Abstract: Methods, systems, and computer readable media for packet monitoring in a virtual environment are disclosed. According to one method executed at a virtual tap element residing in between a first virtual machine and a second virtual machine in a virtual network environment, the method includes obtaining cryptographic key information from either the first virtual machine or the second virtual machine and detecting an encrypted packet flow being communicated in the virtual network environment between the first virtual machine and the second virtual machine via the virtual tap element. The method further includes decrypting the encrypted packet flow using the cryptographic key information, generating a decrypted packet flow set comprising at least a portion of the decrypted packet flow, and sending the decrypted packet flow set to a packet analyzer.

Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.

Abstract: Various embodiments are generally directed to techniques for multi-voice speech recognition commands, such as based on monitoring a telecommunications channel between first and second devices, for instance. Some embodiments are particularly directed to prompting initiation of a transaction between a first entity associated with a first device and a second entity associated with a second device based on detection of an audible request corresponding to the second entity and an audible response corresponding to the first entity.

Abstract: Systems, methods, and apparatus, including computer programs encoded on computer storage media, for facilitating communication in an industrial control network. A system includes an industrial control network, one or more controller devices, one or more emulators, and an encryption relay processor. Each controller device can be operable to control one or more operational devices connected to the industrial control network. Each emulator can be configured to communicate with a respective controller device, and each emulator can be configured to reference a respective profile that includes information about security capabilities of the respective controller device. The encryption relay processor can be operable to facilitate communication to and from each emulator over the industrial control network.

Abstract: A technique verifies a determination of an exploit or malware in an object at a malware detection system (MDS) appliance through correlation of behavior activity of the object running on endpoints of a network. The appliance may analyze the object to render a determination that the object is suspicious and may contain the exploit or malware. In response, the MDS appliance may poll the endpoints (or receive messages pushed from the endpoints) to determine as to whether any of the endpoints may have analyzed the suspect object and observed its behaviors. If the object was analyzed, the endpoints may provide the observed behavior information to the appliance, which may then correlate that information, e.g., against correlation rules, to verify its determination of the exploit or malware. In addition, the appliance may task the endpoints to analyze the object, e.g., during run time, to determine whether it contains the exploit and provide the results to the appliance for correlation.

Abstract: A method for selectively providing, to a subset of authorized user accounts, wake-on-demand access to session servers during a period of scheduled unavailability includes receiving, by a service broker machine, from a client machine, at least one credential. The service broker machine requests, from a database, connection information associated with the at least one credential. The service broker machine receives, from the database, connection information. The service broker machine determines that the at least one virtual resource is unavailable. The service broker machine determines whether the received credential indicates that a user of the client machine is authorized to request reactivation of the unavailable at least one virtual resource. The service broker machine directs, reactivation of the unavailable at least one virtual resource. The service broker machine provides, to the client machine, the connection information.

Abstract: Methods and systems for security threat detection are disclosed. For example, a virtual machine with a network interface of a plurality of virtual machines includes a plurality of applications including first and second applications. The plurality of applications is associated with a respective plurality of application security modules, including a first and second application security modules associated with the first and second applications. A security policy engine executes on a processor in communication with a network including a network controller. The application security module detects an abnormality with a request to the first application, identifies a source and a mode of the abnormality, and reports the source and the mode to the security policy engine. The security policy engine prevents a further abnormality with the source and/or the mode from affecting the second application and commands the network controller to prevent the source from interacting with the network.

Abstract: Blind injection attacks can compromise computer systems and their data. These attacks can appear in SQL, XML, LDAP, OS commands, or other contexts. Blind injection attacks may be used to obtain information from a data source based on whether a response is returned within a certain time frame. By introducing intentional delay servicing of commands, however, the efficacy of blind injection attacks can be reduced. SQL query statements or other commands can be analyzed to determine if a conditional delay exists, and randomization effects can be used (sometimes based on length of the conditional delay) to make it difficult for an attacker to use blind injection. These techniques may broadly apply to any data source, and include databases exposed to the public via the internet (e.g. via a web server URL). Blind SQL injection, blind XML injection, and other blind injection attacks can be mitigated using techniques described herein.

Abstract: The object of the invention is a method for the certification of electronic mails with a recognised electronic signature wherein a telecommunications operator certifies the sending of a certified electronic mail on the part of a user client of said operator to another user non-client of the telecommunications operator respecting at all times the chain of custody and the original recognised electronic signatures in the resending and the certification, generating evidence at all times of the transaction, in such a way that it can be used as reinforced evidence in any court or as a reliable demonstration of a given transaction.

Abstract: Implementations provide for extending an authentication protocol to dynamically create a per user end to end encryption over a multi-hop path for data traffic, which provides an automatic triggering of authentication on each hop of a path when a client joins the network. A device includes a processor that is configured to, in response to receipt of a request for authentication from an end device, perform an authentication protocol to authenticate with an authentication server via an authenticator device. When the authentication protocol is successfully performed, the processor is configured to receive a message indicating that the device was successfully authenticated by the authentication server. The processor is configured to create a pairwise master key (PMK) from the parameters, and derive a pairwise temporary key (PTK) from a key derivation function seeded by the PMK. The processor is configured to encrypt, using the PTK, a message from the end device.

Abstract: An assembly made up of a micro-electro-mechanical system as physical unclonable function, which in reaction to a challenge, outputs a response in accordance with a mapping rule, and a controllable control element which is equipped, in accordance with a control command, to adjust an ambient parameter influencing the mapping rule.

Abstract: Methods, systems, and computer programs are presented for remote management of self-encrypting managed devices (SEMDs) with embedded wireless authentication. One method includes providing a user interface to access a management server for managing users and devices. The SEMD is in wireless communication with the mobile device and is connection with the management server. Additionally, the management server checks user-authentication information of the user for unlocking access to the SEMD before is enabled to unlock the SEMD via mobile application of the mobile device. Further, the management server sends an unlock command to the mobile device based on the checking, the mobile device sending an unlock request to the SEMD via the wireless communication. The SEMD is configured to unlock the data channel to provide data access to encrypted storage in the SEMD.

Abstract: Methods, systems, and computer programs are presented for a self-encrypting device (SED) incorporated into a host system. In one example, the host system includes a memory, a processor, a data channel in communication with the memory and the processor, and the SED. The SED comprises an authentication subsystem, a storage subsystem that stores encrypted data that is encrypted with an encryption key provided by the authentication subsystem, a radio frequency (RF) transceiver, and a data interface in electrical contact with the data channel. The data interface is locked from sending and receiving data until the SED is unlocked by the authentication subsystem with user-authentication information received via the RF transceiver.

Abstract: In one embodiment, a telecommunication apparatus includes a processor to generate a telephone call set-up message including a user-to-user information (UUI) field, and include a security token in the UUI field of the telephone call set-up message, and a network interface to send the telephone call set-up message to a telephone network. Related apparatus and methods are also described.

Abstract: Example implementations relate to assigning a document to partial membership in communities. In example implementations, a detected feature of a document may be compared with a training pattern. Based on the comparison, the document may be assigned partial membership in a first community and partial membership in a second community.

Abstract: Multiple authentication procedures enhance security of Internet transactions. For example, a request is received from a customer to access a service. A first authentication request is sent to the customer for first authentication information. A second authentication request may be sent to the customer for second authentication information. The method then enables the customer to proceed with accessing the service if the second authentication information is received.

Abstract: A data security system, and a method of operation thereof, includes a data security transceiver or receiver; an authentication subsystem operatively connected to the data security transceiver or receiver; and a storage subsystem connected to the authentication subsystem.

Abstract: An example system receives certificate requests from clients. Each request can indicate a number of computerized devices needing certificates; a timestamp indicating when the request was transmitted; and a client identifier. The system includes a Quality of Service (QoS) manager that: distributes the requests from the clients across client queues, each of the client queues corresponding to a particular client; and divides requests into smaller subgroups of entries corresponding to a subset of the computerized devices needing certificates. The system can also transmit retrieved entries from the client queues to a certificate management service.

Abstract: A method for enhancing rapid data analysis includes receiving a set of data; storing the set of data in a first set of data shards sharded by a first field; and identifying anomalous data from the set of data by monitoring a range of shard indices associated with a first shard of the first set of data shards, detecting that the range of shard indices is smaller than an expected range by a threshold value, and identifying data of the first shard as anomalous data.

Abstract: A server receives an instruction to verify that a contact point (e.g., a phone number) is associated with a name. A set of users that have the contact point stored in a contact list on the server is identified and client devices associated with the users in the set are sent a name verification query. The name verification query includes a representation of the name and the contact point. The server receives a set of one or more matching scores from each of at least a subset of the client devices. The set of matching scores received from a given client device indicates a degree to which a name stored in association with the contact point in the client device's local address book matches the representation of the name. A determination is made as to whether the contact point is associated with the name based on the received matching scores.