Abstract: Systems and methods for configuring security policies based on security parameters stored in a public or private cloud infrastructure are provided. According to one embodiment, security parameters associated with a first network security device of an enterprise are shared by the first network security device with other network security devices associated with the enterprise by logging into an shared enterprise cloud account. The shared security parameters are retrieved by a second network security device by logging into the shared enterprise cloud account. A Virtual Private Network (VPN) client configuration is automatically created by the second network security device that controls a VPN connection between the first and second network security devices based at least in part on the shared security parameters. The VPN connection between the first and second network security devices is dynamically established based at least in part on the shared security parameters.

Abstract: Systems and methods for secure user authentication are described. In certain embodiments, a client device such as a smartphone may be provisioned with a secure key and/or other secret information. The client device may be used to generate unique secure tokens and/or other credentials used in connection with an authentication processes. A user may provide the generated tokens and/or other credentials to a service provider in connection with a request to access a managed service. The validity of the generated tokens and/or other credentials may be verified by an authentication service in communication with the service provider.

Abstract: A server system maintains data indicative of credentials held by multiple different users. Each of the credentials has been issued by a credential granting authority that is separate from an entity that operates the server system. The server system receives selection data that indicates how credential data of a first user is to be made available to other users. Based on the selection data, the server system stores availability data that indicates how credential data of the first user is to be made available to the other users. The server system also maintains a location of a mobile computing device associated with the first user and, based on the availability data and the location, provides, to at least a second user, information about at least one credential held by the first user in association with an indication of the location.

Abstract: Systems, methods, and media for outputting data based on anomaly detection are provided. In some embodiments, a method for outputting data based on anomaly detection is provided, the method comprising: receiving, using a hardware processor, an input dataset; identifying grams in the input dataset that substantially include distinct byte values; creating an input subset by removing the identified grams from the input dataset; determining whether the input dataset is likely to be anomalous based on the identified grams, and determining whether the input dataset is likely to be anomalous by applying the input subset to a binary anomaly detection model to check for an n-gram in the input subset; and outputting the input dataset based on the likelihood that the input dataset is anomalous.

Abstract: A device and a method for controlling a security screen in an electronic device are provided. The electronic device includes a display module, a first memory having at least one display data stored therein, a composing module that composes a plurality of display layers each including at least one display data and displays the same on the display module, and a control module that controls at least one of the display module, the first memory, or the composing module, wherein the control module identifies a type of the at least one display data included in each of the plurality of display layers and controls the attributes of the plurality of display layers to display a display layer including security data, among the plurality of display layers, at the uppermost position when the identified display data is the security data.

Abstract: Security is simply and safely secured when communication is performed by an information processing device including: a communication unit configured to wirelessly communicate with another terminal; an identification information acquisition unit configured to acquire first identification information that is acquired through the communication unit and encrypted for specifying the other terminal, and that is decrypted with a first decryption key managed in a network service; and a key acquisition unit configured to acquire a first encryption key associated with the first identification information in the network service when second identification information for specifying an own terminal is associated with the first identification information in the network service. The communication unit transmits information encrypted with the acquired first encryption key to the other terminal.

Abstract: The disclosed computer-implemented method for adjusting behavioral detection heuristics may include (1) configuring a behavioral detection heuristic to provide an initial level of malicious behavior detection on a computing system, (2) using the behavioral detection heuristic at the initial level of malicious behavior detection to detect at least two security threats on the computing system, (3) determining that the time between the security threats is shorter than a predetermined length of time, and (4) in response to determining that the time between the security threats is shorter than the predetermined length of time, adjusting the behavioral detection heuristic to provide a heightened level of malicious behavior detection that is configured to catch at least one additional security threat that may not be caught using the initial level of malicious behavior detection. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Various systems and methods are provided that retrieve raw data from issuers, reorganize the raw data, analyze the reorganized data to determine whether the risky or malicious activity is occurring, and generate alerts to notify users of possible malicious activity. For example, the raw data is included in a plurality of tables. The system joins one or more tables to reorganize the data using several filtering techniques to reduce the processor load required to perform the join operation. Once the data is reorganized, the system executes one or more rules to analyze the reorganized data. Each rule is associated with a malicious activity. If any of the rules indicate that malicious activity is occurring, the system generates an alert for display to a user in an interactive user interface.

Abstract: A method for preventing application uninstalls on devices is described. In one embodiment, the method includes identifying granted device administrator permissions in association with an application installed or being installed on a device, monitoring the device relative to the granted device administrator permissions, and suspending a callback function to prevent the device from enabling revocation of the granted device administrator permissions.

Abstract: To provide for a physical security mechanism that forms a complete envelope of protection around the cryptographic module to detect and respond to an unauthorized attempt at physical access, a tamper sensing encapsulant generally encapsulates the cryptographic module. The tamper sensing encapsulant includes a first shape actuation layer associated with an electrically conductive first trace element and a second shape actuation layer associated with an electrically conductive second trace element. The first shape actuation layer is positioned against the second shape actuation layer such that the first trace element and the second trace element do not physically touch at an operating temperature of the cryptographic module and do physically touch when the first shape actuation layer and the second shape actuation layer are thermally loaded. Upon first trace element and the second trace element touching, a circuit is formed that disables the cryptographic module.

Abstract: A method, device and machine-readable storage device for transferring data between identity modules is disclosed. Data is stored in one of a first removable storage module coupled to a donor communication device and a memory of the donor communication device, or both. A first portion of the data is provided to a server. The server provides the first portion of the data to a second removable storage module coupled to a recipient communication device responsive to a determination that a recipient communication device has a right to the data. Additional embodiments are disclosed.

Abstract: Presented herein are techniques for adding a secure control layer to a distributed communication fabric that supports publish-subscribe (pub-sub) and direct query (synchronization) communication. The secure control layer is configured to perform policy-based authentication techniques to securely manage the exchange of data/information within the communication fabric and enable registration/discovery of new capabilities.

Abstract: The present disclosure discloses method and browser for online banking login, solving the problems of complex and trivial steps and insecurity of online banking login via web navigation websites. The method comprises: pre-storing and managing online banking website addresses on a browser side and managing the certificates and/or online banking plugins corresponding to the online banking in the form of NPAPI; judging whether the current website address accessed by a user in the browser is an online banking website address, based on the stored online banking website addresses; when it is one of the stored online banking website addresses, using the NPAPI to call the corresponding online banking certificate and/or online banking plugin to perform online banking login. The embodiments of the present disclosure decrease steps and enhance security to log in to online banking.

Abstract: A method and system are disclosed for providing functionality on a network. A mobile agent moves from a first node to a target node and, at the target node, performs as an application layer gateway.

Abstract: A welding system including a processor configured to receive a first set of welding data of a live welding session corresponding to welding parameters, arc parameters, or any combination thereof, a memory configured to store the received first set of welding data, and an operator identification system coupled to the processor and to the memory. The operator identification system includes an input device configured to receive a first identifier input from a first operator that performs the welding session and a second identifier input from a second operator. The operator identification system is configured to determine an identity of the first operator based at least in part on the first identifier input, to verify the identity of the first operator based at least in part on the second identifier input, and to associate the received first set of welding data with the first identifier input.

Abstract: An apparatus and method are described for implementing a trusted dynamic launch and trusted platform module (TPM) using a secure enclave. For example, a computer-implemented method according to one embodiment of the invention comprises: initializing a secure enclave in response to a first command, the secure enclave comprising a trusted software execution environment which prevents software executing outside the enclave from having access to software and data inside the enclave; and executing a trusted platform module (TPM) from within the secure enclave, the trusted platform module securely reading data from a set of platform control registers (PCR) in a processor or chipset component into a memory region allocated to the secure enclave.

Abstract: In an example, a computing device may an input verification engine (IVE) that provides input verification services within a trusted execution environment (TEE), including a memory enclave. Taking a Java-based Android application as an example, the IVE securely verifies and validates user inputs for sensitive computing applications, without exposing the inputs to external applications. The IVE may be implemented in native C/C++ or similar, or may provide instructions to dynamically provision an enclave and import a minimal Java Virtual Machine (JVM) into the enclave so that the IVE can run in Java. The IVE may also contain binary analysis tools to analyze an input binary to identify and tag portions that receive user input, so that in a binary translation, those portions can be run within the enclave.

Abstract: A computer-implemented method for managing network security may include identifying a set of trusted Internet domains, identifying traffic information that indicates Internet traffic volume for each trusted Internet domain in the set of trusted Internet domains, and analyzing the traffic information to select, from the set of trusted Internet domains, a subset of trusted Internet domains that each have higher Internet traffic volume than one or more other trusted Internet domains in the set of trusted Internet domains. The method may also include including the selected subset of trusted Internet domains in an Internet domain whitelist. The method may further include configuring a network gateway system to perform a less intensive scan on Internet traffic that originates from an Internet domain identified in the Internet domain whitelist than on traffic that originates from other Internet domains. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods for configuring security policies based on security parameters stored in a public or private cloud infrastructure are provided. According to one embodiment, security parameters associated with a first network appliance of an enterprise, physically located at a first site, are shared by the first network appliance with multiple network appliances of the enterprise by logging into an shared enterprise cloud account. The shared parameters are retrieved by a second network appliance of the enterprise, physically located at a second site, by logging into the shared enterprise cloud account. A VPN client configuration is automatically created by the second network appliance that controls a VPN connection between the first and second network appliances based on the shared parameters. The VPN connection is dynamically established based on the shared parameters when the VPN client configuration permits network traffic to be exchanged between the first and second network appliances.

Abstract: A computer-implemented method for file classification may include (1) identifying, by a computer security system, a cluster of files that co-occur with each other according to a statistical analysis, (2) identifying ground truth files to which the computer security system has previously assigned a security score, (3) determining that a file in the cluster of files shares an item of file metadata with another file in the ground truth files, (4) assigning a security score to the file in the cluster of files based on a security score of the other file in the ground truth files that shares the item of file metadata, and (5) assigning an overall security score to the entire cluster of files based on the security score assigned to the file in the cluster. Various other methods, systems, and computer-readable media are also disclosed.