Abstract: A blockchain-based method and system for providing tenant security and compliance in a cloud computing environment. Specifically, the method and system disclosed herein implement a marketplace solution which extends blockchain technology to the problem of providing defined security levels in the cloud computing environment. In adapting blockchain technology, the method and system disclosed herein provide a mechanism for guaranteeing tenant security without any implication of trust between security providers and security requestors or consumers.

Abstract: Examples disclosed herein relate to modifying a web page. In one example, in response to beginning execution of a process initiating generation of a web page of a web application at a server, a runtime agent is executed. In this example, the runtime agent modifies code of the web page to inject code to protect output of the web page. In the example, the process can be executed using the modified code to generate a modified web page.

Abstract: Techniques are described for automatically incorporating lifecycle context information for a secured environment into an intrusion detection system monitoring the secured environment's operations. In one example, an indication of a potentially malicious action occurring in a secured environment monitored by an intrusion detection system is identified. A lifecycle-based context associated with a lifecycle operations manager (LOM) is accessed, where the LOM is responsible for managing lifecycle operations associated with components in the secured environment, and where the context stores information associated with lifecycle operations executed by the LOM. A determination is made as to whether the potentially malicious action associated with the indication is associated with information associated with an executed lifecycle operation stored in the context.

Abstract: A method of data transfer in a cyber-protected system includes inserting a removable media device into a removable media interface of a Secure Media Exchange (SMX) kiosk running a cyber-checking algorithm. The SMX kiosk includes a user interface, physical controls, input and output ports. An enclosure for physical protection prevents access to the physical controls, input and output ports configured with openings revealing the removable media interface and user interface. The cyber-checking algorithm inspects the removable media device for threats and adds encryption to the removable media device only if passing inspecting. The cyber-protected system includes networked devices coupled to communicate over a communications network including at least one SMX protected machine at a protected system node having a SMX algorithm and an encryption key. The SMX algorithm allows reading information from the removable media device on the SMX protected machine only if the encryption is confirmed.

Abstract: An embodiment provides a Wireless Fidelity (Wi-Fi) connection method and a mobile terminal. The method includes: a Wi-Fi connection method is provided, which is applied to a mobile terminal and includes: network environment information of a target Access Point (AP) is acquired; N target Wi-Fi connection records corresponding to the target AP is acquired from historical Wi-Fi connection data according to the network environment information of the target AP, the historical Wi-Fi connection data comprising M Wi-Fi connection records, where M is a positive integer and N is a positive integer less than or equal to M; and the target AP is accessed according to the N target Wi-Fi connection records.

Abstract: In an example, an active authentication session may b transferred from a first device to a second device. An authentication server may store a new authentication session token for the second device in session storage. The new authentication session token may be derived from an active authentication session token that was received from the first device. The authentication server may also receive an identification value from the first device, which was obtained from the second device, in response to verifying a query by the second device regarding an existence of a locator key based on the identification value in the session storage, the new authentication session token may be transmitted to the second device.

Abstract: A system for and method of media encapsulation is presented. The method may include receiving, via an audio digitizer, a plurality of packets of data and compressing, via a codec, the plurality of packets of data. The method may also include queuing the plurality of packets of data in a queue and encrypting, via a filter, payloads of at least two of the plurality of packets of data in the queue into a single payload. The method further include transmitting the single payload in a single encrypted data packet.

Abstract: A system and method for a enhancing security for a high security embedded system. The system on chip device including at least one central processing unit (CPU) component, input and output component blocks, an independent hard or soft core dedicated to the input and output blocks, and a built-in, on die interposer, wherein the interposer consists of a field programmable gate array (FPGA) fabric, the FPGA fabric surrounding the components of the system on chip. The method for includes separating system components using a FPGA fabric, redirecting or changing the appearance of system components unknown to other system components, separating system code from security and recovery code, and providing proactive security problem detection and resolutions.

Abstract: Techniques are provided for enabling server-based file sharing that supports recipient-location criteria. Specifically, users that desire to share files are able to include recipient-location criteria in the sharing criteria for the files that the users provide for sharing. Before sharing a file that is associated with recipient-location criteria, the file sharing server determines whether the current location of the recipient device satisfies the recipient-location criteria associated with the file. If the current location of the device does not satisfy the recipient-location criteria associated with the file, then the file is not shared with the given device even if all other sharing criteria for the file is satisfied. On the other hand, if the current location of the recipient device satisfies the recipient-location criteria associated with the file, and all other sharing criteria of the file are satisfied, then the file is shared with the given device.

Abstract: There is provided a method for detecting a malicious attempt to access a service providing server using credentials of a client terminal in a network, the method performed by a malicious event detection server analyzing packets transmitted over the network, comprising: analyzing at least one login-credential associated with an attempt to obtain authentication to access the service providing server to determine whether the login-credential matches an invalid login-credential included in a set of honeytoken-credentials, wherein the set of honeytoken-credentials is stored on a local memory of the client terminal, wherein the set of honeytoken-credentials includes the invalid login-credential and a valid login-credential, wherein the invalid login-credential is invalid for authentication of the client terminal to access the service providing server and the valid login-credential is valid for authentication of the client terminal to access the service providing server; and identifying a malicious event when the lo

Abstract: A computerized method comprising, on a mobile computing device, processing a vehicle integration request made by one or more of (i) the mobile computing device and (ii) a transportation vehicle. The mobile computing device computes a risk assessment value that quantifies a security risk to the transportation vehicle as a result of connecting the mobile computing device to the transportation vehicle, where the computing is based on one or more of a hardware and a software of the mobile computing device. The mobile computing device transmits the risk assessment value to a vehicle computer integrated in the transportation vehicle. The mobile computing device completes a digital data connection with the vehicle computer when the risk assessment value complies with a vehicle access security policy of the vehicle computer.

Abstract: A computational device having a user interface is disclosed, the user interface enables a user to securely enter data into the computational device. In particular, the user interface may include a user input portion and a user output portion. The user input portion may be partitioned into a number of input zones, each having a data value associated therewith that when engaged by a user causes the data value associated with the engaged input zone to be provided as input to the computational device.

Abstract: A method, and associated system, for security processing of a request for a resource in a network security system. The request for the resource and a duplicate of request for the resource are forwarded to a first proxy server and a second proxy server, respectively. A first output including the received request, and a second output including the duplicate of the received request, are received from first proxy server and the second proxy server, respectively. A determination is made of whether the first output and the second output differ; if not the received request or the duplicate of the received request is transmitted to a web server for satisfying the request; if so a first alarm is generated and transmission to the web server of the received request and the duplicate of the received request is blocked.

Abstract: A blockchain is used to track chain of custody associated with devices and user entities associated with those devices. In an embodiment, an identity engine traverses a blockchain to determine one or more transactions associated with a device and, in some cases, one or more users of that device. Based at least in part on the content of an authentication or provisioning request and that of the chain of custody, the identity engine provisions the device for a given user.

Abstract: Embodiments of present invention are directed to document authentication based on video captures. Instructions may be generated to guide a remotely situated customer through an authentication process in which the customer presents a document (e.g., a driver license, passport, or payment card) to a video capture element of a personal computing device (e.g., a smart phone or tablet computer) in a specified manner so that identifiable feature(s) of that document can be captured in a video file. The video file may then be uploaded to a central server for further processing or archiving. The instructions that guide the customer through the document authentication steps may be either generated locally on the personal computing device via a mobile application or delivered from a remote computer via an Internet browser. With this technique, a banking customer need not physically visit a bank to authenticate certain documents.

Abstract: A computer-implemented method for managing computer security of client computing machines may include (i) monitoring a set of client computing devices, (ii) receiving security data on sets of security-related events from each client computing device in the set of client computing devices, (iii) clustering the sets of security-related events by calculating a dissimilarity value, for each set of security-related events, that indicates a uniqueness of the set of security-related events in relation to other sets of security-related events using a dissimilarity function and adjusting the dissimilarity function based on a homogeneity of clusters of sets of security-related events, (iv) determining, based on clustering the sets of security-related events by the dissimilarity value, that a set of security-related events comprises an anomaly, and (v) performing a security action in response to determining that the set of security-related events comprises the anomaly.

Abstract: A multi-factored authentication system is provided to identify users. Accordingly, the authentication system may utilize a combination of multiple authentication methods to identify and authenticate a user, such as facial recognition, voice recognition, fingerprint/retinal recognition, detection of cards/chips or smartphones located with the user, PINs, passwords, cryptographic keys, tokens, and the like. The various authentication methods may be used to calculate a confidence value for the authentication system, where the confidence value reflects the degree of certainty of the user's identity. Each authentication method may, upon identifying a positive match for a user, increase the confidence value by a certain degree.

Abstract: Methods and systems for improving authenticated encryption in counter-based cipher systems are presented. Embodiments of the present invention provide secure and efficient means to achieve both the authenticity and privacy goals of authenticated encryption, and are compatible with most block cipher modes of operation, e.g. CBC, CFB and CTR, and most symmetric-key cryptographic functions, e.g. AES, DES and RC5. In particular, using block cipher encryption with data-dependent initialization vectors achieve the privacy goal and enable over-the-air transmissions to remain uncompromised, especially in scenarios that may result in the counter being reset in counter-based cipher systems.

Abstract: An HSM management hub coordinates the distribution and synchronization of cryptographic material across a fleet of connected hardware security modules (“HSMs”). Cryptographic material is exchanged between HSMs in the fleet in a cryptographically protected format. In some examples, the cryptographic material is encrypted using a common fleet key maintained by the HSMs in the fleet. In other examples, the cryptographic material is protected using asymmetric cryptographic keys that are associated with the members of the HSM fleet. The HSM management hub may be used to divide the HSM fleet into subdomains by providing domain keys to subsets of HSMs within the HSM fleet. Cryptographic information that is encrypted with particular domain keys can be distributed across the entire HSM fleet, and restricted to use by authorized HSMs that are in possession of the particular domain keys.

Abstract: According to one embodiment of the present invention, a system provides security for a device and includes at least one processor. The system monitors a plurality of networked devices for a security risk. Each networked device is associated with a corresponding security risk tolerance. In response to a monitored security risk for one or more of the plurality of networked devices exceeding the corresponding risk tolerance, a network service is initiated to perform one or more actions on each of the one or more networked devices to alleviate the associated security risk. Embodiments of the present invention further include a method and computer program product for providing security to a device in substantially the same manner described above.