Abstract: Methods, non-transitory computer readable media, and security management apparatus that retrieves a web page in response to a request for the web page received from a client device. Remote access trojan (RAT) malware detection source code is injected into the web page and the web page is sent to the client device in response to the request. The RAT malware detection client-side source code is configured to, when executed by a web browser of the client device, output an alert when a possible attack is detected based on monitored movement of a mouse pointer, key events, or executing animations. A determination is made when the alert has been received from the client device. A security action is initiated according to an established policy, when the determining indicates that the alert has been received from the client device.

Abstract: Disclosed is a system comprising: an authentication datastore; a device presence engine; a traffic monitor engine; an authentication presence monitor engine; an authentication server selection engine; and a traffic routing engine. In operation: the device presence engine is configured to detect presence of a user device on a trusted network; the traffic monitor engine is configured to monitor, in response to the detection, traffic on the trusted network from the device; the authentication presence monitor engine is configured to evaluate onboarding characteristics of the user device in response to the monitoring; the authentication server selection engine is configured to select one of a plurality of authentication servers to authenticate the user device to the trusted network, the selecting based on the onboarding characteristics; and the traffic routing engine is configured to route traffic from the user device to the selected authentication server.

Abstract: The method comprising, in a network based on a chain of individual Service Functions, SFs, that are composed to implement Network Services, NSs: assigning, at an ingress node of a network architecture, to at least one data packet received by said ingress node from the network, a unique cryptographic tag; processing said assigned unique cryptographic tag using a cryptographic function specific to each Service Function, SF; and verifying, at a given point of the network architecture, said processed unique cryptographic tag by applying a cryptographic verification function composed by the inverse functions of the cryptographic functions associated to the SFs traversed by the at least one data packet.

Abstract: A system and method for tracking content derived from unverified sources are described. A tracking application determines a file is untrusted when it is obtained from an unverified or untrusted source. Examples of unverified sources include remote servers accessed through a network and removable storage devices. The application marks the file as untrusted by inserting an identification of the file in a watchlist. A filter driver monitors I/O transactions and conveys information regarding file operations and corresponding processes to the tracking application. The filter driver detects a trusted process touches an untrusted file. The application marks the process as being untrusted. The filter driver detects the process subsequently touches another file. The application then marks this other file as untrusted.

Abstract: Techniques related to preventing large-scale data breaches utilizing differentiated data object (DO) protection layers are described. A security gateway placed within a communication path between client end stations and servers receives DO access requests from the client end stations. The DOs are divided into a first subset that are currently classified as active and a second subset that are currently classified as inactive based upon a likelihood of further legitimate access to the DOs. Those of the DO access requests for DOs determined to be in the first subset are subjected to a first protection layer utilizing zero or more protection mechanisms. Those of the plurality of DO access requests for DOs not in the first subset are subjected to a second protection layer utilizing one or more protection mechanisms. Large-scale data breaches are efficiently prevented without disruption to legitimate DO access requests.

Abstract: System and method to predict risk of re-identification of a cohort if the cohort is anonymized using a de-identification strategy. An input anonymity histogram and de-identification strategy is used to predict the anonymity histogram that would result from applying the de-identification strategy to the dataset. System embodiments compute a risk of re-identification from the predicted anonymity histogram.

Abstract: One embodiment provides an accelerator circuitry. The accelerator circuitry includes accelerator processor circuitry; accelerator memory circuitry; processor trace (PT) decoder circuitry and control flow integrity (CFI) checker circuitry. The PT decoder circuitry is to at least one of receive and/or retrieve PT data from a host device. The PT decoder circuitry is further to extract a target instruction pointer (TIP) packet from the PT data and to decode the TIP packet to yield a runtime target address. The CFI checker circuitry is to determine, at runtime, whether a control flow transfer of an indirect branch instruction to the runtime target address corresponds to a control flow violation based, at least in part, on control flow (CF) information (info) stored to an accelerator CF info store.

Abstract: The disclosed computer-implemented method for protecting personally identifiable information during electronic data exchanges may include (i) receiving, from a computing device, an authentication token for a proposed electronic data exchange, (ii) preventing the user's personally identifiable information from entering the proposed electronic data exchange by identifying the user using the anonymized identifier rather than using the user's personally identifiable information, (iii) authenticating the user identified in the data exchange information, and (iv) in response to authenticating the user, authorizing completion of the proposed electronic data exchange. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present invention relates to a system for simultaneous forensic acquisition and analysis of data from a target data repository. The system comprises a source agent in communication with the target data repository. The source agent is incapable of writing to the target data repository and is configured to read a portion of the target data repository. The system further comprises an investigator computer having a processor configured to send at least one prioritized read command to the source agent to schedule a read of the target data repository based on a predetermined priority. A data sink is configured to store at least a partial forensic image of the target data repository based on the data read by said source agent.

Abstract: A system is described for controlling an actuating unit that restricts physical access such as a motorized garage door actuator unit. The system comprises a mobile wireless communication device, an electro-mechanical access control security device, and a receiving unit controlling the electro-mechanical access control security device, the receiving unit paired with the mobile wireless communication device for receiving user input for activating the electro-mechanical access control security device via a peer-to-peer communication directly with the mobile wireless communication device, and a pre-authorization of communication of the receiving unit with the mobile wireless communication device, the mobile wireless communication device receiving the pre-authorization from a central security server.

Abstract: In one implementation, a system can include a tenant engine to maintain a plurality of tenant profiles with access to a first set of metrics of a plurality of metrics based on authorization via a certificate, a metrics engine to maintain a plurality of metrics derived from instrumentation of a plurality of applications, and a report engine to provide the first set of metrics in response to a report request when the report request is from a user associated with a first tenant profile of the plurality of tenant profiles and the first tenant profile is authorized to access the first set of metrics based on the certificate associated with a private key used to sign a first application of the plurality of applications.

Abstract: A method includes executing a determination process that determines that a setting value is a search key, the setting value being for an item from among a plurality of items in a record identified in a plurality of records, the plurality of records relating to a plurality of pieces of log information that are collected from a plurality of computers; executing a first identification process that identifies, as the record, another record including the search key from among the plurality of records; executing a second identification process that identifies, as the item, a new item from among the plurality of items, the new item being different from an item used to identify the another record in the executing of the first identification process; repeating executing of the processes; and outputting information on at least one computer that is suspected of a cyber-attack, based on the identified records.

Abstract: A method of security and verifiability of an electronic vote, comprising reception of a temporary voting ballot, during which a temporary voting ballot is received by a voting entity, the temporary voting ballot being encrypted by a public voting encryption key; reception of a validation voting ballot, during which a validation voting ballot is received from the voting entity, the validation voting ballot being encrypted by a public validation encryption key; decrypting the validation voting ballot by a private validation key associated with the public validation encryption key; validating a validation request generated from the decrypted validation voting ballot sent to the voting entity; the preceding steps being repeated until the acceptance of the validation request by the voting entity, after which the encrypted temporary voting ballot is registered as a definitive voting ballot awaiting its counting.

Abstract: A method for mutual authentication in an RFID system comprising an RFID reader and an RFID tag, the method comprising requesting an identification from the tag, receiving the identification, using the received identification to select a password associated with the identification, generating a password key based on the selected password, encrypting the selected password using the password key, and transmitting the encrypted password to the tag.

Abstract: A multiple-identity secure device (MISD) persistently stores a single identification code (a “seed identity”). The seed identity need not be a network address, and may be stored in an integral memory of the device, or on an interchangeable card received in a physical interface of the MISD. The MISD is provided with a transformation engine, in hardware or software form, that is subsequently used to generate one or more unique identities (e.g., network addresses) from the stored seed identity using predefined logic. The generated identities may be dynamically generated, e.g., in real-time as needed after deployment of a device into possession of a subscriber/customer/user, etc., or may be securely stored in the MISD for subsequent retrieval. The transformation engine may generate a unique identity in accordance with an addressing scheme identified as a default setting, a global/network setting, or as determined from a received data transmission.

Abstract: Examples include sending and receiving recovery agents and recovery plans over networks. Some examples include receiving a recovery request over a network from a requestor, sending a response to the requestor over the network, sending an executable copy of a recovery agent with a validation measure to the requestor, establishing an encrypted connection with the requestor, receiving a second request from the requester over the encrypted connection, determining a recovery plan that includes a command executable by the recovery agent, and sending the recovery plan to the requester over the encrypted connection. In some examples, the recovery request includes data that identifies the requester and the response and the recovery plan are based on the data identifying the requester.

Abstract: The profiling and fingerprinting of communication and control (C&C) infrastructure is disclosed herein. An initial C&C profile is transmitted to a first network monitoring system. The initial C&C profile includes at least one of: (1) a domain corresponding to a C&C channel, and (2) a C&C pattern corresponding to a C&C channel. At least in part in response to information received from a second network monitoring system, the initial C&C profile is revised. An updated C&C profile is transmitted to the first network monitoring system.

Abstract: Methods and systems are provided for proxying data between an application server and a client device. One exemplary application system includes an application server to generate a virtual application and a proxy server coupled to the application server over a network to provide the virtual application to a client device. The proxy server receives input data from the client device and provides the input data to the application server, wherein the application server encodes the input data for an action in response to authenticating the proxy server and provides the data encoded for the action to the proxy server. The proxy server performs the action on the data and provides the result to the client device.

Abstract: An Identity Exchange that communicates and processes data exchanged between Identity Providers (IdP) and Relying Partys (RP) remains blinded from the attribute values of the data flowing through it. To make this happen each IdP and RP are issued anonymous certificates by a Certificate Authority, using which they perform key exchange with each other to exchange session keys, which are used subsequently to encrypt/decrypt all attribute values they exchange via the Identity Exchange.

Abstract: In some examples, a computing device includes a data port, device memory to store firmware for the computing device, and verification circuitry. The verification circuitry may override operation of the data port responsive to a determination that firmware verification mode criteria are satisfied. The verification circuitry may also extract firmware data from the device memory for verification of the firmware and provide the firmware data to an external device connected to the computing device through the data port.