Abstract: An Internet of Things (IoT)-based thing management system using block chain authentication, where unit nodes connect to each other through a network, things connect to each other in each of the unit nodes, and control instructions for causing the things to operate are mutually authenticated by the unit nodes. Each of the things performing individual functions separately, and a core which includes n block chain having n blocks recording operation histories of the things thereon. The core generating public and private keys based on the n block chain and providing the keys to each of the things, wherein one of the things includes a controller which has a list of public keys provided by the core. The controller sends a control instruction so as to control operations of the thing. The thing sends the controller a response signal and performs an operation according to the control instruction.

Abstract: A system and method for disrupting an information security threat that constitutes an attack on a computer asset in a computer network is provided. The provided system and method disrupts this information security threat after the attack on the computer asset has been detected by at least one of the monitoring devices on the affected computer network. An intermediate upstream gateway of the affected computer network is then utilized to disrupt this information security threat. As the detected attack is being disrupted, a mitigation action will be automatically initiated if a mitigation action associated with the attack is stored in the system's database; else information about the attack will be sent to a central command centre for further assessment. At the central command centre, a mitigating action will be further developed and executed to address the intention of the attack.

Abstract: A method, apparatus, and system for provisioning a device onto a network using a non-secure communication channel between the device and a provisioner is described. The provisioner receives a timestamp-based on-time password (TOTP), and a universal resource identifier (URI) from the device and provides the TOTP and an out-of-band (OOB) UUID to a remote server over a secure communication channel identified by the URI. The device is then provisioned onto a network based on comparisons of the UUID and the TOTP.

Abstract: Mobile device security techniques are described. For a specific computing device, for each of a plurality of distinct security categories, a risk score is determined. The determined risk scores are aggregated to obtain an overall risk score.

Abstract: A server sends a key update request for requesting updating of the key, to a client terminal. The client terminal sends, to a key delivery server, a key delivery request for requesting the delivery of a key to the client terminal. The key delivery server delivers a key to the client terminal. The client terminal sends, to the server, a key reception notice indicating that the delivered key was received. The server sends, to the client terminal, a key-use start notice indicating that the client terminal starts data transmission and reception by using the delivered key with a different client terminal from the aforementioned client terminal. The client terminal performs data transmission and reception with the different client terminal by using the delivered key.

Abstract: A method, computer program product, and system where a processor(s) in a distributed computing environment intercepts a communication (of sequential elements) between a first computing node and a second computing node. The processor(s) determines if the communication is undesired by evaluating data related to or comprising each element individually.

Abstract: A method of securely authorizing limited access by a software application to private user data may include operating a software application that can utilize user data, sending a request to a first server to authorize release of the user data, receiving an authorization from the first server to release the user data, and sending a request to retrieve the user data to a plurality of second servers. The method may also include receiving a portion of the user data from each of the plurality of second servers, assembling the user data from at least two of the portions of the user data, and providing the user data to the software application.

Abstract: There is provided a system and a computer-implemented method of detecting malware in real time in a live environment. The method comprises: monitoring one or more operations of at least one program concurrently running in the live environment, building at least one stateful model in accordance with the one or more operations, analyzing the at least one stateful model to identify one or more behaviors, and determining the presence of malware based on the identified one or more behaviors.

Abstract: A set of servers can support secure and efficient “Machine to Machine” communications using an application interface and a module controller. The set of servers can record data for a plurality of modules in a shared module database. The set of servers can (i) access the Internet to communicate with a module using a module identity, (i) receive server instructions, and (iii) send module instructions. Data can be encrypted and decrypted using a set of cryptographic algorithms and a set of cryptographic parameters. The set of servers can (i) receive a module public key with a module identity, (ii) authenticate the module public key, and (iii) receive a subsequent series of module public keys derived by the module with a module identity. The application interface can use a first server private key and the module controller can use a second server private key.

Abstract: A device may determine that a file of a client device is a malicious file. The device may obtain remote access to the client device using a connection tool. The connection tool may provide access and control of the client device. The remote access may include access to a file location of the malicious file. The device may determine file information associated with the malicious file using the remote access to the client device. The device may select one or more remediation actions based on the file information. The device may cause the one or more remediation actions to be executed using the remote access to the client device.

Abstract: A signature capture device is used to display a targeted message for a customer picking up an ordered item. The targeted message is selected based on an identifier for the ordered item. Personal information used for the display message is managed to maintain security and privacy of the information. In one embodiment, the ordered item is a prescription and the signature capture device is part of a pharmacy management system.

Abstract: The present disclosure provided a method and system for protecting web applications against web attacks comprising a cloud service for generating rules and receiving reports, an agent manager in communication with the cloud service receiving rules from the cloud service and passing reports thereto, and an in-application agent in communication with the agent manager for receiving rules therefrom and passing reports thereto for protecting an application in which the in-application agent is embedded.

Abstract: Radio-assisted tamper protection in a HSM electronic device. Radio signals received from one or more network elements on a network are used for determining values of a set of network parameters that identify the electronic device in a predefined state. A tamper detection state signal may be generated responsive to the detected tampering state. The electronic device may be inhibited from operation in response to the tamper detection state signal.

Abstract: A multi-tenant identity management (IDM) system enables IDM functions to be performed relative to various different customers' domains within a shared cloud computing environment and without replicating a separate IDM system for each separate domain. The IDM system can provide IDM functionality to service instances located within various different customers' domains while enforcing isolation between those domains. A cloud-wide identity store can contain identity information for multiple customers' domains, and a cloud-wide policy store can contain security policy information for multiple customers' domains. The multi-tenant IDM system can provide a delegation model in which a domain administrator can be appointed for each domain, and in which each domain administrator can delegate certain roles to other user identities belong to his domain. Service instance-specific administrators can be appointed by a domain administrator to administer to specific service instances within a domain.

Abstract: A method of verifying an input biometric identifier against a reference biometric identifier is disclosed in this specification. The method comprises evaluating the input biometric identifier relative to a group (the ‘cohort’) to improve verification accuracy. Up to three matching scores are used to determine a verification probability for the input biometric identifier. The three matching scores measure the similarity of the input biometric identifier to the biometric identifiers of the cohort, the similarity of the reference biometric identifier to the biometric identifiers of the cohort and the similarity of the input biometric identifier to the reference biometric identifier.

Abstract: A System, Computer program product, and computer-executable method of authenticating a user to a remote computing network, the System, Computer program product, and computer-executable including receiving a first portion of authentication data at a server, wherein the first portion of authentication data includes at least one feature of an image and analyzing the received first portion of authentication data by comparing the first portion of authentication data to a second portion of authentication data stored at the server.

Abstract: An approach for enforcing standards regarding security vulnerabilities for an endpoint user device associated with a user includes collecting, at an inline frame implemented with a web application, endpoint health data of the endpoint user device in response to the user interfacing with the web application through the endpoint user device, generating endpoint health intelligence from the endpoint health data, the endpoint health intelligence indicating endpoint security health of the endpoint user device, generating a first endpoint health notification comprising the endpoint health intelligence, and notifying an administrator of network with the first endpoint health notification.

Abstract: A user device and a server conduct a secure online transaction. The user device transmits received user login and credentials to the server, as well as one or more properties of the user device, such as a list of applications stored on the user device. The server transmits one or more restrictions back to the user device, such as which ports to close, which applications to close, and what features of applications and the operating system should be limited during the transaction. After implementing the restrictions, the user device and the server conduct the online transaction. A unique ID may be transmitted throughout the transaction and the unique ID may be a hash. After the transaction, the user device purges transaction data, restores normal operation, and notifies the server. The transaction may be conducted in a second tunnel and the other communication via a first tunnel.

Abstract: A method of load balancing by multiple cores in a multi-core-based load balancing apparatus comparing arriving packets with a signature is provided, and comprises first load-balancing first packets arriving on the multiple cores during a first period based on an arrival rate of the first packets, identifying a signature for the comparison, analyzing the first packets, determining at least one service type of the first packets, estimating a mean deep packet inspection (DPI) time corresponding to the determined at least one service type of the first packets, generating a load balancing rule using the estimated average DPI time, and second load-balancing second packets arriving on the multiple cores during a second period using the generated load balancing rule.

Abstract: Method and systems described herein may provide multifactor mutual authentication. A first server may provide a first party and a second party with at least two authentication components in order for the first party to authenticate the identity of the second party, and vice versa. The first authentication component may include a color-based authentication component, while the second authentication component may include a code-based authentication component. Both factors need to be validated in order for the authentication to be successful. The color-based authentication component, in combination with the code-based authentication component, may improve the speed with which the mutual authentication is performed.