Abstract: Systems, apparatuses and methods may provide for detecting a request to access a power management register and conducting, via a power management security interface, a runtime credential exchange with a source of the request. Additionally, the request may be denied if the runtime credential exchange is unsuccessful. In one example, a plug event is detected, via a dedicated side channel, with respect to a debug port. A noise analysis may be conducted of one or more power rails in response to the plug event, wherein policy based counter noise may be generated on at least one of the one or more power rails at runtime if the noise analysis identifies a potential security attack.

Abstract: An approach for improved security protocols in a mobile satellite system is provided. A remote terminal performs a key establishment function, including determination of a first encryption key for encrypting data for transmission over the satellite communications channels, and determination of an authentication key for authenticating entities communicating over the communications channels. The remote terminal receives a security mode command including a key indicator, and determines a second encryption key for enhanced session data security over communications channels. The second encryption key is determined based on the key indicator and a key generation algorithm. The remote terminal further determines a key indicator response and transmits a security mode complete command including the key indicator response to a satellite base station subsystem (SBSS).

Abstract: Systems and methods for testing to tell computers and humans apart and generating said tests are described. An interface is generated that includes a challenge and a response is provided, and a plurality of user selections of locations in the interface are received. A server compares the x coordinate and the y coordinate of each user selection with x and y coordinates for a subset of the plurality of characters in the response to obtain a distance value for each user selection. The server then sums the distance values for each user selection to obtain a total distance value. The server subsequently compares the total distance to a predetermined threshold, the server validating the user response when the total distance is less than the predetermined threshold, the validating causing access to be provided to web content specified in the user request.

Abstract: The system may comprise receiving a data element, and receiving an encryption key and an associated encryption key identifier from an encryption keystore database. The system may further comprise transmitting the data element to an encryption module for encryption using the encryption key to form an encrypted data element. The system may also comprise receiving the encrypted data element from the encryption module and concatenating the encryption key identifier with the encrypted data element to form a protected data field entry.

Abstract: A system and method for the randomization of packet headers is disclosed. A controller is used to provide random values, also referred to as nonces, that replace the source and destination addresses that typically appear in a packet header. The controller also provides routing rules to the switches and routers in the network that allow these devices to properly route packets, even though the source and destination addresses are not present. In some embodiments, network devices that support software-defined networking (SDN) are employed. The number of times that a particular nonce is used may be variable. In some embodiments, a nonce is used for exactly one packet header. In this way, packets may traverse a network using nonces in place of actual source and destination addresses. Because the nonces are changed periodically, detection of traffic patterns is made significantly more difficult.

Abstract: Systems and methods for testing to tell computers and humans apart and generating said tests are described. An interface is generated that includes a challenge and a response. The challenge includes a plurality of challenge characters in a challenge region. The response includes a plurality of response characters that includes the plurality of challenge characters drawn in a response region. The drawing the response characters includes drawing a first response character, calculating a second set of coordinates for a second response character, and drawing the second response character. After all of the response characters have been drawn, locations of each of the challenge characters within the response are identified, and a maximum allowed distance is calculated based on the identified locations of the challenge characters within the response.

Abstract: Technologies for continuously authenticating a user via multiple authentication factors include a computing device for generating a continuous authentication assertion indicating that continuous authentication of a user is being monitored, sending the continuous authentication assertion to a key distribution center server, and requesting and receiving an initial ticket from the key distribution center server. Such technologies may also include requesting a service ticket from the key distribution center server for accessing a service provider server, receiving a service ticket from the key distribution center server including the continuous authentication assertion, requesting access to the service provider server with the service ticket including the continuous authentication assertion, and accessing the service provider server in response to the continuous authentication assertion being verified.

Abstract: In one implementation, a computer-implemented method includes receiving, at a process risk classifier running on a computer system, a request to determine a risk level for a particular process; accessing one or more signatures that provide one or more snapshots of characteristics of the particular process at one or more previous times; identifying one or more differences between the particular process in its current form and the one or more signatures; accessing information identifying previous usage of the computer system's resources by the particular process; determining a current risk score for the particular process based, at least in part, on (i) the one or more signatures for the particular process, (ii) the one or more differences between the particular process in its current form and the one or more signatures, and (iii) the previous usage of the resources; and providing the current risk score for the particular process.

Abstract: In an example embodiment, clusters of nodes in a network are monitored. Then the monitored data may be stored in an open time-series database. Data from the open time-series database is collected and labeled it as training data. Then a model is built through machine learning using the training data. Additional data is retrieved from the open time-series database. The additional data is left as unlabeled. Anomalies in the unlabeled data are computed using the model, producing prediction outcomes and metrics. Finally, the prediction outcomes and the network.

Abstract: Embodiments are described for authenticating a login request for logging in to a user account on a host system. An example method includes receiving, by the host system, as part of the login request, an authentication image. The method also includes determining that the login request is sent from an authorized login-location, by comparing the authentication image with a reference image from the authorized login-location. The method further includes, in response to the login request being sent from the authorized login-location, facilitating access to the user account.

Abstract: Methods and apparatus for providing rule-based access to data stored on wearable devices are provided. A wearable computing device can store data that includes data about a wearer of the wearable computing device. The wearable computing device can receive a request for a portion of the stored data. The wearable computing device can determine a designated role associated with the request for the portion of the stored data. The wearable computing device can determine one or more rules regarding access to the portion of the stored data based on the designated role. The wearable computing device can determine a response to the request for the portion of the stored data by at least: determining whether the request is validated by at least applying the one or more rules to the request, and after determining that the request is validated, providing the requested portion of the stored data.

Abstract: A method manages keys in a manipulation-proof manner for a virtual private network. The method includes authenticating a communication terminal on an authentication server by use of a first key over a public network and providing a communication key, which is suitable for the communication over a virtual private network in the public network, for the authenticated communication terminal over the public network. The communication key in the communication terminal is encrypted by a second key, which is provided by a manipulation-protected monitoring device.

Abstract: The invention relates to a method for operating a network as well as a local network comprising network components and to network components, in particular of a home network, where a functional command is generated, which is configured to execute an assigned function in a network station, wherein a user identification, which is derived from the collected user data, is assigned to the functional command, the assigned user identification is evaluated in the network station in response to executing the functional command and the functional command is executed when, in response to the evaluation of the corresponding user identification, it is established that the functional command is approved in connection with the assigned user identification.

Abstract: A method and system are provided for managing access to resources available remotely from at least one computing device. The resources include at least one software application and at least one hardware component. The method and system involve storing access level indicators for indicating different types of access; storing identifiers for identifying different users with access to the at least one computing device and possible access to the resources; for each resource and each identifier, storing an access level indicator for that resource and that user; and before granting access to a resource for a user seeking access to the resource, operating a processor to: determine an identifier identifying the user; determine the access level indicator stored in the storage module for the identifier and the resource; and if access is consistent with the determined access level indicator, grant access to the resource, otherwise, deny access to the resource.

Abstract: A traffic management device (TMD), system, and processor-readable storage medium directed towards re-establishing an encrypted connection of an encrypted session, the encrypted connection having initially been established between a client device and a first server device, causing the encrypted connection to terminate at a second server device. As described, a traffic management device (TMD) is interposed between the client device and the first server device. In some embodiments, the TMD may request that the client device renegotiate the encrypted connection. The TMD may redirect the response to the renegotiation request towards a second server device, such that the renegotiated encrypted connection is established between the client device and the second server device.

Abstract: Techniques for use of carbon nanotubes as an anti-tampering feature and for use of randomly metallic or semiconducting carbon nanotubes in the generation of a physically unclonable cryptographic key generation are provided. In one aspect, a cryptographic key having an anti-tampering feature is provided which includes: an array of memory bits oriented along at least one bit line and at least one word line, wherein each of the memory bits comprises a memory cell, wherein the cryptographic key is stored in the memory cell, and wherein the memory cell is connected to the at least one bit line; and a metallic carbon nanotube interconnect which connects the memory cell to the at least one word line. A cryptographic key and method for processing the cryptographic key are also provided.

Abstract: A method for protecting data files may include (1) identifying a data file to be protected against data loss, (2) identifying a set of software programs permitted to open the data file by (a) identifying a format of the data file and (b) identifying at least one software program capable of opening files of the format of the data file, (3) detecting an attempt to open the data file by a software program not included in the set of software programs, and (4) performing a security action in response to detecting the attempt to open the data file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A device may detect a suspicious activity. The device may automatically obtain a suspect object from a client device that is associated with the suspicious activity and based on detecting the suspicious activity. The suspect object may be an object that is possibly associated with the suspicious activity. The device may determine that the suspect object is malicious. The device may perform an action based on determining that the suspect object is malicious.

Abstract: Systems and methods for protecting at least one client from becoming part of at least one botnet by monitoring and analyzing botnet communications to and from criminal servers and identifying at least one botnet attack on at least one client. The system may comprise virtual machines deliberately infected with malicious content and operable to record botnet communications to and from criminal servers. The virtual machines are in communication with a processing unit configured to index data collected. Data related to the prevalence of cyber threats may be presented to users in response to queries.

Abstract: An apparatus and method for storing authentication information on an electronic device are provided. The method includes receiving, by the electronic device, a unique key and a certificate matching the unique key in a secure environment of the electronic device, storing the unique key and the certificate matching the unique key in a secure environment of the electronic device, and wherein at least one of the unique key and the certificate matching the unique key identifies the electronic device.