Abstract: The invention relates generally to an alternate display generation based on user identification of unauthorized users. When the user is identified as an unauthorized user, the organization may present an alternative interface to the unauthorized user. The organization monitors how the unauthorized user utilizes the alternative interface, such as action requests that the unauthorized user may take through the use of the alternative interface. In response to any action requests from the unauthorized user, the organization may take alternative actions in order to make it seem that the unauthorized user was successful in the action request. In this way, the organization may monitor the use of the alternative interface by the unauthorized user, and capture additional information from the unauthorized user in order to identify, track, and/or prevent access by unauthorized users in the future.

Abstract: The invention relates to alternate user communication routing for a one-time credential. When a user is determined to be an unauthorized user, the unauthorized user may be provided with an alternative one-time credential (e.g., one-time password, or the like) in response to the user trying to take an action (e.g., to access the organization systems in order to access information). When the unauthorized user tries to utilize the alternative one-time credential, the organization may identify the user as unauthorized and determine how to respond to the unauthorized user. In addition to the alternative one-time credential, one or more additional alternate treatments may be presented to the unauthorized user in order to identify, track, and/or prevent access by the unauthorized user.

Abstract: A system and methods for alternate user communication routing are described. Unauthorized users are identified and alternate treatments are provided in order to deter unauthorized access and create opportunities for data collection. The use of a varied set of alternate treatments provides an enhanced view of unauthorized user behavior and an increased ability to track future unauthorized user actions by recording various user identity/communication characteristics specific to known unauthorized users. Alternate treatments may be provided randomly based on a set of alternate treatments previously provided to a specific user, or may be varied based on an identified group of unauthorized users presumed to be acting in concert.

Abstract: Embodiments are directed to securing system management mode (SMM) in a computer system. A CPU is configurable to execute first code in a normal mode, and second code in a SMM. A SMM control engine is operative to transition the CPU from the normal mode to the SMM in response to a SMM transition call, and to control access by the CPU in the SMM to data from an originator of the SMM transition call. The access is controlled based on an authorization state assigned to the SMM transition call. An authorization engine is operative to perform authentication of the originator of the SMM transition call and to assign the authorization state based on an authentication result. The CPU in the SMM is prevented from accessing the data in response to the authentication result being a failure of authentication.

Abstract: An Active Cyber Defense method and system is provided for detecting and stopping malicious cyber activity including for example Drive-By Exploits, Malicious Binaries, Data Exfiltration, Social Engineering and Credential Stealing Attacks. The system disclosed herein can be configured to detect and block multi protocol network-based cyber attacks targeting different platforms or operating systems. The system can also be configured to be scalable. The system as disclosed herein can conduct real time inspection of network traffic and can self-learn and adapt as needed to a changing cyber threat landscape.

Abstract: A method for aiding detection of infection of a terminal by malware. The method includes: reception of a current request originating from the terminal asking for access to a resource of a network; detection that the resource requested is malevolent; when the current request includes a reference to an initial resource, verification that access to the initial resource has been requested from the terminal in at least one earlier request, the initial resource having been detected legitimate during processing of the earlier request; and wherein the current request being then considered to be an attempt to infect the terminal.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which provides a SilverlineRT system that prioritizes and analyzes security alerts and events. The server builds an attack tree based on attack detection rules. The server monitors large-scale distributed systems and receives alerts from various devices. The server determines attacks using the attack tree while excluding false alarms. The server determines impact and risk metrics for attacks in real-time, and calculates an impact score for each attack. The server ranks and prioritizes the attacks based on the impact scores. The server also generates real-time reports. By consider the mission and system specific context in the analysis alert information, the server gives insight into the overall context of problems and potential solutions, improving decision-making. By showing the impacts of alters, the server allows security personnel to prioritize responses and focus on highest value defense activities.

Abstract: A system for producing secure data management software, comprising at least one hardware processor adapted to: receive a plurality of data patterns, each comprising at least one data field identifier selected from a set of protected data field identifiers of at least one data repository, at least one output target, and an access instruction; identify in a plurality of computer instructions of the data management software one or more forbidden output instructions by matching one or more reaching definitions of some of the plurality of computer instructions with one or more of the plurality of data patterns; and remove the one or more forbidden output instructions from the plurality of computer instructions.

Abstract: In preventing malicious operator placement in a streaming application, a stream computing management system receives a submission of an operator graph for the streaming application. A scheduler of the stream computing management system places the operators across a plurality of computing nodes. A threat detector of the stream computing management system monitors placements of the operators during the submission of the operator graph and a runtime of the streaming application. The threat detector further monitors runtime activities of the operators of the streaming application. The threat detector compares the runtime activities of the operators of the streaming application with stored activities patterns. The threat detector determines whether any anomalies identified based on the comparing exceeds a risk tolerance threshold. In response to an anomaly exceeding the risk tolerance threshold, the scheduler changes a placement of at least one of the operators.

Abstract: Systems and methods for controlling data access through the interaction of a short-range transceiver, such as a contactless card, with a client device are presented. Data access control may be provided in the context of creating and accessing a secure memory block in a client device, including handling requests to obtain create and access a secure memory block via the interaction of a short-range transceiver, such as a contactless card, with a client device such that, once the secure memory block is created in memory of the client device, personal user data may be stored in the secure memory block, and access to the stored personal user data may only be provided to users authorized to review the data.

Abstract: A given packet of the packetized data flow of packets is received. The given packet (145) is selectively discarded depending on at least one of the flow history of the packetized data flow and up pseudorandom test. In some embodiments, the selectively discarding is selectively executed of the given packet is at least partially overlapping with at least one further packet of the packetized data flow. Such techniques may find particular application in network-based intrusion prevention systems.

Abstract: A method of communicating between a terminal device and a back-end system assigned to the terminal device, the terminal device receives via a direct wireless communication link an authorization code from the mobile communication device. Responsive to receiving the authorization code, the terminal device transmits via the direct wireless communication link to the mobile communication device a terminal report message which includes a message content part and a message addressing part. The mobile communication device transmits the terminal report message in a forwarding message via a telecommunications network to a remote message processing system determined by the addressing part. The remote message processing system determines from the addressing part the back-end system assigned to the electronic terminal device and transfers the content part of the terminal report message to the back-end system.

Abstract: The disclosure relates to a method (20) for a serving device (3) of establishing a computational puzzle for use in communication between a client device (2) and the serving device (3). The method (20) comprises establishing (21), in the serving device (3), the computational puzzle (p) based on a key shared by the client device (2) and the serving device (3) and on a solution (s?, s?) to the computational puzzle (p). Further method (30) in a serving device is provided, methods (60, 70) for client devices (2), serving devices (3), client devices (2), computer programs and computer program products.

Abstract: In some embodiments, systems, methods, and devices disclosed herein enable trusted sharing of private data and/or transactions via a distributed ledger, while maintaining data consistency properties. Some embodiments provide and utilize one or more independent and/or dependent channels. In particular, in some embodiments, one or more independent and/or dependent channels can exist on a single distributed ledger, wherein participants or nodes that are members of a particular channel can view and access the information in a given network transaction. To other participants or nodes not on the particular channel, however, only an encrypted or redacted version of the information can be viewable, thereby not disclosing the transaction information to such participants or nodes. In some embodiments, consistency properties may be preserved even in the presence of selective sharing of transaction information with proofs of validity.

Abstract: An intermediary data handler is used in a Secured Data Storage Subsystem (SDSS), to provide a host electrical computer system with security of certain data stored in memory of the computer system's static data storage device. The intermediary data handler is functionally disposed between the operating system (OS) and data storage device of the host computer. The data handler has Processor, Memory, and User Interface circuits, and resident software adapted to generate mocked-up response data in reply to an unauthorized read/write communication from the OS, the mock data response being automatically formatted to have a content and data-structure format acceptable by the host OS, while isolating and controlling the original communication from the OS. The SDSS includes host software adapted to integrate operation and function of the intermediary data handler with the host computer system to accomplish the security of data stored on the storage device.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing blockchain-based centralized ledger systems. One of the methods includes: transmitting a timestamp request for a to-be-timestamped block in a blockchain to a trust time server by a ledger server in a centralized ledger system that stores data in the blockchain, the trust time server being associated with a trust time authority and independent from the centralized ledger system, the blockchain including a plurality of blocks storing transaction data, receiving a timestamp and associated signature for the to-be-timestamped block from the trust time server by the ledger server, and storing information of the timestamp and the associated signature for the to-be-timestamped block in the blockchain by the ledger server.

Abstract: To prevent un-authorized accesses to data and resources available in workloads on an organization's or enterprise's computer network, various improvements to automated computer network security processes to enable them to enforce network security policies using native network security mechanisms to control communications to and/or from workload units of applications running on different nodes within hybrid computer network infrastructures having both traditional hardware resources and virtual resources provided by private and public cloud infrastructure services.

Abstract: A method for propagating configuration data using a blockchain includes: storing a blockchain comprised of a plurality of blocks, each being comprised of a block header having a timestamp and one or more configuration transactions; receiving one or more configuration data items; generating a new configuration transaction for each configuration data item; hashing a most recent block identified based on the timestamp included in the respective block header to generate a previous block hash value; hashing a combination of the new configuration transactions and/or data associated therewith to generate a current block hash value; generating a new block header, the new block header including a current timestamp, the previous block hash value, the current block hash value, and a digital signature; generating a new block comprised of the new block header and each new configuration transaction; and updating the blockchain by appending the new block.

Abstract: In some examples, a method includes receiving a user input string and generating an application password for a particular application from the user input string. Generating the application password may include generating a key for the particular application and specifying a derivation parameter of the application password by applying an indiscriminate selection process to select a character set from multiple character sets for generating the application password. Generating the application password may also include mapping a portion of a hash value of the key and the user input string to characters of the character set selected through the indiscriminate selection process to obtain the application password.

Abstract: According to some embodiments, a plurality of monitoring nodes may each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. A node classifier computer, coupled to the plurality of monitoring nodes, may receive the series of current monitoring node values and generate a set of current feature vectors. The node classifier computer may also access at least one multi-class classifier model having at least one decision boundary. The at least one multi-class classifier model may be executed and the system may transmit a classification result based on the set of current feature vectors and the at least one decision boundary. The classification result may indicate, for example, whether a monitoring node status is normal, attacked, or faulty.