Abstract: A system and method for transmitting user credentials to another device. According to some embodiments, a method is described of receiving into a first portable electronic device a set of credentials from a user, the set of credentials to include a WLAN SSID and a network key, the set of credentials to allow the first device to connect to the WLAN. The set of credentials is used to connect the first device to the WLAN. The first device creates a message for wireless transmission, the message includes the set of credentials for accessing the WLAN and is adapted to be delivered to a second device. Finally, the first device transmits the message over the air, wherein the message is addressed to the second device. The second device receives the message and uses the credentials in the message to connect to the WLAN. Other embodiments are also described.

Abstract: To provide enhanced operation of virtualized computing systems, various systems, apparatuses, methods, and software are provided herein. In a first example, a method of operating a computing system to control access to data resources by virtual machines is provided. The method includes receiving an access token and an instantiation command from an end user system. Responsive to the instantiation command, the method includes instantiating a virtual machine identified by the instantiation command using the access token as user data for the virtual machine during instantiation. The method also includes, in the virtual machine, executing a security module responsive to instantiation that transfers the access token for delivery to an authorization system, receiving credentials responsive to the access token, and accessing a data resource using the credentials.

Abstract: A method is provided to improve authentication of a user to login with a client device to a computer system. A mobile device stores a list of Uniform Resource Locators (URLs), user names and passwords. The mobile device reads an authentication code displayed on a display of the client device to extract a URL and a session identifier (ID), searches a user name and a password associated with the URL in the list of URLs, user names and passwords, transmits the user name, the password, and the session ID to a gateway server when the user name and the password associated with the URL are found in the list, and authenticates the user to login to the computer system with the client device when the client device retrieves from the gateway server the user name and the password.

Abstract: Techniques for an ID federation gateway include determining whether a user associated with a request for a particular network resource is to be identified by the provider of the particular service or by a different party. The service also comprises causing the different party to provide identification data that indicates an identity for the user, if the user is to be identified by the different party. The method further comprises causing user credentials data, based on the identification data, to be sent to an authentication process of the provider for a set of one or more network resources that includes the particular network resource requested by the user, if the data indicates that the user is successfully identified.

Abstract: Technologies for remote device authentication include a client computing device, an identity provider, and an application server in communication over a network. The identity provider sends an authentication challenge to the client. A capability proxy of the client intercepts an authentication challenge response and retrieves one or more security assertions from a secure environment of the client computing device. The capability proxy may be an embedded web server providing an HTTP interface to platform features of the client. The client sends a resource access token based on the security assertions to the identity provider. The identity provider verifies the resource access token and authenticates the client computing device based on the resource access token in addition to user authentication factors such as username and password. The identity provider sends an authentication response to the client, which forwards the authentication response to the application server.

Abstract: Provided is a system and method for providing a certificate, and more specifically a certificate for network access upon a second system.

Abstract: Current approaches to using security postures lack functionalities. Security postures can be used to enable various nodes to make informed decisions. In accordance with one embodiment, a system comprises a first node and a second node. The first node receives a security posture associated with the second node. The security posture provides a verifiable point-in-time trust metric on an overall level of trust in the second node. The first node compares the security posture associated with the second node to an expected security posture level associated with the first node. If the security posture associated with the second node is adequate as compared to the expected security posture level, a connection is established between the first node and the second node.

Abstract: A method of performing operations by a processor of a computer terminal, includes determining an operation system (OS) speed scaling gain used by the OS to transform mouse movement data, which is received from a mouse device via a device interface circuit, into mouse speed data that controls positioning of a mouse pointer relative to pixel locations on a display device. A computer terminal identifier is generated based on the OS speed scaling gain. A computer identification message containing the computer terminal identifier is communicated through a network interface circuit. Related computer terminals and computer authentication nodes are disclosed.

Abstract: The disclosure relates to a method for providing an access code on a portable device, which comprises a user interface and is set up for a wireless data communication, in which reference data for an authentication are stored in a central data processing system, wherein the reference data comprise personal data containing biometric reference data for a user of the portable device and a device identifier for the portable device, in response to a detected event, an authentication process is executed, in which the user is authenticated, wherein to authenticate the user, in the central data processing system and/or in the portable device, the reference data and authentication data are evaluated, which comprise personal authentication data for the user, including biometric authentication data, and an authentication device identifier for the portable device, and in response to a successful authentication, an access code is provided in the portable.

Abstract: Embodiments include method, systems and computer program products for safeguarding biometric data. Aspects include receiving a first biometric data unit and generating a template based upon the first biometric data unit. Aspects also include sending the template to a plurality of external template storage devices, each template storage device having a unique device identifier. Aspects also include generating a biometric query including a second biometric data unit. Aspects also include sending the biometric query to at least some of the plurality of external template storage devices. Aspects also include receiving a match score from at least one of the plurality of template storage devices external to the processor, wherein the match score reflects the degree of similarity between the first biometric data unit and the second biometric data unit.

Abstract: A method at an authentication server for multi-factor authentication of an electronic device, the method including receiving at the authentication server a request for authentication of the electronic device; sending information to the electronic device; receiving a response based on the information sent to the electronic device, the response further including an authentication time limit; authenticating the response; and storing the response and time limit upon verification of the response.

Abstract: The present disclosure generally discloses an Internet security mechanism configured to provide security for Internet resources of the Internet using an Internet blockchain. The Internet blockchain may be configured to provide security for Internet resources of the Internet by supporting various types of verification related to Internet resources of the Internet, which may include verification of Internet resource ownership, verification of Internet resource transactions, and so forth. The Internet blockchain may be configured to enable Internet participants (e.g., Internet registries, Domain Name Service (DNS) entities, Autonomous Systems (ASes), or the like) to verify Internet resource ownership of Internet resources (e.g., Internet Protocol (IP) addresses, AS numbers, IP prefixes, DNS domain names, or the like) by Internet participants, to verify Internet resource transactions (e.g.

Abstract: A system that incorporates the subject disclosure may perform, for example, operations including obtaining a request from a mobile device to allow user access to restricted content of a separate device. The process further includes forwarding a token to the separate device by way of a second wireless network, to obtain a separate device token, and forwarding the token to the first device by way of the first network to obtain a mobile device token, wherein the mobile device token is forwarded to the separate device by way of a third network. A confirmation that the token was obtained at the separate device is based on the result of the comparison indicating a match between the mobile device token and the separate device token. Access to the restricted content of the separate device is authorized based on to the confirmation. Other embodiments are disclosed.

Abstract: Described herein is a framework for providing and securing data access by external users. In accordance with one aspect of the framework, an external schema is generated to pair with an existing company schema in a database. The company schema may own data stored in the database. One or more access-control views that expose one or more subsets of the data may further be generated. The external schema may be granted access to the one or more access-control views. Synonyms may be created to rename access-control views, so that the synonyms share common names with corresponding database objects accessible via the company schema. External users may then access the data visible to them via the synonyms that are used to alias the access-control views.

Abstract: A method in a network node of a communication network configured to manage command messages from at least one Machine Type Communication, MTC, device manager intended for an MTC device, comprises receiving command messages from the at least one MTC device manager, step (201). One or more command messages are merged into an MTC device message that comprises at least one command message, step (203). Originator information is associated with each command message in the MTC device message, step (205). The MTC device message is sent to an MTC device. The network node may further perform the steps of receiving an MTC device message from an MTC device, the MTC device message comprising at least one response message, step (301).

Abstract: A web application receives a request for a web site's login page. The web application sends, via a domain name, a response including the login page, a first token in a first field in the login page's header, and a second token in a second field in the login page's header, wherein the first field is modifiable only via a related domain name which is related to the domain name, and wherein the first token is a function of the second token. The web application receives a request to login to the site from a client, wherein the request to login includes a header that includes the first field and the second field. The web application establishes a session with the client if the first field in the header includes a token which is the function of a token in the second field in the header.

Abstract: Technologies to facilitate supervision of an online identify include a gateway server to facilitate and monitor access to an online service by a user of a “child” client computer device. The gateway server may include an identity manager to receive a request for access to the online service from the client computing device, retrieve access information to the online service, and facilitate access to the online service for the client computing device using the access information. The access information is kept confidential from the user. The gateway server may also include an activity monitor module to control activity between the client computing device and the online service based on the set of policy rules of a policy database. The gateway server may transmit notifications of such activity to a “parental” client computing device for review and/or approval, which also may be used to update the policy database.

Abstract: Security features a situational awareness system using location tracking information including requiring a security identifier, such as a password or a bio identifier, as a condition to providing situational awareness information. The system may also restrict situational awareness information to data pertaining to members that have creating a permission setting or responded to an “opt-in” prompt authorizing data from their profile to be included in the situational awareness information. Situational awareness information may also be denied to requesters identified as public offenders in a public offender database. Situational awareness information may also be restricted by access rules specified in a security rule base, such as rules related to enrollment and rules related to the age of the requester and the age of a demographic profile of interest identified in the situational awareness request.

Abstract: A differential message security policy includes receiving information regarding activities of a user, determining a security risk for the user based on the activities of the user, and setting a security policy for the user based on the security risk. The security policy of the user may be modified based on a change in the security risk of the user or the security risk of the user exceeding a predetermined level. The security risk may be determined based on an aggregated scoring system that uses security variables related to the activities of the user.

Abstract: An approach for standardizing access to user registries, the approach involving providing a first schema extension to an identity management system and a bridge component to an identity management application wherein the bridge component comprises a second schema extension to the identity management application, receiving a request in a first data format associated with the identity management system, converting the request into a second data format associated with the identity management application and executing the request in the identity management application, receiving a response to the request in the second data format, converting the response into the first data format and returning the response to an end user via the identity management system.

Abstract: As disclosed herein, a computer program product, executed by a computer, includes receiving, from a user, a request for access to a shared system, wherein the request comprises a user identifier and a user password corresponding to the user, and determining privileges corresponding to the shared system using the user identifier. The computer program product further includes requesting, from an identity manager, a shared identifier and a shared password corresponding to the shared system, receiving, from the identity manager, the shared identifier and the shared password, and using the shared identifier and the shared password to enable the user to use the shared system.

Abstract: As disclosed herein a computer system, executed by a computer, includes receiving, from a user, a request for access to a shared system, wherein the request comprises a user identifier and a user password corresponding to the user, and determining privileges corresponding to the shared system using the user identifier. The computer system further includes requesting, from an identity manager, a shared identifier and a shared password corresponding to the shared system, receiving, from the identity manager, the shared identifier and the shared password, and using the shared identifier and the shared password to enable the user to use the shared system.

Abstract: A system includes reception, at a server and in a first browser session, of a request from a client for a token to access a first software service, determination of a token stored in a server memory of the server and associated with the first service and the client, determination, at the server, of whether a validity period of the token is within a predetermined period of expiration, and, if it is determined that the validity period of the token is within a predetermined period of expiration, transmission of a request for a new token to access the first software service from a token provider associated with the first service, reception of the new token from the token provider, and provision of the new token to the client in the first browser session.

Abstract: The migration of identity documents, such as driving licenses, from physical documents to electronic documents creates new problems for those seeking to verify the identity of an individual based upon the electronic document they provide. However, the inventors have established a means of binding electronic documents and electronic representations of physical documents to individuals at issuance of the document(s). Accordingly, the inventors address identity verification by providing to those seeking to verify the individual's identity data allowing them to verify the presented electronic ID document. For example, a police officer requesting a driving license can obtain on their own electronic device through the methods of the invention the issued driving license associated with identifier information on the license provided by the individual. As such tampering with the license to change a name, date of birth, photo etc. will result in a visible mismatch to the police officer in comparing them.

Abstract: Methods, systems and computer readable media for managing access of visitors to a facility are described.

Abstract: There are provided systems and methods for targeted authentication queries based on detected user actions. A user may perform various actions during a day, including online, electronic, or digital actions, such as social networking, messaging, and media consumption, as well as real-life actions, such as exercise, travel, and purchases. The actions may be used to determine a user history for the user by a service provider. When the user wishes to login to an account or otherwise authenticate the identity of the user, the user may provide login or authentication credentials. The credentials may be used to look up the user history and cause the service provider to generate an authentication query for the user based on events associated with the user in the user history. The query may be utilized to further authenticate the user by requiring the user to respond with the event associated with the user.

Abstract: Methods, systems and devices for securely transferring digital data from a first repository to a second repository are disclosed. Per at least one embodiment, a second repository is identified with a human recognizable identifier and an internal identifier associated with such second repository is determined. When a data transfer is desired, a work order associating the data to be transferred and identifying the second repository based on each of the human identifier and the internal identifier is generated. Such work order is utilized by a data port device to open normally closed communications port to accomplish the transfer of the data to the second repository when the identity of such second repository is confirmed by the data port device. A data integrity check confirms that only the designated to be transferred data was actually transferred to the second repository designated in the work order.

Abstract: A method of forming a secure group in ProSe communication includes requesting a service request to a ProSe server from a requesting device (21), the service request indicating a request to communicate with a receiving device (22) from the requesting device (21), performing verification on the requesting and receiving devices (21) and (22) by the ProSe server 24, sending a ProSe Service Result to the requesting and receiving devices (21) and (22) to inform to be allowed a group member, and starting a group security establishment of the group including the requesting and receiving devices (21) and (22)

Abstract: Computerized methods and systems mitigate the effect of a ransomware attack on an endpoint by detecting access events associated with requests by processes, including ransomware processes, to access data items on the endpoint. The data items are hidden from the operating system processes executed on the endpoint. In response to detecting an access event, an action is taken against the process associated with the access event.

Abstract: A device may determine that a file of a client device is a malicious file. The device may obtain remote access to the client device using a connection tool. The connection tool may provide access and control of the client device. The remote access may include access to a file location of the malicious file. The device may determine file information associated with the malicious file using the remote access to the client device. The device may select one or more remediation actions based on the file information. The device may cause the one or more remediation actions to be executed using the remote access to the client device.

Abstract: Methods and systems for detecting and defeating a low and slow application DDoS attack, comprising: computing the Entropy of a plurality of detectors, at least in part selected from a group Geo detector, a group response size detector, a group preference detector, and an individual client behavior detector, wherein the plurality of detectors each describe a feature of traffic affected by the DDoS attack; composing the plurality of detectors on one or more of a Receiver Operating Characteristic (ROC) curve basis and a correlation basis; and implementing a countermeasure to mitigate the DDoS attack.

Abstract: Described herein are systems and methods for detecting potentially malicious activity in a network session. Embodiments may involve identifying a requested network session between a first computer device and a second computer device, wherein the requested network session includes at least one security access message having an encrypted portion, obtaining a decryption key suitable for decrypting the encrypted portion of the security access message, decrypting the encrypted portion of the security access message with the decryption key, identifying a session key within the decrypted portion of the security access message, decrypting an application message that has been transmitted between the first computer device and the second computer device in the requested network session using the session key, and determining whether the decrypted application message includes an indicia of potentially malicious activity.

Abstract: According to examples, network sampling based path decomposition and anomaly detection may include evaluating computer-generated log file data to generate a master network graph that specifies known events and transitions between the known events, and decomposing the master network graph to generate a representative network graph that includes a reduced number of paths of the master network graph. A source may be monitored to determine a cyber security threat by receiving incoming log file data related to the source, comparing the incoming log file data related to the source to the representative network graph, and determining, based on the comparison of the incoming log file data related to the source to the representative network graph, an anomaly in the representative network graph. Further, based on the monitoring, a report indicative of the cyber security threat may be generated based on the anomaly in the representative network graph.

Abstract: Website data security is provided by conditionally accessing, assessing, and processing website content file attribute data and website content files used to host websites with a first set of servers configured with website content security breach analysis, detection, and repair functionality. The website content files are conditionally accessed based on a file modification date without heavily loading the servers hosting the website. The website content is analyzed by decoding PHP code and executing code in a hardened execution environment. Repair is accomplished through removing or replacing breached content.

Abstract: A system comprising a computer-readable storage medium storing at least one program, and a method for reducing cyber-security related false positive alerts is presented. In example embodiments the method may include identifying an indication of a cyber-security threat based on an operational anomaly in a network system. The method may further include determining that the operational anomaly is a false positive indicator with respect to the cyber-security threat based on the operational anomaly being correlated with a malfunction or reconfiguration event.

Abstract: A system for implementing header enrichment or header injections in proprietary networks for authenticating users, conducting user risk assessments, and obtaining user information.

Abstract: A system uses a probabilistic technique to determine the vulnerability of similar assets based on the data provided on some assets. The probabilistic technique includes stages of preparing data followed by calculating probability; a preparing data stage, including gathering the latest vulnerability reports of all assets in a system with the help of known scanners; creating open vulnerabilities; enriching the obtained data of open vulnerabilities; creating all vulnerabilities; enriching the obtained data of all vulnerabilities. Following this stage, probability calculation may be done for three cases, when asset information is known, when asset information is partially unknown, and when asset information is completely unknown based on the data taken from open vulnerabilities and all vulnerabilities categorized into blocks of 6 months based on the time at which they have been reported to NIST/MITRE.

Abstract: Examples described herein provide for a system that evaluates a security level of a network system. Additionally, examples described herein evaluate a security level of a network system in order to enable a determination of components that can be used to enhance the security level of the network system.

Abstract: Creating security enclaves includes determining one or more parameters of one or more applications and one or more services operating in the network. An optimal number of clusters for grouping the one or more applications and the one or more services is determined based on the one or more parameters. Then, the one or more applications and the one or more services are grouped into the clusters and one or more security enclaves are applied to each of the clusters so as to maximize operational security of the network.

Abstract: A method of selecting, for at least one service of an information system and depending service(s), at least one countermeasure to be implemented against at least one cyber attack, the method includes: identifying elements of the service exposed to the cyber attack(s), calculating a risk mitigation level of each countermeasure with respect to the cyber attack(s), ranking the countermeasure(s) on the basis of a parameter which is at least a function of the risk mitigation level, simulating the impact of the countermeasure(s) on the service and the depending service(s), the countermeasure to be implemented being selected at least as a function of result of the simulation.

Abstract: Techniques for detecting and/or handling target attacks in an enterprise's email channel are provided. The techniques include receiving aspects of an incoming email message addressed to a first email account holder, selecting a recipient interaction profile and/or a sender profile from a plurality of predetermined profiles stored in a memory based upon the received properties, determining a message trust rating associated with the incoming email message based upon the incoming email message and the selected recipient interaction profile and/or the sender profile; and generating an alert identifying the incoming email message as including a security risk based upon the determined message trust rating.

Abstract: A system for mitigation of cyberattacks employing an advanced cyber decision platform comprising a time series data store, a directed computational graph module, an action outcome simulation module, and observation and state estimation module, wherein the state of a network is monitored and used to produce a cyber-physical graph representing network resources, simulated network events are produced and monitored, and the network events and their effects are analyzed to produce security recommendations.

Abstract: Described embodiments include a system that includes a digital memory and a processor. The processor is configured to simulate, using information stored in the digital memory, an unauthorized use of a cellular communication network by at least one cellular communication terminal, by generating, and then transmitting from a network side of the cellular communication network, traffic that appears to have originated from the at least one cellular communication terminal. Other embodiments are also described.

Abstract: In one embodiment, a device in a network determines whether a destination address of a packet received by the device is within a neighbor discovery (ND) cache of the device. The device determines whether the destination address is not in a set of addresses used to generate an address lookup array or possibly in the set of addresses used to generate the address lookup array, in response to determining that the destination address of the packet is not within the ND cache. The device performs address resolution for the destination address of the packet, in response to determining that the destination address of the packet is possibly in the set of addresses used to generate the address lookup array.

Abstract: Aspects of the present disclosure involve systems and methods for detecting a potentially fraudulent access of a collaboration conferencing system on a telecommunications network and executing a corrective action in response to the detected access attempt. In some instances, the corrective action includes denying access to the collaboration system when the fraudulent access attempt occurs. In other instances, the corrective action includes providing a warning to the caller, rerouting the communication to another system within the network, or reporting and storing of the fraudulent attempt. To detect the possible fraudulent access attempt, a device may detect more than one fraudulent access attempt to the collaboration conferencing system and determine a pattern. With the pattern of attempts known, the system accesses a database to determine if a valid account is likely to be accessed by the fraudulent attempts and takes actions to prevent access to the valid account.

Abstract: The present disclosure relates to a system (1) and a method that employs such system (1) to detect and counteract Internet attacks of Man-in-the-Browser and/or Man-in-the-Middle type. The system (1) comprises a Traffic Inspector (2) in signal communication with a client computer (3) having a Web browser (4) residing therein for Internet browsing and with a Web server (5) having a Web application (6) residing therein. The Traffic Inspector (2) is configured to receive a request associated with the Web application (6) from the Web browser (4) and to send it to the Web browser (5), the Traffic Inspector (2) is configured to receive a DOM server code associated with the request from the Web server (5).

Abstract: Introduced here are security techniques for networks. More specifically, fictitious identities (also referred to as “bogus identities”) can be willfully created and injected into the network in order to obfuscate those who are not authorized to access the network. For example, such techniques may be used to befuddle hackers attempting to breach an internal network. The fictitious identities can be created by bypassing the operating system of computing device(s) residing within the network and deploying the fictitious identities within an operating system process responsible for implementing a security policy. Such action utilizes a limited amount of memory. The fictitious identities create a false visual of the network that is visible to any threat, regardless of where the threat is located in the network. Moreover, the fictitious identities may not infringe upon the topology of the network or affect the ability of authenticated users to continue using the network.

Abstract: Various embodiments are described herein that add supplemental data into security-related query results delivered to an operating system. More specifically, an operating system can submit a security-related query to a directory server (or some other network-accessible database), and then pass results of the security-related query to a local proxy. The local proxy can add supplemental data into the results. For example, the local proxy could add bogus directory information in an effort to obfuscate an attempt to gain access to network data by an unauthorized entity who attempts to penetrate the network by parsing the results of the security-related query.

Abstract: A computer implemented method for detecting, alerting and blocking data leakage, eavesdropping and spyware in one or more networked computing devices includes providing a graphical user interface (GUI) and displaying all available hardware device interfaces in each networked computing device. Next, providing a turn-on switch and a turn-off switch for each displayed hardware device interface in each networked computing device. Next, providing a turn-all-on switch and a turn-all-off switch for all displayed hardware device interfaces in each networked computing device. Next, monitoring status of each available hardware device interface and data traffic across each available hardware device interface.

Abstract: Techniques for generating a honey network configuration to emulate a target network environment are disclosed. In some embodiments, techniques for generating a honey network configuration to emulate a target network include receiving a network scan survey of the target network; generating the honey network configuration to emulate the target network using the network scan survey of the target network; and executing a honey network using the honey network configuration.