A system for generating user session objects is disclosed. The system intercepts web traffic data and extracts dynamic content items from the web traffic data such that the dynamic content items are separated from static content items. The system further groups the dynamic content items based on their associated user session IDs. The system then links together the dynamic content items of a group in sequence to generate a user session object, wherein the dynamic content items include one or more static content reference IDs associated with the static content items.

A method for authorizing an electronic device to perform an action includes detecting interaction data from an interaction between a hardware sensor and an identity-augmented tangible object; wherein data of the first set of interaction data is intrinsically dependent on physical characteristics of the identity-augmented tangible device; computing parametric descriptors from the interaction data; transmitting the parametric descriptors and supplementary data to a remote database system; generating, on the remote database system, identity data from a comparison of parametric descriptors with a known set of parametric descriptors; and authorizing, in response to both of the identity data and the supplementary data, the electronic device to perform a first action.

Detecting compromised devices and user accounts within an online service via multi-signal analysis allows for fewer false positives and thus a more accurate allocation of computing resources and human analyst resources. Individual scopes of analysis, related to devices, accounts, or processes are specified and multiple behaviors over a period of time are analyzed to detect persistent (and slow acting) threats as well as brute force (and fast acting) threats. Analysts are alerted to individually affected scopes suspected of being compromised and may address them accordingly.

A process for authenticating a communication device may include receiving an authentication request including an access credential having a timestamp generated by the communication device may be received by the server. A determination can be made as to whether the communication device had successfully executed a predetermined shutdown sequence by determining whether the access credential has reliable timestamp information. The communication device can be authenticated when the timestamp has a non-reset value indicating that the communication device had successfully executed the predetermined shutdown sequence, and that the access credential has not expired. Step-up authentication for the communication device can be requested when the access credential has unreliable timestamp information indicating that the communication device did not successfully execute the predetermined shutdown sequence.

A payment network server for processing an electronic commerce (e-commerce) transaction initiated by a customer is described. The server comprises at least a computer processor and a data storage device, where the data storage device comprises instructions operative by the processor to: (i) receive, from a merchant server, an authentication request, the authentication request comprising at least a payment card identifier associated with a payment card; (ii) generate an authentication code associated with the e-commerce transaction for authenticating the customer; (iii) store, in a payment network database, the authentication code as a stored authentication code; (iv) transmit, the authentication code for transmission to the customer and an indication of the payment card to an issuer server; (v) receive, from the merchant server, a customer entered authentication code which was entered by the customer into a merchant website associated with the merchant server; (vi) determine if the customer entered authentication code matches the stored authentication code; if the customer entered authentication code matches the stored authentication code: (vii) generate an authentication indication; (viii) store, in the payment network database, the authentication indication as a stored authentication indication; and (ix) transmit, to the merchant server, an authentication response comprising the authentication indication.

A method, a device and a computer program product are provided. A networked device determines whether a condition occurred. In response to detecting the condition, the networked device requests information to update a current credential of the networked device. The networked device updates the current credential with the requested information to maintain security of the networked device. The networked device accesses at least one networked service based on the updated credential. The current credential includes either a cryptographic key or a password. When the current credential includes the password, the condition includes a usage rate including one or more from a group of a quantity of reboot commands for the networked device and a quantity of software update commands for the networked device.

Methods and systems for account authentication in a distributed computing node group may involve sending a message to a member, the message having a first timestamp, increasing an authentication failure count, receiving a first key-exchange message from the member, the first key-exchange message having a second timestamp, evaluating the second timestamp, and determining whether to ignore the first key-exchange message based on an evaluation of the second timestamp. The first timestamp may be associated with a message received from the member prior to sending the message with the first timestamp to the member. The first key-exchange message may include a value computed by the member based on a group passcode shared with the member. The evaluation of the second timestamp may be based on at least one of a default value, the authentication failure count, or a timestamp associated with the group passcode.

An encrypted messaging system allows secured communication for the medical industry. The encrypted messaging system may be designed to observe strict confidentiality requirements for various use cases required in the medical industry, such as the confidentiality requirements required by HIPAA. For example, the encrypted messaging system may include features that are specifically designed for interoffice, intraoffice, or patient communications, while maintaining privacy of the information being transmitted within the encrypted messaging system.

A system of secure data packets for transmission over a packet switched network includes an expiring Hash-based Message Authentication Code (HMAC) appended to the data packet. The expiring HMAC is calculated based on a shared secret and a clock time. A receiving network application or firewall with the shared secret validates the secure data packets based on a comparison of the expiring HMAC to the receiving network or application's own calculation of a valid HMAC based on the shared secret and the clock time. Applications executing on the receiving and sending networks do not need modification to use the secure data packet protocol because HMAC appending, validation, and removal may all occur at network boundaries on firewalls. Protected host endpoints may serve client endpoints using expiring HMAC data packets and other validation information based on security data stored on a shared ledger such as nonce values encountered by the network.

The disclosed embodiments include a method performed by a computer system. The method includes forming groups of traffic, where each group includes a subset of detected connection requests. The method further includes determining a periodicity of connection requests for each group, identifying a particular group based on whether the periodicity of connection requests of the particular group satisfies a periodicity criterion, determining a frequency of the particular group in the traffic, and identifying the particular group as an anomaly based on whether the frequency of the particular group satisfies a frequency criterion.