Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.

Abstract: An integrated computing system configuration system includes a computing system that executes an application to receive, via user input, a request to provision a component of an ICS, and determine whether the component has been sanctioned for use with the ICS by comparing identifying information associated with the component with a plurality of sanctioned component records stored in a memory of the computing system. When the component has been sanctioned for use with the ICS, the application allows provisioning of the component, and when the component has not been sanctioned for use with the ICS, provisioning of the component is restricted.

Abstract: Disclosed are various examples for implementations of policy-based trusted peer-to-peer connections. A computing device can receive a message from a first client device, the message specifying a public address of the first client device and an identifier of the second client, device. The computing device can then send a query to a computing device, wherein the query specifies an identifier of the first client device and the identifier of the second client device. The computing device can also determine that the first client device is authorized to communicate with the second client device based on a response to the query received from the second computing device. In some instances, the computing device can then send the public address of the first client device to the second client device.

Abstract: The present invention relates to data rights management and more particularly to a secured system and methodology and production system and methodology related thereto and to apparatus and methodology for production side systems and are consumer side systems for securely utilizing protected electronic data files of content (protected content), and further relates to controlled distribution, and regulating usage of the respective content on a recipient device (computing system) to be limited strictly to defined permitted uses, in accordance with usage rights (associated with the respective content to control usage of that respective content), on specifically restricted to a specific one particular recipient device (for a plurality of specific particular recipient devices), or usage on some or any authorized recipient device without restriction to any one in specific, to control use of the respective content as an application software program, exporting, modifying, executing as an application program, viewing,

Abstract: The disclosed embodiments provide a method and apparatus for protecting a critical computer system from malware intrusions. An isolator containing access approval features is disclosed. The isolator requires the approval of a Supervisor which can be a person with authority or an intelligent computer before a user can have access to the critical computer system. The isolator contains features used to facilitate cascaded encryption and decryption of messages which further enhances the security of the critical computer system. The isolator can greatly improve security of infrastructure such as industrial control systems, servers and workstations. The disclosed embodiments also provide a set of software and hardware features used to provide detection, prevention and recovery from a Cyber-attack in an Internet of Things installation.

Abstract: Systems and methods for embodiments of identity management systems and data models used by identity management systems are disclosed. Embodiments of the identity management systems and associated data models as disclosed herein may associate identities with their respective entitlements, while preserving the hierarchy imposed by the source system from which those identities or entitlement were derived, including the hierarchical structure that resulted in the (direct or effective) assignment of such an entitlement, along with the hierarchical nature of the digital assets to which those entitlements pertain.

Abstract: A service provider may provide a plurality of companion instances associated with a mobile device in order to facilitate operation of the mobile device. The companion instances and the mobile device may be configured to execute various components of one or more application. Furthermore, an identity firewall may be provided to authorize and route network traffic to the plurality of companion instances based at least in part one or more attributes of the network traffic.

Abstract: A method of protecting software in a computer system includes defining a memory fractionation configuration for an application software program in the computer system, fractionating at least one page of the application software program into fractions according to the memory fractionation configuration, and running the application in such a manner that, at any particular point in time when the application is running, at least a first one of the fractions is stored in a manner that is not accessible from a user space or a kernel space of the computer system.

Abstract: A method for processing information from a variety of submitters, e.g., forensic sources. The method includes receiving information about one or more nodes from a submitter from a plurality of submitters numbered from 1 through N. In a specific embodiment, the one or more nodes are associated respectively with one or more IP addresses on a world-wide network of computers. The method includes identifying a submitter reputation of the submitter from a knowledge base and associating a node reputation of the node based upon at least the reputation of the submitter and submitted information from the submitter. The method also transfers the node reputation.

Abstract: Disclosed embodiments relate to systems and methods for securely provisioning sensitive data elements to virtualized execution instances. The techniques may include: identifying a request to provision a new virtualized execution instance; determining, in association with the request, that the new virtualized execution instance will require a prohibited data element in order to communicate with a target network resource; without providing the new virtualized execution instance the prohibited data element, registering the new virtualized execution instance; identifying a request from the new virtualized execution instance to communicate with the target network resource; performing a verification process for the request to communicate with the target network resource; and conditional on the verification process, provisioning the prohibited data element to the new virtualized execution instance.

Abstract: This description relates to techniques for authenticating an application through generation of a dynamic application-specific token. A client application executing on a client device receives a request from a server for a token. The client application accesses a resource file or portion thereof that is accessible to both the client application and authenticator and is known to be accessible to the client application by the authenticator in response to the request for the token and extracts a copy of the resource file or the portion. A token is generated based on the extracted copy and additional information factors if any, some of which may be random or pseudo-random. The token is transmitted to the server for authentication.

Abstract: An identity authentication procedure of a user is initiated and a plurality of virtual reality articles is displayed. Selection operation information of the user is determined for the plurality of virtual reality articles. Whether the selection operation information matches predefined standard selection operation information is determined. In response to determining that the selection operation information matches the predefined standard selection operation information, whether the identity authentication procedure of the user succeeds is determined.

Abstract: One or more systems implement a plurality of blockchains to track event data. The plurality of blockchains are arranged in tiered form, and the content and/or integrity of blockchains in higher tiers depends on, or at least derives from, the content and/or integrity of the blockchains in lower tiers. Depending on the specific structure and implementation, assurances, verifications, and the like may be provided for services and other resources using such blockchains in a repeatable manner.

Abstract: Methods, systems, and media for detecting malicious activity from user devices are provided. In some embodiments, a method for detecting malicious activity from user devices is provided, the method comprising: receiving information indicating a requested connection to a destination by a first user device; adding the received information to information received from a plurality of user devices to generate aggregated connection information; determining that the requested connection to the destination by the first user device is part of an attack, wherein determining that the requested connection to the destination by the first user device is part of the attack on the destination comprises determining that more than a predetermined percentage of user devices have requested connections to the destination; receiving information indicating a requested connection to the destination by a second user device; and causing the connection to the destination by the second user device to be blocked.

Abstract: A detecting apparatus generates a collection of events, the collection being formed based on a predetermined condition, from events obtained for each identifier identifying a terminal in a monitoring target network or a piece of malware. The detecting apparatus then extracts, from a cluster formed of collections of events, the collections having a similarity therebetween equal to or larger than a certain similarity, events commonly appearing in the collections of events belonging to the same cluster, and extracts, according to a predetermined condition, the taken out events as a collection of detection purpose events. The detecting apparatus then detects that a malware infected terminal is present in the monitoring target network, if a generated collection of events based on communications in the monitoring target network is determined to match the extracted collection of detection purpose events.

Abstract: A system, method, and non-transitory computer-readable storage medium for authenticating access to an instance have been disclosed. The system comprises a processor and a memory that includes instructions executable by the processor to cause the system to receive an access request to the instance from a client device and to send an encryption request of information to a security device. The information includes an expiration time and the security device encrypts the information using a private key that is secured in the security device. The memory includes further instructions executable by the processor to cause the system to receive the encrypted information from the security device and to send the encrypted information to the client device. The encrypted information is decryptable by the instance using a public key associated with the private key in response to the client device providing the encrypted information to the instance.

Abstract: Aspects of the subject disclosure may include, for example, a method for providing temporary shared cloud-based storage, where access to the shared storage is time-limited, location-limited and anonymous. The method includes receiving a request for storage accessible to a plurality of user devices. A storage account is initiated in response to the request; a password and a time period are associated with the storage account. User devices obtain access to the storage account using only the password provided and without users' personal credentials; access is also according to location within a geographic area defined in the request. Any of the data items is available to each user device having access to the storage account. Upon expiration of the time period, the storage account is disabled and the data items are deleted. Other embodiments are disclosed.

Abstract: An apparatus and method are described for obscuring wireless communication patterns. For example, one embodiment of a system comprises: an Internet of Things (IoT) device comprising a wireless communication interface to establish communication with an IoT service; the IoT device including an application to execute commands received from the IoT service and to responsively generate a response; and messaging obfuscation logic to modify timing for transmitting the response to the IoT service.

Abstract: The present invention discloses a method, apparatus and a storage medium for defending against malicious clicks. The method includes: acquiring a shielding policy corresponding to promotional content; determining a user in a shielding policy list as the user to be shielded based on the shielding policy and historical click information of users; and performing shielding processing on the promotional content for the user to be shielded, if the user to be shielded in the shielding policy list conducts a retrieval. According to the technical solution provided by the embodiments of the present invention, malicious clicks are prevented at the stage of displaying promotional content in a front end of a server.

Abstract: A biometrics hub may establish a first schedule for processing first biometric data of a user, establishing a second schedule for processing second biometric data of the user, storing the first biometric data that is received from a first biometric device via a first persistent session, and store the second biometric data that is received from a second biometric device via a second persistent session. The biometrics hub may further transmit at least one of the first biometric data or the second biometric data to an authorized remote device in accordance with the first schedule or the second schedule. In one example, the transmitting includes establishing a session with the authorized remote device, sending the at least one of the first biometric data or the second biometric data to the authorized remote device via the session with the authorized remote device, and closing the session with the authorized remote device.