Abstract: Embodiments of the present invention disclose a method, computer program product, and system for authenticating a user. The application server receives a user log in request and determines if a unique identification accompanies the received user log in request. The application server uses the unique identification to authenticate the identity of the user. The application server determines if the unique identification has been previously received by searching a first database to see if the unique identification was already stored in the first database. If the unique identification is not in the first database then the application server stores the unique identification and grants the user access to the one or more applications hosted on the application server.

Abstract: Concepts and technologies are disclosed herein for scored factor-based authentication. A verification service can receive an authentication request from a requestor, wherein the authentication request identifies a transaction. The verification service can determine a risk associated with the transaction, an authentication score based upon the risk, and a number of groups of authentication factors, each of which can satisfy the authentication score. The verification service can provide factor group data identifying the number of groups of authentication factors to the requestor.

Abstract: A write operation is performed in a memory system by encoding, in the memory system, original data transmitted from a host system, according to a first type of host command, to produce an encoding result, transmitting information about the encoding result to the host system after the encoding, and writing the encoding result or the original data into a nonvolatile memory device, according to a second host command, wherein the second host command is transmitted from the host system based on the information about the encoding result.

Abstract: Systems, methods and media are shown for automatically detecting a use-after-free exploit based attack that involve receiving crash dump data relating to a fault event, determining whether the fault event instruction is a call type instruction and, if so, identifying a UAF attack by checking whether it includes a base address in a first register that stores a pointer to free memory and, if so, generating a UAF alert. In some examples, generating a use-after-free alert includes automatically sending a message that indicates a UAF attack or automatically triggering a system defense to the UAF attack. Some examples may include, for a call type faulting instruction, identifying a UAF attack, checking whether a base address in the first register includes a pointer in a second register to a free memory location associated with the base address.

Abstract: A secure messaging platform for an enterprise environment is disclosed. The secure messaging platform enables users to exchange encrypted communications. Further, the secure messaging platform allows enterprise platforms to review the encrypted communications to ensure that they comply with company policies. Messages that comply with company policies may be provided to their intended recipients, while messages that fail to comply with company policies are not provided to their intended recipients. Additionally, the encrypted communications may be retained for a predetermined time.

Abstract: To raise confidentiality of the value stored in the ROM, in an IC having a built-in or an externally-attached ROM storing a value (program and/or data) encrypted using a predetermined cryptographic key. The IC includes the ROM storing the encrypted value (program and/or data), a unique code generating unit, and a decrypting unit. The unique code generating unit generates a unique code specifically determined by production variation. The decrypting unit calculates a cryptographic key on the basis of the generated unique code and a correction parameter, and decrypts the encrypted value readout from the ROM by using the calculated cryptographic key. The correction parameter is preliminarily calculated outside the IC, on the basis of an initial unique code generated from the unique code generating unit immediately after production of the IC, and the predetermined cryptographic key used for encryption of the value to be stored in the ROM.

Abstract: A computer-implemented method for detecting misplaced applications using functional categories may include (1) identifying a functional category assigned to an application located on a computing system, the functional category describing a field of functionality that the application performs, (2) identifying an additional functional category assigned to at least one of the computing system and another application located on the computing system, (3) applying a security policy to both the functional category assigned to the application and the additional functional category to determine whether the application belongs on the computing system according to the security policy, and (4) performing a security action to protect users based on the application of the security policy to the functional category assigned to the application and the additional functional category. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A users' data profiling network implementing a method of dynamic pseudonymization of users for ensuring user privacy, including: receiving at a data node new input data related to a user along with an associated new user pseudonym and an old user pseudonym; in the data node, finding user data record, corresponding to the received new input data, having stored therein a dynamic input user pseudonym equal to the old user pseudonym received together with the new input data or to one user pseudonym; temporarily storing, in the found user data record, the new input data; setting the dynamic input user pseudonym stored in the user data record equal to the last received new user pseudonym associated with the received input data related to the user; computing and storing an output user data profile in the user data record, and then erasing accumulated new input data from the user data record.

Abstract: A computer-implemented method for protecting computing systems from peripheral devices may include (1) identifying a peripheral device configured to perform a charging function and at least one non-charging function, (2) configuring an endpoint protection application with an endpoint protection rule that allows the charging function of the peripheral device and does not allow the non-charging function of the peripheral device, (3) detecting that the peripheral device is connected to a computing system that is provisioned with the endpoint protection application, and (4) applying the endpoint protection rule on the computing system to allow the charging function of the peripheral device so that the peripheral device is able to charge via the computing system and block the non-charging function of the peripheral device from being performed on the computing system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The invention discloses a sandbox technology based webpage browsing method and device. The method comprises: upon receiving an instruction for webpage browsing in a sandbox, starting a framework process outside the sandbox, so that an operation incurred in the framework process is processed outside the sandbox; intercepting a browser process created by the framework process and putting the browser process into the sandbox, so that a webpage access result is saved in a specified directory in the sandbox, and/or a script in the webpage runs in a virtual environment of the sandbox. The present invention not only ensures the convenience of user operations, but also meets the security requirement for webpage access.

Abstract: An analysis trigger monitoring system is provided in one or more virtual assets. One or more analysis trigger parameters, including security threat patterns, are defined and analysis trigger data is generated. The one or more analysis trigger monitoring systems are used to monitor at least a portion of the message traffic sent to, or sent from, the one or more virtual assets to detect any message including one or more of the one or more analysis trigger parameters. Any detected message is identified as a potential security threat and is assigned a threat score, which is provided to the virtual asset. A copy of at least a portion of any detected message including one or more of the one or more analysis trigger parameters is then transferred to one or more analysis systems for further analysis using a second communication channel.

Abstract: NAT systems are identified by detecting highly authenticated operations being made by multiple users from IP addresses. Users of a web service are authenticated in response to performing highly authenticated operations, such as identity proofing or multifactor authentication. Successful highly authenticated operations are tracked. A NAT system operating in conjunction with a specific IP address is identified, in response to a threshold number of different users successfully performing highly authenticated operations from the specific IP address within a specific amount of time. The total number of users behind the identified NAT system is estimated, based on the rate at which different users successfully perform operations from the specific IP address. One or more additional action(s) are taken to manage the processing of traffic originating from the specific IP address, taking into account that multiple users are operating behind the identified NAT system. An example action is rate limiting.

Abstract: Methods, and mobile devices implementing the methods, use application-specific and/or application-type specific classifier to improve the efficiency and performance of a comprehensive behavioral monitoring and analysis system predicting whether a software application is causing undesirable or performance depredating behavior. The application-specific and application-type specific classifier models may include a reduced and more focused subset of the decision nodes that are included in a full or more complete classifier model that may be received or generated in the mobile device. The locally generated application-specific and/or application-type specific classifier models may be used to perform real-time behavior monitoring and analysis operations by applying the application-based classifier models to a behavior/feature vector generated by monitoring mobile device behavior.

Abstract: The disclosed computer-implemented method for analyzing suspected malware may include (1) identifying a file suspected of including malware, (2) performing a static analysis of the file to identify at least one indication of an attack vector that the file uses to attack computing systems, (3) obtaining, from at least one computing system, telemetry data that identifies at least one indication of an attack vector that the file uses to attack computing systems, (4) constructing, using the indications obtained from the static analysis and the telemetry data, an execution profile that describes an execution environment that provides the attack vectors indicated by the static analysis and the telemetry data, and (5) configuring the execution environment described in the execution profile to test the file for maliciousness. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Disclosed are methods, apparatus, systems, and computer-readable storage media for modifying permission sets and validating permission set assignments to users. In some implementations, a computing device receives a request to create a permission set containing one or more permissions and assign the permission set to a first user. The first user is associated with a first user constraint that defines a first group of permissions available to the first user. The computing device may determine that the permission set to be assigned to the first user does not violate the first user constraint, and may assign the permission set to the first user.

Abstract: An apparatus includes a memory; and a processor coupled to the memory and configured to: authenticate an identification for accessing a first service by comparing a password associating with the identification with an first encrypted password that is generated by encrypting the password on the basis of a first encryption policy to authenticate an access to the first service; and provide a second service with the identification and the password to cause to generate information when an authentication of the identification is successful, the information being accessed to authenticate the identification when the second service is accessed based on the identification and the password.

Abstract: The disclosure relates to a trust heuristic model for reducing a control load in an IoT resource access network. For example, an authenticating node may challenge a client node that requests access to a resource and grant the access if the client node correctly responds to the challenge or alternatively deny the access if the client node incorrectly responds to the challenge. Furthermore, based on the response to the challenge, the client node may be assigned a trust level, which may be dynamically updated based on successive challenge-and-response exchanges and/or interactions with other IoT network nodes. For example, to reduce the resource access control load, subsequent challenge-and-response intervals may be increased or eliminated if the client node correctly responds to successive challenges over time, while client nodes that incorrectly respond to successive challenges over time may be blocked from accessing the resource or banned from the IoT network.

Abstract: In one embodiment, a method includes detecting a request from a user agent of a client computing device of a user to access a communication network through the router; and automatically redirecting the user agent from a first network resource to second network resource. The first network resource is configured to authenticate the user to provide access to the communication network. The second network resource is configured to authenticate the user to provide access to a particular domain of the communication network. The method also includes providing to the user agent access to the particular domain of the communication network if the second network resource successfully authenticates the user.

Abstract: A computer-implemented method for identifying variants of samples based on similarity analysis may include (1) collecting, from security agents on endpoint computing systems, metadata attributes that describe samples identified by the security agents over an initial period of time, (2) collecting metadata attributes that describe a current sample identified after the initial period of time, (3) comparing at least two of the metadata attributes that describe the current sample with corresponding metadata attributes of the samples identified over the initial period of time, (4) designating the current sample as related to another sample from the samples identified over the initial period of time based on the comparison of the two metadata attributes, and (5) performing a security action to protect a user from malware based on the designation of the current sample as related to the other sample. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system includes reception of authorization information associated with one or more database server sessions of a first user, the authorization information associating the first user, a second user, and an authorization period, establishment of a first database server session of the first user, establishment of a second database server session of the second user, reception, from the second user, of a request to debug the first database server session, determination, based on the authorization information, that the second user is authorized to debug the first database server session, and, in response to the determination, attachment of the second database server session to the first database server session, and transmission of debugging information of the first database server session to the second user.