Abstract: A packet intercept system includes probes along the field area network. A portion of the probes are mobile probes configured to receive and process a global positioning system signal. Intercepting by the mobile probes includes implementing a global positioning tag in each packet in the traffic data stream intercepted by the mobile probes, the global positioning tag includes a timestamp and global positioning system coordinates, derived from the global position system signal. The packet intercept system backhauls the traffic data stream to an additional network that is distinct from the field area network. Processors on the additional network obtain the traffic data stream and process the stream into a live traffic data stream by ordering each packet intercepted by the mobile probes in the processed live traffic data stream, based on the timestamp. The processors analyze the processed live traffic data stream.

Abstract: An optimization apparatus collects cyber attack information that is information related to a cyber attack, and system information that is information related to an entire system including a device that has received the cyber attack. Based on the collected cyber attack information and system information, the optimization apparatus identifies an attack route of the cyber attack, and extracts, as dealing point candidates, devices that are on the attack route and have an effective dealing function against the cyber attack. Subsequently, the optimization apparatus selects a dealing point from the extracted dealing point candidates by using optimization logic that has been set.

Abstract: An access determination management system obtains information regarding various different entities in a system (e.g., a networked environment) and what rights or privileges those entities have. An entity, also referred to herein as a principal, can be a user, a computing device, a group of users, a group of computing devices, or a service. The rights or privileges that an entity has includes, for example, whether administrative privileges are available to the entity, whether a particular program can be executed, whether an entity is a member of another entity, and so forth. The access determination management system uses the obtained information to generate and display a graph of the environment. The graph of the environment includes the different objects as well as links between the objects that indicate rights or privileges one object has with respect to another.

Abstract: A method for securely communicating digital content includes steps of: (1) receiving data from a plurality of key sources; (2) retrieving a plurality of data sets from the data, each one of the plurality of data sets comprising a plurality of data units; (3) extracting a plurality of selected data units from the plurality of data units; (4) generating a custom key using the plurality of selected data units; (5) encrypting content using the custom key; and (6) transmitting encrypted content.

Abstract: Computer systems and methods are provided in which an agent executive running concurrent with a security module, when initially executed, obtains an agent API key from a user. This key is communicated to a grid computer system. An agent identity token, generated by a cryptographic token generation protocol when the API key is valid, is received from the grid and stored in a secure data store associated with the agent executive. Information that evaluates the integrity of the agent executive is collected using agent self-verification factors. The information, encrypted and signed with a cryptographic signature, is communicated to the grid. Commands are obtained from the grid by the agent executive to check the security, compliance, and integrity of the computer system. Based on these check results, additional commands are obtained by the grid by the agent executive to correct security, compliance, and integrity problems and/or to prevent security comprises.

Abstract: Systems and methods for identifying fraudulent Internet traffic are provided. A tracking script is provided that generates a unique URL encoding an IP address of a client device. In order to find an IP address associated with the unique URL, a request for the IP address associated with the unique URL is received at a DNS resolver server from a DNS server upstream from the client device. The IP address of the client device, the DNS server upstream from the client device and the DNS resolver server in a database are correlated to obtain information about the Internet traffic to determine the likelihood that the traffic is fraudulently generated.

Abstract: A method for authorization management in an arrangement having multiple computer systems is disclosed.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive data related to execution of a sandboxed process, determine if a high privileged process was created by the sandboxed process, and block the sandboxed process from executing if the high privileged process was created by the sandboxed process and the data indicates the sandboxed process is attempting a sandbox bypass attack. In an example, the high privileged process was created by the sandboxed process if a resource folder is associated with a sandbox folder. In another example, the high privileged process was created by the sandboxed process if a resource folder was created by a broker process in response to a request by the sandboxed process.

Abstract: A system and method is described for protecting applications against malicious URL links by identifying a final destination. The system and method also includes enabling a user process to directly connect to the final destination, bypassing the original URL altogether; thereby bypassing the hacker's ability to use that URL to programmatically send the application to a malicious site.

Abstract: In one implementation, a static analysis system can include an operator engine to identify a modification operation on a string based on a structural comparison of program code to a static analysis rule, a label engine to maintain a label with the string based on the static analysis rule, and a sink engine to identify that the label denotes a string property and provide an analysis message associated with the string property based on the label.

Abstract: The APPARATUSES, METHODS AND SYSTEMS FOR A SECURE RESOURCE ACCESS AND PLACEMENT PLATFORM (“SRAP PLATFORM”) provides a secure supporting infrastructure within a corporate network framework and applications based thereon for use and placement of corporate resources. A non-trusted device may be authorized to access and use corporate resources, and the corporate network server may manage the placement of resources via the SRAP PLATFORM.

Abstract: The authenticity of a product associated with a host device is verified through a process. The product contains, in segments of a non-volatile memory, several different functions stored in ciphered fashion. The process involves, in a first phase, the sending by the host device of a control signal for executing a function, with the product functioning to decipher the function and store the unciphered function in the non-volatile memory. The process further involves, in a second phase, the sending by the host device of a control signal for causing execution of the deciphered function, with the product functioning to execute the function and send a result of this execution back to the host device. The host device evaluates the received result to verify product authenticity.

Abstract: Apparatus and method for managing entropy in a cryptographic processing system. In some embodiments, a first block of conditioned entropy is generated from at least one entropy source. The first block of conditioned entropy is subjected to a first cryptographic process to generate cryptographically secured entropy which is stored in a memory. The cryptographically secured entropy is subsequently retrieved from the memory and subjected to a second cryptographic process to generate a second block of conditioned entropy, which is thereafter used as an input in a third cryptographic process such as to encrypt or decrypt user data in a data storage device. The first cryptographic process may include an encryption algorithm to generate ciphertext and a hash function to generate a keyed digest value, such as an HMAC value, to detect tampering with the ciphertext by an attacker. The second cryptographic process may decrypt or further encrypt the ciphertext.

Abstract: It can be difficult to manage assets, particularly when determining ownership of assets. Systems and methods for facilitating identification of ownership of an asset include identifying an asset (e.g., an item capable of being owned), identifying one or more actors (e.g., an entity capable of owning an asset), and identifying interactions between the asset and each actor. The systems and methods additionally apply a decay factor to the identified interactions to cause a reduction in the significance of the identified interactions between the asset and each actor and produce an asset ownership score for each actor based on the decay-modified interactions. The resulting asset ownership score for each actor is provided to an entity in a fashion that allows the entity to identify a comparative likelihood that each actor is a potential owner of the asset.

Abstract: Techniques are provided for smoothing discretized values used, for example, for authentication or identity assurance. An illustrative method comprises obtaining at least one probability of transitioning between at least two discretized values of a given feature; computing a smoothed feature score for the given feature for a transition from a first one of the discretized values to a second one of the discretized values based on the probability of the transition from the first discrete value to the second discrete value; and performing one or more of authenticating a user and verifying an identity of a user based at least in part on the smoothed feature score. The probabilities of transitioning between the discretized values are optionally stored in a transition matrix. Feature scores for first and second discretized values are optionally weighted based on the probability of the transition from the first discrete value to the second discrete value.

Abstract: In remediating a computer vulnerability, operations to be performed to correct the vulnerability are identified. Remediation processors are scheduled to perform the operations. Whether the vulnerability has been corrected is determined by: determining whether the operations have been performed successfully; and determining whether the operations have been performed by authorized remediation processors.

Abstract: Described herein are techniques for selecting a subset of access points. In an example, a wireless access point stores a plurality of unique keys, each unique key being associated with a respective device. The access point advertises a first service set identifier, the first service set identifier requiring authentication of a device requesting connection at a remotely located authentication server. The access point monitors a connection to the remotely located authentication server, and, in response to the connection going down, advertising a second service set identifier, the second service set identifier requiring authentication of a device requesting connection using the unique key associated with the device requesting connection.

Abstract: Implementations may obtain a backup from a first storage system accessible outside a local area network (LAN). The backup may be stored on a second storage system inaccessible outside the LAN. An authorized backup user may be authenticated and the backup may be copied from the to a third storage system accessible outside the LAN.

Abstract: In some embodiments, a non-transitory processor-readable medium stores code representing instructions configured to be executed by a processor. The code includes code to cause the processor to receive, at a first compute device, (1) a message signed using a signature associated with a derived private key of a second compute device, and (2) an identifier. The code further includes code to cause the processor to retrieve, using the identifier, an ascendant public key associated with the second compute device. The code further includes code to cause the processor to generate, using a key derivation function with the ascendant public key and the identifier as inputs, a derived public key that is paired with the derived private key. The code further includes code to cause the processor to authenticate the second compute device by verifying the signature using the derived public key.

Abstract: An anti-malware device 50 includes: a risk information storage unit 51 in which risk information 510 is stored, in which there are associated a value indicating an attribution of an information processing device 60 for executing software 600, a value indicating an attribution of the software 600, and a value that indicates the degree of risk when the software 600 is executed; a subject attribution collection unit 53 for collecting the value indicating the attribution of the information processing device 60; an object attribution collection unit 54 for collecting the value indicating the attribution of the software 600; and a determination unit 55 for determining that the software 600 is malware when the value indicating the degree of risk obtained by comparing the risk information 510 and the values collected by the subject attribution collection unit 53 and object attribution collection unit 54 satisfies a criterion.