Abstract: Embodiments are directed to monitoring local users' activity without installing an agent on a monitored machine. Periodic scans of the local users' directory using the standard protocol messages and APIs of a remote admin interface provide access to local machine data. Using the remote admin interface, defenders gain visibility to local users' logons, group membership, password changes, and other parameters. Security applications enabled by this visibility include, but are not limited to, abnormal logons detection, abnormal group addition and removal detection, and abnormal password changes detection.

Abstract: The disclosed technology is generally directed to device authentication in an IoT environment. For example, such technology is usable in authenticating IoT devices to an IoT Hub. In one example of the technology, data field targets are received for an IoT device. The data field targets may include at least one device identity data field target and at least one telemetry data field target. Data field entries are received from the IoT device at a first time. The data field entries may include at least one device identity data field entry and at least one telemetry data field entry. A determination is made as to whether the data field entries match the corresponding data field targets for the IoT device. The IoT device is selectively allowed to connect to the IoT hub based on the determination.

Abstract: Systems and methods for testing Signature Pattern Matching (SPM) for a new signature associated with a cloud-based security system with a plurality of nodes and a testing node include operating the testing node with a same management software and SPM library as the plurality of nodes; obtaining a new signature derived to detect malicious content; compiling the new signature in the SPM library for the testing node; implementing one or more test cases related to the malicious content to analyze behavior of the testing node with the SPM library containing the new signature; and, responsive to success in the one or more test cases, providing the SPM library to the plurality of nodes for detection of the malicious content.

Abstract: Disclosed embodiments provide techniques for improvements in electronic communications. A mobile electronic device associated with a user measures crowd density proximate to the user. When the crowd density exceeds a threshold, a haptic signal, such as a vibration or pneumatic output, is discretely provided to the user. After issuing the haptic signal, the device listens for false data. False data is data entered by the user that is not part of the expected data sequence. The false data is used to obfuscate the true data. The randomness of the false data can be used to generate a keypair used for communication. The keypair is used for asymmetric encryption that provides an extra level of security for electronic communications from the mobile electronic device.

Abstract: In one embodiment, a server may receive both layer-2 topology information and layer-2 telemetry information from a plurality of layer-2 switches. The server may then apply behavioral learning to both the layer-2 topology information and the layer-2 telemetry information to detect layer-2 patterns that are indicative of one or more problematic layer-2 behaviors. As such, based on the behavioral learning, the server then creates predictive rules to be applied within layer-2 networks to predict the one or more problematic layer-2 behaviors. The predictive rules may then be used within a particular layer-2 network to cause i) prediction of one or more particular problematic layer-2 behaviors within the particular layer-2 network based on data from a plurality of switches within the particular layer-2 network, and ii) mitigation against the predicted one or more particular problematic layer-2 behaviors within the particular layer-2 network.

Abstract: Systems, methods, and related technologies for device identification are described. In certain aspects, packet data associated with a device can be analyzed and a score determined. The score and the threshold can be compared to determine a device identification for the device.

Abstract: Techniques for signer-initiated electronic document signing via an electronic signature service using a mobile or other client device are described. Example embodiments provide an electronic signature service (“ESS”) configured to facilitate the creation, storage, and management of documents and corresponding electronic signatures. In some embodiments, when a signer user receives a hard copy (e.g., paper) signature document, the signer may capture an image of the signature document with a camera of a mobile device. The signer can then import the captured image into the ESS for signature, storage, and/or transmission to other parties.

Abstract: To easily identify an invalid device certificate by means of a validity check when signing keys that are used to create device certificates are compromised, a piece of status information is provided for device certificates that comprises positive evidence of the existence and validity of the device certificate, and alternatively or additionally to apply a special validity model for device certificates, wherein the time of issue of the device certificate is documented by means of a signed electronic timestamp, and wherein a different signing key is used for signing the timestamp than for signing the device certificate. Additionally, all information that is required for the validity check of a device certificate is stored in a memory of the device or in a memory associated with the device, so that an identity check on the device can be performed at any time without fetching additional data.

Abstract: The disclosed technology is generally directed to device authentication in an IoT environment. For example, such technology is usable in authenticating IoT devices to an IoT Hub. In one example of the technology, data field targets are received for an IoT device. The data field targets may include at least one device identity data field target and at least one telemetry data field target. Data field entries are received from the IoT device at a first time. The data field entries may include at least one device identity data field entry and at least one telemetry data field entry. A determination is made as to whether the data field entries match the corresponding data field targets for the IoT device. The IoT device is selectively allowed to connect to the IoT hub based on the determination.

Abstract: A computer readable medium having instructions embodied therewith, the instructions executable by a processor or programmable circuitry of a federation server to cause the processor or programmable circuitry to perform operations including configuring a plurality of identification (ID) federations between the federation server and a plurality of applications such that each of the plurality of ID federations is between the federation server and one of the plurality of applications, receiving a first authentication request for authenticating a user who has been authenticated on a first application of the plurality of applications using an ID federation between the first application and the federation server from among the plurality of ID federations, and sending a second authentication request to a second application of the plurality of applications for authenticating the user using an ID federation between the federation server and the second application from among the plurality of ID federations.

Abstract: An apparatus and a method for providing a security service in a communication system are provided. The security device includes a receiver configured to receive validation information used for validating data received by a receiving apparatus from the receiving apparatus, at least one processor configured to determine whether the validation information matches set validation related information, and a transmitter configured to transmit information indicating the determined result to the receiving apparatus.

Abstract: The disclosed computer-implemented method for validating a user's physical location may include (i) identifying a plurality of sensor-equipped devices that are connected to a local network, wherein the local network is associated with a physical location, (ii) receiving a request to validate that a user is present at the physical location that is associated with the local network, (iii) instructing, in response to receiving the request, the user to interact with at least one sensor-equipped device in the plurality of sensor-equipped devices, (iv) confirming, based on observing a response of the sensor-equipped device, that the user has interacted with the at least one sensor-equipped device, and (v) validating, in response to confirming that the user has interacted with the at least one sensor-equipped device, that the user is present at the physical location. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method of redirecting search queries from an untrusted search engine to a trusted search engine is a software application that is used to prevent personal information from being collected by untrusted search engines. The software application receives a search query URL for a desired search engine which corresponds to a search query. The search query is compared to a provided plurality of untrusted URL patterns in order to determine if the desired search engine can be trusted. If the search query URL is not found on in the plurality of untrusted URL patterns, the search is allowed to proceed. If the search query URL is found in the plurality of untrusted URL patterns, the search query is redirected to a trusted search engine. At least one trusted URL pattern is provided so that the search can be redirected to a trusted search engine.

Abstract: Methods, systems, and computer readable mediums for securely establishing credential data for a computing device are disclosed. According to one example, a method includes assigning, by a credential manager, credential set data to a computing device and mapping the credential set data to a device identifier key associated with the computing device in a credential data store accessible by the credential manager. The method further includes receiving, from a provisioning service client, a credential set request message including the device identifier key by the credential manager in response to an activation of the computing device at a customer location site and sending, by the credential manager to the provisioning service client, the credential set data for authenticating the computing device at the customer location site.

Abstract: According to an embodiment of the present disclosure, an electronic device may comprise a first sensor configured to obtain first biometric information of a first authentication level from a user, a second sensor configured to obtain the first biometric information and/or second biometric information of a second authentication level higher than the first authentication level from the user, a memory configured to store at least one piece of biometric information authenticated in relation with the user, and a processor configured to compare the at least one piece of biometric information with the first biometric information obtained through the first sensor while the electronic device operates in a locked state, to activate a timer to stop input to the first sensor for a designated time when authentication based on the first biometric information fails a designated number of times based on the comparison of the first biometric information, to obtain the second biometric information through the second sensor whi

Abstract: A hybrid cluster environment with a public cloud cluster having nodes storing data and a plurality of private clusters is provided, wherein each of the plurality of private clusters has nodes storing data. Registration data that indicates a customer identifier, a new private cluster, and a file transfer server is received. The new private cluster is added to the plurality of private clusters in the hybrid cluster environment. Input to design a job to process data in the hybrid cluster environment is received. It is determined that the job is to be deployed to the new private cluster. The job is deployed to the new private cluster using the file transfer server, wherein the job is executed at the new private cluster. Job status information and one or more job logs are received with the file transfer server.

Abstract: A hybrid cluster environment with a public cloud cluster having nodes storing data and a plurality of private clusters is provided, wherein each of the plurality of private clusters has nodes storing data. Registration data that indicates a customer identifier, a new private cluster, and a file transfer server is received. The new private cluster is added to the plurality of private clusters in the hybrid cluster environment. Input to design a job to process data in the hybrid cluster environment is received. It is determined that the job is to be deployed to the new private cluster. The job is deployed to the new private cluster using the file transfer server, wherein the job is executed at the new private cluster. Job status information and one or more job logs are received with the file transfer server.

Abstract: Systems and methods implemented by an application executed on a mobile device for service driven split tunneling include receiving and configuring the application on the mobile device; responsive to a set of rules, opening one or more tunnels to one or more host concentrators in the cloud; and intercepting packets being transmitted from the mobile device and one of forwarding the packets over the one or more tunnels and forwarding the packets directly based on the set of rules.

Abstract: A method comprising: launching, by a pre-boot environment, a pre-boot launch enclave (LE); creating, by the pre-boot LE, a launch token for a pre-boot quoting enclave (QE); authenticating, by the pre-boot LE, the launch token; launching, by the pre-boot environment with the launch token in response to the authentication, the pre-boot QE; generating, by the pre-boot QE, a public provisioning key, a private provisioning key, and an attestation key; verifying, by the pre-boot QE with a public key, authenticity of a device; securing, by the pre-boot QE with the public provisioning key, private provisioning key, and the public key, a communication channel with the device; encrypting, by the pre-boot QE with a system specific seal key, the public provisioning key, the private provisioning key, and the attestation key; and storing, by the pre-boot QE, the encrypted public provisioning key, the encrypted private provisioning key, and the encrypted attestation key in the device.

Abstract: The method includes receiving, by one or more computer processors, a first text, wherein at least a portion of the received first text is confidential. The method further includes identifying, by one or more computer processors, an intended recipient of the received first text. The method further includes identifying, by one or more computer processors, a first conversion model, which corresponds to the intended recipient. The method further converting, by one or more computer processors, the received first text into a third text that does not include confidential text based upon the identified first conversion model.