Abstract: Methods, non-transitory computer readable media, access policy management apparatuses, and network traffic management systems that send a request received from a client to an application server along with an access token. A determination is made when a received response to the request comprises an unauthorized HyperText Transfer Protocol (HTTP) response status code. The access token is refreshed using a stored refresh token, when the determining indicates that the response is an unauthorized HTTP response status code. The request is resent to the application server along with the refreshed access token. With this technology, an intermediary access policy management apparatus can refresh access tokens automatically and without sending any unauthorized HTTP response status codes received from application servers to client devices, or requiring user re-authorization at the client devices thereby improving the user experience in single sign-on (SSO) federated identity environments.

Abstract: Managing network communications is provided. An indication that a network device has been added to a local network is received. In response to receiving the indication that the network device been added to the local network, metrics corresponding to the network device added to the local network are detected. A device fingerprint corresponding to the network device added to the local network is generated based on the detected metrics.

Abstract: A method implemented by a firewall device in a network, comprising storing, by a memory, a firewall policy comprising information indicating whether to forward a data packet from a sending host entity to a receiving host entity, receiving, by a receiver, a data packet from a sending host entity, wherein the data packet includes an identifier of the receiving host entity, and determining, by a processor coupled to the memory and the receiver, whether to forward the data packet to the receiving host entity based on the firewall policy and the identifier of the receiving host entity.

Abstract: A computer-implemented method according to one embodiment includes receiving a data object from a first application running on a computing device, a unique identifier (ID) of the data object assigned by the first application, and an access permission for the data object from the first application. The computer-implemented method also includes storing the data object, the unique ID, and the access permission in a data repository in a data distributor layer on the computing device. The computer-implemented method also includes receiving, at an access controller layer of the computing device, a request for the data object from a second application, the request including the unique ID, and retrieving, by the access controller layer, the data object from the data distributor layer using the unique ID in response to the request. The computer-implemented method includes providing, by the access controller layer, the data object to the second application.

Abstract: An improved method and system of enabling the owner of an account associated with a resource to allow a second user to gain access to the resource or a particular aspect of the resource is disclosed. Solutions and implementations disclosed provide an easily manageable mechanism for allowing access to a resource, without the need for a complex administrator-based access control system. Instead, a negotiated account to account resource access arrangement is established between the first user's account and the second user's account to share some or all of the actions available to the first user for the resource.

Abstract: Embodiments herein describe segmenting a Wi-Fi network into different groups. The embodiments herein assign a user, a client device, or a traffic flow originating from a client device to a group. For example, all the client devices for a particular user can be assigned to the same group tag, or each traffic flow in the client device may be assigned to different groups. Each group corresponds to a group key which can be transmitted to the client device when the device associates to an access point (AP). As such, within the same service set identifier (SSID), there can be multiple groups, and thus, client devices can use different group keys to communicate with other client devices associated to the same SSID. Put differently, rather than all devices connected the same SSID being assigned to the same group, the client devices can be assigned in different groups.

Abstract: An example system may include a processor and memory, wherein the processor is configured to perform one or more of receive a first biometric sample of a user from a terminal, execute a smart contract to compare the first biometric sample against a pre-recorded second biometric sample stored on a blockchain, in response to the match, acquire shared data of the user from a communication service provider, execute a smart contract to generate a question based on the shared data, receive an answer to the question from the user and execute a smart contract to record the answer on the blockchain, and execute a smart contract to authenticate the user based on the answer to the question and the first biometric sample.

Abstract: Aspects of the subject disclosure may include, for example, generating a digital certificate responsive to an authentication of a user according to a dynamic biometric process, associating the digital certificate with a transaction record for the transaction, storing information associated with authentication conditions of the dynamic biometric process, receiving an access request associated with the transaction, and providing access to the transaction record, the information associated with the authentication conditions of the dynamic biometric process or a combination thereof responsive to the access request, where granting of the access is according to transmitting an access acknowledgement to equipment of the user, or obtaining another authentication to allow permission to access or a combination thereof. Other embodiments are disclosed.

Abstract: Systems and methods for mapping IP addresses to an entity include receiving at least one domain name associated with the entity. Embodiments may further include determining one or more variations of the at least one domain name based on analysis of domain name data collected from a plurality of domain name data sources that mention a variation of the at least one domain name. Some embodiments may also include identifying one or more IP addresses pointed to by the one or more variations of the entity's domain name based on analysis of IP address data collected from a plurality of IP address data sources. Additional embodiments include assigning weights to each of the identified one or more IP addresses and creating a mapping of IP addresses to associate with the entity based on analysis of the weighted one or more IP addresses.

Abstract: An apparatus and method for assessing cybersecurity vulnerabilities based on a serial port. The apparatus includes a vulnerability DB for storing vulnerability assessment items, a communication unit for configuring an environment for serial communication with an assessment target device and configuring a network environment, a vulnerability scanning unit for selecting a vulnerability assessment item for which cybersecurity vulnerability assessment is to be performed on the assessment target device, and performing scanning for checking the selected vulnerability assessment item on the assessment target device, a response analysis unit for analyzing a response of the assessment target device to the scanning, and setting one or more of an operating system, an application, and a protocol corresponding to the assessment target device, and a vulnerability presence determination unit for determining, using the set one or more of the operating system, application, and protocol, whether a vulnerability is present.

Abstract: A computing device includes: a trusted execution environment with access to a memory storing a deletable root key, the memory inaccessible by a second execution environment; and at least one processor operable in the trusted execution environment, wherein when operating in the trusted execution environment, the at least one processor is configured for: based on requests from the second execution environment, performing a root key operation on an encryption key utilized by the second execution environment to secure data the second execution environment; and deleting the root key upon detection of a security event.

Abstract: Embodiments include a method, system and computer program product for performing the detection of genuine social media profiles. In some embodiments, a request is received for a target user to join the social network. The request can be used to analyze one or more categories associated with a user profile information of at least one of a requesting user or the target user, and a category score can be calculated for one or more categories. A total score can be calculated from the one or more category scores, and a notification can be provided to the target user indicating the total score.

Abstract: A virtual assistant (VA) integrity monitor is provided to interface with a computer aided dispatch (CAD) center to ensure reliability of a VA server operating with a communication system. The VA integrity monitor generates a test query which is perceived by the VA server as being a real, user-generated query to which the VA server responds. The VA integrity monitor verifies that a response provided by the VA server meets predetermined criteria and communicates a result to the CAD center. The CAD center advantageously recognizes that the request and the response are based on a simulated test and therefore does not take action on either the query or the response. When the VA integrity monitor verifies that a response provided by the VA server does not meet the predetermined criteria, the CAD system can send out an alert.

Abstract: In some examples, a first computing device associated with a first blockchain node receives a transaction request along with related data for storage in an off-chain storage. The first blockchain node may send a communication to a second blockchain node to propose recording the transaction on the blockchain, which may result in the transaction being recorded in a new block on the blockchain as conditionally accepted pending validation of the related data. The first computing device may send the related data to a second computing device associated with the second blockchain node that performs validation. The first blockchain node receives, from the second blockchain node, a communication that proposes recording of the transaction on the blockchain as being validated. The first and second blockchain nodes may send one or more communications to cause addition of another new block to the blockchain indicating validity of the transaction.

Abstract: A method of post-manufacture generation of the device certificate 20 for verifying an electronic device 2 according to a public key infrastructure is provided. The method comprises obtaining, at a certificate generating apparatus 40, a first key 42 associated with the device 2. A second key 22 for the electronic device is derived from the first key 42. The device certificate 20 for the PKI is generated with the second key acting as the public key 22 associated with the device certificate 20. In a corresponding way a private key 24 for the PKI can be generated by the electronic device 2 based on a shared first key 42. This approach enables the manufacturing cost for manufacturing an electronic device to be reduced whilst still enabling use of a PKI for attesting to properties of the device 2.

Abstract: A computer system utilizes a dataset to support a research study. One or more regions of interestingness are determined within a model of a first set of data records that are authorized for the research study by associated entities. A second set of data records is represented within the model, wherein the second set of data records are relevant for supporting objectives of the research study after de-identification. Records from the second dataset that are particularly useful for supporting objectives of the research study are identified, and authorization is requested from the corresponding entities of the identified data records from the second set of data records. After receiving authorization, those records are included with the first set to generate a resulting dataset. Embodiments of the present invention further include a method and program product for processing requests for health information in substantially the same manner described above.

Abstract: Disclosed embodiments provide techniques for accessing a document from a cloud storage system and controlling the display of sensitive data within the document based on user permissions. One or more restricted information segments are identified within a document to be stored on the cloud storage system. Restricted information segments can include anything within an electronic file for which it is desired to provide multiple levels of access. In some embodiments, the restricted information segments are automatically identified via computer-implemented natural language processing (NLP) techniques. For each restricted information segment, one or more alternative data sequences are generated. The alternative data sequences are encrypted using various keys residing on a client device associated with a user. The keys can be used to decrypt data stored within a multiple-value encrypted field structure.

Abstract: An authentication apparatus and method for quantum cryptography communication. The quantum cryptography communication authentication method is performed using quantum cryptography communication authentication apparatuses, and includes transmitting, by a first quantum cryptography communication authentication apparatus, a quantum state to a second quantum cryptography communication authentication apparatus by selecting a first basis, and measuring, by the second quantum cryptography communication authentication apparatus, the quantum state by selecting a second basis, and performing, by the first quantum cryptography communication authentication apparatus and the second quantum cryptography communication authentication apparatus, authentication by revealing the first basis and the second basis and by comparing sifted keys generated from a common basis between the first basis and the second basis with each other.

Abstract: An apparatus includes at least one processor configured to determine whether a blockchain identifies a valid smart contract indicating that communication with a specified node is permitted. In response to determining that the blockchain does identify the valid smart contract, the at least one processor is configured to establish a secure communication session with the specified node. In response to determining that the blockchain does not identify the valid smart contract, the at least one processor is configured to generate a new smart contract associated with the specified node, establish the secure communication session with the specified node in response to user approval of the new smart contract, and not establish the secure communication session with the specified node in response to user rejection of the new smart contract.

Abstract: A method of encryption management with host-side data reduction includes identifying data to be written to a storage array and compressing the data to generate compressed data. The method further includes encrypting the compressed data to generate an encrypted data packet. The method further includes adding, by a processing device of a host, a padding bit pattern to the encrypted data packet to generate a data block for storage. The method further includes sending the data block to the storage array.