Abstract: A full-text index can be created for each mailbox of an EDB to facilitate the performance of complex queries to quickly search for email data. In this way, relevant email data can be identified and retrieved quickly and efficiently from the full-text index rather than from the EDB. To create such indexes, each email in a mailbox can be retrieved and processed to convert the email from its native format into textual name/value pairs which can then be submitted for indexing. This use of name/value pairs to index each email enables the emails across all mailboxes to be efficiently queried using any possible combination of values.

Abstract: In a system for configuring a web application firewall, one or more parameters of the firewall are adjusted such that a test configured for exposing a vulnerability of an application protected by the application firewall is blocked by the firewall and another test configured to invoke functionality of the application but that does not expose or exploit any security vulnerability is not blocked by the firewall. A notification is provided to a user if such a firewall configuration is not found after a specified number of attempts.

Abstract: One embodiment provides a method comprising, in a training phase, receiving one or more malware samples, extracting multi-aspect features of malicious behaviors triggered by the malware samples, determining evolution patterns of the malware samples based on the multi-aspect features, and predicting mutations of the malware samples based on the evolution patterns. Another embodiment provides a method comprising, in a testing phase, receiving a new mobile application, extracting a first set of multi-aspect features for the new mobile application using a learned feature model, and determining whether the new mobile application is a mutation of a malicious application using a learned classification model and the first set of multi-aspect features.

Abstract: An application triggering method and device are provided in the field of terminals. The terminal device sets at least two different triggering passwords for at least two instances of an application corresponding to an application icon on a user interface on the display. The terminal device acquires an input password after a triggering operation over the application icon is detected on the user interface. The terminal device triggers a target instance of the application according to the input password, where the target instance refers to an instance for which one of the at least two different triggering passwords is the same as the input password.

Abstract: Embodiments of the present disclosure provide an Internet Protocol address allocation method and a router. The Internet Protocol address allocation method of the present disclosure includes receiving a delegate prefix of an upper-level network device, where the upper-level network device is a network device connected to a wide area network interface of the router; generating a local prefix of the router and a delegate prefix of the router according to the delegate prefix of the upper-level network device; and sending the local prefix of the router and the delegate prefix of the router to a lower-level router of the router. Internet Protocol addresses of devices in a cascaded network can be obtained in the embodiments of the present disclosure.

Abstract: Disclosed are an entity authentication method and device, involving: sending, by an entity A, a first identity authentication message to an entity B; inspecting, by the entity B after receiving the first message, the validity of a certificate of the entity A; sending, by the entity B, a second identity authentication message to the entity A; inspecting, by the entity A after receiving the second message, the correctness of field data therein; calculating, by the entity A, a secret information and message authentication code using a private key thereof and a temporary public key of the entity B, and sending a third message to the entity B; inspecting, by the entity B after receiving the third message, the correctness of field data therein; calculating, by the entity B, a secret information and message authentication code using a private key thereof and a public key of the entity A.

Abstract: Identifying a communication source includes receiving a message from a client computer requesting access to a computer-based resource; and receiving, a network signature from the client computer, wherein the network-related signature comprises a value representing how many routing devices are on a network path between the client computer and a predetermined computer. Also included is determining whether the vector of values matches a vector of stored values, each stored value potentially corresponding to a respective one of the values in the vector of values; and limiting access to the computer-based resource based at least in part on the vector of values not matching the vector of stored values.

Abstract: A virtual private network implementation method includes intercepting, by an NDIS intermediate driver, a packet sent by an application program to an intranet server, and determining, according to a PID corresponding to the packet, whether to allow a process corresponding to the packet to use an SSL VPN; when the process corresponding to the packet is allowed to use the SSL VPN, establishing, by the NDIS intermediate driver, a new packet, and submitting the new packet to an NDIS network interface card driver; and sending, by the NDIS network interface card driver, the new packet to the client, and sending, by the client, the new packet to the intranet server. Thereby, a virtual private network is implemented based on process control, and a client has a fast startup speed.

Abstract: A method and system for processing a message of a messaging system. The messaging system includes a messaging engine and a set of messages. A messaging endpoint of each message of the set of messages is associated with a respective container configured to run an associated application. In response to a first message being published to a messaging endpoint of the first message, the container associated with the messaging endpoint of the first message is used to process the message.

Abstract: In one embodiment, a device in a network receives traffic information regarding one or more secure sessions in the network. The device associates the one or more secure sessions with corresponding certificate validation check traffic indicated by the received traffic information. The device makes a self-signed certificate determination for an endpoint domain of a particular secure session based on whether the particular secure session is associated with certificate validation check traffic. The device causes the self-signed certificate determination for the endpoint domain to be used as input to a malware detector.

Abstract: Systems and methods for receiving a request to analyze trust of a client system and perform actions based on a client trust profile. A trust rating server device receives a request from a client computing device to analyze the trust on the device. The request identifies at least one credential or certificate installed on the device for example. The credential or certificate is obtained and analyzed to identify key information that relates to trust, such as level of encryption, country or entity of origin, duration of credential, certifying authority, etc. A rating is established using the key information and compared to a profile or other metric. One or more credentials or certifications may be blocked, disabled, enabled or removed based on a user's profile. Trust credentials are continuously monitored on the device for changes, and new credentials are blocked that do not meet thresholds established in the user's profile.

Abstract: It is determined whether a user is authorized to carry out a management operation on a plurality of information technology assets in parallel, based on a role of the user and at least one characteristic of the management operation. A risk level of the management operation, and at least one characteristic of the plurality of information technology assets, are both determined. Based on the risk level and the at least one characteristic of the plurality of information technology assets, an execution pattern for the management operation is specified. In at least some cases, the management operation is carried out on the plurality of information technology assets in parallel, in accordance with the execution pattern.

Abstract: Disclosed are techniques for use in assessing the risk of electronic communications using logon types. In one embodiment, the techniques comprise a method. The method comprises receiving an electronic communication relating to a login request involving a user and a provider of a computerized resource. The method comprises determining a logon type associated with the logon request. The method comprises determining a first value relating to an amount of logon requests associated with the logon type involving the user and the provider over a first time period and a second value relating to an amount of logon requests associated with the logon type involving the user and the provider over a second time period that is greater than the first time period. The method comprises generating a risk score describing the risk associated with the logon request based on the first and the second values.

Abstract: A system and method for assessing vulnerability of a mobile device including at a remote analysis cloud service, receiving at least one vulnerability assessment request that includes an object identifier for an operative object of a mobile computing device, wherein the vulnerability assessment request originates from the mobile computing device; identifying a vulnerability assessment associated with the identifier of the operative object; and communicating the identified vulnerability assessment to the mobile computing device.

Abstract: In some embodiments, systems, methods, and devices disclosed herein enable trusted sharing of private data and/or transactions via a distributed ledger, while maintaining data consistency properties. Some embodiments provide and utilize one or more independent and/or dependent channels. In particular, in some embodiments, one or more independent and/or dependent channels can exist on a single distributed ledger, wherein participants or nodes that are members of a particular channel can view and access the information in a given network transaction. To other participants or nodes not on the particular channel, however, only an encrypted or redacted version of the information can be viewable, thereby not disclosing the transaction information to such participants or nodes. In some embodiments, consistency properties may be preserved even in the presence of selective sharing of transaction information with proofs of validity.

Abstract: A method for assessing effectiveness of one or more cybersecurity technologies in a computer network includes testing each of two or more component stages of an attack model at a first computer network element twice. A first one of the tests is conducted with a first one of the cybersecurity technologies operable to protect the first computer network element, and a second one of the tests is conducted with the first cybersecurity technology not operable to protect the first computer network element. For each one of the twice-tested component stages, comparing results from the first test and the second test, wherein the comparison yields or leads to information helpful in assessing effectiveness of the first cybersecurity technology on each respective one of the twice-tested component stages at the computer network element.

Abstract: Provided are a method and a system for an additive homomorphic encryption scheme with operation error detection functionality. A plaintext is obtained by decrypting a ciphertext encrypted based on a homomorphic encryption technique and subjected to an operation and lower setting bits corresponding to additional secret information included in a final private-key are extracted as plaintext information from the acquired plaintext. An operation error check is performed on the remaining bits other than the lower setting bits in the acquired plaintext.

Abstract: Systems and methods are disclosed for clustering multiple devices that are associated with particular users by utilizing both probabilistic and deterministic data derived from analytics information on the users. An analytics computing system generates at least one deterministic device cluster that groups a first set of devices associated with a first user. The first set of devices share deterministic user identifiers specific to the first user. The analytics computing system also identifies a probabilistic link between a device in the first set of devices and additional devices. The probabilistic link indicates common usage patterns between two devices. Based on the probabilistic link, the analytics computing system generates a data structure that includes the deterministic device cluster and the additional devices.

Abstract: A method for controlling the exchange of private data, associated with a client device, between an application in execution on or for the device and a serving node in a data network, comprising transmitting a request to the serving node from the application for access to a service requiring use of the private data, receiving challenge data at the application from the serving node, requesting authorization for the use of the private data using a secure user interface of the client device to a trusted information manager on the basis of the challenge data, transmitting an obfuscated version of the private data for use with the service from the trusted information manager to the application on the basis of the authorization.

Abstract: Method for authenticating a user, comprising the steps of a)providing a central server (101), in communication with at least one authentication service provider (110, 120, 130), arranged to authenticate users via a respective authentication web interface, and at least one user service provider (150), arranged to provide user services to users via a respective user service web interface; b) providing, for a particular user and using a web browser in an electronic device (170, 180), access to the authentication web interface, and upon an authentication of the user, the central server placing a cookie on the electronic device identifying the authentication service provider; c) providing, for the user and using the same web browser executed from the same electronic device, access to the user service web interface, and as a result providing the said cookie to the central server; d) identifying, based upon the said cookie, the authentication service provider; e) redirecting the web browser to the authentication ser

Abstract: A firewall system determines whether a protocol used by an incoming data packet is a standard protocol compliant with Request For Comment (RFC) standards. In the event the protocol is RFC compliant, the firewall transmits the packet to the recipient according to firewall policies regarding the standard protocol. If the protocol is not that of an RFC standard, the firewall determines whether the protocol matches an RFC-exception protocol in a RFC-exception protocol database. If the protocol does match an RFC-exception, the firewall may transmit the packet to the recipient according to firewall policies regarding the RFC-exception protocol. If it does not match an RFC-exception, the firewall may transmit the packet or protocol to a support system where it may be quarantined until it is approved based on a decision that the protocol is safe and/or widely adopted.

Abstract: Measuring a quality of service in an Internet protocol network includes forming no more than one echo request packet in an originating device; transmitting the echo request packet to a destination device; swapping the source and destination addresses in the received echo request packet to form an echo reply packet without allocating memory for a new packet; receiving at the originating system the echo request packet repurposed as the echo reply packet; comparing a DSCP value in the echo request packet to a DSCP value in the echo reply packet; and when the DSCP values from the two packets are the same, asserting a prediction that the network will deliver a preferred quality of service for a streaming message service.

Abstract: A computer system provides a method for identifying firewall rules to apply to a virtual machine based on detecting initiation of a new network connection from the virtual machine. An example method generally includes detecting initiation of communications on a network port by a virtual machine, identifying one or more applications executing on the virtual machine that initiated communications on the network port, identifying one or more firewall rules to apply to the virtual machine based, at least in part, on the identification of the one or more applications, determining a deviation between firewall rules applied to the virtual machine and the identified one or more firewall rules, and upon determining that a deviation exists between the firewall rules applied to the virtual machine and the identified one or more firewall rules, applying one or more rules corresponding to the determined deviation to the virtual machine.

Abstract: Methods, computer-readable media and apparatuses for automatically redirecting a search are disclosed. A processor receives a search term, connects to a search server hosting a search site that displays a plurality of sites in response to the search term, receives a selection of a site from the plurality of sites, provides an option to associate the site with the search term and receives a confirmation to associate the site with the search term, where the search term automatically redirects a connection to a server hosting the site and by-passing a connection to the search server hosting the search site when the search term is received at a later time.

Abstract: A method, computer system, and a computer program product for detecting a session status based on a cookie associated with the session is provided. The present invention may include receiving an access request to a specified location associated with a server computer. The present invention may also include determining that the received access request has the cookie corresponding with the specified location. The present invention may also include receiving a last refresh time from the cookie. The present invention may then include determining the session status based on the retrieved last refresh time, a current request time, a refresh interval, and an overdue value.

Abstract: Embodiments can provide a computer implemented method in a data processing system comprising a processor and a memory comprising instructions, which are executed by the processor to cause the processor to implement a system for transforming a Channel ID communication, the method comprising: generating, by a SSL/TLS inspector, a secret; receiving, from a client, a Channel ID communication comprising a public key value; deriving, by the SSL/TLS inspector, a random seed value for a private key using the secret and the public key value of the Channel ID communication; generating, by the SSL/TLS inspector, a new private key based upon the random seed value; deriving, by the SSL/TLS inspector, a new public key based upon the new private key; generating, by the SSL/TLS inspector, a transformed Channel ID communication based upon the new private key and the new public key; and forwarding, by the SSL/TLS inspector, the transformed Channel ID communication to a server.

Abstract: A client establishes an cryptographically protected communications session and determines information usable to distinguish the session from other sessions. The client digitally signs the information using a cryptographic key that is independent of the session to enable a server to check whether the information matches the session that it established and whether the digital signature is correct. The server may perform mitigating operations if either or both of the information or the digital signature is/are invalid.

Abstract: Techniques for detecting application program spoofing. The techniques include: receiving a communication from an application program executing on a client device different from the at least one computer; identifying from the communication an asserted identity of the application program; and verifying the asserted identity of the application program at least in part by: interacting with the client device to obtain additional information about the application program, and determining whether the additional information about the application program is consistent with the asserted identity of the application program.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network monitoring, user account compromise determination, and user behavior database system. The system monitors network actions of user accounts including user account access across multitudes of network accessible systems, determines user account transitions, and determines different types of high-risk user behavior indicative of compromise. Network actions can be obtained from generated information by the network accessible systems, and correlated across additional data sets including contextual ones. User interfaces are generated describing network actions of user accounts, and are configured for user interaction, which cause generation of updated user interfaces and access to electronic data sources to determine information relevant to the user interaction.

Abstract: A data processing machine is configured to include one or more buried memory zones that are not intelligibly accessible to user software and to operating system software or hypervisor software within the data processing machine. At least one of hardware and firmware are configured to intelligibly access at least one of the buried memory zones so as to store therein, metadata defining one or more extents of a respective one or more protected regions (PR's) that are constituted in other memory areas of the data processing machine. The stored metadata defines constraints for the corresponding PR's including at least one of corresponding operational constraints and/or operational requirements that respectively constrain the operations performed by or on the data of the PR's.

Abstract: Techniques for fraud detection based on user behavior that monitor and analyze user interactions with an application executing on an end user device. The techniques include monitoring behavior of an end user device user by tracking user interactions with the application executing on the end user device, and generating event records describing the user interactions and the times at which they occurred. The event records are sent to an analytics engine that uses the event records to perform a fraud detection operation by comparing the user interactions described in the event records to an expected pattern of user interactions with the application, and detecting anomalous user behavior indicative of fraud in response to the user interactions described in the event records not matching the expected pattern of user interactions with the application.

Abstract: A method for providing a dormant state for content management servers. Client devices are allowed to conduct transactions with servers when the servers are active. However, in a dormant state, the servers are not allowed to accept new transactions. Thus, by utilizing the dormant state, software upgrades can be made to one server at a time. Alternatively, all servers can be taken down for major upgrades, with the servers still operated in a read-only mode based on a file image from a point in time just prior to the shutdown. When the upgrade is completed, the servers can be returned to the active state.

Abstract: A method, non-transitory computer readable medium and apparatus for securing user input and/or output on a mobile endpoint device. For example, the method receives an input on the mobile endpoint device, encrypts and authenticates the input in a trusted domain of the mobile endpoint device executing an application and sends the input that is encrypted and authenticated to an untrusted domain of the mobile endpoint device over a secure channel.

Abstract: A processing system periodically configures a beacon code and random nonce to transmit to a beacon device at a location. Multiple users enter the location with associated user computing devices. The user computing devices retransmit the beacon code broadcasted by the beacon device to the processing system. A particular user initiates a transaction at a computing device at the location, which transmits to the processing system a request for account data and retransmits the beacon code and a random nonce. The processing system verifies the beacon code and random nonce and transmits, to the computing device at the location, user account identifiers associated with user computing devices that retransmitted the beacon code. The processing system receives a selection of the user identifier from the merchant point of sale device and transmits account information to the computing device at the location.

Abstract: Techniques are disclosed for authenticating a user. One technique includes receiving a passphrase at a server. The technique further includes parsing the passphrase using one or more parsing requests to create one or more parsings. The technique includes storing the one or more parsings on the server. The technique also includes receiving, at the server, a request from a user to authenticate the user. Finally, the technique includes transmitting a first parsing request to authenticate the user.

Abstract: A method includes generating an obfuscation of a notification and transmitting the obfuscation to an end-user device via an unsecure notification infrastructure. The method also includes, in response to a request from the end-user device, transmitting the notification to the end-user device via a secure connection. The request from the end-user device can also be received via the secure connection. The method could also include receiving information associated with an event and storing at least one of the notification and the information in association with the obfuscation, where the notification contains the information. The event could denote an event associated with an industrial process control and automation system. The obfuscation could include a unique identifier associated with the notification or a summary of the notification.

Abstract: Innovations in the construction and use of variable-input-length tweakable ciphers (“VILTCs”). In some cases, a VILTC uses an initialization vector that is protected from exposure outside an encryption/decryption system in order to provide enhanced security with efficient performance. For example, a system for encryption and/or decryption includes two fixed-input-length tweakable block ciphers (“FIL TBCs”) and a VILTC. The first FIL TBC is adapted to produce a fixed-length initialization vector. The VILTC is adapted to produce a variable-length output string using the fixed-length initialization vector as a tweak. The second FIL TBC is adapted to produce a fixed-length output string. In this way, the first FIL TBC and the second FIL TBC protect the fixed-length initialization vector from exposure outside the system. In other cases, a VILTC is used for a reliable and efficient implementation of authenticated encryption/decryption with associated data.

Abstract: A mechanism for consolidating communications between a computer tenant and a web services layer is provided. The mechanism may include a web services layer. The web services layer may be configured to receive communications, via an authentication validation module, from an authentication service. The authentication service may be in communication with the computer tenant and/or the web services layer. The web services layer may be configured to receive authorization data, via an authorization module, from an authorization data store. The web services layer may also receive and transmit logged calls from a log database. The logged calls may store calls from the computer tenant to the web services layer and calls from the web services layer to the authentication server. The computer tenant may initiate communication with the web services layer. Included in the communications may be a token.

Abstract: Certain aspect of the present disclosure relates to a virtual machine (VM) control system, which includes a VM controller. For a plurality of employees, the VM controller registers each employee by assigning an employee ID, and stores registration information in an attendance database. The VM controller also associates one or more VMs to each employee, and stores VM association information between the VMs and the employees in an employee ID database. The VM controller transmits polling inquiries periodically to the attendance database to retrieve employee presence events of the employees. For each employee, the employee presence events include an ingress event and an egress event. When the ingress event is detected and the associated VM is off, the VM controller launches the associated VM. When the egress event is detected and the associated VM is on, the VM controller shuts down the associated VM.

Abstract: A method for managing privacy of information on a shipping label associated with a shipment is provided. The method includes receiving information associated with the shipment, generating at least two decryption keys associated with at least two pieces of information from the information, generating encrypted messages by encrypting the at least two pieces of information based on the at least two decryption keys including a first and second encrypted message encrypted based on a first and second decryption key, respectively, generating a machine-readable code including the encrypted messages, generating a shipping label including machine-readable code, and providing the first and second decryption keys based on a first and second status of the shipment, respectively.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify an application, run the application, log the parameters for each function call of the application, and store the logged parameters in an emulation table. The logged parameters can include a function call, input parameters, and output parameters. The emulation table can be used to simulate execution of an application without having to actually run the application.

Abstract: Provided are methods and systems for detecting a DoS attack when initiating a secure session. A method for detecting a DoS attack may commence with receiving, from a client, a request to initiate a secure session between the client and a server. The method may continue with sending a pre-generated key to the client. The method may further include establishing that the request from the client is suspected of the DoS attack. The establishment may be performed based on further actions associated with the client.

Abstract: Methods, systems and computer readable media for a MiTM proxy that supports client authentication are described.

Abstract: A firewall system determines whether a protocol used by an incoming data packet is a standard protocol compliant with Request For Comment (RFC) standards. In the event the protocol is RFC compliant, the firewall transmits the packet to the recipient according to firewall policies regarding the standard protocol. If the protocol is not that of an RFC standard, the firewall determines whether the protocol matches an RFC-exception protocol in a RFC-exception protocol database. If the protocol does match an RFC-exception, the firewall may transmit the packet to the recipient according to firewall policies regarding the RFC-exception protocol. If it does not match an RFC-exception, the firewall may transmit the packet or protocol to a support system where it may be quarantined until it is approved based on a decision that the protocol is safe and/or widely adopted.

Abstract: A server includes a network communication device, a storage device, and a processing device. The processing device executes computer-readable instructions that, when executed by the processing device, cause the processing device to: receive contextual data from a client computing device via the network communication device, the contextual data indicates a first application view displayed on the client computing device; identify a first application function ID that identifies a first application function corresponding with the first application view; determine a first user intent ID that corresponds with the first application function ID; determine a second user intent ID that transitions from the first user intent ID; identify a second application function ID that corresponds with the second user intent ID; retrieve a card object corresponding with the second application function ID from the storage device; and transmit the card object to the client computing device via the network communication device.

Abstract: A method for the transmission and adaption of data can include the steps of generating generic requirement documents, identifying a plurality of suitable communication patterns on the basis of the generic requirement documents, determining currently available transport options and their service quality across at least one communication network, and selecting a communication pattern from a plurality of suitable communication patterns based on the network transmission qualities of the at least one communication network. The method can utilize a first functional layer and a second functional layer that are integrated between a software application layer and a network access layer that each receive input documents that are independent of each other. The input documents of the second functional layer can contain transport-related information while the input documents of the first functional layer can contain application-related information.

Abstract: A mobile device security system can include circuitry configured to receive first user-interaction information associated with the mobile device. The first user-interaction information can be indicative of first sensed interactions of a user with the mobile device during a first period of time. The system can also include circuitry configured to receive second user-interaction information associated with the mobile device. The second user-interaction information can be indicative of second sensed interactions of a user with the mobile device during a second period of time that is subsequent to the first period of time. The system can also include circuitry configured to compare the first and second user-interaction information. The system can also include circuitry configured to report anomaly information to a security service of the mobile device and/or a remote system, where a difference between the first and second user-interaction information exceeds a threshold.

Abstract: A method for redacting an electronic document (ED) having a file format, including: obtaining a request to redact a sensitive data item in the ED; identifying a first instance and a second instance of the sensitive data item in a markup of the ED, where the second instance of the sensitive data item is not visible in a rendered version of the ED; and generating a redacted ED having the file format by: replacing the first instance of the sensitive data item and the second instance of the sensitive data item with a neutral data item, and inserting, into the markup, an encrypted version of the sensitive data item at a first location.

Abstract: Apparatus has at least one processor and at least one memory having computer-readable code stored therein which when executed controls the at least one processor: to respond to receiving a proxy connection initiation request message from a source, the proxy connection initiation request message being a request to provide a proxy and including an address of a target and an address of the source, by causing sending of an advertising message addressed to the target; and to respond subsequently to receiving a connection request message from the target by causing sending of a proxy setup request message addressed to the source.

Abstract: The disclosed technology includes techniques for improving data privacy in mobile communications over public cloud services. According to certain implementations, a novel conceptual layer may be interposed between the “application” layer and the “user” layer. In some implementations, the conceptual layer may be at least partially embodied by a transparent window or pane overlaid on top of existing app graphical user interfaces to: (1) intercept plaintext user input before transforming the input and feeding it to an underlying app; and (2) reverse transform output data from the app before displaying the plaintext data to the user. Accordingly, the conceptual layer may serve as a protective layer while preserving the original application workflow and look-and-feel.