Abstract: A method for detecting a web skimmer on a “Payment Page” relates to a network security, namely, a detection of a malicious code on web pages, which include fields for inputting a payment information and a user personal data, and it may be used to increase a security level in case of making online payments for goods and services. The claimed method checks elements, which are present on the web page, for a presence of the malicious code and determines an activity that is inherent to a web skimmer embedded on the web pages with a payment form, timely informs about a presence of the user characteristics and/or blocks the web page itself and provides security of the operations associated with payment of goods and services via the Internet.

Abstract: Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant's data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs.

Abstract: The present invention relates to a method for managing IoT devices by a security fabric. A method is provided for managing IoT devices includes collecting, by analyzing tier, data of Internet of Things (IoT) devices from a plurality of data sources, abstracting, by analyzing tier, profiled element baselines (PEBs) of IoT devices from the data, wherein each PEB includes characteristics of IoT devices; retrieving, by executing tier, the PEBs from the analyzing tier, wherein the executing tier is configured to control network traffic of IoT devices of a private network; generating, by the executing tier, security policies for IoT devices from PEBs of the IoT devices; and controlling, by the executing tier, network traffic of the IoT devices of the private network to comply with the security policies.

Abstract: The present invention relates to a methods, systems and non-transitory computer-readable storage medium for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the same type from PEBs. The executing tier controls network traffic of the IoT devices of the private network to comply with the security policies.

Abstract: The present invention relates to a method for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the same type from PEBs. The executing tier controls network traffic of the IoT devices of the private network to comply with the security policies.

Abstract: A device may receive data from a first endpoint device. The device may identify a network protocol. The network protocol may be associated with receiving the data. The device may identify a format. The format may be associated with encoding textual information in the data. The device may determine, based on the format and the network protocol, text in the data. The device may determine whether the text includes a reference from a plurality of references. The plurality of references may identify addresses associated with malicious devices. The device may selectively forward the data to a second endpoint device based on determining whether the text includes the reference.

Abstract: The present invention relates to methods, systems and non-transitory computer-readable storage medium for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the same type from PEBs. The executing tier controls network traffic of the IoT devices of the private network to comply with the security policies.

Abstract: A method, computer system, and computer program product that generates a whitelist for each subject device in a field area network (FAN). The whitelist includes one or more whitelist entries corresponding to one or more peer devices in the same FAN communicating with the subject device. Each whitelist entry includes one or more attribute values expected in respective traffic between the subject device and each peer device that is represented by a respective whitelist entry. The traffic in the FAN is monitored at one or more points of the FAN for anomaly by use of the whitelist.

Abstract: A method for associating an application program with a biometric feature, an association apparatus, and a mobile terminal, and relate to the field of communications technologies. The method includes obtaining a biometric feature association request of a first application, receiving a first request from the first application, where the first request is used to request to associate the first application with a biometric feature, obtaining type information of the first application, determining a second application installed on a mobile terminal, where type information of the second application matches the type information of the first application, and the second application is associated with a first biometric feature, and associating the first application with the first biometric feature. Hence, quick biometric feature association is implemented, and biometric feature association efficiency is improved.

Abstract: A combining apparatus has an acquiring unit that acquires script codes included in a website and having been divided and written at plural locations in the website; and a code combining unit that combines a plurality of the divided script codes written therein, based on a dependency between data in the divided script codes written therein acquired by the acquiring unit, or a dynamic generation relation arising from execution of the divided script codes written therein.

Abstract: The embodiments herein provide a secure computing resource set identification, evaluation, and management arrangement, employing in various embodiments some or all of the following highly reliable identity related means to establish, register, publish and securely employ user computing arrangement resources in satisfaction of user set target contextual purposes.

Abstract: A method for modifying a user session lifecycle is provided. The method may include verifying a user session on a cloud service provider is valid. The method may also include monitoring a plurality of user behaviors exhibited during the verified user session. The method may further include determining a plurality of session data within an identity provider should be updated based on the monitored plurality of user behaviors and a policy within a database. The method may also include modifying the determined plurality of session data.

Abstract: A means and system is designed to distinguish human users from bots (automated programs to generate posts or interactions) in social media (including microblogging services and social networking services) by assigning a likelihood score to each user for being a human or a bot. The bot score assigned to each user is computed from statistical, temporal and text features that are detected in user's social media interactions (relative indicators specific to a given social media data set) and user's historical profile information.

Abstract: An apparatus receives a signal to perform secure erasure of a storage medium. The apparatus, responsive to reception of the signal, erases the storage medium by performing at least the following operations. An encryption key is erased. The encryption key is stored on the storage medium and is used to encrypt data on the storage medium. The apparatus generates a fake encryption key that is different from the encryption key and stores storing the fake encryption key on the storage medium. The encryption key and/or fake encryption key may be stored on the medium in multiple parts. The encryption key may be generated using random data from the medium. The apparatus may be the storage medium or a computer system that access the storage medium. The erasure can be performed in response to a request by a user. The medium may be an erasure-resistant storage medium.

Abstract: A computing device determines a peer group identifier and supplements netflow records with the peer group identifier. An authentication event block object is received that was sent to a first source window. The authentication event block object includes a user identifier, an IP address, and a peer group identifier. Members of the peer group are identified based on an expected network activity behavior. The user identifier and the peer group identifier are stored in association with the IP address in a cache. A netflow event block object sent to the first source window is received that includes a netflow packet IP address. Netflow data is parsed from the netflow event block object into a netflow record. When the stored IP address matches the netflow packet IP address, the netflow record is supplemented with the user identifier and the peer group identifier. The supplemented netflow record is output to summary data.

Abstract: A method, computer-readable medium, and apparatus for classifying mobile traffic for securing a network or a mobile user endpoint device are disclosed. For example, a method may include a processor for classifying mobile network traffic using a probabilistic model for a plurality of mobile software applications based on a distribution of domain names, detecting an anomaly associated with a mobile software application of the plurality of mobile software applications, and performing a remedial action to address the anomaly.

Abstract: Methods of sensory input integrity attestation are provided. Artifacts included within devices under test inject a known noise signal into the output signal of one or more output devices that are detectable by one or more input devices (i.e., sensors) of an embedded device, and monitor the received input data. By comparing the received signal against the expected noise signal, attestation of the validity of sensory input data is possible. Such sensory input data attestation is capable either locally or using a remote attestation device with knowledge of the expected data stream.

Abstract: A domain name registrar may provide a service for a domain name registrant to automatically and without further action by the domain name registrant (other than possibly paying for the service) enable secure socket layer (SSL) for a domain name to a third party hosting service, even when the domain name registrar does not own or control the third party hosting service. The invention allows a user (that may or may not be the domain name registrant) to use the domain name registered to the domain name registrant to communicate with a domain name registrant account (possibly a website) on the third party hosting service via a proxy server. The communication between the user and the proxy server may be encrypted such as by the SSL protocol.

Abstract: In one embodiment, a system includes a Headend apparatus including a watermark processor to generate secondary video streams from sections of a primary video stream, group the secondary video streams in groups of at least two secondary video streams, the secondary video streams including units of data for use in watermarking across cryptoperiods in an end-user device which selects one secondary video stream in each group for rendering as part of a composited video stream in order to embed units of data of an identification in the composited video stream, wherein in each cryptoperiod, the watermark processor is operative to generate different groups of the secondary video streams from different non-overlapping portions of the primary video stream, and an encryption processor to generate control words, encrypt each secondary video stream with a different control word, and change the control word of each secondary video stream every cryptoperiod.

Abstract: The present disclosure relates to a sensor network and Internet of Things (IoT) as applied to intelligent services based technologies such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. An apparatus and method for controlling an electronic device through a mesh network of such electronic devices are provided. In a method for controlling an electronic device, a terminal transmits to the electronic device, a terminal identifier for authenticating the terminal and information for authenticating a user of the terminal. If authentication of the terminal is successfully completed, the terminal transmits control information containing at least one service identifier classified according to service types to the electronic device. The control information is transmitted to another electronic device, based on the service identifier, through a network in which the electronic device is connected to another electronic device.