Abstract: Disclosed is a method for detecting anomaly traffic using an autoencoder based on an inception-residual network-v2 which is one type of machine learning methods, the method including generating a plurality of encoders on the basis of traffic data for learning; generating a plurality of pieces of image data on the basis of traffic data for each session, which is a detection target; and determining whether the traffic data for each session is abnormal using at least one among the traffic data for learning, the plurality of encoders, and the plurality of pieces of image data.

Abstract: A system connected to an existing computer includes a unit for monitoring the screen and provides input, a storage unit that stores data that pairs screen buffer regions with authentication details, wherein the system learns new pairs via user training and presents stored authentication details when the screen buffer regions match a related stored region which is paired with a region of the screen, and a unit that determines which of stored passwords need to be presented to the system by a pattern matching of regions of screen pixels.

Abstract: The invention provides a computer-implemented authentication method comprising the step of enabling a user to input an identifier (e.g. a PIN) into an electronic device having a screen and a keypad operable within a keypad zone of the screen; by operating at least one key of the keypad via an image of at least part of a scrambled keypad which is displayed at least partially within the keypad zone. The user's operation of the keypad key via the image generates an encoded version of the user's intended input. In one sense the invention can be perceived as superimposing a non-functional image of a scrambled keyboard over an underlying, functional keypad. The image may be any type of electronic image, and may include a video image. The invention is particularly suited for use with, but not limited to, mobile phones, tablet computer, PCs etc. It can be implemented in any system wherein a user's identity must be verified before access is granted to a controlled resource.

Abstract: Systems and methods are provided for identifying network addresses and/or IDs of a deduplicated list among network data, machine data, and/or events derived from network data and/or machine data, and for identifying notable events by searching for the presence of network addresses and/or network IDs that are deduplicated across lists received from multiple external sources. One method includes receiving a plurality of lists of network locations, wherein each list is received from over a network, wherein each of the network locations includes a domain name or an IP address, and wherein at least two of the plurality of lists each include a same network location; aggregating the plurality of lists of network locations into a deduplicated list of unique network locations; and searching network data or machine data for a network location included in the deduplicated list of unique network locations.

Abstract: A computer security architecture applies selected rules from among a set of rules defining one or more security policies to a given set of security context parameters to produce security verdicts, each representing whether a certain action requested by a subject entity is permissible. Each security policy is associated with a corresponding communication interface. A plurality of gateway engines are each associated with at least one of the subject entities and dedicated to interfacing with the security server. Each of the gateway engines carries out monitoring of requested actions by the associated subject entity and, for each requested action, identifies a security context. A security policy is determined for the requested action based on a corresponding security context, and a security verdict is obtained via a communication interface corresponding to the applicable security policy.

Abstract: A method is provided, including establishing a plurality of context profiles for a user, at least one context profile is associated with: (i) subject areas pertinent to the at least one context profile (ii) permissions identifying respective third parties with which personal information can be shared when the at least one context profile is active; (iii) permissions identifying what personal information can be shared with respective third parties when the at least one context profile is active; (iv) permissions identifying respective third parties that are permitted to contact the user when the at least one context profile is active; and (v) permissions identifying how respective third parties may contact the user when the at least one context profile is active; when the at least one context profile is active, operating in one of two or more modes (e.g., a regular mode or a discovery mode).

Abstract: A user manipulates a document using a desktop computer with a large screen. Upon deciding to sign the document, the user invokes a “Sign with Mobile” workflow that causes a two-dimensional barcode to be displayed. Using a signature acquisition application executing on his or her smartphone, the user scans the displayed barcode and creates an electronic signature by snapping a photograph of a conventional pen-and-paper signature or by detecting a handwritten signature drawn on a touch sensitive surface. The signature acquisition application sends the resulting electronic signature to the desktop computer, for example via an electronic signature server. The user is then able to apply the electronic signature to the document as desired.

Abstract: The present invention relates to a method for identifying and/or, authenticating, and/or authorizing a first radio station in a radio network, comprising the steps of (a) at the first radio station, transmitting to a second radio station a first radio station identifier computed from a set of identity parameters based on the identity of the first radio station, comprising at least one identity parameter, (b) at the first radio station, transmitting at least one identity parameter from the set of identity parameters, (c) at the second radio station, comparing an authentication identifier computed on the basis of the transmitted identity parameter to the first radio station identifier for enabling a subsequent communication between the first and second radio stations.

Abstract: A system, method and apparatus for network security monitoring, information sharing and collective intelligence between and among at least a first central processing unit and at least a second central processing unit connected together by a network. The system includes a network interface device with hardware-based logic for recognizing and cataloging individual sessions, wherein the network interface card is in communication with the network. The network interface device includes onboard cryptographic key management components with symmetric key algorithms, an onboard packet encryption software module using derived keys to encrypt network packets, and software for storing encrypted copies of network packets as blocks. Third party analyst hardware and software derive keys necessary to retrieve encrypted network packets.

Abstract: A method implemented by a set top box that encrypts communications for a channel stacking switch (CS) using a public key of the CSS, the method comprising: obtaining a message from a head end; extracting electronic counter measure (ECM) data from the message; sending the ECM data to the CSS; receiving, in response to the sending, a new public key of the CSS; encrypting communications for the CSS using the new public key of the CSS. Also, a method for implementation by a CSS, comprising: maintaining a private key and a public key; obtaining ECM data sent by a set top box in communication with the CSS; obtaining an identifier of the CSS; formulating a new public key based on the private key, the identifier and the ECM; rendering the new public key available to the set top box.

Abstract: Virtual firewalls may be established that enforce sets of policies with respect to computing resources maintained by multi-tenant distributed services. Particular subsets of computing resources may be associated with particular tenants of a multi-tenant distributed service. A tenant may establish a firewalling policy set enforced by a virtual firewall for an associated subset of computing resources without affecting other tenants of the multi-tenant distributed service. Virtual firewalls enforcing multiple firewalling policy sets may be maintained by a common firewalling component of the multi-tenant distributed service. Firewalling policy sets may be distributed at multiple locations throughout the multi-tenant distributed service. For a request targeting a particular computing resource, the common firewalling component may identify the associated virtual firewall, and submit the request to the virtual firewall for evaluation in accordance with the corresponding firewalling policy set.

Abstract: A system and method for providing, as a service over a computer network (especially a packet-switched computer network) to a body of merchants connected to the computer network, verification of consumer identification based on data provided over the computer network by scanning devices attached to the computers operated by consumers.

Abstract: A method (and structure) for enforcing a security policy includes retrieving from a memory a program to be verified against a security policy and a security specification defining the security policy. A static program analysis is performed on the program, using a processor on a computer, to determine whether the program is compatible with the security specification. The program is rejected if the program is determined by the static program analysis as being incompatible with the security specification. If the program is determined during the static program analysis as compatible with the security specification under static analysis criteria, then building a call-graph representation of the program for use to evaluate any dynamically-loaded code during an execution of the program. Any paths, if any, of the call-graph representation that reach at least one policy-relevant operation is marked.

Abstract: An information processing system, having one or more information processing apparatuses, includes a data input unit configured to take as input first data being multidimensional; a dimension reduction unit configured to generate, based on the first data, second data representing a characteristic of the first data, the second data having a prescribed number of dimensions fewer than a number of dimensions of the first data; and a distinguishing unit configured to distinguish whether the first data is normal data or abnormal data by a semi-supervised anomaly detection, based on the first data and the second data.

Abstract: In one embodiment, the present invention includes a method to establish a secure pre-boot environment in a computer system and performs at least one secure operation in the secure environment. In one embodiment, the secure operation may be storage of a secret in the secure pre-boot environment.

Abstract: System, method and computer program product for detecting a denial of service attack on a plurality of computers. Records are made of source IP addresses of requests sent to each of the computers. The records of requests sent to the plurality of computers are totalled per source IP address and/or per range of source IP addresses. A determination is made if the total for a source IP address and/or range of source IP addresses exceeds a respective, predetermined threshold. If so, a denial of service attack is suspected or determined, and a firewall can be notified to block subsequent requests from the source IP address and/or range of source IP addresses, and an administrator can be notified to investigate the situation. Records can also be made of requests sent to each of the computers for a file or access to an application. These records of requests sent to the plurality of computers are totalled per file or application access.

Abstract: Some embodiments provide an independent authentication system for authenticating entities that have registered accounts across different online service providers on behalf of the service providers. The authentication system maintains a database of previously verified entity information. A service provider requests authentication by providing the authentication system with unverified and basic identifying information used by an entity when registering with the service provider. The authentication system attempts to match the registration information against previously verified information for a known entity. When a match is found, the authentication system generates a series of challenge questions. The questions are submitted to the entity through the service provider and answers are processed in order to authenticate the entity.

Abstract: Transfer of data between at least one supervisory control and data acquisition (SCADA) device and an advanced metering infrastructure (AMI) device via a wireless communication network is facilitated. The data is used for monitoring and/or controlling the AMI device. A protocol conversion of the data is performed to facilitate transfer of the data between the SCADA device and the AMI device as data packets via a packet data network gateway and a wireless communications network.

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

Abstract: The invention relates to a method for generating an authentication key in a security module which stores a first root key (K_root_A) shared with a first network entity, the method including the following steps: sending a transfer request to a second network entity, receiving a first secret (S_b1) from the second network entity, generating a secret generation key (Kb1) from the first root key and from the first secret, receiving from the second network entity a second secret (S_b2) and an authentication message of the second secret calculated by means of the secret generation key transmitted to the second network entity by the first network entity, verifying the authentication message by means of the secret generation key, generating a second root key (K_root_B) if the verification is positive, said second root key being generated from the second secret (S_b2) and from the secret generation key (Kb1), and used to generate an authentication key to access a network of the second network entity.