Abstract: User data from a received service processing request initiated by a user for processing a service is parsed. Whether the user data is included in a trusted user list or a risky user list stored in a server for processing the service is determined. Whether the user data matches historical behavior data associated with the user based on a behavioral profile comparison rule model if the user data is not included in the trusted user list or the risky user list is determined. A risk type associated with the user data is determined if the user data fails to match the historical behavior data. A risk identification rule model associated with the risk type is determined based on the service requested. Risk identification is performed based on the user data using the determined risk identification rule model. The service is processed by the server based on a result of the risk identification.

Abstract: A system for managing an unmanned aerial vehicle (UAV) include one or more storage media storing offline data that comprises verified information associated with a user, an input device configured to receive an input from the user, and one or more processors, individually or collectively configured to determine whether a connection to an online database is established and, if the connection to the database is not established, process the input and the offline data; and manage a flight of the UAV according to the processing of the input and the offline data.

Abstract: In some examples, a method may include detecting a vulnerability in an application during execution on a first computing device. The method may include triggering a breakpoint based on the detecting, thereby pausing the execution of the application before execution of a portion of code that exploits the vulnerability. The method may include communicating a message indicating occurrence of the breakpoint. The method may include receiving a connection request from a second computing device in response to the message. The method may include resuming execution of the application from the breakpoint subject to a signal from the second computing device.

Abstract: A method comprises storing, at the server computer system, user profile information for the remote user. The user profile information for the remote user (or a link to the user profile information) is encrypted using authentication information. The user profile information is associated with user identification information, at the server computer system, using the authentication information, which is selectively made available by the remote user via the network to the server computer system in order to enable the server computer system to associate the user profile information with the user identification information.

Abstract: Systems and methods for enabling constant plaintext space in bootstrapping in fully homomorphic encryption (FHE) are disclosed. A computer-implemented method for producing an encrypted representation of data includes accessing a set of encoded digits. The method includes applying an inverse linear transformation to the set of encoded digits to obtain a first encoded polynomial. The method includes applying a modulus switching and dot product with bootstrapping key to add an error term to each of the encoded digits in the first polynomial to obtain a second encoded polynomial. The method includes applying a linear transformation to the second encoded polynomial to obtain a first batch encryption. The method includes applying digit extraction to the first batch encryption to obtain a second batch encryption, the second batch encryption corresponding to the set of encoded digits without the error term.

Abstract: A system and method for privacy policy enforcement to ensure reconciliation between users communicating via an open system interconnection (OSI) communication architecture, with receiving of a privacy policy for at least one user's device and a usage policy for at least one user, receiving encryption codes, receiving private data from a first user to be sent to a second user, encrypting by a first server the received data, receiving a privacy policy enforcement vector, and performing selective decryption, by a second server, for each data segment, wherein data segments that correspond to a match between the privacy policy and usage policy are decrypted, and wherein at least one of the first server and the second server is external to the first user and second user.

Abstract: Systems and methods are described for generating a blockchain-based user profile. In various aspects, one or more blockchain IDs associated with a user is received, where each blockchain ID is associated with a corresponding blockchain. One or more blockchain transactions are identified that are associated with the one or more blockchain IDs, where a trust profile for the user can be generated based on the one or more blockchain transactions. The trust profile can include user information determined from the one or more blockchain transactions.

Abstract: Disclosed is method for monitoring an avionics software application, able to be executed on a platform including resources and hosting an operating system, the platform being intended to be on board an aircraft, implemented by an electronic monitoring device. The method includes: implementing at least one monitoring operation of the application from among syntactic monitoring of each call emitted by the application to the operating system; semantic monitoring of each call emitted by the application to the operating system; monitoring of a dynamic of the calls emitted by the application to the operating system; and monitoring of the use by the application of the resources of the platform; and generating an alarm signal if an abnormal behavior of the application is detected.

Abstract: A system for processing queries is disclosed. The system is configured to receive a query from a user, the query comprising a message indicating a request for a service. The system then performs natural language processing on the query, and identifies keywords of the query based on the natural language processing. Based on the identified keywords, the system determines an action and an actionable item from the query. Then, the system generates an acknowledgement request for the query based on the determined action and actionable item, and sends the acknowledgement request to the user. After receiving an acknowledgement from the user on the acknowledgement request, the system sends the determined action and actionable item to an upstream server to request the service.

Abstract: A system and method for digitally signing an object. An object signing agent sends a signing request for an object to a remote signing server, which, in response to receiving the request, generates a virtual machine executing code for signing the object. The object is signed within the virtual machine and returned to the object signing agent.

Abstract: Examples disclosed herein relate to determining malware using firmware of a computing device. Firmware can be used to determine that an indication is present that malware is present on the computing device. The firmware can be executed to perform a security action in response to the indication that malware is present on the computing device.

Abstract: Methods and systems for encrypting data for a multi-tenant filesystem environment are provided. A system for encrypting data for a multitenant filesystem environment includes a file characteristics module that determines file characteristics for a file. The system also includes a user identification module that collects user identification information for one or more file operations, where a file operation in the one or more file operations is performed on a portion of the file. The system further includes a portion information module that gathers portion information about the portion of the file. Additionally, the system includes an encryption module that associates the portion information with a subtenancy encryption key in one or more subtenancy encryption keys based on the user identification information, where the one or more subtenancy encryption keys are associated with the file.

Abstract: Systems, methods, and/or techniques for providing access network independent device provisioning of machine-to-machine (M2M) devices belonging to different M2M application domains may be disclosed. For example, a unique reference to a preliminary M2M ID module (PMI) associated with a M2M device. The M2M device with the PMI may be registered at a M2M ID provider (MIP). A M2M ID (MI) to replace the PMI may be generated using the MIP Additionally, a secure mutually authenticated communication channel may be set up with the M2M device within an application domain and/or may be provided for secure authorization of requests to the M2M device using the MI.

Abstract: A system and method to encrypt digital data is disclosed. Digital data is received from a data source by an encryption system. A first data store is designated to store the received digital data. An encryption key is selectively assigned to encrypt the received digital data. A selective portion of the received digital data is encrypted with the assigned encryption key to create encrypted digital data. The encrypted digital data is stored in the first data store.

Abstract: Autonomous devices and systems, methods, and program products for authorizing and performing autonomous devices transactions are disclosed. The device can generate and transmit to the transaction computer system a first signed electronic transaction request comprising first transaction data comprising a sending account identifier associated with the autonomous device, a destination account identifier, a transaction amount, and a timestamp. The device can digitally sign the transaction request using a private key of an asymmetric key pair.

Abstract: A data storage layer provides enhanced data security. In one implementation, the data storage layer allows selective encryption of specific parts of data blocks, with decryption restricted to pre-determined entities. The selective encryption may be applied to parts of data blocks that are stored in blockchains, for instance, to provide fine grained control over which entities with access to the blockchain can decrypt and use the parts of the data blocks with the enhanced security.

Abstract: Data processing circuitry comprises a set of two or more computational units to perform respective computational operations; an instruction decoder to decode successive data processing instructions and, for a given data processing instruction, to control one or more of the computational units to perform those computational operations required to execute the given data processing instruction; and control circuitry responsive to the given data processing instruction, to control one or more others of the computational units to perform further computational operations, other than the computational operations required to execute the given data processing instruction, during execution of the given data processing instruction.

Abstract: A subsequence of machines used and a cost of providing a subservice in response to a service request with a key is determined. A second cost of using the subsequence of machines to provide the subservice in response to a different service request with a different key is determined. A distance between the cost and the second cost is computed. A value pair is formed using the distance and a number of logged occurrences of the subsequence with the key. The processing of the service request for the key is identified as a suspect for costing an improper computing cost of the service, when an aggregate distance in the value pair fails to exceed a threshold distance.

Abstract: A technology is described for managing device performance capabilities. An example method may include connecting a physical device electronically to a service provider environment using a computer network and identifying performance capabilities of the physical device at the service provider environment via the connection. A request may be received at the service provider environment to upgrade the performance capabilities of the physical device and an authorization may also be received at the service provider environment for the upgrade. The performance capabilities of the physical device may be upgraded by sending an upgrade instruction from the service provider environment to the physical device to unlock additional performance capabilities based on the authorization. The performance capabilities of the physical device may later be downgraded to by disabling the additional performance capabilities of the physical device.

Abstract: Upon providing (101) message content (such as a remote control instruction) to be transmitted, and in conjunction with provision (102) of a plurality of different transmission characteristics (as correspond, for example, to different types of transmission) and a corresponding plurality of correlated recovery identifiers (103), a particular transmission characteristic is selected (104) and used to transmit (105) a joint message. In particular, in a preferred approach, the selected transmission characteristic (106) is used when transmitting at least a portion of the message content portion of the joint message while another part of the joint message carries the recovery identifier to thereby facilitate selection of an appropriate reception technique by a receiver when receiving the joint message.