from two or more individuals; generates, online and by one or more processors, an anonymized identifier for each individual; and stores: the anonymized identifier of each individual together with data representing a Web-based subject state; and/or a skew measure of such an anonymized identifier.

Abstract: The disclosed teachings include a computer-implemented method a computer-implemented method for identifying a data breach. The method includes monitoring movement of data over a computer network in real-time or near real-time relative to at least one of a user, a device, or a software application, comparing the monitored movement of the data to a baseline movement of the data over the computer network in real-time or near real-time relative to at least one of the user, the device, or the software application, and identifying an ongoing data breach in real-time or near real-time based on the comparison. The identified ongoing data breach indicates a relationship between the data and at least one of the user, the device, and the software application.

Abstract: An endpoint in an enterprise network is configured to respond to internal and external detections of compromise in a manner that permits the endpoint to cooperate with other endpoints to secure the enterprise network. For example, the endpoint may be configured to self-isolate when local monitoring detects a compromise on the endpoint, and to respond to an external notification of compromise of another endpoint by restricting communications with that other endpoint.

Abstract: Aspects of the present disclosure are generally directed to electronic computer implemented methods of data communication. Steps include receiving a data payload including an originating node attribute, a security ranking index attribute and at least one data element associated with a computer readable record. In another step, a method includes electronically sampling the data payload including the at least one data element and determining a value of the security ranking index attribute; In yet another step, a method includes electronically processing an injectable tracking attribute into the data payload. In a further step, a method includes electronically routing the digital record data payload including the originating node attribute, the injectable tracking attribute and the at least one data element associated.

Abstract: A security system comprises a personal digital key (PDK), a reader and a computing device. The PDK is a portable, personal transceiver that includes a controller and one or more passwords or codes. The computing device includes a detection engine, vault storage and a set up module. The detection engine detect events relating to the access of any files and third-party systems by the computing device and receives information from the reader as to whether the PDK is present/linked. The detection engine controls whether a user is able to access any of the functionality provided by the computing device based upon whether the PDK is in communication with the reader or not. The present invention also includes a number of methods such as a method for initializing the security system, a method for setting up a computing device, and a method for controlling access to computing resources.

Abstract: A method of authenticating access of an electronic device to an application server based on a subscriber identity module (SIM) associated with the electronic device. The method receiving an authentication challenge from an application executing on the device by a SIM application toolkit (SAT) executing on the device, transmitting a random number and an authentication value of the challenge to a SIM of the device by the SAT, receiving a response from the SIM by the SAT, transmitting an authentication response to the application by the SAT, where the authentication response comprises the response received from the SIM, generating an application key by the SAT based at least in part on the response received from the SIM, and transmitting the application key to the application by the SAT, whereby the application executing on the electronic device establishes a communication session with an application server via an access communication network.

Abstract: A system is provided that includes one or more computing servers and a processing circuit for analyzing data transactions of the computing servers. Each of the computing servers is configured to provide respective services to remote users. The processing circuit is configured to analyze data transactions of at least one of the computing servers, which is associated with a user account. A security policy of the user account includes conditions that are indicative of unauthorized access when the conditions are satisfied by various characteristics of the analyzed data transactions. The processing circuit is configured to determine a threat level as function of the characteristics of the data transactions and the conditions of the security policy. In response to the threat level exceeding a first threshold level indicated in the security policy of the user account, the processing circuit performs an action for the user account that is associated with the first threshold level.

Abstract: A computer-implemented method includes: receiving a request for associating a first index of privileges and permissions with an identity token, the first index specifically encoding the privileges and permissions of a first subscriber in accessing transactional data of the requester, the request including the identity token that identifies a person and has been issued to the requester by a trusted entity through a vetting process; in response to determining that the identity token is valid and verifying that the requester is the person identified by the identity token, associating the first index of privileges and permissions of the first subscriber with the identity token; and providing the identity token associated with the first index of privileges and permissions of the first subscriber, the identity token enabling the first subscriber to access transactional data of the requester in accordance with the first index of privileges and permissions.

Abstract: Systems and methods for weak authentication data reinforcement are described. In some embodiments, a request to authenticate a user is received. A user password is determined to be a weak password. The user is verified to be human by initiating a human verification process. In response to verifying that the user is human, an option is provided to replace the weak password with a strong password.

Abstract: A system and method for analyzing integrated operational technology and information technology systems with sufficient granularity to predict their behavior with a high degree of accuracy. The system and method involve creating high-fidelity models of the operational technology and information technology systems using one or more cyber-physical graphs, performing parametric analyses of the models to identify key components, scaling the parametric analyses of the models to analyze the key components at a greater level of granularity, and iteratively improving the models testing them against in-situ data from the real-world systems represented by the high-fidelity models.

Abstract: A system and method for generating comprehensive security profiles and ratings for organizations that takes into account the organization's infrastructure and operations in generating the profile, and the context and purpose of the rating to be generated related to the profile. The system and method may further comprise gathering data about the totality of the organization's infrastructure and operations, generating a cybersecurity profile using active and passive internal and external reconnaissance of the organization to determine cybersecurity vulnerabilities and potential impacts to the business in light of the information gathered about the organization's infrastructure and operations, and generating cybersecurity scores and ratings that take into account all of the above information, plus the context and purpose of the score or rating to be generated based on the cybersecurity profile.

Abstract: An authentication device that includes a memory operable to store a behavior signature for a user and a distributed ledger comprising information for a private blockchain and a semi-private blockchain associated with the user. The network device further includes an authentication engine implemented by a processor. The authentication engine is configured to receive an authentication request for a network resource and to determine a resource classification type based on the network resource. The authentication engine is further configured to identify one of the private blockchain and the semi-private blockchain based on the resource classification type and to extract data from one or more blocks in the identified blockchain. The authentication engine is further configured to determine at least a portion of the extracted data matches the stored behavior signature for the user and to provide access to the network resource in response to the determination.

Abstract: The present disclosure is directed to a novel system for using unique device and user identifiers to perform authentication of a user, device, and/or transaction. In particular, the system may use a heterogeneous blockchain system comprising a series of non-uniform blockchain nodes that may differ in functionality and/or positions of hierarchy. Said non-uniform nodes may further be organized into groups and/or subgroups with custom weight inputs/outputs which alter the degree to which the nodes, groups, and/or subgroups influence the blockchain consensus. In this way, the system increases the security of device authentication by helping to prevent the use of device hijacking methods that circumvent conventional authentication practices.

Abstract: Disclosed herein are methods, systems, and processes for facilitating security orchestration, automation, and response (SOAR) in cybersecurity computing environments that use biometric data or implement biometric data gathering. An instruction is periodically transmitted to a protected computing device to perform a security scanning operation that captures biometric data generated from a biometric device associated with the protected computing device. The biometric data received from the protected computing device includes a biometric identity of a trusted user or an untrusted user. A security database is accessed to determine whether the biometric identity matches a stored biometric identity of the trusted user.