Abstract: A ledger stores chain of custody information for files throughout an enterprise network. By identifying files with a homologous identifier such as a fuzzy hash that permits piecewise evaluation of similarity, the ledger can be used to track a chain of custody over a sequence of changes in content, ownership, and file properties. The ledger can be used, e.g., to evaluate trustworthiness of a file the first time it is encountered by an endpoint, or to apply enterprise policies based on trust.

Abstract: Example techniques detect incidents based on events from or at monitored computing devices. A control unit can detect events of various types within a time interval and aggregate the detected events into an incident. The control unit can detect patterns within the events based at least in part on predetermined criterion. In examples, the control unit can determine pattern scores for the patterns based on the probability of occurrence for the patterns and determine a composite score based on the pattern scores. The control unit can determine that an incident indicating malicious activity has been detected based in part determining that the composite score is above a predetermined threshold score. In some examples, the control unit can classify and rank the incidents. The control unit can determine if an incident indicates malicious activity including malware or targeted attack.

Abstract: In an aspect of the disclosure, a method, a computer-readable medium, and an apparatus are provided. In certain implementations, the apparatus may establish at least one encryption key with a second device. The apparatus may generate an NDEF message. In certain aspects, the NDEF message may include one or more NDEF records. In certain other aspects, each of the one or more NDEF records may include an NDEF record header and an NDEF record payload. The apparatus may encrypt the NDEF message based at least in part on the at least one encryption key such that the NDEF record payload of each of the one or more NDEF records is encrypted and the NDEF record header of each of the one or more NDEF records is unencrypted. The apparatus may transmit the NDEF message to the second device upon encryption.

Abstract: An allowed client server, that is authorized to access a resource server over a given port, receives a client request, from a client computing system, to access the resource server. The allowed client server authenticates and authorizes the request, using an authentication and authorization mechanism, and selects a port with which to communicate with the client computing system. The identity of that port is provided to the client computing system, and a port forwarding mechanism forwards traffic between the client computing system and the resource server, through the client-facing port and to the given port on the resource server.

Abstract: This document describes a system and method for generating two types of session keys for encoding digital communications between two devices. In particular, the first type of session key possesses escrow properties whereby a trusted third party will be able to generate the first type of session key to decode the digital communications between the two devices while the second type of session key does not possess escrow properties.

Abstract: The present invention relates to a biometric system (FBS) comprising a sensor (FS) and a secure execution environment (SEE) as separate physical components, said biometric system being intended to be used in cooperation with a biometric application (BA), wherein said secure execution environment (SEE) comprises a data processing component (DP) and a secure memory (SEM) storing data enabling to access calibration data as determined at the time of the physical pairing of the sensor (FS) and the secure execution environment (SEE), said data processing component (DP) using the calibration data as retrieved when raw biometric data are received from the sensor (FS) to produce biometric sample to be used in the biometric application (BA).

Abstract: There are provided systems and methods for identity confirmation during authentication requests using nearby devices. A device and/or service provider may detect an authentication request, including one for device process or a service provider interaction. In response to the request, the device may scan for nearby devices over short range wireless communications and identify one or more devices that are close to the device. An identity confirmation request may be generated, which may include a picture of a user that should be performing the authentication, such as a user owning the device or account that is being accessed. The request may be transmitted to the nearby devices to require that users of the nearby devices can identify that user and utilizing the device to process the authentication request. This may include using facial recognition to image the user by the other devices.

Abstract: A method of cleaning up a virus program, in an electronic terminal including at least one processor, is provided. An operable interface is displayed on a terminal locked page in response to a first operation instruction on the terminal locked page, the terminal locked page being a page of the virus program and displayed on a screen of the electronic terminal. A second operation instruction on the operable interface is obtained, and identifier information of the virus program is obtained in response to the second operation instruction. The virus program is controlled to run by displaying an auxiliary page on the screen of the electronic terminal in a bring-to-front manner. The virus program is cleaned up based on the identifier information.

Abstract: A system and method of verifying a user for participation in a block chain of a distributed network. The method includes receiving, by one or more validation devices of the distributed network, a request for participation in adding transaction records to the block chain, the request being received from a mobile communication device of the user and including behavioral data collected by the mobile communication device. In response to determining that the behavioral data satisfies a human characteristic threshold, determining that the behavioral data is not associated with another device of the distributed network. In response to both those conditions above, verifying the user and enabling the user to participate in the block chain distributed network by adding a block including transaction records to the block chain via the mobile communication device.

Abstract: Techniques and architectures to manage personal data. Permissions are maintained information for one or more portions of the electronic personal record. Connection information for the one or more portions of the electronic personal record are maintained. At least one of the one or more portions of the electronic personal record information from a static document provided by the user and dynamic information obtained via an integration with an external data source. The one or more processors further to evaluate claims on portions of the electronic record from providers utilizing attribute-based security mechanisms. The corresponding portions of the electronic personal record are selectively provided in response to results of the evaluation.

Abstract: A memory stores a catalog of applications and a catalog of trusted sources. A processor detects that a first user attempted to install an application, determines that a source of the application is in the catalog of trusted sources, scans the application to determine that the application does not contain a virus, and determines that there is a first license that allows the first user to install the application. The processor also stores the application into a repository and adds the application to the catalog of applications. The processor receives a request from a second user to install the application, determines that the application is in the catalog of applications, and determines that there is a second license that allows the second user to install the application. The processor further retrieves the application from the repository and initiates installation of the application on a device of the second user.

Abstract: An example method may include a processing system including at least one processor detecting an interaction of a first user and a second user, providing a temporary authorization to the second user to access a data set based upon an authorization of the first user to access the data set, wherein the providing the temporary authorization is in response to the detecting the interaction, generating a record of an access of the second user to the data set, wherein the record includes a notation of the temporary authorization of the second user to access the data set based upon the authorization of the first user, detecting an end to the interaction of the first user and the second user, and revoking the temporary authorization of the second user to access the data set in response to the detecting of the end of the interaction.

Abstract: A server kernel processing system receives an input/output (I/O) request from a user mode computing environment. The I/O request is analyzed to determine whether it is a file open request. If so, target analysis logic determines whether the file open request is for a driver file or for a file within a protected volume that stores a driven whitelist file. If the file open request is for a file stored in a protected volume, the request is blocked. If the file open request is for a driver file, then the driver whitelist file is examined to determine whether the target driver is on the whitelist. If not, the file open request is also blocked.

Abstract: The method includes: receiving, by a first member device, a second EAPOL-MKA packet sent by a second member device; determining, by the first member device, a first cipher suite, and determining a first secure association key SAK corresponding to the first cipher suite; and sending, by the first member device, the first cipher suite and the first SAK to the second member device in CA. Based on the foregoing technical solution, a device in the CA may determine a cipher suite and a secure association key corresponding to the cipher suite that are used for MACsec secure data transmission. In addition, all devices in the CA support the determined cipher suite. In this way, a problem that the cipher suite needs to be re-determined because one or more devices do not support the cipher suite determined by the first device can be avoided.

Abstract: The present disclosure relates to systems and methods of control access to a controlled-access area. The method includes receiving offsite sensor data, receiving offsite user identification data corresponding to the offsite sensor data, determining that the offsite sensor data satisfies an organizational standard, determining that the offsite user identification data corresponds to an approved user, and transmitting a notification to a user device. The method may also include receiving onsite user information and using the offsite sensor data and the onsite user information to determine if a user is approved for access to an access-controlled area. In some examples, the offsite sensor data may be temperature data associated with a febrile condition of a user attempting to gain access to the controlled-access area.

Abstract: A cloud-based fleet of sandboxes is scalable along two tiers. Additional sandboxes may be added to a particular sandbox network in a particular sandbox stack, or additional sandbox stacks may be added. Isolation of individual sandboxes within a sandbox network is provided by virtual switches or routers, and subnetting. Isolation of sandbox networks is provided by network or port address translation, and by running hypervisors in respective infrastructure-as-a-service virtual machines. Provisioning efficiency can be provided by the two-tiered architecture, by use of differencing disks, by use of virtual machine scale sets, and by hybrid core-count sandboxes. Sandboxes may be secured but still have outgoing internet connectivity. Workloads run in the sandbox may include builds, tests of development code, investigations of possible malware, and other tasks.

Abstract: An apparatus includes a processor and a memory operatively coupled to the processor. The processor is configured to automatically send queries to client devices, and to receive responses from the client devices in response to the queries. The processor is configured to identify, based on the responses and on role information stored in an Active Directory database, roles of current users of the client devices and identify based on the roles security risks associated with the client devices. The roles can differ among users. The processor is configured to select a remedial action for at least one of the client devices based on the security risk associated with that client device, and is configured to implement the remedial action on that client device. The processor is configured to not select a remedial action for another of the client devices based on the security risk associated with that client device.

Abstract: An electronic device and method that are robust against attacks on encryption-related vulnerabilities as detection of an encryption algorithm based on if artificial intelligence technology is enabled are provided. A security enhancement method includes a hooking loading of an executable code into a memory, inputting the executable code into an encryption code identification model that is based on an artificial neural network, determining, by the encryption code identification model, whether the loading of the executable code into the memory is allowed, and when the loading of the executable code is not allowed, blocking the loading of the executable code into the memory.

Abstract: For a network including multiple computers acting as tunnel endpoints in a network, some embodiments provide a method for processing data messages in parallel using multiple processors (e.g., cores) of each computer. Each computer in some embodiments has a set of interfaces configured as tunnel endpoints connecting to multiple tunnels. In some embodiments, the multiple processors encrypt data messages according to a set of encryption parameters or multiple sets of encryption parameters that specify an encryption policy for data messages requiring encryption, an encryption algorithm, an encryption key, a destination network address, and an encryption-parameter-set identifier.

Abstract: A trusted device responsible for evaluating trustworthiness of unknown devices is provided. Trust evaluation rules usable to determine whether to authorize unknown devices to access a resource are received. A request to access the resource and device evaluation attributes are received from an unknown device. The trustworthiness of the unknown device is evaluated based upon the device evaluation attributes using the trust evaluation rules. In response to determining that the unknown device is trustworthy, a credential for accessing the resource is provided to the unknown device, and the device evaluation attributes of the unknown device and an identification of the unknown device are sent to a registrar for the resource.