Abstract: A system includes a set of adapter interfaces, a router module, and a processor. Each adapter interface is assigned to a different level of security. The router module sends requests to the adapter interfaces, based on the security levels associated with the devices that submitted the requests. A first adapter interface establishes a first connection to the servers, providing access to a first zone. A second adapter interface establishes a second connection to the servers, providing access to a second zone. The first zone includes a set of resources assigned to the first level of security that is not included in the second zone. A third adapter interface establishes a third connection to the servers, providing access to a quarantine. Each adapter interface further receives data and applies different levels of security to the data, based on the security levels associated with the devices that submitted the data.

Abstract: A method, system, and computer program product includes receiving, in a booted state of a computing system, a request to load an operating system configuration. The method further includes storing, automatically in response to receiving the request, a digital key to authenticate the operating system configuration. The method further includes restarting the computing system. In response to restarting the computing system and while the computing system is in a pre-boot state, the method includes: validating that the digital key stored is one for a valid operating system configuration; receiving, from a user interface physically coupled to the computing system, a signal confirming the received request; authenticating, in response to receiving the signal, the operating system configuration using the digital key; and booting, in response to the authenticating, the operating system configuration.

Abstract: In one embodiment, a crypto cloudlet is provided that includes a security wrapper to a virtual machine to guarantee secure Input/Output exchange between a client and one or more cryptographic adaptive services powered by a set of virtual CPUs through a single well defined channel, an adaptive service running in the virtual machine that identifies hardware resources necessary to satisfy a cryptographic demand or request, and an Ethernet interface communicatively coupled to the security wrapper providing network channel services for exchange of cryptographic data and commands. The security wrapper presents to the adaptive services the hardware accelerators exposed by the virtual machine. Other embodiments are disclosed.

Abstract: Provided is a method of preventing illegal content from being distributed over the Internet, the method including searching for, by a distribution prevention module, file information corresponding to specific content through a tracker, extracting, by the distribution prevention module, a target peer that distributes the specific content on the basis of the file information to generate an identification value of the target peer, establishing, by the distribution prevention module, an initial connection with the target peer, and transmitting, by the distribution prevention module, a mutation message to the target peer.

Abstract: The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes in idle mode. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, along with a key change indication indicating that the NAS key has changed. The target AMF sends the key change indication to the user equipment.

Abstract: Mitigating threats to container-based workloads is provided by a process that includes detecting an attack against a container hosting environment that includes active and reserve container pools. The attack poses a potential threat of contamination to hosted containers. Based on detecting the attack, the process identifies a time-to-contamination, taken as an amount of time for an active container of the active container pool to become contaminated as a result of the attack. The process provisions new containers into the reserve container pool at a determined rate that is based on the identified time-to-contamination, and continuously removes, from the active container pool, active containers servicing the workload and concurrently deploys reserve containers from the reserve container pool to the active container pool to replace the removed active containers and takeover servicing the workload.

Abstract: The invention relates to detecting vulnerabilities in technology infrastructure environments. Data describing vulnerabilities detected in a technological environment of an enterprise is obtained. The vulnerability data is combined with data relating to servers, applications associated with the servers, and business functions associated with the applications, within the technological environment of the enterprise in order to create enriched data. The enriched data is enhanced using one or more of the following proceses: deduplicating records in the enriched data; modifying of a severity assigned to vulnerabilities based on one or more enterprise-infrastructure factors; archiving and purging of records included in the enriched data; consolidating IP addresses associated with the vulnerabilities; excepting records in the enriched data for vulnerabilities undergoing active remediation; and validating the enriched data. After the enriched data is enhanced, it may be sorted in accordance with one or more filters.

Abstract: A mobile terminal performs a user's log-in processing using biometric information read by a biometric information sensor, creates a private key required for authentication processing performed when a service on a network is used and a public key corresponding to the private key, stores the created private key with being associated with the biometric information read at the time of the log-in processing in a storage, and issues a request for registering an authentication information ID corresponding to the biometric information and a public key corresponding to the private key stored in the storage with being associated with the biometric information in the service.

Abstract: A cognitive security analytics platform is enhanced by providing a technique for automatically inferring temporal relationship data for cybersecurity events. In operation, a description of a security event is received, typically as unstructured security content or data. Information such as temporal data or cues, are extracted from the description, along with security entity and relationship data. Extracted temporal information is processing according to a set of temporal markers (heuristics) to determine a time value marker (i.e., an established time) of the security event. This processing typically involves retrieval of information from one or more structured data sources. The established time is linked to the security entities and relationships. The resulting security event, as augmented with the identified temporal data, is then subjected to a management operation.

Abstract: A method, system, and computer program product includes receiving, in a booted state of a computing system, a request to load an operating system configuration. The method further includes storing, automatically in response to receiving the request, a digital key to authenticate the operating system configuration. The method further includes restarting the computing system. In response to restarting the computing system and while the computing system is in a pre-boot state, the method includes: validating that the digital key stored is one for a valid operating system configuration; receiving, from a user interface physically coupled to the computing system, a signal confirming the received request; authenticating, in response to receiving the signal, the operating system configuration using the digital key; and booting, in response to the authenticating, the operating system configuration.

Abstract: Systems and methods for authenticating access to multiple data stores substantially in real-time are disclosed. The system may include a server coupled to a network, a client device in communication with the server via the network and a plurality of data stores. The server may authenticate access to the data stores and forward information from those stores to the client device. An exemplary authentication method may include receipt of a request for access to data. Information concerning access to that data is stored and associated with an identifier assigned to a client device. If the identifier is found to correspond to the stored information during a future request for access to the store, access to that store is granted.

Abstract: An authentication method using visual cryptography in a smart terminal, including: receiving, from an authentication server, a key image in which a user's individual cryptography string generated by the authentication server is separated; requesting user authentication from the authentication server; after requesting the user authentication, receiving, from a camera, an encrypted image shown on a display device; extracting an encrypted area from the received encrypted image; converting the extracted encrypted area to match with the key image in size and shape and overlaying the encrypted area with the key image pre-stored in the smart terminal; displaying an authentication code shown in an area where the encrypted area is overlaid with the key image and receiving the authentication code to transmit the authentication code to the authentication server; and after transmitting the authentication code, receiving an authentication result from the authentication server to provide the authentication result to the us

Abstract: A system for visual password input. The system for visual password input includes an electronic device having a display, wherein the electronic device further includes a camera. A processor disposed within the electronic device includes a non-transitory computer readable memory having a logic thereon, wherein the logic provides a login screen to the display, wherein the login screen prevents access to the electronic device until an authentication signal is verified. The authentication signal comprises an image capture received by the camera, wherein the image capture is compared to an image data of a password object stored on the non-transitory computer readable memory and analyzed to determine whether the image capture matches the image data of the password object within a confidence interval. Access is then provided to the electronic device if the image capture matches the image data of the password object.

Abstract: A device and a method for authenticating using biometric information in an electronic device are provided. The electronic device includes a display, and at least one processor. The at least one processor detects an execution of an application which provides an authentication service based on biometric information, changes at least one biometric information recognition related variable, in response to detecting the execution of the application, and controls to display an application execution screen including at least one authentication guide image corresponding to the at least one biometric information recognition related variable. Other embodiments may also be possible.

Abstract: An API call filtering system filters responses to API call requests received, via a network, from UEs. The API call filtering system is configured to require personalized API call requests wherein each API call (except for some minor exceptions) includes a unique UE identifier (“UEIN”) of the UE making the request. Using the UEIN, the web service or other service protected by the API call filtering system can be secured against excessive request iterations from a set of rogue UEs while allowing for ordinary volumes of requests of requests the UEs, wherein one or more boundaries between what is deemed to be an ordinary volume of requests and what is deemed to be excessive request iterations are determined by predetermined criteria.

Abstract: A system and method for analyzing directory service environment attack paths for an enterprise may continuously collect data about the attack paths and provide alerts. The system and method may also analyze the nested object relationships within Directory Services alongside objects at risk for Credential Theft to calculate all possible attack paths within the environment.

Abstract: A cloud-native global file system in which a local filer creates objects and forward them to a cloud-based object store is augmented to include constant-time rekeying (CTR). At volume creation time on the filer, a random Intermediate Key (IK) is generated. The IK is encrypted using one or more public key(s) for the volume in question, and then stored in encrypted form in a volume metadata file (e.g., cloudvolume.xml) alongside the other volume information. Once created, the IK is treated like any other volume metadata. During startup of a volume manager on the filer, the one or more per-volume IK blobs (present) are decrypted using an appropriate secret key, and then cached in memory. All objects sent to the cloud are then symmetrically encrypted to the current IK for that volume. All objects read from the cloud are decrypted using the locally-cached IK.

Abstract: Embodiments for enhancing privacy and security of an image by a processor. Metadata associated with the image is configured with a usage designation, the usage designation having accompanying notification information for notifying an owner of the usage designation if a condition of the usage designation is met.

Abstract: A communication apparatus accepts from a user a display setting regarding a two-dimensional code in which one or more parameters related to communication with a communication apparatus are encoded, and determines a parameter set that includes one or more parameters to be encoded in the two-dimensional code related to communication with the communication apparatus. When the accepted display setting is a first setting, a first two-dimensional code for a first application in which a first parameter set corresponding to the first setting is encoded is displayed, and when the accepted display setting is a second setting, a second two-dimensional code for a second application in which a second parameter set corresponding to the second setting is encoded and which is different from the first two-dimensional code is displayed, and wherein the first two-dimensional code includes a parameter that is not included in the second two-dimensional code.

Abstract: A method for generating a deserialization vulnerability report of a Java project, includes: determining, by a computing device, if interior knowledge of the Java project is available, and when the interior knowledge of the Java project isn't available, performing a black box analysis to generate the deserialization vulnerability report; and when the interior knowledge of the Java project is available, determining by the computing device if source code of the Java project is accessible, when the source code of the Java project is accessible, performing a white box analysis to generate the deserialization vulnerability report, and when the source code of the Java project isn't accessible, performing a gray box analysis to generate the deserialization vulnerability report.