The threat of malicious parties exposing users' credentials from one system and applying the exposed credentials to a different system to gain unauthorized access is addressed in the present disclosure by systems and methods to preemptively and reactively mitigate the risk of users reusing passwords between systems. A security device passively monitors traffic comprising authorization requests within a network to reactively identify an ongoing attack based on its use of exposed credentials in the authorization request and identifies accounts that are vulnerable to attacks using exposed credentials by actively attempting to log into those accounts with exposed passwords from other networks. The systems and methods reduce the number of false positives associated with attack identification and strengthens the network against potential attacks, thus improving the network's security and reducing the amount of resources needed to securely manage the network.

A system for monitoring actual access to data elements in an enterprise computer network and providing associated data, the system including an at least near real time data element audit subsystem providing audit output data including at least one of a time stamp, identification of an accessor, user depository stored data regarding the accessor, accessed data element data, affected data element data, type of access operation, source IP address of access and access outcome data, in at least near real time, relating to actual access to data elements in the enterprise computer network, and an additional data providing subsystem receiving in at least near real time at least a part of the audit output data and utilizing the at least part of the audit output data for providing additional data which is not part of the audit output data.

An apparatus is disclosed. The apparatus may comprise a storage medium to store: a first data structure to receive a first plurality of numerical identifiers, each numerical identifier of the first plurality of numerical identifiers corresponding to a respective signal received during a first defined time interval; and a second data structure to receive a second plurality of numerical identifiers, each numerical identifier of the second plurality of numerical identifiers corresponding to a respective signal received during a second defined time interval, wherein the first defined time interval is earlier in time than the second defined time interval. The apparatus may comprise a processor. Upon expiry of a defined time period, the processor is to: delete the first data structure; and provide a third data structure to receive a third plurality of numerical identifiers, each numerical identifier of the third plurality of numerical identifiers corresponding to a respective signal received during a third defined time interval occurring after the second defined time interval. A method and a machine-readable medium are also disclosed.

An indication is received to export a file from a host having an authentication device. A memory buffer is allocated for a signature region, a header region, and a content region. A location stamp and a time stamp are calculated for content of the file. The location and time stamps are copied to the header region. An authentication signature is generated using a private key associated with the authentication device. The authentication signature is based on the header and content regions, which include the copied location stamp and timestamp, and content of the file. The authentication signature is copied to the signature region. The memory buffer is written to a new file, the new file being a signed version of the file and including the signature region having the authentication signature, the header region having the location and time stamps, and the content region having the content of the file.

When a system receives sensitive data, it can request an encryption key from an encryption/decryption unit. A central processing unit (CPU) of the system can encrypt the sensitive data using the encryption key before writing the sensitive data to memory. Thus, the sensitive data is encrypted when written to memory.

Provided are methods, systems and computer program products for providing remote document execution. Such methods, systems and computer program products may include storing an electronic document as a secure electronic file, identifying a signature space in the electronic document, the signature space, after being executed, includes a signature of a signing party of the electronic document, receiving the signature of the signing party into the electronic document stored as the secure electronic file and responsive to receiving the signature of the signing party, converting the electronic document into a read only electronic document.

A system for monitoring actual access to data elements in an enterprise computer network and providing associated data, the system including an at least near real time data element audit subsystem providing audit output data including at least one of a time stamp, identification of an accessor, user depository stored data regarding the accessor, accessed data element data, affected data element data, type of access operation, source IP address of access and access outcome data, in at least near real time, relating to actual access to data elements in the enterprise computer network, and an additional data providing subsystem receiving in at least near real time at least a part of the audit output data and utilizing the at least part of the audit output data for providing additional data which is not part of the audit output data.

A method executed at a M2M server, capable of interacting with a remotely located M2M client, is suggested. The method comprise: acquiring resources and/or parameters for provisioning a policy applicable for the M2M client; initiating formulation of the policy by arranging policy dependent mutually associated objects based on said resources and/or parameters, such that a M2M client on which the policy has been provisioned is capable of making decisions on the basis of said policy without having to communicate with any external device, and, initiating provisioning of the policy by provisioning said objects on the M2M client.

A verifiable, redactable log, which, in some embodiments, may contain multiple hash values per entry in order to sever confidentiality of a log from verifiability. Logs may be verified using recalculation of hashes and verification of trusted digital signatures. In some embodiments, the log may be divided into segments, each signed by a time server or self-signed using a system of ephemeral keys. In some embodiments, log messages regarding specific objects or events may be nested within the log to prevent reporting omission. The logging system may receive events or messages to enter into the log.

A method for authenticating a user by a verifier device. The method includes: receiving a password entered by a user and a first piece of context information entered by the user; calculating a current fingerprint, by applying a one-way function to the password and to the first piece of context information; and verifying that the current calculated fingerprint is equal to a reference fingerprint of a secret, calculated during a preceding authentication of the user, the authentication being successful when the current fingerprint is equal to the reference fingerprint.