Abstract: This disclosure relates to, among other things, key generation systems and methods. Certain embodiments disclosed herein provide for generation of cryptographic keys based on one or more defined key generation rules. Key generation consistent with various aspects of the disclosed embodiments may increase the difficultly and/or cost of producing public keys and, by extension, discourage the generation of fake keys used in connection with a key flooding attack. In certain embodiments, generated keys and/or associated key generation rules may depend, at least in part, on associated binding data.

Abstract: This application relates to a graph data processing method performed by a distributed computer node cluster including a plurality of computer devices, each computer device distributed on a respective computing node of the distributed computer node cluster, the method including: obtaining subgraph data divided from to-be-processed graph data; performing a computation task on the subgraph data to obtain corresponding global data and local data; writing the global data to a blockchain network, the global data of the blockchain network being updated by the distributed computing node cluster; obtaining latest global data from the blockchain network; and iteratively performing, according to the obtained latest global data and the local data, the computation task on the subgraph data without obtaining a computation result until an iteration stopping condition is met.

Abstract: A method including calculating, by a user device, a hash of private data, the calculated hash to be utilized by an infrastructure device for comparison with a hash of breached data compromised due to a data breach; verifying, by the user device prior to transmitting the hash of the private data to the infrastructure device, that the user device is authorized to have access to a plaintext version of the private data; transmitting, by the user device based on verifying that the user device is authorized to have access to the plaintext version of the private data, the hash of the private data to the infrastructure device; and receiving, by the user device from the infrastructure device based on transmitting the hash of the private data, a notification indicating a result of a comparison of the hash of the private data with the hash of the breached data is disclosed.

Abstract: A method is provided for collecting diagnostic information in a device having a rich execution environment (REE) and a secure element (SE). The method includes detecting initialization of the device. If it is determined that the initialization of the device was a result of a potential security related event, a communication component of the REE responsible for communicating with the secure element is activated if not already activated. The secure element sends a request to the communication component for diagnostic information related to the security event. The diagnostic information is received in the SE from the communication component and stored in an attack log for storing security events. An attack log is generated in the secure element including the potential security event and the related diagnostic information. The attack log and the related diagnostic information is communicated to a secure server via a secure channel.

Abstract: A scheduling method and apparatus, a device and a storage medium, which relate to fields of big data, cloud computation, artificial intelligence, intelligent authentication and intelligent scheduling. A specific implementation includes: acquiring an authentication request that indicates to-be-authenticated information; determining an authentication strategy group required by an authentication processing procedure of the to-be-authenticated information, wherein the authentication strategy group is determined based on an authentication dependency relationship between authentication strategies and comprises at least two authentication strategies; and calling the authentication strategies in the authentication strategy group in parallel, and performing authentication processing on the to-be-authenticated information in parallel, to obtain an authentication processing result corresponding to the authentication strategy group.

Abstract: A method including determining, by the infrastructure device, a breach database including breach information indicating breached data that is compromised due to a data breach; calculating, by the infrastructure device, a hash of the breached data; calculating, by the user device, a hash of private data; transmitting, by the user device, the hash of the private data to the infrastructure device; comparing, by the infrastructure device, the hash of the private data with the hash of the breached data; and transmitting, by the infrastructure device to the user device based at least in part on a result of the comparison, a notification indicating whether the private data is breached due to the data breach is disclosed. Various other aspects are contemplated.

Abstract: A method including determining, by an infrastructure device, a breach database including breach information indicating breached data that is compromised due to a data breach; calculating, by the infrastructure device, a hash of the breached data that is compromised due to the data breach; receiving, by the infrastructure device from the user device, a hash of private data associated with the user device; comparing, by the infrastructure device, the hash of the private data with the hash of the breached data; and transmitting, by the infrastructure device when the hash of the private data matches the hash of the breached data, a notification to the user device indicating that the private data associated with the user device is compromised due to the data breach is disclosed. Various other aspects are contemplated.

Abstract: The technology disclosed relates to a DHCP relay-based steering logic for policy enforcement on IoT devices. In particular, the technology disclosed provides a steering logic that is interposed between a plurality of special-purpose devices on a network segment of a network and a DHCP server on the network segment. The steering logic is configured to intercept DHCP requests broadcasted to the DHCP server by special-purpose devices in the plurality of special-purpose devices, forward the intercepted DHCP requests to the DHCP sever 522, receive, from the DHCP server, DHCP responses to the intercepted DHCP requests, receive, from a device classification logic, a positive determination that the special-purpose devices are special-purpose devices and not general-purpose devices, modify the received DHCP responses by replacing the default gateway with an inline secure forwarder on the network segment, and send the modified DHCP responses to the special-purpose devices.

Abstract: An anomaly detector for detecting anomaly in input data comprises an auto-encoder trained to encode the input data and decode the encoded input data to reconstruct the input data. Further, the anomaly detector comprises a classifier trained to determine a reconstruction loss indicative of a difference between the accepted input data and the reconstructed input data, where the reconstruction loss includes a weighted combination of a plurality of loss functions evaluating reconstruction losses of a plurality of parts of the reconstructed input data, different types of loss functions, or both. The classifier is further configured to detect an anomaly in the reconstructed input data when the reconstruction loss is above a threshold.

Abstract: An apparatus and method for encryption key recovery based on memory analysis. The apparatus may include one or more processors and executable memory for storing at least one program executed by the one or more processors. The at least one program may collect memory information pertaining to an encrypted part of a file, in which ransomware is detected, based on dynamic binary instrumentation, analyze memory read operation data corresponding to an encryption key that is used for encryption of the file in the memory information, recover the encryption key based on the result of analysis of the memory read operation data, and output the result of recovery of the encryption key.

Abstract: A mechanism for building decentralized computer applications that execute on a distributed computing system. The present technology works within a web browser, client application, or other software and provides access to decentralized computer applications through the browser. The present technology is non-custodial, wherein a public-private key pair, which represents user identity, is created on a client machine and then directly encrypted by a third-party platform without relying on one centralized computing system.

Abstract: Systems, methods and computer program products for improving security of artificial intelligence systems. The system comprising processors for monitoring one or more transactions received by a machine learning decision model to determine a first score associated with a first transaction. The first transaction may be identified as likely adversarial, in response to the first score being lower than a certain score threshold and the first transaction having a low occurrence likelihood. A second score may be generated in association with the first transaction based on one or more adversarial latent features associated with the first transaction. At least one adversarial latent feature may be detected as being exploited by the first transaction, in response to determining that the second score falls above the certain score threshold. Accordingly, an abnormal volume of activations of adversarial latent features spanning across a plurality of transactions scored may be detected and blocked.

Abstract: An automated technique for security monitoring leverages a labeled semi-directed temporal graph derived from system-generated events. The temporal graph is mined to derive process-centric subgraphs, with each subgraph consisting of events related to a process. The subgraphs are then processed to identify atomic operations shared by the processes, wherein an atomic operation comprises a sequence of system-generated events that provide an objective context of interest. The temporal graph is then reconstructed by substituting the identified atomic operations derived from the subgraphs for the edges in the original temporal graph, thereby generating a reconstructed temporal graph. Using graph embedding, the reconstructed graph is converted into a representation suitable for further machine learning, e.g., using a deep neural network. The network is then trained to learn the intention underlying the temporal graph.

Abstract: Conditionally initiating a security measure in response to an estimated increase in risk imposed related to a particular user of a computing network. The risk is determined using a rolling time window. Accordingly, sudden increases in risk are quickly detected, allowing security measures to be taken quickly within that computing network. Thus, improper infiltration into a computing network is less likely to escalate or move laterally to other users or resources within the computing network. Furthermore, the security measure may be automatically initiated using settings pre-configured by the entity. Thus, the security measures go no further than what the entity instructed, thereby minimizing risk of overreaching with the security measure.

Abstract: Disclosed are various embodiments for validating documents using a blockchain data. Multiple documents can be included in the validation process using a merge and hash process and a summary terms document. Validation can be performed by hashing and merging operations, followed by comparing hash values.

Abstract: A computer-implemented method for executing a user instruction may include obtaining identification data of a user via a device associated with the user, wherein the identification data comprises at least a password, a user name, and biometric data of the user; determining, via the one or more processors, a login status based on the identification data; demonstrating, to the user, historical account data based on the login status, wherein the historical account data comprises at least historical biometric data associated with one or more historical logins; receiving, via the one or more processors, the user instruction based on the historical account data, wherein the user instruction comprises at least one of revoking a historical login, changing password, or signing out a historical device associated with a historical login of the one or more historical logins; and executing, via the one or more processors, the user instruction.

Abstract: A method, system, and computer program product for key in lockbox encrypted data deduplication are provided. The method collects a set of deduplication information by a host in communication with a storage system via a communications network. A fingerprint is generated for a data chunk to be stored on a storage system. The method encrypts the data chunk using a first encryption key to generate an encrypted data chunk. The fingerprint is encrypted with a second encryption key to generate an encrypted fingerprint. The method encrypts the first encryption key with a third encryption key to generate a first encrypted key. The method encrypts the first encryption key with a fourth encryption key to generate a second encryption key. A data package is generated for transmission to the storage system. The method transmits the data package to the storage system.

Abstract: A computer implemented method and system for secure initial secret delivery for collocated containers with shared resources techniques is disclosed. The method comprises providing an application type identifier and a token for accessing a secrets management service; creating asynchronously, a plurality of collocated containers with shared resources; initiating a request for a creation for an initial secret; validating the request, requesting an identity for the collocated containers; validating the identity; starting an application instance; and using the initial secret to retrieve other secrets for the application instance.

Abstract: Physical unclonable functions (PUFs) are described. The PUFs utilize intrinsic information to determine the confidence level of comparison values. The information about confidence levels may be used to simplify the process of recovering the PUF secret. Since the information about confidence levels may be intrinsic, and not know outside the PUF, the PUF may be secure.

Abstract: Systems and methods for dynamically mitigating a DDOS attack. In an aspect, the technology relates to a computer-implemented method for dynamically mitigating a distributed-denial-of-service (DDOS) attack. The computer-implemented method may include detecting a DDOS attack directing malicious traffic to a target, identifying one or more source locations of the malicious traffic, and in response to detecting the DDOS attack, activating one or more scrub clusters in the identified one or more source locations of the malicious traffic. The method may further include directing traffic intended for the target to the to the activated one or more scrub clusters, detecting an end of the DDOS attack, and in response to detecting the end of the DDOS attack, deactivating the one or more scrub clusters to release hardware resources.