Abstract: Aspects described herein may allow for authenticating a user by generating a customized set of authentication questions based on patterns that are automatically detected and extracted from user data. The user data may include transaction data collected over a period of time. By automatically detecting user patterns that correspond to user behavior over a period of time, an authentication system may be able to generate information that is recognizable to an authentic user but difficult to guess or circumvent for any other user.

Abstract: A network node selectively encrypts messages between a user plane node and a control plane node in a network system. The user plane node and the control plane node negotiate a connection and indicate an encryption level for the connection. The encryption level is selected from an Information Element (IE) level, a message level, or a feature level. The user plane node and the control plane node selectively encrypt at least a portion of the messages between the user plane node and the control plane node based on the encryption level for the connection.

Abstract: The present embodiments relate to identifying and mitigating memory bit flips in a cloud infrastructure service. The cloud infrastructure service can provide a monitoring system to monitor low level memory space to detect bit flips by the DRAM instances in the cloud infrastructure service. The bit flips detected in various DRAM computing instances can be processed to verify that the bit flips are sustained (e.g., and possibly relating to a Rowhammer attack) rather than transitory bit flips occurring in DRAM computing devices. Responsive to validating a set of bit flips at one or more computing instances, workloads associated with the affected computing instances can be migrated to other computing instances in the cloud infrastructure service.

Abstract: Disclosed are implementations, including a method that includes monitoring dataflow streams in a network comprising multiple computing nodes, and determining network security characteristics for a dataflow stream, from the monitored dataflow streams, relating to security, authentication, and access events for accessing, via the dataflow stream, one or more of the multiple nodes. The method further includes determining potential violations by the dataflow stream of security policies defined for operation of the network, access functionality for the network, or identity attributes used by the network, based, at least in part, on the determined network security characteristics for the dataflow stream, and based on network-operation data comprising one or more of network security data, network identity data, and network access data. The network-operation data is stored in one or more data storage units in the network, and is configured to manage network access and operation for the multiple computing nodes.

Abstract: A method, controller, and non-transitory computer-readable medium of a distributed crypto-ledger network, including receiving an instruction to perform an operation between a first user and a second user, the first user corresponding to a first entity that is a member of the distributed crypto-ledger network, the instruction comprising a destination address corresponding to the second user, querying a top-level name registry with the destination address to determine a second entity associated with the destination address, the second entity being a different member of the crypto-ledger network, and executing the operation between the first user and the second user by transmitting execution instructions to the first entity and the second entity, the execution instructions causing a first entity controller to modify data stored on a first distributed crypto-ledger of the first entity, and causing a second entity controller to modify data stored on the second distributed crypto-ledger of the second entity.

Abstract: Systems, related methods and other means for providing the securing of web site source code are provided herein. The system and methods may be configured to poll a client device and/or to otherwise determine whether a debugging console is active on a client device and deny access to the JavaScript and source code if the debugging console is active. Additionally or alternatively, the system and methods may receive a request to access the source code form a client device, and may determine whether the request is from a trusted referrer and whether the debugging console is active. When the request is from an untrusted referrer, and/or when the debugging console is active the system and method can deny access to the source code. When the request is from a trusted referrer and the debugging console in inactive, the system and method can grant access to the source code.

Abstract: A computer-implemented method of monitoring security of a set of computing devices in a distributed system, the distributed system having a plurality of computing devices, in communication with one another over a network, by a security software running in a computer node. The method includes comparing an app signature of the application running in a selected one of the set of computing devices to a reference app signatures generated from a respective functional replica of the application.

Abstract: Systems and/or methods of the present disclosure enable ledger interoperability using a controller to perform an operation between a first user and a second user on separate entity-specific distributed ledgers, where the separate entity-specific distributed ledgers are both operatively linked to a membered common distributed ledger. The controller burns a first quantity of first entity-specific tokens from the first entity-specific distributed ledger and mints a second quantity of the common tokens on the membered common distributed ledger, where the first quantity of first entity-specific tokens and the second quantity of the common tokens represent an equivalency. The controller moves the second quantity of common tokens from a first encrypted storage to a second encrypted storage of the membered common distributed ledger, burns the second quantity of the common tokens and mints a third quantity of the second entity-specific tokens on the second entity-specific distributed ledger to complete the operation.

Abstract: Systems, methods, and storage media for abstraction and enforcement of protected resources in an identity infrastructure are disclosed. Exemplary implementations may: identify one or more protected resources for one or more identity domains of an identity infrastructure; receive, at the identity infrastructure, a dataflow pertaining to first identity data for a first identity domain; request the first identity session based at least in part on the first identity data; receive a request to access a first protected resource of the one or more protected resources; accept the first identity session by the first protected resource; and provide the first user access to the first protected resource.

Abstract: Various arrangements relate to a method performed by a processor of a computing system. An example method includes tokenizing a first value using a tokenization algorithm to generate a first token. The first value and first key are inputs of the tokenization algorithm. A message is generated. The message includes a first value identifier associated with the first value and a first key generation identifier associated with the generation of the first key. The message is associated with the first token. A second key is generated. A second value is tokenized using a tokenization algorithm to generate a second token. The second value and second key are inputs of the tokenization algorithm.

Abstract: Embodiments are directed to systems that attempt to establish trust in relation to operations on a customer endpoint of a computer network. The systems monitor, in real-time, operations to file systems, registries, application processes and threads, and OS kernels at the customer endpoint. The systems maintain compute components affected by the operation in a quarantine state. The systems then attempt to establish trust in the affected compute components (e.g., by applying rule-based policies). The systems remove the affected compute components from the quarantine state, if trust of the one or more affected compute components is established. The systems execute callback routines to mitigate results of the operation, if trust of the affected compute components is not established.

Abstract: Methods, systems, and apparatus for transmitting qubits encoding quantum information with reduced risk of interception from an eavesdropper. In one aspect, a method includes encoding quantum information into an information qubit; encrypting the information qubit, comprising performing i) a parity operation on the information qubit and a parity control qubit and ii) a phase operation on the information qubit and a phase control qubit; performing, by a sender party, a sequence of one or more quantum logic gates on the phase control qubit; sending the information qubit, parity control qubit, and phase control qubit to a recipient party; and sending data identifying the sequence of one or more quantum logic gates to the recipient party, wherein the recipient party obtains the quantum information encoded into the information qubit using the information qubit, parity control qubit, phase control qubit, and data identifying the sequence of one or more quantum logic gates.

Abstract: Systems and methods as provided herein may create a biometric model associated with a user. The created biometric model may be used to generate challenges that are presented to the user for authentication purposes. A user response to the challenge may be compared to an expected response, and if the user response matches within a predetermined error of the expected response, the user may be authenticated. The systems and methods may further generate challenges that are adaptively designed to address weaknesses or errors in the created model such that the model is more closely associated with a user and the user is more likely to be the only person capable of successfully responding to the generated challenges.

Abstract: Methods and systems for network communication are disclosed. Proxy information may be received. The proxy information may facilitate a gateway device communicating as a proxy for a user device.

Abstract: The implementation of application layer-based and transport-layer based security rules via a reverse proxy server chain is described. Each reverse proxy server in the chain is configured to perform a particular function with respect to client messages intended for a destination server and/or convey contextual information pertaining to the messages to a subsequent reverse proxy server in the chain. For instance, a first reverse proxy server in the chain is configured to include client-specific metadata in the transport layer of the message. A second reverse proxy server in the chain enforces transport layer-based policy rules based on the metadata. This enables the second reverse proxy server to manage transport layer connections on a client-by-client basis, thereby enabling the second reverse proxy server to block unauthorized clients, while maintaining the transport layer connections for authorized clients. A third reverse proxy server in the chain enforces application layer-based policy rules.

Abstract: One example method includes contacting, by a client, a service, receiving a credential from the service, obtaining trust information from a trust broker, comparing the credential with the trust information, and either connecting to the service if the credential and trust information match, or declining to connect to the service if the credential and the trust information do not match. Other than by way of the trust information obtained from the trust broker, the client may have no way to verify whether or not the service can be trusted.

Abstract: A method is provided for automating management of automatic renewal of a public key infrastructure (PKI) certificate issued by a certificate authority (CA) for a subscriber. The method includes steps of causing the subscriber to (i) transmit a first alert to a management entity for initiating renewal of the PKI certificate, and (ii) transmit a certificate signing request (CSR) to a registration authority (RA) for issuance of a renewal certificate. The method further includes steps of (iii) transmitting, from the RA to the CA, the CSR signed by the RA, (iv) receiving, at the RA from the CA, an issued renewal certificate signed by the CA, (v) sending, from the RA to the subscriber, the issued renewal certificate signed by the CA, and (vi) causing the subscriber to transmit a second alert to a management entity indicating renewal of the PKI certificate.

Abstract: A computer-implemented method for protecting data on devices may include (i) identifying a device that is operated by a user and that comprises private data pertaining to the user, (ii) determining that stalkerware on the device is sending the private data to an unauthorized device not operated by the user, (iii) requesting, in response to determining that the stalkerware is sending the private data to the unauthorized device, that the user select at least one safety plan step from a set of safety plan options, and (iv) modifying, at least in part based on the safety plan step selected by the user, outgoing data sent by the stalkerware to the unauthorized device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Implementations of the present disclosure include providing a graph that is representative of an enterprise network and includes nodes and edges, a set of nodes representing assets within the enterprise network, each edge representing a lateral movement path between assets, determining, for each asset, a contribution value indicating a contribution of an asset, determining lateral movements paths between a first asset and a second asset, providing a lateral movement path value representative of a difficulty in traversing a respective lateral movement path, identifying a set of remediations based on remediations defined for one or more vulnerabilities associated with issues identified for assets, each remediation mitigating a cyber-security risk within the enterprise network, and prioritizing the two or more remediations based on contribution values of assets, lateral movement path values of paths, and one of lateral movement complexity values of respective segments of paths and costs of respective remediation

Abstract: Embodiments provide for distributed transaction-based provenance tracking of agricultural data, secured access to authorized user accounts, auditability of the data, and transactional oversight of the data when exchanged between user accounts. A distributed ledger network including a primary node and a plurality of secondary nodes can store transactions generated based on various operations on or associated with agricultural data, including the certification of select portions of agricultural data collected by a data collection device, commands received from client devices associated with user accounts purchasing or licensing the agricultural data, and detected attempts to access the agricultural data, among other things.