Abstract: A computer-implemented method of detecting an email spoofing and spear phishing attack may comprise generating a contact model of a sender of emails; determining, by a hardware processor, a statistical dispersion of the generated contact model that is indicative of a spread of a distribution of data in the generated model and receiving, over a computer network, an email from the sender.

Abstract: A Controlled Environment Secure Media Streaming System manages the delivery of content to Secured Devices. Cloud Services provide content to Integration Hub. The Integration Hub interfaces with various cloud services providers and prepares content for consumption by a resident of a secured facility. Integration Hub utilizes Content Filter to inspect content received from cloud service providers for suitability for use in a secured environment. Once content is retrieved, filtered, formatted, and packaged by Integration Hub, the content is stored in Data Warehouse. Secured Devices request content from the Distribution Hub, the Distribution Hub retrieves the content from the Data Warehouse, and then Distribution Hub manages the transfer of content to the Secured Devices. In some embodiments, Distribution Hub utilizes Content Filter to determine whether or not a particular Secured Device can access particular content.

Abstract: A simulation computer device for securely executing a model includes at least one processor in communication with at least one memory device. The simulation computer device is configured to store a smart container including a model and a usage policy. The simulation computer device is also configured to receive a plurality of inputs for the model and determine whether to validate the model based on the usage policy. The simulation computer device is further configured to execute the model with the plurality of inputs if the model was validated. Moreover, the simulation computer device is configured to transmit at least one output.

Abstract: A method for providing a browser using browser processes separated based on access privileges and an apparatus using the method. The method includes acquiring a first address corresponding to a first webpage; acquiring a first set of terminal access privileges based on the first address from a privilege control list and executing a first browser process corresponding to the first set of terminal access privileges; determining whether to allow rendering by comparing the first set of terminal access privileges with a second set of terminal access privileges corresponding to a second webpage when the first browser process attempts to render the second webpage; and if the rendering is not allowed, blocking the first browser process from rendering and rendering the second webpage by executing a second browser process corresponding to the second set of terminal access privileges.

Abstract: Methods, systems, and techniques for network resource attack detection using a client identifier. A server receives from a device the client identifier and user credentials. The client identifier and user credentials are assessed to determine their authenticity. If one or both of the credentials and identifier are inauthentic, the device does not learn from the server which of the identifier and credentials have been found to be inauthentic. When at least one of the identifier and credentials are inauthentic, the device that sent them is assessed to determine whether it is an attacker of the network resource. If the device is determined to be an attacker, one or both of prophylactic and remedial action is taken in response.

Abstract: A method (100, 400) for managing access to a database is disclosed. The method comprises receiving a database query, (110), executing the query on the database to obtain a result, (120), generating a noise value, (130), perturbing the result with the generated noise value, (140), and outputting the perturbed result, (150). The noise value is generated from a bimodal probability distribution having a minimum probability at zero noise. Also disclosed is an access management processing element, (200, 300, 600) for a database.

Abstract: A method for controlling the exchange of private data, associated with a client device, between an application in execution on or for the device and a serving node in a data network, comprising transmitting a request to the serving node from the application for access to a service requiring use of the private data, receiving challenge data at the application from the serving node, requesting authorization for the use of the private data using a secure user interface of the client device to a trusted information manager on the basis of the challenge data, transmitting an obfuscated version of the private data for use with the service from the trusted information manager to the application on the basis of the authorization.

Abstract: A method for protected communication by a vehicle which includes generating a key pair consisting of a private key and a public key and/or of one or more symmetric keys for the vehicle or for a controller of the vehicle in the area of influence of the vehicle manufacturer, generating a first certificate using the key pair, introducing the key pair and the first certificate and/or the symmetric key into the vehicle or the controller, authenticating the vehicle or the controller to a new communication partner by generation of a new key pair for this communication path and sending a signed message together with the certificate, and authenticating a new communication partner to the vehicle or the controller using a signed message and a public key, which are produced by the new communication partner on the basis of a certification by the vehicle manufacturer.

Abstract: Methods, systems, and computer-readable media for monitoring states of application packages deployed on a cloud-based application deployment platform. A notification service retrieves a copy of a deployed application package from the cloud-based deployment platform, and determines libraries of the application package. The notification service can then determine security vulnerabilities in the libraries, and provide notifications on the vulnerabilities of the application package to a user or developer.

Abstract: Behavioral authentication is described. A mobile device records a first location of the mobile device. The mobile device records a second location of the mobile device. The mobile device determines whether a route from the first location to the second location matches an expected route. The mobile device generates an access-enabling token in response to a determination that the route from the first location to the second location matches the expected route. The mobile device enables access to an entity by a user of the mobile device based on the mobile device providing the access-enabling token to the entity.

Abstract: A system, method, and apparatus for identifying and removing malicious applications are disclosed. An example apparatus includes an executable application configured to collect data regarding processes operating on a client device during a time period. The executable application is also configured to purposefully access, during the time period, an application server using a web browser on the client device in an attempt to trigger a malicious application potentially located on the client device. The executable application is configured to transmit, after the time period, the collected data to an analysis server to determine whether the malicious application is located on the client device.

Abstract: The embodiments set forth systems and techniques to authenticate a user device for device services, such as by transferring or extending a trusted device status from a separate and trusted associated user device, which can be paired with the user device. This can be done automatically without requiring the user to sign in at or on behalf of the user device, and the automated process can include verifying a trusted status for the associated user device, receiving data items from both devices, evaluating the data items, and facilitating an authentication of the user device when the evaluating returns a favorable result. Data items can include provisioned machine identifiers, temporally limited one-time user passwords, and a provisioned password reset key. Authentication or trusted device status transfer can be achieved by way of an authentication token that is given to the user device.

Abstract: Methods and systems for generation of randomized messages for cryptographic hash functions are described herein. The method includes obtaining a random value in a binary bit form for randomizing a message. The method also includes splitting the message into multiple message blocks, where a length of each of the multiple message blocks is based on a length of the random value and a block length of a compression function. The method further includes prepending and appending each of the multiple message blocks with at least a portion of the random value and concatenating the prepended and appended message blocks to obtain a message envelope for generating the randomized message.

Abstract: Systems and methods are provided for automated retrieval, processing, and/or distribution of cyber-threat information using a cyber-threat device. Consistent with disclosed embodiments, the cyber-threat device may receive cyber-threat information in first formats from internal sources of cyber-threat information using an accessing component of the cyber-threat device. The cyber-threat device may receive cyber-threat information second formats from external sources of cyber-threat information using an accessing component of the cyber-threat device. The cyber-threat device may process the received cyber-threat information in the first formats and the second formats into a standard format using a processing component of the cyber-threat device. The cyber-threat device may provide the processed items of cyber-threat information to a distributor using a distributing component of the cyber-threat device.

Abstract: A mobile device, which has internet connectivity and several input/output devices, includes a mobile universal remote controller (MURC) and an appliance lifecycle module. The MURC controls several appliances of different types from different vendors and the lifecycle module provides connectivity between a user of the mobile device and one of several appliance-lifecycle service providers through the input/output devices. An appliance lifecycle management server includes several appliance lifecycle databases, an access controller, and a plurality of flow handlers. The databases receive and store lifecycle information about appliances controlled by the MURCs. The access controller assigns roles and access permissions to the MURC and to server providers that access the server.

Abstract: In one embodiment, a server instructs one or more networking devices in a local area network (LAN) to form virtual network overlay in the LAN that redirects traffic associated with a particular node in the LAN to the server. The server receives the redirected traffic associated with the particular node. The server determines a node profile for the particular node based in part on an analysis of the redirected traffic. The server configures the particular node based on the determined node profile for the particular node.

Abstract: A method of private mutually authenticated key exchange is provided. The method may include receiving, at the first device, a message transmitted from a second device and including a hierarchical inner-product encryption (HIPE) ciphertext. Further, the method may include decrypting, at the first device, the HIPE ciphertext to generate a first authenticated encryption (AE) ciphertext. The method may further include decrypting, at the first device, the first AE ciphertext. Further, the method may include encrypting, at the first device, a second AE ciphertext including a signature and one or more attributes of the first device. Moreover, the method may include transmitting, to the second device, another message including the second AE ciphertext.

Abstract: A method is presented in which a system reduces the risk of an advanced persistent threat (“APT”) detected at one or more network devices by implementing one or more mitigation actions depending on the nature of the detected threat. Accordingly, in response to detecting the risk of an APT at one or more network devices, a centralized controller implements one or more mitigation actions to minimize the vulnerability of an enterprise network to unauthorized access to one or more network resources. A centralized controller may therefore instruct one or more network devices to take appropriate mitigation actions depending on the nature of an APT detected on one or more network devices.

Abstract: The disclosed subject matter relates to systems, methods, and media for media session concurrency management with recurring license renewals. More particularly, the disclosed subject matter relates to using recurring license renewals for concurrent playback detection and concurrency limit enforcement for video delivery services and managing server resources for handling such recurring license renewals.

Abstract: A system is provided to deliver an application, hosted by a private application provider system, over a network to a user device, comprising: an application delivery system that includes a first network interface, a network security interface and a second network interface; wherein the network security interface is configured to determine whether a user or device request for access to an application is valid, and in response to determining that the user or device request for access to the first application is valid, to send the user or device request to the application agent.