Abstract: One example method includes detecting a threat in a data confidence fabric, assigning a data confidence score to data implicated by the threat, generating trust insertion metadata concerning the threat, creating a ledger entry based on the data confidence score and the trust insertion metadata, and using the ledger entry to determine an overall data confidence score for the data confidence fabric. A data threat portfolio view is generated based on the data confidence score and the trust insertion metadata, and the data threat portfolio view is presented to a user.

Abstract: One example method includes detecting a threat in a data confidence fabric, assigning a data confidence score to data implicated by the threat, generating trust insertion metadata concerning the threat, creating a ledger entry based on the data confidence score and the trust insertion metadata, and using the ledger entry to determine an overall data confidence score for the data confidence fabric. A data threat portfolio view is generated based on the data confidence score and the trust insertion metadata, and the data threat portfolio view is presented to a user.

Abstract: One example method includes identifying user information associated with a user-specific decentralized identity (DID) of a first party, associating the user information with the DID, defining data terms that specify which user information may be shared, and under what circumstances, presenting the DID for verification by a second party that comprises a computing entity, receiving an indication that the DID has been verified by the computing entity, and based on verification of the DID, entering into a transaction with the second party, wherein the transaction comprises providing, to the computing entity, in accordance with the data terms, only user information that is needed by the computing entity to effect the transaction.

Abstract: In general, embodiments of the invention relate to a method for transacting data. The method includes receiving a verification request from a data consumer, where the verification request specifies an object. The method further includes initiating servicing of the verification request using a verifiable credential, where the verifiable credential specifies a data broker service and the object, where the verifiable credential comprises a claim authorizing the data broker service to transact the object, and where the verifiable credential is issued by an owner of the object. The method further includes initiating transmission of the object to the data consumer based on the servicing of the verification request.

Abstract: In general, embodiments of the invention relate to a method for transacting data. The method includes receiving a verification request from a data consumer, where the verification request specifies an object. The method further includes initiating servicing of the verification request using a verifiable credential, where the verifiable credential specifies a data broker service and the object, where the verifiable credential comprises a claim authorizing the data broker service to transact the object, and where the verifiable credential is issued by an owner of the object. The method further includes initiating transmission of the object to the data consumer based on the servicing of the verification request.

Abstract: Techniques are provided for producing adaptive and verifiable bills of materials. One method comprises obtaining a verifiable claim associated with a device issued by a supplier of the device, wherein the verifiable claim comprises a decentralized identity for the device with corresponding public attributes; and verifying the verifiable claim for the device using the decentralized identity for the verifiable claim and the corresponding public attributes obtained from a distributed ledger. The verifying comprises, for example, reading a public key from the distributed ledger and verifying a digital signature of the verifiable claim using the public key. The verifiable claim for a given part may comprise a part status and when the part status of the given part indicates a recalled status, one or more predefined recall policies are applied for the given part and/or a device comprising the given part.

Abstract: A processing device in one embodiment comprises a processor coupled to a memory and is configured to derive one or more items of context information arising from a given application session within a network, and determine a level of sensitivity to be attributed to the given application session by analyzing one or more factors against the one or more items of context information. The processing device is further configured to generate a filtering score for the given application session based on the determined level of sensitivity, wherein the filtering score indicates a level of relevance attributed to the given application session with respect to a task of monitoring traffic within the network, and output the filtering score to one or more components associated with the network.

Abstract: A method, system and computer program product for use in managing policies is disclosed. Policies associated with a communications device are correlated with respective locations. The location of the communications device is determined. The policy correlated with the determined location is applied to the communications device.

Abstract: A technique performs authentication before delivering a token to a client device. The technique involves receiving a first message from a first application on the client device, the first message including a token request and a first set of authentication factors. The technique further involves receiving a second message from a second application on the client device, the second message including an authentication request and a second set of authentication factors. The technique further involves generating a result message which (i) provides access to a token for use by the client device when the first set of authentication factors is consistent with the second set of authentication factors, and (ii) rejects the token request when the first set of authentication factors is inconsistent with the second set of authentication factors. The client device may be a mobile device, and the first and second messages may be received via wireless communications.

Abstract: Embodiments relate to the generation of alerts in an event management system based upon risk. When an event device associated with the event management system, presents a logon page to a client device, the event device includes a beacon as part of the page to monitor and collect web device profile characteristics related to the client device. In response to a logon attempt by the client device, an event management device receives a notification regarding logon attempt and a risk assessment associated with the web device profile characteristics of the client device. Based upon a correlation of the notification and the corresponding risk assessment, the event management device can generate an alert, such as a SIEM alert, and can include an indication of priority, whether relatively low or high, and/or a confidence factor, whether or not the alert can be suppressed as part of the alert.

Abstract: In a software-as-a-service system, a federated relationship is established between a first tenant subsystem (host) and a user account on a second tenant subsystem (guest), the federated relationship including visibility controls in the host specifying resources made accessible to an authorized user of the user account. When a guest user accesses the host, an authentication is performed that includes requesting and receiving from the guest a security assertion that the user has been authenticated by the guest as the authorized user. Each tenant subsystem includes mechanisms for authenticating its own users for access control; the cross-tenancy authentication extends this operation to make and accept authentication assertions from other tenants. A second risk-based authentication may be performed for additional confidence, typically based on comparing circumstances for the present access to circumstances for past accesses.

Abstract: A method is used in validating association of client devices with sessions. Information of a client device executing a user agent is gathered by a server for creating a device identifier for the client device upon receiving a request from the user agent for establishing a session between the user agent and the server. The device identifier includes information identifying the client device. The device identifier is associated with the session. The client device is validated by the server upon receiving subsequent requests from the client device during the session. Validating the client device includes gathering information of the client device sending each subsequent request for creating a device identifier for the client device and comparing the device identifier created from the information gathered during each subsequent request with the device identifier associated with the session.

Abstract: Techniques are provided for detecting the source of an APT-based leaked document by iteratively or recursively evaluating a set of network security logs (e.g., SIEM logs and FPC logs) for events consistent with APT behavior according to a set of heuristics to generate a reduced set of security events for consideration by the CIRT. A method of detecting an APT attack on an enterprise system is provided. The method includes (a) receiving, in a computerized device, an indication that a document has been leaked outside the enterprise system, (b) evaluating a log of security events of the enterprise system using a set of heuristics to produce a reduced set of events potentially relevant to the APT attack, and (c) outputting the reduced set of events over a user interface for consideration by a security analysis team. A system and computer program product for performing this method are also provided.

Abstract: There is disclosed a method and system for use in authenticating an entity in connection with a computerized resource. An authentication request is received from entity for access to computerized resource. An input signal is received from a communications device associated with entity. The input signal comprises current location of communications device. The current location of communications device is derived from input signal. A location history in connection with communications device is captured. The location history comprises a record of discrete locations visited by communications device over a period of time. An analysis is performed between current location of the communications device and location history in connection with communications device. An authentication result is generated based on analysis between current location of communications device and location history in connection with communications device. The authentication result can be used for authenticating entity.

Abstract: An improved technique for managing access of a user of a computing machine to a remote network collects device posture information about the user's mobile device. The mobile device runs a soft token, and the collected posture information pertains to various aspects of the mobile device, such as the mobile device's hardware, software, environment, and/or users, for example. The server applies the collected device posture information along with token codes from the soft token in authenticating the user to the remote network.

Abstract: A technique provides authentication codes to authenticate a user to an authentication server. The technique involves generating, by an electronic apparatus (e.g., a smart phone, a tablet, a laptop, etc.), token codes from a cryptographic key. The technique further involves obtaining biometric measurements from a user, and outputting composite passcodes as the authentication codes. The composite passcodes include the token codes and biometric factors based on the biometric measurements. Additionally, the token codes and the biometric factors of the composite passcodes operate as authentication inputs to user authentication operations performed by the authentication server. In some arrangements, the biometric factors are results of facial recognition (e.g., via a camera), voice recognition (e.g., via a microphone), gate recognition (e.g., via an accelerometer), touch recognition and/or typing recognition (e.g., via a touchscreen or keyboard), combinations thereof, etc.

Abstract: A technique for detecting unauthorized copies of a soft token that runs on a mobile device includes generating a set of random bits on the mobile device and providing samples of the set of random bits, as well as token codes from the soft token, for delivery to a server during authentication requests. The server acquires the set of random bits of the mobile device, or learns the set of random bits over the course of multiple login attempts. Thereafter, the server predicts values of the samples of the set of random bits and tests actual samples arriving in connection with subsequent authentication requests. Mismatches between predicted samples and received samples indicate discrepancies between the random bits of the device providing the samples and the random bits of the mobile device, and thus indicate unauthorized soft token copies.

Abstract: An improved technique for assessing the security status of a device on which a soft token is run collects device posture information from the device running the soft token and initiates transmission of the device posture information to a server to be used in assessing whether the device has been subjected to malicious activity. The device posture information may relate to the software status, hardware status, and/or environmental context of the device. In some examples, the device posture information is transmitted to the server directly. In other examples, the device posture information is transmitted to the server via auxiliary bits embedded in passcodes displayed to the user, which the user may read and transfer to the server as part of authentication requests. The server may apply the device posture information in a number of areas, including, for example, authentication management, risk assessment, and/or security analytics.

Abstract: A method is used in identity assurance. A process is executed that is used to verify a user identity. A description of the executed process is stored and is used to determine a level of trust.

Abstract: An authorization device is configured to authorize access to a resource. The authorization device receives an authorization request to authorize a client device to perform an operation on the resource associated with a data system and compare an access characteristic associated with the resource with a policy associated with the resource. The authorization device generates a first message when a result of the comparison indicates that the client device is authorized to perform the operation on the resource and generates a second message when a result of the comparison indicates that the client device is unauthorized to perform the operation on the resource.