In an example implementation, a print supply cartridge comprises a microcontroller to receive a timing challenge and enable authentication of the cartridge by providing a challenge response. The challenge response is provided in a challenge response time that falls within an expected time window.

A surveillance system connectable to a network, comprising a communication module and a management module; said system being configured to, during an initialization phase: a. intercept a first message being sent to a first device; b. intercept a second message said second message being a response from the first device to the first message; c. calculate a time interval between the interception of the first message and the second message; d. repeat the steps a. to c. to determine further time intervals; e. determine a distribution of said time intervals; f. store the distribution and during a surveillance phase, intercept a third message said message being sent to the first device; intercept a fourth message said fourth message being a response to the third message; calculate a new time interval between the interception of the third and fourth messages; and verify that the new time interval is within the distribution.

Identifying malicious network traffic based on distributed, collaborative sampling includes, at a computing device having connectivity to a network, obtaining a first set of data flows, based on sampling criteria, that represents network traffic between one or more nodes in the network and one or more domains outside of the network, each data flow in the first set of data flows including a plurality of data packets. The first set of data flows is forwarded for correlation with a plurality of other sets of data flows from other networks to generate global intelligence data. Adjusted sampling criteria is generated based on the global intelligence data and a second set of data flows is obtained based on the adjusted sampling criteria.

Aspects of the present disclosure relate to systems and methods for exchanging keys within a peer-to-peer network. Exchanging keys within a peer-to-peer network may include generating one or more keys for encrypting and decrypting content that is communicated between one or more client computing devices of a network. The one or more keys may be transmitted over the peer-to-peer network between the one or more client computing devices. A security measure value for each key that has been transmitted may be generated and/or updated based on at least one condition associated with transmitting the one or more keys over the peer-to-peer network. Content may be encrypted and decrypted using one of the one or more keys based on a desired security measure value of the key. All copies of the key used to encrypt and decrypt the content may be deleted such that the content is unrecoverable.

In an example embodiment, a submission of confidential data is received from a user. A first service is queried using an identification of the user to obtain a member profile corresponding to the user in a social networking service. One or more primary attribute values are identified from the member profile. The one of the primary attribute values are used to query a second service to obtain a derived attribute value corresponding to the one or more primary attribute values. The confidential data, one or more of the primary attribute values, and the derived attribute value are stored in a first submission table in a confidential information database. Then the one or more of the primary attribute values and the derived attribute value are used to classify the user into one or more slices.

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is big data driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

User authentication techniques based on geographical locations associated with a client device are provided. An example method for authentication of the client device includes receiving an authentication request from the client device. The method may include establishing current geographical location of the client device. The method may further include establishing a trusted tolerance geographical area associated with the client device. After establishing the trusted tolerance geographical area, the method may proceed with determining whether the current geographical location of the client device is within the trusted tolerance geographical area. The method may further include authenticating the client device based on the determination that the current geographical location of the client device is within the trusted tolerance geographical area.

Systems, methods, and other embodiments are disclosed for data-driven user authentication misuse detection. In one embodiment, for a user authentication attempt to access a secure computer resource, user authentication log data having user attribute values is collected. The user authentication log data is transformed into a tracer data structure. The tracer data structure is augmented with timestamp data to generate an event data structure. It is determined whether the tracer data structure matches an existing tracer data structure stored in a rules database and, if not, a novelty flag is set to generate a new user behavior model filter. If the tracer data structure matches the existing tracer data structure: an existing user behavior model filter is applied, issuance of an alarm message or signal is controlled, and the existing user behavior model filter is updated based, at least in part, on the event data structure.

Provided is a process that includes: receiving, with a first device, a request to authenticate a user; obtaining, with the first device, an unstructured-data authentication input; extracting, with the first computing device, a plurality of features of the unstructured-data authentication input to form a structured-data representation; determining, with the first device, a first instance of a value that deterministically varies; and determining, with the first device, a first encrypted value based on both the structured-data representation and the first instance of the value that deterministically varies; and sending, with the first device, the first encrypted value to a second computing device.

Disclosed are systems and methods for cloud detection, investigation and elimination of targeted attacks. In one exemplary aspect, the system comprises a computer protection module configured to: gather information on an object in a computer in a network; and save a security notification with the object in an object database in the network; and a module for protection against targeted attacks configured to: search for the object in a threat database in the network; add one or more tags to the object when the object is found in the threat database and adding a correspondence between a record in the object database and the threat database; and determine that a computer attack has occurred when the one or more tags correspond to signatures in a database of computer attacks.