A computer system for creating pre-authenticated, functional URLs within SMS messages is disclosed. The computer system includes a computer having non-transitory memory for storing machine instructions that are to be executed by the computer. The machine instructions when executed by the computer implement the following functions: receiving a login ID and passcode of an alarm management system user; receiving a specific function to be utilized by the alarm management system user; generating a URL that embeds the login ID, passcode and specific function to create a pre-authenticated, functional URL; combining a text message string with the pre-authenticated, functional URL to create an SMS message; and transmitting the SMS message.

Embodiments of the present application disclose a forwarding method, a forwarding apparatus, and a forwarder for authentication information in the Internet of Things. The method is applied to a constrained node and includes: receiving authentication information; determining whether the authentication information is received for the first time; and if the authentication information is received not for the first time, forwarding the authentication information; or if the authentication information is received for the first time, determining whether the authentication information is valid authentication information, and if the authentication information is not valid authentication information, discarding the authentication information, or if the authentication information is valid authentication information, verifying the valid authentication information, and forwarding the valid authentication information after the verification succeeds. The embodiments of the present application can reduce resources of the constrained node, and improve performance of the Internet of Things.

A physical access control system enables acceptable portal entry codes upon receiving each physical access request by operating on the elapsed time from a previous physical access request to generate a temporal credential. The controller receives a plurality of physical access requests from a plurality of mobile application devices. Upon authenticating the first access request, the controller eliminates repetition from the space of acceptable successor requests from each mobile application device. Monotonic nonces advance the range of temporal code matches. Entry code generation is decentralized to distributed application devices and is inherently unknowable until a successor access request is initiated by the same application device.

Secure reception of a certificate revocation list (CRL) is determined. In some embodiments, a device initiates a CRL update by sending a message with a timestamp to an embedded universal integrated circuit card (eUICC). The eUICC generates a session identifier, nonce, or random number and builds a payload including an internal time value based on a server time, and an internal time value based on a past message received from the device. The eUICC cryptographically signs over the payload and sends it to the device. The device obtains a CRL from a host server, checks the CRL, and, if the CRL passes the device check, sends it to the eUICC along with a second device timestamp and the nonce. The eUICC then performs checks based on the timestamps, the nonce, the CRL and the internal time values to determine whether the CRL has been securely received.

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

User authentication techniques based on geographical locations associated with a client device is provided. A network connection can be established between two or more host machines and a client device. Upon a request received from the client device by one of these host machines, round trip times of test messages may be measured between the client device and each of the host machines. The round trip times can be utilized to determine the current geographical location of the client device. If the location is within a tolerance geographical area, the client device may be authenticated. Otherwise, the authentication may fail or additional security procedures may be implemented. In some examples, a travel time from a historical geographical location to current geographical location can be determined. This data may be also utilized in the user authentication process.

An anomaly-based intrusion detection system is presented for use in vehicle networks. The intrusion detection system measures and exploits the intervals of periodic in-vehicle messages for fingerprinting electronic control units. Fingerprints are then used for constructing a baseline of clock behaviors, for example with a Recursive Least Squares algorithm. Based on the baseline, the intrusion detection system uses cumulative sum to detect any abnormal shifts in the identification errors—a clear sign of an intrusion. This approach allows quick identification of in-vehicle network intrusions with low false positive rates.

An analytics containment system store RSSI values of connected stations and corresponding time stamps. If two or more stations have RSSI values within a certain proximity within a certain time period, a first condition for identifying analytics poisoning has been satisfied. Additionally, if RSSI values for the two or more stations changes at similar rate, the stations have satisfied a second optional condition.

A method includes displaying on a graphic user interface (GUI) of a computing device of a user, a log of computing operations performed by the user at computing terminals of entity servers respectively managed by entities. The user uses a unique authorization identifier provided by the authorizing entity to authorize the computing operations at the computing terminals of the entity servers. The user provides a fraud indication through the GUI that at least one computing operation in the log is fraudulent. Memory jogging visual units are displayed on the GUI to the user that cause the user to recall performing the at least one computing operation identified as being fraudulent. An entry of the at least one computing operation in an operation database is marked as a valid operation authorized by the user when receiving a recognition indication and potentially fraudulent when no recognition indication by the user.

A method for tracking machines on a network of computers includes determining one or more assertions to be monitored by a first web site which is coupled to a network of computers. The method monitors traffic flowing to the web site through the network of computers and identifies the one or more assertions from the traffic coupled to the network of computers to determine a malicious host coupled to the network of computers. The method includes associating a first IP address and first hardware finger print to the assertions of the malicious host and storing information associated with the malicious host in one or more memories of a database. The method also includes identifying an unknown host from a second web site, determining a second IP address and second hardware finger print with the unknown host, and determining if the unknown host is the malicious host.