Abstract: Some embodiments provide a method for configuring a gateway datapath that processes data messages between a logical network implemented in a datacenter and an external network. The method receives configuration data including security policy rules for a logical router implemented by the datapath that indicate whether to apply a security protocol to certain data messages transmitted from a particular interface of the logical router. The method identifies a particular security policy rule that applies to data messages that (i) have a destination address in a set of destination addresses and (ii) meet at least one additional criteria. The method generates a static route, for a routing table used by the datapath to implement the logical router, that routes data messages with destination addresses in the set of destination addresses to the particular interface. The datapath applies the security policy rules for data messages transmitted from the particular interface.

Abstract: The present disclosure provides a communication method and device. The method includes that: when an instruction for instructing transmitting user data via a direct communication connection is received, user verification information is acquired, the user verification information including verification data input through a first terminal; the user verification information is sent to a second terminal; when verification success information is received from the second terminal, a first direct communication connection is established with the second terminal; and the user data is sent to the second terminal via the first direct communication connection.

Abstract: Authentication of tokens and associated are used to provide a just-in-time key synchronization for user access to a service in a cloud computing environment which includes a plurality of availability zones with an identity service, a storage system, and a keystore. The encryption keys are distributed by the storage system based on a user access request containing a token with a payload and a current user cryptographic key. The token is then sent to the keystore to authenticate the user. The keystore authenticates the user and sends the token with the current cryptographic key to the storage system. The storage system receives the token with the current cryptographic key and grants access to the user for the service.

Abstract: In one embodiment, an IoT server includes: processing circuitry, an I/O module operative to communicate with at least an IoT device and a vendor network server, and an onboarding application and operative to at least: receive an onboarding request from the IoT device via the I/O module, send a confirmation request to the vendor network server via the I/O module, where the confirmation request indicates a request to confirm an identity of the IoT device according to a connection to a network device authenticated by the vendor network server, receive a confirmation response from the vendor network server via the I/O module, where the confirmation response indicates whether the IoT device is connected to the network device, and if the confirmation response is a positive confirmation response that indicates that the IoT device is connected to the network device, onboard the IoT device for participation in an IoT-based system.

Abstract: Methods, systems, and apparatuses are described for identifying unauthorized (e.g., rogue) access points. Authorized access points can detect the presence of rogue access points by determining signal strengths associated with other access points. A detected variance from an expected signal strength can indicate a presence of a rogue access point.

Abstract: Methods and systems are described for creating irrefutable binding data for a data file. An input sequence of data elements is derived based on information from the data file. A graphical representation of input regions corresponding to the input sequence of data elements is output on a display, superimposed on captured image data including a visible feature of a user associated with the data file. User input of each data element of the input sequence is captured by tracking the visible feature through the corresponding input regions, and the binding data is created from the captured images as the visible feature is tracked through the input regions.

Abstract: Certain implementations include systems and methods for improving knowledge-based-authentication (KBA) identity authentication questions.

Abstract: A processor-based method for secret sharing in a computing system is provided. The method includes encrypting shares of a new secret, using a previous secret and distributing unencrypted shares of the new secret and the encrypted shares of the new secret, to members of the computing system. The method includes decrypting at least a subset of the encrypted shares of the new secret, using the previous secret and regenerating the new secret from at least a subset of a combination of the unencrypted shares of the new secret and the decrypted shares of the new secret.

Abstract: Some embodiments provide, for a particular device in a set of related devices, a method for backing up data synchronized between the set of related devices. The method stores the backup data encrypted with a set of data encryption keys. The method also stores the set of data encryption keys encrypted with a master recovery key. The method also stores several copies of master recovery key data, each copy of the master recovery key data encrypted with a public key of a different one of the related devices. The backup data is only recoverable by accessing a private key of any one of the related devices.

Abstract: Methods and systems for monitoring network activity. Various embodiments may deploy virtual security appliances to a certain location or with a specific configuration based on data regarding previous attacks and attacker activity. Accordingly, the deployed virtual security appliance(s) are better suited to gather more useful behavior regarding threat actor behavior and attacks.

Abstract: A method, system, and computer-usable medium are disclosed for performing deep packet inspection of network traffic, comprising: receiving a unit of one or more network packets, calculating a calculated fingerprint for data within the unit, determining a current inspection context, determining whether the calculated fingerprint and the current inspection context matches an entry stored in a cache, wherein the entry includes a stored fingerprint and a cached inspection context, and performing operations associated with deep packet inspection of the unit based on whether the calculated fingerprint and the current inspection context match the entry.

Abstract: A cyber security assessment platform is provided. The platform can assess the security posture of a network by deploying one or more scenarios to be executed on one or more assets on the network and analyzing the outcomes of the scenarios. A scenario can be configured to validate a device or network status, and/or mimic an unauthorized cyber-attack. Each scenario can include one or more phases defining an execution path. Related method, apparatus, systems, techniques and articles are also described.

Abstract: A method and device for securing data of a message is provided. A method for encrypting a message of a user terminal device includes: receiving a message via a message input window; displaying the received message; encrypting the message by using a key index and an encryption key corresponding to a chatting window for the message based on an instruction for transmitting the message to another chatting party being received; and transmitting the encrypted message to the other chatting party.

Abstract: A method, computer system, and computer program product. Input element layout data based on a layout of input elements of an input device is retrieved in response to a received password input request. A positioning marker and a visualized overlay input device including an altered layout of input elements is generated based on the retrieved input element layout data. The visualized overlay input device and the positioning marker are rendered for display by a see-through display device for viewing of the visualized overlay input device in superposition with respect to the input device. An effective input configuration of the layout of input elements of the input device is generated to correspond to the altered layout of input elements for entry of the password input.

Abstract: The disclosed computer-implemented method for detecting geolocation-aware malware may include (1) receiving, by a computing device, trajectory information for network traffic carrying geolocation-aware malware, (2) identifying, from the trajectory information, a target geolocation characteristic required to activate the geolocation-aware malware, (3) establishing, on an image of a user machine, an execution environment having the target geolocation characteristic, (4) running, on the image of the user machine, the geolocation-aware malware, and (5) analyzing functioning of the geolocation-aware malware to identify malicious activity by the geolocation-aware malware. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system receives data of one or more types from one or more sources having distinct identities for storing the data in a distributed storage system. The system stores metadata associated with storing the data in data structures in the distributed storage system. The system selects a portion of the data and a portion of the metadata associated with storing the data in the distributed storage system. The system compresses the selected portions of the data and the metadata, encrypts the compressed data and metadata using a single key or using a separate key for each data type, and stores the encrypted compressed data and metadata in the distributed storage system. The system also encrypts unencrypted metadata and associated data during defragmentation procedure.

Abstract: A building management system comprising an integrated sensor and control system integrated on a single application specific integrated circuit (ASIC). The ASIC combines sensor inputs necessary to monitor ambient light levels, light color, occupation/motion sensors, security sensors, temperature and humidity, barometric pressure, smoke and toxic substance sensors, and a processor to receive the sensor inputs and deliver control output signals to effect changes and make settings to each of the environmental systems that are monitored. The ASIC also provides communication and control security for the building management system, preventing hostile intrusions into the system. The storage, intelligence and processing all reside within the ASIC.

Abstract: A multilevel security fabric with address management units communicatively coupled to ports of a communication fabric and nodes of a multilevel security system are disclosed. The communication fabric facilitates communication between the nodes. An address management unit associated with a particular node extracts address maps contained in data requests associated with the particular node and regulates communication of that node any other nodes within the system across the communication fabric based on whether the extracted address maps are within an allowable address access range specified for the particular node. In the event that an extracted address map fails to fall within the allowable address access range, the address management unit may block the communication with the particular node. Accordingly, the address management unit may enforce multilevel communication across the communication fabric with high assurance.

Abstract: An attempt to authenticate to a system resource using a particular device and particular credentials is identified and an identity of a user associated with the particular credentials is determined. In association with the attempt to authenticate, a location associated with the particular device is determined and sensor data generated by a set of sensors deployed in an environment is accessed, at least some of the sensor data including biometric data. The sensor data is used to detect a location of the user, and a degree of proximity between the location associated with the particular device and the location of the user is determined. An authentication action is caused to be performed corresponding to the attempt to authenticate based on the degree of proximity.

Abstract: This disclosure provides an apparatus and method for dynamic customization of cyber-security risk item rules. A method includes interacting with a user, by a risk manager system, to define a plurality of rules for risk items to be monitored among a plurality of connected devices. The method also includes mapping each of the rules to a corresponding one or more of the connected devices by the risk manager system. The method further includes monitoring the connected devices according to the rules by the risk manager system. In addition, the method includes displaying an output based on the rules and a status of the connected devices by the risk manager system.