Abstract: Certificate usage data is generated which identifies which processes or applications use which specific certificates. A certificate-specific usage model is generated based upon the certificate usage data and is used to detect anomalous usage of a certificate, by an application or process that has not previously used the certificate to authenticate itself to the computing system.

Abstract: A method for generating rule recommendation utilized in a creation of malware detection rules is described. Meta-information associated with a plurality of events collected during a malware detection analysis of an object by a cybersecurity system is received and a first plurality of features is selected from the received meta-information. Machine learning (ML) models are applied to each of the first plurality of features to generate a score that represents a level of maliciousness for the feature and thereby a degree of usefulness of the feature in classifying the object as malicious or benign. Thereafter, a second plurality of features is selected as the salient features, which are used in creation of the malware detection rules in controlling subsequent operations of the cybersecurity system. The second plurality of features being lesser in number that the first plurality of features.

Abstract: Embodiments of the present disclosure may be used to securely transmit data between multiple computing devices. Among other things, this can greatly extend the range of data transmissions in comparison to fixed-position wireless beacons and access points.

Abstract: A method for providing network access to a plurality of user entities through an access point, said access point comprising a LAN interface and a broadband network interface, the method comprising the following steps at a gateway device: establishing a second secure communication link with said access point; receiving an IP address allocation request from one of said plurality of user entities via said second secure communication link; accessing a AAA server to verify whether a successful authentication of said one of said plurality of user entities on the basis of data related to a mobile subscription associated with said one of said plurality of user entities has already taken place; and upon successful verification, completing an IP address allocation scheme with said one of said plurality of user entities and enabling relaying of data between said one of said plurality of user entities and a PDN; wherein said gateway device is adapted to aggregate a plurality of instances of second secure communication li

Abstract: Disclosed herein are a method and system for collecting cyber threat intelligence (CTI) data. The system includes a management server that determines agent configuration values associated with an OSINT providing source, an agent that receives the agent configuration values from the management server, performs a data collection task for collecting the CTI data based on the agent configuration values, and transmits the CTI data and data collection status information to the management server, a threat information database where which the CTI data is logged, and a system database where the data collection status information is logged.

Abstract: The current document is directed to reverse federated identity-management systems and to reverse-federated-identity-management methods employed by the reverse federated identity-management systems. The currently disclosed reverse-federated-identity-management systems automatically provision local proxy identities in distributed computers systems from which distributed resource-distribution systems allocate resources on behalf of users and clients of the distributed resource-distribution systems. In addition, the currently disclosed reverse-federated-identity-management systems automatically record associations of local proxy identities with users and clients of the distributed resource-distribution systems so that the users can be subsequently identified to auditing and monitoring organizations should the need for detailed auditing and monitoring subsequently arise.

Abstract: Methods, systems, and devices may be used for assigning names and bootstrapping of security credentials for Smart Objects inside a Digital Home environment. Methods, systems, and devices for identification and security bootstrapping of a smart object within a digital home environment may include automated assignment of a device level ID and security credential for each smart object in the home using a resource directory.

Abstract: In the embodiments of the present invention, a transmit optical signal includes a reference optical signal and a quantum optical signal, optical splitting processing and coherent coupling are performed on the transmit optical signal by using a local oscillator optical signal to obtain at least two coherently coupled optical signals, and then optical-to-electrical conversion and amplification are separately performed on a first coherently coupled optical signal that includes the reference optical signal and a second coherently coupled optical signal that includes the quantum optical signal, to obtain a first electrical signal and a second electrical signal. Then, phase frequency information between the local oscillator optical signal and the reference optical signal is obtained from the first electrical signal, and an original key is recovered from the second electrical signal based on the phase frequency information.

Abstract: Automatic forensic investigation techniques to more effectively differentiate false positives from true positives. An incident is automatically investigated by a processor that communicates instructions to a device on a network and analyzes information received from the device in response to the instructions. In response to analyzing, the processor raises or lowers its level of confidence in the incident. If the processor's level of confidence in the incident is sufficiently high, the processor generates an output that indicates that the security of the network has been compromised. Otherwise, the processor ascertains that the incident is a false positive and may modify a criteria for alert generation.

Abstract: Applications executing on phones, tablets and other client devices can be designed to authenticate with network services, but reliably identifying a client device that is not previously known to the service can be difficult. A television receiver or other trusted device that is previously known to the service, however, can act as an intermediary for initially delivering the client's identifying data to the authentication service. After the authentication service has received reliable identifying information about the client from another trusted device, the service is able to directly authenticate the client device in subsequent transactions by requesting and verifying receipt of the same secret identifier.

Abstract: Systems and methods for network-based intrusion detection are provided. An anti-adversarial Hidden Markov Model can be used to effectively detect evasion patterns for network-based intrusion detection, using dynamic window and threshold techniques to achieve adaptive, anti-adversarial, and online learning abilities. The concepts of pattern entropy, pattern entropy reduction, window width, local optimal window width, and dynamic window can be used in the model.

Abstract: The patent application is directed to a method for detecting a rogue device in a network including the step of providing an algorithm including predetermined criteria, executed by a processor, for identifying the rogue device. The method also includes a step of performing a cellular scan across the network. The method also includes a step of receiving, from the cellular scan, survey data including information of plural devices associated with the predetermined criteria. The method further includes a step of displaying, via a graphical user, a distribution curve including a calculated mean and a standard deviation based on the survey data for the predetermined criteria. The method also includes a step of comparing the information of one of the plural devices with statistically-calculated distribution curves.

Abstract: A method and system for allowing an independent software vendor (ISV) access to proprietary software code for software of an organization has been developed. An ISV generates a login request that masquerades as a user of the software. A license management system that controls access to the software, is accessed and determines if two session IDs are present. The presence of two separate session IDs identifies the ISV and if detected, the ISV is allowed access to the proprietary software code. Finally, the organization is notified about the ISV's access to the proprietary software code.

Abstract: The present invention provides an external terminal protection device and a corresponding protection system, the external terminal protection device including: an interface control module, used for providing an internal interface and an external interface, the internal interface being connected to a corresponding interface of a protected host, and the external interface being configured to access one or more external devices; and a system control module, used for connecting the interface control module, and controlling security authentication of the external devices accessed to the one or more external interfaces on the interface control module, so as to determine whether the external devices are licensed access devices. The present invention can protect the security of the protected host without installing security protection software on the protected host, thereby greatly reducing system security risks, and comprehensively eliminating the potential security hazards that may be generated by the interfaces.

Abstract: Collaborative computing and electronic records are disclosed. An entity that may be able to help achieve an objective is discovered and a connection to the entity established. A meta-language is used to exchange with the entity a description of the objective and a description of the entity. The meta-language is used to negotiate with the entity a contract to help achieve the objective. In the event a contract to help achieve the objective is reached, performing a self-configuration in accordance with the contract.

Abstract: A system and method for managing a network policy of an application on a client includes discovering, by the client, a first network, determining if the first network is a restricted network, applying a restricted network rule to the client when the first network is a restricted network, lowering a network score of the first network when the first network is a restricted network, and associating with the first network.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for quantum random number generation (QRNG). An example method includes generating, by encoding circuitry of a QRNG chip, a series of photons and transmitting the series of photons over an optical line. The example method further includes determining, by decoding circuitry of the QRNG chip, a set of quantum bases to use for measurement. The example method further includes receiving, by the decoding circuitry of the QRNG chip, the series of photons over the optical line and decoding the series of photons based on the determined set of quantum bases to generate a decoded set of bits. In some embodiments, the example method further includes generating, by session authentication circuitry, a session key based on the decoded set of bits.

Abstract: A method, apparatus, computer-readable medium, and/or system may be used to facilitate secured communications between internal and external applications and/or computing devices. For example, a gateway device may generate access tokens for internal applications, such as application programming interfaces (APIs), and/or external services. Access tokens may comprise various types of information used for authentication or authorization, such as client secrets, grant types, and/or client identifiers. Using one or more access tokens, internal applications may access data from external services. Similarly, external services may access data from internal applications using one or more access tokens.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to allow for the mitigation of ransomware. For example, the system can determine that an application begins to execute, determine that the application attempts to modify a file, determine a file type for the file, and create a security event if the application is not authorized to modify the file type. In another example, the system determines an entropy value between the file and the attempted modification of the file, and create a security event if the entropy value satisfies a threshold or determine a system entropy value that includes a rate at which other files on the system are being modified by the application, and create a security event if the system entropy value satisfies a threshold.

Abstract: An electronic resource tracking and storage computer system communicates with computing systems operated by different participants. Computing systems store copies of a blockchain and have associated computing devices with sensors. A programmed rule set includes conditions to be met when cooperating to complete, in connection with a resource tracked via the blockchain, a modeled process including modeled tasks. A transceiver receives, from the computing devices, signed electronic data messages including identifiers and values from their respective sensors. Blockchain transactions including identifiers and value(s) in the respective messages are generated. Generated blockchain transactions are published for inclusion in blockchain's copies. Value(s) in the respective electronic data messages are validated against the set of programmed rules. Based on the validations' results, events are emitted to an event bus monitored by a management system.