Techniques for computer security, and more specifically timestamp-based key generation techniques, are described. Some implementations provide a table of key generation processes that is shared as a secret between a first computing system and a second computing system, both of which have synchronized clocks. Both computing systems use the same technique for selecting a key generation process from the table, such as based on a random number generator seeded with a timestamp. Since the computing systems have synchronized clocks, they both select and use the same key generation process, thereby generating the same encryption key without the need to communicate the key from one system to another. Furthermore, both computing systems may synchronize their clocks to a private time server that maintains a clock that runs faster or slower than standard time. Security is maintained by one or more of restricting access to the time server, using secret key generation processes, and/or using a secret random number generator.

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is big data driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

A system for tracking electronic communications of a subscriber includes a gateway configured to track a communication between a mobile device and a subscriber mobile device that has a subscriber software module associated with a subscriber business number. The gateway is configured to send the communication to an Enterprise Information Archiving system. The gateway also is configured to: (i) if the communication is sent from the subscriber software module intended for the mobile device, send the communication to the mobile device via at least one of an SMS, MMS, and voice communication capability of the mobile device; and (ii) if the communication is sent from the mobile device to the subscriber business number via at least one of an SMS, MMS, and voice communication capability of the mobile device, send the communication to the subscriber software module associated with the subscriber business number.

The present invention relates to a method to create, by a service provider, a trusted pool of security devices adapted to perform cryptographic operations in a secure service, comprising the steps of: for a service provider, setting up a secure service by allocating a first device in the service, setting the first security device's clock to a reliable time source, creating an internal secure-service-object defining at least a service clock-instance and service-specific cryptographic keys and certificates used to protect communication between a resource owner's security application and a security device part of the secure service, said secure-service-object being maintained by the security device internally preventing any service provider from arbitrarily changing it, when additional security devices are required, for the service provider, adding additional security devices to the service through ensuring the two security devices' clocks are synchronized by setting the target security device's clock to an accurate time value and defining, in the secure-service-object, a max-delta-time and a max-daily-correction per day values limiting the drift between two devices of the pool.

Systems and techniques for providing login from an alternate electronic device are presented. A system can receive hash data associated with first fingerprint data and a timestamp from a first electronic device in response to a determination that the first electronic device satisfies a defined criterion associated with a terminal computing request. The system can also form a correlation between the first electronic device and a second electronic device within a geographic area associated with the first electronic device based on the timestamp, first location data associated with the first electronic device, and second location data associated with the second electronic device. Furthermore, the system can initiate display of a graphical user interface on the second electronic device in response to a determination that second fingerprint data provided to the second electronic device within a timeframe associated with the timestamp matches the first fingerprint data associated with the hash data.

Techniques and mechanisms are disclosed for configuring actions to be performed by a network security application in response to the detection of potential security incidents, and for causing a network security application to report on the performance of those actions. For example, users may use such a network security application to configure one or more modular alerts. As used herein, a modular alert generally represents a component of a network security application which enables users to specify security modular alert actions to be performed in response to the detection of defined triggering conditions, and which further enables tracking information related to the performance of modular alert actions and reporting on the performance of those actions.

A combination of target images and control images are presented to a user device for selection by the user. Based on a correct selection of images that the user either recognizes or does not recognize, the user may be authenticated. Target images have some connection to a legitimate user in a way that a legitimate user may recognize the target image. Control images have no known connection to the legitimate user, such that they would not typically be recognized by the legitimate user. The legitimacy of a user may be determined based on images selected and/or not selected, depending on accompanying instructions for selection.

A system for generating user session objects is disclosed. The system intercepts web traffic data and extracts dynamic content items from the web traffic data such that the dynamic content items are separated from static content items. The system further groups the dynamic content items based on their associated user session IDs. The system then links together the dynamic content items of a group in sequence to generate a user session object, wherein the dynamic content items include one or more static content reference IDs associated with the static content items.

An encrypted control system, an encrypted control method, and an encrypted control program make it possible to further reduce a risk of a cipher key leaking. An input device, a plant-side control device, and a controller are respectively equipped with pseudorandom number calculation units having a common function, are time synchronized, and start a synchronized operation at the same time. Since the encrypted control system is configured in such a manner, it becomes possible to switch a pair of a public key and a private key in synchronization with a control cycle of the entire control system. Consequently, it becomes possible to instantaneously and definitely detect intervention in the control system by a malicious third party.

Secure reception of a certificate revocation list (CRL) is determined. In some embodiments, a device initiates a CRL update by sending a message with a timestamp to an embedded universal integrated circuit card (eUICC). The eUICC generates a session identifier, nonce, or random number and builds a payload including an internal time value based on a server time, and an internal time value based on a past message received from the device. The eUICC cryptographically signs over the payload and sends it to the device. The device obtains a CRL from a host server, checks the CRL, and, if the CRL passes the device check, sends it to the eUICC along with a second device timestamp and the nonce. The eUICC then performs checks based on the timestamps, the nonce, the CRL and the internal time values to determine whether the CRL has been securely received.