Abstract: The host computer securitization architecture, which comprises: an offline source server, an offline provisioning server configured to connect with a portable mobile securitization server via a wired communication, an administration server configured to monitor and interact with at least one portable mobile securitization server, at least one portable mobile securitization server configured to connect via a wired communication to a host computer, said portable mobile securitization server comprising: a connector to mechanically connect and establish a removable wired communication between the mobile server and the host computer, a first wired bidirectional communicator with the host computer, a second of bidirectional communicator with a data storage peripheral or a data network and a unit securing the communication between the host computer and the data storage mobile server or the data network, this communication being established between the first and the second communicator, a blockchain comprising

Abstract: Systems and methods for encoded communications are disclosed. In some embodiments, a server system may be configured to receive a communication from a user interface at an encoded communication module that includes an artificial intelligence based natural language processing module, determine whether the received communication is an encoded communication, decode the encoded communication to generate a financial query when it is determined that the received communication is an encoded communication, retrieve financial data associated with the user, determine an answer to the financial query based on the retrieved financial data, encode the determined answer to generate an encoded responsive communication, and transmit the generated encoded responsive communication to the user interface for providing to a user of the user interface.

Abstract: An apparatus and method for responding to an invalid state occurrence encountered during execution of a third-party application program is included. The apparatus performing the method which includes registering a trap signal handler with a kernel of an operating system. The method also including intercepting calls from the third-party application program to the operating system and processing an exception signal corresponding to the invalid state to generate a response. The response including performing a signal reporting process.

Abstract: A device includes an encoder and a decoder using physically unclonable functions. The encoder includes a first generator for generating a first hash value based on first input data; a first exclusive OR (XOR) operator for performing an XOR operation between second input data and a cryptographic value to generate a first operation value; a second XOR operator for performing an XOR operation between the first hash value and the first operation value to generate a second operation value; a second generator for generating a second hash value based on the first operation value; and an encoding component for encoding the first input data, the second operation value and the second hash value to output first to third encoded data. The decoder contains the same generators and XOR operators as the encoder.

Abstract: A system and method for the analysis of log data is presented. The system uses SuperMinHash based locality sensitive hash signatures to describe the similarity between log lines. Signatures are created for incoming log lines and stored in signature indexes. Later similarity queries use those indexes to improve the query performance. The SuperMinHash algorithm uses a two staged approach to determine signature values, one stage uses a first random number to calculate the index of the signature value that is to update. The two staged approach improves the accuracy of the produced similarity estimation data for small sized signatures. The two staged approach may further be used to produce random numbers that are related, e.g. each created random number may be larger than its predecessors. This relation is used to optimize the algorithm by determining and terminating when further created random numbers have no influence on the created signature.

Abstract: A medical device of a medical system is configured for communicating with an external programmer over a wireless communications link. The medical device comprises a wireless communications module configured for receiving a first unencrypted version of a random number and a first encrypted version of the random number from the external programmer over the wireless communications link. The medical device further comprises control circuitry configured for performing an authentication procedure on the external programmer based on the first unencrypted version of the random number and the first encrypted version of the random number, and preventing the external programmer from commanding the medical device to perform an action unless the authentication procedure is successful.

Abstract: A computer-implemented method includes producing information that characterizes a group of individuals from a set of private data representing characteristics of the individuals. The identity of the individuals is unattainable from the produced information. The method also includes providing the produced information to report the characteristics of the group.

Abstract: Secure network communications are described. In one aspect, a secure network can include a passbuilder that provides policy information related to performance characteristics of the secure network. A sender can receive the policy information and transmit packets to a receiver if the policy information is complied with by the potential packet transmission.

Abstract: A cyber threat intelligence (CTI) gateway device may receive rules for filtering TCP/IP packet communications events that are configured to cause the CTI gateway device to identify communications corresponding to indicators, signatures, and behavioral patterns of network threats. The CTI gateway device may receive packets that compose endpoint-to-endpoint communication events and, for each event, may determine that the event corresponds to criteria specified by a filtering rule. The criteria may correspond to one or more of the network threat indicators, signatures, and behavioral patterns. The CTI gateway may create a log of the threat event and forward the threat event log to a task queue managed by a cyberanalysis workflow application. Human cyberanalysts use the cyberanalysis workflow application to service the task queue by removing the task at the front of the queue, investigating the threat event, and deciding whether the event is a reportable finding that should be reported to the proper authorities.

Abstract: An example method to obtain process data associated with a process control system received from a field device includes identifying, at a computing device, associated data and a payload included in the data packet, the associated data including a source bit, determining, at the computing device, a type of connection between the field device and the computing device based on the source bit, determining, at the computing device, an encryption key identifier and an initialization vector based on an auxiliary data packet received prior to the data packet, generating, at the computing device, a nonce value based on the source bit and the initialization vector, the nonce value indicative of an input to a data encryption algorithm used by the field device to encrypt the payload, and extracting, at the computing device, the process data associated with the process control system from the payload.

Abstract: A vibration signal-based smartwatch authentication method includes generating incremental vibration signals using a vibration motor in a smartwatch; performing frequency band-based hierarchical endpoint segmentation to obtain vibration signals at a plurality of frequency bands; extracting frequency-domain features for the vibration signals at the plurality of frequency bands; training a dynamic time warping model by taking the vibration signals at the plurality of frequency bands as a training data set, training a nearest neighbor model by taking the extracted frequency-domain features as training data; collecting to-be-authenticated vibration signals which are processed to serve as test data signals; discriminating similarities between the test data signals and corresponding training data signals through the dynamic time warping model, giving a classification result through the nearest neighbor model, performing weighted calculation on a discrimination result of the dynamic time warping model and a discrimin

Abstract: [Object] To provide a mechanism that makes it possible to avoid inconveniences when the authentication process has abnormality. [Solution] A communication device comprising a control section configured to control each of a first process that achieves a prescribed function, and a second process that authenticates another communication device and that is different from the first process, wherein the control section performs control in such a manner that the second process is not performed in a case where abnormality is recognized.

Abstract: A communication device achieves inter-device authentication with high accuracy and high responsiveness. The communication device includes a control section configured to execute a process related to transmission or reception of a first authentication signal and a second authentication signal that are necessary for a first authentication process for authentication of another communication device. The control section starts execution of a second authentication process for different authentication from the first authentication process, after transmission or reception of the first authentication signal and before transmission or reception of the second authentication signal.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for normalizing, compressing, and correlating vulnerabilities are disclosed. In one aspect, a method includes the actions of generating a first and second copy of a software target. The actions further include providing the first copy to a first scanning tool and the second copy to a second scanning tool. The actions further include receiving a first scanning tool output that identifies a first issue of the software target. The actions further include receiving a second scanning tool output that identifies a second issue of the software target. The actions further include determining that the first issue and the second issue are a same issue. The actions further include generating a combined issue of the first issue and the second issue. The actions further include outputting a notification that includes the combined issue.

Abstract: Disclosed herein are an apparatus and method for recommending privacy control. A privacy control server includes multiple common privacy control recommendation models learned based on personal information provision histories of multiple users, a user preference determination unit for generating at least one question item based on the multiple common privacy control recommendation models and determining a privacy control preference of a user based on a result of a user answer to the at least one question item, and a common privacy control recommendation model provision unit for providing a common privacy control recommendation model selected to match the privacy control preference of the user to the user.

Abstract: A method described herein involves various operations directed toward network security. The operations include accessing a traffic attribute describing a feature of network traffic. The operations further include determining a baseline distribution for the traffic attribute of a baseline set of transactions involving an online system over a baseline period and, additionally, determining an observed distribution for the traffic attribute of an observed set of transactions involving the online system over an observed period. Using the observed distribution and the baseline distribution, an attribute risk value for the traffic attribute is computed. The operations further include detecting that an anomaly exists in the traffic attribute of the observed set of transactions, based on the attribute risk value.

Abstract: A system includes an intelligent electronic device (IED) and a proxy device communicatively coupled to the TED via a Media Access Control (MACsec) communication link. The proxy device is configured to perform operations that include receiving permissions data, receiving a request to perform an action associated with the TED, determining whether the action is authorized based on the permissions data, and transmitting data to the TED via the MACsec communication link in response to determining that the action is authorized.

Abstract: A computer-implemented method, computer system, and computer program product for threat management. A set of features used by a machine learning model is collected by the computer system to determine a threat type for an access attempt when the access attempt is detected. A cluster is determined, by the machine learning model in the computer system, for the access attempt using the set of features, wherein the machine learning model implements clustering to determine the cluster for the access attempt, and wherein the cluster for the access attempt corresponds to the threat type for the access attempt. A set of actions is performed by the machine learning model in the computer system based on the threat type determined for the access attempt.

Abstract: A network security system that analyzes data from network attacks to determine which attacks came from the same attacker, even if the attacker tries to disguise its identity by spreading attacks out over time and attacking from multiple IP addresses. Intrusion detection systems or firewalls may log data for each attack, such as the time of the attack, the type of attack, and the source and target addresses. Embodiments may augment this data with derived attributes that may profile the attacker's behavior. For example, some attackers may spread out attacks over time, but always attack on the same day of the week; some attackers may spread out attacks over different IP addresses, but these addresses may all be in the same country. The original and augmented data may be clustered using an algorithm such as DBSCAN, and each attacker may be identified with one of the resulting clusters.

Abstract: Access level and security group information can be updated for a data instance without having to take down or recycle the instance. A data instance created in a data environment will have at least one default security group. Permissions can be applied to the default security group to limit access via the data environment. A control security group can be created in a control environment and associated with the default security group. Permissions can be applied and updated with respect to the control security group without modifying the default security group, such that the data instance does not need to be recycled or otherwise made unavailable. Requests to perform actions with respect to the control security groups are made via the control environment, while allowing native access to the data via the data environment.