Systems and methods of detecting anomalies in a computing system are disclosed. The computing system can be a member of a blockchain network of a plurality of blockchains. Digests of blocks may be passed between blockchains of the plurality of blockchains, which enables each member of the blockchain network to verify an immutable record of data transactions, free of the mutual trust requirement of a typical blockchain environment. The passing of blockchain block digests further enables a member of the blockchain network to assist another member of the blockchain network to identify an anomaly within moments of when the anomaly first occurs.

A security application for a computing device, e.g., a mobile phone, allows generation of a secret according to a unique user input (e.g., user credentials). The secret is stored in a directory such that it is retrievable when the unique user input is received via a user interface of a device on which the security application executes or is coupled with. Responsive to receiving an identifier associated with the secret, the security application prompts, e.g., via a user interface of the mobile phone, entry of the unique user input; and, subsequently, verifies the unique user input. Following such verification, the security application provides the secret for use in encoding a communication with a remote computer-based station. Entry of the user credentials may be required prior to the security application generating the secret, and may be responsive to receipt of an invitation (e.g., from the remote computer-based station) to generate it.

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is big data driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

The present disclosure discloses methods and apparatuses for learning and protecting business logic based on big data. The learning method includes: receiving a network request sent by a requester, recognizing a current request identifier of the network request, and parsing procedure information of the network request; extracting a reference request identifier from the procedure information, determining whether a direction from the reference request identifier to the current request identifier exists in a procedure direction table, and updating the procedure direction table based on a determination result; and distributing tracking code for the network request, where the tracking code includes the current request identifier and a timestamp for distributing the tracking code. The technical solutions provided in the present disclosure can improve efficiency of protecting business logic based on big data, can be applied to various business logic scenarios, and can flexibly adapt to various changes in business logic requirements.

An authentication correlation (AC) computing device is provided. The AC computing device includes a processor and a memory. The AC computing device receives a first authentication request from a requesting computer device including an account identifier, a first timestamp, and at least one authentication factor, and determines a first security level of the first authentication request. The AC computing device stores the first security level and the first timestamp. The AC computing device is also configured to receive a second authentication request including the account identifier and a second timestamp, determine that the second authentication satisfies an authentication rule based on the account identifier, the second timestamp, and the stored authentication data wherein the rule defines a timeframe and an authentication threshold, and generate an authentication response based on the determination and the authentication rule wherein the authentication response includes an approval indicator.

A method for verifying a proximity of a user device to a beacon, including broadcasting a frame comprising an encrypted payload, receiving the frame, extracting information from the frame, and verifying the proximity of the user device to the beacon based on the extracted information.

Secure operations can be performed using security module instances offered as a web service through a resource provider environment. State data and cryptographic material can be loaded and unloaded from the instance as needed, such that the instance can be reused for operations of different customers. The material and data can be stored as a bundle encrypted using a key specific to the hardware security module and a key specific to the resource provider, such that the bundle can only be decrypted in an instance of that type of security module from the associated manufacturer and operated by that particular resource provider. The customer is then only responsible for the allocation of that instance during the respective cryptographic operation(s).

The systems and methods described herein enable an application on a user device to securely request access to a resource for an order using a selected credential routine. The application can receive order data and a signature based on the order data from an access device. The application can include an interface for selecting a particular credential routine from a plurality of credential routines that can be used to obtain the credential for accessing the resource. Instead of requesting access to the resource via the access device, the application can communicate with an authentication server that can verify the signature based on the order data and obtain authorization of the credential. Thus, the application can select a credential routine and credential for accessing a resource through secure communications with the authentication server.

Disclosed is a method for detecting a cyberthreat through correlation analysis of security events, which includes extracting a false-positive data set by extracting, from source data, information about security events occurring during a predetermined time period based on a time at which erroneous detection occurred; extracting a true-positive data set by extracting, from the source data, information about security events occurring during the predetermined time period based on a time at which an intrusion threat was correctly detected; extracting a current data set by extracting information about security events occurring during the predetermined time period from data to be analyzed; generating event coincidence statistics by extracting a frequency of each security event in the respective data sets and by compiling statistics thereon; generating an event vector based on the event coincidence statistics; and performing intrusion threat detection through a vector space model based on the event vector.

Implementations of the subject technology provide for performing, by a device, a request for obtaining information related to a phone authentication certificate (PAC) that was generated for the device, the PAC authenticating that a particular phone number is associated with the device, the request including packets of data. The subject technology receives the information related to the PAC, the information including an indication that the PAC was generated for the device. The subject technology sends, from the device, a request for validating the PAC to a remote server based at least in part on the information related to the PAC. Further, the subject technology receives a confirmation of validating the PAC from the remote server based at least in part on the information related to the PAC.