Abstract: A system and method is provided for encrypting data for secure storage or transport. The method includes identifying a first object comprising a string of binary values and a second object comprising a string of integers, and processing the first and second objects to generate a wave screen comprising a set of remapping instructions associated with a block map layout. For each data segment to be encrypted, the method includes positioning the bits of the data segment within the block map layout to generate a data map, and encrypting the data map by applying the wave screen to remap the positions of the bits within the block map layout in accordance with the set of remapping instructions. The encrypted data map is then stored or transported as a representation of the data segment.

Abstract: A data storage unit (202) stores encrypted data while remaining in an encrypted state, and stores decryption conditions to define a user attribute of a decryption-permission user who is permitted to decrypt the encrypted data. In a case wherein revocation information to indicate a user attribute of a revoked user who is no longer the decryption-permission user has been added to the decryption condition when update timing arrives, a revocation information removing unit (206) removes the revocation information from the decryption condition while the encrypted data remains in the encrypted state.

Abstract: A method of providing a client with a privileged access ticket (PAT) to access a target service is performed at a credentials management service (CMS) in communication with a client and an authentication service. The CMS receives a privileged access ticket request from the client. The PAT request uses authentication credentials. The CMS retrieves privileged credentials using the authentication credentials, and sends a PAT request to the authentication service using the privileged credentials. When the PAT is received, the CMS forwards the PAT to the client. Optionally, in order to acquire a PAT the CMS sends a privileged provisioning ticket (PPT) request using the privileged credentials to the authentication service, and, after the PPT is received, requests the PAT from the authentication service using the PPT.

Abstract: An analytics-based security monitoring system is adapted to receive data, such as in the form of event logs, from one or more network devices transferred through a computing environment, detect a plurality of behavioral characteristics from the received event logs, identify behavioral fragments composed of related behavioral characteristics, and identify an attack by correlating the behavioral fragments against patterns of known malicious attacks. The analytics-based security monitoring system may then perform a learning process to enhance further detection of attacks and perform one or more remedial actions when an attack is identified.

Abstract: Authenticating applications to a network service includes authenticating an application with a certificate to access a service provider over a logical connection between the application and the service provider and confirming that the application is using an authorized port of the service provider.

Abstract: Disclosed are a system and method for protecting computers from unauthorized remote administration. One exemplary method includes: intercepting events occurring in the computer system including a first event and a second event associated with data transfer with an application executing in the computer system; determining that the first intercepted event is dependent on the second intercepted event based on parameters of the first intercepted event and the second intercepted event; generating a rule defining a dependency of at least one parameter of the first intercepted event on at least one parameter of the second intercepted event; responsive to determining a degree of similarity of the generated rule and a previously created rule exceeds a threshold value, identifying at least one application as a remote administration application that created the first and second identified intercepted events; and blocking the identified remote administration application from exchanging data with the computer system.

Abstract: Approaches described herein allow a stateless device to recover at least one private key. In particular, a stateless device can provide service-account credentials to a directory service to establish a first session and acquire a certificate and private key using information associated with the stateless device. The stateless device can store its private key before the first session ends. A stateless device can then provide user-account credentials to the directory service to establish a second session. After the second session begins, a private key can be acquired by the stateless device.

Abstract: A system and method for metadata processing that can be used to encode an arbitrary number of security policies for code running on a stored-program processor. This disclosure adds metadata to every word in the system and adds a metadata processing unit that works in parallel with data flow to enforce an arbitrary set of policies, such that metadata is unbounded and software programmable to be applicable to a wide range of metadata processing policies. This instant disclosure is applicable to a wide range of uses including safety, security, and synchronization.

Abstract: An identity verification method, an IoT gateway device, and a verification gateway device using the same are provided. According to the provided method, the IoT gateway device firstly establishes a look-up table including a valid MAC address list and a valid RSSI range of at least one valid client device. When the IoT gateway device receives the connection request sent from the client device, the IoT gateway device may obtain the MAC address and a RSSI value of the client device according to the connection request and compare the received MAC address and the received RSSI value with the valid MAC address list and the valid RSSI range, so as to determine whether the client device is the valid client device.

Abstract: A method for transmitting content data includes receiving content data, and passing at least a portion of the content data based on a size of the received content data. A method for transmitting content data includes receiving content data, and passing at least a portion of the content data based on a prescribed rate. A method for transmitting content data includes receiving content data, and passing at least a portion of the content data before performing policy enforcement on the content data.

Abstract: Presented are systems and methods that allow hardware designers to protect valuable IP and information in the hardware domain in order to increase overall system security. In various embodiments of the invention this is accomplished by configuring logic gates of existing logic circuitry based on a key input. In certain embodiments, a logic function provides results that are dependent not only on input values but also on an encrypted logic key that determines connections for a given logic building block, such that the functionality of the logic function cannot be determined by reverse engineering. In some embodiments, the logic key is created by decrypting a piece of data using a secret or private key. Advantages of automatic encryption include that existing circuitry need not be re-implemented or re-built, and that the systems and methods presented are backward compatible with standard manufacturing tools.

Abstract: A security system comprising a computer, a memory, a data store comprising a cyber threat intent dictionary and a technology dictionary; and an application stored in the memory. When executed by the computer, the application generates a report that comprises an identification of a cyber threat intent and the identification of a cyber threat technology, wherein the cyber threat intent is selected from a plurality of cyber threat intents listed in the cyber threat intent dictionary and wherein the cyber threat technology is selected from the technology dictionary. The application also populates values in a cyber threat progression vector, where the cyber threat progression vector comprises elements that each corresponds to an action in a chain of actions associated with a cybercrime, where the values correspond to one of present or not present. The vector is used to manage the cyber risk of an enterprise or organization.

Abstract: A method for encrypting a message by a host device includes requesting, by the host device, a message key from a secure device and generating, by the secure device, the message key using a secret key stored in the secure device and which is not communicated to the host device. The method further includes the prior steps of requesting, by the host device, a token from the secure device and generating the token by the secure device, and transmitting the token to the host device. The requesting, by the host device, of the message key includes transmitting the token. The generating, by the secure device, of the message key is preceded by checking the legitimacy of the token.

Abstract: Client-less methods and systems destroy/break the predictive layout of, for example, a client computer memory. The methods and systems operate by injecting a library that manipulates the client computer memory during exploitation attempts.

Abstract: A method for requesting a credential associated with token in a multiple token layer environment is disclosed. A tokenization certificate serves to validate the identity of a credential requestor and provide information about the requestor's authorization for de-tokenizing a token. Also, a public key in the tokenization certificate is used to encrypt the credential for secure transmission to the requestor.

Abstract: A universal access method performed by a mobile device includes receiving a signal from a security access point that requests authentication information from the mobile device through near field communication (NFC), selecting one of first authentication information and second authentication information corresponding to the security access point, and transferring the selected authentication information to the security access point through NFC.

Abstract: Methods and systems for scanning an endpoint terminal across an open computer network are disclosed. An exemplary method includes providing a scanner engine in a computer server in communication with an open computer network, and establishing a secure connection across the open computer network between the scanner engine and a scanner agent installed on the endpoint terminal in communication with the open computer network. Commands for collecting data regarding the endpoint terminal are sent from the scanner engine across the secure connection to the scanner agent. The scanner engine then receives the collected data from the scanner agent across the secure connection, analyzes the data to assess a current posture of the endpoint terminal, and determines any updates for the endpoint terminal from the analysis. Updates are sent across the secure connection to the scanner agent for installation on the endpoint terminal, and the secure connection may then be terminated.

Abstract: The present disclosure provides a means for compressing Non-deterministic Finite Automata (NFA) for faster matching during Deep Packet Inspection (DPI) when a Network Intrusion Detection System (NIDS) is evaluating traffic to find suspicious network traffic. The present disclosure accomplishes this through four primary components. First, it provides a time-efficient method for accurately comparing two regular expressions so that common prefixes can be identified. Second, it provides a time-efficient method for grouping regular expressions by their common prefixes. Third, it provides a method for subgrouping within groups by longest common prefixes in order to maximize compression. Finally, it provides a method for building a compressed NFA using heuristics derived from the length of the common prefix to a subgroup.

Abstract: In an information management system, policies are deployed to targets and targets can evaluate the policies whether they are connected or disconnected to the system. The policies may be transferred to the target, which may be a device or user. Relevant policies may be transferred while not relevant policies are not. The policies may have policy abstractions.

Abstract: A method and system to transport encrypted keys among the participants of a real time communications session are provided. The system may include a message detector, a carrier packet detector and a decrypting module. The message detector may be configured to receive, at a target device, a first communication from a source device. The first communication may comprise a first message. The carrier packet detector may be configured to receive, at a target device, a second communication from a source device. The second communication may comprise a first encrypted key to decode the first message. The decrypting module may be configured to decode the message, utilizing the first encrypted key.