Abstract: Providing supplemental authentication of a user based on hand gesture activity of a user with an application of a device after a user has completed a successful authentication challenge to initially access the device. Hand gesture activity of the user with the device is recorded during current use of an application of the device. The recorded hand gesture activity during current use of an application of the device is compared to previous recorded hand gesture activity during use of the same application of the device by an authorized user to provide a supplemental authentication of the user. When the recorded hand gesture activity does not match the previously recorded hand gesture activity during use of the same application, the use of the application on the device is halted and an additional authentication challenge requiring input from the user is presented to the user.

Abstract: A malicious encrypted traffic inhibitor connected to a computer network is disclosed. A method for inhibiting malicious encrypted network traffic communicated via a computer network also is disclosed. The malicious encrypted traffic inhibitor and method utilize an estimated measure of entropy for a portion of network traffic communicated over a network connection via the computer network. The estimated measure of entropy is calculated as a measure of a degree of indeterminacy of information communicated via the network connection, such as an estimated measure of Shannon entropy, and then compared with a reference measure of entropy for malicious encrypted network traffic. If the estimated measure of entropy for traffic communicated via the computer network is sufficiently similar to the reference measure of entropy, a positive identification of malicious traffic on the computer network can be output.

Abstract: A computer-implemented data processing method comprises: executing a recurrent neural network (RNN) comprising nodes each implemented as a Long Short-Term Memory (LSTM) cell and comprising links between nodes that represent outputs of LSTM cells and inputs to LSTM cells, wherein each LSTM cell implements an input layer, hidden layer and output layer of the RNN; receiving network traffic data associated with networked computers; extracting feature data representing features of the network traffic data and providing the feature data to the RNN; classifying individual Uniform Resource Locators (URLs) as malicious or legitimate using LSTM cells of the input layer, wherein inputs to the LSTM cells are individual characters of the URLs, and wherein the LSTM cells generate feature representation; based on the feature representation, generating signals to a firewall device specifying either admitting or denying the URLs.

Abstract: A computer-implemented method protects stack memory from a malicious function. One or more processors identify a first function and a second function in a computer program, where the first function is an authorized function and the second function is a malicious function. The processor(s) determine that the second function is able to execute a call that provides the second function with access to a stack memory that is used by the first function. The processor(s) move data from the stack memory to a protected kernel register, which is accessible only to the first function, before the call is executed.

Abstract: A system for providing data loss prevention services includes an indexer system configured to generate a search index based on structured data to be protected and a detection system configured to receive the search index and network data content and to detect in the network data content for matching data based on the search index. The detection system includes a first processor and multiple graphical processing units. The first processor provides words from the network data content in parallel to each of the graphical processing units, each graphical processing unit receiving a different word from the network data content. The graphical processing units perform detection of the words in parallel to detect for matched data content in at least a portion of the search index.

Abstract: Systems and methods for displaying computer environment monitoring data can include a multi-tier cache memory associated with a processor of a first device. The multi-tier cache memory can include a first cache layer, and a second cache layer having a higher data access rate than the first cache layer. The first device can receive, from a second device, a data block including monitoring data selected based on user profile information associated with a user of the first device. The first device can store the data block in the first cache layer, and generate a first data sub-block using data from the data block having a higher priority for display as compared to other data of the data block. The first device can store the first data sub-block in the second cache layer, and provide the first data sub-block for display on a display device from the second cache layer.

Abstract: Using a unique identifier from an electronic device to automatically create a limited-functionality account upon a predetermined event. Basing the limitations on the unique identifier that was used to create the limited-functionality account. Removing the limitations placed on a limited-functionality account upon the user of the account providing credentials adequate for the synchronized content management system to be able to enforce various policies.

Abstract: Described is a system for translating security objectives to properties of software code. The system receives a software code and a description of user security objectives written in a high-level language. Using a set of inference rules, the user security objective is translated into a formal security objective. The formal security objective is adapted into a low-level property to fit a target program having software code. Finally, it is determined whether the user objective has been satisfied by analyzing the software code with respect to the low-level property.

Abstract: A control apparatus performs analysis by using partial information and determines whether or not communication is abnormal. If the communication is determined to be abnormal, the control apparatus controls a communication route for a communication control device such that the communication is transmitted from a communication apparatus to the control apparatus. Further, the control apparatus determines whether or not the communication transmitted by the control of the communication route is malicious communication. As a result, if the communication is determined to be malicious communication, the control apparatus controls the communication control device to restrict the malicious communication.

Abstract: An indication is received from a server that a first pool of public keys should be transmitted to a server. At least one public-private keypair is generated in response to the received indication. The public key portion of the generated keypair is transmitted to the server. A subsequent indication is received from the server that an additional public key should be transmitted to the server.

Abstract: A computer system may include a smart card reader, a credential management system (CMS) server, an enrollment server connected with the CMS server on an internal LAN, and a mobile device associated with a user and configured to initiate enrollment with the enrollment server via an internal enrollment port inaccessible outside of the internal LAN. The CMS server may cooperate with the smart card reader to authenticate a smart card associated with the user, and generate a secure credential(s) that is stored on the mobile device based upon authentication of the smart card. The enrollment server may collect the secure credential(s) from the mobile device via the internal enrollment port, cooperate with the CMS server to verify the secure credential(s), and enroll the mobile device to access the enrollment server from outside of the internal LAN based upon verification of the secure credential(s).

Abstract: A method for encryption, decryption, or encryption and decryption of data in a crypto device having at least one crypto core may include: generating a tweak value corresponding to block data, which is placed at a random position from which the encryption, decryption, or encryption and decryption starts, from among sequential block data; and/or performing the encryption, decryption, or encryption and decryption from the block data using the tweak value. A method for encryption, decryption, or encryption and decryption of block data may include: generating a tweak value corresponding to the block data at a random position; and/or performing the encryption, decryption, or encryption and decryption of the block data using the tweak value.

Abstract: An exemplary computer-implemented method includes obtaining at least one teleportation invite block that records a virtual universe teleportation invite marked by at least one parameter. The teleportation invite identifies a virtual universe user as an invitee. Responsive to the parameter, assess whether the virtual universe teleportation invite is potentially malicious, and alert the invitee in case the virtual universe teleportation invite is potentially malicious.

Abstract: Automating quality assurance (QA) for standardized content sharing is disclosed. A system includes a shared content receiver, a rule retriever, an augmenting data checker, and a verification transmitter. The shared content receiver is configured to receive shared content and receive, from a source of the shared content, augmenting data that describes one or more characteristics of the shared content in a pre-determined format. The rule retriever is configured to retrieve rules associated with serving the shared content. The augmenting data checker is configured to determine if the augmenting data is compliant according to the retrieved rules. The verification transmitter is configured to transmit an indication of whether the augmenting data is compliant.

Abstract: Example systems generate a dataset for tuning an analyzer to probe activities related to a web facing application. The systems capture data streams received at a framework of the application. The systems also capture a first set of functions, a second set of functions, and database queries triggered by the framework processing the data streams. The systems match: (i) the first set of functions to packets of the data streams and (ii) the second set of functions to the database queries. For example, the systems may pattern match: (i) data in parameters of the first set of functions to data in fields of the packets and (ii) data in parameters of the second set of functions to data in expressions of the database queries. The systems extract matched functions and database queries into the dataset and probe activities of the application based on the dataset to detect security attacks.

Abstract: A threat analytics system expends significant resources to acquire, structure, and filter the threat indicators provided to the client-side monitoring systems. To protect the threat indicators from misuse, the threat analytics system only provides enough information about the threat indicators to the client-side systems to allow the client-side systems to detect past and ongoing threats. Specifically, the threat analytics system provides obfuscated threat indicators to the client-side monitoring systems. The obfuscated threat indicators enable the client-side systems to detect threats while protecting the threat indicators from misuse or malicious actors.

Abstract: Methods and systems for verifying the identity and trustworthiness of a user of an online system are disclosed. In one embodiment, the method comprises receiving online and offline identity information for a user and comparing them to a user profile information provided by the user. Furthermore, the user's online activity in a third party online system and the user's offline activity are received. Based on the online activity and the offline activity a trustworthiness score may be calculated.

Abstract: Roughly described, a method of recording a change of authorization state of one or more authorization agents, the method comprising: establishing a copy of a blockchain ledger at each of a plurality of blockchain nodes, wherein each of the blockchain nodes is associated with a different controlling entity; providing a public key/private key pair for a first of the blockchain nodes; receiving, from the communication device, a first message comprising: first data indicative of a change of authorization state of a first authorization agent associated with the first controlling entity, the first data being encrypted; and a digital signature based on the blockchain ledger and the private key; authenticating the message using the public key; adding a block to the blockchain ledger based on the first message, thereby to generate a new blockchain ledger that records the change of authorization state of the first authorization agent.

Abstract: Provided is an analysis device with which it is possible to find information relating to the intention and purpose of an attacker. The analysis device is provided with a purpose estimating means that estimates the purpose of behavior, based on predetermined behavior in the computer and knowledge information that includes the relation between the behavior and the purpose of executing the behavior.

Abstract: A system and method for cryptographically securing a device includes initializing a cryptographic processing circuit which includes provisioning a cryptographic key store associated with the cryptographic processing circuit with cryptographic key material; and establishing a first cryptographically secured connection between a main central processing unit of the autonomous device and the cryptographic processing circuit of the device; and implementing a cryptographic validation of resident firmware of the main central processing unit by validating a cryptographic digital signature ascribed to the resident firmware against an up-to-date cryptographic digital signature used for installing and/or updating the resident firmware of the main central processing circuit.