A method for selecting a substantially optimized scheduler from a plurality of schedulers for executing dispersed storage error functions on a distributed storage network begins with a computing device receiving a dispersed storage error functions along with an indication of measured throughput and measured latency from a requesting device. The method resumes when a scheduler is selected from the plurality of schedulers based on desired latency and throughput, while considering the characteristics of the dispersed error function being executed. The method continues with the computing device receiving a different dispersed error function and selecting a different scheduler.

A portable computing device with methodologies for client-side analytic data collection are described. In one embodiment, for example, a method performed by a portable computing device having non-volatile memory includes the steps of obtaining event information reflecting runtime behavior of an application executing on the portable computing device; cryptographically encrypting the event information; storing the encrypted event information in the non-volatile memory; decrypting the encrypted event information; and sending the decrypted event information to a server over a data network, the decrypted event information encapsulated in a cryptographically secured network data stream when sent over the data network to the server.

A client supported by remote maintenance in an electronic network configured to serve a plurality of clients may comprise a plurality of nodes, a first virtual machine (VM), a second virtual machine, and a virtual machine manager (VMM). The first VM may handle data associated with an external data center. The second VM may be associated with one of the plurality of nodes. The VMM may be configured to manage data transfer between the first VM and the second VM. The first VM may be configured to assess a state of the client system and identify a software update for installation on the one of the plurality of nodes. The software update may be configured to maintain identity between the data in the one of the plurality of nodes and the data center. The VMM may manage an attestation process prior to delivering or installing the software update on the client system using the first VM.

A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.

The claimed subject matter includes techniques for detecting anomalous accounts. An example method includes receiving, via a processor, a list of monitored machines and event logs including logons for the list of monitored machines for a predetermined window of time. The example method also includes generating, via the processor, a baseline based on the event logs for the predetermined window of time. The example method also includes collecting, via the processor, daily logon events after the predetermined time and comparing the daily logon events to the baseline. The method further includes detecting, via the processor, an anomalous account based on a difference of logon events of the anomalous account from the baseline. The method also includes displaying, via the processor, the detected anomalous account.

The present disclosure provides various embodiments of systems and methods to securely authenticate a user. More specifically, the present disclosure provides embodiments of multi-factor authentication methods that improve both security and user convenience by using trusted secondary devices or peripherals (hereinafter “trusted devices”) to provide additional authentication factor(s) for verifying user presence/identity after an initial authentication factor has been used to verify user presence/identity. Unlike conventional multi-factor authentication methods, the additional authentication factor(s) provided by the trusted devices do not require user input or intervention.

The invention relates to a method of binding a digital representation of an actual event with the real time of the occurrence of the actual event. The method comprises acquiring a source event data S-ED of an actual source event SE, and sending a representation of the source data ED to an immutable database (203) for storing and real-time timestamping, calculating a hash code HC using hash functions having on the input at least: a data describing state of the immutable database (203), the source data S-D and the timestamp of the source data S-D, converting the hash code HC to a representation of a hash code HC and storing the method used to perform the conversion, presenting a representation of the hash code HC in real time so to incorporate said representation into the realm of the source event SE, in order to create a confirmation event CE, the confirmation event CE being a source event SE with physically present representation of the hash code HC and acquiring a confirmation event data C-ED of the confirmation event CE and sending a representation of the confirmation data C-D to the immutable database (203) for storing and instant timestamping.

A user controlled mobile device for use in countering phantom billing fraud in connection with receiving health care services includes one or more components capturing and outputting biometric data and location data, a processor configured to determine a confidence score, and a data storage device holding an event record created without explicit user intervention indicating whether the particular user was at the particular location, the event record including the confidence score, a timestamp corresponding to events at or near a time of the timestamp including a time of capture of the biometric and location data, the biometric data and location data, where the stored event record serves as the personal audit trail evidencing an existence or absence of phantom billing.

A technique includes determining, by a computer, entries of a software vulnerability database that is associated with a plurality of components associated with a release of a software product. The technique includes determining, by the computer, a block of a blockchain representing a vulnerability state of the plurality of components; and associating, by the computer, the block of the blockchain with the product release.

An apparatus and method for device security, wherein a fingerprint image is acquired on a touchscreen, and an authentication process is performed based on the first fingerprint image. Thereafter, a second fingerprint image is acquired and a difference between a characteristic of the first and second fingerprint images is determined, and based upon whether this difference is greater than a threshold, a second authentication process is performed.