Abstract: A recursive method and apparatus produce a deep convolution neural network (CNN). The method iteratively processes an input directed acyclic graph (DAG) representing an initial CNN, a set of nodes, a set of exogenous nodes, and a resolution based on the CNN. An iteration for a node may include recursively performing the iteration upon each node in a descendant node set to create a descendant DAG, and upon each node in ancestor node sets to create ancestor DAGs, the ancestor node sets being a remainder of nodes in the temporary DAG after removing nodes of the descendent node set. The descendant and ancestor DAGs are merged, and a latent layer is created that includes a latent node for each ancestor node set. Each latent node is set to be a parent of sets of parentless nodes in a combined descendant DAG and ancestors DAGs before returning.

Abstract: Technologies disclosed herein provide for converting a first data of a first control flow packet to a first pixel, where the first data indicates one or more branches taken during a known execution of an application, generating an array of pixels using the first pixel and one or more other pixels associated with one or more other control flow packets generated from the known execution, transforming the array of pixels into a series of images, and using a machine learning algorithm with inputs to train a behavior model to identify a malicious behavior in an unknown execution of the application. The inputs include one or more images of the series of images and respective image labels assigned to the one or more images. More specific embodiments include extracting the first control flow packet from an execution trace representing at least part of the known execution.

Abstract: A system includes an electronic processor configured to store records in a client database. The records included personally identifiable information associated with entities and a client identifier reference associated with each of the individuals, the personally identifiable information is accessible based on an authorization level associated with a user.

Abstract: Embodiments of the invention are directed to techniques for preventing access to protected resources by unauthorized individuals by enabling an administrator associated with a transport computer to customize filtering rules via a user interface. In some embodiments, a server computer can, from a client computer, receive credentials of the administrator. The credentials can be used to retrieve requesting computers registered with the transport computer. The requesting computers may then be displayed at the client computer. A selection of one of the requesting computers is received from the client computer. A plurality of settings, which represent rules controlling which authorization request messages from the selected requesting computer are forwarded, are displayed at the client computer, wherein one of the settings references one or more attributes that distinguish certain authorization request messages.

Abstract: A method for preventing counterfeiting of an object includes capturing an image of at least a portion of the object that is at least partially transparent. The captured image includes features of the internal structure of the object. Based on the image, a code is generated that encodes features of the internal structure of the object. The code is recorded. Generating the code includes applying a filter to the image to obtain a filtered image, and processing the filtered image to obtain a binary code. A random key, k, is generated, and a codeword fp is obtained by applying an error-correction encoding scheme, ErrorCC, to the random key according to fp=ErrorCC(k), wherein fp has the same size as the binary code fa. An encrypted binary code, r, is computed according r=fa?fp, where ? denotes modulo-2 addition. A hash value, h, is computed according to h=H(k), where H is a one-way hash function. Recording the code comprises recording the encrypted binary code r and the hash value h.

Abstract: A system for protecting personally identifiable information (PII) associated with audio, image and video. The system includes an output device and a processor. The processor receives a document including an audio, an image, or a video containing both non-personally identifiable information and personally identifiable information, scans the document for a voice, a face, a graphically rendered text, or a personal attribute, match the voice, face, graphically rendered text, or personal attribute with records in a database to determine whether the voice, face, graphically rendered text, or personal attribute in the document is associated with personally identifiable information.

Abstract: A method, a computing system and a computer program product are provided. A link for use by a user to access a file is created. Content of the file is encrypted using a common key. The common key is encrypted using a public key of the user and is registered in the link. Access rights regarding the file are set for the user and registered in the link. The link includes information for use by the user to access the file when the access rights indicate that the user is authorized to access the file.

Abstract: User interface integration across multiple clouds is achieved by hosting UI extensions for different services in the same browser window. The UI extensions are initialized by a shell with any necessary security context for the corresponding cloud. The shell provides versioning so that the newest version of the UI is presented to users for all versions of a service. A connector in a local cloud provides translation between APIs across different clouds.

Abstract: A given policy file is obtained at a publishing node of a decentralized system of nodes, wherein the given policy file defines a policy that applies to at least a subset of nodes in the decentralized system of nodes. The given policy file is sent to a decentralized storage network for storage therein. Storage metadata is received from the decentralized storage network, wherein the storage metadata represents address information associated with storage of the given policy file in the decentralized storage network. The publishing node generates policy file retrieval metadata based on the storage metadata received from the decentralized storage system. The policy file retrieval metadata is sent to a blockchain network for storage therein. One or more querying nodes of the decentralized system of nodes access the blockchain network to obtain the policy file retrieval metadata in order to then retrieve the policy file from the decentralized storage network.

Abstract: Disclosed herein are system, method, and computer program product embodiments for secure data aggregation in databases. An embodiment operates by identifying a value column and a group column of a plurality of columns of a dataset. Two distinct group values of the group column are identified. An offset value corresponding to the first group value is determined. One or more of the plurality of records including the first group value are identified. A value of the value column of each of the identified one or more plurality of records is encoded with the offset value. Values of the encoded value column are encrypted. The encrypted values are uploaded to a server.

Abstract: The disclosed computer-implemented method for efficiently updating neural networks may include (i) identifying a neural network that comprises sets of interconnected nodes represented at least in part by a plurality of matrices and that is trained on a training computing device and executes on at least one endpoint device, (ii) constraining a training session for the neural network to reduce the size in memory of the difference between the previous values of the matrices prior to the training session and the new values of the matrices after the training session, (iii) creating a delta update for the neural network that describes the difference between the previous values and the new values, and (iv) updating the neural network on the endpoint device to the new state by sending the delta update from the training computing device to the endpoint computing device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In one embodiment, a method of secure network transmission is performed by a computer system. The method includes encrypting a payload via a first symmetric key and encrypting the first symmetric key via a second symmetric key. The method further includes encrypting an author header comprising the encrypted first symmetric key and a recipient list via a third symmetric key, wherein the recipient list comprises at least one recipient. The method also includes encrypting the third symmetric key via a public asymmetric key associated with an authentication server. Furthermore, the method includes transmitting the encrypted author header and the encrypted third symmetric key to the authentication server for use in recipient-initiated pre-access authentication. In addition, the method includes transmitting the encrypted payload and the second symmetric key over a computer network to the at least one recipient.

Abstract: In communication with networked electronic devices, a method for providing a holistic view of a malware attack potentially being conducted on these networked electronic devices is described. The method includes requesting analytic data from each of the plurality of networked electronic devices. Thereafter, the analytic data from each of the networked electronic devices is analyzed to correlate analytic data from each of the plurality of networked electronic devices in order to provide the holistic view of a malware attack potentially being conducted. After correlation, display information is generated, where the display information includes the correlated analytic data.

Abstract: A self-adaptive security framework for a device is disclosed. A first security level for a device is set wherein the first security level comprises procedures that authenticate a user and allow the user to access the device. Input from sensors associated with the device may be received at a contextual sensing engine, wherein the input at least includes location data, and wherein at least a portion of the input is related to a physical setting where the device is located. A threat level for the device is determined in the physical setting via the contextual sensing engine based on analyzing the input. The first security level is altered to a second security level to provide an altered threat response for the device based on the threat level wherein the second security level has different procedures to authenticate the user compared to the first security level.

Abstract: Techniques for rendering an object using multiple versions of an application in a single process for dynamic malware analysis are disclosed. In some embodiments, a system, process, and/or computer program product for rendering an object using multiple versions of an application in a single process for dynamic malware analysis includes receiving a sample at a cloud security service, in which the sample includes an embedded object; detonating the sample using a browser executed in an instrumented virtual machine environment; and rendering the embedded object using a plurality of versions of an application in a single process during a dynamic malware analysis using the instrumented virtual machine environment.

Abstract: Methods and systems for account authentication in a distributed computing node group may involve sending a message to a member, the message having a first timestamp, increasing an authentication failure count, receiving a first key-exchange message from the member, the first key-exchange message having a second timestamp, evaluating the second timestamp, and determining whether to ignore the first key-exchange message based on an evaluation of the second timestamp. The first timestamp may be associated with a message received from the member prior to sending the message with the first timestamp to the member. The first key-exchange message may include a value computed by the member based on a group passcode shared with the member. The evaluation of the second timestamp may be based on at least one of a default value, the authentication failure count, or a timestamp associated with the group passcode.

Abstract: In a method of controlling account user access to transaction information for a joint account, a set of control criteria is stored in a control database. Information for a new transaction is received and stored in a transaction information database. An information limitation request to prevent access to the transaction information by a second account user for a withholding time interval is received from a first account user. An access limitation record including identification of the second account user and the withholding time interval is stored in the information control database. Upon receiving from a second account user a request for account information including the transaction information, a determination may be made as to whether the transaction information should be withheld from the second account user. Responsive to a determination that the transaction information should be withheld, a response excluding the transaction information is transmitted to the second user device.

Abstract: A computer-implemented system for providing security to a proprietary software algorithm is presented. The system, known as Software Algorithm Security (“SAS”), is a form of individual heuristic copy protection requiring a provable national origination to execute. The SAS completely encrypts a software algorithm's executable preamble, thereby making alteration of executable image logic close to impossible. Making use of the ability to safeguard a single executable image, Software Licensing Logic was designed to preamble software for licensing purposes. Each algorithm licensed could be tracked and reported if executed illegally, or hacked. Illegal execution would include not originating execution from a preset collective of land line phone numbers or attempting to execute the executable image outside the confines of a national boundary.

Abstract: The present invention relates to a method for generating an electronic signature of a document associated with a condensate obtained by a given hash function comprising performing by data-processing means (11b) of a server (10b) of steps of: (a) Receiving said condensate and a zero-knowledge proof of the fact that said condensate is indeed the result of application of said given hash function to said document; (b) Verifying that said zero-knowledge proof is valid; (c) Generating an electronic signature of the document from said condensate.

Abstract: This application provides a method for accessing a network by an Internet of Things device, an apparatus, and a system, and relates to the field of Internet of Things in order to reduce hardware apparatuses need to be provided for an Internet of Things device, and reduce operation steps of a user when it is ensured that the Internet of Things device securely accesses a network. The method includes sending, by an Internet of Things device, an access request message to an access point, where the access request message includes a universally unique identifier (UUID), a service set identifier (SSID), and a first temporary password (pass_tmp), receiving, by the Internet of Things device, an access response message from the access point, where the access response message includes the SSID and a password, and accessing, by the Internet of Things device, a network using the SSID and the password.