Abstract: A system for authenticating a requesting device using verified evaluators includes an authenticating device. The authenticating device is designed and configured to receive at least a first digitally signed assertion from a requesting device, the at least a first digitally signed assertion linked to at least a verification datum, evaluate at least a second digitally signed assertion, signed by at least a cryptographic evaluator, conferring a credential to the requesting device, validate the credential, as a function of the at least a second digitally signed assertion, and authenticate the requesting device based on the credential.

Abstract: This disclosure relates to account management. In one aspect, a method includes receiving a permission query message from a service system. Verification information is obtained from a first client based on the permission query message. The verification information is associated with an identity of the current user. In response to determining that the verification information is valid, proxy permission information for the current user is obtained from a blockchain. The proxy permission information includes at least operation permission information of the current user for the enterprise account. The proxy permission information is sent to the service system. The proxy permission information configured to be usable by the service system to determine whether to authorize the current user to perform an operation on the enterprise account.

Abstract: Embodiments provide for a security information and event management (SIEM) system utilizing distributed agents that can intelligently traverse a network to exfiltrate data in an efficient and secure manner. A plurality of agent devices can dynamically learn behavioral patterns and/or service capabilities of other agent devices in the networking environment, and select optimal routes for exfiltrating event data from within the network. The agent devices can independently, selectively, or collectively pre-process event data for purposes of detecting a suspect event from within the network. When a suspect event is detected, agent devices can select a target device based on the learned service capabilities and networking environment, and communicate the pre-processed event data to the target device. The pre-processed event data is thus traversed through the network along an optimal route until it is exfiltrated from the network and stored on a remote server device for storage and further analysis.

Abstract: An endpoint in a network periodically generates a heartbeat encoding health state information and transmits this heartbeat to other network entities. Recipients of the heartbeat may use the health state information to independently make decisions about communications with the source endpoint, for example, by isolating the endpoint to prevent further communications with other devices sharing the network with the endpoint. Isolation may be coordinated by a firewall or gateway for the network, or independently by other endpoints that receive a notification of the compromised health state.

Abstract: Mechanisms for providing point to point encryption and tokenization enabling decryption, tokenization and storage of sensitive encrypted data on one system are discussed.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for authenticating a first computing device to access a secure account. Receiving a request from a second computing device to be authorized to access the secure account. Providing, to the second computing, first data that represents a first machine-readable code for presentation by the second computing device. Receiving, from the first computing device, second data that represents a second machine-readable code as read by the first computing device. Authorizing the second computing device to access the secure account in response to determining that the second data accurately represents the first machine-readable code as sent to the second computing device.

Abstract: A multi-factored authentication system is provided to identify users. Accordingly, the authentication system may utilize a combination of multiple authentication methods to identify and authenticate a user, such as facial recognition, voice recognition, fingerprint/retinal recognition, detection of cards/chips or smartphones located with the user, PINs, passwords, cryptographic keys, tokens, and the like. The various authentication methods may be used to calculate a confidence value for the authentication system, where the confidence value reflects the degree of certainty of the user's identity. Each authentication method may, upon identifying a positive match for a user, increase the confidence value by a certain degree.

Abstract: A first wireless access point notifies a handoff management resource that a second wireless access point is a potential handoff candidate. Subsequent to authentication of the second wireless access point as being a valid handoff candidate, the handoff management resource notifies a mobile communication device that the second wireless access point is a valid handoff option to receive a communication session from the first wireless access point. To perform a handoff, the mobile communication device initiates termination of a wireless communication link with the first wireless access point and communicates with the second wireless access point to establish a new wireless communication link. In furtherance of providing uninterrupted network access, the handoff management resource conveys communication settings information associated with the handed off communication session to the second wireless access point for use over the new wireless communication link.

Abstract: According to one embodiment of the present invention, a system provides security for a device and includes at least one processor. The system monitors a plurality of networked devices for a security risk. Each networked device is associated with a corresponding security risk tolerance. In response to a monitored security risk for one or more of the plurality of networked devices exceeding the corresponding risk tolerance, a network service is initiated to perform one or more actions on each of the one or more networked devices to alleviate the associated security risk. Embodiments of the present invention further include a method and computer program product for providing security to a device in substantially the same manner described above.

Abstract: An authorization policy optimization method being performed by a computing device comprising at least one processor, includes receiving an authorization policy to be used to perform an authentication on a data access right of a user, obtaining authorization log information of a first preset authorization policy, from the authorization policy, extracting a log information feature, from the authorization log information, generating an authorization policy optimization model, using the log information feature, performing a policy reasonableness prediction on the authorization policy, using the authorization policy optimization model, to obtain a predicted reasonableness value corresponding to the authorization policy, and performing an optimization processing on the authorization policy, based on the predicted reasonableness value.

Abstract: A computer-implemented method comprises: committing a transaction amount of a transaction with a commitment scheme to obtain a transaction commitment value, the commitment scheme comprising at least a transaction blinding factor; generating a first key of a symmetric key pair; encrypting a combination of the transaction blinding factor and the transaction amount t with the first key; and transmitting the transaction commitment value T and the encrypted combination to a recipient node associated with a recipient of the transaction for the recipient node to verify the transaction.

Abstract: A content-lifecycle management system (CLMS) intercepts a request to perform an action upon a data object in a domain of a multi-domain computing environment during a certain phase of the object's lifecycle. The CLMS retrieves data and rules from a cross-domain distributed ledger that is accessible throughout the multi-domain environment. The retrieved information includes content-lifecycle management policies that control which actors can perform certain types of actions upon specific data objects during various lifecycle phases. The ledger also describes and classifies actors, dependency relationships between storage and infrastructure components of the environment, and the results of past requests.

Abstract: One embodiment provides a method comprising receiving general private data identifying at least one type of privacy-sensitive data to protect, collecting at least one type of real-time data, and determining an inference privacy risk level associated with transmitting the at least one type of real-time data to a second device. The inference privacy risk level indicates a degree of risk of inferring the general private data from transmitting the at least one type of real-time data. The method further comprises distorting at least a portion of the at least one type of real-time data based on the inference privacy risk level before transmitting the at least one type of real-time data to the second device.

Abstract: A method, and associated system, for security processing of a request for a resource in a network security system. The request for the resource and a duplicate of request for the resource are forwarded to a first proxy server and a second proxy server, respectively. A first output including the received request, and a second output including the duplicate of the received request, are received from first proxy server and the second proxy server, respectively. A determination is made that the first output and the second output differ and in response, a first alarm is generated and transmission to the web server of the received request and the duplicate of the received request is blocked.

Abstract: A digital optical data network system for improving information security in Passive Optical Networks (“PON”) by providing virtual information separation in the router, such as a premise router, or routers interfacing the entire PON, such as by utilizing virtual routing and forwarding, thus allowing safe data traffic between multiple carriers, service providers accessing the PON and multiple end users on the PON such as tenants in a building, employees of a business entity, or subscribers in a residential community.

Abstract: Technologies for protecting systems and data of an organization from malware include a data integrity server configured to receive a data file from an external source. The data integrity server analyzes the received data file with an anti-malware engine to determine whether the data file includes malware. The data integrity server discards the data file in response to a determination that the data file includes malware. Additionally, the data integrity server verifies the file type of the received data file. The data integrity server sanitizes the received data file in response to verification of the file type. Other embodiments are described and claimed.

Abstract: An Internet infrastructure delivery platform (e.g., operated by a service provider) provides an RSA proxy “service” as an enhancement to the SSL protocol that off-loads the decryption of the encrypted pre-master secret (ePMS) to an external server. Using this service, instead of decrypting the ePMS “locally,” the SSL server proxies (forwards) the ePMS to an RSA proxy server component and receives, in response, the decrypted pre-master secret. In this manner, the decryption key does not need to be stored in association with the SSL server.

Abstract: Methods, computer-readable media, software, and apparatuses may assist a consumer in keeping track of a consumer's accounts in order to prevent unauthorized access or use of the consumer's identified accounts. To discover the various accounts, the methods, computer-readable media, software, and apparatuses can monitor at least a consumer's email accounts, web browser history, and web cache. The discovered accounts may be displayed to the consumer along with recommendations and assistance for closing unused or unwanted accounts to prevent unauthorized access or use.

Abstract: The present specification discloses a computer tangible medium storing instructions for a collision resistant process for signing a digital message with a digital signature using different hash digests derived from the same message data with the same hashing algorithm by hashing the message data in different ways. The collision resistant process protects networks from hacking attacks based different files having the same hash digest, commonly referred to as birthday attacks.

Abstract: Described processes include: determining portions of instances of a cryptographic token to be allocated to record providers, like providers of an asset indicated by a record, wherein: the portions are determined based on network effects associated with the records the record provider supplied on performance of a computer-implemented network in which both record providers and record consumers participate, patterns indicative of inorganic consumption may be determined from one or more of interactions of individual consumers, interactions of collections of consumers, or consumer interactions in the aggregate for a given provider or record; and the effects on network performance are adjusted responsive to designation of one or more entities as exhibiting inauthentic behavior; and appending to a distributed ledger, records indicating the respective portions, and adjustments, are allocated to record providers.