Abstract: The present disclosure relates to systems and methods for providing inclusive CAPTCHA. The method, in response to a user request for a webpage having CAPTCHA, creates a media file in real-time, wherein the created media file is characterized by distortion interference and corresponds to a selected theme from a plurality of themes associated with real-world scenarios. Further, randomly selecting a comprehension question from a plurality of comprehension questions for the created media file as the CAPTCHA, the comprehension question being based on the selected theme, geography associated with a user requesting the webpage and context of the created media file and transmits the webpage including the CAPTCHA. Further, in response to a user input to the comprehension question, intelligently detecting either a human input or a machine input based on a self-learning CAPTCHA decision module, by considering one or more of spelling errors, incomplete responses, contextual metonyms, synonyms and variants thereof.

Abstract: A process including: displaying icons used for password entry into an electronic system, in such a way that a hand movement associated with entry of the password into the system is randomized.

Abstract: A secure software client is provided. A secure software client can be partitioned into a web application that functions as the user interface and a proxy that performs a number of functions to provide a desktop-like experience within the web application. The web application can be isolated within the browser and can communicate with the proxy via a secure communication channel thereby allowing the proxy to be isolated from other types of access. The proxy can generate a desktop in the form of HTML5 content that the web application can render. The proxy can customize the desktop to include representations of applications or other functionality that are available to the user. The web application can detect user interaction with the HTML5 content and relay the interaction to the proxy via the secure communication channel to allow the proxy to perform an appropriate function.

Abstract: A counter challenge authentication system and method is provided for authentication of online users of web applications. The authentication method involves a counter challenge from a user to a web application asking to provide certain information from one or more user details recorded at the time of registration. The user enters his password and logs into the web application only in case he receives the correct answer from the web application. This advanced authentication method protects online application users from phishing attacks. An incorrect answer to the user's challenge or inability of the web application to provide an answer to the challenge is a clear indication of a phishing attack, thereby alerting the user and stopping him from submitting his sensitive password information to phishers. The authentication method is computer independent and eliminates dependency on two-factor authentication, hardware tokens, client software installations, digital certificates, and user defined seals.

Abstract: Techniques are described for managing access to data stored in a blockchain, and for managing the communication of blockchain data to other entities. A private key may be generated and issued to an external entity to enable the external entity to access an internal (e.g., private blockchain). The external entity may be an external (e.g., public) blockchain, device, process, or user that is outside an internal network. The key may be associated with metadata that includes constraints, conditions, or rules governing access to the blockchain. An authorized entity may employ the key to request access to the blockchain via access management module(s), and the access management module(s) may employ the metadata to determine whether to approve the request. The access management module(s) may also employ rules governing outbound communication of data from internal blockchain(s) to external entities.

Abstract: Securely communicating requests may include transmitting an encrypted response including an encryption library and a public key to a client device, the encrypted response encrypted using transport encryption established between a router device and the client device, receiving an encrypted request including data encrypted using the encryption library and the public key, the encrypted request encrypted using transport encryption established between the client device and router device, and transmitting an encrypted agent message to agent software in a customer environment, the encrypted agent message including the data encrypted using the encryption library and the public key, the encrypted agent message encrypted using transport encryption established between the router device and agent software, wherein the encrypted agent message is decryptable by the agent software using a private key inaccessible within the provider environment.

Abstract: In general, one innovative aspect of the subject matter described in this specification may be embodied in methods that may include designating specific information within a digital identification as secure user information and designating other specific information as non-secure user information, and provisioning user-specific authentication techniques to restrict unauthorized access to the secure user information. For instance, the secure user information may be prevented from being displayed on the digital identification without the submission of an access credential such as a user-specified code or a user biometric identifier.

Abstract: Techniques are described for enabling a client device having an established virtual desktop session to seamlessly handoff the virtual desktop session to other nearby client devices without the need for the user to manually disconnect the client and re-enter authentication information. The session transfer may be performed using a short-range wireless connectivity protocol, such as BTLE, where the client device having an established virtual desktop session operates in sender mode and broadcasts session handoff messages to nearby receiver devices within a valid range. Another client device operating in receiver mode may accept the session handoff message including session information associated with the virtual desktop session and initiate the transfer of the virtual desktop session without the need for the user to re-authenticate to the server.

Abstract: Methods, apparatuses, and computer program products are provided in order to protect user information by applying fingerprint signature authentication to a webpage being accessed by user. A method is provided comprising generating a user fingerprint signature in accordance with a user's local cookie information of a current website and original URLs of all webpages of the current web site related to the user to generate encrypted URLs of all webpages of the current website related to the user and having the generated user fingerprint signature; and in response to an access request to the encrypted URLs by the user, verifying the user, wherein verifying the user comprises determining based, at least in part, on the generated user fingerprint signature, whether the user has authority to access the encrypted URLs. A corresponding apparatus and computer program product are also provided.

Abstract: A system, method, and computer program product are provided for isolating services of a communication network in response to a distributed denial of service attack. In use, an indication of a detection of a distributed denial of service (DDoS) attack directed at one or more resources of a communication network is received. Additionally, at least one first network service associated with the communication network that is subject to the DDoS attack is identified. Further, the at least one first network service associated with the communication network that is subject to the DDoS attack is isolated.

Abstract: In one example, an apparatus such as an authorization server and method for secure communication between constrained devices issues cryptographic communication rights among a plurality of constrained devices. Each of the plurality of constrained devices comprises no more than one cryptographic algorithm code module per cryptographic function. The method includes receiving a cryptographic communication rights request associated with at least a first of the plurality of constrained devices in response to a cryptographic algorithm update request, and includes providing a response including an identification of a subset of the plurality of constrained devices that have cryptographic communication rights with the identified first of the plurality of constrained devices. A software update server then updates the cryptographic code modules in the sub-set of the plurality of constrained devices.

Abstract: A method for containing a threat in network environment using dynamic firewall policies is provided. In one example embodiment, the method can include detecting a threat originating from a first node having a source address in a network, applying a local firewall policy to block connections with the source address, and broadcasting an alert to a second node in the network. In more particular embodiments, an alert may be sent to a network administrator identifying the source address and providing remedial information. In yet other particular embodiments, the method may also include applying a remote firewall policy to the first node blocking outgoing connections from the first node.

Abstract: A method for authenticating a user identity asserted from a client device may include receiving information that asserts a user identity including a user identifier, accessing external data stores to receive data rows that are associated with the user identity, and accessing monitoring systems to receive data vectors. The monitoring systems may monitor transmissions to receiving systems, the data vectors may include numerical target values for the receiving systems, and the data vectors may be accessed using the user identifier. The method may also include determining whether the data rows can be matched to the data vectors, and based on that determination, authenticating the user identity.

Abstract: A system for improving the data security during a communication process, including at least one processor and a hardware security module. The communication data is authenticated prior to a transmission process, and the authenticity of the communication data is checked upon being received. The authentication is carried out by the processor, and the authentication check is carried out by the hardware security module, wherein the communication data is car-to-X messages. The processor and the hardware security module are linked via a common secret element such that at least the hardware security module cannot be coupled to another processor.

Abstract: Embodiments include method, systems and computer program products for credential management. Aspects include obtaining a first biometric information by a first processing device, wherein the first processing device has stored one or more credentials. Then, responsive to obtaining the first biometric information, the method determines whether the first biometric information is valid. The method then creates, via the first processing device, an ad-hoc network based upon the determination that the first biometric information is valid. The method, then receives a second biometric information from a second processing device through the ad-hoc network. And, then the method analyzes the second biometric information to determine whether the second biometric information is valid.

Abstract: A method of providing a user with an option to access a protected system by satisfying a reduced security measure is disclosed. An attempt by the user to access the protected system is detected. It is detected that a first security token system is within a first proximity to the protected system. Based on the detecting of the attempt by the user to access the protected system and the detecting that the first security token system is within the first proximity, the user is provided with the option to access the protected system by satisfying the reduced security measure.

Abstract: Obtaining, in association with origination of outbound network traffic to be sent by a system, user account information of a user account on behalf of which the outbound network traffic is generated, and performing filtering of the outbound network traffic based on the obtained user account information of the user account on behalf of which the outbound network traffic is generated, where the filtering is further based on one or more rules, and the filtering includes determining whether to block or allow sending of the outbound network traffic from the system.

Abstract: Relationships between data in database tables are obfuscated. An input data set is divided into two database tables with corresponding rows. A key field if created in a second one of the tables, and for each row, the field is populated with a value generated with a one-way function, using a unique value associated with the corresponding row of the first one of the tables as an input. The two tables are stored in a data store, so that the data in corresponding rows may be associated only with access to the one way function, and the unique value associated with a row of the first table.

Abstract: In one respect, there is provided a system for training a neural network adapted for classifying one or more scripts. The system may include at least one processor and at least one memory. The memory may include program code that provides operations when executed by the at least one processor. The operations may include: reducing a dimensionality of a plurality of features representative of a file set; determining, based at least on a reduced dimensional representation of the file set, a distance between a file and the file set; and determining, based at least on the distance between the file and the file set, a classification for the file. Related methods and articles of manufacture, including computer program products, are also provided.

Abstract: A system and method for electronic signature validation is provided. Embodiments may include analyzing at least one government identification document, wherein analyzing includes authenticating the at least one government identification document. Embodiments may further include extracting personally identifiable information pertaining to a user from the at least one government identification document and displaying a digital copy of a document to be signed to the user. Embodiments may also include capturing an electronic signature of the document by the user and receiving personally identifiable information, wherein the personally identifiable information pertains to the user and enables the user to be uniquely identified. Embodiments may further transmitting a document signing transaction session.