Abstract: Solution management systems and methods are presently disclosed that enable receiving, compiling, and analyzing vendor solutions, determining the vendor solutions that address a target vulnerability of a client network and/or client devices, determining additional vulnerabilities of the client network and/or client devices that the vendor solutions address, and selecting a vendor solution to remediate the target vulnerability. The presently disclosed systems and methods also enable scoring, risk evaluation, and additional metrics to facilitate determining the vendor solution(s) that have the largest impact and/or benefit to the various vulnerabilities of the client network and/or client devices.

Abstract: Embodiments of the invention are directed to the utilization of trust tokens to perform secure message transactions between two devices. A trust token transmitted in a message from one device may include first data that is digitally signed by a trust provider computer, and second data that is digitally signed by the device itself. Upon receipt of a message containing a trust token, the recipient may utilize the first data to verify with the trust provider computer that the sender of the message is a trusted party. The trust provider computer may provide the recipient device the public key of the sender. The recipient may utilize the second data and the provided public key to verify that the sender signed the message and that the message is unaltered. These techniques may increase detection of relay, replay, or other man-in-the-middle attacks, decreasing the likelihood that such attacks will be successful.

Abstract: Systems and methods of the invention are directed to provisioning a token by a secure authentication system. A user may initiate a transaction that causes a resource provider computer to transmit an authentication request message to a directory server computer. The directory server computer may transmit the authentication request message to an access control server computer for authentication. Subsequent to receiving the authentication request message, the directory server computer may request a token for the transaction from a token provider computer. If authentication is successful, the token may be included in an authentication response message transmitted by the directory server computer to the resource provider computer. The token may then be utilized by the resource provider computer in lieu of sensitive user information for any suitable purpose. In some embodiments, user-specific-data provided by the access control server computer may be included in the authentication response message.

Abstract: A system deletes and sanitizes files in a distributed file system. The system also randomizes rotation of data in a distributed file system.

Abstract: To provide an authentication technique having higher security between IoT devices and server devices or between IoT devices. The server device provides, to the terminal device, a parameter file including a predetermined identifier for uniquely identifying a relationship between the terminal device and the server device, and connection destination information regarding a connection destination of the server device, the terminal device accesses the server device specified by the connection destination information in the parameter file, requests issuance of a timed identification number, and transmits the identifier and the timed identification number to the server device when connecting to the server device specified by the connection destination information in the parameter file, and the server device authenticates the terminal device using the identifier, and confirms an authenticity of the terminal device using the timed identification number.

Abstract: A redundant processing system with profile-based monitoring is disclosed. In embodiments, the redundant system includes two or more redundant lanes, each lane having equivalent processing components. In a testing state, template processors and hardware monitoring sensors are connected to a selected trusted lane and input vectors submitted thereto; the hardware sensors characterize the response of the selected lane and the resulting testing data compiled into system templates. In an operational environment, the template processors send challenges based on the input vectors to each of the redundant lanes in real time, collecting response data from each lane via identical sets of monitoring sensors. The template processors correlate the response data with the corresponding system templates, identifying anomalous lanes and system anomalies based on discorrelations between the response data and the system templates.

Abstract: Systems and methods for providing a middleware application for user-interface-driven applications include receiving, at the middleware application, queries from different dynamic user interface modules associated with respective front-end applications. The front-end applications are authenticated using authentication data included in the query and verification data external to the middleware application. In response to each query, the middleware application receives data from different external data sources, each being a separate instance of the same back-end service. The data is used to generate objects declaring instances of user interface elements, which are sent by the middleware application to the requesting dynamic user interface module for rendering at the associated front-end application.

Abstract: A method for providing access to a communication includes generating a timed key table in device nonvolatile memory, storing archival copies of the timed key table within enterprise environments, encrypting a master secret with the currently applicable key of the timed key table, generating an encrypted timed key table by encrypting the timed key table with a public key, sending data on an encrypted session from a communication device to a server over a network, sending the encrypted master secret and encrypted timed key table from the communication device over the network, decrypting the encrypted timed key table with a private key, decrypting the encrypted master secret sent from the communication device using at least a subset of an unencrypted timed key table to obtain the master secret, and decrypting the encrypted data sent from the communication device using the unencrypted master secret.

Abstract: A multi-engine malicious code scanning method for scanning data sets from a storage device is provided. The method includes, among other steps obtaining at least one data set from a storage device and generating a single forensic image of the data set and also applying a recover data application to the data set to generate a single recovered data set. A scanning is initiated of the single forensic image and the single recovered data set using the selected plurality of malware engines, where each of the malware engines, installed on the independent operating systems of the virtual operating system may be run concurrently on the single forensic image and the single recovered data set. A report is generated combining each of the malware engines reporting the results of the scans.

Abstract: This disclosure describes embodiments of an improvement to the static group solution because all the administrator needs to do is specify the criteria they care about. Unlike static groups, where the administrator needs to keep track of the status of individual users and move them between static groups as their status changes, smart groups allows for automatic identification of the relevant users at the moment that action needs to be taken. This feature automates user management for the purposes of enrollment in either phishing and training campaigns. Because the smart group membership is determined as the group is about to be used for something, the smart group membership is always accurate and never outdated. The query that determines the smart group membership gets run at the time when you are about to do a campaign or perform some other action that needs to know the membership of the smart group.

Abstract: A computing device includes a processor and a machine-readable storage medium storing instructions. The instructions are executable by the processor to: cause a file management sub-system to detect a request to access a particular file belonging to a specific user entity, and to send an authorization request to a security sub-system; cause the security sub-system to check user metadata for the specific user entity in response to the authorization request, to determine whether the file is expired based on the user metadata for the specific user entity, and to, in response to a determination that the file is expired based on the metadata, send a denial of the authorization request to the file management sub-system; and cause the file management sub-system to, in response to the denial, block access to the particular file.

Abstract: A host computer system may be configured to connect to a network. The host computer system may be configured to implement a workspace, an isolated computing environment, and a host-based firewall. The host computer system may be configured to isolate the isolated computing environment from the workspace using an internal isolation firewall. The internal isolation firewall may be configured to prevent data from being communicated between the isolated computing environment and the workspace, for example, without an explicit user input. The host computer system may be configured to determine, using one or more environmental indicators, a relative location of the host computer system. The processor may be configured to select a firewall policy based on the relative location of the host computer system. The firewall policy may include a configuration to apply to one or more of the internal isolation firewall or the host-based firewall.

Abstract: Various embodiments of the disclosure provide an apparatus for protecting information. According to various embodiments of the disclosure, an apparatus for monitoring a database includes a transceiver, and a processor operatively coupled to the transceiver. The processor may be configured to acquire a query used in access of the database from the database through the transceiver, replace a first code, included in the acquired query, for query checking to a predefined text, convert the text to a second code for query checking, and output information on validity of the acquired query on the basis of a comparison result of the first code and the second code.

Abstract: An example method for the remote authorization of a gateway to communicate with a device includes accessing time interval data, specified by an owner of the device, the time interval data specifying an access authorization time interval. A calculation is performed, using at least one processor, to generate authorization data that is specific to the device and valid for the access authorization time interval. The authorization data is accessed using the gateway. A scanning function is performed using the gateway, the scanning function to locate the device. A control request is sent to device to control the device.

Abstract: An example intermediary system allows an owner computer system to securely identify and communicate with an end device. The end device uses master secret and time data shared with the owner computer system to generate and advertise a time-dependent device identifier and potentially an encrypted device message. The intermediary system augments the received device data with a message (e.g., an estimate of the device's location) encrypted using the time-dependent device identifier as an encryption key. Furthermore, it hashes the time-dependent device identifier for additional security. The augmented data is forwarded to a server for retrieval and processing by the owner computer system. The owner uses the shared master secret, time data and hash function to generate a hashed time-dependent device identifier used to retrieve matching augmented data from the server. The retrieved message data is decrypted using the reverse of the encryption operations.

Abstract: The disclosed system implements techniques to enable a tenant of a cloud-based platform to effectively and efficiently apply a policy that copies data packets communicated to or from a virtual machine in the tenant's own virtual network. When applied, the policy mirrors data traffic associated with a workload executing on a virtual machine in the tenant's virtual network. To mirror the data traffic, a copy of a data packet is streamed to another virtual machine so that network analytics can be performed (e.g., performance analytics, security analytics, etc.). In various examples, the policy can be a role-based mirroring policy that defines a plurality of roles in association with a role-based access model that scales operations and that provides improved security for a tenant's virtual network.

Abstract: Telemetry data from client file reputation queries is collected over time. Directories/sub-directories under which files of queries are located are identified. The files including the reputations for the files under a given directory/sub-directory are identified and used to calculate the reputation score for the directory/sub-directory. The directory/sub-directory is then classified based on the calculated score for the directory/sub-directory. After the classification of directories/sub-directories, reputation for a file with unknown reputation is then determined based on the classification of the directory/sub-directory under which the file is located.

Abstract: Systems and methods for detection of attacks on a communication authentication layer of an in-vehicle network, including determining, by at least one network node, at least one attack attempt on the communication authentication layer of the in-vehicle network, wherein the determination is carried out by identifying anomalies in at least one of messages, data and metadata directed to the communication authentication layer, and selecting, by the at least one network node, a response corresponding to the determined attack attempt from at least one of modification of parameter values corresponding to a security protocol, a failsafe response, and rejection of messages identified as anomalies.

Abstract: A virtual session manager of an electronic device maintains a web session for a user across multiple electronic devices. The virtual session manager receives an authentication request from a first electronic device that is in a communication range of the device. The virtual session manager transmits the authentication request to an endpoint device with a grant token without providing the first electronic device with any access to the grant token. The virtual session manager will receive, from the endpoint device, a first access token in response to the first authentication request. The virtual session manager will transmit the first access token to the first electronic device so that the first electronic device can establish a virtual session with the first web resource.

Abstract: Dynamic Cipher Key Management (DCKM) of the present invention enables the protection of sensitive electronic data by assigning symmetric or asymmetric cipher keys using a process that delivers the cipher key to a network endpoint device by means of a key installation, delivery, and storage methodology. DCKM may negate the need to physically touch the network device under protection. Further, DCKM's process is based on a set of operating principles that maintains the highest levels of assurance that the cipher key pairs are issued with only devices that have the right and authorization to create a secure communication path. The DCKM process realizes the same level of security confidence that is only achieved today with conventional token based key management services with respect to the paired devices linked via a cipher key public and private relationship.