Abstract: The invention relates to methods for implementing a unified framework for big data usage analytics and security profiling across heterogeneous platforms and multiple clusters. An embodiment of the present invention may be applied in various applications and use cases. This may include auditing for Big Data lakes; capacity assessment and charge back functionality for Big Data infrastructure and clusters and resource usage analytics.

Abstract: Systems, methods, and software technology for managing keys used to encrypt data at-rest and decrypt the data when serving requests for the data. In an implementation, a data service receives a request for data that has been encrypted at rest using a data key, wherein the data key has been encrypted using a policy key, and wherein the policy key has been encrypted using a root key. When the root key is unavailable, the data service requests a key service to decrypt the policy key using an alternative root key. When the data service receives the policy key in an unencrypted state from the key service, it decrypts the data key using the policy key and decrypts the data using the data key.

Abstract: Systems and methods for analyzing content of encrypted traffic between processes are disclosed herein. According to one aspect, an exemplary method comprises rerouting traffic between a first process executing on a first computing device and a second process, to a server, to determine that there is a protected connection established between the first process and the second process, determining information related to an application pertaining to the first process, obtaining a session key for the protected connection by calling a function, wherein the information comprises an address of the function to call to obtain the session key, decrypting and analyzing the rerouted traffic on the server between the first process and the second process using the session key to determine whether the traffic contains malicious objects and in response to determining the traffic contains malicious objects, counteracting the malicious objects by blocking or rerouting the traffic.

Abstract: Disclosed are some implementations of systems, apparatus, methods and computer program products for encrypting and securely storing session data during a browser session using a session-based cryptographic key. The session data may be decrypted during the browser session or other browser sessions using the session-based cryptographic key or other backwards compatible session-based cryptographic keys. In addition, session-based cryptographic keys may be shared among browser sessions to enable encrypted session data to be decrypted across page refreshes and browser tabs.

Abstract: Disclosed herein is a system for generating and displaying information useful to help a security analyst understand a scale and a root cause of a potential security issue associated with a resource. The resource can include a server, a storage device, a user device (e.g., a personal computer, a tablet computer, a smartphone, etc.), a virtual machine, networking equipment, etc. The resource may be one that is under control of an entity operating a security operations center. Additionally or alternatively, the resource may be one that is configured to be monitored by the security operations center. The information provides the security analyst with a broader context of the potential security issue based on relationships between the potential security issues and other security issues. Consequently, the information enables the security analyst to implement more efficient and effective actions to handle the potential security issue.

Abstract: The disclosed computer-implemented method for controlling access to information stored in an information retention system may include (1) receiving, at a computing device, metadata associated with an object type of respective objects, where at least two of the respective objects are in different domains, (2) determining, from the metadata, the respective object types of at least two objects, (3) forming a hierarchy of the at least two objects based on relative features of the respective object types, and (4) performing a security action comprising (A) receiving at least one access rule controlling access by at least one user to the at least two objects and (B) storing, in at least one storage device in the information retention system, the at least one access rule, the hierarchy of the objects, and the at least two objects. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present embodiments relate to an information processing method, a network node, an authentication method, and a server. In one embodiment, a method includes generating a virtual access node corresponding to a first access node on a central node in response to determining that no virtual access node corresponding to the first access node currently exists on the central node; obtaining, by the virtual access node on the central node, configuration information related to the first access node; and sending, by the virtual access node to the first access node, the configuration information related to the first access node, after the first access node goes online.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

Abstract: Various implementations disclosed herein provide a method for detecting impact of the vulnerability by using a normalizer and correlator. In various implementations, the method includes: accessing a first set of data from a first data sources, calculating a risk level value for each of the first set of data based on a first set of rules, sorting the first set of data based on their risk level, accessing the sorted first set of data by a correlator, accessing, by the correlator, a second set of data from second data sources, correlating each of the sorted first set of data to at least a data of the second set of data based a second set of rules, and calculating a confidence score for each data of the sorted first set of data based on a third set of rules.

Abstract: A method of certifying a state of a platform includes receiving one or more software elements of a software stack of the platform by an authentication module and performing a hash algorithm on the software stack to generate one or more hash values. The software stack uniquely determines a software state of the platform. The method includes generating creation data, a creation hash, and a creation ticket, corresponding to the hash values and sending the creation ticket to the platform. The method also includes receiving the creation ticket by the authentication module and certifying the creation data and the creation hash based on the creation ticket. The method further includes generating a certified structure based on the creation data and performing the hash algorithm on the certified structure to generate a hash of the certified structure. The certified structure uniquely determines the software state of the platform.

Abstract: An electronic device is provided. The electronic device includes a display configured to display information, an input device configured to receive a user input, an image sensor, a processor electrically connected with the display, the input device, and the image sensor, and a non-transitory computer readable storage medium electrically connected with the processor that stores instructions that cause the processor to control the display to display first-level information as a locking mode is partially released when partial authentication passes based on bio-information acquired through the image sensor in a state in which the electronic device is in the locking mode, and control the display to display second-level information having a security level higher than a security level of the first-level information as the locking mode is fully released when full authentication passes based on a user input made through the input device.

Abstract: The disclosed computer-implemented method for identifying potentially risky traffic destined for network-connected devices may include (1) receiving, at a cloud-based server, characteristics of a network-connected device being adding to a network, (2) creating a digital virtual image of the network-connected device on the cloud-based server, (3) receiving a request sent to a port on the network-connected device and (4) performing a security action including (A) sending the request to the digital virtual image of the network-connected device, (B) identifying the request as a potentially risky request by monitoring a runtime reaction of the digital virtual image of the network-connected device to the request, and (C) sending, to a network monitoring device, a message indicating the request is a potentially risky request. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A setting system including a portable medium having recorded therein setting information generated by a management apparatus that manages a wireless network and necessary for a wireless device that joins the wireless network, and a setting apparatus that acquires the setting information from the portable medium and sets the acquired setting information in the wireless device.

Abstract: Reputation-based transaction security. In one embodiment, a method for reputation-based transaction security may include obtaining data regarding a user device associated with a first party; obtaining data regarding an intended second party, the user device being used in a transaction between the first party and the intended second party; calculating a reputation score based on the data obtained regarding the user device and the intended second party; determining a likelihood that resources related to the transaction will be received by the intended second party based on determining that the reputation score satisfies a pre-determined threshold; and automatically initiating a remedial action to the user device based on determining the likelihood that resources related to the transaction will be received by the intended second party.

Abstract: A semiconductor integrated circuit generates second boot code by encrypting first boot code, and transmits, based on route information indicating a delivery route of the second boot code, encrypted data including the second boot code to a first destination via a network. A different semiconductor integrated circuit is the first destination, and receives the encrypted data via the network and generates third boot code by decrypting the second boot code.

Abstract: A client apparatus converts second input authentication information having a data content compliant with a second authentication method different from a first authentication method into authentication target information in a data format compliant with the first authentication method and transmits information corresponding to the authentication target information to a communication server apparatus. A server apparatus is capable of carrying out both a first process of providing a first authentication server apparatus that carries out an authentication process compliant with the first authentication method with first information corresponding to the authentication target information and a second process of providing a second authentication server apparatus that carries out an authentication process compliant with the second authentication method with second information corresponding to the authentication target information.

Abstract: A system and method for providing an alternate treatment for an interaction with unauthorized users is provided. The system receives a request from a user to access information and further receives an authentication credential from the user, wherein the authentication credential is received from one or more user computer systems. The system determines that the user is an unauthorized user based on the authentication credential, and in response, provides an alternate treatment to the unauthorized user. Unauthorized user information is captured from the unauthorized user based on the alternate treatment; and used to generate a unique user identification profile for the unauthorized user. User profiles are further categorized for efficient application of additional alternate treatments.

Abstract: Disclosed herein are techniques for enabling device communication in a secure environment. In one example, a system comprises a storage in a server, a first component in the server, the first component being isolated in a secure environment in the server, and an entry point device authorized to access the first component via the secure environment. The entry point device may receive a request to access the first component. The entry point device may store a notification in a region of the storage accessible by the first component, wherein the notification is to be read by the first component from the storage to set the first component to an operation mode. The entry point device may store operation data in the storage, wherein the operation data is to be acquired by the first component from the storage to control an operation of the first component in the operation mode.

Abstract: Systems, methods, and apparatuses for authenticating requests to access one or more accounts over a network using authenticity evaluations of two or more automated decision engines are discussed. A login request for access to a user account may be submitted to multiple decision engines that each apply different rulesets for authenticating the login request, and output an evaluation of the authenticity of the login request. Based on evaluations from multiple automated decision engines, the login request may be allowed to proceed to validation of user identity and, if user identity is validated, access to the user account may be authorized. Based on the evaluations, the login attempt may also be rejected. One or more additional challenge question may be returned to the computing device used to request account access, and the login request allowed to proceed to validation of identity if the response to the challenge question is deemed acceptable.

Abstract: A malware detection method and a malware detection apparatus, where the method includes running to-be-detected software in a sandbox, and recording at least one operation, and in a process of recording the at least one operation, when it is detected that any interface that has a delay attribute in the sandbox is called, determining whether delay duration corresponding to a first delay length parameter of the called interface is greater than a preset duration. When the delay duration corresponding to the first delay length parameter is greater than the preset duration, delay duration of delay execution is reduced to enable the malicious behavior to be executed in the process of recording the at least one operation executed within the preset duration after the to-be-detected software starts to run.