Abstract: A computer-implemented method for automatically blocking Web Proxy Auto-Discovery Protocol (WPAD) attacks may include (i) automatically detecting, by a computing device, a WPAD request for a configuration file, (ii) identifying, by the computing device, a server attempting to fulfill the WPAD request for the configuration file, (iii) determining, by the computing device, that the server is not included in a whitelist of WPAD servers for the configuration file, and (iv) automatically performing, by the computing device and based on the determination that the server is not included in the whitelist, a security action to secure the WPAD request for the configuration file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Embodiments of the disclosure provide a method of incorporating multiple authentication systems and protocols. The types of authentication systems and protocols can vary based on desired assurance levels. A Centralized Authentication System together with an authentication policy dictates acceptable authentication systems. Authorization data for each authorization system are captured and packaged into a single Object Data Structure. The authorization data can be compared to data stored in an identity store for authentication. The authorization data can also be used for user and device registration and for transferring an authentication or registration token from a previously authenticated and registered device to a new device.

Abstract: A system and method are provided for authenticating a user using a client side server within a computer network, the computer network operating in conformance with an open source initiative (OSI) model of structuring protocol data unit messages, the method comprising: generating a connection request at a client side server, the connection request including (i) a client side network layer protocol address information for use in a network layer (L3) protocol data unit (PDU), and (ii) a client side transport layer protocol address information for use in a transport layer (L4) PDU; transmitting the connection request from the client side server using both the network layer and the transport layer; receiving at the client side server an authentication call message on both the network and transport layers using the client side network layer protocol address information and client side transport layer protocol address information; transmitting user authentication information in response to the received authenticatio

Abstract: According to some embodiments, a system may include a communication port to exchange information with a client device associated with an industrial control system. A network security server coupled to the communication port may include a computer processor adapted to provide a network security service for the client device. The computer processor may further be adapted to record security information about the client device via a blockchain verification process (e.g., by registering a validation result within a distributed ledger). The network security service might comprise, for example, an integrity attestation service providing software verification for the client device.

Abstract: This disclosure provides systems, methods, and computer program products for secure transfer of security domains across shared media. A secure domain interface is associated with a security domain. The secure domain interface receives a secure network data packet and appends a first data frame. A security interface receives the internal data packet and appends a second data frame to the internal data packet. The second data frame generates an open network data frame securely including payload and routing information from the secure network data packet. The security interface receives open network data frames, authenticates and extracts internal data packets, and routes internal data packets to the secure domain interface. The secure domain interface receives internal data packets, authenticates and extracts secure network data packets, and routes secure network data packets to secure network devices in the security domain.

Abstract: The present application is directed a computer-implemented method for enhancing security. The method includes a step of sending, from a VPN service provider, a request to a cloud provider to create a dynamic server on a cloud. Then, the VPN service provider receives a notification from the cloud provider that the requested server is available on the cloud. Subsequently, the VPN service provider embeds the dynamic server with a VPN service. Further, the VPN service provider sends a credential of the dynamic server to an entity on the network. The application is also directed to system for enhancing security on a cloud server.

Abstract: Systems and methods are provided for use in implementing access controls to content blocks of a user profile associated with a user. One exemplary system includes an access engine configured to receive an access command from a user, via a communication device, to access the user profile. The access command includes a designation of at least one the content blocks for access by a provider, an identity of the provider, and a duration of the access. The access engine is configured to also modify a permission associated with the designated content block(s) in relation to the provider to permit the access by the provider, and to expose the content block(s) to the provider, thereby granting the access for the provider to the content block(s). The access engine is configured to further terminate the access of the provider to the content block(s) when the duration of the access expires.

Abstract: Methods and apparatuses for authenticating communication devices and securely transmitting and/or receiving encrypted voice and data information. A biometric scanner, for example a fingerprint scanner, is utilized for authenticating the communication device and for generating the encryption key. The fingerprint scanner can be an area or swipe type of scanner is registered to a particular user and has unique intrinsic characteristics (the scanner pattern) that are permanent over time and can identify the scanner even among scanners of the same manufacturer and model. The unique scanner pattern of the scanner generates a unique encryption key that cannot be reproduced using another fingerprint scanner.

Abstract: A method for user identity authentication using virtual reality includes presenting one or more virtual elements on a virtual reality (VR) scenario of a VR application for initiating a service, identifying, using one or more sensors communicably coupled to the VR device, one or more interactive operations of a user of the VR device with the one or more virtual elements, determining whether the one or more interactive operations match one or more predetermined operations for selecting the one or more virtual elements to initiate the service and trigger biometric authentication for user identity authentication, invoking biometric authentication if the one or more interactive operations match one or more predetermined operations, presenting a virtual guidance in the VR scenario for guiding the user to perform the biometric authentication, and presenting a service interface to the user if the biometric authentication is successful.

Abstract: A method for measurement of an information-security-controlling status in accordance with the present disclosure includes receiving actual inspection data obtained by actually inspecting whether each domain complies with each security-controlling item, computing security-controlling status measurement scores for each domain on the basis of a significance grade of each control item, the degree of compliance with a corresponding control item, and a weighting set by a measurement manager, computing a final security-controlling status measurement score for a parent organization to which each domain belongs on the basis of an average of the security-controlling status measurement scores for each domain, and outputting the computed security-controlling status measurement scores and final security-controlling status measurement score.

Abstract: A verification method, device and computer-readable storage medium based on a flexible display screen are provided. The method includes: generating a verification code, and dividing the verification code into a plurality of parts; displaying the plurality of parts on the flexible display screen separately; detecting deformation of the flexible display screen, and determining a splicing result of the plurality of parts based on the deformation of the flexible display screen; and determining a verification result based on the splicing result.

Abstract: Techniques for making preliminary authorization determinations based on partial contextual information are disclosed. In one or more embodiments, an API receives an authorization request and partial contextual information associated with the authorization request. The API submits the partial contextual information to an authorization service, without submitting complete contextual information associated with the authorization request. The API receives, from the authorization service, a preliminary authorization response based on the partial contextual information. The preliminary authorization includes one of (a) denial of the authorization request and (b) non-denial of the authorization request.

Abstract: Methods, non-transitory computer readable media, and security management apparatus that retrieves a web page in response to a request for the web page received from a client device. Remote access trojan (RAT) malware detection source code is injected into the web page and the web page is sent to the client device in response to the request. The RAT malware detection client-side source code is configured to, when executed by a web browser of the client device, output an alert when a possible attack is detected based on monitored movement of a mouse pointer, key events, or executing animations. A determination is made when the alert has been received from the client device. A security action is initiated according to an established policy, when the determining indicates that the alert has been received from the client device.

Abstract: System and method to predict risk of re-identification of a cohort if the cohort is anonymized using a de-identification strategy. An input anonymity histogram and de-identification strategy is used to predict the anonymity histogram that would result from applying the de-identification strategy to the dataset. System embodiments compute a risk of re-identification from the predicted anonymity histogram.

Abstract: A system, computer program product, and computer-executable method of providing a layout-independent cryptographic stamp of a distributed data set from a data storage system, the system, computer program product, and computer-executable method comprising receiving a request for a cryptographic stamp of the distributed data set, creating a hash of each slice of the distributed data set, and using each hash from each slice of the distribute data set to create the cryptographic stamp of the distributed data set.

Abstract: The disclosed computer-implemented method for protecting personally identifiable information during electronic data exchanges may include (i) receiving, from a computing device, an authentication token for a proposed electronic data exchange, (ii) preventing the user's personally identifiable information from entering the proposed electronic data exchange by identifying the user using the anonymized identifier rather than using the user's personally identifiable information, (iii) authenticating the user identified in the data exchange information, and (iv) in response to authenticating the user, authorizing completion of the proposed electronic data exchange. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method includes executing a determination process that determines that a setting value is a search key, the setting value being for an item from among a plurality of items in a record identified in a plurality of records, the plurality of records relating to a plurality of pieces of log information that are collected from a plurality of computers; executing a first identification process that identifies, as the record, another record including the search key from among the plurality of records; executing a second identification process that identifies, as the item, a new item from among the plurality of items, the new item being different from an item used to identify the another record in the executing of the first identification process; repeating executing of the processes; and outputting information on at least one computer that is suspected of a cyber-attack, based on the identified records.

Abstract: In one implementation, a system can include a tenant engine to maintain a plurality of tenant profiles with access to a first set of metrics of a plurality of metrics based on authorization via a certificate, a metrics engine to maintain a plurality of metrics derived from instrumentation of a plurality of applications, and a report engine to provide the first set of metrics in response to a report request when the report request is from a user associated with a first tenant profile of the plurality of tenant profiles and the first tenant profile is authorized to access the first set of metrics based on the certificate associated with a private key used to sign a first application of the plurality of applications.

Abstract: A method of security and verifiability of an electronic vote, comprising reception of a temporary voting ballot, during which a temporary voting ballot is received by a voting entity, the temporary voting ballot being encrypted by a public voting encryption key; reception of a validation voting ballot, during which a validation voting ballot is received from the voting entity, the validation voting ballot being encrypted by a public validation encryption key; decrypting the validation voting ballot by a private validation key associated with the public validation encryption key; validating a validation request generated from the decrypted validation voting ballot sent to the voting entity; the preceding steps being repeated until the acceptance of the validation request by the voting entity, after which the encrypted temporary voting ballot is registered as a definitive voting ballot awaiting its counting.

Abstract: Unique systems, methods, techniques and apparatuses of a substation phasor data concentrator (ssPDC) is disclosed herein. One exemplary embodiment is a method for operating an electrical substation including a merging unit (MU), a phasor measurement unit (PMU), and a substation phasor data concentrator (ssPDC).