Abstract: A method for detecting ransomware. A set of control files in a set of locations in a file system is checked, by a computer system, in response to an event, wherein the set of control files has a set of extensions targeted by the ransomware. In response to detecting a change in any of the set of control files, a file copying process for the file system is disabled by the computer system.

Abstract: A method for shared secret agreement with forward secrecy includes generating a first plurality of bits of data using a cryptographically secure pseudo-random number generator applied to a node seed value and at least one index value, transmitting the first plurality of bits of data through a shared communication medium simultaneously to transmission of a second plurality of bits of data from a second node, identifying shared secret data with the second node using a portion of the first plurality of bits of data that are logical complements of the second plurality of bits of data, generating a shared seed value using a cryptographically secure one-way function applied to the shared secret data, and generating an updated node seed value using the cryptographically secure one-way function applied to the node seed value to replace the node seed value.

Abstract: Methods and systems for monitoring activity on a network. The systems may include a host computer executing a non-honeypot service. The host computer may also include a control module configured to enable or disable a honeypot service on the host computer in response to at least one of computational resource availability and configured tolerance for degraded service.

Abstract: The technology disclosed relates to reducing error in security enforcement by a network security system (abbreviated NSS). The NSS classifies incoming connection access requests as loss prevention inspectable or connection preserving by determining their conformance or non-conformance with semantic and content requirements of HTTP and HTTPs protocols. The NSS forwards the loss prevention inspectable connection access requests to a data inspection and loss prevention appliance (abbreviated DILPA) for deep inspection. The NSS directly sends the connection preserving connection access requests to the destination servers, preventing connection termination and error generation.

Abstract: The goal of detecting modifications, such as unauthorized modifications for example, of the code and/or behavior of an embedded device (e.g., unexpected/unauthorized remote reprogramming, re-flashing), changes to code at run-time (e.g.

Abstract: An encryption method is provided. According to the encryption method, a scaling factor may be reflected in a message and then, a homomorphic ciphertext may be generated using a public key. The generated ciphertext is, when decryption is performed, generated in a form that a result value obtained by adding an error value to a value obtained by reflecting the scaling factor in the message is restored. Accordingly, a homomorphic ciphertext capable of being computed in a ciphertext state can be effectively generated.

Abstract: The profiling and fingerprinting of communication and control (C&C) infrastructure is disclosed herein. An initial C&C profile is transmitted to a first network monitoring system. The initial C&C profile includes a domain corresponding to a C&C channel, and a pattern corresponding to the C&C channel. At least in part in response to information received from a second network monitoring system, the initial C&C profile is revised. An updated C&C profile is transmitted to the first network monitoring system.

Abstract: Provided is a method for establishing and maintaining a user loyalty metric to accesses a plurality of robotic device functions including: receiving biometric data associated with a user; authenticating the user; providing a time access memory, wherein the time access memory comprises a plurality of memory cells; assigning a predetermined time slot to each of the plurality of memory cells, wherein each of the plurality of memory cells is available for writing only during the predetermined time slot, after which each memory cell is made read-only; storing the biometric data of the user if the user is authenticated within a currently available memory cell of the time access memory; increasing the user loyalty metric if the user is authenticated; and, providing access to the plurality of robotic device functions in accordance with the user loyalty metric.

Abstract: A control device performs an admissions control process with a first device to determine whether the first device is authorized to communicate over the communication fabric that supports memory semantic operations.

Abstract: A secured storage system includes a non-volatile memory and a controller. The non-volatile memory is configured to store a first data item and a respective first version identifier assigned to the first data item. The controller is configured to receive a second data item accompanied by a second version identifier and a signature, for replacing the first data item in the non-volatile memory, to authenticate at least the second version identifier using the signature, to make a comparison between the stored first version identifier and the second version identifier, and to replace the first data item with the second data item only in response to verifying that (i) the second version identifier is authenticated successfully, and (ii) the second data item is more recent than the first data item, as indicated by the comparison between the stored first version identifier and the authenticated second version identifier.

Abstract: Systems are provided for facilitating the disclosed methods for performing event storage and diagnostic processing within a hybrid cloud environment. Event records are gathered and batched at an on-premises server. The event records are also appended with correlation vector data that enables the event records to be correlated with other events. The batch of event record batches are signed with a security key associated with a cloud storage container and the on-premises server is restricted to writing the batch of event records to the container. In some instances, the size of the batch is based on a duration of time for collecting records, which can be adjusted to accommodate for missing data.

Abstract: Access to a provider's restricted resources for users who are not directly associated with the provider but who are permitted to access the restricted resources based on the users' affiliation with a third-party subscriber is provided. An example affiliation is a university student's (user's) affiliation with a university (third-party subscriber). A user's identity can be authenticated by the third party, and the user's access entitlements can be authorized by the third party based on the third party's authorization policies and by an authorized distributor of the restricted resources of which the third party is a subscriber based on the distributor's authorization policies. An access decision is made by a policy enforcement service based on the authorization access decisions made by the third party and by the authorized distributor. The provider allows the user access to its otherwise restricted resources based on a permit decision made by the policy enforcement service.

Abstract: There is a provided a digital identity network interface system that may include a communications module and a processor. The processor may be configured to: receive a signal representing a digital identity request, the digital identity request defining one or more scopes associated with the request, at least one of the scopes identifying a data type associated with the request; generate a query based on the scopes by translating at least one of the scopes into a query having a query format associated with a digital identity network, the digital identity network storing data associated with a plurality of users; send a signal representing the query to the digital identity network; send a link to an authorization device; after successful authentication, obtain data associated with the digital identity request from the digital identity network; and release at least some of the data.

Abstract: An exemplary system, method and computer-accessible medium for determining a starting point of a header field(s) in a network packet(s) can be provided, which can include, for example receiving the network(s) packet, determining a header location of the header field(s) in the network packet(s), determining a delimiter location of a delimiter(s) in the network packet(s), and determining the starting point of the header field(s) based on the header and delimiter locations. The header location can be determined using a header finder module. The delimiter location can be determined using a delimiter finder module. The header and delimiter locations can be determined using a plurality of comparators arranged into a plurality of sets.

Abstract: A proof-of-work system where a first party (e.g., a client computer system) may request access to a computing resource. A second party (e.g., a service provider) may determine a challenge that may be provided to the first party. A valid solution to the challenge may be generated and provided for the request to be fulfilled. The challenge may include a message and a seed, such that the seed may be used at least in part to cryptographically derive information that may be used to generate a solution to the challenge. A hash tree may be generated as of generating the solution.

Abstract: A method includes determining, by a tracker controller of a hardware security module, that a first processor has submitted a first request to access a computing resource. The method also includes determining, by the tracker controller, whether the first request and a second request both request access to the same computing resource. The second request is submitted by a second processor. The method also includes preventing access to the computing resource based on a determination that the first request and the second request do not request access to the same computing resource. The method also includes permitting access to the computing resource based on a determination that the first request and the second request both request access to the same computing resource.

Abstract: Systems and methods are provided for sending and receiving encrypted submessages. Messages could be partitioned into a plurality of submessages based on the content of a message, and such submessages could be individually encrypted and sent over a network. The partitioning could be based on various standards and/or heuristics. In the sending process, submessages could be designated to travel over different networks and networks of different types. Such submessages could then be received and reassembled in spite containing overlapping content with respect to each other, having to contend with copies of submessages, and having accompanying related content (e.g., advertisements) and non-related content (e.g., random bits). Moreover, the sending process could also be performed in real time or in a batched manner, depending on the implementation.

Abstract: Disclosed embodiments relate to website hosting implemented in a server environment. Operations include co-hosting, on a hosting server, a plurality of websites generated by a plurality of users; making available to the plurality of users common editing tools; preventing at least some of the plurality of users from altering co-hosted specific websites generated by others of the plurality of users; generating an interface for enabling the at least one subset of the plurality of users to upload to the hosting server plugin code associated with plugins for the co-hosted specific websites generated by the at least one subset of the plurality of users; storing the user-uploaded plugin code; and securely enabling, using an isolation mechanism, at least one of execution of front-end plugin functionality code at the client or execution of back-end plugin functionality code at the plugin server.

Abstract: A Personated Reality Ecosystem System enables real-time interactions between Users and Personated Virtual Assistants (PVA) acting on behalf of the User. The PVA is a computer-generated character, an animated virtual human, combined with artificial intelligence and a unique digital identity that is authenticated and authorized using blockchain technologies. A PVA when initially created is not unique hence is referred to as a GenericPVA. A GenericPVA can undergo a process that makes it unique transforming it into a UniquePVA. The PVA looks, behaves, communicates, thinks, reasons and learns, like a human being displayed on a computer screen or other visual representation. UniquePVAs are paired with Users utilizing secure blockchain technologies ensures the UniquePVA only accepts orders from the User they are paired with.

Abstract: The invention relates to a method for transmitting data implemented between a terminal and an integrated circuit, said terminal and said integrated circuit communicating by means of an interface for transmitting and receiving data. According to the invention, said method comprises at least one iteration of the following steps, implemented by the terminal, generating (10) a command intended for said integrated circuit, said command comprising a command header; encrypting (20) said command (CX), delivering an encrypted command (CC); creating (20) a second command (CY), said command comprising a command header and data, said data being constituted at least partly by said encrypted commands (CC); transmitting (40) said second command (CY) to said integrated circuit.