Abstract: A method by a computing device implementing an attack analyzer for processing malicious events. The method includes determining a first set of features describing a malicious event detected by a firewall, determining a set of distances using a non-Euclidean distance function and the first set of features, wherein the non-Euclidean distance function is used to determine geographic origin similarity between different Internet Protocol addresses included in the first and second set of features, generating a statistical distribution object using the set of distances, wherein the statistical distribution object includes information describing a cluster that includes at least the malicious event and one or more other malicious events that are determined to be similar to the malicious event in terms of geographic origin, and transmitting information describing the cluster to a management console for presentation to an administrator on a graphical user interface.

Abstract: Disclosed herein are systems and method for generating and storing forensics-specific metadata. In one aspect, a digital forensics module is configured to generate a backup of user data stored on a computing device in accordance with a backup schedule. The digital forensics module identifies, from a plurality of system metadata of the computing device, forensics-specific metadata of the computing device based on predetermined rules, wherein the forensics-specific metadata is utilized for detecting suspicious digital activity. The digital forensics module generates a backup of the forensics-specific metadata in accordance with the backup schedule and analyzes the forensics-specific metadata for an indication of the suspicious digital activity on the computing device. In response to detecting the suspicious digital activity based on the analysis, generates a security event indicating that the suspicious digital activity has occurred.

Abstract: A secure programming system and method for provisioning and programming a target payload into a programmable device mounted in a programmer. The programmable device can be authenticated before programming to verify the device is a valid device produced by a silicon vendor. The authentication process can include a challenge-response validation. The target payload can be programmed into the programmable device and linked with an authorized manufacturer. The programmable device can be verified after programming the target payload by verifying the silicon vendor and the authorized manufacturer. The secure programming system can provision different content into different programmable devices simultaneously to create multiple final device types in a single pass.

Abstract: A shippable data transfer device includes a data storage medium encased in a chamber surrounded by an anti-tamper casing. The anti-tamper casing includes an anti-tamper layer with identifying elements arranged in a unique or otherwise identifiable pattern. The anti-tamper layer is configured to actively re-arrange, alter, or obscure the identifying elements in response to a breach of the anti-tamper casing.

Abstract: The disclosure relates to a method for enabling the secure functions of a chipset (1) and especially the encryption of the content of the secure memory (7) when the device goes into low power mode. The content of the secure memory (7) may be encrypted and stored in an external memory (20) during low power mode of the chipset (1).

Abstract: Examples associated with ransomware attack monitoring are described herein. One example includes a monitor module to monitor files stored on the system for sequences of file accesses that match a predefined pattern of file accesses. An investigation module is activated based on a sequence of file accesses that match the predefined pattern. The investigation module logs actions taken by processes to modify files. A reaction module pauses a set of processes operating on the system based on the logging performed by the investigation module, and resumes legitimate processes.

Abstract: Disclosed herein are methods, systems, and apparatus for processing blockchain-based guarantee information. One of the methods includes receiving a first cyphertext of a first digital document specifying a guarantee from a first computing device associated with at least a first guarantor and one or more zero-knowledge proofs (ZKPs) related to one or more values associated with the guarantee, and the first digital document specifies one or more predetermined conditions of executing the guarantee; verifying that the one or more ZKPs are correct; storing the first cyphertext to a blockchain based on performing a consensus algorithm; receiving a first message from a second computing device associated with a beneficiary or a representative of the beneficiary.

Abstract: Method, device, and system of detecting a mule bank account, or a bank account used for terror funding or money laundering. A method includes: monitoring interactions of a user with a computing device during online access with a bank account; and based on the monitoring, determining that the bank account is utilized as a mule bank account to illegally receive and transfer money, or is used for money laundering or terror funding. The method takes into account one or more indicators, such as, utilization of a remote access channel, utilization of a virtual machine or a proxy server, unique behavior across multiple different accounts, temporal correlation among operations, detection of a set of operations that follow a pre-defined mule account playbook, detection of multiple incoming fund transfers from multiple countries that are followed by a single outgoing fund transfer to a different country, and other indicators.

Abstract: The secure chain of trust steps to boot-up a computing device are split between the shutdown procedure of the computing device and the boot-up procedure of the computing device to reduce the time required for the computing device to boot-up. The main image associated with a central processing unit of the computing device is validated during the shutdown procedure of the computing device such that the operating system for the central processing unit is available when the computing device receives an action to power on. The boot-up time for the computing device is reduced, which allows the computing device to boot-up within an established time frame.

Abstract: Systems, methods, software and apparatus enable end-to-end encryption of group communications by implementing a pairwise encryption process between a pair of end user devices that are members of a communication group. One end user device in the pairwise encryption process shares a group key with the paired end user device by encrypting the group key using a message key established using the pairwise encryption process. The group key is shared among group members using the pairwise process. When a transmitting member of the group communicates with members, the transmitting member generates a stream key, encrypts stream data using the stream key, encrypts the stream key with the group key, then transmits the encrypted stream key and encrypted stream data to group members. The group key can be updated through the pairwise encryption process. A new stream key can be generated for each transmission of streaming data such as voice communications.

Abstract: In accordance with some embodiments, a method and system for establishing the trustworthiness of software and running systems by analyzing software and its provenance using automated means. In some embodiments, a risk score is produced. In some embodiments, software is analyzed for insecure behavior or structure. In some embodiments, parts of the software are hardened by producing possibly multiple different versions of the software with different hardening techniques applied, and a choice can be made based on user or environmental needs. In some embodiments, the software is verified and constraints are enforced on the endpoint using techniques such as verification injection and secure enclaves. In some embodiments, endpoint injection is managed through container orchestration.

Abstract: Disclosed is a method and an apparatus a zero-knowledge proof and an electronic device. That method comprise the following steps: selecting a data processing relationship, and processing private data and public data to obtain a calculation result; respectively committing the private data and the calculation result according to a commitment parameter to obtain a first commitment value and a second commitment value, wherein the commitment parameter is generated by a trusted third party; generating a non-interactive zero-knowledge proof according to the data processing relationship; wherein the commitment parameter, the first commitment value and the second commitment value are used by a verifier to verify the non-interactive zero-knowledge proof. The present disclosure solves the technical problem that bilinear pairing cannot be used in the scenario where bilinear pairing cannot be used in related technologies.

Abstract: One example method includes checking an asset against an Inclusion List and/or an Exclusion List to determine if the asset is permitted to contribute data, generated by the asset, to an enterprise data confidence fabric, when the asset is present on the Inclusion List, or not present on the Exclusion List, designating the asset as a trusted asset and appending the data generated by the asset to a ledger of the enterprise data confidence fabric, updating a ledger content index to reflect the data that was appended to the ledger, and annotating the data generated by the asset with trust metadata.

Abstract: An illustrative method includes a data protection system determining an encryption indicator for a first recovery dataset associated with a storage system, the encryption indicator representative of a likelihood that a threshold amount of data associated with the first recovery dataset is encrypted; and performing, based on the encryption indicator for the first recovery dataset, an action with respect to a second recovery dataset associated with the storage system.

Abstract: The present invention is a diverse acoustical object containing a range of particles that have acoustical wave impedances that are substantially different from the binder. The particles create a substantially different reflection as an acoustic wave is scattered by the particles. A negative reflection is created when the scattered wave is from a particle that has a wave impedance that is substantially less than the binder impedance. Practically, it may be necessary to encase this material in a thin material that will withstand the fabrication process (e.g., air or silicone elastomer could be encased in glass). If the wavelength is large compared to the encasing material thickness, then the reflection will be more dependent on the interior material. A mixture of materials that generate positive as well as negative reflections within the binder would add to the complexity of the PUF.

Abstract: A data storage system may track data access operations to a memory with a distribution module and translate the tracked data access operations into at least one activity with the distribution module. The distribution module generates a decentralization strategy and then creates a first visual representation of the at least one activity and a second visual representation of the at least one activity with the distribution module. The respective visual representations are distributed to a first user and a second user with the first user and second user respectively selected by the decentralization strategy for analysis for a purpose assigned by the decentralization strategy. The distribution module grants the first user a first temporary permission to alter at least one operational policy of the memory in response to a result of the first purpose.

Abstract: The present disclosure is directed to analyzing received sets of computer data. Methods and apparatus consistent with the present disclosure may forecast that a received set of computer data does not include malware after allowing instructions included in that set of computer data to execute for an amount of time that does not exceed an allocated amount of time. Methods consistent with the present disclosure may instrument a set of received program code and allow instructions in that received set of program code to execute as instrumentation code collects information about the set of program code. This collected information may be compared with sets of known good data when determining whether a received set of program code is likely not to include malware. This collected information may be associated with “behaviors” performed by the received set of program code that may be identified using sets of contextual data.

Abstract: A computing device comprising a frontend and a backend is operably coupled to a plurality of storage devices. The backend comprises a plurality of buckets. Each bucket is operable to build a failure-protected stipe that spans two or more of the plurality of the storage devices. The frontend is operable to encrypt data as it enters the plurality of storage devices and decrypt data as it leaves the plurality of storage devices.

Abstract: An illustrative method includes a data protection system detecting a request provided by a source to perform an operation with respect to a storage system, the request including a logical address that comprises a logical element representative of a storage location within the storage system, determining whether the logical address further comprises an authorization element indicating that the source is authorized to initiate operations with respect to the storage system, and performing, based on the determining whether the logical address includes the authorization element, an action with respect to the operation.

Abstract: A system, method and apparatus to record a file in a file system that is mounted in a secure section of a memory device. The memory device authenticates a requester to write data into secure section based on whether the requester is in possession of a cryptographic key. Nonprivileged modules of the operation system can write into a nonsecure section of the memory device. Requests to write or change a file can be recorded by nonprivileged modules into the nonsecure section for subsequent committing into the file system. In response to a request to commit the file, a security manager having the cryptographic key is called to identify, based on the records in the nonsecure section, data eligible to be written into the secure section. The security manager can generate commands, signed using the cryptographic key, to write the content of the file into the secure memory section.