Abstract: According to various embodiments, a consolidated identity system and method are implemented to provide improved identity management and resource access management, particularly in the context of an enterprise system that requires a tight trust model. In at least one embodiment, the described system and method provide mechanisms for mapping identities among resources. The system and method are able to extract information relevant to a particular entity, such as an employee or user, and to consolidate and/or personalize such information as needed.

Abstract: A system may select a list of servers in a computer network to perform behavioural profiling, wherein each server is associated with a domain name, the list of servers includes domain name entries, and the list of servers is prioritized according to a popularity value for each server. The system may update the list of servers based on a popularity threshold, partition the computer network into one of: subnetworks or subdomains, and establish a hierarchy along one of: the subnetworks or the subdomains based on the domain name entries in the list of servers. The system may update the popularity value for a server associated with a resolved network address, and may update the hierarchy along one of: the subnetworks or the subdomains based on the popularity value.

Abstract: A computer system, processor, and method for processing information is disclosed that includes watching logical operations to detect unauthorized attempts to access a register, and taking evasive action in response to detecting unauthorized attempts to access the register. In an embodiment, the register is a hidden, secret, restricted, or undocumented register, and the method further includes, in response to unauthorized attempts to access the secret register, locking the contents of the secret register. The evasive action may include one or more of interrupting the operations of the processor; causing the processor to shut-down, malfunction, lock, self-destruct; no longer providing read or write permission or access to the register; releasing data disguised to look like the real register data while not releasing the real data; and combinations thereof.

Abstract: A tamper sensor assembly includes a lid having a surface and a sensor substrate on the surface of the lid. The sensor substrate has conductive lines that extend across at least a major portion of the surface of the lid and conform to three dimensional characteristics of the surface of the lid. The security processor is electrically connected to the conductive lines of the sensor substrate and is configured to identify occurrence of tampering with the lid based on an electrical characteristic of signals conducted through the conductive lines, and to perform an anti-tampering operation responsive to identifying occurrence of tampering.

Abstract: A redundant key management system includes a key management system coupled to a plurality of server devices through a network. A first server device includes a managed device coupled to a first remote access controller device that receive a device locking key from the key management system and uses it to lock the managed device. The first remote access controller device then encrypts the device locking key, broadcasts the encrypted device locking key through the network to a second remote access controller device in a second server device, and erases the device locking key. Subsequently, the first remote access controller device transmits a request to retrieve the encrypted device locking key. When the first remote access controller receives the encrypted device locking key from the second remote access controller device, it decrypts the encrypted device locking key and uses the resulting device locking key to unlock the managed device.

Abstract: Disclosed herein are methods, systems, and processes to secure external access to runtime systems in appliances. A request to register a security token configured to permit access to a computing system is received at the computing system. An authorization response authenticating the security token is sent. Another request to access the computing system based on the authenticated security token is received, and access is permitted to the computing system.

Abstract: Methods and apparatus for identifying media are described. Example methods disclosed herein include presenting a graphical enable button via a display of a media presentation device, the graphical enable button, when selected, is to enable monitoring functionality implemented by the media presentation device, the monitoring functionality to monitor media presented by the media presentation device, the monitoring functionality to be disabled by default. Disclosed example methods also include detecting a first user input corresponding to selection of the graphical enable button and, in response to detection of the first user input: (i) enabling the monitoring functionality implemented by the media presentation device, and (ii) transmitting, via a network interface, information to a remote monitoring entity.

Abstract: A system includes a storage device having a first encryption protocol, and a controller having a second encryption protocol. A processor implements the first encryption protocol or the second encryption protocol based on a strength of each encryption protocol, a topology of the system, a federal information processing standard certification status, a virtualization support, a multi-key support, a multi-band support, and an enterprise key management server support. Storage transactions may be encrypted using the implemented encryption protocol.

Abstract: Systems, methods, apparatuses, and computer program products for securing user plane (e.g., MB2-U) interface between a group communication service application server (GCS AS) and Broadcast Multicast Service Center (BM-SC) are provided. One method may include transmitting a message via a control plane, to an application server, indicating whether to establish a security association on a user plane in an interface between the GCS AS and the BM-SC. The method may also include providing, to the GCS AS, a target internet protocol (IP) address and possible port as a target for the security association.

Abstract: The invention provides a computer-implemented authentication method comprising the step of enabling a user to input an identifier (e.g. a PIN) into an electronic device having a screen and a keypad operable within a keypad zone of the screen; by operating at least one key of the keypad via an image of at least part of a scrambled keypad which is displayed at least partially within the keypad zone. The user's operation of the keypad key via the image generates an encoded version of the user's intended input. In one sense the invention can be perceived as superimposing a non-functional image of a scrambled keyboard over an underlying, functional keypad. The image may be any type of electronic image, and may include a video image. The invention is particularly suited for use with, but not limited to, mobile phones, tablet computer, PCs etc. It can be implemented in any system wherein a user's identity must be verified before access is granted to a controlled resource.

Abstract: Systems and methods are provided for identifying network addresses and/or IDs of a deduplicated list among network data, machine data, and/or events derived from network data and/or machine data, and for identifying notable events by searching for the presence of network addresses and/or network IDs that are deduplicated across lists received from multiple external sources. One method includes receiving a plurality of lists of network locations, wherein each list is received from over a network, wherein each of the network locations includes a domain name or an IP address, and wherein at least two of the plurality of lists each include a same network location; aggregating the plurality of lists of network locations into a deduplicated list of unique network locations; and searching network data or machine data for a network location included in the deduplicated list of unique network locations.

Abstract: Embodiments of the invention include systems and methods for protecting study participant data for aggregate analysis. Aspects include sending a broker encryption key to a plurality of subjects. Aspects also include receiving double-encrypted subject data from the plurality of subjects. Aspects also include decrypting the double-encrypted subject data with a broker decryption key to generate single-encrypted subject data for the plurality of subjects. Aspects also include aggregating the single-encrypted subject data for the plurality of subjects to generate an aggregated single-homomorphically encrypted data set. Aspects also include including a plurality of random factors in the aggregated single-encrypted data set. Aspects also include sending the aggregated single-homomorphically encrypted data set to a researcher.

Abstract: Provided is an information terminal connected to a communication terminal which is connectable to one or more other information terminals, wherein the information terminal comprises a communication unit which receives, from the communication terminal, a connection history with the other information terminals which were previously connected to the communication terminal, and a license transfer management unit which extracts an information terminal among the other information terminals that satisfies a license transfer condition based on the received connection history.

Abstract: A server includes a controller performs determining whether a first local area network and a second local area network match; determining, in a case where the first login request is received and in a case where the first registration request is received, whether the first function execution device satisfies the first registration condition; and registering by: controlling, in a case where the first local area network and the second local area network match and the first function execution device satisfies the first registration condition, to register the first identification information; wherein, in a case where the first local area network and the second local area network do not match, the first identification information is not registered; and wherein, in a case where the first function execution device does not satisfy the first registration condition, the first identification information is not registered.

Abstract: Disclosed herein are methods, systems, and processes to detect valid clusters and eliminate spurious clusters in cybersecurity-based computing environments. A cluster detection and elimination model is trained by accessing a dataset with raw data that includes data points associated with computing devices in a network and applying two or more different clustering methodologies independently to the dataset. The resulting cluster detection and elimination model is used to compare two or more clusters to determine whether a cluster from one clustering methodology matches another cluster from another clustering methodology based on centroid locations and shared data points.

Abstract: Methods and apparatuses for retrieving blockchain data are disclosed. One method comprises: receiving a data retrieving request that comprises a target transaction identifier; identifying a transaction storage location that corresponds to the target transaction identifier as a target transaction storage location based on a pre-stored correspondence between transaction identifiers of transactions recorded on a blockchain associated with the blockchain network and transaction storage locations of the transactions; and retrieving data from the target transaction storage location in the blockchain.

Abstract: Embodiments described herein enable the interoperability between processes configured for pointer authentication and processes that are not configured for pointer authentication. Enabling the interoperability between such processes enables essential libraries, such as system libraries, to be compiled with pointer authentication, while enabling those libraries to still be used by processes that have not yet been compiled or configured to use pointer authentication.

Abstract: Systems and methods for automatically grouping vulnerabilities into vulnerability groups are provided. Vulnerabilities are received in the vulnerability response system and are automatically grouped into one or more vulnerability groups based upon grouping fields defined in a vulnerability group rule.

Abstract: Mechanisms are provided for facilitating recertification of a user access entitlement. These mechanisms collect, from a system resource of the data processing system, access information representative of accesses of the system resource by a user access entitlement. These mechanisms determine that recertification of the user access entitlement, with regard to the system resource, is to be performed and a pattern of access is determined based on the access information for the user access entitlement. A recertification request graphical user interface is output to a user based on the pattern of access. The graphical user interface includes the pattern of access and one or more graphical user interface elements for receiving a user input specifying acceptance or denial of the recertification of the user access entitlement.

Abstract: A computer-implemented method for scanning data including accessing a reference table including a grid of data cells arranged in columns and rows and containing reference data elements. Each of the rows may relate to one of a plurality of data subjects. The method may also include generating a list of reference subcombinations. The list of reference subcombinations may be generated by designating a primary column for uniquely identifying the data subjects and generating a plurality of first preliminary reference subcombinations. Each of the first preliminary reference subcombinations may include reference data elements gathered from the primary column and a second column of a single row of the reference table. The method may also include accessing a subject file having a plurality of data entries. Each of the data entries may include a plurality of logically-related and delimited subject data elements.