Abstract: A method for monitoring traffic flow in a network is provided. A network monitoring probe monitors one or more network traffic flow parameters to detect a denial of service attack. In response to detecting the denial of service attack, a first set of data representing the denial of service attack alert is displayed. Filtering criteria are received from a user. The filtering criteria include at least one of the network flow parameters identified as legitimate network traffic. A second set of data is generated and displayed based on the filtering criteria.

Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.

Abstract: A method includes transitioning a device in an industrial process control and automation system from a secondary role to a primary role during a switchover and, in response to the switchover, clearing one or more security values stored by the device. The method also includes receiving a message at the device from a network node and, in response to determining that no security association is associated with the received message or the network node, exchanging security credentials and establishing a trust relationship with the network node. Transitioning the device includes assuming a network address of another device that previously operated in the primary role, that previously communicated with the network node, and that previously had a security association with the network node. Clearing the security value(s) can prevent the device from having the trust relationship associated with the network node when the device receives the message from the network node.

Abstract: Techniques are disclosed for dynamically generating a digital certificate for a customer server. A customer server creates a certificate profile and receives an associated profile identifier from a certificate authority (CA). The customer server installs an agent application received from the CA. The agent application generates a public/private key pair and an identifier associated with the customer server. The agent application sends a signed request to the CA that includes the profile identifier, server identifier, and the public key corresponding to the key pair. Upon receiving the credentials, the CA generates a dynamically updatable certificate. Thereafter, if the customer changes information associated with the certificate (or if external conditions require a change to the certificate, such as a key compromise or change in security standards), the CA may generate an updated certificate based on the certificate profile changes and the public key.

Abstract: To allow a third party system to more particularly identify sets of users for distributing content, an online system receives data from a third party system identifying users of the online system who have authorized communication with the third party system and stores information authorizing communication between the third party system and the users in user profiles associated with the user. The online system receives a request from the third party system to transmit a notification to online system users satisfying criteria specified by the request. User profiles including information authorizing communication between the third party system and online system users are identified by the online system, which selects a set of the identified user profiles associated with information satisfying the criteria specified by the request. The online system transmits the notification to client devices associated with users associated with the set of the identified user profiles.

Abstract: Various methods and communications devices to improve association and handoff performance of a wireless network are provided. By way of example, a modified state machine that permits reduced security requirements for authentication in order to achieve fast authentication is employed. The modified state machine providing fast authentication remains compatible with the classic state machine implementing the wireless fidelity (WiFi) standard.

Abstract: The disclosure provides a portable electronic card system and a method for manufacturing a rewritable plastic card. The portable electronic card system includes: a portable personal electronic device, a rewritable plastic card and a writing device. The portable personal electronic device is used for obtaining a certificated code and a personal information from a database by internet. The rewritable plastic card has a rewritable storage device for storing the personal information. The writing device electrically connects to the portable personal electronic device, and is used for writing the personal information into the rewritable plastic card.

Abstract: Methods and apparatus for use in presenting information from a plurality of security domains. A first request for first data from a first data source and a second request for second data from a second data source are transmitted by a computing device. The first data source is associated with a first security domain, and the second data source is associated with a second security domain. A bridge computing device forwards the first request and/or the second request based on determining that the requests are authorized. The first data and the second data may be received and combined by the computing device.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive a function call for a function, determine a current stack pointer value for the function call, and determine if the current stack pointer value is within a pre-defined range. The electronic device can include a stack pivoting logging module to log a plurality of function calls. The electronic device can also include a stack pivoting detection module to analyze the log of the plurality of function calls to determine, for each of the plurality of function calls, if the current stack pointer value is within a pre-defined range.

Abstract: A digital rights management system includes two digital rights management servers (RMS servers) connected to a client computer. The two RMS servers implement different but related digital rights management (DRM) policies, with the first RMS server implementing conventional DRM policies and the second RMS server implementing extended DRM policies. An application program on the client computer interacts with a document on the client computer, and communicates with the first RMS server to obtain access authorization for the document. A plug-in program in the client computer cooperates with the application program, and communicates with the second RMS server to obtain additional access authorization for the document. Access to the document is granted when both RMS servers grant access to the document. This achieves extended digital rights management control which can provide a more flexible access control than that provided by existing DRM systems.

Abstract: Systems and methods are provided for advanced persistent threat detection on a network. The method includes capturing data packets from a network and performing layered session decoding on the captured packets. Metadata is extracted from the decoded packets and is stored for analysis. Analysis of the metadata is used to detect advanced persistent threats on the network. The system includes a network and a processor coupled to the network. The processor is configured to capture data packets from the network and perform layered session decoding on the captured packets. Metadata is extracted by the processor and stored in a memory coupled to the processor. The metadata may then be analyzed to detect advanced persistent threats on the network.

Abstract: A one-time password (OTP) based security scheme is described, where a provider pre-generates a number of verification codes (e.g., OTP codes) which will be valid for a predetermined interval. The provider then encodes the verification codes (e.g., by hashing each code with a time value), and stores the verification codes into a data structure. The data structure can be provided to a verification system that can use the set of pre-generated OTP codes to authenticate requests received from users having personal security tokens.

Abstract: A method includes receiving at a processor, an indication of a user touching a point on a data entry device, receiving at the processor, an indication of a user gazing in a direction, and comparing via the processor the touched point and the gazing direction to a known touch point and gaze direction to verify the user is an authorized user.

Abstract: Technology for policies with reduced associated costs is disclosed. A policy may include an ordered rule set. When evaluated, the highest priority rule in the order that does not skip may control the policy outcome. Rules within a policy may have associated costs, such as data fetch and evaluation costs. In some contexts, it may be less important to evaluate every rule than to evaluate the policy quickly. Reduced policies that have one or more rules removed or that skip evaluation of some rules may be created for these contexts. When a rule of a policy is skipped, it may result in a possibility of a false allow or false deny. In some cases, rules may be duplicative. Removal or skipping of duplicative rules does not increase the possibility of a false allow or false deny. By using reduced policies in identified contexts, policy evaluation costs may be reduced.

Abstract: A method comprising generating an updated security key upon expiration of a key exchange timer, transferring the updated security key to a Coaxial Network Unit (CNU), retaining an original key, wherein the updated security key comprises a different key identification number than the original key, accepting and decrypting upstream traffic that employs either the original key or the updated key, after transferring the updated security key to the CNU, creating a key switchover timer, before the key switchover timer expires, verify that upstream traffic transferred from the CNU on a logical link uses the updated security key, and when upstream traffic is encrypted using the updated security key, begin using the updated security key to encrypt downstream traffic and clear the key switchover timer.

Abstract: Disclosed is a method for providing a public key for authenticating an integrated circuit. In the method, the integrated circuit obtains a hardware key and an integrated circuit identifier. The integrated circuit generates a derived key based on the hardware key using a key derivation function (KDF) shared with a manufacturing machine. The integrated circuit generates a private key and a corresponding public key using the derived key as an input to a deterministic function. The integrated circuit then provides the public key and the integrated circuit identifier to a partner service for authentication of the integrated circuit using an anonymized credential database to be provided to the partner service by a manufacturer.

Abstract: The invention relates to a client computer for updating a database stored on a server via a network, the server being coupled to the client computer via the network, wherein the database comprises first data items and suffix items, wherein each suffix item describes a suffix of at least one first data item of the first data items, wherein for each suffix item a first referential connection exists in the database assigning said suffix item to the at least one first data item comprising the suffix of said suffix item, wherein each suffix item is encrypted with a suffix cryptographic key in the database, wherein each first data item is encrypted with a first cryptographic key in the database, wherein the client computer has installed thereon an application program, the application program being operational to: receiving a search request, the search request specifying a postfix search on a search criterion, determining the suffix item matching the search criterion, providing to the database a request for provi

Abstract: A computer-implemented method for securely providing information external to documents may include identifying a document that may include at least one link to content external to the document, retrieving the content external to the document from the link, converting the content external to the document to embeddable content in a secure format that can be embedded within the document and creating a secure version of the document at least in part by embedding the embeddable content that has been converted to the secure format into the document. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A telecommunication device for real-time communication at a border between a global transport network and a private domain of a communication network may include a proxy for a communication protocol, means for traffic using real-time communication protocols to traverse a firewall, means for real-time traffic initiated by the communication protocol to traverse a firewall, means for measuring and collecting value information about the real-time traffic over the global transport network, means for creating mutual trust between the telecommunication device and a second device with which it communicates; and means for authorizing usage of a feature for a mutually trusted communication participant.

Abstract: A network traffic monitoring system for redirecting network traffic between a client device and a cloud service includes a monitor proxy server configured as a network intermediary between the client device and the cloud service; and a published identity provider. The published identity provider is configured to receive a login request from a client device and to authenticate the client device at a federated identity provider. The published identity provider is configured to receive from the federated identity provider a redirect response including an identity assertion and a redirect web address to the cloud service. The published identity provider is configured to rewrite the redirect web address to the web address of the monitor proxy server. As a result, network traffic between the cloud service and the client device is routed through the monitor proxy server after user authentication using the published identity provider.