Abstract: An account management system establishes an account for a user. The user enters user account information into the account and the account management system establishes a facial template for the user based on an image of the face of the user. The user requests to change user account information at a merchant POS (POS) device. The merchant POS device captures a facial image of the user and transmits the image the account management system, which generates a facial template and compares the generated facial template against the existing facial template associated with user account. If the generated facial template is less than a threshold difference from the existing facial template, the user may update user account information at the merchant POS device, which communicates the updated user account information to the account management system. The account management system associates the updated user account information with the user account.

Abstract: A plurality of monitoring nodes may each generate a time-series of current monitoring node values representing current operation of a cyber-physical system. A feature-based forecasting framework may receive the time-series of and generate a set of current feature vectors using feature discovery techniques. The feature behavior for each monitoring node may be characterized in the form of decision boundaries that separate normal and abnormal space based on operating data of the system. A set of ensemble state-space models may be constructed to represent feature evolution in the time-domain, wherein the forecasted outputs from the set of ensemble state-space models comprise anticipated time evolution of features. The framework may then obtain an overall features forecast through dynamic ensemble averaging and compare the overall features forecast to a threshold to generate an estimate associated with at least one feature vector crossing an associated decision boundary.

Abstract: Various methods and systems are provided for autonomous management for a managed service identity. A first token request, for a secret, is generated at a managed service. The secret supports authenticating the managed service for performing operations in a distributed computing environment. The first token request includes an identity identifier of the managed service. The first token request is communicated to a credentials manager which is associated with a secrets management service (“SMS”) that can be utilized to store, renew and distribute secrets in the distributed computing environment. Based on communicating the first token request to credentials manager, the token is received, via the credentials manager, from the secret token service. The token is received based in part on the credentials manager generating a second token request for the token and communicating the second token request and a secret associated with the managed service to the secret token service.

Abstract: In view of the foregoing, an embodiment herein provides a method of generating and managing a key package using a key manufacturing server. The key manufacturing server performs the steps of: (i) obtaining a key package from a development signing server; (ii) generating at least one production key that is specific to a device in the key package; (iii) communicating the key package with the at least one production key to a key manager associated with the device using a communication link; and (iv) obtaining the key package with at least one device key that is generated by the key manager.

Abstract: The invention relates to a system for protecting a computerized device from a malicious activity resulting from a malicious code, which comprises: (a) a first DC supply monitoring unit which is located within a separate computerized environment, namely an environment which is totally separated and isolated both physically and in terms of connectivity from the hardware and software of the computerized environment of the device; (b) a memory database for storing one or more signatures of known malicious events, each of said signatures describes the temporal effect of a malicious event, respectively, on the power consumption from the DC supply of the device; and (c) a microprocessor within said DC supply monitoring unit for continuously monitoring the power consumption from said DC supply of the device, comparing temporal characteristics of the power consumption with said malicious events signatures in said database, and alerting upon detection of a match, wherein said DC supply monitoring unit is at most physic

Abstract: Embodiments of the present invention provide a system for network device owner identification and communication triggering. In particular, the system may monitor a plurality of systems of record associated with network of devices and/or individual network components. A primary user for each of these network components is identified, either through a known association in the systems of record or from analysis of records of network traffic associated with each network component. The primary user is recorded for each network component. In the event a vulnerability of a network component is identified, information about the network vulnerability is identified, aggregated with other information about the network component and potential remediation procedures, and compiled as a vulnerability notification. In response to the vulnerability, the system is automatically triggered to transmit the vulnerability notification to the primary user.

Abstract: Systems, apparatuses and methods may provide technology for securing untrusted code using memory protection keys and control flow integrity, by applying a memory protection key to one or more memory regions, enforcing control flow integrity with respect to the one or more memory regions, and executing untrusted code in an isolated region of the one or more memory regions.

Abstract: An example system includes a processor to monitor a data asset and associated access policies to be synchronized to detect a trigger. The processor is to also request and receive data lineage information on the monitored data asset in response to detecting the trigger. The processor is to further detect a source system and a target system based on the data lineage information. The processor is also to query an access policy of the source system and an access policy of the target system. The processor is to merge the access policy of the source system and the access policy of the target system based on a predetermined merger configuration to generate a merged access policy. The processor is to update a monitoring system based on the merged access policy.

Abstract: Various systems and methods for authenticating a user are described herein. A system comprises a processor subsystem; and a memory including instructions, which when executed by the processor subsystem, cause the processor subsystem to: receive at a server from a first user device, a first authentication token; receive at the server from a second user device, a second authentication token; authenticate the user based on the first and second authentication tokens; and establish a communication session from the server to the first user device when the user is authenticated.

Abstract: The embodiments herein relate to an IoT device, a method performed in the IoT device, a network device and a method performed in the network device for securing communication of the IoT device roaming from a home network to a visited network. The method comprising: receiving a request from the IoT device to set up a VPN tunnel; acknowledging the setting up of the VPN tunnel, and routing data received from the IoT device destined for an IoT service provider via the VPN tunnel. This way the encryption/decryption processes are handled by the visited network.

Abstract: An application security management system and an edge server which enable an application developed by an application developer to be executed only in a state that matches a security risk reported by the developer are provided. In an application security management system, an evaluation management server that manages evaluation of an application developed by an application developer and executed by an edge server registers the application and an access report list related to the usability of a function of the edge device and/or the accessibility of processing data of the edge device after evaluation in an application DB. A distribution management server system that manages distribution of the evaluated application notifies a user who issued a purchase request of the access report list upon receiving the purchase request for the application and distributes the application and the access report list to the edge server when authorization data is received only.

Abstract: In one aspect, a method of classifying a computer object as malware includes receiving at a base computer data about a computer object from each of plural remote computers on which the object or similar objects are stored. The data about the computer object received from the plural computers is compared in the base computer. The computer object is classified as malware on the basis of said comparison. In one embodiment, the data about the computer object includes one or more of: executable instructions contained within or constituted by the object; the size of the object; the name of the object; the logical storage location or path of the object on the respective remote computers; the vendor of the object; the software product and version associated with the object; and, events initiated by or involving the object when the object is created, configured or runs on the respective remote computers.

Abstract: A method and system for processing information from a control panel in a building management system validates programming data of the control panel and then a monitoring station responding to the information from the control panel if its programming data was validated. A server system can be used for this validation. The proposed system can provide a lightweight system for validation to avoid problems arising from incorrectly configured panels sending false alarms to monitoring stations.

Abstract: Implementations of the specification include receiving transaction data associated with the transaction, the transaction data comprising: data representative of a plurality of assets, a first commitment hiding a first random number and a transaction amount of the transaction, a second commitment that hides a second random number and a change, the transaction amount and a third random number both encrypted by a public key of the second node, the change and a fourth random number both encrypted by a public key of the first node, and a zero-knowledge proof (ZKP); determining, based on the ZKP, whether the transaction is valid based on determining if the first random number is equal to the third random number, the second random number is equal to the fourth random number, and the transaction amount hidden in the first commitment is equal to the transaction amount encrypted by the public key of the second node.

Abstract: Systems and methods are described herein for graphically representing an information management system based on the characteristics of within the system. The systems and methods interface with various components of the system (e.g., administrative components, index components, and so on) to identify data having certain characteristics (e.g., personal data), and generate or render information (e.g., a heat map or other visual display) that represents areas or locations within the system storing the data. Thus, the systems and methods, in some embodiments, generate or create a data-specific view into the information management system.

Abstract: A drone unit operatively connected to a server may identify an attack, launched by a botnet, on a resource. A drone unit may continuously and iteratively, while the attack is in progress, determine and report to a server a first set of values of a respective set of operational parameters related to the resource. A drone unit may determine, and report to the server, a second set of values of the set of operational parameters after the attack is terminated. A server may determine an impact of an attack by relating the first set values to the second set of values.

Abstract: Embodiments define a secure code hint generator that determine an occurrence of security word text content within electronic message body text that is descriptive of a security token required to open a secured file referenced by the message. The embodiments distinguish a security phrase subset words of the body text content from a remainder of an entirety of the body text content that include the security word content as a function of determining that the security phrase is more related to describing the security token; generate hint text content that differs from the security phrase and is chosen to reveal the security phrase text content to a user as a function of knowledge of user profile data; and associate the hint to the secured file for display to the user in response to a request for access to the secured file.

Abstract: A method at a computing device for provisioning a network-connected device within a security platform, the method including receiving a first connection request, the first connection request being from an electronic apparatus and including a network-connected device identifier; authenticating the first connection request, thereby creating a first connection; receiving a second connection request, the second connection request being from the network-connected device and including the network-connected device identifier and a shared platform credential; receiving a request from the network-connected device to add the network-connected device to the security platform; and adding the network-connected device to the security platform based on a concurrent first connection and the request from the network-connected device to add the network-connected device to the security platform.

Abstract: The invention provides a file storage method, a file search method and a file storage system based on public-key encryption with keyword search. The method comprises: receiving a user file storage request sent from a data possessor, acquiring access control attribute information for access to a user file, security level parameters and a keyword set of the user file, generating a file attribute vector of the user file by means of the access control attribute information and the keyword set, acquiring a public-secret key pair used for encrypting the file attribute vector from a pre-generated key space, encrypting the file attribute vector by means of a public key in the public-secret key pair to obtain a ciphertext corresponding to the file attribute vector, and transmitting the ciphertext corresponding to the file attribute vector and a ciphertext of the user file to a preset storage server.

Abstract: Systems and methods are described for delivering messages from one or more service hosts to clients via a network. A first request identifying the client is received at the message server, and a connection is established and maintained between the message server and the client in response to the first request. When a subsequent request that identifies the client is received from the service host, a message is transmitted from the message server to the client over the previously-established connection. The methods and techniques may be used, for example, to provide messages from various services to placeshifting devices or other clients communicating via the network.