Abstract: A method of operating a storage system is provided. The method includes establishing a security context between a client and the storage system, the security context comprising a single ticket for multiple nodes within the storage system. The method includes distributing a first request to a first blade within the storage system and distributing a second request to a second blade within the storage system. The distributing the first request and the second request includes determining a node for handling the first request and the second request based on data within the single ticket.

Abstract: Representative embodiments described herein set forth techniques for optimizing large-scale deliveries of electronic Subscriber Identity Modules (eSIMs) to mobile devices. Specifically, instead of generating and assigning eSIMs when mobile devices are being activated—which can require significant processing overhead—eSIMs are pre-generated with a basic set of information, and are later-assigned to the mobile devices when they are activated. This can provide considerable benefits over conventional approaches that involve generating and assigning eSIMs during mobile device activation, especially when new mobile devices (e.g., smartphones, tablets, etc.) are being launched and a large number of eSIM assignment requests are to be fulfilled in an efficient manner.

Abstract: Embodiments of the present disclosure generally relate to systems, devices, and methods wherein dynamically generated symmetric keys are used for encryption and decryption of software updates for vehicles. The symmetric keys are dynamically generated using a combination of information that ties a given symmetric key to a specific combination of a vehicle and the devices installed therein. The dynamic generation of the symmetric keys also uses a piece of random data generated by an intermediary server, which allows the intermediary server to validate devices before providing the piece of random data and thereby control access to the software updates. Use of the techniques disclosed herein provide heightened security, control, safety, and reliability for over-the-air software updates for vehicles.

Abstract: Disclosed herein are systems and methods for automatic takedown of counterfeit websites using API-based and/or email-based takedown. In implementations the method includes checking the domain of a Uniform Resource Locator (URL) against a database to determine if an API-based takedown can be performed for the counterfeit website. If an API-based takedown cannot be performed the system determines the email of the hosting provider hosting the counterfeit website based on the resolve Internet Protocol (IP) address and sends a takedown notification via email with evidence such as screenshots, hosting infrastructure information, website lifecycle and scan timestamp. The system checks periodically whether the counterfeit website has been taken down by the network owner. If, after a check, the website is still live, the process of takedown is repeated until the website is taken down.

Abstract: Systems, methods, and software can be used to determine security risks of software services on a cloud computing platform. In some aspects, a computer-implemented method comprises: receiving, by a software service application executing on a cloud computing platform, a request for a software service provided by the software service application; identifying, by the software service application, a resource that is triggered by the request; determining, by the software service application, that the request has a security risk based on a security policy associated with the resource; and in response to the determining, generating, by the software service application, a security notification indicating the security risk.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed for dynamic re-distribution of detection content and algorithms for exploit detection. An example apparatus includes at least one processor, and memory including instructions that, when executed, cause the at least one processor to deploy respective ones of a plurality of standard detection algorithms and content (SDACs) to respective ones of a first endpoint and a second endpoint, deploy a first set of enhanced detection algorithms and content (EDACs) to the first endpoint, deploy a second set of the EDACs to the second endpoint, the second set of EDACs different from the first set of EDACs, and in response to obtaining a notification indicative of an exploit attack from the first endpoint, distribute the first set of EDACs to the second endpoint to facilitate detection of the exploit attack at the second endpoint.

Abstract: A system includes at least one processor and at least one memory communicatively coupled to the at least one processor, where the at least one memory stores instructions. When executed by the at least one processor, the instructions are configured to receive death certificate information from a node of a distributed ledger system, determine, a record to be updated based at least in part on the death certificate information, and update the record. The death certificate information and the record are associated with an individual.

Abstract: A network of storage units has a data path, which is at least a portion of the network. The network also has a dynamic time-varying or cycle-varying code generation unit and a code comparator unit that together make up an unlock signal generation unit; and a gateway storage unit. If the gateway storage unit does not store an unlock signal or the unlock signal generation unit does not generate and transmit an unlock signal, the gateway storage unit does not insert a data path segment in the data path. If the unlock signal generation unit is operated such that it generates an unlock signal, and it transmits that unlock signal to a gateway storage unit, and the gateway storage unit stores the unlock signal value, then the gateway storage unit inserts a data path segment into the data path.

Abstract: In general, techniques are described for enhancing communication between kernel modules operating in different network stacks within the kernel space of the same network device. An IPVLAN driver is configured to establish an endpoint in a first and second kernel module, wherein each kernel module executes in a different networking stack in the same kernel space. The endpoint in the first kernel module is associated with an interface of the first module. Selected packets are transferred from the second kernel module to the first kernel module via the interface of the first module.

Abstract: Apparatuses, methods, systems, and program products are disclosed for early data breach detection. An apparatus includes a data module configured to receive user data from a darknet. User data may include user credential information that has been misappropriated. An apparatus includes a match module configured to determine whether user credential information matches a user's credentials for a user's one or more online accounts. An apparatus includes an action module configured to trigger a security action related to a user's one or more online accounts to make the user's one or more online accounts more secure in response to determining that user credential data matches the user's credentials at the user's one or more online accounts.

Abstract: A firewall may identify a uniform resource locator (URL) being transmitted to a user device, the URL link pointing to a host system. The firewall can then modify the URL link to point instead to a sandbox system. Once a user at the user device selects the URL link (e.g., by clicking or touching it in a browser), the firewall receives the user device's HTTP request and directs it to the sandbox system, which generates a new HTTP request that is then sent through the firewall to the host system. The host system then sends host content to the sandbox system instead of to the user device. The user device may then be presented with a representation of the host content as rendered at the sandbox system (e.g., through a remote desktop interface).

Abstract: Counterfeit uniform resource locators (URLs) are detected and blocked in real-time by a browser extension in communication with a counterfeit URL detection system. The browser extension receives a URL requested within a browser application. Content from a webpage associated with the received URL is extracted and transmitted to the counterfeit URL detection system, which is configured to analyze the content and return an assessment indicating whether the URL is counterfeit. If the assessment indicates that the URL is counterfeit, the browser extension blocks the browser application from accessing content associated with the URL.

Abstract: Counterfeit uniform resource locators (URLs) are detected and blocked in real-time by a browser extension in communication with a counterfeit URL detection system. The browser extension receives a URL requested within a browser application. Content from a webpage associated with the received URL is extracted and transmitted to the counterfeit URL detection system, which is configured to analyze the content and return an assessment indicating whether the URL is counterfeit. If the assessment indicates that the URL is counterfeit, the browser extension blocks the browser application from accessing content associated with the URL and redirects the browser extension to a legitimate URL.

Abstract: Methods, systems, and apparatus, including medium-encoded computer program products, for secure storage and retrieval of information, such as private keys, useable to control access to a blockchain, include, in at least one aspect, a method including: identifying for an action an associated private-keys group out of different private-keys groups, each having an associated cryptographic group key; decrypting, at a first computer, a first level of encryption of a private key associated with the action using the associated cryptographic group key; decrypting, at a second computer distinct from the first computer, a second level of encryption of the private key associated with the action using a hardware-based cryptographic key used by the second computer; using, at the second computer, the private key associated with the action in a process of digitally signing data to authorize the action; and sending the digitally signed data to a third computer to effect the action.

Abstract: A key management system includes a hardware security module (HSM) with a secure memory; an HSM driver implementing an API, interfaced with the HSM to provide handles to cryptographic objects stored on the secure memory of the HSM; and a shim layer interfaced with the HSM driver. The layer is generally configured to enable a client application to interact with the HSM via the driver, i.e., for the HSM to manage cryptographic objects for the client, notwithstanding the layer. External memory storage resides outside the HSM and is interfaced with the layer. The method includes instructing (at the layer) to: (i) encrypt cryptographic objects from the HSM (with the help of the driver) and store the resulting encrypted objects at respective memory locations on the storage, to free up memory space; and (ii) store handles to such cryptographic objects along with references to said respective memory locations, on the storage.

Abstract: Apparatuses (e.g., systems and devices) and methods for remotely accessing a local (e.g., home, office, etc.) network of devices connected to a local router.

Abstract: In various example embodiments, a system and method for data mesh-based environmental augmentation are presented. Attribute data associated with a user may be received from a plurality of attribute sources. A portion of the attribute data. may include real-time data. A portion of the real-time data indicative of an identity of the user may be identified. The identity of the user may be authenticated with respect to the real-time data by analyzing the identified portion of the real-time data. Based on the authentication of the identity of the user, a user activity being performed by the user may be identified based on the real-time data, and the user activity may be augmented according to a user setting.

Abstract: A methodology for requesting at least one signed security measurement from at least one module with a corresponding cryptoprocessor is provided. The methodology includes receiving the at least one signed security measurement from the at least one module with the corresponding cryptoprocessor; validating the at least one signed security measurement; generating a signed dossier including all validated signed security measurements in a secure enclave, the signed dossier being used by an external network device for remote attestation of the device.

Abstract: Systems and methods for protecting user data received by, stored on, and/or requested by third-party computing devices include a data entry computing system on a first network node. The data entry computing system includes a processing circuit configured to: identify user-entered data as sensitive user data, generate a content encryption key (CEK), generate encrypted user data by encrypting the sensitive user data with the CEK, and tag the encrypted user data and the CEK with a tag readable by a database server on a network node different than the data entry computing system. The tag includes information indicative of the user data. The processing circuit is configured to transmit the encrypted user data to the database server, wherein the database server excludes a private key of a key manager on a network node different than the data entry computing system.

Abstract: Provided is a method according to one embodiment of the present invention comprising the steps of: (a) a server generating, by means of a hash function, a message digest (MD) of a particular file when a request for authenticating same is obtained; (b) when an MD encoded with a private key of a particular user is obtained, and if (A) information for the MD, which was encoded with the private key of the particular user, decoded with a public key of the particular user matches (B) the MD generated in step (a), then the server registering, in a database, a hash value of the MD encoded with the private key of the particular user and a private key of the server; and (c) the server obtaining a transaction ID.