Abstract: Systems, methods, and apparatus for a MILS HPC, data storage system (DSS) system architecture that incorporates a multi-crypto module (MCM) to provide end-to-end multi-independent level security (MILS) protection. Configuration of each MCM enables a high performance computing (HPC) resource to compute different security domains with the associated security level keys from a key/node manager. The HPC resource can be dynamically re-allocated to different security level domain(s) by the key/node manager. In one embodiment, the DSS stores encrypted data regardless of the domains.

Abstract: A security system for individually-owned electronic devices includes a network operations center with an enrollment system, device management system, network layer security system, personal information monitoring system, detection and response system, and monitoring and alert system. An individually-owned electronic device communicates with the network operations center in order to receive and install a configuration file and a security application, as well as to configure a virtual private network connection. These components operate independently and collectively to identify and address security threats to the individually-owned electronic devices.

Abstract: A computing device may receive a plurality of scanning requests with at least one scanning request in the plurality identifying a target address of a target network. The computing device may for at least a subset of the plurality of scanning requests: generate a scanner instance and a virtual network interface card (VNIC) in response to the scanning request. The scanner instance and the VNIC communicating with a routing namespace that can communicate with two or more scanner instances simultaneously. Until the target address has been scanned: one or more packets can be sent from the scanner instance to the target address via the routing namespace and VNIC. The one or more packets can be wrapped in one or more packet wrappers identifying the target address and the target network. In response to the target address being scanned, the scanner instance and VNIC can be decommissioned.

Abstract: Technologies for providing secure utilization of tenant keys include a compute device. The compute device includes circuitry configured to obtain a tenant key. The circuitry is also configured to receive encrypted data associated with a tenant. The encrypted data defines an encrypted image that is executable by the compute device to perform a workload on behalf of the tenant in a virtualized environment. Further, the circuitry is configured to utilize the tenant key to decrypt the encrypted data and execute the workload without exposing the tenant key to a memory that is accessible to another workload associated with another tenant.

Abstract: The present disclosure describes a system that notifies users regarding specific user decisions with respect to solution phishing emails. The system notifies users when users perform specific actions with respect to the untrusted phishing emails. The system pauses execution of these actions and prompts the user to confirm whether to take the actions or to revert back to review the actions. In contrast from anti-ransomware technologies which are entirely in control, the system gives the user autonomy in deciding actions relating to untrusted phishing emails. The system interrupts execution of actions related to untrusted phishing emails in order to give users a choice on whether to proceed with actions.

Abstract: The present disclosure discloses methods and systems for controlling a smart lock. The method may include establishing a secure connection with a network, obtaining security control information through the secure connection, obtaining an operation input; performing a security verification based on the security control information and the operation input, and performing a corresponding operation based on the operation input when the security verification is passed.

Abstract: A computer-implemented method according to one aspect includes creating an initialization vector, utilizing an instance of plaintext and a secret key; encrypting the instance of plaintext, utilizing the initialization vector, the secret key, and the instance of plaintext; combining the initialization vector and the encrypted instance of plaintext to create a ciphertext string; and outputting the ciphertext string.

Abstract: Methods, systems and apparatus, including computer programs encoded on computer storage medium, for implementation of secret superposition protocols. In one aspect a method includes, performing, by a sender party, quantum operations on one or more qubits, comprising preparing, according to a predetermined secret superposition protocol, one or more qubits in respective uniform superposition quantum states; transmitting, by the sender party, to a recipient party, and through a secure channel, data indicating use of the predetermined secret superposition protocol; and transmitting, by the sender party and to the recipient party, one or more of the qubits, to wherein the recipient party performs one or more measurements on the qubits to verify use of the predetermined secret superposition protocol.

Abstract: An authentication system comprises a browser extension and a password manager application. The browser extension can be configured for execution on a first user device. The browser extension can be configured to display a response code and receive a login credential from a server. The response code can comprise a unique session identifier identifying the browser extension and a user browsing session. The password manager application can be configured for execution on a second user device. The second user device can have a scanner configured to scan the response code. The password manager application can be configured to extract the unique session identifier, parse the unique session identifier into session identifier content, send a portion of the session identifier content to the server, receive an approval from a user of the second user device, and send a notification to the server.

Abstract: This disclosure relates generally to techniques for encrypting and decrypting data and to systems that encrypt and/or decrypt data to maintain secrecy associated with such data as the data is transmitted from a source to one or more recipients. More specifically, this disclosure relates to techniques for encrypting and decrypting standalone data packages (e.g., user datagram protocol (UDP) data packages, etc.) and to systems that encrypt and/or decrypt standalone data packages. Even more specifically, encryption techniques are disclosed that employ scrambled headers and payloads that are uniquely encrypted from package to package.

Abstract: According to an embodiment, a method receives one or more messages associated with connecting a client and a first host. At least one of the messages comprises an encrypted portion indicating the first host and at least one of the messages comprises a cleartext portion indicating a second host. The method determines first and second sets of links associated with the first and second host, respectively. The first set is determined based on monitoring a result of connecting the client and the first host. The second set is determined based on observing behavior associated with connecting to the second host. The method detects domain fronting in response to determining, based on comparing the first set of links and the second set of links, that the first host differs from the second host.

Abstract: Embodiments of the present disclosure provide methods and apparatuses for blockchain-based multi-party computation, a device and a medium, relate to blockchain technology in the field of computer technology. An embodiment of the method can include: encrypting business data, to obtain a ciphertext of the business data; hashing the ciphertext of the business data, to obtain a hash result of the business data; sending the hash result of the business data to a blockchain node, so that the blockchain node writes the hash result of the business data into a blockchain; and sending the ciphertext of the business data to a target trusted computing module in a target server, for instructing the target trusted computing module to perform multi-party computation based on the ciphertext of the business data and the hash result of the business data in the blockchain.

Abstract: Disclosed are systems and methods for improving interactions with and between computers in content generating, searching, hosting and/or providing systems supported by or configured with personal computing devices, servers and/or platforms. The systems interact to identify and retrieve data within or across platforms, which can be used to improve the quality of data used in processing interactions between or among processors in such systems. The disclosed systems and methods provide systems and methods for privacy-aware machine learning using an improved data encoding that withholds more information. The disclosed systems and methods encode a corpus of data and encode each query used in searching and generating query results from the corpus of encoded data.

Abstract: Aspects of the disclosure relate to information masking. A computing platform may receive, from a user computing device, a request to access information that includes personal identifiable information (PII). The computing platform may retrieve source data comprising the PII and mask, within the source data and based on a data management policy, the PII. The computing platform may send the masked information in response to the request to access the information. The computing platform may receive a request to unmask the masked information and unmask the PII. The computing platform may log the request to unmask the masked information in an unmasking event log and send the unmasked PII in response to the request to unmask the masked information. The computing platform may apply a machine learning model to the unmasking event log to identify malicious events and trigger remediation actions based on identification of the malicious events.

Abstract: A method for authentication data transmission and a system thereof are provided. The method is operated in a computer system that is connected to a biometric device, and a secure channel is established there-between according to a security protocol. The computer system can receive encrypted biometric feature data from the biometric device based on a request. In a secure environment built in the computer system, the biometric feature data is decrypted and biometric features can be extracted. A comparison result is generated after comparing the biometric features with feature data in a database. The comparison result can be transmitted to the biometric device. The comparison result is then encrypted in the biometric device according to the security protocol. The biometric device can therefore transmit the encrypted comparison result to the computer system via the secure channel.

Abstract: A first computing device on a first network establishes a secure communications channel with a second computing device on a second network. The first computing device receives, via the secure communications channel from the second computing device, a first software product and a first software product identifier that identifies a previously manufactured first software product. The first computing device obtains first validation information that uniquely identifies the previously manufactured first software product. The first computing device analyzes the first validation information and the first software product to determine whether the first software product is different from the previously manufactured first software product. The first computing device, in response to determining that the first software product is different from the previously manufactured first software product, sends a first message to the second computing device indicating that the first software product is not validated.

Abstract: Methods and apparatus for interfering with malware using displaced display elements are disclosed. In an example, a processor is configured to change a location of a displayed pointer by a first offset vector from a hidden true pointer. The processor is also configured to change a location of at least one application display element, such as a website “Submit” button, by a second offset vector from a hidden true application element. The first offset vector may have a similar magnitude as the second offset vector but an opposite direction Changing a location of a pointer and the application element by the offsets enables a user to interact with the application normally. However, the offsets prevent malware or a malicious application from interacting with the application.

Abstract: Systems and methods for obfuscating data. The technology herein can be used to produce an obfuscated output that exhibits no easily discernible pattern, making difficult to identify or to filter using regular expressions, signature matching or other pattern matching. The output nevertheless can be reversed and the original data recovered by an intended recipient with a relatively low-cost of processing, making it suitable for low-powered devices. The obfuscation is stateless and does not require encryption.

Abstract: Techniques are described for controlling data and resource access. For example, methods and systems can facilitate controlled token distribution across systems and token processing in a manner so as to limit access to and to protect data that includes access codes.

Abstract: Methods, systems, and computer readable media for utilizing predetermined encryption keys in a test simulation environment are disclosed. In one embodiment, a method includes generating, prior to an initiation of an Internet protocol security (IPsec) test session, a private key and a public key at a traffic emulation device and storing the private key and the public key in a local storage associated with the traffic emulation device. The method further includes retrieving, from the local storage, the private key and the public key upon the initiation of the IPsec test session between the traffic emulation device and a device under test (DUT) and generating a shared secret key utilizing the retrieved private key and a DUT public key received from the DUT.