Abstract: A first system receives an encrypted data vector representing a text search query from a second system and second encrypted data from a third system that may include a first vector and a second vector representing text of an electronic document. The first system may multiply the vectors by a random vector. The first system may determine a first difference between the encrypted data vector and the first vector, and a second difference between the encrypted data vector and the second vector. The first system may determine a product of the first and second difference. The first system may send the product to the third system and then receive a value representing the decrypted difference. The first system may determine if the value satisfies a condition and send the result of the determination to the second system.

Abstract: As described, a cloud-based enrollment service is configured to advertise features and capabilities of clusters performing malware analyses within a cloud-based malware detection system. Upon receiving an enrollment request message, including tenant credentials associated with a sensor having an object to be analyzed for malware, the cloud-based enrollment service is configured to use the tenant credentials to authenticate the sensor and determine a type of subscription assigned to the sensor. Thereafter, the cloud-based enrollment service is further configured to transmit an enrollment response message including a portion of the advertised features and capabilities of a selected cluster of the cloud-based malware detection system. The advertised features and capabilities includes information to enable the sensor to establish direct communications with the selected cluster.

Abstract: A breach detection engine detects and mitigates the effects of breaches across one or more data sources. An index is generated based on one or more data sources and the index is queried using keywords indicative of potential breaches. A database of potential breaches is populated based on the query of the index. The potential breach database is queried using keywords associated with a system identity (e.g., a third party). A likelihood of a candidate breach is identified based on a set of breach criteria weights. A network node associated with a candidate breach determined to be an actual breach is identified for isolation or for the performance of one or more additional security actions.

Abstract: A method for executing computer programs in a trusted execution environment of a device is disclosed. The method includes retrieving a genomic differentiation object corresponding a computer program; modifying the genomic differentiation object based on genomic regulation instructions (GRI) to obtain a modified genomic differentiation object; and executing a first executable instruction of the computer program. Executing the first executable instruction includes: retrieving first encoded data that is input to the first executable instruction; extracting a sequence from metadata associated with the encoded data; generating a first genomic engagement factor (GEF) based on the first sequence, the GRI and, and the modified genomic differentiation object; decoding the first encoded data based on the first GEF to obtain first decoded data; and executing the first executable instruction using the first decoded data.

Abstract: The invention comprises a mobile device with two circuit boards and certain shared resources, in order to provide the security of physically separate devices, yet do so in a single device using shared resources that do not affect security. Specifically, the invention has two boards connected via input/output switch, each having its own System-on-a-Chip (SoC), Memory (RAM), Storage and Radio Module (SIM(s)/Bluetooth/Wi-Fi), and may include one or more SIM cards. Touchscreen, battery, physical buttons and other peripherals are shared between boards. Each shared peripheral hardware module will be used by a single board only (the active in-use board being the “Foreground Board”); another board (the inactive “Background Board”) uses an emulated version of the same hardware module. At any moment, a user can switch between Boards and the Background Board becomes the active Foreground Board and vice versa.

Abstract: Systems and methods for concurrent modification of content are provided. In response to a verified request received from a user content is copied to a first storage media as a first version of the content uniquely identified by a first identifier, the verified request being based on verification of the user's credentials. In response to the user editing the first version of the content, the edited copy of the content is stored in the content management system in association with a second identifier uniquely identifying the edited copy of the content as a second version of the content. In response to receiving a notification that a plurality of users no longer request access to the content stored in the content management system, the first version of the content is deleted from the first storage media.

Abstract: A system for automatic authentication of service requests includes authentication of a remote access device. This authentication may be accomplished automatically prior to text or audio communication between a customer and a service agent. In some embodiments, authentication is accomplished automatically by authentication of the remote access device or accomplished by asking the customer questions. A single authentication of the remote access device may be used to authenticate a service request transferred between service agents. The authentication of the remote device may include, for example, use of a personal identification number, a fingerprint, a photograph, and/or a hardware identifier. Some embodiments include an intelligent pipeline configured for managing queues of customer service requests.

Abstract: Guard-railed security benchmark compliance assurance includes storing in memory of a computer a multiplicity of specific parameter values, retrieving from memory, different parameterized operating system directives arranged together in a programmatic module, populating different parameters of the directives with respective ones of the stored specific parameter values and invoking each of the directives with the populated different parameters through a command line shell of an operating system executing in the computer, each invocation establishing a different configuration setting in a computing environment hosted by the computer.

Abstract: An attestation system 80 includes a trustworthiness calculation unit 81 and an attestation unit 82. The trustworthiness calculation unit 81 calculates trustworthiness determined based on a state of a component, a method of attestation, or a result of attestation, for the component. The attestation unit 82 performs attestation of the component based on the trustworthiness.

Abstract: This document discusses designing and managing medical devices that are equipped with software, including a variety of ways of managing the public interest in safety and effectiveness of medical devices that are preferably implemented with open-source software. In one general aspect, a method of updating a medical device is disclosed. The method includes storing a vendor certificate in the device, and receiving and storing a licensed prescriber certificate in the device. A signed request to update code in the medical device can then be received and this request can be authenticated with one of the certificates, and the code can be updated in the medical device with code from the authenticated update request.

Abstract: A method and system is provided for setting network policies based on electronic devices connected to a network. The electronic devices present on the network are detected and their behavior is captured using profiles. These profiles are then used to generate network policies based on the electronic devices connected to the network. Instead of reacting to behavior of the electronic devices (e.g., anomaly detection to detect malware), the method and system sets the network policies to prevent unauthorized communications (e.g., before malware is present in the system).

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for training an action selection neural network used to select actions to be performed by an agent interacting with an environment. In one aspect, a system comprises a plurality of actor computing units and a plurality of learner computing units. The actor computing units generate experience tuple trajectories that are used by the learner computing units to update learner action selection neural network parameters using a reinforcement learning technique. The reinforcement learning technique may be an off-policy actor critic reinforcement learning technique.

Abstract: The present invention relates to a method for forecasting health status of a distributed network by an artificial neural network comprising the phase of identifying one or more sites, one or more assets of the sides and the links between the identified assets in said distributed network, comprising the phase of evaluating the actual health status of each of the identified assets, the phase of evaluating the actual health status of each of said identified sites and the phase of forecasting, by the artificial neural network, the subsequent health status of each of the identified sites according to a forecasting function based on a set of values comprising the actual asset health status rank, the actual asset infection risk, the actual asset infection factor, the actual site health status rank and the actual site infection risk.

Abstract: A technique to implement access control from within an application begins by dynamically-generating a “management scope” for a transaction associated with a set of managed resources. The management scope is a collection of permissions defined by at least one of: a set of roles, and a set of resource administration rights, that are assigned to a first operator that issues the transaction. As the transaction executes, a request to alter the transaction is then received from a second operator. According to the technique, the management scope for the transaction and associated with the first operator is then evaluated against a management scope associated with the second operator. Upon determining the management scope associated with the first operator has a given relationship to the management scope for the second operator, the transaction is permitted to be altered in response to the request. The given relationship is scoped by one or more rules.

Abstract: The present disclosure relates to a computer-implemented method and an apparatus for classifying anomalies of one or more feature-associated anomalies in network data traffic between devices in a first part of a network and devices in a second part of the network. The method comprises retrieving at least one network data traffic sample and determining one or more feature-associated anomaly scores for the retrieved at least one network data traffic sample. The method further comprises determining feature importance of each feature of a feature-associated anomaly score and classifying one or more anomalies based on the determined one or more feature-associated anomaly scores and the determined feature importance.

Abstract: Disclosed are systems, methods, and non-transitory computer-readable storage media for malware detection and content item recovery. For example, a content management system can receive information describing changes made to content items stored on a user device. The content management system can analyze the information to determine if the described changes are related to malicious software on the user device. When the changes are related to malicious software, the content management system can determine which content items are effected by the malicious software and/or determine when the malicious software first started making changes to the user device. The content management system can recover effected content items associated with the user device by replacing the effected versions of the content items with versions of the content items that existed immediately before the malicious software started making changes to the user device.

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

Abstract: Example implementations described herein involve systems and methods for generating an ensemble of deep learning or neural network models, which can involve, for a training set of data, generating a plurality of model samples for the training set of data, the plurality of model samples generated from deep learning or neural network methods; and aggregating output of the model samples to generate an output of the ensemble models.

Abstract: A compromised data exchange system extracts data from websites using a crawler, detects portions within the extracted data that resemble personally identifying information (PII) data based on PII data patterns using a risk assessment module, and compares a detected portion to data within a database of disassociated compromised PII data to determine a match using the risk assessment module. A risk score may be assigned to a data item within the database in response to determining the match. In some embodiments, URL data may also be detected in the extracted data. The detected URL data represents further web sites that can be automatically crawled by the system to detect further PII data.

Abstract: Transaction authorization systems may include a transaction processor and an authorization server system. The transaction processor obtains transaction requests authorizations for those requests from the authorization server system. The transaction processor may require an authorization be provided within a threshold time; otherwise, the transaction may be processed without authorization. The authorization server system may be hosted using one or more nodes in a distributed system. Degradation of the performance of the distributed system may cause the performance of the authorization server system to fall below the required performance threshold and transactions may not be authorized before automatic processing. Transaction authorization systems may monitor the health of the individual nodes and/or the distributed system and automatically adjust the routing of authorizations based on current and/or future performance degradation.