Abstract: The present invention relates to methods, apparatus, and products for generating a data warehouse index. Generating a data warehouse index includes storing a refresh token for a user and obtaining, automatically without user interaction, an access token for the user from an identity provider. Subsequently, one or more queries are submitted to a data warehouse requesting connection information for data structures of the data warehouse accessible by the user. During the query submission, the access token for authorization of the user is provided to the data warehouse. One or more responses are then received from the data warehouse specifying connection information for data structures of the data warehouse accessible by the user. Finally, an index of the data warehouse for the user based on the received connection information for data structures of the data warehouse accessible by the user.

Abstract: Methods, systems, and computer readable media for managing network function (NF) request messages at a security edge protection proxy (SEPP) are disclosed. One method comprises receiving, by a SEPP and from an NF service consumer, an initial NF request message and obtaining a target NF type identifier, a requestor NF type identifier, and a network identifier from the initial NF request message. The method further includes utilizing the target NF type identifier, the requestor NF type identifier, and the network identifier to determine whether the initial NF request message is to be blocked by an associated service based interface at the SEPP and discarding, by the SEPP, the initial NF request message if the initial NF request message is determined to be blocked by the associated service based interface.

Abstract: An example operation includes one or more of determining a portion of memory in a transport for storing sensitive temporary data, setting a hardware threshold of a maximum number of reads of the data from the portion of memory, and clearing the data from the portion of memory with a hardware-enabled trigger in response to the maximum number of reads is reached.

Abstract: A user authentication system includes a main body device and an authentication device. The main body device has an authentication code transmission requesting unit, a verification unit, and an unlocking unit. The authentication code transmission requesting unit generates an authentication code transmission request including a first value, and transmits the authentication code transmission request to the authentication device. The authentication device generates an authentication code in response to the first value in the authentication code transmission request, and transmits the authentication code to the main body device. The verification unit determines that authentication is successful if the authentication code is received from the authentication device. When the verification unit determines that the authentication is successful, the unlocking unit enables a predetermined functionality.

Abstract: Ensuring privacy consent for handling of occupant vehicle data is provided. A feature identification vector indicative of an identity of a vehicle occupant of a vehicle is identified. The feature identification vector is used to identify whether consent for use of vehicle data was provided by the vehicle occupant. The consent is requested responsive to the identity of the vehicle occupant not having consented to data collection. Responsive to the consent being given by the vehicle occupant, the consent and the feature identification vector of the vehicle occupant is stored in a storage of the vehicle. The vehicle data is uploaded in accordance with whether the consent was granted for the vehicle occupant.

Abstract: Token expiration is managed for requests in an asynchronous request-reply pattern of communication. If a token in a request expires, an operation to be performed utilizes a new token to execute the operation. The new token is obtained from a status check sent to a different location than the initial request.

Abstract: Disclosed is a hooking detection method and system that may specify position information of a function referenced by an executable module from an outside or provided to the outside or a unique value of an executable code, and may determine application programming interface (API) hooking based on a classification acquired by comparing unique values or by clustering the unique values.

Abstract: A method for validating an access request with respect to an application is provided. The method includes: receiving an access request from a user with respect to an application; retrieving, from a memory, group identification information that relates to at least one group to which the user belongs; retrieving, from the memory, scope information that indicates qualifications and/or characteristics of a relationship between the user and the at least one group; and generating a token that notifies the application of the group identification information and the scope information, and is usable by the application for validating the access request. The method may be implemented in an Active Directory Federation Services (AD FS) environment.

Abstract: A system and method for determining physical locations associated with activities detected on mobile devices is disclosed. The method includes accessing at least one enterprise rule set which is based on a plurality of security vulnerability events, and for monitoring at least one application used on the mobile devices. Device data indicative of one or more actions performed on a mobile device and a time associated with each action is used to detect whether actions performed on the mobile device breach a rule of the enterprise rule set. Geolocation information associated with the mobile device at the time associated with the breach is received based on an identifier associated with the mobile device or with wireless network access points in range of the mobile device. The received geolocation information, enterprise rules, and device data is used determine if a security vulnerability is associated with the mobile device.

Abstract: Various embodiments of a system and methods for reasoning about enterprise-related external cyber threats using a rule-leaning approach are disclosed.

Abstract: A method includes receiving a scan request requesting to scan a set of network-connected assets designated for a network scan. For each respective network-connected asset, the method includes scanning, at a network security scanner using a first scanning privilege level, the respective network-connected asset. The method includes determining, based on the scan using the first scanning privilege level, whether the respective network-connected asset has a vulnerability. In response, the method includes scanning, at the network security scanner using a second scanning privilege level, the respective network-connected asset. The second scanning privilege level defines a lower level of access the network security scanner has than the first scanning privilege level. The method includes determining, based on the scans, an exposure level of the vulnerability. The method includes reporting the exposure level of the vulnerability to a user of the respective network-connected asset.

Abstract: Apparatus and associated methods relate to facilitating a remote internet-connected device to configure an implantable biomedical device. Such configuration of the implantable biomedical device involves hosting a virtual image of the implantable biomedical device at an IP-addressable internet site associated therewith. This virtual image is updated based on configuration data received from the remote internet-connected device via the internet. configuration data for the implantable biomedical device at the IP-addressable internet site. The safety of such an updated implantable medical device is validated based on the updated virtual image. The configuration data is then transmitted from the IP-addressable internet site via the internet to the implantable biomedical device, in response to the safety of the implantable biomedical device being validated.

Abstract: In certain embodiments, a web services system receives a request to provision a device, such as a telephone, as an authentication device. The web services system initiates display of an image communicating a key to allow the telephone to capture the image and to send key information associated with the key. The web services system receives the key and determines that the key information is valid. In response to the determination, the web services system sends a seed to the telephone to provision the telephone to be an authentication device. The telephone can use the seed to generate one-time passcodes to access a service of the web services system.

Abstract: Systems, devices, and methods are discussed for identifying possible improper file accesses by an endpoint device. In some cases an agent is placed on each system to be surveilled that records the absolute paths for each file accessed for each user. This information may be accumulated and sent to a central server or computer for analysis of all such file accesses on a user basis. In some cases, a file access tree is created, and in some implementations be pruned of branches and leaves if deemed to be duplicates or very similar to other branched and leaves via a Levenshtein distance threshold. The resulting tree's edges may be scaled in particular implementations based on the deviation of a user's file accesses from their sphere of permissions. A variance metric may be computed from the final tree's form to capture the user's access patterns.

Abstract: Malware Protection A computer implemented method, computer system and computer program are provided for protecting against malware. The method trains a classifier to classify a domain name as being either legitimate or illegitimate, wherein a classification of illegitimate indicates that the domain name was generated by a Domain Generation Algorithm used to generate domain names for malware. The method retrains the classifier using an active learning technique by: using the classifier to determine a respective classification of each domain name in a set of domain names: performing a respective domain name system. DNS, query for each domain name in the set: labelling one or more domain names in the set based on the classification of those domain names and the outcome of the respective DNS queries for those domain names: and using training data comprising the labelled one or more domain names to retrain the classifier.

Abstract: The present invention is directed to systems and methods for a federated tactical edge cloud. The federated tactical edge cloud systems and methods preferably utilize serverless computing, blockchain, content addressing, conflict-free replicated data types, and notarization or authentication of data blocks to provide data authentication and integrity. The federated tactical edge cloud is operable to access and process data from a plurality of sensors and/or a plurality of edge devices.

Abstract: The technology disclosed relates to simulating spread of a malware in cloud applications. In particular, the technology disclosed relates to accessing sharing data for files shared between users via sync and share mechanisms of cloud applications, tracing connections between the users by traversing a directed graph constructed based on the sharing data, and simulating spread of a malware based on the traced connections to simulate user exposure to, infection by, and transmission of the malware. The connections are created as a result of syncing and sharing the files via the sync and share mechanisms. The malware is spread by syncing and sharing of infected ones of the files via the sync and share mechanisms.

Abstract: Disclosed herein are systems and method for detecting malware signatures in databases. In one exemplary aspect, a method may comprise identifying a plurality of entries of the database, wherein each entry represents a record stored on a computing device and selecting at least one suspicious entry in the plurality of entries. The method may comprise retrieving a record associated with the suspicious entry and applying a transformation to original contents of the record. The method may comprise scanning the transformed contents of the record for a malware signature. In response to detecting a portion of the transformed contents that matches the malware signature, the method may comprise executing a remediation action that removes a corresponding portion from the original contents of the record and updating the database by replacing the at least one suspicious entry with an entry of the record on which the remediation action was executed.

Abstract: There is provided a system and a computer-implemented method of detecting malware in real time in a live environment. The method comprises: monitoring one or more operations of at least one program concurrently running in the live environment, building at least one stateful model in accordance with the one or more operations, analyzing the at least one stateful model to identify one or more behaviors, and determining the presence of malware based on the identified one or more behaviors.

Abstract: A computer system generates a hierarchical evolutionary tree of digests of sample files. The digests are generated using a locality sensitive hashing function. The digests are grouped into several clusters, and the clusters are grouped into several nodes. The nodes are connected in hierarchical order to generate the hierarchical evolutionary tree. A digest of a file being evaluated for malware is generated using the locality sensitive hashing function. The digest is put in a cluster of the hierarchical evolutionary tree having digests that are most similar to the digest relative to digests of other clusters of the hierarchical evolutionary tree. The digest is identified to be of the same malware family as the digests of the cluster.