Abstract: A method for securing an electronic control unit (ECU). The method may include generating a granular security control adjustment authorization ticket (G-SCAAT) for securing the ECU according to a plurality of security parameters determined based on to a role selected for a corresponding user. The G-SCAAT may include security values to be used in controlling the ECU to operate according to the security parameters.

Abstract: A method for transmitting an application programming interface API request includes receiving, by a first API gateway, a first API request; obtaining, by the first API gateway, a first forwarding label corresponding to the first API request, where the first forwarding label includes a first target security domain identifier, and a security domain identifier of the first API gateway is different from the first target security domain identifier. The method also includes determining an address of a second API gateway according to a mapping relationship between the first target security domain identifier and the address of the second API gateway. The method additionally includes sending the first API request to the second API gateway based on the address which is a next-hop API gateway of the first API gateway that sends the first API request to an API gateway corresponding to the first target security domain identifier.

Abstract: A comprehensive cybersecurity platform includes a cybersecurity intelligence hub, a cybersecurity sensor and one or more endpoints communicatively coupled to the cybersecurity sensor, where the platform allows for efficient scaling, analysis, and detection of malware and/or malicious activity. An endpoint includes a local data store and an agent that monitors for one or more types of events being performed on the endpoint, and performs deduplication within the local data store to identify “distinct” events. The agent provides the collected metadata of distinct events to the cybersecurity sensor which also performs deduplication within a local data store. The cybersecurity sensor sends all distinct events and/or file objects to a cybersecurity intelligence hub for analysis. The cybersecurity intelligence hub is coupled to a data management and analytics engine (DMAE) that analyzes the event and/or object using multiple services to render a verdict (e.g., benign or malicious) and issues an alert.

Abstract: A compromised data exchange system extracts data from websites using a crawler, detects portions within the extracted data that resemble personally identifying information (PII) data based on PII data patterns using a risk assessment module, and compares a detected portion to data within a database of disassociated compromised PII data to determine a match using the risk assessment module. A risk score may be assigned to a data item within the database in response to determining the match. In some embodiments, URL data may also be detected in the extracted data. The detected URL data represents further websites that can be automatically crawled by the system to detect further PII data.

Abstract: A TEE system that includes a first platform that runs a first TEE, a second platform that runs a second TEE, and a merging unit that is adapted to merge a first output from the first TEE of the first platform, with a second output from the second TEE of the second platform, so as to form an output of the TEE system. The first TEE and the second TEE are based on different implementations. In this way, the security of the system is improved, as a malicious actor even be able to access “t” machines, still would not be able to retrieve the secret unless there are multiple exploitable TEE vulnerabilities on all executing TEE platforms at the same time.

Abstract: An information processing apparatus which anonymizes data composed of records including one or more items through statistical processing, includes a memory and a processor to execute classifying respective records constituting the data into one or more sets based on masking target items indicating items to be masked among the items, a dictionary which expresses categories of item values in a tree structure for each of the masking target items, a selected hierarchy level indicating a hierarchy level selected in the tree structure for each of the masking target items, and the number of records included in the data, and calculating the number of records N of each set and a ratio of records belonging to a set including N records, and dividing the data into one or more pieces of data in a case where the ratio of the records belonging to the set including N records satisfies a predetermined condition.

Abstract: A wireless communications system comprises a subscriber user equipment and a mobile expert user equipment. The subscriber user equipment is configured to log in to a subscription account application installed on the subscriber user equipment using subscriber credentials, wherein the subscriber credentials are pre-registered with a telecommunications service provider associated with a retail store, determine that the subscriber user equipment is located within a coverage area associated with the retail store after logging in to the subscription account application, and transmit an authentication message indicating an identity of a subscriber using the subscriber user equipment and indicating that the subscriber is pre-registered with the telecommunications service provider. The mobile expert user equipment is configured to obtain subscriber data describing a subscriber associated with the subscriber user equipment after the subscriber user equipment transmits the authentication message.

Abstract: A computer-implemented process, computer program product, and system for dynamic change of a password under a brute force attack. A computer processor determines a quantity of consecutive unsuccessful attempts to access the targeted item protected by a password. Responsive to the quantity of consecutive unsuccessful attempts to access the targeted item exceeding a predefined threshold, the computer processor acquires a new password for access to the targeted item, wherein the new password is based on a more complex set of password generation rules than a current password. The computer processor changing the current password of the targeted item to the new password, and in response to changing the current password of the targeted item to the new password, the computer processor sends an encrypted message regarding the new password to a user associated with the targeted item.

Abstract: Systems and methods for concurrent modification of content are provided. In response to a verified request received from a user content is copied to a first storage media as a first version of the content uniquely identified by a first identifier, the verified request being based on verification of the user's credentials. In response to the user editing the first version of the content, the edited copy of the content is stored in the content management system in association with a second identifier uniquely identifying the edited copy of the content as a second version of the content. In response to receiving a notification that a plurality of users no longer request access to the content stored in the content management system, the first version of the content is deleted from the first storage media.

Abstract: An apparatus and method for generating a system call whitelist for an application container. The method may include determining whether a container is based on machine code or non-machine code by analyzing the internal configuration of the running container, identifying system calls included in an application through binary static analysis or static analysis of source code selected depending on the determination of whether the container is based on machine code or non-machine code, and generating a whitelist based on the numbers of all of the identified system calls.

Abstract: Implementations disclosed describe a system and a method to execute a virtual machine on a processing device, receive a request to access a memory page identified by a guest virtual memory address (GVA) in an address space of the virtual machine, translate the GVA to a guest physical memory address (GPA) using a guest page table (GPT) comprising a GPT entry mapping the GVA to the GPA, translate the GPA to a host physical address (HPA) of the memory page, store, in a translation lookaside buffer (TLB), a TLB entry mapping the GVA to the HPA, modify the GPT entry to designate the memory page as accessed, detect an attempt by an application to modify the GPT entry; generate, in response to the attempt to modify the GPT entry, a page fault; and flush, in response to the page fault, the TLB entry.

Abstract: Different communication and software protocols may be used by different blockchain networks. Cross-chain communication is provided via a software bridge configured to enable specific operations. An event request may be sent from a first blockchain network to a second blockchain network. The event request may be processed using a first protocol of the first network to provide a first output. An offer of equivalent processing provided by the second network may be verified by: processing the event request using a second protocol of the second network to provide a second output, and confirming that the second output matches the offer of equivalent processing. A processing equivalence of the event request may be established between the first network and the second network based on the first output of the event request processed using the first protocol and the second output of the event request processed using the second protocol.

Abstract: Disclosed herein are a method for generating Gaussian error data using flash memory and an apparatus using the method. The method includes receiving a request to generate Gaussian error data and delivering an operation command to flash memory; generating Gaussian error noise based on a threshold voltage that is generated when the flash memory performs the operation command; and generating Gaussian error data so as to correspond to the Gaussian error noise and providing the same.

Abstract: A node associated with an organization may receive a storage identifier for new credit data associated with an individual. A distributed ledger and distributed data sources may be used to share the new credit data with a network of nodes. The node may update a smart contract with the storage identifier for the new credit data. The node may receive, from a particular device associated with the organization, a request for the new credit data. The node may obtain the storage identifier for the new credit data from the smart contract. The node may obtain the new credit data by using the storage identifier to search the distributed data sources. The node may provide the new credit data to the particular device. The node may perform actions to obtain additional new credit data from the distributed data sources or provide the additional new credit data to the distributed data sources.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for training an action selection neural network used to select actions to be performed by an agent interacting with an environment. In one aspect, a system comprises a plurality of actor computing units and a plurality of learner computing units. The actor computing units generate experience tuple trajectories that are used by the learner computing units to update learner action selection neural network parameters using a reinforcement learning technique. The reinforcement learning technique may be an off-policy actor critic reinforcement learning technique.

Abstract: An apparatus includes a processor, persistent memory coupled to the processor, and a memory protection logic. The processor may include multiple processing engines. The persistent memory may include a persistent storage portion and a memory expansion portion. The memory protection logic is to: obtain a first ephemeral component associated with the persistent storage portion; generate a persistent key using the first ephemeral component; obtain a second ephemeral component associated with the memory expansion portion; and generate a non-persistent key using the second ephemeral component. Other embodiments are described and claimed.

Abstract: A system for link device authentication includes a computing device configured to acquire, from an originating device, an identifier of an endpoint device, obtain an endpoint device authentication code corresponding to the identifier, determine, as a function of the identifier, a location of the endpoint device, identify a plurality of link devices, select, from the plurality of link devices, at least a probabilistically verified link device as a function of the location of the endpoint device, and transmit, to the at least a probabilistically verified link device, the endpoint device authentication code.

Abstract: In a transportation security technique, images are stored that are received from image capturing equipment deployed at respective screening nodes. The images are analyzed using a machine learning model, where presence of a particular object in an image indicates that a threat condition exists at the screening node. The analyzed images are transmitted to threat assessment components in accordance with predetermined criteria. An indication that the particular object is observed in the image is received from the threat assessment components. An indication that the particular object is observed in the image is transmitted to the screening node responsive to receiving the indication that the particular object is observed in the image. An indication of whether the particular object is present at the screening node is received. The machine learning model is trained based on the received indication of whether the particular object is observed in the image.

Abstract: The disclosed techniques in artificial intelligence include at least a system and a computer-implemented method for performing a predictive search that compensates for a misclassification. For example, the system can set a user-defined classification of a physical characteristic of the user and retrieve an image captured by a camera device. The system can aggregate binary feedback data submitted by authorized users about the image, predict a classification for the physical characteristic by processing the image with a machine learning (ML) process, and search a database based on a query, which has criteria that includes an indication of the aggregate binary feedback data, the user-defined classification, the predicted classification, and/or data indicative of the user's feedback. The system can then identify a search result that satisfies the query and cause a user device to display a recommendation that includes the search result.

Abstract: A system and method for accelerated anomaly detection and replacement of an anomaly-experiencing machine learning-based ensemble includes identifying a machine learning-based digital threat scoring ensemble having an anomalous drift behavior in digital threat score inferences computed by the machine learning-based digital threat scoring ensemble for a target period; executing a tiered anomaly evaluation for the machine learning-based digital threat scoring ensemble that includes identifying at least one errant machine learning-based model of the machine learning-based digital threat scoring ensemble contributing to the anomalous drift behavior, and identifying at least one errant feature variable of the at least one machine learning-based model contributing to the anomalous drift behavior; generating a successor machine learning-based digital threat scoring ensemble to the machine learning-based digital threat scoring ensemble based on the tiered anomaly evaluation; and replacing the machine learning-based di