Abstract: According to one embodiment, a method of granting a remote device access to a smart home network connected device is disclosed. An example method includes receiving an access request including identifying information related to the remote device; generating a digital security token that is encrypted and provides the remote device with access to the smart home network connected device without divulging network credentials; transmitting the digital security token to the remote device; receiving the decrypted digital security token from the remote device, the decrypted digital security token validating permissions of the remote device to access the smart home network connected device; and transmitting a remote access authorization to the remote device based on the decrypted digital security token, the remote access authorization providing the remote device with access to the smart home network connected device to connect the smart home network connected device to the network.

Abstract: A network security system provides portals which enable automatic creation of a dynamic one-time port forwarding rule for an authorized user's current IP address following two factor authentication of the authorized user. Such a dynamic one-time port forwarding rule is utilized to set up a connection, at which point the dynamic one-time port forwarding rule is removed, preventing any attacker from subsequently taking advantage of it. Such a methodology is advantageous as compared to conventional port forwarding in that it is much more secure. Such a methodology is advantageous as compared to traditional port forwarding with access control both in that a user does not always have to utilize the same device with a static IP address, and in that the port forwarding rule representing or exposing a potential vulnerability is deleted after a connection is established.

Abstract: A client device generates an artificial data packet that specifies, in the header, an artificial network address usable to indicate that the artificial data packet includes out-of-band data. The client device transmits the artificial data packet with other data packets over an encrypted data stream to a virtual private network server. The virtual private network server determines, based on the artificial network address, that the artificial data packet includes out-of-band data. The virtual private network server processes the out-of-band data from the artificial data packet while transmitting the other data packets to servers corresponding to destination network addresses specified in the headers of these other data packets.

Abstract: A system described herein may provide a technique for identifying and remediating potential threat vectors in a system, such as containers or applications in a virtual or cloud computing environment. Attributes of potential threat vectors may be identified, and the potential threat vectors may be scored based on the attributes. Values or scores of individual attributes may be determined through machine learning or other suitable techniques. Scores exceeding a threshold may indicate that a remedial measure should be performed. A remedial measure may be identified using machine learning or other suitable techniques. After the remedial measure is performed, the threat vector may be scored again, and a machine learning model may be refined based on whether the remedial measure was successful.

Abstract: A plurality of features associated with a message are determined. At least one feature included in the plurality of features is associated with a payload of the message. A determination is made that supplemental analysis should be performed on the message. The determination is based at least in part on performing behavioral analysis using at least some of the features included in the plurality of features. Supplemental analysis is performed.

Abstract: The present disclosure relates to a firmware security verification method and device, including a processor and a read-only memory for storing instructions executable by the processor. While executing the instructions, the processor implements the following steps: acquiring firmware data and a digital signature; verifying the digital signature with a pre-stored public key; and running the firmware data upon determining that the digital signature passes the verification. With the firmware security verification method and device provided in embodiments of the present disclosure, the security of the firmware data can be acquired before the running of firmware.

Abstract: Methods and apparatus for real-time security monitoring on a computing device are presented. A system may define privileges to access hardware interfaces for each process of a plurality of processes executing on a computing device. The privileges may be defined in a privileged operating system level that controls root access to an operating system. In response to a determination that a process is attempting to access a hardware interface, the system may determine whether the process is privileged to access the hardware interface by checking the privileges. In response to determining that the process is not privileged to access the hardware interface, the intrusion detection agent may terminate the process.

Abstract: Cryptographic methods and systems are described. Certain examples relate to performing cryptographic operations by updating a cryptographic state. The methods and systems may be used to provide cryptographic functions such as hashing, encryption, decryption and random number generation. In one example, a non-linear feedback shift register or expander sequence is defined. The non-linear feedback shift register or expander sequence has a plurality of stages to receive the cryptographic state, wherein at least one of the plurality of stages is updated as a non-linear function of one or more other stages. In certain examples, a cryptographic state is updated over a plurality of rounds. Examples adapted for authenticated encryption and decryption, hashing, and number generation are described.

Abstract: A method may include receiving data from a device within a network, wherein the data is associated with one or more features of the device, and determining a subset of the features of the device that is associated with a runtime behavior of the device. The method may also perform a univariate analysis on a feature dataset that is associated with the subset of the features of the device, perform a multivariate analysis on the feature dataset that is associated with correlated features in the subset of the features, and generate a device signature based on the univariate analysis and the multivariate analysis.

Abstract: Devices and methods for executing instructions in an automatic and secure manner include a security processor having at least a read-only memory, a random access memory, a computer capable of performing cryptographic functions, a monotonic counter management unit associated with one or more monotonic counters, is such that it does not include any other storage memory, meaning that the security processor does not store any program or external data, a public key allowing at least one initial enrolled administrator to be authenticated is stored before the first use of same in its read-only memory, its random access memory is capable of loading a set of data and instructions that can be authenticated by a public key cryptographic module, the execution by the computer, after the authentication of same, of certain instructions, increments one of the monotonic counters.

Abstract: Techniques are described for authenticating an individual based at least partly on a tremor signature of the individual. Motion data is collected through motion sensor(s), such as accelerometers, gyroscopic motion sensors, and so forth, of a portable computing device that is being held, worn, or is otherwise in contact with the user. Based on the collected motion data, a tremor signature may be determined and compared to a previously determined model for the user, and an authentication determination may be made based on the comparison. The tremor signature may be used in combination with other information to authenticate the user. For example, the tremor signature may be used in combination with location information and/or other biometric data such as a fingerprint scan, image of the user's face, audio recording of the user's voice, the user's heartbeat, a cardiac electrical signature, bio-electrical impedance, and so forth.

Abstract: A method may include transmitting, at a mobile device executing a keyboard application, a request for a user specific data value to a computing device; receiving, from the computing device, an authentication request with a challenge message; encrypting the challenge message with a private key associated with the keyboard application; transmitting the encrypted challenge message to the computing device for authentication by the computing device; receiving the user specific data value from the server based on the server successfully authenticating the encrypted challenge message; and presenting the user specific data value in the keyboard application on the mobile device.

Abstract: Systems, methods, and related technologies for determining an issue based on a plurality of events. The determining of an issue may include accessing network traffic from a network and accessing a plurality of events associated with the network traffic. An issue can be determined based on a correlation of a portion of the plurality of events, where the issue represents an incident associated with the portion of the plurality of events. The correlation of the portion of the plurality of events is based on network specific information. Information associated with the issue including the portion of the plurality of events may then be stored.

Abstract: A trust chain having client system and a remote system in a secure connection, wherein an intermediary system associated with the network flow path serves as a signing entity to establish an end to end transitive trust. The intermediate system is a corroborative entity in the operations technology realm of the client system. The remote system serves as the host for a plurality of services in the information technology realm. A two way handshake during the initial secure exchange protocol between a local client application and a remote service is extended to a three way handshake that includes a nonce issued by the remote service on the remote system and a digital signature for the nonce issued by a signature service on an associated intermediate system. The nonce signature is verified authoritatively at the remote system based on the signing certificate of the intermediate system for explicit proof of association.

Abstract: According to certain embodiments, a method comprises performing a posture assessment at a trust anchor in order to determine whether a hardware component is authorized to run on a product. Performing the posture assessment comprises determining a random value (K), encrypting the random value (K) using a long-term key associated with the hardware component in order to yield an encrypted value, communicating the encrypted value to the hardware component, and determining whether the hardware component is authorized to run on the product based at least in part on whether the trust anchor receives, from the hardware component, a response encrypted using the random value (K). The method further comprises allowing or preventing the hardware component from running on the product based on whether the hardware component is authorized to run on the product.

Abstract: A control device includes a storage unit that stores an authentication ledger, an authorization ledger, operation information, and operation recording target information. An authentication management unit, in a case of receiving authentication information from one information processing device, performs an authentication determination. An authorization unit determines whether to authorize the processing request of the one information processing device with the authorization ledger. An execution authorization unit, in a case in which the processing request authorized is a request for changing an operation state of the device, determines whether to authorize an execution of the processing request from the operation information, and, in a case of authorizing, causes the control execution unit to execute the processing request, and, in a case of not authorizing, transmits an error response to the one information processing device.

Abstract: An update device includes processing circuitry configured to store package management information that includes associations between files and packages including the files and information indicating existence/non-existence of dependence relationships among the packages, and an access control list that includes associations between the files and access source files permitted to access the files, refer, when a combination of a file and an access source file is specified, to the package management information to identify a package including the file and a package including the access source file, and add, when the identified package including the file and the identified package including the access source file are the same or are mutually in a dependence relationship, the specified combination to the access control list.

Abstract: Embodiments are disclosed for a method. The method includes determining multiple recommended actions based on a security incident using an action model trained to make recommendations. The method also includes determining multiple similar targets to a target of the security incident using a collaborative filtering model trained to assign a confidence value of similarity between two targets. The method further includes assigning a plurality of weights to the recommended actions based on one or more actions taken by the similar targets and the confidence value, and a success or failure of the recommended actions. Additionally, the method includes generating a prioritized list of the recommended actions that is sorted based on the assigned weights.

Abstract: The invention is directed to computer-based method and a computer system for generating a blockchain address. The method comprises receiving a request for a new blockchain address for a user, the request including a public key, which has an associated private key, and identification information for the user, and generating the address based on a combination of the public key and the identification information.

Abstract: A database management system receives a request to process a database query on behalf of a security principal. The database management system determines that processing the database query requires access to an encrypted portion of a file containing data subject to access conditions. The database management system determines that the security principle is authorized to use a key that corresponds to the encrypted portion of the file. The database management system then completes processing of the query by using the key to access the encrypted portion of the file.