Abstract: One embodiment provides a system that facilitates content negotiation in a content centric network. During operation, the system receives, by a content producing device, a packet that corresponds to a first interest, wherein an encoded name for the interest indicates a plurality of qualifiers for acceptable types of requested content, and wherein a name is a hierarchically structured variable length identifier which comprises contiguous name components. The system generates a first content object that satisfies one of the indicated plurality of qualifiers, wherein a name for the content object is the encoded name, and wherein a content object indicates data and a content type corresponding to the satisfied qualifier.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving an application developed by a first vendor. Processing the application, by performing a byte-code analysis of the application, to: identify a plurality of software components used by the application that were developed by vendors other than the first vendor, and provide a list of third-party software components associated with the application, the list including each of the identified software components. determining, for each software component included in the list, whether the software component has a vulnerability and, if so, selectively providing code to correct the vulnerability of the software component.

Abstract: Systems and methods for securing embedded devices via both online and offline defensive strategies. One or more security software components may be injected into firmware binary to create a modified firmware binary, which is functionally- and size-equivalent to the original firmware binary. The security software components may retrieve live forensic information related to embedded devices for use in live hardening of the modified firmware binary while the embedded device is online, dynamically patching the firmware. In addition, the live forensic information may be aggregated with other analytical data identifying firmware vulnerabilities. A vulnerability identification and mitigation system can then identify and inject modifications to the original firmware binary to develop secure firmware binary, which may be imaged and loaded onto one or more embedded devices within a network.

Abstract: A method for configuring a network monitoring device is provided. One or more performance metrics associated with one or more thresholds to be configured are received from a user. Historical network traffic flow information associated with a previously detected malicious activity is analyzed to identify characteristic values for the one or more performance metrics. Threshold values are automatically configured based on the identified characteristic values.

Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include defining a verification string including a sequence of verification characters and a delimiter character between each sequential pair of the verification characters, the delimiter character being different from the verification characters. The verification string to a user, and upon receiving, from the user, a series of verification vocal inputs in response to presenting the verification string, a set of verification features from each of the verification vocal inputs are computed so as to generate sets of verification features. A one-to-one correspondence is established between each of the verification vocal inputs and each of the verification characters, and the user is authenticated based on the verification vocal inputs and their corresponding sets of verification features.

Abstract: The present invention provides a web-based electronic document service apparatus, which is capable of authenticating the edit of a document, and an operating method thereof, in which when a predetermined authentication token is randomly issued and transmitted to a client terminal accessing for editing an electronic document based on a web, and then an editing command and an authentication token corresponding to the editing command are received from the client terminal, it is determined whether the received authentication token corresponds to the previously issued authentication token, so that it is possible to confirm whether the editing command received from the client terminal is the editing command generated by the true user, thereby providing a security mechanism.

Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include receiving, at a first time, first video and first audio signals generated in response to a user uttering a passphrase, and receiving, at a second time subsequent to the first time, second video and second audio signals generated in response the user uttering the passphrase. Upon computing an audio temporal alignment between the first and the second audio signals and computing a video temporal alignment between the first and the second video signal, the user can be authenticated by comparing the audio temporal alignment to the video temporal alignment.

Abstract: Embodiments of the present invention provide systems and methods for authenticating the source code of a software end product. The method includes generating a compound key, which is composed of a set of unique keys generated from a source file. A set of files are separately build based on a received source code, and a key generated and embedded into the files at the time of the build. A validation tool is used to compare the values of the generated compound key to the values of the embedded key to determine if the values match.

Abstract: Aspects of the present invention provide systems and methods that facilitate computations that are publically defined while assuring the confidentiality of the input data provided, the generated output data, or both using homomorphic encryption on the contents of the secure distributed transaction ledger. Full homomorphic encryption schemes protect data while still enabling programs to accept it as input. In embodiments, using a homomorphic encryption data input into a secure distributed transaction ledger allows a consumer to employ highly motivated entities with excess compute capability to perform calculations on the consumer's behalf while assuring data confidentiality, correctness, and integrity as it propagates through the network.

Abstract: A cryptographic proxy service may be provided. Upon determining that data associated with a network destination comprises at least some sensitive data, a cryptographic service may provide a security certificate associated with the network destination. The plurality of data may be encrypted according to the security certificate associated with the network destination and provided to the cryptographic service for re-encryption and transmission to the network destination.

Abstract: During development of an application, an association between a view of the application and a data service, and rules applicable to the view, can be received. The rules can include an indication of a security role assigned to users who are allowed to access the view and an indication of whether the view is allowed to access the data service based on the security role assigned to the user. Based on the rules applicable to the view, permissions for accessing the data service by the view can be automatically extrapolated. Based on the permissions extrapolated for accessing the data service by the view, a binding credential, configured to be processed to determine whether the view of the application is granted access to data provided by the data service at runtime, can be automatically created. The at least one binding credential can be assigned to the view of the application.

Abstract: According to an embodiment, a data generating device includes a first generator, an obtainer, a second generator, a verifier, and an operation selector. The first generator generates device-specific first data. The obtainer obtains second data from outside of the data generating device. The second generator generates third data based on the first data and the second data. The verifier verifies correctness of the third data. When the third data is determined to be incorrect, the operation selector selects at least one of regenerating the first data, re-obtaining the second data, and disabling the data generating device according to a predetermined selection rule.

Abstract: A method for preventing the divulging information to an unauthorized requestor includes: receiving a request to view a data set, the receiving from a requestor; obtaining a policy associated with the data set; and determining a context for the requestor to view the data, the context including at least one of: information about the requestor, information about the data set, and conditions related to viewing the data set. The method further includes: applying the policy to the context; determining whether the context agrees with the policy; presenting the data set to the requestor based on the context agreeing with the policy; and preventing the data set from being presented to the requestor based on the context not agreeing with the policy.

Abstract: A method, implemented using an authentication monitoring (AM) computer device, for monitoring an execution of a digital authentication program is provided. The method includes receiving an authentication data file from an authenticating computer device executing the digital authentication program, wherein the authenticating computer device is associated with an authenticating entity, processing the authentication data file to extract at least one authentication value, testing the authentication value against at least one authentication rule associated with the digital authentication program, determining that a stored metric for the authenticating computer device fails to meet a predefined benchmark, wherein the stored metric is associated with the digital authentication program, and initiating an authentication remediation process, wherein the authentication remediation process causes an update to the digital authentication program used by the authenticating computer device.

Abstract: Systems, methods, and articles of manufacture comprising processor-readable storage media are provided for implementing security for a network environment using a centralized smart security system. For example, a method includes implementing a network comprising a plurality of network devices which collectively generate data that is utilized by a computing system to execute an application, and implementing a centralized security system as a computing node within the network to manage security operations within the network and to establish secured and trusted communications between the network devices and the computing system. The network devices may comprise wireless sensor devices operating in a wireless sensor network, wherein computing system executes an IoT (Internet of Things) application which processes the data that is generated by the wireless sensor devices.

Abstract: In one respect, there is provided a system for training a neural network adapted for classifying one or more scripts. The system may include at least one processor and at least one memory. The memory may include program code that provides operations when executed by the at least one memory. The operations may include: extracting, from an icon associated with a file, one or more features; assigning, based at least on the one or more features, the icon to one of a plurality of clusters; and generating, based at least on the cluster to which the icon is assigned, a classification for the file associated with the icon. Related methods and articles of manufacture, including computer program products, are also provided.

Abstract: In one embodiment, a system including a processor to run a web browser application and a CAPTCHA challenge application, wherein the web browser application is operative when run to retrieve and present a web page of a website, obtain a request from the website requesting performance of a CAPTCHA challenge process, and request the CAPTCHA challenge application to perform the CAPTCHA challenge process, the CAPTCHA challenge application is operative when run to request a CAPTCHA challenge test from an authentication server, obtain the CAPTCHA challenge test, render a CAPTCHA window including the CAPTCHA challenge test, obtain a user response to the CAPTCHA challenge test, send a value based on the user response to the authentication server, and obtain a response from the authentication server authenticating the user response, and the CAPTCHA challenge application and the web browser application are run as different processes by the processor.

Abstract: The present disclosure pertains to systems and methods for selectively encrypting data flows within a software defined network (SDN). In one embodiment, a communication device may be configured to receive a plurality of unencrypted data packets. The communication device may receive from an SDN controller a criterion used to identify at least one of the unencrypted data flows to be encrypted. Based on the criterion, an encryption subsystem may generate an encrypted data flow the unencrypted data packets based on an encryption key. In some embodiments, the encryption system may parse the packets and encrypt the data payloads without encrypting the routing information associated with the packet. In other embodiments, the encryption subsystem may be configured to encapsulate and encrypt the entire unencrypted data packet. In some embodiments, the encryption subsystem may further be configured to authenticate a sending device and/or to verify the integrity of a message.

Abstract: A network function virtualization security and trust system includes a network device that operates as a virtualized network device with virtualized services provided on the network device by network nodes included in the system. Security and trust within the system can include hardware authentication of the network nodes and the network device to obtain a level of security of the hardware provisioning the operation of the virtualized services. Security and trust can also include authentication of the services being used on the virtualized network device. Services authentication can be based on monitoring and analysis of the cooperative operation of the services in the virtualized network device. The virtualized services can be dynamically changed, added or stopped. Hardware authentication and dynamic services authentication in accordance with changes in the virtualized services can dynamically maintain a level of security across the devices and the virtualized services.

Abstract: Systems and techniques are described for authenticating a user. A described technique includes receiving, by an identity management application running on a user computer, a request to authenticate a user to access a user application using the user computer. The technique includes determining, by the identity management application, that a mobile device associated with the user is connected to the user computer using a short distance wireless connection. The technique includes requesting, by the identity management application running on the user computer, authentication information for the user from the mobile device over the short distance wireless connection. The technique includes receiving, by the identity management application running on the user computer, the authentication information for the user from the mobile device over the short distance wireless connection.