Abstract: Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.

Abstract: Systems and methods include receiving a request from a client with the request including an authentication token as a request header, wherein the authentication token includes a first encryption key, a second encryption key, and a timestamp; decrypting the authentication token with a private key of the server to obtain the first encryption key, the second encryption key, and the timestamp; and validating the request based on the first encryption key and the timestamp, and, if valid, decrypting payload of the request with the second encryption key.

Abstract: The present disclosure describes systems and methods for dynamically creating groups of users based on attributes for simulated phishing campaign. A campaign controller determines one or more attributes of a plurality of users during execution of a simulated phishing campaign and creates one or more groups of users during based on the identified attributes. The campaign controller selects a template to be used to execute a portion of the simulated phishing campaign for a first group of users and then communicates one or more simulated phishing communications to the first group of users according to the template. The template may identify a list of a plurality of types of simulated phishing communications (email, text or SMS message, phone call or Internet based communication) and at least a portion of the content for the simulated phishing communication.

Abstract: Disclosed herein are methods and systems for detecting malicious files using two stage file classification. An exemplary method comprises selecting, by a hardware processor, a set of attributes of a file under analysis, calculating, by the hardware processor, a hash of the file based on the selected set of attributes, selecting, by the hardware processor, a classifier for the file from a set of classifiers based on the calculated hash of the file, assigning, by the hardware processor, the file under analysis to the one or more categories based on the selected classifier, determining whether the file has been assigned to a category of malicious files and concluding that the file is malicious based on the determination.

Abstract: A global response network collects, analyzes, and distributes “cross-vector” threat-related information between security systems to allow for an intelligent, collaborative, and comprehensive real-time response.

Abstract: A comprehensive authentication and identity system and method are disclosed. A central profile is created for a user which includes user information that can be passed back or otherwise utilized by websites (e.g. for registrations, logins, etc.) The user information may include the user's username, password, contact information, personal information, marketing preferences, financial information, etc. For website registrations, the user may provide a mobile communication number that is utilized to perform a type of mobile communication device verification process. As part of a website login, the user may provide identifiable information (e.g. a username) that is looked up by the system or website to determine a mobile communication number for the user, which is used for a verification process. If the verification process is completed successfully, the user may be logged into the website. For accessing the system directly, a user may go through a mobile communication device verification process.

Abstract: A system for entering a secure Personal Identification Number (PIN) into a mobile computing device includes a mobile computing device and a peripheral device that are connected via a data communication link. The mobile computing device includes a mobile application and a display and the mobile application runs on the mobile computing device and displays a grid on the mobile computing device display. The peripheral device includes a display and an encryption engine, and the peripheral device display displays a grid corresponding to the grid displayed on the mobile computing device display. Positional inputs on the mobile computing device grid are sent to the peripheral device and the peripheral device decodes the positional inputs into PIN digits and generates an encrypted PIN and then sends the encrypted PIN back to the mobile computing device.

Abstract: Resources can be secured by a resource security system. The resource security system can determine whether to grant or deny access to resources using authorization information in an access request. The resource security system can also determine whether the access request is legitimate or fraudulent using risk scoring models. A score transformation table can be used to provide consistency in the risk level for a particular score over time. The score transformation table can be based on a target score profile and a precision format (e.g., integer or floating point). The score transformation table can dynamically adapt based on the trending top percent of risk and can account for changes in the distribution of scores over time or by weekday. The scores can be used to determine an access request outcome. Access to the resource can be accepted or rejected based on the outcome.

Abstract: Resources can be secured by a resource security system. The resource security system can determine whether to grant or deny access to resources using authorization information in an access request. The resource security system can also determine whether the access request is legitimate or fraudulent using risk scoring models. A score transformation table can be used to provide consistency in the risk level for a particular score over time. The score transformation table can be based on a target score profile and a precision format (e.g., integer or floating point). The score transformation table can dynamically adapt based on the trending top percent of risk and can account for changes in the distribution of scores over time or by weekday. The scores can be used to determine an access request outcome. Access to the resource can be accepted or rejected based on the outcome.

Abstract: A machine trains an artificial intelligence engine to facilitate authentication of a request to verify a user. The machine accesses a reference set of obfuscated geolocations generated from actual geolocations from which a device submitted requests to verify the user. The machine groups the obfuscated geolocations into geographical clusters based on a predetermined cluster radius value and calculates a corresponding representative geolocation for each geographical cluster and a corresponding variance distance from the representative geolocation for each geographical cluster. The machine then generates a reference location score based on the representative geolocations of the geographical clusters and on the variance distances of the geographical clusters. The machine trains an artificial intelligence engine to output that reference location score in response to the reference set being input thereto. The trained artificial intelligence engine may then be provided to one or more devices.

Abstract: A system for detecting breach of merchant systems includes an extraction management system for extracting wildcard data from a dump site at which stolen account data is offered for sale. The system also includes an account breach identifying system for accessing stored transaction data from multiple banks and merging the extracted dump site data with the transaction data to create unique PAN (primary account number) data records (each set of wildcard data corresponds to only a single PAN) and multiple PAN data records (each set of wildcard data corresponds to multiple PANs). The unique and multiple PAN data records are stored and analyzed separately, and reduce the amount of data needed to identify a breached merchant.

Abstract: One embodiment provides a method, including: obtaining, using one or more pulse sensors, user pulse data from two or more points; and identifying, using a processor, a user based on the user pulse data. Other aspects are described and claimed.

Abstract: A method enables a user to self-identify to a user support system when a user electronic device is connected to the user support system by an over-the-top (OTT) communication session where an OTT messaging service provides an anonymous identifier to the user support system to enable communication with the user. The method includes receiving a secured real identifier and a secured token from the user electronic device in response to a user selection to self-identify to the user support system, decrypting the secured real identifier to determine a real identifier that identifies user account information at an external system, determining the anonymous identifier for the user using the secured token in a manner that associates the real identifier with the OTT communication session, and sending the real identifier to the user support system to enable access to the user account information by the user support system.

Abstract: An electronic apparatus operated based on an OS is provided. The electronic apparatus includes a storage to store the OS, a virtual device program capable of generating a virtual device executed based on the OS, and at least one program; and at least one processor to execute the virtual device program to generate the virtual device, and to execute the OS to determine whether a first program having an administration authority assigned by the OS from among the at least one program has access authority to data about the virtual device in response to an attempt to access the data from the first program and to selectively permit the access to the data based on the determined access authority. With this, the electronic apparatus may restrain the access to the virtual device or the data thereabout according to a presence of the access authority, thereby safely protecting the virtual device or the data.

Abstract: A method prevents source code from using an unsecure application program interface (API) due to a change to the source code. One or more processors and/or a user identify changes in source code. The processor(s) and/or user associate the changed code with affected APIs that are used by the changed code, and identify which commands are utilized by the changed code. The processor(s) and/or user determine that at least one command utilized by the changed code causes the source code to use an unsecure API. In response to determining that the at least one command utilized by the changed code causes the source code to use the unsecure API, the processor(s) and/or user modify the changed code to prevent the source code from using the unsecure API.

Abstract: A method for restoring a setting on a network connected device achieves increased security. The method includes receiving an initiation signal representing a request to restore the setting on the device; transmitting a request for authorization to restore the setting to an authorization device arranged as an adjacent node on the network by transmitting the request for authorization over a link layer protocol, wherein the request is transmitted in response to the received initiation signal; receiving an encrypted restore authorization response from the authorization device in response to the request for authorization; decrypting, if encrypted, the received restore authorization message; verifying the restore authorization message; and restoring the settings on the network connected device if the restore authorization message was verified.

Abstract: Methods and systems for generating a random number include extracting feature information from a structure having a random physical configuration. The feature information is converted to a string of binary values to generate a random number. Pseudo-random numbers are generated using the random number as a seed to improve the security of encrypted information.

Abstract: The present application is directed a computer-implemented method for enhancing security and preventing cyber-attacks on a network. The method includes a step of receiving, from a user equipment on the network, information including a source IP address and a destination IP address. The method also includes a step of selecting a first VPN server from a VPN service provider based upon a traffic-type of the user equipment. The method also includes a step of creating, via a graphical user interface, a policy to prevent cyber-attacks such that traffic associated with the information of the user equipment is routed to the first VPN server. The method further includes a step of sending the traffic of the user equipment to the VPN server. The method even further includes a step of provisioning the first VPN server to last a predetermined amount of time base on the created policy.

Abstract: Embodiments of the present invention relate to a network entity assisted system and method for detection of Honeypot access point. More particularly, the embodiments may disclose a method for authenticating the access point based on a request from a user equipment; the method comprising: comparing an AP identifier with a pre-configured list of AP identifiers to generate one of a positive response and a negative response; transmitting one of a denial response and a verification request; receiving one of a positive verification response and a negative verification response from the authorized AP; transmitting one of a positive authentication response and negative authentication response to maintain the connection with the authorized AP and release the connection with Honeypot AP, respectively.

Abstract: A method of combining chains of blocks in a network. The method comprising, creating a plurality of birth blocks of a plurality of chains of blocks by a block foundry application in a network, where each birth block is associated with a chain of blocks that records events of a network entity, creating blocks by a plurality of nodes in the network, wherein the current block and the previous block are linked, terminating the chain of blocks by the network entity, wherein the entity sends a termination request to create an end block, creating the end block, wherein the end block is the final block of the chain of blocks, and in response to the creation of the end block, sending a request by the network entity to create a block of a meta-chain of blocks, and creating the block of the meta-chain of blocks by the plurality of nodes.