Abstract: Embodiments are described for generating, by a processor, a first event record in response to an event being performed by a computer; and generating, by the processor, a second event record in response to the first event record being generated, wherein the second event record comprises a signature corresponding to the first event record.

Abstract: Security and privacy controls for remote-access support services are provided. A system management policy that is associated with a customer system is identified. A remote-access session is initiated. A first command for execution on the customer system is received via the remote-access session. It is determined that the first command complies with the system management policy, and in response, the first command is executed on the customer system. A first unit of data generated in response to executing the first command is identified. It is determined that providing the first unit of data to a remote-access support system complies with the system management policy. The first unit of data is provided to the remote-access support system via the remote-access session.

Abstract: A method and system for deterring attacks at potential breach points between servers and an account and login server for creating and subsequent verification of accounts. Various cryptographic primitives are used to manipulate passwords to generate verifiers. The verifiers are used with external hardware security modules (HSMs) to eliminate HSMs and intermediate steps between the HSM and login servers as potential breach points.

Abstract: Techniques of access control in VR environments involve defining a series of gestures that users attending a private meeting within a virtual environment carry out to be allowed into the private meeting. Along these lines, when a user sets up a meeting to take place within a virtual environment, the user may define a series of gestures (e.g., swipes, circles, etc.) that may serve as an effective “secret handshake” that gains admittance to the private meeting. In one implementation, each person invited to the private meeting is given the same gesture to form in the virtual environment that provides access to the private meeting. In other implementations, each user has their own respective gesture that, when matched along with an identifier identifying that user, provides the access. Advantageously, such gestures are easily defined and executed by the users and recognized by servers that control private meetings within the virtual environment.

Abstract: An approach is provided for discovering social ties among users based on cloaked trajectories. In a method, cloaked regions of a first trajectory of a first user and cloaked regions of a second trajectory of a second user are transformed to corresponding semantic regions, respectively, wherein a semantic region is expressed with a semantic meaning of a corresponding cloaked region. The transformed semantic regions are mapped into nodes of a hierarchical semantic tree, wherein each node of the hierarchical semantic tree corresponds to a semantic region. According to relationships between nodes mapped to semantic regions of the first trajectory and node mapped to the semantic regions of the second trajectory, social ties among the first user and the second user can be inferred.

Abstract: A hardware cipher module to cipher a packet. The cipher module includes a key scheduling engine and a ciphering engine. The key scheduling engine is configured to receive a compact key and iteratively generate a set of round keys, including a first round key, based on the compact key and determine, based upon a cipher mode indication and a type of ciphering whether to generate a key-scheduling-done indication after the first round key is generated and before all of the set of round keys are generated or to generate the key-scheduling-done indication after all of the set of round keys is generated. The ciphering engine is configured to begin to cipher the packet with one of the set of round keys as a result of receiving the key schedule done indication.

Abstract: In systems and methods of managing a document with an authenticated document biosignature, a processor of a verification device may receive an image based on a user selection. The processor may calculate a base verification score associated with a user based on at least one identification input, the identification input comprising one or more identification features, wherein at least one of the identification features includes a biometric identification feature. The processor of the verification device may receive restricted access information, and may generate a glyph based on the base verification score, the at least one identification input, the selected image, and the restricted access information. The processor of the verification device may associate the glyph with a document.

Abstract: Disclosed herein are systems and methods that allow for secure access to websites and web-based applications and other resources available through the browser. Also described are systems and methods for invocation of a secure web container which may display data representative of a requesting party's application at a user's machine. The secure web container is invoked upon receipt of an API call from the requesting party. Thus, described in the present specification are systems and methods for constructing and destroying private, secure, browsing environments (a secure disposable web container), insulating the user and requesting parties from the threats associated with being online for the purposes of providing secure, policy-based interaction with a requesting party's online services.

Abstract: A protocol for issuing and controlling digital certificates is described in which an identity management system is used to identify a user requesting a digital certificate and is also used to issue the digital certificate itself. Accordingly, an IDM-based PKI system is provided.

Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosing operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. In the case of shellcode attacks, unsuccessful attacks may be emulated by selecting a corresponding emulator that will receive and execute instructions, as would a successful shellcode attack. Events occurring on the BotMagnet and Sinkhole are correlated and used to characterize the malicious code. The characterization may be transmitted to other computer systems in order to detect instances of the malicious code.

Abstract: Methods and systems for detecting malicious network activity. The method may include analyzing payload data relating to activity on one or more virtual security appliances, grouping related payloads, and analyzing a time series dataset describing the groupings to identify anomalous payloads.

Abstract: Methods and systems for authenticating and confidence marking e-mail messages are described. One embodiment describes a method of authenticating an e-mail message. This method involves extracting a plurality of e-mail headers associated with the e-mail message, and identifying a sending edge mail transfer agent (MTA). The method then calls for determining if the sending edge MTA is authorized to send the e-mail message.

Abstract: In representative embodiments, systems and methods to calculate the likelihood that presented cryptographic key material is untrustworthy are disclosed. A predictive model based on a debasing condition and a dataset is created by evaluating the dataset relative to the debasing condition. For example, if certificate revocation is selected as the debasing condition, the dataset is analyzed to produce a predictive model that determines the likelihood that a presented certificate is untrustworthy based on similarity to already revoked certificates. The predictive model can include a supervised learning model like a logistic regression model or a deep neural network model. The system can be used in conjunction with existing security infrastructures or can be used as a separate infrastructure. Based on the likelihood score calculated by the model, a relying system can reject the cryptographic key material, accept the cryptographic key material or take other further action.

Abstract: The present invention relates to a method and device for verifying data ownership. The user may verify whether the server actually owns the data to be uploaded by him, and the server may simultaneously verify whether the user actually owns the data.

Abstract: Provided are a method and a system for exchanging control information between secure socket layer (SSL) gateways. The method may commence with intercepting, by a client facing node, a client request including session-specific information and a session request to establish an SSL communication session between a client and a server. The method may continue with generating an SSL extension based on the session-specific information and adding the SSL extension to the session request to obtain an extended session request. The extended session request may be sent to a server facing node in communication with the client facing node. The method may further include identifying the session-specific information contained in the SSL extension of the extended session request and generating a further session request for establishing the SSL communication session between the server facing node and the server. The method may further include sending the further session request to the server.

Abstract: A method for security protection of account information is provided, where the method includes: detecting an account input event on an accessed web page; determining, when the account input event is detected, whether a URL of the accessed web page exists in a preset secure URL list; calculating, if the URL of the accessed web page does not exist in the secure URL list, a page similarity between the accessed web page and a preset real web page according to the URL and/or web page content of the accessed web page; and determining, according to the page similarity, whether the accessed web page has a security risk, and if yes, displaying an account security risk alert. The method preventing a user from being induced by a malicious website to input an account and a password. A system for security protection of account information is further provided.

Abstract: A request from an application client is received at a protected application. The request includes an access token. A grant information associated with the received access token is retrieved. The grant information includes a plurality of intersecting scopes of rights granted to the application client. In another aspect, a session is established between the protected application and the application client. Furthermore, at least one scope of rights from the plurality of intersecting scopes of rights is determined to be mapped to at least one Application Programming Interface (API) from a number of APIs provided by the protected application.

Abstract: A node (17, 21) in an information centric network (ICN) receives a first identifier associated with an information object. The node (17, 21) causes creation of a virtual node (18) in the ICN, for holding a mapping between a second identifier and the first identifier. The second identifier is assigned to a copy of the information object stored in the ICN. The node (17, 21) causes creation of the virtual node (18) such that the mapping is arranged to cease after a predetermined event. The virtual node (18) is created with the sole purpose of providing copies of the information object to a small number of requestors (14), and possibly to just one requestor (14). Ceasing the mapping after delivery of the one copy, or the few copies, of the information object prevents unauthorized retrieval of the information object.

Abstract: Provided are methods and systems for inspecting secure data. A system for inspecting secure data comprises a server facing module, and a client facing module in communication with the server facing module. The client facing module is operable to intercept a client request associated with the secure data to establish a secure connection with a server, establish a data traffic channel via the server facing module, and provide a control message to the server facing module via the data traffic channel. The control message includes an instruction to the server facing module to obtain a security certificate from the server. The security certificate is received from the server facing module via the data traffic channel. The security certificate is forged to establish the secure connection between the client and the client facing module. The client facing module sends unencrypted data to the server facing module via the data traffic channel.

Abstract: A method, a computer program product, and a multi-function peripheral are disclosed, which secures a device using a link local network for transmission of data. The method includes starting an Internet Protocol Version 6 (IPv6) network initialization from an Internet of Things (IOT) device in an IPv6 link local network; deriving an identifier for a link local IPv6 address for the IOT device from a first public key of the IOT device; sending the link local IPv6 address with the identifier from the IOT device to the first host device for double address detection (dad) in the link local IPv6 network; and authenticating the link local IPv6 address on the first host device with a private key.