Abstract: Plugins are authenticated for purposes of accessing and using application program interfaces (APIs) of a management service of a virtualized computing environment. In an authentication process, each plugin is associated with a session ticket that is unique to the plugin. The session ticket may be in the form of a single-use token that has a finite duration, and which may be used by the plugin to establish a session with the APIs of the management service. Because of the single-use and finite duration constraints of the token, the plugin is unable to use the token for other sessions and other plugins are also unable to use the same token to conduct their own sessions with the management service.

Abstract: A system includes a device and a payload warehouse. The device receives a user request to initiate a feature of the device. In response to receiving the request, device information is provided to a payload warehouse. The payload warehouse stores an inventory which includes a digital payload. The digital payload includes data, such as a digital certificate, which may be used by the device to implement the user-requested feature. The payload warehouse receives the device information provided by the device and determines an encryption vector based at least in part on the received device information. Using the encryption vector, the digital payload is encrypted. The encrypted digital payload is provided to the device.

Abstract: Techniques and mechanisms for providing continuous integrity validation-based control plane communication in a container-orchestration system, e.g., the Kubernetes platform. A worker node generates a nonce and forwards the nonce to a master node while requesting an attestation token. Using the nonce, the master node generates the attestation token and replies back to the worker node with the attestation token. The worker node validates the attestation token with a CA server to ensure that the master node is not compromised. The worker node sends its authentication credentials to the master node. The master node generates a nonce and forwards the nonce to the worker node while requesting an attestation token. Using the nonce, the worker node generates the attestation token and replies back to the master node with the attestation token. The master node validates the attestation token with the CA server to ensure that the worker node is not compromised.

Abstract: A data protection system is disclosed. The data protection system comprises a cloud management platform and at least one data storage device. The cloud management platform includes a database stored with at least one key. The data storage device includes a data storage unit, a microprocessor, and a network communication component. The microprocessor is communicated with the cloud management platform by the network communication component. The data storage unit comprises a controller and a plurality of flash memories. The flash memories store a plurality of encrypted data. The microprocessor sends a key extraction request including a unique code to the cloud management platform. The cloud management platform selects the key matching to the unique code in the key extraction request from the database, and transmits the selected key to the data storage device. The controller of the data storage device decrypts the encrypted data by the key.

Abstract: A device may include a memory storing instructions and processor configured to execute the instructions to receive, by a first blockchain node and via a first base station, a message from a first Internet of Things (IoT) device to a second IoT device, wherein the device corresponds to a first multi-access edge computing (MEC) device located in a first MEC network associated with the first base station. The processor may be further configured to authenticate, by the first blockchain node, the first IoT device using a blockchain associated with a group of IoT devices and send, by the first blockchain node, the message to a second blockchain node in a second MEC device in a second MEC network associated with a second base station servicing the second IoT device, in response to authenticating the first IoT device using the blockchain associated with the group of IoT devices.

Abstract: The present disclosure relates to computer-implemented methods, software, and systems for generating access tokens at an authentication server based on authorization codes. A first authorization server from a set of authorization servers receives a request for authorization of a request to access a resource by a resource owner. The first authorization server validates the request for authorization of the request to generate an authorization code. In response to successful validation of the request for authorization to generate the authorizaction code, the first authorization server generates a single-use authorization code by signing the generated authorization code with a unique private key. A unique public key is maintained for verifying the signed authorization code. The single-use authorization code is generated in a self-contained format.

Abstract: Techniques are described herein for using special session identifiers to defer additional authentication steps (AAS) for at least some restricted application actions. A client session is associated with a special session identifier that is mapped to an authentication tier (AT) achieved for the session based on the satisfied authentication steps. Web servers that are enabled for AAS deferral include context information, which identifies a requested action, with session verification requests to an authentication service. The authentication service determines that AAS is required to perform an action when (a) the AT associated with the action is a higher-security tier than the AT associated with the session, or (b) the session is associated with an AT that is lower than the highest-security AT and there is no context information accompanying the request for session validation, in which case the authentication service assumes that the highest-security AT is required to perform the request.

Abstract: Establishing an encrypted communications channel without prior knowledge of an encryption key is disclosed. A gateway router device receives, from a server device via an intermediate modem device, a first secret key code for use in establishing an encrypted communications channel between the gateway router device and the modem device. The gateway router device makes an attempt to establish the encrypted communications channel with the modem device using a pre-shared key that is based on the first secret key code. The gateway router device determines that the attempt to establish the encrypted communications channel has either succeeded or failed. The gateway router device, in response to determining that the attempt to establish the encrypted communications channel has either succeeded or failed, performs a success action or performs a failure action.

Abstract: An apparatus includes a non-volatile memory (NVM) device coupled to a host, the NVM device including a processing device to: receive a communication packet from a server via the host computing system that is coupled to the NVM device and communicatively coupled to the server, the communication packet comprising clear text data that requests to initiate secure communications; perform a secure handshake with the server, via communication through the host computing system, using a secure protocol that generates a session key; receive data, via the host computing system, from the server within a secure protocol packet, wherein the data is inaccessible to the host computing system; authenticate the data using secure protocol metadata of the secure protocol packet; optionally decrypt, using the session key, the data to generate plaintext data; and store the plaintext data in NVM storage elements of the NVM device.

Abstract: Automated malware detection for application file packages using machine learning (e.g., trained neural network-based classifiers) is described. A particular method includes generating, at a first device, a first feature vector based on occurrences of character n-grams corresponding to a first subset of files of multiple files of an application file package. The method includes generating, at the first device, a second feature vector based on occurrences of attributes in a second subset of files of the multiple files. The method includes sending the first feature vector and the second feature vector from the first device to a second device as inputs to a file classifier. The method includes receiving, at the first device from the second device, classification data associated with the application file package based on the first feature vector and the second feature vector. The classification data indicates whether the application file package includes malware.

Abstract: Techniques for managing activation of software, e.g., an operating system, in an information processing system are provided. For example, a method comprises the following steps. A data object is obtained for a system having an un-activated computer program stored thereon. The data object comprises information about the system encrypted by a private value. The method then causes the data object to be securely stored on a distributed ledger for subsequent access during a process to activate the computer program.

Abstract: Systems and methods enable automated and scalable obfuscation detection in programming scripts, including processing devices that receive software programming scripts and a symbol set. The processing devices determine a frequency of each symbol and an average frequency of the symbols in the script text. The processing devices determine a normal score of each symbol based on the frequency of each symbol and the average frequency to create a symbol feature for each symbol including the normal score. The processing devices utilize an obfuscation machine learning model including a classifier for binary obfuscation classification to detect obfuscation in the script based on the symbol features. The processing devices cause to display an alert indicting an obfuscated software programming script on a screen of a computing device associated with an administrative user to recommend security analysis of the software programming script based on the binary obfuscation classification.

Abstract: A threat detection method includes: obtaining packets in a Transmission Control Protocol (TCP) session between a first device and a second device; obtaining a first data flow transmitted from the first device and a second data flow transmitted from the second device in the TCP session; obtaining time information of each of a plurality of first packets in the first data flow and time information of each of a plurality of second packets in the second data flow; calculating an activation rate, a response rate, and a quantity of interactions based on the time information; and if the activation rate is greater than or equal to a first threshold, the response rate is greater than or equal to a second threshold, and the quantity of interactions is greater than or equal to a third threshold, determining that the first device is threatened.

Abstract: An intelligent electronic device (IED) of an electric power distribution system includes processing circuitry and a memory that includes a tangible, non-transitory, computer-readable comprising instructions. The instructions, when executed by the processing circuitry, are configured to cause the processing circuitry to receive operating data associated with the electric power distribution system, determine whether the operating data matches with expected operating data, generate a connectivity association key (CAK) based on the operating data in response to a determination that the operating data matches with the expected operating data, and establishing a connectivity association based on the CAK.

Abstract: The present invention is a platform and/or agnostic method and system operable to protect data, documents, devices, communications, and transactions. Embodiments of the present invention may be operable to authenticate users and may be operable with any client system. The method and system are operable to disburse unique portions of anonymous related information amongst multiple devices. These devices disburse unique portions of anonymous information and are utilized by the solution to protect sensitive data transmissions, and to authenticate users, data, documents, device and transactions. When used for authentication, login-related information is not stored in any portion of the solution, users and devices are anonymously authenticated. The solution also permits a user to access secured portions of the client system through a semi-autonomous process and without having to reveal the user's key.

Abstract: A method for securing the movement of virtual machines (VMs) between hosts. The method includes obtaining a first VM movement request; in response to obtaining the first VM movement request, identifying a first VM of the VMs and a first targeted host of the hosts associated with the first VM movement request using VM metadata and host metadata; making a first determination that the first targeted host is registered; in response to making the first determination, initiating the movement of the first VM to the first targeted host; and initiating, after the movement of the first VM, encryption of communication between the first VM and the first targeted host.

Abstract: A method implemented on an electronic computing device for authenticating a user includes receiving authentication information from the user. The authentication information is processed to generate a transformed authentication value, such that the received authentication information is unrecognizable from the transformed authentication value. A reference authentication value is obtained. The reference authentication value is unrecognizable from the received authentication information. The transformed authentication value is compared with the reference authentication value. When the transformed authentication value matches the reference authentication value, the user is authenticated.

Abstract: Provided herein are systems and methods for determining a likelihood that an executable comprises malware. A learning engine may determine a plurality of attributes of an executable identified in a computing environment, and a corresponding weight to assign to each of the plurality of attributes. Each of the plurality of attributes may be indicative of a level of risk for the computing environment. The learning engine may generate, according to the determined plurality of attributes and the corresponding weights, one or more scores indicative of a likelihood that the executable comprises malware. A rule engine may perform an action to manage operation of the executable, according to the generated one or more scores.

Abstract: Described herein are systems and methods for improving incident response in an information technology (IT) environment. In one implementation, an incident service initiates execution of a course of action and identifies a step in the first course of action that determines data in a first format. The incident service further determines a format requirement for a second step in the course of action and translates the data from the first format to the second format in accordance with the format requirement.

Abstract: A method in a first node of a wireless communications network comprises: inspecting a data packet or message to determine a characteristic of the data packet or message; and selectively activating integrity protection for onward transmission of the data packet or message to a second node of the wireless communications network based on the determined characteristic.