Abstract: Systems and methods for centralized management and enforcement of online privacy policies of a private network are provided. According to one embodiment, existence of private information contained in a data packet originated by a client device of a private network and destined for a server device external to the private network is identified by a network security device protecting the private network by scanning the data packet for information matching a signature contained within a private information signature database. An online privacy policy of the private network is determined by the network security device that is applicable to the private information with reference to a privacy policy set defined by an administrator of the private network. The online privacy policy is enforced by the network security device on the data packet by performing one or more actions specified by the online privacy policy to the data packet.

Abstract: In accordance with embodiments, there are provided mechanisms and methods for sharing content via links. These mechanisms and methods for sharing content via links can enable customizable features associated with the operations related to those links. These features may include generating customized reports on usage of the links, and/or exposing one or more application programming interfaces (APIs) enabling applications to access the links and/or logic associated with operations related to those links.

Abstract: A security apparatus is provided that is connected to a bus. The security apparatus includes a receiver that receives a first frame from the bus, a memory that stores an examination parameter defining a content of an examination on the first frame, and processing circuitry that performs operations. The performed operations include first determining whether a predetermined condition is satisfied for the first frame. The performed operations also include, in a case where the first determining determined that the predetermined condition is satisfied, updating the examination parameter stored in the memory. The performed operations further include second determining whether the first frame is an attack frame based on the updated examination parameter stored in the memory.

Abstract: Systems, devices, and methods are disclosed for an agent device within a company's network firewall to initiate an HTTP connection with a cloud-based gateway and then upgrade the connection to a WebSockets protocol in order to have an interactive session. Over this interactive session, a mobile device, which connects to the cloud-based intermediary, can request data from servers inside the company's firewalls. Because the firewall is traversed using HTTP protocols (with WebSockets), it can be as safe as letting employees browse the web from inside the company's network.

Abstract: Systems and methods are shown for detecting potential attacks on a domain, where one or more servers, in response to a failure event, obtain a lambda value from a baseline model of historical data associated with a current time interval corresponding to the failure event, determine a probability of whether a total count of failure events for the current time interval is within an expected range using a cumulative density function based on the lambda value, and identify a possible malicious attack if the probability is less than or equal to a selected alpha value.

Abstract: Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack.

Abstract: A process for finding potentially harmful malware dropper on an infected computer system includes the steps of a) identifying an executable file that is about to run, and b) providing a storage agent that stores a copy of said executable file for a later inspection.

Abstract: A method for generating a changing authentication input or password generation input for a user is provided. The method allows access to a computing device such as a smartphone or computer or using the computing device to communicate over a network to a server. Using recognizable objects displayed in positions on a graphic display, and input strings of text or alphanumeric characters the user has identified as related information relating to each recognizable object, a password or authentication can be generated by combining the input strings relating recognizable objects to paired related objects. Authentication can be varied easily for each access attempt by changing the recognizable objects displayed and/or the sequence of responses.

Abstract: A data process apparatus includes a management unit that receives a creation request for creating a sharable data storage space from an unauthenticated data terminal and transmit a response to the unauthenticated data terminal, an authentication unit that authenticates the access data when the data process apparatus receives an access request including a designation of the access data for accessing the shared data storage space from an unauthenticated data terminal connected to a same network as the data process apparatus, a request processing unit that receives the access request from the unauthenticated data terminal when the authentication of the access data succeeds and perform a predetermined process in accordance with the access request. The response includes access data indicating authorization for accessing the sharable data storage space and data indicating the sharable data storage created in association with the access data.

Abstract: Method for establishing secure communication between a plurality of IoT devices in one or more vehicles include: provisioning the plurality of IoT devices by providing a unique identification, a digital identity token and a cryptographic key to each of the plurality of IoT devices; establishing a secure communication line between the plurality of IoT devices by authenticating respective communication lines between respective IoT devices and issuing a digital certificate to the respective communication lines; grouping the plurality of IoT devices into different groups based on a predetermined criteria; and including a group membership for a group of the different groups in an attribute certificate indicating group characterization.

Abstract: An embodiment of the invention includes determining a first security status for first information and a second security status for second information, the second security status being more secure than the first security status; establishing a first communication path between the system and a first local computing node via a first wireless path; conveying the first information to the first local computing node via the first wireless path based on the first security status; and withholding the second information from the first local computing node based on the second security status; wherein the first and second information are stored on at least one of the system and a remotely located computing node. Other embodiments are described herein.

Abstract: A system for network surveillance to detect attackers, including a deception management server within a network of resources, including a deployment module managing and planting one or more decoy attack vectors in one or more of the resources in the network, wherein an attack vector is an object in memory or storage of a first resource that may be used to access a second resource, and one or more decoy servers accessible from resources in the network, each decoy server including an alert module that issues an alert when a specific resource in the network accesses the decoy server via one or more of the decoy attack vectors planted in the specific resource by the deployment module, and a delay module, delaying access to data on the decoy server while a resource accesses the decoy server.

Abstract: Example embodiments disclosed herein relate to a network security system. The network security system intercepts inline DNS requests. It is determined whether a domain name associated with one of the inline DNS requests corresponds with one or more domain names. A security action is performed based on the determination.

Abstract: Techniques for providing data protection in an integrated circuit are provided. A method according to these techniques includes maintaining an anti-replay counter value in a volatile memory of the integrated circuit, the anti-replay counter value being associated with data stored in an off-chip, non-volatile memory in which the integrated circuit is configured to store the data, monitoring an external power source, and writing the anti-replay counter value to a programmable read-only memory of the integrated circuit responsive to a loss of power to the integrated circuit from the external power source.

Abstract: Embodiments of the present disclosure disclose a security controller SC restoration method. The method provided by the embodiments of the present disclosure includes: designating, by a master node, a node to which a backup SC belongs, where the master node includes an original DM or a backup DM; sending, by the master node to a first node, a message indicating the backup SC, where the message indicating the backup SC includes an identifier of the node to which the backup SC belongs; in a case in which a node to which an original SC belongs is disconnected, sending, by the master node to the first node, a message for enabling an SC function, for performing authentication, according to the message for enabling an SC function.

Abstract: Methods and systems are described for managing a user's contact data which use evolving sequential sets of rules where the applicability of each set depends upon adherence or proper application of a prior set. In an embodiment, an initial set of restrictions are generated based on input from a first user, the restrictions relating to contact made by a second user to the first user. These initial restrictions are subsequently modified in response to the second user contacting the first user based on the contact made and a characteristic of the contact. The methods may apply to any form of contact between the first and second users and in an embodiment applies to contact made by the second user to a cellular telephone number belonging to the first user.

Abstract: Systems and/or methods provide a user of a first computing device with the ability to authenticate themselves on a remotely provided process or service using a second computing device on which the user is already authenticated. For example, the techniques of this disclosure provide a user with the ability to securely log into a remotely provided service or application (such as e-mail, cloud computing service, etc.) on a first computing device (e.g., a desktop computer, laptop, tablet, etc.) using a second computing device (e.g., mobile phone) on which the user is already logged into the service or application, without requiring manual entry of authentication information on the first computing device.

Abstract: A service providing method using a server that controls an electronic device from a terminal through a network, includes a first registration step of registering first path information indicating a connection relationship between the electronic device and a relay, and user information indicating an owner of the electronic device, which are transmitted from the terminal, in association with each other; a path acquisition step of acquiring second path information indicating a connection relationship between the electronic device and the relay, from service information transmitted from the electronic device; a service information acquisition step of acquiring service information that the electronic device holds; a comparison step of comparing the first path information with the second path information; and a providing step of providing the service information to the terminal, if the comparison result is inconsistent, in the comparison step.

Abstract: A method according to the invention for authenticating measurement data relating to a battery, which comprises at least one battery module with an associated module control device (6) and a central control device (2), has the following steps: a) the module control device (6) acquires (S2) measurement data from battery units; b) the module control device (6) determines (S3) at least one additional information carrier which is set up to authenticate the measurement data; c) the measurement data and the additional information carrier are transmitted (S4) from the module control device (6) to the central control device (2); d) the central control device (2) validates (S6) the measurement data using the additional information carrier. In this case, provision is made for the additional information carrier to be determined using the measurement data and a key value defined by the module control device (6).

Abstract: A system and method that rely on a centralized and trusted control mechanism for a software-defined network (SDN) to dynamically assign routes between two end points, and to simultaneously change their real IP addresses to fake IP addresses to establish short-lived obfuscated communications paths with a goal of preserving anonymity. The SDN controller determines the short-lived routes from a feasible route-set and new fake IP addresses from a reserved address pool for the source and destination hosts. It provisions only the switches along the route with rules so that a switch can forward packets of the data flow to another switch without needing to know the actual IP addresses of the communicating endpoints, and hence, providing strict anonymity even when the switches are compromised.