A method, system, and computer program product for providing protected remote access from a remote access client to a remote access server over a computer network through a plurality of inspections. A remote access configuration file is created for the remote access client. A digital hash of the configuration file is then generated. The digital hash is compared with a configuration file stored at a predefined web location. If the comparison results in a match between the digital hash and the stored configuration file, a digital hash comparison is performed between an encrypted remote access configuration file and an encrypted configuration file stored at the predefined web location. If the plurality of inspections are passed, the remote access client is released from a quarantine state and a virtual private network (VPN) connection to the remote access server is established.

An authentication method performed by an authentication server (ACS). The method includes receiving from an access server (SW) giving access to a service (S), an authentication request including transaction data (DT) associated with an IC card; determining whether a security code included in the transaction data is of the DCVV type; and if so, detecting that no 3D secure (3DS) authentication is to be performed and co-operating with a verification server (SV) in order to verify the validity of the DCVV security code.

In an example, there is a disclosed a computing apparatus, including: a psychological state data interface to receive psychological state data; one or more logic elements, including at least one hardware element, including a verification engine to: receive a requested user action; receive a psychological state input via the psychological state data interface; analyze the psychological state input; and bar the requested user action at least partly responsive to the analyzing.

Disclosed is a method and apparatus for authentication of a first wireless device by a vehicle. The method may include generating a wireless message that comprises an identifier of the vehicle, wherein the wireless message is encrypted with an encryption key of the vehicle. The method may also include receiving a wireless message response that comprise the identifier of the vehicle and an identifier of the first wireless device, wherein the wireless message response from to the first wireless device is encrypted with the encryption key of the vehicle. Furthermore, the method may include decrypting the wireless message response from the first wireless device and performing an authentication process to authenticate the first wireless device to the vehicle when the identifier of the first wireless device in the wireless message response matches an identifier of a wireless device enrolled with the vehicle.

Access control is provided for peer-to-peer communication between a source peripheral device and a destination peripheral device without going through a host device. The access control mechanism can allow or block a request for a transaction to go out via a port of the source peripheral device to the destination peripheral device by comparing an attribute associated with the transaction with a filter attribute stored in memory. Embodiments of the disclosed technologies can allow programming of different filter attributes for different tenants in a multi-tenant environment.

Disclosed herein are techniques for maintaining a secure environment on a server. In one embodiment, the server includes a baseboard management controller (BMC), a first Ethernet port coupled with an adapter device network comprising a plurality of adapter devices, and a master adapter device including a second Ethernet port and a network switch, the network switch being controllable to be selectively coupled with at least one of the BMC, the first Ethernet port, or the second Ethernet port. The master adapter device may receive a network packet from at least one of: the first Ethernet port, the second Ethernet port, or the BMC, and determine, based on a forwarding policy, whether to forward the network packet. Based on a determination to forward the network packet, the master adapter device may determine a destination, and control the network switch to transmit the network packet to the destination.

An n-tiering security threat inference and correlation apparatus (100) for monitoring and anticipating cyber attacks is disclosed. The apparatus comprises a plurality of groups of inference-correlation systems (106(a, b)-114(a, b)), each group arranged with at least one inference system and at least one associated correlation system configured to monitor at least one network; and an input/output (I/O) system (102) configured to receive security events, and broadcast the received security events to the plurality of groups of inference-correlation systems; wherein the respective groups of inference-correlation systems are configured to process only the broadcasted security events relevant to the respective networks to identify the cyber attacks. A method of operating the apparatus is also disclosed.

Provided are mechanisms and processes for computational risk analysis and intermediation. Security practices information characterizing security measures in place at a first computing system may be received from the first computing system via a network. Computing services interaction information characterizing data transmitted from a second computing system to the first computing system may be received from the second computing system via the network. A processor may determine a risk profile for the first computing system based on the security practices information. Based on the risk profile and the computing services interaction information, the processor may then determine an estimate of the information security risk associated with transmitting the data from the second computing system to the first computing system. A risk assessment message including the estimate of the information security risk may be transmitted to the second computing system.

Technologies for untrusted code execution include a computing device having a processor with sandbox support. The computing device executes code included in a native domain in a non-privileged, native processor mode. The computing device may invoke a sandbox jump processor instruction during execution of the code in the native domain to enter a sandbox domain. The computing device executes code in the sandbox domain in a non-privileged, sandbox processor mode in response to invoking the sandbox jump instruction. While executing in the sandbox processor mode, the processor denies access to memory outside of the sandbox domain and may deny execution of one or more prohibited instructions. From the sandbox domain, the computing device may execute a sandbox exit instruction to exit the sandbox domain and resume execution in the native domain. The computing device may execute processor instructions to configure the sandbox domain. Other embodiments are described and claimed.

The communication system includes a communication buffer and a communication terminal. The communication buffer includes a physical unclonable function (PUF) device, and the communication buffer provides a security key generated by the PUF device. The communication terminal is coupled to the communication buffer, and transmits a mapping request to the communication buffer to ask for the security key. The communication terminal manipulates the transmission data with the security key to generate the encrypted data, and transmits the encrypted data to the communication buffer. The communication buffer further restores the transmission data from the encrypted data according to the security key.