Abstract: Systems are provided for facilitating the disclosed methods for performing event storage and diagnostic processing within a hybrid cloud environment. Event records are gathered and batched at an on-premises server. The event records are also appended with correlation vector data that enables the event records to be correlated with other events. The batch of event record batches are signed with a security key associated with a cloud storage container and the on-premises server is restricted to writing the batch of event records to the container. In some instances, the size of the batch is based on a duration of time for collecting records, which can be adjusted to accommodate for missing data.

Abstract: Location-based, context-aware challenge-response authentication may be provided. First, a challenge may be provided to a user. The challenge may be based on a context corresponding to the user. The context corresponding to the user may comprise a location of a device associated with the user within an environment. Next, in response to providing the challenge, a response to the challenge may be received from the user. Then, in response to receiving the response to the challenge, it may be determined that the response is a correct answer to the challenge. In response to determining the response is the correct answer, a privilege may be provided to the user.

Abstract: Techniques are described for managing communications between multiple computing nodes, such as computing nodes that are separated by one or more physical networks. In some situations, the techniques may be used to provide a virtual network between multiple computing nodes that are separated by one or more intermediate physical networks, such as from the edge of the one or more intermediate physical networks by modifying communications that enter and/or leave the intermediate physical networks. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users (e.g., users of a program execution service). The managing of the communications may include determining whether communications sent to managed computing nodes are authorized, and providing the communications to the computing nodes only if they are determined to be authorized.

Abstract: A method includes: receiving, from a vehicle approaching a trust zone, an identifier corresponding to an identity of the vehicle; verifying, by a computing device (e.g., an access server at a gate of the trust zone) and using the identifier, the identity of the vehicle; and comparing the identity of the vehicle with a set of authorized identities stored in a database.

Abstract: A method for detecting computer virus applied in a computing device includes obtaining a list of clean files each with file storage path and calculating a hash value of the file name corresponding to each storage path. An original status list according to the hash value and the storage path is generated, and the original status list is written in to a blockchain network. After the computing device becomes connected to a network and therefore exposed to viruses a second list of the files can be obtained and hash value of the file name is compared to the hash value in the original status list. Differences in hash values are deemed the result of a virus and the user is warned. A computing device and storage medium are also disclosed.

Abstract: A system includes a plurality of nodes, an individual one of which transmits data to which a group signature is attached, and a plurality of management servers that are directly connected to each other. An individual one of the plurality of management servers includes a ledger for managing data received from the nodes. Addition of data to the ledger of at least one of the plurality of management servers is reflected on the ledgers of the other management servers.

Abstract: A verification computer system is provided that provides for content certification and verification using cryptography and a blockchain.

Abstract: Aspects of the disclosure relate to processing systems using improved domain pass-through authentication techniques. A computing platform may send, to an external cloud computing platform, one or more registration requests that each may cause an RLS endpoint corresponding to each of a plurality of resource location connectors to be stored at the external cloud computing host platform. The computing platform may receive one or more requests for a resource location identifier. The computing platform may determine an accessible resource location connector and may send, to the user device, a corresponding resource location identifier. After receiving a pass-through authentication request, the computing platform may receive, from the ticketing service stored on the external cloud computing platform, a one-time ticket. The computing platform may send, to the user device, the one-time ticket, which may allow the user device to perform pass-through authentication with the external cloud computing platform.

Abstract: A network-accessible cyber-threat security analytics service is configured to characterize and respond to a description that includes threat indicators (e.g., IOCs), and an initial severity. Enterprises register with the service by providing identifying information, such as industry, geographies, and the like. For each threat indicator, a query is sent to each of a set of one or more security knowledge bases, and at least some of the queries are scoped by the enterprise industry/geo information specified. The knowledge bases may vary but typically include: a managed security service, a cyber threat intelligence service, and a federated search engine that searches across one or more enterprise-connected data sources. Responses to the queries are collected. A response provides an indication whether the threat indicator identified in the query has been sighted in the knowledge base and the frequency.

Abstract: An improved anti-malware protection system protects computers against exploits in a scripting language that may be run in a browser. The system comprises a recorder that records scripting language execution events, a trace generator that transforms the recorded scripting language execution events into an execution trace, and a security engine that scans the execution trace and advises a security software about exploits found in the execution trace. By hooking the recorder into a runtime application programming interface for the scripting language, the improved protection system can detect exploits dynamically without the need for a browser-dependent plugin. An optional plugin can be included to perform file-based analysis of the script in addition to the runtime analysis of the script. The system can provide an application programming interface that can be used by multiple security software programs from multiple vendors to create an enhanced security software product.

Abstract: A host port is enabled for security. The host port performs Input/Output (I/O) in plaintext on a path between the host port and a storage port, in response to determining that an audit mode indicator has been enabled to allow I/O even if authentication or security association negotiation between the host port and the storage port cannot be completed successfully. Concurrently with performing of I/O in plaintext on the path, the host port enables encryption of data for I/O on the path.

Abstract: A storage port is enabled for security. The storage port performs Input/Output (I/O) in plaintext on a path between the storage port and a host port, in response to determining that an audit mode indicator has been enabled to allow I/O even if authentication or security association negotiation between the storage port and the host port cannot be completed successfully. Concurrently with performing of I/O in plaintext on the path, the storage port enables encryption of data for I/O on the path.

Abstract: A computer implemented method for securely extracting secure data from a human capital management (HCM) system, includes receiving setup data from a production tenant of the HCM system, wherein the setup data includes one or more field types describing what type of secure data is stored on the production tenant, creating a scrambling module based on the setup data that is configured to scramble the secure data based on scrambling settings, wherein the scrambling module is configured to upload and install onto the HCM system and to communicate with the production tenant to receive the secure data to scramble the secure data, and uploading the scrambling module to the HCM system.

Abstract: The present invention relates to a method to create, by a service provider, a trusted pool of security devices adapted to perform cryptographic operations in a secure service, comprising the steps of: for a service provider, setting up a secure service by allocating a first device in the service, setting the first security device's clock to a reliable time source, creating an internal secure-service-object defining at least a service clock-instance and service-specific cryptographic keys and certificates used to protect communication between a resource owner's security application and a security device part of the secure service, said secure-service-object being maintained by the security device internally preventing any service provider from arbitrarily changing it, when additional security devices are required, for the service provider, adding additional security devices to the service through ensuring the two security devices' clocks are synchronized by setting the target security device's clock to an accu

Abstract: An authentication method including: receiving a service request from a terminal device to access a service, the service request including authentication information; transmitting the authentication information to a security platform, the security platform being configured to verify whether the authentication information is originated from a legitimate terminal device and to transmit a verification result based on the verification; and in response to receiving the verification result from the security platform, determine whether to allow the terminal device to access the service.

Abstract: A system and method for securing a communication channel may include obtaining a first value by first and second devices. A second value may be randomly selected by the first device and may be provided to the second device. The first and second devices may independently from one another apply a function to the first and second values and may use a result of the function to secure and authenticate a communication channel between the first and second devices.

Abstract: A method and data processing system is provided for detecting an attack on a physically unclonable function (PUF). In the method, a first list of PUF responses to challenges is produced during production testing of an integrated circuit comprising the PUF. The first list is stored in a memory on the integrated circuit. A second list of PUF responses to the challenges is produced during normal operation of the integrated circuit in the field. The second list is compared to the first list. A difference between entries of the first and second lists computed. If the difference is greater than a threshold difference, then an indication of a hardware trojan is generated. The method may also include monitoring a series of challenges for an indication of a non-random pattern in the series. Detection of a non-random pattern may indicate a modeling attack.

Abstract: A method comprises a portable device obtaining a graphical encoded information item which is displayed on a display of a computing apparatus, decoding the encoded information from the encoded information item, and transmitting a first message to first server apparatus, the first message including the decoded information and a first identifier identifying the device or a user of the device, wherein the decoded information includes an apparatus identification information item for allowing identification of the computing apparatus, and the first server apparatus receiving the first message from the device, establishing the identity of the user of the device, wherein establishing the identity of the user comprises using the first identifier to determine if the user is registered with the first server apparatus in response to establishing the identity of the user, authorising the user to access a service, and providing the service to the user via the computing apparatus using the apparatus identification informati

Abstract: A method, mobile device, and PKI are provided for enrolling a mobile device into a PKI domain for certificate management is provided. A first asymmetric key pair and a unique identifier is established in a device. The first asymmetric key pair includes a public key and a private key. The public key and the unique identifier are transferred to the PKI domain. The public key and the unique identifier are imported into the PKI domain. The device generates a second asymmetric kay pair and sends a certificate signing request (CSR) that is protected with the digital signature of the first asymmetric key pair. The CSR is transferred to the PKI domain. The PKI domain authenticates the CSR using the first public key and the unique identifier. Upon validation, the PKI domain issues a certificate to the device.

Abstract: A computer-implemented method for populating a privacy-related data model by: (1) providing a data model that comprises one or more respective populated or unpopulated fields; (2) determining that at least a particular one of the fields for a particular data asset is an unpopulated field; (3) at least partially in response to determining that the at least one particular field is unpopulated, automatically generating a privacy questionnaire comprising at least one question that, if properly answered, would result in a response that may be used to populate the at least one particular unpopulated field; (4) transmitting the privacy questionnaire to at least one individual; (5) receiving a response to the questionnaire, the response comprising a respective answer to the at least one question; and (6) in response to receiving the response, populating the at least one particular unpopulated field with information from the received response.