Abstract: Methods and systems for penetration testing of a networked system involve assigning network nodes to disjoint classes based on current information about the compromisability of the network nodes. The classes distinguish between nodes not currently known to be compromisable, nodes that only recently have become known to be compromisable, e.g., by a first method of a attack, and nodes that have been known for a longer time to be compromisable. Nodes that only recently have become known to be compromisable can be re-targeted by the penetration testing system to determine whether such nodes can be compromised using multiple methods of attack and not just using the first method of attack.

Abstract: An electronic device and a control method thereof are provided. The electronic device includes an Internet protocol (IP) address corresponding to a domain name of a web page when a user command inputting the domain name is received, identifies a number of hops included in a network path connecting a server corresponding to the obtained IP address and the electronic device to each other, and determines that a man-in-the-middle attack exists in a network when a communication connection with the server is established on the basis of a smaller number of hops than the identified number of hops.

Abstract: Methods and systems for establishing a chain of relationships are disclosed. An identity verification platform receives a first request for registration comprising an identification of a first user, identification of an entity, and a relationship between the first user and the entity; verifies the identity of the first user and the relationship between the first user and the entity; and verifies that the entity is legitimate. Once a relationship between a first individual, invited by the first user, and the entity is confirmed, the platform creates a custom badge representing the relationship between the first individual and the entity for display on the entity's website. The platform receives an identification of a selection by an end user of the custom badge and, responsive to receiving the identification of the selection, renders, on a domain controlled by the identity verification platform, a verification that the relationship between the first individual and the entity is valid.

Abstract: An integrated circuit device can include a plurality of nonvolatile memory elements having values that vary randomly or pseudo-randomly from one another; a selection circuit configured to select a plurality of nonvolatile memory elements that vary randomly or pseudo-randomly in response to a received challenge value; and sense circuits configured to generate a response value based on the values of the selected nonvolatile memory elements. Related methods and systems are also disclosed.

Abstract: There is disclosed a circuit for monitoring the security of a processor, wherein the circuit is configured to access a memory configured to store execution context data of a software program executed by the processor; to determine one or more signatures from said execution context data; and to compare said signatures with predefined signatures to monitor the security of the processor (110). Developments describe that context data can comprise control flow data, that a signature can comprise a hash value or a similarity signature, or that the integrity of signatures can be verified for example by using a secret key (e.g. obtained by random, or by using a physically unclonable function). Further developments describe various controls or retroactions on the processor, as well as various countermeasures if cyber attacks are determined.

Abstract: In accordance with aspects of the inventive concepts, a system and method provide ongoing authentication through processing of data that includes biometric data. Such systems and methods can use, as examples, face recognition and/or voice biometric data, or other biometric data, to identify the user in real-time and thereafter during an ongoing session. In various embodiments, the system can continuously or repeatedly authenticate one or more users using biometric data to control access to information and/or functions in real (or near real) time. The system can be configured to optimize and/or minimize resource consumption associated with the ongoing authentication process.

Abstract: Remote subscription management of an eUICC comprising a private key and a public certificate, the public certificate comprising information allowing a subscription manager server to decide if it can agree to manage the eUICC.

Abstract: Techniques for providing a securing platform for service provider network environments are disclosed. In some embodiments, a system/process/computer program product for providing a securing platform for service provider network environments includes communicating with an orchestrator and/or another network element on a service provider network to identify a subscriber with a new IP flow using a security platform; associating the subscriber with the new IP flow at the security platform; and determining a security policy to apply at the security platform to the new IP flow based on the subscriber.

Abstract: Various embodiments of systems and methods to track tainting information via non-intrusive bytecode instrumentation are described herein. The described techniques include, at one aspect, defining a taint-aware class to shadow an original data class. The taint-aware class includes a payload field to store objects of the original data class, a metadata field to store tainting information corresponding to the objects of the original data class, and a method proxying a corresponding method of the original data class. In another aspect, the instances of the original data class are replaced with corresponding instances of the taint-aware class in an application bytecode. Further, in a yet another aspect, when executing the application in a runtime environment, the method propagates the content of the metadata filed and calls the corresponding method of the original data class to manage the content of the payload field.

Abstract: Methods and systems for initiating a workflow are disclosed. The systems and methods described herein may receive as input a data segment from an external source, and identify at least one type of data object present in the data segment. The systems and methods described herein may then autonomously generate an application programming interface (API) trigger to initiate a workflow, wherein the API trigger is based on the at least one type of data object present in the data segment.

Abstract: A method for authorizing operation permissions of form-field values is disclosed in the present invention, including a step of authorizing operation permissions of form-field values and a step of selecting a grantee; the step of authorizing operation permissions of form-field values includes: S1: selecting a form to be authorized, and displaying fields in the form that need operation permission control; and S2: authorizing the operation permissions to each value of the fields respectively, where the grantee is one or more roles, the role is an independent individual rather than a group or class, one role can only be related to a unique user during the same period, and one user is related to one or more roles. The present invention can achieve respective authorization for the operation permissions of form-field values, and improves the fineness of system management. In this method, multiple authorized roles can be selected at the same time to batch authorization, thus improving the authorization efficiency.

Abstract: Methods, apparatuses and computer program products implement embodiments of the present invention that include monitoring use of web code by providing a web agent for embedding into the web code of a protected web site, and upon downloading the web code from a server to a client computer and running the web code on the client computer, identifying, by the web agent, attributes of the server. The attributes are analyzed by the web agent so as to detect malicious use of the web code, and a notification beacon is transmitted by the web agent in response to detecting the malicious use of the web code.

Abstract: A system and method for detecting anomalous hypertext transfer protocol secure (HTTPS) traffic are provided. The method includes receiving samples of at least rate-based features, wherein the rate-based features demonstrate a normal behavior of at least HTTPS traffic directed to a protected entity; computing a short-term baseline and a long-term baseline based on the received samples, wherein the short-term baseline is adapted to relatively rapid changes in the HTTPS traffic and the long-term baseline is adapted to relatively slow changes in the HTTPS traffic; computing at least one short-term threshold respective of the short-term baseline and at least one long-term threshold respective of the long-term baseline; evaluating each of the at least one threshold against real-time samples of HTTPS traffic to determine whether behavior of the HTTPS traffic is anomalous; and generating alarm when anomaly is detected.

Abstract: An example operation may include one or more of creating a shared secret via a blockchain node member, storing the shared secret in a memory outside the blockchain, and sharing the shared secret with one or more other blockchain node members during a setup phase of an execution environment associated with a chaincode.

Abstract: A method and device for providing notification of improper access to secure data on a mobile device. The mobile device detects a request to record content displayed on a display of the mobile device. A determination is then made regarding whether the content that was displayed on the screen when the request to record was received is protected content. If the displayed content was protected, then a third party is notified that a security breach has been detected. A remedial action is also performed regarding the security breach.

Abstract: Packets may be received by a packet security gateway. Responsive to a determination that an overload condition has occurred in one or more networks associated with the packet security gateway, a first group of packet filtering rules may be applied to at least some of the packets. Applying the first group of packet filtering rules may include allowing at least a first portion of the packets to continue toward their respective destinations. Responsive to a determination that the overload condition has been mitigated, a second group of packet filtering rules may be applied to at least some of the packets. Applying the second group of packet filtering rules may include allowing at least a second portion of the packets to continue toward their respective destinations.

Abstract: Systems, devices, and techniques are disclosed access to data in multiple instances through a single record. A selection of a record may be received through a user interface. The record may be stored in a database. Aspects of the record may be received from the first database. and displayed on the user interface. A first additional aspect associated with the record may be received from a first instance database associated with a first instance of a secondary application and displayed on the user interface. A selection to switch to a second instance of the secondary application may be received through the user interface. A second additional aspect associated with the record may be received from a second instance database associated with the second instance of the secondary application and displayed on the user interface the in place of the first additional aspect associated with the record from the database.

Abstract: A locality-sensitive hash value is calculated for a suspect file in an endpoint computer. A similarity score is calculated for the suspect hash value by comparing it to similarly-calculated hash values in a cluster of known benign files. A suspiciousness score is calculated for the suspect hash value based upon similar matches in a cluster of benign files and a cluster of known malicious files. These similarity score and the suspiciousness score or combined in order to determine if the suspect file is malicious or not. Feature extraction and a set of features for the suspect file may be used instead of the hash value; the classes would contain sets of features rather than hash values. The clusters may reside in a cloud service database. The suspiciousness score is a modified Tarantula technique. Matching of locality-sensitive hashes may be performed by traversing tree structures of hash values.

Abstract: A rule engine receives data flows. The data flows are between a network and an application. The rule engine determines data flow information and in dependence on the information performs an action with respect to said flow. A controller provides control information to the rule engine to define one or more actions. The communications between said rule engine and said controller are secure.

Abstract: A system for data recording across a network includes a session border controller connecting incoming data from the network to an endpoint recorder. A load balancer is connected to the network between the session border controller and the endpoint and receives the incoming data from the session border controller, wherein the load balancer comprises computer memory and a processor configured to parse the incoming data into video data and audio data according to identification protocols accessible by the processor from the computer memory. A recording apparatus includes recording memory that receives the incoming data from the load balancer, stores a duplicate version of the incoming data in the recording memory, and connects the incoming data to the endpoint.