Abstract: A processor may collect process information associated with a peer node of a self-auditing blockchain. The processor may generate an imprint from the process information. The processor may compare the imprint from the peer node to an imprint consensus to detect an error. The error may indicate that the peer node has been compromised.

Abstract: Methods and an apparatus are provided for securely authorizing access to remote resources. For example, a method is provided that includes receiving a request to determine whether a user device communicatively coupled to a resource server is authorized to access at least one resource hosted by the resource server and determining whether the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server based at least in part on whether the user device communicatively coupled to the resource server has been issued a management identifier. The method further includes providing a response indicating that the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server in response to a determination that the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server.

Abstract: According to one embodiment, a memory system is connectable to a host including a first volatile memory and includes a non-volatile memory and a controller. The controller may use a first area of the first volatile memory as a temporary storage memory of data stored in the non-volatile memory and controls the non-volatile memory. The controller generates a first parity by using first data stored in the non-volatile memory and a key value to store the first data and the generated first parity in the first area. In the case of reading the first data stored in the first area, the controller reads the first data and the first parity to verify the read first data using the read first parity and the key value.

Abstract: There is provided a method comprising, receiving, from a second network node, a request to access data of a user of a user device, forwarding the request to the user device, receiving, from the user device, an acknowledgement indicating that access to the data of the user is granted and transmitting, in response to receiving the acknowledgement, a first indication to a blockchain, the first indication indicating that access to the data of the user is granted.

Abstract: A method for (of) automatically detecting a security vulnerability in a source code using a machine learning model, characterized in that the method includes: obtaining the source code from a client codebase, wherein the client codebase is a complete or an incomplete body of the source code for a given software program or an application; and using a machine learning (ML) model to perform a ML based analysis on an abstract syntax tree (AST) for detecting a first security vulnerability over a static source code, the machine learning based analysis comprise (i) flattening the abstract syntax tree (AST) into a sequence of structured tokens, wherein the sequence of structured tokens includes a semantic structure and a syntactic structure of the source code, (ii) implementing a natural language processing technique on the sequence of structured tokens for mapping the sequence of structured tokens to one or more integers, (iii) pre-training the machine learning model using an unlabeled source code as an input to pre

Abstract: A set of security templates is maintained including first and second templates. The first template specifies time and location stamp authentication for a file, and contextual security conditions that must be met before the file can be accessed. The second template specifies the time and location stamp authentication, but not the contextual security conditions. One of the first or second security templates is applied to the particular file. When the second security template is applied, a GPS-crypto device adds a time and location stamp to the particular file. The particular file is signed using a private key associated with the GPS-crypto device to generate an authentication signature based on the time and location stamp. The authentication signature is added to the particular file to allow a recipient to verify the time and location stamp of the particular file using a public key corresponding to the private key.

Abstract: A key server device obtains authorization information of a user associated with an intelligent electronic device (IED). The key server communicates the authorization information to the IED, via a Media Access Control Security (MACsec) Key Agreement (MKA) protocol to allow the IED to authenticate the user. The key server receives one or more commands from the user. The key server communicates the one or more commands to the IED to allow the IED to perform operations based on the one or more commands.

Abstract: Artificial intelligence (AI) anomaly monitoring in a storage system. The AI anomaly monitoring may include writing commands into a log jointly with the execution of the commands on storage media of a drive. The log includes information regarding the operation of the drive including, at least, the commands. In turn, each drive in the storage system may include an AI processor core that may access the log and apply an AI analysis to the log to monitor for an anomaly regarding the operation of the drive. As each drive in the storage system may use the AI process core to detect anomalies locally to the drive, the computational and network resources needed to employ the AI monitoring may be reduced.

Abstract: Systems, computer program products, and methods are described herein for detection and classification of intrusion using machine learning techniques. The present invention is configured to electronically receive, from a computing device of a user, an indication that the user has initiated a first resource interaction; retrieve information associated with the first resource interaction, wherein the information comprises at least one or more parameters associated with the first resource interaction; initiate a machine learning model on the one or more parameters associated with the first resource interaction; and classify, using the machine learning model, the first resource interaction into one or more classes, wherein the one or more classes comprises one or more access types.

Abstract: A method and system are disclosed to audit smart contracts. The method includes: publishing, with a processing server, a smart contract bytecode with metadata on a blockchain; retrieving, with the processing server, the published smart contract bytecode with metadata from the blockchain; extracting, with the processing server, the smart contract bytecode from the published smart contract bytecode; and verifying the smart contract bytecode by comparing a computed hash of a high-level source code of the published smart contract bytecode with the metadata retrieved from the blockchain.

Abstract: An automotive gateway includes one or more interfaces and one or more processors. The one or more interfaces are configured to communicate with electronic subsystems of a vehicle. The one or more processors and configured to host one or more guest applications and to control communication traffic between the one or more guest applications and the electronic subsystems of the vehicle in accordance with a security policy.

Abstract: A lock node for storing data and a protected storage unit. The lock node includes an input section which provides a plurality of key maps, each corresponding to one of a plurality of primary keys, respectively, applied to the input section, each key map including at least one main key, a variable lock section producing a derived key from a logical operation on the main keys corresponding to the primary keys applied to the input section, and an output section producing the data in response to the derived key.

Abstract: Policy-based techniques are provided for dynamic access control for resources. One method comprises, upon a user attempt to access a given resource, identifying a policy defined for access to the given resource, wherein the policy comprises a rule and an allowed issuer of a verifiable claim; determining if the rule and the allowed issuer are satisfied based on an evaluation of the verifiable claim; and allowing the user to access the given resource if the rule and the allowed issuer are satisfied. A given rule can specify a threshold for a data item obtained from an allowed issuer. The policy can be stored by one or more policy hubs. A plurality of policy hubs can be organized in a hierarchical structure, such that one given policy is applied to the given resource in a predictable manner.

Abstract: A multi-endpoint event graph is used to detect malware based on malicious software moving through a network.

Abstract: In one embodiment, a client device accesses an online application via a browser executed by the client device. The client device makes an assessment as to whether the online application uses Hypertext Transfer Protocol (HTTP) security headers that satisfy a security header policy. The client device generates scoring for the webpage based on the assessment. The client device presents the generated scoring to a user of the client device.

Abstract: A computing device according to an embodiment includes one or more processors, a memory in which one or more programs to be executed by the one or more processors are stored, a queue manager configured to receive a security detection request including a detection target file, a plurality of detectors configured to perform a security detection operation on the target detection file, and an operation distributor configured to acquire detection policy information related to the detection target file and distribute the detection target file received from the queue manager to one or more of the plurality of detectors based on the detection policy information.

Abstract: A method, controller, and non-transitory computer-readable medium of a distributed crypto-ledger network, including receiving an instruction to perform an operation between a first user and a second user, the first user corresponding to a first entity that is a member of the distributed crypto-ledger network, the instruction comprising a destination address corresponding to the second user, querying a top-level name registry with the destination address to determine a second entity associated with the destination address, the second entity being a different member of the crypto-ledger network, and executing the operation between the first user and the second user by transmitting execution instructions to the first entity and the second entity, the execution instructions causing a first entity controller to modify data stored on a first distributed crypto-ledger of the first entity, and causing a second entity controller to modify data stored on the second distributed crypto-ledger of the second entity.

Abstract: Access to a shared library API is restricted for a customer application by a security system. A profile for each of a plurality of trusted applications is generated and stored in a security database. When a customer application attempts to access the shared library API, the customer application is verified by extracting a customer application profile for the customer application, comparing the customer application profile with each stored trusted application profile, and verifying that the customer application can access the shared library API based on the comparison. Based on the verification, the customer application may be allowed to or access to the shared library API or may be prevented from accessing the shared library API.

Abstract: A secret computation system is a secret computation system for performing computation while keeping data concealed, and comprises a cyphertext generation device that generates cyphertext by encrypting the data, a secret computation device that generates encrypted basic statistics by performing secret computation of predetermined basic statistics using the cyphertext while keeping the cyphertext concealed, and a computation device that generates decrypted basic statistics by decrypting the encrypted basic statistics and performs predetermined computation using the decrypted basic statistics.

Abstract: Containers can be managed for cryptanalysis attack protection. For example, a computing system can receive, from a container, a description specifying a first hardware requirement for the container. The computing system can restrict access to hardware based on the first hardware requirement for the container. The computing system can perform, for a data object requested by the container, an encryption operation and a decryption operation using the hardware. A result of the encryption operation can be inaccessible to the container prior to the decryption operation.