Abstract: A system and method are provided for providing trusted links between applications. The method is executed by a registry server device.

Abstract: The disclosed methods may receive a first request for access to a first system memory from a new user and a first justification, the first request includes first role information and first current access information of the new user, determine whether the first request is within a request cluster based on first role history information and current access history information. When the first request is within the request cluster, generate a matrix from the first role information and the first current access information, and determine using a first neural network, whether to grant the first request based on the matrix. When the first request is granted by the first neural network, determine, using a second neural network, whether the first justification is similar to first justification history information. When the first justification is similar to the first justification history information, grant the new user access to the first system memory.

Abstract: Context information of a handshake between a source entity and a target entity is obtained at a security proxy. The context information is transmitted from the security proxy to a key manager. The key manager maintains a first private key of the security proxy. A first handshake message is received from the key manager. The first handshake message is generated at least based on the context information and signed with the first private key. The first handshake message is then transmitted to the target entity.

Abstract: An information handling system may receive, from a first sensor of the information handling system, first sensor data. The information handling system may receive, from a second sensor of the information handling system, second sensor data. Based, at least in part, on the first sensor data and the second sensor data, the information handling system may generate a plurality of security profiles for the information handling system. Based, at least in part, on the first sensor data and the second sensor data, the information handling system may apply a security profile of the plurality of security profiles to the information handling system.

Abstract: The present disclosure generally relates to managing user profiles. An example method includes, at a computer system in communication with a display generation component and an input device: receiving, via the input device, a user input including a request to access a first restricted media item; and in response to the user input: in accordance with a determination the user input is a voice input and the voice input corresponds to a user profile authorized to access the first restricted media item using voice inputs, initiating playback of the first restricted media item; and in accordance with a determination the user input is a voice input and the voice input does not correspond to a user profile authorized to access the first restricted media item using voice inputs: forgoing initiating playback of the first restricted media item; and causing display, at the display generation component, of a validation user interface.

Abstract: The present disclosure provides a distributed computer system, which includes a plurality of computing devices. Each computing device includes a memory, a portion of a Blockchain, a transceiver, and a processor. The memory stores a plurality of data transaction requests. Each data transaction request corresponds to a block in the Blockchain and includes a cryptographic hash of a previous block, a timestamp, and transaction data. The transceiver receives a data transaction request from a subset of the plurality of computing devices. The processor determines whether the received data transaction request corresponds to at least one block in the portion of the Blockchain. The processor updates an internal record of the Blockchain, based on determining that the data transaction request corresponds to at least one block in the portion of the Blockchain. The processor then verifies the updated internal record of the Blockchain with a computing device in the subset.

Abstract: Systems and methods that facilitate operational support for network infrastructures are discussed. The disclosed system and method facilitate a unified view of the current state of the network and networked devices including real-time log monitoring and for providing metrics for long term system planning. One such method can include the acts of automatically discovering a device deployed on a network, receiving device and network related data in real-time, determining whether a device is authorized, terminating device network access, filtering device data, validating device configuration, configuring a device and providing an output for use by a user. The disclosed system and method can be utilized, for example, to reduce the time involved in troubleshooting and resolving network issues, for establishing a baseline for network performance and for network capacity planning.

Abstract: An approach is provided for implementing a useful proof-of-work consensus algorithm. A proposed block is received. A combined hash value is generated based on the proposed block and a nonce value. The combined hash value is divided into a plurality of hash value pieces that each correspond to a work packet of a plurality of work packets. One or more requests are transmitted for the plurality of work packets that correspond to the plurality of hash value pieces. In response to receiving the plurality of work packets, a plurality of results is generated by performing, for each work packet of the plurality of work packets, one or more operations to complete work specified by the respective work packet. In response to determining that at least one result of the plurality of results satisfies one or more criteria, the proposed block is added to a blockchain maintained by the blockchain network.

Abstract: An apparatus for performing cryptographic primitives includes a processor that is configured to receive an instruction to perform a cryptographic primitive, where the instruction includes one or more operands, at least one of the operands indicates one or more data structures that include values for the cryptographic primitive, and where the values include a first value indicating a mode of encryption that indicates an order of performing an encryption operation and an authentication operation and a second value indicating a cipher type; and perform the cryptographic primitive and store an output of the cryptographic primitive in an output data structure.

Abstract: A certificate authority service receives a request to issue a short-duration digital certificate usable for authentication of a server of an entity. The request includes a long-duration digital certificate that is not usable for authentication of the server of the entity, the long-duration certificate being usable for validation purposes between the entity and the service. The service determines whether to issue the short-duration digital certificate based on a validity period that is specified in the long-duration digital certificate. Based on the determination, the service issues the short-duration digital certificate that includes a shorter validity period than the long-duration digital certificate. The short-duration digital certificate may enable a client to authenticate the entity and securely communicate with the entity.

Abstract: Based upon the principles of randomness and self-modification a novel computing machine is constructed. This computing machine executes computations, so that it is difficult to apprehend by an adversary and hijack with malware. These methods can also be used to help thwart reverse engineering of proprietary algorithms, hardware design and other areas of intellectual property. Using quantum randomness in the random instructions and self-modification in the meta instructions, creates computations that are incomputable by a digital computer. In an embodiment, a more powerful computational procedure is created than a computational procedure equivalent to a digital computer procedure. Current digital computer algorithms and procedures can be constructed or designed with ex-machine programs, that are specified by standard instructions, random instructions and meta instructions. A novel computer is invented so that a program's execution is difficult to apprehend.

Abstract: An example method can include choosing a pattern or patterns of network traffic. This pattern can be representative of a certain type of traffic such as an attack. The pattern can be associated with various components of a network and can describe expected behavior of these various components. A system performing this method can then choose a nodes or nodes to generate traffic according to the pattern and send an instruction accordingly. After this synthetic traffic is generated, the system can compare the behavior of the components with the expected behavior. An alert can then be created to notify an administrator or otherwise remedy any problems.

Abstract: Embodiments of the present invention provide an innovative system, method, and computer program product for automated device activity analysis in both a forward and reverse fashion. A collaborative system for receiving data and continuously analyzing the data to determine emerging patterns associated with particular user devices is provided. The system is also designed to generate a historical query of user device touch points or interaction points with entity systems across multiple data vectors, and generate system alerts as patterns or potential issues are identified. Common characteristics of data may be used to detect patterns that are broadened in scope and used in a generative neural network approach.

Abstract: Methods and systems for key generation and device management are disclosed. A root key can be stored on a component which can be integrated with a device, and the component can store a product class identifier. The product class identifier can define a class of products, devices, features, hardware components, or other entities. One or more keys can be generated and stored on the devices based on the product class identifier and the root key. A network operator or service provider can then provide services to a class of devices that includes the device, or perform and manage other functions. The services can be authorized or otherwise implemented based on the one or more new keys stored at the devices within the class of devices.

Abstract: In an embodiment, a management system obtains a criticality rules table that includes a plurality of rules mapped to corresponding criticality scores indicative of a level of risk in the event that an associated asset of a managed network is compromised by a third party. The one embodiment, the criticality rules table is updated based upon machine learning and/or feedback from an operator of the managed network. In another embodiment, the criticality rules table is used to assign one or more criticality scores to one or more assets based on one or more attributes of one or more assets, and the criticality rules table.

Abstract: A computer-implemented method causes data processing hardware to perform operations for training a firewall utilization model. The operations include receiving firewall utilization data for firewall connection requests during a utilization period. The firewall utilization data includes hit counts for each sub-rule associated with at least one firewall rule. The operations also include generating training data based on the firewall utilization data. The training data includes unused sub-rules corresponding to sub-rules having no hits during the utilization period and hit sub-rules corresponding to sub-rules having more than zero hits during the utilization period. The operations also include training a firewall utilization model on the training data. The operations further include, for each sub-rule associated with the at least one firewall rule, determining a corresponding sub-rule utilization probability indicating a likelihood the sub-rule will be used for a future connection request.

Abstract: A system and a method are disclosed for providing recommendations for sets of security operations for improving security of documents created or executed within an online document system. A supplier entity may select sets of security operations to be performed for a request provided to a signing entity. The online document system computes an aggregate measure of security for the selected sets of security operations and compares it to a threshold measure of security. If the aggregate measure is less than the threshold measure, the online document system uses a machine-learned model to identify additional sets of security operations that when added, results in an updated aggregate measure of security greater than the threshold. The additional sets of security operations are presented to the supplier entity for inclusion within a security operation workflow in combination with the selected sets of security operations.

Abstract: Apparatuses, methods, and systems are disclosed for security capabilities in an encryption key request. One method includes transmitting an encryption key request comprising security capabilities of a user equipment, wherein the encryption key request is for an application layer key. The method includes, in response to transmitting the encryption key request, receiving an encryption key response comprising a group encryption key.

Abstract: A server device receives, from a user device, a session initiation request and information identifying a location of the user device, and receives, from a monitoring device that is separate from the user device, an authentication request and information identifying a location of the monitoring device. The server device processes the session initiation request and the authentication request to authenticate a user of the user device, and determines, based on the location of the user device and the location of the monitoring device, that the user device and the monitoring device are collocated. The server device creates, after authenticating the user of the user device and determining that user device and the monitoring device are collocated, a session token, and sends the session token to the user device to enable the user device to access at least one resource of the server device.

Abstract: Embodiments of present disclosure relates to and systems to reduce propagation delays in hardware implementation of 3GPP confidentiality or standardized algorithm 128-EEA3 and 3GPP integrity algorithm 128-EIA3 using ZUC module. The reduction of the propagation delays is achieved by improving or optimizing secondary critical paths, which are subsequent to primary critical path, related to the 3GPP confidentiality or standardized algorithm 128-EEA3 and the 3GPP integrity algorithm 128-EIA3. Non-conventional modifications in the hardware implementation are proposed for the improvement or optimization.