A server to provide single sign on services. The server includes a processor and a memory storing an attempt table. The server, in response to receiving a first password for a user account, forwards the first password to an authentication device. The server determines that the first password is not valid for the user account. The server stores the first password in association with the user account in the attempt table. In response to receiving a second password for the user account, the server determines whether the second password matches the first password. When the second password does not match the first password, the server forwards the second password to the authentication device.

A system and a method to expedite a response of a risk engine to novel threats by detecting an anomalous amount of outlier requests and making more conservative identity assurance assessments during a time period it takes to identify and properly respond to the novel threat. Here, in detecting the novel threats, the response of the risk engine is temporarily altered until the novel threats have subsided or are no longer novel.

Systems and methods for controlling and tracking computer devices using a secure communication path between a central server and a machine control-file watchdog program. One or more machine control-files can be generated to control, limit and track a computer device using a machine control-file watchdog program. The system sets limits on the computer device to ensure the user operating the computer device stays within a restricted set of usage limitations. The machine control-file watchdog program protects the one or more machine control-files and additionally can report on all activities performed by the computer device to the central server.

A TPM with programmable fuses in an SOC includes an on-die RAM storing a blown-fuse count and a TPM state including a PIN-attempt-failure count and a fuse count, read from off-die NV memory. During initialization, if the blown-fuse count is greater than TPM state fuse count, TPM state PIN-attempt-failure count is incremented, thereby thwarting a replay attack. A PIN is received for access, and if the TPM state PIN-attempt-failure count satisfies a policy, a fuse is blown and the blown-fuse count incremented. If the fuse blow fails, TPM activity is halted. If the fuse blow succeeds and the PIN is correct, the TPM state PIN-attempt-failure count is cleared, but if the PIN is incorrect the TPM state PIN-attempt-failure count is incremented. TPM state fuse count is set equal to the blown-fuse count, and the TPM state is saved to off-die NV memory.

The disclosed technology relates to receiving an executable function from a client device, wherein the executable function is to be executed on a function as a service (FaaS) platform. Upon performing a verification and validation process on the received executable function prior to runtime, it is determined when to execute the received executable function based on based on one or more execution initiation techniques upon performing. The verified and validated executable function is executed at the runtime on the FaaS platform based on the determination.

A method of authenticating the legitimacy of a request for a resource from a resource provider by a user, including providing an authentication process in which a resource provider message is received and de-assembled, the integrity of the user request message is confirmed, a result indicator as to the legitimacy of the resource provider message is created by performing two or more authenticity checks, and an authentication result is sent.

An API gateway designed to process a high volume of API requests for data and services where relatively large payloads are returned to the requester. The API gateway includes an “on-line” component that, for each API request, examines information in the request to increment an API usage count by API ID and product key. The usage information is periodically pushed to an outbound message queue, where it is later populated in a database. An “off-line” component determines if a customer has exceeded its predetermined quota based on the information in the database. This determination is pushed to another message queue that is periodically read by the on-line component to update the in-memory API ID, product key and API validity flag values. As such the on-line component is able to service a high volume of API requests for data with a low latency.

A collection of techniques allow for the detection of covert malware that attempts to hide its existence on a system by leveraging both trusted hardware event counters and the particular memory addresses (as well as the sequences of such addresses) of the instructions that are generating the suspected malicious activity. By monitoring the address distribution's specific patterns over time, one can build a behavioral model (i.e., “fingerprint”) of a particular process—and later attempt to match suspected malicious processes to the stored behavioral models. Whenever the actual measured behavior of a suspected malicious process fails to match said stored behavioral models, the system or system administrator may attempt to perform rehabilitative actions on the computer system to locate and remove the malware hiding on the system.

Systems and methods are provided for determining an access request provided by an application that seeks to interact with one or more backend systems through a computing system. One or more predefined restrictions can be enforced on the application, the computing system, or the one or more backend systems.

A network device that avoids useless processing for registering an event which cannot be transmitted. An image forming apparatus as a network device has a personal firewall function, and registers an event concerning a network service. Upon receipt of an event registration request, it is determined whether or not a transmission destination specified by the received event registration request corresponds to a transmission restriction target of the personal firewall, and when it is determined that the transmission destination corresponds to the transmission restriction target, an event based on the registration request is not registered.