Abstract: A first host receives a packet from a first compute node for a second compute node of a second host. The payload is larger than a maximum transmission unit size. The first packet is encapsulated with an outer header. The first host analyzes a length of at least a portion of the outer header in determining a size of an encrypted segment of the payload. Then, the first host forms a plurality of packets where each packet in the packets includes an encrypted segment of the payload, a respective encryption header, and a respective authentication value. The payload of the first packet is segmented to form a plurality of encrypted segments based on the size. The first host sends the packets to the second host and receives an indication that a packet was not received. A second packet including the encrypted segment is sent to the second compute node.

Abstract: An industrial asset may have monitoring nodes that generate current monitoring node values. A dynamic, resilient estimator may split a temporal monitoring node space into normal and one or more abnormal subspaces associated with different kinds of attack vectors. According to some embodiments, a neutralization model is constructed and trained for each attack vector using supervised learning and the associated abnormal subspace. In other embodiments, a single model is created using out-of-range values for abnormal monitoring nodes. Responsive to an indication of a particular abnormal monitoring node or nodes, the system may automatically invoke the appropriate neutralization model to determine estimated values of the particular abnormal monitoring node or nodes (e.g., by selecting the correct model or using out-of-range values). The series of current monitoring node values from the abnormal monitoring node or nodes may then be replaced with the estimated values.

Abstract: Various embodiments of the present application set forth a computer-implemented method that includes receiving, by a first service operating within a computing system, a modified identity data object from a second service operating within the computing system, where the modified identity data object includes at least one identifier associated with a client of the computing system determining, by the first service, that the second service performed a first action on an identity data object to generate the modified identity data object, and validating the modified identity data object based on whether the second service is authorized to perform the first action.

Abstract: Providing access to an external application includes receiving login credentials to access a client instance, wherein the login credentials are associated with a user account, causing the client instance to provide a link to an external application in the client instance, detecting a request to navigate to the external application from the link, generating a authentication record for the user account and the external application, storing information for the user account based on the authentication record, and generating a URL for the external application based on the authentication record. Providing access to the external application also includes receiving, from a remote client device hosting the external application, an authorization request comprising nonce information, determining that the user account is authorized to access the external application based on the authentication table, and providing access to the external application.

Abstract: A system for detecting malicious software, comprising at least one hardware processor adapted to: execute a tested software object in a plurality of computing environments each configured according to a different hardware and software configuration; monitor a plurality of computer actions performed in each of the plurality of computing environments when executing the tested software object; identify at least one difference between the plurality of computer actions performed in a first of the plurality of computing environments and the plurality of computer actions performed in a second of the plurality of computing environments; and instruct a presentation of an indication of the identified at least one difference on a hardware presentation unit.

Abstract: A system for cryptographically secured outputs from telemedicine sessions includes a computing device at a first location, the computing device configured to initiate a secure communication interface between the computing device and a client device associated with a human subject and at a second location, receive, from at least a remote sensor at the second location, a plurality of current biological data associated with the human subject, input, using the secure communication interface, an identifier of a biochemical element, determine, as a function of the plurality of current biological data, a tolerability of the biochemical element, and generate a digitally signed authorization datum as a function of the determination.

Abstract: A method for authenticating a mobile device in real-time. The method includes detecting the mobile device, sending a text message containing a unique uniform resource locator (“URL”) to the mobile device, and detecting an access of the unique URL by the mobile device through a first communication path. In response to detecting the access of the unique URL, requesting and subsequently receiving, by the host system in real-time, a phone number and a subscriber identification ID associated with the mobile device through a second communication path distinct from the first communication path, and a device fingerprint of the mobile device through the first communication path. The method further includes initiating a risk analysis based on the phone number, the subscriber ID, and the device fingerprint and determining an authentication status of the mobile device based on the risk analysis.

Abstract: Methods and systems are presented for generating a device fingerprint based on data obtained from one or more sensors on a device. A plurality of data points corresponding to sensor readings are obtained from the one or more sensors on the device. A set of time-domain features and a set of frequency-domain features are extracted from the plurality of data points and inputted to a neural network trained using a triplet network. A device fingerprint that may be used to identify the device is obtained from the neural network.

Abstract: Systems, methods, and software are disclosed herein to execute functionalities of a blockchain operating system. A transactional request for an operating system instruction is received from a user device in a distributed network of nodes. The transactional request is authenticated in the distributed network of nodes based on data associated with the transactional request. A blockchain is then evaluated for one or more scripts associated with the transactional request. In response, the operating system instruction is generated based on the one or more scripts. The operating system instruction is then transferred to the user device in the distributed network or nodes.

Abstract: There is provided a method including receiving a playback system identifier corresponding to a playback system, generating a blockchain corresponding to a content identifier identifying a content, wherein the blockchain is uniquely associated with the content identifier, establishing, in the blockchain, a block corresponding to the playback system identifier, sending an encrypted version of the content to the playback system, and in response to one or more updates to the blockchain by the playback system, providing a content encryption key to the playback system for decrypting the encrypted version of the content.

Abstract: A system and process for applying access groups for controlling data access, by a processor device. The process receives from a user a request to access data associated with a person from a file system, whereby the request invokes at least one software method. Next method interception is performed by matching the at least one software method. Group membership of the user and at least one group membership of the person is accessed. Determining if each of the following conditions of i) the user is a member of a specific group and ii) the specific group contains the person are verified. In response to the conditions being verified, the process sends the data to a user device to display to the user, otherwise denying the request to access data. Each group can have one or more criteria, which add patients to that group based on the conditions of those criteria.

Abstract: Systems and methods are described that include a plurality of devices triggered to be configured with a portable user account to synchronize account events to a distributed log. The plurality of devices includes at least one device configured to trigger a query to determine access rights for the at least one other device. In response to receiving an approval response to the query, the at least one device assigns a provision status to the at least one other device, provides, for the at least one other device, access to at least a subset of the portable user account according to the assigned provision status, and updates the distributed log to include the at least one other device based on the provision status.

Abstract: Embodiments of the present invention relate to methods, systems, and computer program products for user behavior management. In embodiments, a group of states of a user of an application system within a previous time period may be obtained. A state in the group of states may be associated with a privilege of the user for accessing resources in the application system during the previous time period. A feature of the user may be generated based on the group of states. A privilege of the user at a current time may be managed in the application system based on the feature. With these embodiments, the user behavior may be managed according to various aspect of the user's historical states and thus the user may be managed in a more accurate and effective manner.

Abstract: Techniques are disclosed relating to machine learning techniques for performing user authentication based on the manner in which a user interacts with a client device, including the use of Siamese networks to detect unauthorized use of a device and/or account. In some embodiments, a server system may receive a request to authorize a transaction associated with a user account. The request may include transaction details and, separate from those transaction details, interaction data indicative of a manner in which a requesting user interacts with a client device during a user session. The server system may apply a machine learning model to the interaction data to create an encoding value that is based on the manner in when the requesting user interacts with the client device during the user session. The server system may then compare the encoding value to a reference encoding value and, based on the comparison, determine whether to authorize the transaction.

Abstract: A computer-implemented method relates to training a machine learning system to detect an adversarial attack. The method includes classifying a first sequence as belonging to a first class indicative of a nominal sequence based on a first prediction that the first sequence includes an unperturbed version of sensor data. The method also includes classifying a second sequence as belonging to a second class indicative of an adversarial sequence based on a second prediction that the second sequence includes a perturbed version of the sensor data. Combined loss data is generated for a collection of sequences and is based on a first average loss with respect to incorrect classifications of the first class and a second average loss with respect to incorrect classifications of the second class. Parameters of the machine learning system are updated based on the combined loss data.

Abstract: A first communication node may provide first and second NAS connection identifications for respective first and second NAS connections between the first and a second communication node, with the first and second NAS connection identifications being different and the first and second NAS connections being different. A first NAS message may be communicated between the first and second communication nodes over the first NAS connection, including at performing integrity protection for the first NAS message using the first NAS connection identification and/or performing confidentiality protection for the first NAS message using the first NAS connection identification.

Abstract: A method and a system for learning and applying neuro-symbolic multi-hop rules are provided. The method includes inputting training texts into a neural network as well as pre-defined entities. The training texts and the entities relate to a specific domain. The method also includes generating an entity graph made up of nodes and edges. The nodes represent the pre-defined entities, and the edges represent passages in the training texts with co-occurrence of the entities connected together by the edges. The method further includes determining a relation based on the passages for each of the pre-defined entities connected together by the edges, calculating a probability relating to the relation, generating a potential reasoning path between a head entity and a target entity. The method also includes learning a neuro-symbolic rule by converting the edges along the potential reasoning path into symbolic rules and combining those rules into the neuro-symbolic rule.

Abstract: Aspects of the disclosure relate to detecting and identifying malicious sites using machine learning. A computing platform may receive a uniform resource locator (URL). The computing platform may parse and/or tokenize the URL to reduce the URL into a plurality of components. The computing platform may identify human-engineered features of the URL. The computing platform may compute a vector representation of the URL to identify deep learned features of the URL. The computing platform may concatenate the human-engineered features of the URL to the deep learned features of the URL, resulting in a concatenated vector representation. By inputting the concatenated vector representation of the URL to a URL classifier, the computing platform may compute a phish classification score. In response to determining that the phish classification score exceeds a first phish classification threshold, the computing platform may cause a cybersecurity server to perform a first action.

Abstract: Guided character string alteration can be performed by obtaining an original character string and a plurality of altered character strings, traversing the original character string with a first Long Short Term Memory (LSTM) network to generate, for each character of the original character string, a hidden state of a partial original character string up to that character, and applying, during the traversing, an alteration learning process to each hidden state of a partial original character string to produce an alteration function for relating partial original character strings to partial altered character strings.

Abstract: A first party uses a secret key to encrypt information, which is then sent through an untrusted connection to a second party. The second party, however, cannot decrypt the information on its own, and it relays the encrypted information through a secure network. The secure network includes one or more nodes linking the first and second parties through one or more trusted connections (“hops”); each hop features uses of a shared secret key unique to that hop. The first party's connection to the network (domain) receives the information relayed through the secure network by the second party, it decrypts that information according to the secret key of the first party, and it then retransmits the decrypted information to the second party using the secure hops. Techniques are provided for sharing a private session key, federated credentials, and private information.