Abstract: Determining malicious activity in a monitored network using clustering algorithmic techniques in which a source of known malicious network entities and known legitimate network entities associated with network traffic flow are provided. A dataset is generated consisting of a plurality of known malicious network entities and a plurality of known legitimate network entities. Network related attributes are identified associated with each of the plurality of malicious network entities and the plurality of legitimate network entities contained in the generated dataset. A predetermined number (X) of clusters is generated based upon the plurality of malicious (bad) and legitimate (good) network entities. A generated cluster is tagged with a bad, good or an unknown tag. If a generated cluster is determined assigned a bad tag, it is then stored it in a database and assigned a clusterID for future use in machine learning techniques for detecting network attacks upon the monitored network.

Abstract: Aspects of the present disclosure involve systems, methods, devices, and the like for generating an adversarially resistant model. In one embodiment, a novel architecture is presented that enables the identification of an image that has been adversarially attacked. The system and method used in the identification introduce the use of a denoising module used to reconstruct the original image from the modified image received. Then, further to the reconstruction, an adversarially trained model is used to make a prediction using at least a determination of a loss that may exist between the original image and the denoised image.

Abstract: Methods and systems for preventing malicious use of endpoint devices are described herein. A computing device may receive data indicative of usage of the computing device by a user. The computing device may compare the received data with other data (indicative of how an authorized user for the computing device uses the computing device) stored on the computing device to identify instances of abnormal usage of the computing device. The computing device may detect unauthorized use of the computing device based on the number of instances of abnormal usage exceeding a threshold. The computing device may prevent access to a computing environment with use of the computing device in response to detection of unauthorized use.

Abstract: A system for protecting an electronic device against malware includes a memory, an operating system configured to execute on the electronic device, and a below-operating-system security agent. The below-operating-system security agent is configured to trap an attempted access of one or more resources of the operating system, access one or more security rules to determine whether the attempted access is indicative of malware, operate at a level below all of the operating systems of the electronic device accessing the one or more resources. The attempted access includes an attempted loading or unloading of a driver in the operating system.

Abstract: Systems and methods may provide for determining a composite false match rate for a plurality of authentication factors in a client device environment. Additionally, the composite false match rate can be mapped to a score, wherein an attestation message is generated based on the score. In one example, the score is associated with one or more of a standardized range and a standardized level.

Abstract: A system includes a multi-stack subscriber, a gateway, and a web portal. The web portal determines whether the subscriber is authenticated to access the Internet using a first Internet Protocol by receiving logon information from the subscriber. The subscriber requests to access the Internet using a second Internet Protocol. The gateway and/or the web portal determine whether the subscriber is authenticated to access the Internet using the second Internet Protocol without sending a second logon to the subscriber.

Abstract: A method includes (a) receiving, from an application server, a login message for a user, the login message including a user credential for a credential-based authentication (CBA), (b) forwarding the user credential to a CBA server for the CBA, (c) in response, receiving, an authentication decision message from the CBA server, (d) sending decision information from the authentication decision message received from the CBA server to a risk-based authentication (RBA) server, the RBA server being distinct from the CBA server, the decision information to be used by the RBA server in performing RBA authentication decisions, (e) if the authentication decision message is positive, then sending a challenge message to the application server to initiate RBA to be performed by the RBA server supplementary to the CBA, and (f) if the authentication decision message is negative, then sending a rejection message to the application server.

Abstract: Systems and methods for facilitating media fingerprinting are provided. In one aspect, a system can include: a memory, a microprocessor, a communication component that receives media; and a media fingerprinting component that fingerprints the media. The media fingerprinting component employs a fingerprint generation component stored in the memory and includes: a first hash generation component that generates sets of hashes corresponding to versions of the media; and a second hash generation component that computes a final hash based, at least, on hashing the sets of hashes. In some aspects, the media fingerprinting component can generate a flip-resistant fingerprint based, at least, on the final hash. In some aspects, the flip-resistant fingerprint is the final hash.

Abstract: An enumeration prevention technique involves receiving an authentication session request which includes a validation result indicating whether a user identifier supplied by the user identifies a valid user entry in a user database. The technique further involves providing a genuine authentication session response when the validation result indicates that the user identifier does identify a valid user entry in the user database. The genuine authentication session response includes a user-expected set of artifacts to confirm authenticity of the authentication server to the user. The technique further involves providing a faux authentication session response when the validation result indicates that the user identifier does not identify a valid user entry in the user database. The faux authentication session response includes a machine-selected set of artifacts enabling the faux authentication session response to resemble a genuine authentication session response.

Abstract: Two-party, role-based email verification can be used by an administrator to control the sending of emails by an authorized user. Various administrator notification/approval options may be provided. Two-party, role-based verification may also be applied to e-commerce transactions and other transactions where two-party, role-based verification is desirable.

Abstract: An information processing apparatus, including: a data processing section reproducing contents stored in a medium having a general purpose area in which encrypted contents and utilization controlling information corresponding to the contents are stored, and a protected area configured from a plurality of blocks to which access limitation is set and which include a block in which an encryption key for decrypting the contents and information of a plurality of validity periods indicative of content utilization permission periods applied to the application contents of the encryption key are stored, wherein the data processing section acquires the utilization controlling information of a reproduction object content, extracts selection information of validity period information to be applied to the content, and decides whether or not content reproduction is to be permitted by comparison between the validity period information selected from within the block and current date information in accordance with the selecti

Abstract: Methods, systems, and computer programs for producing hash values are disclosed. A prefix-free value is obtained based on input data. The prefix-free value can be based on an implicit certificate, a message to be signed, a message to be verified, or other suitable information. A hash value is obtained by applying a hash function to the prefix-free value. The hash value is used in a cryptographic scheme. In some instances, a public key or a private key is generated based on the hash value. In some instances, a digital signature is generated based on the hash value, or a digital signature is verified based on the hash value, as appropriate.

Abstract: System, method, computer program product embodiments and combinations and sub-combinations thereof for elastic resource provisioning are provided. An embodiment includes grouping physical resources in an asymmetric distributed cluster of data processing nodes logically into one or more provisions. Further included are configuring access to the physical resources with the one or more provisions, and managing adjustment of operations among the data processing nodes in correspondence with adjustment to the physical resources through the one or more provisions and transparently to an application utilizing the physical resources.

Abstract: A method and system for secured broadcasting of a digital data flow between a technical platform (1) and at least one terminal (2), characterized in that it comprises the following steps: transmitting a scrambled and multiplexed digital data flow with at least one message (ECM) including a control key (CW) encrypted by a channel key (CC); descrambling in a secured memory area of the terminal (2) the scrambled digital data flow from the control key (CW) obtained according to the following substeps; sending to the technical platform (1) a request including the identifier (IUi) of the terminal (2); generating a secret key (CSk) from a cryptographic mechanism (A) using a single ciphering key (BSKn) and the identifier (IUi) of the terminal (2) with view to ciphering said channel key (CC) and obtaining a message (eCCk); deciphering the message (eCCk) received by a terminal (2) from the key (CSk) initially stored in the terminal (2) so as to obtain the channel key (CC), and obtaining the control key (CW) resulti

Abstract: In one implementation, a social media device receives social interaction data including an identity of neighboring mobile devices that have been within a physical proximity of an object mobile device. The social media device hosts a social network service and provides content to a user associated with the object mobile device according to the identity of more neighboring mobile devices. The user of the object mobile device may opt to receive content only from those users that are identified in the social interaction data. The user of the object mobile device may opt to permit only those users that are identified in the social interaction data to receive content generated by the user of the object mobile device. The user may opt to alter the status policy seen by other users so that only users that are identified in the social interaction data see the user as available or online.

Abstract: Disclosed is a system and method for securely, conveniently and effectively storing information in a secure data repository or database, and securely delivering such information to a respective user. The secure repository and database, referred to as a Vault, is a secure storage utility used for storing and safekeeping valuable personal information and documents associated with a user. The Vault can store and provide access to personal documents for a user, such as but not limited to, wills, irreplaceable pictures or video, financial documents/bills, contracts, account numbers and credit card numbers. The Vault can be provided as a service within a smart, cloud-based system, which intelligently gathers, stores and initiates actions for a variety of user documents.

Abstract: A method and apparatus for detecting violations of data loss prevention (DLP) policies based on reputation scores. Using a DLP agent, monitors outbound data transfers performed by the computing system, and determines a reputation score for at least one of the data transfers to a destination entity specified to receive the at least one data transfer based on a data type of the data being transferred to the destination entity.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer-readable storage medium, and including a method for providing content. The method comprises receiving a first login associated with a first anonymous identifier and first device, creating an associated first private-public key pair, storing a first private key locally in the first device, and publishing a first public key. The method further comprises receiving a second login from a second different device, creating a second private-public key pair, storing a second private key, publishing the second public key, creating a secret key using the first public key, and associating a second anonymous identifier with the secret key. The method further comprises subsequently receiving a login the first device, creating the secret key using the second public key, associating the first anonymous identifier with the secret key, receiving a request for content from either device, and providing content using the association.

Abstract: Disclosed are systems and methods for protecting secret device keys, such as High-bandwidth Digital Content Protection (HDCP) device keys. Instead of storing secret device keys in the plain, a security algorithm and one or more protection keys are stored on the device. The security algorithm is applied to the secret device keys and the one or more protection keys to produce encrypted secret device keys. The encrypted secret device keys are then stored either on chip or off-chip.

Abstract: An analysis system for unknown application layer protocols, which could automatically discover unknown applications existing in a network, and then obtain keywords, attribute values, status codes or type codes representing semantic meaning of each field in each type of unknown application as well as message formats, dialogue rules and status transfer relations of application layer protocols by using cluster analysis and optimal partitioning method based on hidden semi-Markov model. Unknown application analysis result could be used for flow management and safety protection of a network. The system has the following advantages: it avoids difficulties arising from manual discovery and analysis of unknown applications, and improves network management efficiency and responding speed against new types of network attacks.