A method and an apparatus for improving network security are provided. The method includes obtaining, by a control node, alarm information, where the alarm information includes address information of an attack source that attacks a subnet of at least two subnets and identification information of the attacked subnet of the at least two subnets, using, by the control node, the alarm information to sort the attack sources in descending order of threat levels, and using a sorting result as a blacklist, and sending, by the control node, the obtained blacklist to at least one subnet that is not attacked yet in the network system. The method and apparatus are applicable to collaborative defense among multiple subnets.

In an example, a system and method are provided for validating the sender of a message, such as an e-mail, text message, voice mail, network message, internet posting, or other electronic message. An authenticity server engine may first prescreen the message with anti-spam, anti-malware, and other filters. The screened message is then provided to the end user. If the end user deems the message suspicious, he may request additional validation. The authenticity server engine may then apply an example four-phase validation scheme, including analyzing header data for consistency with the message body, analyzing public data sources, analyzing private data sources, and receiving a result of an off-channel challenge to the sender. The server may then assign the message a sender validity confidence score.

The method disclosed herein provides for performing device security corrective action based on loss of proximity to another device, such as a key device. While a mobile communication device is locked, a mobile communication device determines whether or not a key device is within a specified distance. If the key device is not within the specified distance from the mobile communication device, a notification may be displayed on the mobile communication device. If a user responds to the notification, the user may prevent or alter the mobile communication device from performing at least one device security corrective action. If, however, the user does not respond to the notification within a specified time period, the at least one device security corrective action is performed on the mobile communication device.

A method to implement multifactor authentication of a user may include performing biometric authentication of a person that bears the wearable electronic device and at least one of: performing knowledge-based authentication of the person or presenting an access control token of the wearable electronic device to an access reader that performs token-based authentication of the person. Performing biometric authentication may include receiving a first biometric signal generated by a wearable electronic device and determining a person-specific biometric characteristic of the person therefrom; comparing the person-specific biometric characteristic to a user-specific biometric characteristic of the user determined from a second biometric signal generated when the wearable electronic device was born by the user; and based on the comparing, determining a confidence level that the person is the user to determine a positive or negative authentication of the person as the user.

A connection management device for establishing secured communications connections to an industrial automation system, wherein the device provides, in cases of a positive authorization verification outcome, access control information for establishing an encrypted communication connection between a first communication unit of a requesting user and a selected second communication unit, where the connection management device is formed by a server instance running on a firewall system, where data packets transmitted via an encrypted communications connection between the first communication unit of the requesting user and the selected second communication unit are encrypted for verification by the firewall system, based on specified security rules and, in cases of a successful verification, the data packets are forwarded encrypted to the first communication unit of the requesting user or to the selected second communication unit.

A specialized apparatus for recording medical transactions designed to protect patient privacy when necessary to record private biometric individual data. The mechanisms and proprietary methods scramble the biometric data within the recording device, unrecoverable when leaving recording device with high assurance, yet an audit copy can forward to outside permanent storage and systems.

A technique for network attack tainting and tracking includes monitoring data packets received from a network for a malicious request. Responsive to detecting a malicious request, a forensic token is created having information pertaining to the malicious request that is configured to be stored by a source of the malicious request and discoverable regarding involvement of the source in the malicious request. The forensic token is injected into a response message, and the response message is then transmitted to the source of the request as a response to the request.

A method for decreasing the risk of unauthorized access to an embedded node in a secure subsystem of a process control system includes receiving a message comprising a message header and a message payload, and determining that the message is an unlock message configured to access one or more protected functions of the embedded node, at least by analyzing a bit sequence of one or more bits in the message header. The method also includes determining whether a manual control mechanism has been placed in a particular state by a human operator, and, based upon those determinations, either causing or not causing the embedded node to enter an unlocked state in which one or more of the protected functions are accessible.

Apparatus and methods of operation of the apparatus that create a virtual machine and enable an Agent within the virtual machine to another Agent via a digital communications network and establish a communication channel for logical communications via the digital communications network. Communications transmitted and received according to the present invention proceed directly from a PeN agent to a second Agent without any storage or recordation of the transaction on an intermediate server. In some embodiments, the digital communications according to the present invention remain essentially imperceptible to network operators.

A method of scanning website vulnerability comprising: reading a vulnerability scan task in a scan task pool; finding a website corresponding to the vulnerability scan task, acquiring access data of the website, and obtaining a popularity coefficient of the website according to the access data; acquiring historical vulnerability scan data and a vulnerability risk level table, and obtaining a security risk coefficient of the vulnerability scan task according to the historical vulnerability scan data and the vulnerability risk level table; acquiring update time data of the vulnerability scan task, and calculating a time coefficient of the vulnerability scan task according to the update time data; inputting the popularity coefficient, the security risk coefficient, and the time coefficient into a preset priority evaluation model for processing, and obtaining an execution priority weight of the vulnerability scan task; and executing vulnerability scan tasks in the scan task pool in descending order according to the execution priority weights.