Abstract: Disclosed herein are various embodiments for a sensitive data management system. An embodiment operates by receiving a web form from a transaction account of a web application associated with a first user, the form indicating a request for sensitive information of a second user. A request for an authorization to release the sensitive information to the web application. The authorization from the second user to release the sensitive information to the transaction account associated with the first user is received. The web form is populated with the sensitive information of the second user responsive to receiving the authorization from the second user to release the sensitive information, and the populated form including the sensitive information of the second user is provided to the web application.

Abstract: A sample is analyzed to determine a set of events that should be selected for performing by a dynamic analyzer executing the sample in an instrumented, emulated environment. The set of selected events is performed. In some cases, at least one emulator detection resistance action is performed. A maliciousness verdict is determined for the sample based at least in part on one or more responses taken by the sample in response to the set of selected events being performed by the dynamic analyzer.

Abstract: The present invention relates to a judgment method for edge node computing result trustworthiness based on trust evaluation, and belongs to the technical field of data processing. By means of the present invention, a security mechanism for trustworthiness of a computing result output by an industrial edge node is guaranteed, the industrial edge node is prevented from outputting error data, and attacks of false data of malicious edge nodes are resisted, it is guaranteed that trustworthy computing results not be tampered are input in the industrial cloud, and a site device is made to receive correct computing results rather than malicious or meaningless messages, thereby improving efficiency and security of industrial production.

Abstract: A data access control method and a database access apparatus. The method includes: obtaining a first data operation instruction, where the instruction is triggered by a first user; querying permission setting information based on the identifier of the target data body, and determining permission of the first user to operate the target data body, where the permission setting information includes an identifier of at least one data body and permission of at least one user to operate the at least one data body; generating a second data operation instruction based on the permission of the first user to operate the target data body and the first data operation instruction; and executing the second data operation instruction to operate data in the target data body within a target range, where the target range is a range allowed by the permission of the first user to operate the target data body.

Abstract: An identity certificate may be issued to a blockchain node. The issuance may include issuing a first identity certificate to a first terminal and receiving a second identity certificate issuance request that is from the first terminal. A second identity certificate may be issued to the first terminal, and a third identity certificate issuance request is received from the second terminal. A third identity certificate is issued to the second terminal, so that the second terminal forwards the third identity certificate to the third terminal.

Abstract: An authentication system, including at least one processor configured to: perform authentication based on a first authentication method; record, when the authentication by the first authentication method is successful, an authenticated user and a location of the authenticated user in association with each other in a storage; perform authentication based on a second authentication method; and restrict successful authentication by the second authentication method when a user to be authenticated by the second authentication method and a location of the user to be authenticated are not associated with each other in the storage.

Abstract: A system and method of anti-malware analysis including iterative techniques that combine static and dynamic analysis of untrusted programs or files. These techniques are used to identify malicious files by iteratively collecting new data for static analysis through dynamic run-time analysis.

Abstract: A system for defending against a side channel attack. The system includes a reuse distance buffer configured to measure one or more reuse distances for a microarchitecture block according to information of marker candidates and information of target events of a microarchitecture block; and a defense actuator configured to determine existence of a side channel attack in the microarchitecture block according to the one or more reuse distances for the microarchitecture block.

Abstract: An information processing apparatus (2000) classifies each event that occurred in a target apparatus to be determined (10) either as an event (event of a first class) that also occurs in a standard apparatus (20) or as an event (event of a second class) that does not occur in the standard apparatus (20). Herein, a first model used for a determination with respect to an event that also occurs in the standard apparatus (20) and a second model used for a determination with respect to an event that does not occur in the standard apparatus (20) are used as models for determining whether an event that occurs in a target apparatus to be determined (10) is a target for warning. The information processing apparatus (2000) performs learning of the first model using an event of the first class. Further, the information processing apparatus (2000) performs learning of the second model using an event of the second class.

Abstract: Techniques are described for enabling an IT and security operations application to detect and remediate advanced persistent threats (APTs). The detection of APTs involves the execution of search queries to search event data that initially was associated with lower-severity activity or that otherwise did not initially rise to the level of actionable event data in the application. The execution of such search queries may thus generally be configured to search non-real-time event data, e.g., event data that outside of a current window of days or a week and instead searches and aggregates event data spanning time periods of many weeks, months, or years. Due the nature of APTs, analyses of historical event data spanning such relatively long periods of time may in the aggregate uncover the types of persistent activity associated with APTs that would otherwise go undetected based only on searches of more current, real-time event data.

Abstract: A method for determining third party network compliance with a host entity network is provided. The method may include generating a scanning file that includes host entity network compliance standards and transferring the scanning file to an intermediary entity network. The method may further include generating an executable file that may run a plug-in scanning file to scan hardware and software resident at the third-party network for compliance. The method may further include transferring the executable file from the intermediary entity network to the third party network. The method may further include executing the executable file, generating a log file upon the completion of the running of the plug-in scanning file and digitally signing the log file. The method may further include deciphering the log file at the intermediary entity network, generating a readable report based on the deciphering and transferring the readable report to the host entity network.

Abstract: In order to provide improved matching of records between different sources, systems and methods include generating a data link between a stored interaction profile of the user and activity data records that identify activities performed by the user. Online interaction data associated with the user is received, including tracking data indicative of online interactions with content. The online interaction data is stored in the stored interaction profile associated with the user. An activity model is used to predict correlation parameters representing groupings of online interactions of the online interaction data with activities performed by the user, where the prediction is based on the tracking data and each activity in the interaction profile. The interaction profile is updated with the groupings and user activities are authenticated based on the interaction profile.

Abstract: An identity authenticator receives a first authentication credential from a first application at a first computing device. The identity authenticator then determines that the first authentication credential is associated with a second authentication credential for the first application at a second computing device based on a stored authentication identity. The identity authenticator then provides a stored execution state for the first application to the first computing device, wherein the stored execution state is associated, based on the stored authentication identity, with at least one of the first authentication credential or the second authentication credential.

Abstract: A single-antenna device includes a single antenna, at least one processor, and at least one memory. The single-antenna device is operable to receive a signal including at least one frame. Each of said frame includes a repeating portion. The single-antenna device determines a difference of phase and amplitude of the repeating portion and further determines whether the signal is transmitted from a trusted source based at least in part on the difference of phase and amplitude of the repeating portion.

Abstract: A computer-implemented method, computer program product and computing system for: a computer-implemented method is executed on a computing device and includes: obtaining object information concerning one or more initial objects within a computing platform in response to a security event; identifying an event type for the security event; and executing a response script based, at least in part, upon the event type.

Abstract: A system and method for detecting and preventing cyberintrusion of a protected system incorporates neural networks having a training mode and a host-accessible (e.g., non-training) mode. When in training mode, the neural networks observe data exchanges with a protected system via interfaces (based on test inputs) and generate system templates corresponding to observed normal behaviors of the interfaces (including “gold standard” behavior indicative of optimal performance behaviors and/or minimal threat of cyberintrusion). When in host-accessible mode, the neural networks observe operating behaviors of the interfaces for each exchange via the interfaces and apply stored system templates to the system data to most closely approximate the optimal behavior set.

Abstract: In some embodiments, a processor can receive an input string associated with a potentially malicious artifact and convert each character in the input string into a vector of values to define a character matrix. The processor can apply a convolution matrix to a first window of the character matrix to define a first subscore, apply the convolution matrix to a second window of the character matrix to define a second sub score and combine the first subscore and the second subscore to define a score for the convolution matrix. The processor can provide the score for the convolution matrix as an input to a machine learning threat model, identify the potentially malicious artifact as malicious based on an output of the machine learning threat model, and perform a remedial action on the potentially malicious artifact based on identifying the potentially malicious artifact as malicious.

Abstract: Systems, methods, and computer-readable media for cybersecurity are disclosed. The systems and methods may involve receiving, by an application capable of JavaScript execution, code for execution; executing, before execution of the received code, an intercepting code, wherein the intercepting code is configured to intercept at least one application programming interface (API) invocation by the received code; intercepting, by the intercepting code, an API invocation by the received code; determining that the intercepted API invocation results in a manipulation of a backing store object; and modifying an execution of the intercepted API invocation, wherein the modified execution results in a nonpredictable environment state.

Abstract: The present disclosure describes a system for saving metadata on files and using attribute data files inside a computing system to enhance the ability to provide user interfaces based on actions associated with non-executable attachments like text and document files from untrusted emails, to block execution of potentially harmful executable object downloads and files based on geographic location, and to a create a prompt for users to decide whether to continue execution of potentially harmful executable object downloads and files. The system also records user behavior on reactions to suspicious applications and documents by transmitting a set of attribute data in an attribute data file corresponding to suspicious applications or documents to a server. The system interrupts execution of actions related to untrusted phishing emails in order to give users a choice on whether to proceed with actions.

Abstract: Disclosed is a system and method to create an encrypted file system on a block chain. The system creates the block chain controlling an access to the encrypted file system. The block chain defines a user permission to access at least a portion of the encrypted file system. The system creates the encrypted file system by recording a unique file ID in the block chain, where the unique file ID stores a chunk index including memory locations of multiple chunks storing portions of a file in the encrypted file system. The system encrypts the file using a channel session key and a file encryption key. The channel session key includes a cryptographic key computed based on information known to users granted at least a temporary access to the file, and the file encryption key includes a cryptographic key used to encrypt each file in the encrypted file system.