Abstract: Methods and systems for continuously and quantitatively assessing the risk to data confidentiality, integrity, and availability on identified on endpoints, servers, medical devices, and “Internet of things” devices in a networked healthcare environment monitor resource requests by user applications running on the various device. A map of resource usage by each application may be generated. Based on the map and a risk model (e.g., the contents of a risk database), application events associated with risks are detected and resources vulnerable to the risk may be identified.

Abstract: A system and method for facilitating distributed peer to peer storage of data is disclosed. The method includes receiving a request from a user to securely store one or more files, encrypting the one or more files by using one or more primary encryption keys and splitting each of the encrypted one or more files into an encrypted set of data chunks. The method further includes transmitting the encrypted set of data chunks to one or more trustee devices, encrypting a metadata by using a secondary encryption key and receiving a request to securely access the one or more files. Further, the method includes obtaining the encrypted set of data chunks and the secondary encryption key from the one or more trustee devices and creating the one or more files, such that the user is provided access of the one or more files.

Abstract: A one-time password (OTP) based security scheme is described, where a provider pre-generates a number of verification codes (e.g., OTP codes) which will be valid for a predetermined interval. The provider then encodes the verification codes (e.g., by hashing each code with a time value), and stores the verification codes into a data structure. The data structure can be provided to a verification system that can use the set of pre-generated OTP codes to authenticate requests received from users having personal security tokens.

Abstract: Providing a risk analysis report for an undesired event may include identifying an attack type resulting in the undesired event and at least one requirement for a successful attack. Providing the report may further include obtaining protection data associated with protection measures that affect the requirements for a successful attack, performing each simulation in a plurality of Monte Carlo simulations for the attack type a number N of times based on the undesired event, the attack type, and the protection data, and in response to determining that the N performances of a simulation indicate at least one wildcard, performing it an additional N times. Providing the report may also include identifying a vulnerability of the protection measures to the attack type based on the performances of the plurality of Monte Carlo simulations and generating the risk analysis report for the undesired event based on the attack type and the vulnerability.

Abstract: A biometric processor comprises: one or more inputs configured to receive first ear biometric data acquired in respect of a first ear of a user and second ear biometric data acquired in respect of a second ear of the user; a processing module configured to perform a biometric algorithm on the first ear biometric data and the second ear biometric data, based on a comparison of the first ear biometric data to a first stored ear biometric template for an authorised user and a comparison of the second ear biometric data to a second stored ear biometric template for the authorised user, to obtain respective first and second biometric scores; a fusion module configured to apply first and second weights to the respective first and second biometric scores to obtain first and second weighted biometric scores, and to combine at least the first and second weighted biometric scores to generate an overall biometric score, wherein the first and second weights are different to each other; and wherein a biometric result is b

Abstract: A computer implemented method in a system comprising an actor authorization node, an access right storage node and a file record node.

Abstract: A method (500) includes initializing a client state (250) on a client device (120) be executing a private batched sum retrieval instruction (200) to compute c sums O of data blocks (102) from an untrusted storage device (150). Each computed sum O stored on memory hardware (122) of the client device and including a sum of a corresponding subset S of exactly k data blocks. The method also includes a query instruction (300) to retrieve a query block Bq stored on the untrusted storage device by iterating through each of the c sums O of data blocks to identify one of the c sums O that does not include the query block Bq, instructing a service to pseudorandomly partition the untrusted storage device into partitions and sum the data blocks in each partition to determine a corresponding encrypted data block sum (302).

Abstract: Applications of the privacy switch technology are shown for handling data breaches in database systems, thereby providing fundamental improvements to the security and utility of database technology.

Abstract: A method for executing a second-order taint analysis on library code may include generating, by executing a first-order taint analysis on the library code starting at a sink, a first execution path from a load instruction to the sink. The load instruction may perform: reading a first value using a first global identifier. The method may further include determining a store instruction by matching the load instruction and the store instruction. The store instruction may perform: writing a second value using a second global identifier. The method may further include, generating a second execution path from the store instruction to the load instruction, generating, by executing the first-order taint analysis on the library code starting at the store instruction, a third execution path from an entry point to the store instruction, and forming a potential second-order taint flow by joining the first, second, and third execution paths.

Abstract: An application development assistance system in which optimal security measures can be taken at positions in need of security measures under an application development environment using a flow diagram analyzes an input application description file and outputs application data information and module information. A data importance level judgment unit decides importance levels of data exchanged between modules on the basis of the application data information.

Abstract: A device control method includes monitoring location of a first user device of a first user and receiving an indication of a location of a second user device. The method further includes monitoring use of the second user device and determining a first time of use on the second user device. The first time of use on the second user device is allocated to a use time of a second user based on the location of the first user device relative to the location of the second user device, and a functional component of a third user device of the second user is disabled based at least on the use time of the second user.

Abstract: A method may include extracting, from an instruction of a function in source code, (i) a left-hand side (LHS) access path including a first variable and a first sequence of fields and (ii) a right-hand side (RHS) access path including a second variable and a second sequence of fields, determining, using an incoming access path, an outgoing access path for the instruction, determining that the incoming access path subsumes the LHS access path, generating a specialized outgoing access path by appending a field of the LHS access path to the outgoing access path, determining, using the specialized outgoing access path, that an entry access path of the function is reachable from an exit access path of the function, in response to determining that the entry access path is reachable from the exit access path, identifying a potential taint flow from the entry access path to the exit access path.

Abstract: A method for encryption according to an embodiment includes generating a ciphertext for a secret key that is an integer vector by using an integer-based first homomorphic encryption algorithm, generating a key stream that is the integer vector from a nonce and the secret key by using a key stream generator, encoding the key stream by using a message encoding function of the first homomorphic encryption algorithm, encoding a message that is a real vector by using a message encoding function of a real number-based second homomorphic encryption algorithm, generating a ciphertext for the message by using a result of the encoding of the key stream and a result of the encoding of the message, and transmitting the nonce, the ciphertext for the secret key, and the ciphertext for the message to an apparatus for converting a ciphertext.

Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for identifying malicious enterprise behaviors within a large enterprise. At a high level, embodiments of the present disclosure identify sub-graphs of behaviors within an enterprise based on probabilistic and deterministic methods. For example, starting with the node or edge having the highest risk score, embodiments of the present disclosure iteratively crawl a list of neighbors associated with the nodes or edges to identify subsets of behaviors within an enterprise that indicate potentially malicious activity based on the risk scores of each connected node and edge. In another example, embodiments select a target node and traverse the connected nodes via edges until a root-cause condition is met. Based on the traversal, a sub-graph is identified indicating a malicious execution path of traversed nodes with associated insights indicating the meaning or activity of the node.

Abstract: A method for automatic anonymous visitor identity resolution using machine learning, which includes generating a visitor histogram set from visitor events of a visitor event stream that include a visitor identifier and an internet protocol address, filtering a set of user identifiers into a candidate set of user identifiers based on the internet protocol address, obtaining one or more user histogram sets generated from user events that include user identifiers from the candidate set of user identifiers, and mapping the visitor identifier to a user identifier of the candidate set of user identifiers using a machine learning model and a histogram similarity matrix generated from the visitor histogram set, the one or more user histogram sets, and a set of histogram similarity functions. The method further includes presenting a response based on the mapping of the visitor identifier to the user identifier.

Abstract: A system for securing a data set include a computing device that provides access to portions of a data set to different users, and can encrypt the portions by generating encryption keys for each portion using a single mathematical function. The keys are generated by applying a starting point and length to a solution of the mathematical function. The process to generate the decryption keys are provided to the authorized users so that they can view and manipulate only the data set portions they are authorized to access.

Abstract: The technology disclosed includes a system to group security alerts generated in a computer network and prioritize grouped security alerts for analysis. The system includes graphing entities in the computer network as entities connected by one or more edges. Native scores for pending alerts are assigned to nodes or to edges between the nodes. A connection type is assigned to each edge and weights are assigned to edges representing relationship strength between the nodes. The technology disclosed includes traversing the graph starting at starting nodes and propagating native scores through and to neighboring nodes connected by the edges. Aggregate score for a visited node is calculated by accumulating propagated scores at visited nodes with their respective native scores. The technology disclosed forms clusters of connected nodes in the graph that have a respective aggregate score above a selected threshold. The clusters are ranking and prioritized for analysis.

Abstract: A method for resuming a Transport Layer Security (TLS) session in a Service Function Chain comprising a plurality of Service Function nodes coupled to a Service Function Forwarder. A request is received at a first Service Function node to establish a TLS session, and a Pre-Shared Key (PSK) and a PSK identifier that uniquely correspond to the first Service Function node and the TLS session are generated. The PSK identifier is forwarded to one or more of the Service Function Forwarder and the plurality of Service Function nodes. A request to resume the TLS session is received from a client device that previously disconnected. It is determined that the connection request contains the PSK identifier, a second Service Function node is selected, and the TLS session is re-established between the client device and the second Service Function node using the same PSK as the prior TLS session.

Abstract: A system and method for detecting anomalous access to tables is described. A query for accessing a table from a requesting user is received. A set of users similar to the requesting user is determined. The probability that the requesting user should access the table is calculated. Whether the user should be accessing the table based on the calculated probability is determined.

Abstract: An example system includes a processor to receive, at a setup or sign-up, a first cipher including a biometric template transformed using a first transformation and encrypted using a secret key, a second cipher including a security vector encrypted using the secret key, a third cipher including the biometric template transformed using a second transformation and encrypted, and a fourth cipher including an encrypted second security vector. The processor can receive, at a runtime or sign-in, a fifth cipher and a sixth cipher. The processor can verify that the fifth cipher includes a second biometric template transformed using the first transformation and encrypted using the secret key and that the sixth cipher includes the second biometric template transformed using the second transformation by testing a format attribute of the transformation functions using comparisons of inner products.