Abstract: Described herein are systems and methods to provide lawful interception (LI) of infrastructure state in a manner known only to law enforcement. A bare-metal cloud (BMC) control module is provided to an end user to allow user configuration and management for a set of one or more physical resources that form a BMC instantiation for the end user. An LI policy and control module may be used for data traffic tracking or hardware monitoring inside the BMC instantiation upon one or more conditions are met. Upon activation, customizable hardware monitoring may be implemented unbeknownst to the end-user. Such a technique of offering customizable bare-metal level LI service unbeknownst to end-users may enable new kinds of infrastructure interception methods.

Abstract: An apparatus comprises a network node, a random number generator, and a message generator to schedule transmission of a beacon message, wherein an administrative rule engine applies appropriate security safeguards to modify PII collection policies of the node. The node having an application collecting data to reside in at least one segregated data storage. The application comprises a distinguishing module, a de-identification module, an anonymization module, a minimum collection module, a minimum retention module, and a categorization module. The random number generator generates random times for transmitting the beacon message and for generating random channels for transmitting the beacon message.

Abstract: Disclosed herein are methods, systems, and processes to perform live deployment of deception computing systems. An imminent or ongoing malicious attack on a protected host in a network is detected. In response to detecting the imminent or ongoing malicious attack, personality characteristics of the protected host are cloned and a honeypot clone based on the personality characteristics is generated. The honeypot clone is then deployed in the network. A determination is made that the malicious attack includes an interactive session between an attacker associated with the malicious attack and the protected host, and a live state transition is performed between the protected host and the honeypot clone using agent data if the interactive session includes an encrypted protocol or using session state data if the interactive session does not include the encrypted protocol.

Abstract: A protocol security system includes a protocol producer driver stored in a first memory range on a primary memory system, a protocol consumer driver stored on the primary memory system, and a firmware interface engine provided via the primary memory system. The firmware interface engine receives a protocol pointer from the protocol consumer driver, and identifies that the protocol pointer was provided by the protocol producer driver. If the firmware interface engine determines that the protocol pointer is not stored in the first memory range on the primary memory system, it generates a protocol security violation. If the firmware interface engine determines that the protocol pointer is stored in the first memory range on the primary memory system and points to an architectural protocol, it determines whether the protocol producer driver originated from a secondary memory system and, if not, generates a protocol security violation.

Abstract: Systems and methods relating to a platform for creating, monitoring, updating, and executing legal agreements for data files such as a collaborate digital media file using associated metadata. The platform enables music publishing agreements to be generated automatically by taking metadata from a DAW (digital audio workstation) that reflects the activity and contributions of each author associated with a file. Authorship metadata can be recorded on a ledger or blockchain by the platform. The platform enables calculation and disbursement of royalties to be automated by algorithmic determination of terms of an authenticated smart contract using authorship metadata for an associated media file generating the royalty. Authors may concurrently contribute from across a variety of different DAWs, local and remote, and computing resources may be distributed by the platform.

Abstract: Disclosed herein are methods, systems, and processes for dynamically deploying deception computing systems based on network environment lifecycle. Lifecycle metadata associated with protected hosts in a network is retrieved. A configurable ratio of honeypots to the protected hosts is accessed. One or more honeypots are deployed based on: the configurable ratio if the lifecycle metadata can be retrieved or determined, or on a schedule if the lifecycle metadata cannot be retrieved or determined, but can be estimated.

Abstract: System and methods for replicating and enforcing license information in a computer cluster are described. The method may include: receiving, by a core-node in the computer cluster, a plurality of peer-license-info from a plurality of peer-nodes selected from a plurality of cluster nodes. Each of the plurality of peer-license-info may include license-info collected by and associated with a corresponding one of the plurality of peer-nodes. The method may include generating, by the core-node, a first cluster-license-info based on the plurality of peer-license-info. The method may further include propagating, by the core-node, the first cluster-license-info to each of the plurality of peer-nodes. The first cluster-license-info is configured for detecting license violations among the plurality of cluster nodes.

Abstract: Systems and methods for endpoint context-driven, dynamic workspaces are described.

Abstract: A computer-implement method comprises: selecting a trusted computing node via smart contract on a blockchain; completing remote attestation of the selected trusted computing node; writing secret information to an enclave of the selected node; causing a thin device to establish a private connection with the selected node without revealing the secret information; and causing the selected node to act as a proxy on the blockchain for the device. Another method comprises: receiving a signed device access request from a device owner; validating, by a verification node, the received request; executing, by a verification node, a smart contract on a blockchain based on the received request; and producing, based on the executed smart contract, an output command to access the device for the device to validate, decrypt and execute.

Abstract: Disclosed examples include accessing impression data collected at a media device by a collector installed with an application, the impression data including a first identifier, a second identifier, and a media identifier, the first identifier to identify at least one of the media device or a user of the media device to a first database proprietor, and the second identifier to identify the at least one of the media device or the user of the media device to a second database proprietor, the collector to obtain the first and second identifiers from a memory of the media device; requesting first demographic information from the first database proprietor based on the first identifier and second demographic information from the second database proprietor based on the second identifier; and storing at least some of the first or second demographic information in association with the media identifier in a data store.

Abstract: A computer system including a memory, a network interface, and at least one processor is provided. The at least one processor can transmit, via the network interface, a first message to a server application to initiate a handshake process; receive, via the network interface, a first copy of a security certificate from the server application; determine whether the first copy is valid; store, in response to a determination that the first copy is valid, the first copy in the memory; establish an initial secure connection to the server application; transmit, via the network interface, a second message to the server application to request a subsequent secure connection to the server application; receive, via the network interface, a second copy of the security certificate from the server application; determine whether the second copy matches the first copy; and establish the subsequent secure connection to the server application.

Abstract: Systems, methods, and hardware devices for routing traffic between first and second electronic devices are arranged such that anonymities of the first and second electronic devices are maintained. This includes coupling the first and second electronic devices to a network having a plurality of routers, each of which includes a trusted execution environment (TEE) circuit. Each TEE includes a secure routing protocol, a routing table, and an attestation circuitry. Cryptographically secured channels are formed between pairs of the routers that terminate at the TEE. Each of routers executes an attestation procedure, and an ad hoc path is generated within the network based upon the secure routing protocol, the routing table, and the attestation procedure, wherein the ad hoc path includes a subset of the plurality of routers of the network. Traffic is routed between the first electronic device and the second electronic device via the ad hoc path.

Abstract: Techniques are described that enable a user to create and use a secret user account on a social networking system that is undiscoverable by other user accounts unless invited to interact by the secret account. In some cases, a social networking system receives a request to create a secret account, and creates the secret account. The social networking system may provide, in association with the secret account, account settings for the secret account that cause the social networking system to exclude the secret account from search results on the social networking system, and obscure activity by the secret account from a first user account. The social networking system may cause presentation of a control in a user interface associated with the secret account to invite a second user account to interact with the secret account.

Abstract: The present disclosure relates to network security software cooperatively configured on plural nodes to authenticate and authorize devices, applications, users, and data protocol in network communications by exchanging nonpublic identification codes, application identifiers, and data type identifiers via pre-established communication pathways and comparing against pre-established values to provide authorized communication and prevent compromised nodes from spreading malware to other nodes.

Abstract: A server includes a service processor hosted by a baseboard management controller (BMC) and independent of a CPU of the server. The service processor performs a set of monitoring tasks including performing a deep packet analysis on at least a subset of incoming packets. The deep packet analysis includes maintaining state information about the packets, examining the state information to identify an order in which the packets arrived, reassembling the packets into a new arrival sequence that is different from the order in which the packets arrived, matching the new arrival sequence to attack patterns stored in an attack pattern database, and upon the new arrival sequence matching an attack pattern, adding source Internet Protocol (IP) addresses associated with the packets to a blacklist.

Abstract: A system for encryption includes a message management module (MMM); a restricted secret server (RSS) including a restricted secret server network interface (RSS-NI) connected to the MMM and including at least one very large key (VLK) module. The system uses Terakey™ an encryption system whose intrinsic security can be demonstrated from first principles, without making assumptions about the computational difficulty of mathematical problems, such as factoring large integers or computing logarithms in finite groups. It employs a key that is much larger than the anticipated volume of message traffic. The large size of the key also reduces the risk of side channel attacks and facilitates realistic security measures to maintain a secure chain of custody for the key.

Abstract: A system and method for bot detection utilizing storage variables are presented. The storage variables generated is used to analyze user behavior and distinguish human traffic from bot traffic. The system for detecting bot traffic using storage variables includes a client application, a computer network, a bot detector, a bot computer, a storage variable generator, and a server. The client device enables a user to access information through the client application. The storage variable generator is configured to generates a plurality of storage variables including counter storage variable. The bot detector analyses the presence of bots in incoming traffic.

Abstract: Systems and methods are provided for data security grading. An exemplary method for data security grading, implementable by a computer, may comprise receiving a request to access a query data field, searching for the query data field from a security level table, in response to finding the query data field from the security level table, obtaining from the security level table a security level corresponding to the query data field, and in response to not finding the query data field from the security level table, determining a security level corresponding to the query data field based at least on a lineage tree and the security level table. The lineage tree may trace the query data field to one or more source data fields, and the security data level table may comprise one or more security levels corresponding to the one or more source data fields.

Abstract: Systems, methods, and apparatuses for implementing super community and community sidechains with consent management for distributed ledger technologies in a cloud based computing environment are described herein.

Abstract: A network security attack misdirection line-replaceable unit for installation on an aircraft and connected to an onboard data network include a local network interface to the onboard data network. A local simulation server accepts incoming access requests accompanied by an access credential from an attacker client device, and is responsive thereto with either a simulated access denial response or a simulated access grant response. Delays between receipt of the access request and to the access denial response is progressively increased with each presentation of the access credential.