Abstract: An example operation may include one or more of storing a broadcast encryption tree comprising a set of cryptographic keys disposed in a hierarchical tree format, distributing a partial set of keys from the broadcast encryption tree to each respective peer from among a group of peers included in a blockchain network, receiving, from a user device, an identification of at least one peer included in the group of peers for processing a blockchain transaction, selecting a subset of keys from among the set of cryptographic keys in the broadcast encryption tree which enables at least one peer to decrypt transactions and doesn't enable the remaining peers included in the group of peers to decrypt transactions, and transmitting broadcast encryption information about the selected subset of keys to the user device for performing encryption of the transactions.

Abstract: Embodiments presented herein provide systems and methods for creating and modifying a hash chain. A hash chain is created to track resource-privilege transfers between entities. A root node of the hash chain identifies the resource and specifies a digest of a possession token held by a first entity that initially possesses the privilege. A transfer of the privilege to a second entity can be recorded by adding an expansion node to the hash chain. If the second entity successfully reveals a possession token that a hashing function associated with the hash chain maps to the digest, an expansion node is linked to the root node. The expansion node indicates the possession token and a successor digest that is based on a successor possession token.

Abstract: A method includes receiving, at an input port of a computer, indication of HTTP (Hypertext Transfer Protocol) traffic and clustering, using a processor on the computer, the HTTP traffic according to a client IP (Internet Protocol) into a web session tree. A client tree structure of the web session tree is generated and the client tree structure is compared with tree structures of exploit kit samples.

Abstract: A tokenization system tokenizes sensitive data to prevent unauthorized entities from accessing the sensitive data. The tokenization system accesses sensitive data, and retrieves an initialization vector (IV) from an IV table using a first portion of the sensitive data. A second portion of the sensitive data is modified using the accessed initialization vector. A token table is selected from a set of token tables using a third portion of the sensitive data. The modified second portion of data is used to query the selected token table, and a token associated with the value of the modified second portion of data is accessed. The second portion of the sensitive data is replaced with the accessed token to form tokenized data.

Abstract: Disclosed are various embodiments for management of third-party accounts for users in an organization. A request is received from a client corresponding to a user in an organization to access a third-party network site under management by the organization. The third-party network site is operated by a third party that does not correspond to the organization. It is determined whether network traffic between the client and the third-party network site is routed via a proxy server operated by the organization. Access of the client to a managed account with the third-party network site is denied in response to determining that the network traffic between the client and the third-party network site is not routed via the proxy server.

Abstract: Bring Your Own Device (BYOD) functionality may allow a user of a client device to utilize the device in a business environment where the functionality of the device is altered to conform to the business environment via a business profile. A personal profile may be used when the user is outside of the business environment. The profile of the device may be changed according various factors.

Abstract: A system and method includes at an authentication platform that is implemented via one or more computing servers: identifying compromised credential data, wherein compromised credential data comprise compromised credentials for one or more compromised accounts that have been exposed to a malicious actor via an illegitimate method, the compromised credentials including credentials that are useable for authentication to or for accessing the one or more compromised accounts; testing the compromised credentials, wherein testing compromised credentials includes using the compromised credentials to determine a useablility of the compromised credentials to attack one or more different accounts from the one or more compromised accounts; and modifying account access associated with one or more of (i) the one or more compromised accounts and (ii) the one or more different accounts.

Abstract: Embodiments are provided to allow institutions and individuals the ability to subscribe to notifications regarding DDoS attacks on certain types of institutions, e.g., institutions that fall into certain market verticals or categories. Subscriber data can be integrated with an attack monitoring platform (AMP), which can push out certain information to a system, which tabulates and analyzes the information regarding attacks. If an attack is detected based on predefined thresholds and conditions, a database lookup is performed and a notification that contains certain attack attributes can be sent out to the appropriate subscribers. Subscribers can also be provided with a mechanism to modify their level of DDoS attack notification threshold.

Abstract: In one embodiment, a device in a network receives domain name system (DNS) information for a domain. The DNS information includes one or more service tags indicative of one or more services offered by the domain. The device detects an encrypted traffic flow associated with the domain. The device identifies a service associated with the encrypted traffic flow based on the one or more service tags. The device prioritizes the encrypted traffic flow based on the identified service associated with the encrypted traffic flow.

Abstract: Aspects of an abuse detection system for a web service include an abuse detection engine executing on a server. The abuse detection engine includes a pre-processing module for aggregating a data set for processing and analysis; a suspiciousness test module for identifying suspicious content owners and suspicious users; a graphing module for finding connections between suspicious content owners and suspicious users; an analysis module for determining which groups are constituted of fraudulent or abusive accounts; and a notification generation and output module for generating a list of abusive entities and a notification for output to at least one of: the abusive entity, a digital content distribution company associated with the abusive entity, and a legal department or other entity for further investigation or action. Additionally, royalties for content consumptions associated with abusive accounts may be held.

Abstract: A computer includes a processor, position determining means for determining the location of the computer, and control means for controlling the operation of the processor. The control means are in communication with the position determining means and control the operation of the processor in response to location information provided to the control means by the position determining means.

Abstract: Key based authorization for programmatic clients is described. One or more server computers receive a request for an action on one or more target resources, the request indicating the action to be performed on the one or more target resources at the resource access point, and a key identifying a client program running on a client computer system. A data store that stores mapping data representing one or more associations among keys, actions and target resources is queried. An existence, in the data store, of an association of a particular key corresponding to a particular client program, with a particular target resource and with a particular action associated with the particular target, represents the particular client program having authorization to perform the particular action on the particular target resource. The system authorizes performance of the action on the one or more target resources for the request.

Abstract: A method and apparatus for authenticating a directional multi gigabit device for communication in an IEEE 802.11-compliant wireless network are provided. Network association and authentication can be performed in parallel, with association and authentication information elements included in common frames. Authentication information elements are included in at least one and potentially a sequence of management frames transmitted between an access point of the wireless network and the device. The authentication information elements are thereby exchanged between the access point and the device. The exchanged authentication information elements are used to establish that both the access point and the device possess a common cryptographic key. The exchanged management frames can also facilitate network association. Authentication information elements can also be included in non-management frames. A format for the authentication information elements is presented.

Abstract: A device provisioning service (DPS) fields requests from unprovisioned devices so that those unprovisioned devices can obtain network credentials or other data used in provisioning the unprovisioned device. The DPS can identify the device securely and associate with a known user account, or the user provisioning the device can supply network credentials over a side channel after supplying a provision code indicative of possession of the unprovisioned device. The provision code can be unique to the unprovisioned device or a short-sequence code that is not necessarily unique, but that is sufficiently uncommon that a specific short-sequence code would not likely be used more than once at a time. In order to communicate with the DPS, a provisioning device might connect the unprovisioned device and the DPS. If the provisioning device is a trusted device, it can perform some of the steps otherwise required by the DPS.

Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a monitoring application comprising computer-executable instructions on the medium. The instructions are readable by the processor. The monitoring application is configured to receive an indication that a client has been affected by malware, cause the client to boot from a trusted operating system image, cause a launch of a secured security application on the client from a trusted application image, and analyze a malware status of the client through the secured security application.

Abstract: MRC training can include providing a hot add notification to a UEFI BIOS FW, receiving, at an MRC agent of the FIMC and from the UEFI BIOS FW, the MRC training request, and performing, at the MRC agent in response to the MRC training request, an MRC training independent of an SMM associated with the apparatus.

Abstract: A system and method for assessing the risk of a listing that transforms information from the listing into variables suitable for a classifier trained to score the riskiness of listings and using the score in addition to predetermined variable constraints to determine whether a listing is fraudulent.

Abstract: Generally, embodiments of the invention are directed to methods, computer readable medium, servers, and systems for deidentified access of data. The deidentified access is permitted with the use of an identifier that uniquely indicates an outcome, the coding of the identifier obscures unaided human interpretation of the outcome, and the identifier uniquely identifies data for remediating performance associated with future outcomes.

Abstract: A system reports credentials on nodes of a network. Nodes are assigned to security silos. If a credential reported from a node is found to match a credential found on a node outside of its security silo or be for authentication with a node outside the its security an alert is generated, unless proper precautions are generated. Credentials may be reported as one-way hashes of credentials. Security silos may be automatically generated to segregate at-risk nodes from critical servers based on the presence or use of email clients and browsers. Precautions that may be used to suppress alerts, such as using KERBEROS TGT.

Abstract: Generally, embodiments of the invention are directed to methods, computer readable medium, servers, and systems for deidentified access of data. The deidentified access is permitted with the use of an identifier that uniquely indicates an outcome, the coding of the identifier obscures unaided human interpretation of the outcome, and the identifier uniquely identifies data for remediating performance associated with future outcomes.