Abstract: A storage system in one embodiment comprises a plurality of storage devices and a storage controller. The storage controller is configured to generate a plurality of snapshots of a storage volume of the storage system at respective different points in time, to monitor a differential between a given one of the snapshots and the storage volume, and to generate an alert indicative of at least a potential ransomware attack on the storage system based at least in part on the monitored differential satisfying one or more specified conditions. The one or more specified conditions illustratively comprise a specified minimum amount of change in the storage volume relative to the given snapshot of the storage volume. Compressibility of the storage volume is also taken into account in generating the alert in some embodiments. The storage controller illustratively initiates restoration of the storage volume utilizing a selected snapshot responsive to confirmation of an actual attack.

Abstract: An embodiment of the invention may include a method, computer program product and system for secure authentication within a communication protocol session. The embodiment may include retrieving, by a client computer of the TLS session, a challenge string associated with the TLS session. The embodiment may include generating, by the client computer, a first digest based on the challenge string and authentication information of a user of the client computer. The embodiment may include sending, by the client computer, the first digest to a server of the TLS session. The retrieving, generating and sending, by the client computer, are carried out after the TLS session has been established between the client computer and the server.

Abstract: A monitoring system is disclosed. The monitoring system includes a monitoring server that is configured to receive a personally identifying code from a visitor to a property monitored by the monitoring system. The monitoring system includes one or more sensors that transmit sensor data to the monitoring server and that are configured to capture a biometric identifier from the visitor to the property monitored by the monitoring system. The monitoring system is configured to compare the received personally identifying code to a stored personally identifying code. The monitoring system is configured to compare the received biometric identifier to a stored biometric identifier. The monitoring system is configured to determine a likelihood that the visitor is the known person. The monitoring system is configured to determine that the likelihood that the visitor is the known person does not satisfy a threshold. The monitoring system is configured to generate an alarm condition.

Abstract: The invention concerns a method for decrypting data sent by a first user having at least a first role in a first entity, the first entity comprising at least the first user and a first instance, to a second user having at least a second role in a second entity, the second entity comprising at least the second user and a second instance, the data being encrypted using a symmetric encryption key, the symmetric encryption key being encrypted using a public key of an asymmetric key pair comprising a private key and a public key, wherein the asymmetric key pair is associated with the second role of the second user, and the encrypted data is associated with a transmission ID, the method furthermore involving the use of an element for electronic or digital identification and authentication identifying the second user in his second role and being unique to the second role. The invention also concerns a corresponding method for encrypting data.

Abstract: Systems, methods, and media for connecting using aliases. During operation, such as an API, an operation is called that utilizes a connection to a remote device. When this operation is attempted, information may be requested to complete the connection. The information may include credentials or connection information about a target device for the connection. An appropriate alias is used to request the suitable information.

Abstract: Qwyit® Authentication and Encryption Service serves as a direct replacement of Transport Layer Security. Applications can place a small code segment within their communications protocol, resulting in authenticated and encrypted message traffic with the features of TLS while adding additional improvements as set forth herein. QAES provides a direct next generation replication and enhancement of the current, only global secure communications framework. QAES provides the same features, benefits, authentication (embedded) and data security (stream cipher) for communications traffic using the Qwyit® Directory Service key store. The combination of features and properties provide a simple, straightforward way for any application to incorporate secure communications. The unique, superior Qwyit® protocol delivers where TLS fails: embedded security without any need for additional bandwidth, processing power or cumbersome user requirements.

Abstract: Disclosed are a system, method and devices for simultaneous MACsec key agreement (MKA) negotiation between the devices. The present application controls a basic TLV message exchange between supplicant and authenticator in case of race condition to establish the secure association key (SAK) channel. The present application by controlling a basic TLV message exchange enables to establish a secure channel in race condition and achieves a high reliability of the product as this makes product launch MACsec services quickly and available for the service. Accordingly, when both sides (two supplicants) exchange hello with basic TLV at the same time, triggering the race condition, drops first message from the authenticator at supplicant and update the peer MN and the supplicant will not send reply. The authenticator when send next message (basic+potential peer TLV) with peer MN incremented by 1, the supplicant will respond with incremental message with live peer TLV.

Abstract: A challenge/response authentication procedure determines whether a response is a correct response, a unique incorrect response, or a non-unique incorrect response, the unique incorrect response and non-unique incorrect response being differentiated by comparing the response value with a store of unique incorrect response values. For the correct response, client access to protected computer system resources is allowed, and the challenge value is discarded so as not to be used again. For the unique incorrect response, (1) when a predetermined limit of unique incorrect responses has not been reached, then the response value is added to the store of unique incorrect response values and the process is repeated with reuse of the challenge value, and (2) when the predetermined limit has been reached, then the client is locked out. For the non-unique incorrect response, the process is repeated with reuse of the challenge value.

Abstract: A retrieval device for secure retrieval of optical information for a first device from a light source of a second device includes, a housing made from at least one material which is opaque for the light emitted from the light source. The housing is arranged to contain the light from at least a part of the light source. The retrieval device includes an attachment adapted to detachably attach the housing to the second device, a light receiver arranged to receive optical information from the light source, said light receiver located inside the housing, and a connector arranged to transfer an optical and/or electrical signal from the light receiver to the first device.

Abstract: A fork in a block chain data structure is identified, the block chain data structure including a first set of blocks each describing a respective transaction. The fork includes a first branch beginning with a first block and a second branch beginning with a different second block. The first branch includes a first set of blocks comprising at least the first block, and the second branch includes a second set of blocks including at least the second block. A determination is made, based on a consensus protocol, that the second branch is to be discarded. Accordingly, a meta block is generated to identify and describe the second branch. The meta block is to be included in a meta block chain data structure. The meta block chain data structure is separate from the block chain data structure and comprises meta blocks to record orphan branches of the block chain data structure.