A process for authenticating a communication device may include receiving a request from a communication device to synchronize time with a server, and providing an authorization network time to the communication device. An authentication request including an access credential having a timestamp generated by the communication device may be received by the server. A determination can be made as to whether the communication device had successfully executed a predetermined shutdown sequence by determining whether the access credential has reliable timestamp information. The communication device can be authenticated when the timestamp has a non-reset value indicating that the communication device had successfully executed the predetermined shutdown sequence, and that the access credential has not expired. Step-up authentication for the communication device can be requested when the access credential has unreliable timestamp information indicating that the communication device did not successfully execute the predetermined shutdown sequence.

In an embodiment, a submission history table is maintained by tracking an identification of each user making a submission of a confidential data value and a timestamp of when the corresponding submission was made. A first confidential data value submission is received from a user having a first identification. Member usage information for the user having the first identification, are retrieved based on the first identification. The submission history table is referenced to determine a length of time since the user having the first identification last made a submission of confidential data. It is determined that the user having the first identification is not permitted to submit confidential information based on the member usage information and the length of time since the user having the first identification last made a submission of confidential data. In response to the determining, the first confidential data value is discarded.

The present disclosure describes a method, system, and non-transitory computer readable medium that includes instructions that permit users of different secure communication networks to exchange secure communications. A secure communication platform includes a user database that allows users from different secure communication networks to access keys for recipients outside of their network. Additionally, the secure communication platform provides a high degree of trust regarding the sender's identity, allowing the receiving network to trust the sender.

A method for enabling access by a first network subscriber to a second network subscriber in a network includes receiving a communication request from the first network subscriber and determining whether the second network subscriber has carried out an authentication of the first network subscriber during a first phase. The second network subscriber allows communication with the first network subscriber when the second network subscriber has carried out authentication of the first network subscriber during the first phase. The second network subscriber receives an access request from the first network subscriber and determines a level of trustworthiness of the first network subscriber. The second network subscriber enables access of the first network subscriber based on the determination of the level of trustworthiness of the first network subscriber.

In some examples, a system balances a number of positive data points and a number of negative data points, to produce a balanced training data set, where the positive data points comprise features associated with authentication events that are positive with respect to an unauthorized classification, and the negative data points comprise features associated with authentication events that are negative with respect to the unauthorized classification. The system trains a plurality of models using the balanced training data set, wherein the plurality of models are trained according to respective different machine learning techniques. The system selects a model from the trained plurality of models based on relative performance of the plurality of models.

Access control within a network is established by combining multiple factors to prevent unauthorized access to a computer and/or network target system. The factors which may be combined are selected from a combination of three main factors confirmation that the accessing device which is attempting access is by an authorized user; the access request is made by a device that corresponds to an authorized degree of importance; and the accessing device is connected from a network that corresponds to the authorized degree of importance.

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is big data driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

An analytics containment system store RSSI values of connected stations and corresponding time stamps. If two or more stations have RSSI values within a certain proximity within a certain time period, a first condition for identifying analytics poisoning has been satisfied. Additionally, if RSSI values for the two or more stations changes at similar rate, the stations have satisfied a second optional condition.

The present disclosure is directed to systems and methods for providing protection against replay attacks on memory, by refreshing or updating encryption keys. The disclosed replay protected computing system may employ encryption refresh of memory so that unauthorized copies of data are usable for a limited amount of time (e.g., 500 milliseconds or less). The replay protected computing system initially encrypts protected data prior to storage in memory. After a predetermined time or after a number of memory accesses have occurred, the replay protected computing system decrypts the data with the existing key and re-encrypts data with a new key. Unauthorized copies of data (such as those made by an adversary system/program) are not refreshed with subsequent new keys. When an adversary program attempts to use the unauthorized copies of data, the unauthorized copies of data are decrypted with the incorrect keys, which renders the decrypted data unintelligible.

A system may include a client device to connect to a network and a network device communicatively coupled to the client device. The network device may determine that the client device has been authenticated to the network via a captive portal page. The network device may further create a ticket corresponding to the client device. Possession of the ticket by the client device may indicate authentication of the client device to the network. The network device may then transmit the ticket to the client device for storage on the client device. The stored ticket may enable the client device to remain authenticated to the network after a period of inactivity.