Abstract: A method provides for receiving multiple different segment tags generated based on different segments of a data record, where each segment is encrypted during a separate encryption process. Upon receipt, each of the multiple different segment tags is adjusted by an end-of-segment operation that induces a segment-specific error rendering the segment tag invalid for authentication of the data record as a whole. The method provides for accumulating together the multiple different segment tags to form a combined multi-segment tag, computing a correction effective to reverse a cumulative effect of the segment-specific error for each of the multiple different segment tags on the combined multi-segment tag; and generating a complete authentication tag by adjusting the combined multi-segment tag based on the computed correction. The complete authentication tag is usable to authenticate aspects of the data record as a whole.

Abstract: An apparatus configured to: receive a digital input signal; receive a processing-direction-signal that can have a forward-value or a backward-value; and provide a digital output signal. The apparatus comprising a processor configured to apply an involutional cryptographic function to the digital input signal by: for a first operation: apply a first step of the involutional cryptographic function to the digital input signal in order to implement a forward calculation to move to the next step in the sequence; and perform a plurality of further operations until the forward calculation of a last step is performed. Each further operation comprises: if the processing-direction-signal has a forward-value: then perform the forward calculation for the current step; or if the processing-direction-signal has a backward-value: then perform a backward calculation for the current step.

Abstract: In response to a process being triggered, at least in part by receipt of information regarding communication directed to a first application by a second application, a threat level is computed based at least in part on the information. As a result of the threat level being of a first severity, the second application is migrated to a destination zone that allows for improved communications with the first application. As a result of the threat level being of a second severity, migration of the second application to the destination zone is delayed. As a result of the threat level being of a third severity, a mitigation action is performed.

Abstract: A gateway or other network device may be configured to monitor endpoint behavior, and to request a verification of user presence at the endpoint under certain conditions suggesting, e.g., malware or other endpoint compromise. For example, when a network request is directed to a low-reputation or unknown network address, user presence may be verified to ensure that this action was initiated by a human user rather than automatically by malware or the like. User verification may be implicit, based on local behavior such as keyboard or mouse activity, or the user verification may be explicit, such as where a notification is presented on a display of the endpoint requesting user confirmation to proceed.

Abstract: Various solutions for avoiding denial of services with respect to mobile station (MS) and network apparatus in mobile communications are described. A MS may receive a first reject message from a network apparatus in a location area. The first reject message may comprise a first reject cause. The MS may also receive a second reject message from the network apparatus in the location area. The second reject message may comprise a second reject cause. The MS may store an identification of the location area in a forbidden location area list in an event that both the first reject cause and the second reject cause are received from the same location area. The MS may further search for another location area or tracking area.

Abstract: An example of a computer-readable medium to store machine-readable instructions. The instructions may cause a processor to update a machine learning model based on first confidential data set. The machine learning model may have been previously trained based on a training data set distinct from the confidential data set. The instructions may cause the processor to apply the machine learning model after the update to a second confidential data set.

Abstract: Methods for composable user journeys for user authentication via an identity experience framework are performed by systems and apparatuses. Initiating a user authentication process for an application triggers application calls for dynamic invocation of a specific identity policy, required by the application, of a number of identity policies managed by a host of the identity experience framework. User interfaces defined by the identity policies are provided from the host to the application for interaction by the user and entry of identity information needed to authenticate the user according to specified verification providers. Identity claims and token requests are provided from the application to the host which then authenticates the identity claims via the verification providers and mints a token that includes the claims required by the application, according to the identity policy. The application consumes the token to complete the token request and allow the user access to the application.

Abstract: Computer-readable media, methods, and systems are disclosed for tenant-specific encryption of container in connection with a database employing group-level encryption. An encryption group identifier may be assigned to container. The encryption group identifier may define how the container is encrypted. A container entry corresponding to the container may be created. A commit operation may be received for committing the assignment of the encryption group identifier to the container. A job may be initialized for encryption the container according to the encryption group identifier. The container may be flagged as modified. A flush operation may be initiated whereby the container is re-encrypted according to the encryption group identifier. Once flushing is complete, the container entry may be deleted.

Abstract: A server includes: a processor; and a memory storing instructions therein, the instructions, when executed by the processor, causing the server to: transmit, in a case where the first function information is received from the specific device, the first authentication information to the specific device; receive, in a case where the first authentication information is input to a first function execution device after the first authentication information is transmitted to the specific device, the first authentication information from the first function execution device; and execute, in a case where the first authentication information is received from the first function execution device, a first enabling process for enabling the first function in the first function execution device, wherein the first function is identified by the first function information in the memory associated with the first authentication information.

Abstract: This disclosure relates to a method for securing the execution of a program by a processor, including a comparison instruction for comparing two data items, followed by a program operation which is selected as a function of a comparison result provided by the comparison instruction. The method may include, before the execution of the comparison instruction, calculating in various ways comparison data representative of the equality of the data to be compared, after the execution of the comparison instruction, verifying whether the comparison data calculated are consistent with the fact that the program operation is selected or not selected, and activating an error signal if the comparison data are mutually inconsistent or inconsistent with the result of the comparison.

Abstract: A cyber defense system using machine learning models trained on the classification of structured documents, such as emails, in order to identify a cyber threat risk of the incoming or outgoing structured document and to cause one or more autonomous actions to be taken in relation to the structured document based on a comparison of a category the structured document is classified with, a score associated with the classification and a threshold score. For incoming structured documents, the autonomous actions of the cyber defense system may act to contain a malign nature of identified incoming structured documents. For outgoing structured documents, the autonomous actions of the cyber defense system may act to prevent the structured document from being sent to an unintended recipient.

Abstract: Securing a mobile device against malware may include an analysis of events executing on the mobile device to detect and identify unexpected behaviors and events, and further determining whether these unexpected behaviors and events are authorized or unauthorized. Specific runtime events may be compared to patterns of expected user input/interaction on the mobile device, or generalized background behavior patterns occurring without user input/interaction, to determine whether events are expected or unexpected, and/or to determine whether events are authorized or potentially malicious. Examples of unexpected and potentially malicious events on mobile devices, particularly when they occur without specific user interaction, may include making phone calls, accessing or making changes to the contacts/phone book, accessing user habits such as browser settings/history and other communication logs, accessing files, accessing the camera and audio, and so forth.

Abstract: Embodiments of the invention are directed to a system, method, or computer program product for cross-channel network security with tiered adaptive mitigation operations. In this regard, the invention is structured for dynamic detection of security events associated with network devices and resources, and triggering real-time mitigation operations across a plurality of resource channels. The invention provides a novel method for employing activity data to construct and implement mitigation actions for de-escalating authorization tiers that are adapted to the specific attributes of the activity data, in order to prevent security exposure associated with the activity. Another aspect of the invention is directed to determining whether to continue the tiered adaptive mitigation actions and/or trigger a security proceed signal.

Abstract: A server manager for detecting ransomware includes a server interface to retrieve, from a storage device, a backup of a plurality of files stored by a client device. A ransomware detection module includes a statistical filter to generate a standard pattern of file activities of the client device for a time period. A statistical behavior analysis is performed on the backup of the plurality of files based on the standard pattern to identify a portion of the backup corresponding to a statistical anomaly different from the standard pattern. The statistical anomaly corresponds to an abnormal file activity. An entropy detector generates an entropy score for the portion of the backup. The entropy score represents a randomness of a distribution of bits in a block of a file in the portion of the backup. It is determined whether the backup includes the ransomware based on the generated entropy score.

Abstract: Examples are disclosed herein to implement remote authentication and passwordless password reset. An example server includes: at least one processor to forward executable instructions to a client device, the executable instructions, when executed at the client device, to cause the client device to: authenticate a user of an account based on a biometric authentication factor; obtain a local storage key by decrypting an encrypted local storage key with a cloud key obtained from a remote authentication server, the cloud key associated with the client device; decrypt a key bag with the local storage key, the key bag including a content encryption key and an encrypted credential encrypted with the content encryption key, the encrypted credential associated with the user; and decrypt the encrypted credential with the content encryption key to obtain a credential without the user supplying a master password associated with the account.

Abstract: A system for limiting access to a digital resource based on detection of unauthorized scraping of the digital resource includes one or more processors configured to execute the instructions to detect, over a network, first data representing a plurality of first interactions by a client device with the digital resource hosted on a host system; extract, from the hardware storage device, second data representing a plurality of second interactions with digital resources, with the second interactions satisfy conditions for an interaction to be authorized; determine a confidence score based on comparing the first and second data, with the confidence score indicating a likelihood that an interaction is unauthorized; based on the determined confidence score indicating that the first interactions are unauthorized, detect, by one or more processing devices, unauthorized scraping of the digital resource; and limit access of the client device to the digital resource.

Abstract: Techniques are described herein that are capable of provisioning a trusted execution environment (TEE) based on (e.g., based at least in part on) a chain of trust that includes a platform on which the TEE executes. Any suitable number of TEEs may be provisioned. For instance, a chain of trust may be established from each TEE to the platform on which an operating system that launched the TEE runs. Any two or more TEEs may be launched by operating system(s) running on the same platform or by different operating systems running on respective platforms. Once the chain of trust is established for a TEE, the TEE can be provisioned with information, including but not limited to policies, secret keys, secret data, and/or secret code. Accordingly, the TEE can be customized with the information without other parties, such as a cloud provider, being able to know or manipulate the information.

Abstract: Methods, systems, and computer readable media for network security testing using at least one emulated server are disclosed. According to one example method, the method comprises: receiving, from a client device and at an emulated domain name service (DNS) server, a DNS request requesting an Internet protocol (IP) address associated with a domain name; sending, to the client device and from the emulated DNS server, a DNS response including an IP address associated with an emulated server; receiving, from the client device and at the emulated server, a service request using the IP address; sending, to the client device and from the emulated server, a service response including at least one attack vector data portion; and determining, by a test controller and using data obtained by at least one test related entity, a performance metric associated with a system under test (SUT).

Abstract: A virtual private network (VPN) security system obtains data regarding a VPN session including (i) for each of a plurality of first subnets, a number of allowed connection attempts by a computer system to that first subnet, (ii) for each of a plurality of second subnets, a number of blocked connection attempts by the computer system to that second subnet, (iii) for each of a plurality of first network ports, a number of allowed connection attempts by the computer system using that first network port, and (iv) for each of a plurality of second network ports, a number of blocked connection attempts by the computer system using that second network port. The security system determines, using a neural network, a metric representing an estimated likelihood that the VPN session is associated with a malicious activity, and controls the VPN session based on the metric.

Abstract: An initial risk of an electronic message is determined. Based on the initial risk, it is determined whether to modify the electronic message. In an event it is determined to modify the electronic message: the electronic message is modified; the modified electronic message is allowed to be delivered to an intended recipient of the electronic message; a secondary computer security risk assessment of the electronic message is automatically performed; and based on the secondary computer security risk assessment, the modified message is updated.