Abstract: The disclosure relates to provisioning honeypot computing services using computing resources in a defective computing resource pool. In one example, a computing system can generate a maliciousness score for a received resource allocation request, determine that the generated maliciousness score exceeds a maliciousness threshold and identify a computing resource in a defective resource pool that is eligible to satisfy the request. The system can then provision honeypot computing services to fulfill the request, using the identified computing resource in the defective resource pool.

Abstract: A computer-implemented method for a token-based authorization in a data processing environment may be provided. The data processing environment comprises at least a user system, an application, an authentication server and an access control server. The method comprises accessing the application via a user system request, redirecting the user access request to an authentication server, authenticating the user, wherein authentication credentials comprise a request for a restricted entitlement, wherein the restricted entitlement represents a subset of existing entitlements managed by the access control server for a resource. The method comprises also sending an access token from the authentication server to the application, requesting execution of an operation comprising invoking the operation by the application providing the access token comprising restricted entitlements, invoking the access control server, and providing the scope of the token comprising the subset of the existing entitlements.

Abstract: An authentication server that connects a client device and a target server via a first network. The authentication server includes: a storage and a processor. The storage stores user-specific information that includes a plurality of data items. The processor: upon receiving an authentication request including a user ID and a user password, an authentication ID, a biometric device ID unique to a user, or biometric data of a user, identifies a corresponding credential data of the user; determines which of the items in the user-specific information will be sent to the client device; and returns the determined items to the client device, and causes the client device to store the determined items as cache data used for logging into at least one of the client device and the target service, wherein the client device and the target server have given a login authority to the user.

Abstract: In an aspect, the present application may describe a method including: receiving, from a remote computing device and at a server, an indication of consent for an authenticated entity to share data with a third party server; in response to receiving the indication of consent, issuing an access token to the third party server, the access token for accessing data associated with the authenticated entity; monitoring a risk parameter associated with one or both of the third party server and the authenticated entity to detect a change in the risk parameter; determining, based on input received from the authenticated entity, that data sharing with the third party server is to be modified based on the change in risk parameter; and modifying the sharing of data for the authenticated entity with the third party server by revoking the access token or modifying an access permission associated with the access token.

Abstract: The present invention relates to a remote control apparatus which can remotely control multiple devices. A remote control apparatus according to an embodiment of the present invention comprises: a key input unit having multiple keys; a reception unit for receiving at least one device identification signal from at least one device or a transmission device corresponding to the device; a processor for detecting an identification signal for a device, which can be remotely controlled, from the at least one received device identification signal, and matching at least one of the multiple keys to a control command for the remote control of the device, on the basis of the detected identification signal; and a transmission unit for transmitting a signal corresponding to the control command when the key matched to the control command is selected. Accordingly, the present invention can remotely control multiple devices.

Abstract: At least initially blocking client download of certain content and injecting a user verification step for such downloads is disclosed. In some embodiments, client download of a response from a server to a client request is blocked, and instead a notification page with options to accept or decline the server response is provided to the client.

Abstract: A system for making specified resource management services available to a user through a mobile application and/or online portal based on the user's determined level of resource management competency. Further, an intuitive platform for resource management is provided that can provide instinctual guidance throughout the entire lifecycle of a user's engagement with the resource management entity, including but, not limited to, onboarding, providing services to the users, allowing the user to conduct resource interactions and the like.

Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

Abstract: The present disclosure pertains to systems and methods of restricting access to devices utilizing tokens. In some embodiments, a system may include a user requesting a token, ensuring the user requesting a token has the permission to request the token and is not the user approving the token. In some embodiments, the system may include the user granting the token, wherein the user granting the token is not the user receiving the token. The system ensures that the user accessing the device has the permission to access the device. Additionally, the system decreases the opportunities for insider attacks and increases the resistance to credential theft attacks. Further, the system increases the accountability for changes and the ability to review changes.

Abstract: Electronic laboratory notebook (ELN) system (1), comprises an ELN managing application (3) of an ELN service provider and being accessible for clients via the Internet and being configured for managing the access of the clients on the electronic laboratory notebook represented by ELN data in an ELN database hosted by the ELN service provider, a client computer (2) being located on premises of the client and connected to the internet (4), the client computer (2) running a client software (7) to communicate with the ELN managing application (3) via the Internet (4), a local storage server (5) being located on premises of the client, the local storage server being configured for storing ELN-files, which include content of the ELN, and the ELN application (3) being configured for controlling, in dependence on the client's access rights, the transfer of the ELN-files between the local storage server and the client computer.

Abstract: A method for a two-factor authentication process includes, responsive to determining a first user authentication was prompted in a first application on a first device associated with a user, identifying a second application on a second device based on a user profile associated with the user. The method identifies a first event from a plurality of events that previously occurred in the second application in a select time frame, wherein the first event relates to a first action performed by the user in the second application. The method generates an authentication question based on the first event, wherein the authentication question is a second user authentication. Responsive to determining an answer provided by the user to the authentication question is correct, the method grants access to the first user authentication prompt.

Abstract: An example method includes enabling, by the user processing system, a user to associate a color with at least one of the plurality of pixels of a graphic, and generating a passcode. The passcode is based at least in part on the color associated with the at least one of the plurality of pixels. The method further includes transmitting, by the user processing system, the passcode to a host processing system. The method further includes determining, by the host processing system, whether the passcode matches an expected passcode that is based at least in part on a reference graphic comprising a plurality of reference pixels, each of the plurality of reference pixels having a color or a null value associated therewith. The method further includes, responsive to determining that the passcode matches the expected passcode, authorizing, by the host processing system, the user processing system to access a restricted resource.

Abstract: The present disclosure generally discloses an Internet security mechanism configured to provide security for Internet resources of the Internet using an Internet blockchain. The Internet blockchain may be configured to provide security for Internet resources of the Internet by supporting various types of verification related to Internet resources of the Internet, which may include verification of Internet resource ownership, verification of Internet resource transactions, and so forth. The Internet blockchain may be configured to enable Internet participants (e.g., Internet registries, Domain Name Service (DNS) entities, Autonomous Systems (ASes), or the like) to verify Internet resource ownership of Internet resources (e.g., Internet Protocol (IP) addresses, AS numbers, IP prefixes, DNS domain names, or the like) by Internet participants, to verify Internet resource transactions (e.g.

Abstract: Systems and methods are provided for minimizing traffic leaks during replacement of an access control list for a network interface. The method includes adding a blocking access control entry to an access control list for a network interface of a network switch, wherein the blocking entry causes the network interface to block traffic from passing through the network interface; removing one or more current access control entries from the access control list, except for the blocking entry, after adding the blocking entry to the access control list; adding one or more new access control entries to the access control list, without removing the blocking entry, after removing the one or more current access control entries from the access control list; and removing the blocking entry from the access control list after adding the one or more new access control entries to the access control list.

Abstract: A method is provided for carrying out a cryptographically secured authentication which complies with the Universal Authentication Framework (UAF) of the FIDO Alliance. It is thus possible to employ an existing infrastructure of the FIDO Alliance and the method can be embedded into the infrastructure using standard interfaces.

Abstract: Systems and methods related to establishing a temporary trusted relationship between a network-based media service and a device that does not have a trusted relationship with the network-based media service are disclosed. In one embodiment, a method of operation of a first device having a trusted relationship with a network-based media service to establish a temporary trusted relationship between the network-based media service and a second device that does not have a trusted relationship with the network-based media service is provided. In one embodiment, the method of operation of the first device includes obtaining a certificate of the second device, generating a temporary token for the second device based on the certificate of the second device, and sending the temporary token for the second device to a server that provides the network-based media service to thereby pre-authorize the second device for temporary media service.

Abstract: A method and system for decentralized biometric signing of a digital contract. A private key is encrypted using biometric data captured, from a user, on a mobile device. The encrypted private key, a public key associated with the private key, and a digital identity pertaining to the user and the captured biometric data are stored on the mobile device. A digital hash of the digital contract is generated. Using the captured biometric data, the user is authenticated and the encrypted private key is decrypted. The digital hash is signed with the decrypted private key. The signed digital hash of the digital contract, the digital contract prior to being hashed, the identifier, the certifier of the identifier, the public key, a certification of the public key by a third party, and a record of a successful authentication of the user using the biometric data are stored in a blockchain.

Abstract: A cloud-based proxy service identifies a denial-of-service (DoS) attack including determining that there is a potential DoS attack being directed to an IP address of the cloud-based proxy service; and responsive to determining that there are a plurality of domains that resolve to that IP address, identifying the one of the plurality of domains that is the target of the DoS attack. The domain that is under attack is identified by scattering the plurality of domains to resolve to different IP addresses, where a result of the scattering is that each of those domains resolves to a different IP address, and identifying one of those plurality of domains as the target of the DoS attack by determining that there is an abnormally high amount of traffic being directed to the IP address in which that domain resolves.

Abstract: A system for managing cyber security risks includes a memory storing instructions and a processor that executes the instructions to perform operations. The operations include receiving raw entity data for one or more entities from a source system and converting the raw entity data to processed entity data having a format different from the first entity data. The operations include extracting attributes for the entities from the processed entity data and generating an initial risk score for a selected entity based on an entity initial attribute associated with that entity. The operations also include receiving a rule for determining a rule-based risk score and generating a rule-based risk score for the selected entity based on the entity attribute of the selected entity. Additionally, the operations include generating a risk score for the selected entity based on the initial and rule-based risk scores.

Abstract: In some embodiments, a behavioral computer security system protects clients and networks against threats such as malicious software and intrusion. A set of client profiles is constructed according to a training corpus of events occurring on clients, wherein each client profile represents a subset of protected machines, and each client profile is indicative of a normal or baseline pattern of using the machines assigned to the client respective profile. A client profile may group together machines having a similar event statistic. Following training, events detected on a client are selectively analyzed against a client profile associated with the respective client, to detect anomalous behavior. In some embodiments, individual events are analyzed in the context of other events, using a multi-dimensional event embedding space.