Abstract: A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed outside of the first host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that a hidden process exists and corrective action can be taken.

Abstract: Federation of trusted data distribution systems is accomplished by treating an entire data distribution network as either a publisher or subscriber to a feed in another data distribution network. A first data feed is created in a first data feed management subsystem associated with a first data distribution network. A second data feed related to the first data feed is created in a second data feed management subsystem associated with a second data distribution network. A first data access policy is associated with the second data feed and a publisher for the second data feed is created in the second data distribution network. The identity and authentication of a second subscriber to the second data feed in the second data distribution network is managed by referencing the first data access policy.

Abstract: A system for applying fingerprinting/watermarking of consumer data, and analyzing “wild files” of consumer data to assign a guilt score for a particular party who may have leaked the data, allows the owner of data sources (“Data Owners”) to identify and assert ownership of textual data that has been distributed outside of their firewall in the clear (i.e., without encryption), either intentionally or unintentionally, and assign guilt to parties misusing the data. The system can be used by Data Owners who transmit, lease, or sell data to individuals or organizations (“Trusted Third Parties” or “TTPs”) to recognize and assert ownership of their data in the case where one or more TTPs leaks the data (the leaked file is defined as a “Leaked Subset”) into the hands of others (“Bad Actors”) who either knowingly or unknowingly use the data illegally.

Abstract: A user can share (show) multimedia information while simultaneously communicating (telling) with one or more other users over a network. Multimedia information is received from at least one source. The multimedia information may be manually and/or automatically annotated and shared with other users. The multimedia information may be displayed in an integrated live view simultaneously with other modes of communication, such as video, voice, or text. A simultaneous sharing communication interface provides an immersive experience that lets a user communicate via text, voice, video, sounds, music, or the like, with one or more other users while also simultaneously sharing media such as photos, videos, movies, images, graphics, illustrations, animations, presentations, narratives, music, sounds, applications, files, and the like. The simultaneous sharing interface enables a user to experience a higher level of intimacy in their communication with others over a network.

Abstract: An electronic device is provided. The electronic device includes a communication interface including circuitry, a memory, and a processor which, based on receiving ID information generated by performing a first encryption process on biometric information and password information generated by performing a second encryption process on the biometric information from an external electronic device through the communication interface, is configured to control the electronic device to: store the ID information and the password information in the memory.

Abstract: A cyber threat intelligence (CTI) gateway device may receive rules for filtering TCP/IP packet communications events that are configured to cause the CTI gateway device to identify communications corresponding to indicators, signatures, and behavioral patterns of network threats. The CTI gateway device may receive packets that compose endpoint-to-endpoint communication events and, for each event, may determine that the event corresponds to criteria specified by a filtering rule. The criteria may correspond to one or more of the network threat indicators, signatures, and behavioral patterns. The CTI gateway may create a log of the threat event and forward the threat event log to a task queue managed by a cyberanalysis workflow application. Human cyberanalysts use the cyberanalysis workflow application to service the task queue by removing the task at the front of the queue, investigating the threat event, and deciding whether the event is a reportable finding that should be reported to the proper authorities.

Abstract: A system for applying fingerprinting/watermarking of consumer data, and analyzing “wild files” of consumer data to assign a guilt score for a particular party who may have leaked the data, allows the owner of data sources (“Data Owners”) to identify and assert ownership of textual data that has been distributed outside of their firewall in the clear (i.e., without encryption), either intentionally or unintentionally, and assign guilt to parties misusing the data. The system can be used by Data Owners who transmit, lease, or sell data to individuals or organizations (“Trusted Third Parties” or “TTPs”) to recognize and assert ownership of their data in the case where one or more TTPs leaks the data (the leaked file is defined as a “Leaked Subset”) into the hands of others (“Bad Actors”) who either knowingly or unknowingly use the data illegally.

Abstract: A process of linking a key to a component is disclosed herein. In various aspects, the key may be a password, hash, key, encryption key, decryption key, seed value, unlock code, or other alphanumeric identifier, and the component includes a computer in networked communication, and may further include a specific user of the computer. The process may include the step of identifying a component using environmental variables associated with the component, and the process step of forming a representation of the key unique to the component. The representation is tested to determine that the identified component is the source of the representation, in various aspects.

Abstract: The present disclosure provides a data processing method for coping with ransomware, which encrypts data with a malicious intent and blocks an access to the data, to protect the data, and a program for executing the data processing method. In a computer apparatus that loads an application program stored in a memory onto a processor and carries out a predetermined processing according to the application program, on an operating system (OS) kernel which controls an access of the application program to hardware components of the computer apparatus, the processor reads the data stored in the memory, performs the predetermined processing at the request of the application program, determines whether a ransomware attack occurred for the data before storing the processed data back to the memory, and stores the processed data to the memory according to a determination result, thereby preventing the damage caused by the ransomware attack.

Abstract: This disclosure describes systems, methods, and devices related to security for multi-link operation. A device may determine a multi-link communication with a first multi-link device comprising two or more links associated with two or more station devices (STAs) included in the first multi-link device. The device may determine a first medium access control (MAC) address associated with a first link of the two or more links. The device may determine a second MAC address associated with a second link of the two or more links. The device may generate one or more pairwise security keys to be used in the multi-link communication on the two or more links. The device may cause to send a frame to the first multi-link device using at least one combination of the one or more pairwise security keys.

Abstract: A method and system include receiving, by a processor of a server, from a computing device associated with a user, real-time user activity data identifying at least one activity performed on the computing device. User-inputted data elements from a plurality of elements of a graphical user interface displayed on the computing device are received, which identify user-specific data attributes. Potential user-specific knowledge information is identified from databases based on at least one user-specific data attribute. User-specific challenge questions based on the potential user-specific knowledge information are generated and displayed on the user's computing device. Answers to the user-specific challenge questions by the user are received. An answer score based on correct answers and a behavioral score based the real-time user activity data of the user are determined. The processor determines whether the user is or is not a fraudster based on the answer score and the behavioral score.

Abstract: Provided is a method for blockchain-based recordkeeping and implementable by a terminal device. The method comprises: obtaining target data; computing a data digest of the target data, and extracting a key segment from the target data; signing, in a secure operation environment included in the terminal device, the data digest and/or the key segment based on a private key associated with the terminal device to generate a signature; and submitting to a blockchain the data digest, the key segment, and the signature, for one or more nodes in the blockchain to verify the signature based on a public key corresponding to the private key, and to record the data digest and the key segment in the blockchain in response to the signature being verified to be valid.

Abstract: Systems and methods are described for modifying input and output (I/O) to an object storage service by implementing one or more owner-specified functions to I/O requests. Such functions can include data access control functions, data manipulation functions, and the like. The owner of an object collection maintained by the object storage service can specify code execution environment rules that can give privileges to the execution of such functions such as by allowing the functions to access external services or the requesting user's private resources. In this manner, owners of the object collection are provided with greater control over how the object collection is accessed.

Abstract: A processor of a remote crypto cluster (RCC) may receive a public key from a client device through at least one network. The processor of the RCC may obtain an encrypted specific key and a blinded project key from at least one data source through the at least one network. The processor of the RCC may derive a derived key in blind based on the encrypted specific key and the blinded project key. The processor of the RCC may send the derived key in blind to the client device.

Abstract: Methods and systems are disclosed for anti-replay protection for network packet communications. A scorecard is stored that includes packet sequence numbers for received packets associated with a network packet flow. For each received packet, an anti-replay unit accesses the scorecard for an initial check to determine if the current packet represents a late packet and/or a replay packet. After further processing, the anti-replay unit accesses the scorecard for a final check to determine if the current packet represents a replay packet. For one embodiment, the initial check uses a first window of packet sequence numbers, and the final check uses a second window of packet sequence numbers that is larger than the first window. For further embodiments, multiple processing units operate in parallel to process received packets and to share the anti-replay unit, and each processing unit requests initial and final checks for received packets it processes.

Abstract: An example operation may include one or more of receiving, from a blockchain peer node, a sequence of blocks stored in a hash-linked chain of blocks on a distributed ledger, where each block in the sequence of blocks includes a reduced-step hash of block content from a previous block in the sequence, performing an approximate hash verification on the reduced-step hashes stored among the sequence of blocks, and determining whether the sequence of blocks has been tampered with based on the approximate hash verification on the reduced-step hashes.

Abstract: A virtual private network connection method and a memory card device using the virtual private network connection method are provided. Firstly, a virtual private network connection application program is provided. Then, the virtual private network connection application program is loaded in a memory card device. Then, the memory card device is installed in a medical device. After the virtual private network connection application program is executed and the memory card device is connected to a virtual private network server according to a connection request, the data from the medical device is transmitted to the virtual private network server through the memory card device. In such way, the data will not be attacked by malware and stolen by a third-party manufacturer during the transmission process.

Abstract: Systems and techniques for data creation limits are described herein. In an example, a data creation limits system is adapted to receive data and split the data into a plurality of portions based on entity interests in each of the plurality of portions. The data creation limits system may be further adapted to generate respective tokens for each portion of the plurality of portions. The data creation limits system may be further adapted to assign an owner to a token of the respective tokens, the token corresponding to a portion of the plurality of portions and assigning the owner based on the owner having an entity interest in creation of the portion. The data creation limits system may be further adapted to generate a script, using the token, for access to the portion. The data creation limits system may be further adapted to save the portion including the token.

Abstract: Applications on a device are assigned scores based on their attributes, update status, and source. A device is a assigned a score based on its attributes and the scores of applications installed thereon. the device score may be combined with an evaluation of user behavior to obtain a user score. The scores may be used to invoke security actions with respect to data and services of an enterprise. Security reports for a network environment may be modified such that the severity of threats accounts for policies and attributes of the environment. Security of a device may be evaluated locally, including the training of a model to identify anomalous authentication or usage behavior. Security of a device may be reduced to a score lacking personal information that may be used by a server to select access controls for a device.

Abstract: An example operation includes one or more of encrypting, by a transport, received data based on a first biometric associated with an occupant, unencrypting, by the transport, the encrypted data, based on a verification of a second biometric, wherein the second biometric is a continuum of the first biometric, and providing, by the transport, the unencrypted data to the occupant.