Abstract: The present disclosure provides systems and methods for organizations to use forensic to generate a risk scores associated with potential compromise based on clustering and/or similarities with other organizations that have or may have been compromised. For example, specific attributes or marks, such as low fidelity indicators of compromise can be used to create a similarity score rank over time that may be used as a similarity and risk measurement to generate a continual/dynamic score, which can change and/or be updated as new data is created or arrives to detect or prevent threats and/or malicious attacks.

Abstract: A method for controlling personal content on a media device includes establishing, at the media device, a wireless connection with a mobile user device using a wireless communication circuit of the media device; receiving, from the mobile user device, account information for an account associated with personal content, the personal content of the account accessible by the media device from a server computer over a communication network or from a memory of the media device; receiving, from the mobile user device, a usage term for accessing or using the personal content of the account; and controlling access to or usage of the personal content of the account by the media device based on the received account information and the usage term.

Abstract: The invention relates to a method for anonymization of event data collected within a system or network providing a service for subscribers/customers wherein each event data set is related to an individual subscriber/customer of the system/network and includes at least one attribute wherein the method counts the number of event data sets related to varying individual subscribers having identical or nearly identical values for at least one attribute. The invention further relates to a method for anonymization of static data related to individual subscribers of a mobile communication network wherein each static data set consist of different attributes and the method identifies specific profiles derivable form the static data and drops one or more respective attribute of the static data sets and/or classifies two or more static data sets to a certain group having at least one matching attribute.

Abstract: Aspects of the disclosure relate to assessing and adjusting robustness to cyber-attacks of a computer system. The capability of defending against cyber-attacks by cyber-tools (via protection methods) is mapped to one or more attack vectors. One or more cyber-tools may be activated based on the capability mapping. Based on protection data generated by the computer system, an assessment computing device determines a cyber-robustness metric for the one or more cyber-tools and may invoke a reconfiguration of the cyber-tools to increase the cyber-robustness of the computer system. A machine learning machine may process the protection data, such as log data, to detect one or more patterns to determine an effectiveness of the activated cyber-tools. With some embodiments, the machine learning machine groups the protection data using a subset of variables and forms meta structures from the subset.

Abstract: A method of performing an operation on a data storage for storing data being encrypted with a key KD associated with an owner of the data is provided. The method includes deriving, for each authorized client Cj, a first key KCj and a second key KTj, providing the client Cj with the first key KCj, and providing a Trusted Third Party (TTP) with the second key KTj. The method further includes, at a Policy Enforcement Point, receiving a request for performing the operation on the data storage from a client Ck of the authorized clients, acquiring a first key KCk from the client Ck, acquiring a second key KTk from the TTP, deriving the key KD from the first key KCk and the second key KTk, and performing the operation on the data storage using the derived key KD. The disclosed trust model uses two-part secret sharing.

Abstract: Data masking is provided by, for at least one predetermined data item in data to be sent, applying a one-way function to that data item to produce a first value, producing a masked data item by encrypting the first value via a deterministic encryption scheme using a current encryption key for a current epoch, and replacing that data item by the masked data item. A data-provider computer sends the masked data to the data-user computer. On expiry of the current epoch, the data-provider computer generates a new encryption key for the encryption scheme in a new epoch, produces mask-update data, dependent on the current and new encryption keys, and sends the mask-update data to the data-user computer. The mask-update data permits updating, at the data-user computer, of masked data items produced with the current encryption key into masked data items produced with the new encryption key.

Abstract: Systems, and methods are provided to provide cloud-based coordination of customer premise service appliances. A system can include a cloud-based service platform, which includes a coordination server and a cloud-based service appliance, and an on-premise service appliance. The coordination server is configured to establish a service session, select a service appliance, and control a sequence of operations on the selected service appliance. Establishing the service session can include establishing a service session with a first client in response to a service request received from the first client, the first client associated with an account including a service policy. Selecting the service appliance can include selecting the cloud-based service appliance or the on-premise service appliance, based on the service policy, to handle the service request.

Abstract: A server and method for providing a content selection is provided. The server receives content targeting parameters and obtains content items from at least one content site based on the content targeting parameters. The server can further identify content descriptors for the content items and generate a first content cluster from a subset of the content items based on the content descriptors. The server can further generate a second content cluster from a second subset of the content items based on the content descriptors and rank the first and the second content clusters in an order of usefulness. The ranking of the content clusters can be based on at least one of an importance of content, a recentness of the content items and a size of the content cluster.

Abstract: A method for controlling access to one or more of a plurality of target systems includes receiving profile data that defines one or more features associated with a plurality of individuals with one or more entitlements of those individuals. Each entitlement is indicative of target system access. The method further includes generating a model that relates the one or more features and the one or more entitlements of the plurality of individuals. Profile data that defines one or more features associated with a target individual is received from a first user management system. A listing that includes one or more entitlements associated with the target individual, and confidence values associated with the one or more entitlements is generated based on the profile data and the model. Each confidence value is indicative of whether the target individual should be granted a corresponding entitlement.

Abstract: Systems and methods for accessing multiple resources via one identifier are described, including receiving an input that includes at least an authentication code from an application; associating the authentication code with a resource; receiving another input, which includes at least an identifier associated with the resource and the authentication code, from the application requesting the resource; determining that the application can access another resource based on the authentication code; and based on the determining, providing the another resource to the application.

Abstract: A method for controlling access to one or more of a plurality of target systems includes receiving profile data that defines one or more features associated with a plurality of individuals with one or more entitlements of those individuals. Each entitlement is indicative of target system access. The method further includes generating a model that includes one or more sets of rules where each set of rules is associated with an entitlement of the profile data. Each entitlement is indicative of target system/application access. Each rule within a set relates a combination of one or more features of the profile data with a confidence value. Profile data that defines one or more features associated with a target individual is received from a first user management system. A listing that includes one or more entitlements associated with the target individual, and confidence values associated with the one or more entitlements is generated based on the profile data and the rules.

Abstract: Evaluating a potentially malicious sample using a copy-on-write overlay is disclosed. A first virtual machine instance is initialized as a copy-on-write overlay associated with an original virtual machine image. The first virtual machine image is started and a first sample is executed. A second virtual machine instance is initialized as a copy-on-write overlay associated with a second original virtual machine image. The second virtual machine image is started and a second sample is executed. The first and second samples are executed at an overlapping time.

Abstract: A method for controlling access to one or more of a plurality of target systems includes receiving profile data that defines one or more features associated with a plurality of individuals with one or more entitlements of those individuals. Each entitlement is indicative of target system access. The method further includes generating a model that relates the one or more features and the one or more entitlements of the plurality of individuals. Profile data that defines one or more features associated with a target individual is received from a first user management system. A listing that includes one or more entitlements associated with the target individual, and confidence values associated with the one or more entitlements is generated based on the profile data and the model. Each confidence value is indicative of whether the target individual should be granted a corresponding entitlement.

Abstract: The present disclosure relates to techniques for enforcing privacy rights in digital images. An example method generally includes receiving a image-hash as part of a wireless communications protocol where the image-hash comprises a collection of data representing an individual face. Analyzing a digital image using the image-hash to identify a matching face where the collection of data from the image-hash is used to initialize an identification algorithm. The identification algorithm is configured to return a positive identification when the individual face is present in the digital image, and editing the digital image to obscure the individual face when a positive identification is returned.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for configuring a field programmable gate array (FPGA) based trusted execution environment (TEE) for use in a blockchain network. One of the methods includes storing a device identifier (ID), a first random number, and a first encryption key in a field programmable gate array (FPGA) device; sending an encrypted bitstream to the FPGA device, wherein the encrypted bitstream can be decrypted by the first key into a decrypted bitstream comprising a second random number; receiving an encrypted message from the FPGA device; decrypting the encrypted message from the FPGA device using a third key to produce a decrypted message; in response to decrypting the encrypted message: determining a third random number in the decrypted message; encrypting keys using the third random number; and sending the keys to the FPGA device.

Abstract: A method and system for managing a large number of servers and their server components distributed throughout a heterogeneous computing environment is provided. In one embodiment, an authenticated user, such as a IT system administrator, can securely and simultaneously control and configure multiple servers, supporting different operating systems, through a “virtual server.” A virtual server is an abstract model representing a collection of actual target servers. To represent multiple physical servers as one virtual server, abstract system calls that extend execution of operating-system-specific system calls to multiple servers, regardless of their supported operating systems, are used. A virtual server is implemented by a virtual server client and a collection of virtual server agents associated with a collection of actual servers.

Abstract: There are disclosed devices, system and methods for detecting cross-origin malicious code existing in an internet advertisement (ad) requested by a published webpage viewed by a user. First, receipt of the ad is detected, where that ad includes cross-origin malicious code that causes a browser cross-origin unwanted action without user action. The ad is then executed in a browser sandbox that displays the cross-origin malicious code and intercepts the cross-origin unwanted action. When a cross-origin security error results from this execution, the cross-origin malicious code is discontinued and the cross-origin unwanted action is intercepted.

Abstract: A method of protecting data is disclosed herein. The method comprises: encrypting a data in a protected data item using a first encryption key; and encrypting the first encryption key in the protected data item using a second encryption key that is unique to the protected data item, wherein the unique second encryption key is derived from a third encryption key in the protected data item and to a plurality of protected data items comprising a common characteristic shared with the protected data item.

Abstract: Aspects of the disclosure relates to systems and methods for locking a display device of a host computer remotely using a management controller, and providing a banner notification on the locked display device. The system includes a computing device as the host computer, which has a display device, and a management controller. When the management controller receives a locking command, the management controller, in response to the locking command, performs the following operations: generating a locking instruction, and sending the locking instruction to the computing device to lock the display device; and generating a message display instruction including a message to be displayed, and sending the message display instruction to the display device of the computing device, in order to display the message on the display device. Thus, a local user at the computing device may be notified by the message that the display device is locked.

Abstract: A security system can provide monitoring and vulnerability testing of networks within a vehicle and perform patching or take other remedial action when vulnerabilities are found. Monitoring can comprise maintaining and enforcing security policies on use of the networks of the vehicle, performing anti-virus and/or anti-malware monitoring and/or scanning on messages and use of the networks of the vehicle, monitoring in real-time for certain conditions or on certain aspects of operation of the networks, or performing one or more of a number of different types of automated vulnerability scans on the networks of the vehicle. Patching or take other remedial action can comprise, blocking access to one or more of the networks of the vehicle by an application, component, user, etc. when a threat is detected or a vulnerability is found, reporting a detected threat or vulnerability, obtaining and applying a patch or automatically taking other corrective action as needed.