Abstract: Implementations of the present disclosure involve a system and/or method for identifying and mitigating malicious network threats. Network data associated is retrieved from various sources across a network and analyzed to identify a malicious network threat. When a threat is found, the system performs a mitigating action to neutralize the malicious network threat.

Abstract: A Network Function Virtualization (NFV) Central Processing Unit (CPU) comprises a network core and a system core. The network core receives and validating hardware trust certificates from external circuitry that obtains the hardware trust certificates using a read-only hardware trust identifier that is physically-embedded in the external circuitry. The system core executing an NFV Virtual Network Function Component (VNFC) and generating VNFC data for the external circuitry. The system core calls an Application Programming Interface (API) for a hardware trusted communication with the external circuitry and transfers the VNFC data to the network core. In response to the API call, the network core transfers the VNFC data to the external circuitry when the network core successfully validates the hardware trust certificates from the external circuitry. The network core blocks the user data when the network core did not successfully validate the hardware trust certificates from the external circuitry.

Abstract: Methods and systems are provided that enable single sign-on (SSO) mechanisms on rich clients running hosting applications that include documents with one or more embedded web assets. An embedded web asset may be any resource (e.g., document, image, data, etc.) that is accessed via a browser from within a hosting application. In aspects, authentication of a user identity is required to access an embedded web asset. In particular, an identity management module is provided on a rich client. The identity management module is configured to maintain multiple credentials for multiple user identities that are associated with multiple applications, whether the applications are embedded applications or hosting applications. In this way, a user may access multiple applications, including embedded web assets, associated with each user identity—without signing into each application. That is, a user is able to login a single time for each user identity.

Abstract: A module with an embedded universal integrated circuit card (eUICC) can include a received eUICC profile and a set of cryptographic algorithms. The received eUICC profile can include an initial shared secret key for authentication with a wireless network. The module can receive a key K network token and send a key K module token to the wireless network. The module can use the key K network token, a derived module private key, and a key derivation function to derive a secret shared network key K that supports communication with the wireless network. The wireless network can use the received key K module token, a network private key, and the key derivation function in order to derive the same secret shared network key K derived by the module. The module and the wireless network can subsequently use the mutually derived key K to communicate using traditional wireless network standards.

Abstract: The present embodiments describe methods and systems for intercepting unauthorized communications in a controlled-environment facility. Unauthorized communications may originate from contraband cell phones, for example. In an embodiment, attempted communications from the contraband communication device are intercepted by the facility communication systems. The attempted communication may or may not be connected or completed, depending upon facility rules, policies, and regulations.

Abstract: A security application manages security and reliability of networked applications executing collection of interacting computing elements within a distributed computing architecture. The security application monitors various classes of resources utilized by the collection of nodes within the distributed computing architecture and determine whether utilization of a class of resources is approaching a pre-determined maximum limit. The security application performs a vulnerability scan of a networked application to determine whether the networked application is prone to a risk of intentional or inadvertent breach by an external application. The security application scans a distributed computing architecture for the existence of access control lists (ACLs), and stores ACL configurations and configuration changes in a database.

Abstract: There is provided a method of generating a ciphertext. The method includes encrypting an input data to produce an encrypted data, and randomizing the encrypted data to produce the ciphertext. In particular, the randomizing process includes performing an exclusive-or (xor) operation on the encrypted data with a cipher pad, whereby the cipher pad is generated based on an xor-homomorphic function of a first key using a second key generated based on the encrypted data. There is also provided a corresponding system for generating a ciphertext, a corresponding method and system for decrypting a ciphertext, and a corresponding method and system for searching ciphertexts in a database, such as at an untrusted server.

Abstract: Various embodiments are generally directed to techniques to distribute encrypted packets among multiple cores in a load-balanced manner for further processing. An apparatus may include a processor component; a decryption component to decrypt an encrypted packet to generate a decrypted packet from the encrypted packet, the encrypted packet comprising a header that comprises at least one field of information; a hash component to generate a header hash from the at least one field of information during decryption of at least a portion of the encrypted packet by the decryption component, the header hash comprising a smaller quantity of bits than the at least one field of information; and a distribution component to select a first core of multiple cores coupled to the processor component based on the header hash and to transmit the decrypted packet to the first core from the processor component. Other embodiments are described and claimed.

Abstract: A method includes receiving, by a processing device executing a validation service, a validation data associated with a first instance of an execution environment, the validation data provided by a publication service associated with a second instance of the execution environment, acquiring a decryption key from a release server associated with the execution environment, determining, using the decryption key, a validation status associated with the first instance in view of the validation data, and notifying the release server of the validation status.

Abstract: Systems and methods for encrypted processing are provided. For example, an apparatus for encrypted processing includes: an input interface adapted to receive input from a device; an encrypted processor connected to the input interface; a program store control connected to the encrypted processor, the program store control controlling use of and access to at least two program stores, where at least one program store acts as a primary program store and at least one program store acts as a back-up program store; and an output interface connected to the encrypted processor for outputting at least one of commands or data; where the encrypted processor is programmed to: receive and validate a request; determine whether a valid request is a program update request for a first program; and initiate a lock mechanism into a locked state.

Abstract: Modifying computer program output in a voice or non-text input activated environment is provided. A system can receive audio signals detected by a microphone of a device. The system can parse the audio signal to identify a computer program to invoke. The computer program can identify a dialog data structure. The system can modify the identified dialog data structure to include a content item. The system can provide the modified dialog data structure to a computing device for presentation. The system can validate the dialog data structure output by the computing device for presentation.

Abstract: Techniques are provided for limiting access to a feature in an application. Certain application features, such as access controlled features, are not generally accessible to all users of an integration cloud service system. When a user makes a request to access an access controlled feature, the system can determine whether user information satisfies the requirements to access a requested access controlled feature. If the user satisfies the requirements for the requested access controlled feature, an access key can be dynamically generated based on the user information.

Abstract: A device configured to authenticate an integrated circuit includes an integrated circuit on a substrate, and at least one security circuit segmented into at least two security parts. The two security parts are located at separate locations on the substrate with respect to one another. At least one of the security parts includes a memory element having a key code programmed therein that authenticates the integrated circuit.

Abstract: In the disclosed transaction processing system, members of an authorized network of consumers and merchants manage account information using blockchain ledgers. Because both consumers and merchants maintain copies of the blockchain, for any consumer/merchant transaction, both entities can quickly validate the transaction because both are aware, via their blockchain entries, of the current status of the account sourcing the transaction, allowing fast and accurate transaction validation without the need to incur the processing charges inherent in traditional fiat currency credit transactions.

Abstract: Device, system, and method of voice-based user authentication utilizing a challenge. A system includes a voice-based user-authentication unit, to authenticate a user based on a voice sample uttered by the user. A voice-related challenge generator operates to generate a voice-related challenge that induces the user to modify one or more vocal properties of the user. A reaction-to-challenge detector operates to detect a user-specific vocal modification in reaction to the voice-related challenge; by using a processor as well as an acoustic microphone, an optical microphone, or a hybrid acoustic-and-optical microphone. The voice-based user-authentication unit utilizes the user-specific vocal modification, that was detected as reaction to the voice-related challenge, as part of a user-authentication process.

Abstract: Systems, methods, and computer-readable media for providing standards compliant encryption, storage, and retrieval of data are disclosed. In an embodiment, data is received at a first data center from a first device in connection with a service request, and encrypted to produce encrypted data. The encrypted data may be transmitted from the first data center to the first device, and then may subsequently be received at a second data center. The second data center may store the encrypted data in a database accessible to the second data center. Because all data provided to the system is encrypted by the first data center prior to being stored and/or provided to the second data center, the database and the second data center may be out of the scope of compliance monitoring, auditing, and reporting for one or more data security standards.

Abstract: A method for validating incoming data to a computer system is provided. The method receives the incoming data, simultaneously, by the computer system and a mirror computer system, wherein the computer system is separate and distinct from the mirror computer system, wherein the computer system lacks a communication connection to the mirror computer system, and wherein the mirror computer system lacks a communication connection to the computer system; processes the incoming data by the mirror computer system, to produce output; and when the output comprises an acceptable result, processes the incoming data by the computer system.

Abstract: A device determines that a data breach of an application has been reported and determines that an individual has an account with the application based on identifying an association between an application identifier and a username the individual uses to access the application. The device receives, from a user device associated with the individual, password information used to access the application. The device uses the password information and usernames for a group of applications with which the individual has accounts to perform a login procedure for the group of applications to determine that login information for one or more of the applications includes the password information used to access the application affected by the data breach. The device provides, to the user device or another device, a recommendation to change the password information used to access the application and the one or more applications.

Abstract: A system for automating login can determine if a web artifact, such as a web page, includes a login form, by identifying a password field, a user ID field, and a submit button or another element providing the functionality to submit credentials for authorization. Submission of user credentials may be emulated, and access to password protected areas can be ascertained, e.g., by identifying any element that permits signing out from the password protected area.

Abstract: The present invention relates to a solution to improve the security of applications. Particularly, the invention relates to the control of the whole lifecycle of data traffic between a client and a server applying also internal data flow system within the server only for editable data. The invention presents a method for detection of manipulation of data (29) by a client (11, 15, 25) that performs a request to a server (13, 17, 27) and detection of vulnerabilities within source code. The invention also presents an application and a system for the detection of manipulation in applications. As a particular example, the invention presents a method for detection of manipulation of web pages in HTTP.