Abstract: A method, non-transitory computer readable medium, security management apparatus, and network traffic management system that monitors received HTTP requests associated with a source IP address to obtain data for one or more signals. A value for one or more bins corresponding to one or more of the signals for individual behavioral histograms and a global behavioral histogram is updated based on the signal data. The individual behavioral histograms each correspond to one of the source IP addresses. A determination is made when a DDoS attack condition is detected. When the determining indicates that the DDoS attack condition is detected, an attack pattern is identified in the global behavioral histogram and a mitigation action is initiated for one of the source IP addresses based on a correlation of one of the individual behavioral histograms, which corresponds to the one of the source IP addresses, to the attack pattern.

Abstract: Token management systems and methods are described. The token management systems and methods are configured to receive a plurality of tokens from a plurality of entities associated with a user and to enable the user to manage the tokens in a secure, convenient, efficient, and time-saving manner. The token management system may be accessed with a user device. In some arrangements, the token management system is structured to receive a registration request from a user, request a plurality of tokens from different entities where the user has associated tokens, and to provide various token management functions to the user. The token management functions allow the user to change, reassociate, activate, and deactivate the tokens, as well as create new tokens.

Abstract: A password evaluation engine used to evaluate a user's password that redefines the concepts of password complexity and password strength is discussed. Password complexity may be calculated by the evaluation engine so as to take into account the amount of knowledge possessed by a potential attacker, seeking to crack the password, of the rules corresponding to a rule set used for generating the password. A determination of password strength by the evaluation engine may consider a potential attacker's computational resources, the protection function used to protect/store a password and the amount of time available to the attacker to crack the password with respect to an identified search space based on the attacker's knowledge. Embodiments also enable a password strength estimator to be evaluated and policy recommendations to be generated for an entity's password policy requirements.

Abstract: In the sharing of data between connected devices over a network, a network device broadcasts an availability of a set of data collected by a data producing device coupled to the network. The network device receives a request to access the set of data from a data consuming device coupled to the network, and a cognitive computing module of the network device determines a set of terms between the data producing and the data consuming devices for access to the set of data. In response, the network device obtains the set of data and a first key from the data producing device. Upon receiving a second key from the data consuming device, the network device determines that the second key is associated with the first key. In response, the network device provides access to the set of data to the data consuming device according to the set of terms.

Abstract: Methods, systems, computer-readable media, and apparatuses may provide creation and management of composite tokens for use with services in a virtual environment without the user having to re-authenticate each time the user accesses a different service. A composite identity server may receive a request to upgrade a first authentication token for a user. The composite identity server may redirect a user agent to an identity provider for authentication and, in response, may receive a second authentication token for the user. The composite identity server may send the second authentication token to a federated microservice and, in response, may receive one or more claims of the second authentication token designated for inclusion in a composite token. The composite identity server may generate a composite token including the one or more claims of the first authentication token and one or more claims of the second authentication token.

Abstract: A vector generation unit generates a vector xn so that xn[i]?xn[j] if kn[i]=kn[j] at i?j. A set generation unit generates a set Bn,j so that individual elements correspond to combinations of the N?1 pieces of elements, which are individually selected from sets M0, . . . , MN?1 other than a set Mn, and xn[j] and the elements for all of the combinations are included. A matrix generation unit generates a matrix Tn? so that the matrix Tn? includes rows identical to Tn[j] in the number equal to the number of elements of the set Bn,j. A key generation unit generates a vector kn? so that elements of the matrix Tn? which correspond to a row identical to Tn[j] correspond to combinations of kn[j] and elements of the set Bn,j and further, the elements of the set Bn,j are different from each other when there are a plurality of rows identical to Tn[j].

Abstract: An encryption/decryption device connected to a communications entity includes: a key storage unit configured to store predetermined keys; a processing unit configured to receive a first key among the predetermined keys from the key storage unit and to encrypt data based on the received first key; a data port unit configured to receive data to be encrypted from the communications entity, to transfer the received data to the processing unit, if the data transferred to the processing unit is encrypted by the processing unit based on the first key, to receive the encrypted data from the processing unit, and to transfer the encrypted data received from the processing unit to the communications entity; and a connection unit configured to physically connect the encryption/decryption device with another encryption/decryption device. The predetermined keys are generated when the connection unit is connected to a connection unit included in the another encryption/decryption device.

Abstract: Described herein are various technologies for providing active mitigation of cyber-attacks against industrial and other control systems. A filtering device is connected to a backplane of a control system and receives communications from various modules of the control system. The filter device analyzes the received communications and determines whether they are genuine and permissible communications for the control system. Validated signals are output to a communications bus of the control system by the filter device, while impermissible communications are blocked. The filter device can be interposed between the modules of the control system and the backplane, or the filter device can be included as a component of a control system backplane.