Abstract: A system and method of verifying a user for participation in a block chain of a distributed network. The method includes receiving, by one or more validation devices of the distributed network, a request for participation in adding transaction records to the block chain, the request being received from a mobile communication device of the user and including behavioral data collected by the mobile communication device. In response to determining that the behavioral data satisfies a human characteristic threshold, determining that the behavioral data is not associated with another device of the distributed network. In response to both those conditions above, verifying the user and enabling the user to participate in the block chain distributed network by adding a block including transaction records to the block chain via the mobile communication device.

Abstract: Systems and methods of Exact Data Matching (EDM) include receiving customer specific sensitive data for a customer, wherein the customer specific sensitive data are converted into a plurality of tokens; receiving a configuration for exact data matching of the plurality of tokens; performing inline monitoring of a user associated with the customer; detecting a presence of one or more tokens of the plurality of tokens based on the inline monitoring; and, responsive to the detecting, performing an action based on the configuration.

Abstract: Systems, methods, and storage media for management of identity systems in an identity infrastructure are disclosed. Exemplary implementations may: install a discovery agent in the identity infrastructure; assess the identity infrastructure by the discovery agent; install an identity fabric in the identity infrastructure based on the assessing; receive, at the identity infrastructure, one or more data flows pertaining to identity data or identity metadata for at least one identity domain/system; manage, by a controller element, control plane operations across one or more elements or agents; manage, by at least one of the agents, the one or more data flows; detect and monitor, by the one or more elements or agents, at least one event linked to the one or more data flows; and assess the identity data or metadata and an associated state across the identity domains in the identity infrastructure based on the detecting and monitoring.

Abstract: A system for noise profile generation includes a customer gateway communicatively coupled to one or more end devices over a communication medium, at least one noise information node communicatively coupled to the customer gateway and programmed to extract noise information present on a communication path from the customer gateway to at least one of the one or more end devices, a noise profile database storing one or more noise profiles, and a noise profile generator. The noise profile generator includes at least one processor and non-transitory computer readable media having a set of instructions executable by the at least one processor to retrieve the extracted noise information associated with the communication path, determine whether the at least one noise characteristic of the extracted noise information matches with one or more noise profiles and identify at least one noise source on the communication path.

Abstract: Method for authenticating at least one ventilator with at least one remote station, wherein the ventilator can connect itself via at least one interface to the remote station, at least one authentication file is stored on the ventilator, the authentication file contains at least one signature code of a signing authority, and a public keycode of the signing authority is known to the remote station, the ventilator sends the authentication file to the remote station when establishing the connection to the remote station, the remote station checks the signature code of the authentication file using the public keycode as to whether the signature code originates from the signing point and the ventilator is authenticated when the remote station recognizes the signature code as originating from the signing authority.

Abstract: Systems and methods of generating a security key for an integrated circuit device include generating a plurality of key bits with a physically unclonable function (PUF) device. The PUF can include a random number generator that can create random bits. The random bits may be stored in a nonvolatile memory. The number of random bits stored in the nonvolatile memory allows for a plurality of challenge and response interactions to obtain a plurality of security keys from the PUF.

Abstract: To achieve an improvement in security in encryption of an image signal obtained through imaging by an array sensor. A sensor device includes: an array sensor in which a plurality of pixels including light-receiving elements for visible light or invisible light are arrayed 1-dimensionally or 2-dimensionally; and an encryption unit configured to encrypt a read signal from the pixels of the array sensor. By encrypting a read signal, it is possible to achieve an improvement in security by enabling the image signal not to be stored in plain text in a memory.

Abstract: The disclosed technology teaches facilitate User and Entity Behavior Analytics (UEBA) by classifying a file being transferred as encrypted or not. The technology involves monitoring movement of a files by a user over a wide area network, detecting file encryption for the files using a trained classifier, wherein the detecting includes processing by the classifier some or all of the following features extracted from each of the files: a chi-square randomness test; an arithmetic mean test; a serial correlation coefficient test; a Monte Carlo-Pi test; and a Shannon entropy test, counting a number of the encrypted files moved by the user in a predetermined period, comparing a predetermined maximum number of encrypted files allowed in the predetermined period to the count of the encrypted files moved by the user and detecting that the user has moved more encrypted files than the predetermined maximum number, and generating an alert.

Abstract: A computer-implemented method can include: a computer program file open request providing read access to text or binary plaintext file data residing on a data storage means; processing the plaintext file data in an input data buffer area following a computer program file data read operation to improve performance by creating a multiplicity of processing threads to perform concurrent, usually non-overlapping encryption processing operations; and an encryption program constructing a previously constructed complex of Pseudo Random Number Generator (PRNG) means to provide on-demand Pseudo Random Number (PRN) values.

Abstract: The disclosed computer-implemented method for dynamic formjacking protection may include identifying a sensitive data input field element on a webform loaded in a browser, creating a secure isolated container overlaid on the identified sensitive data input field element, and collecting, via the secure isolated container, real input data intended for the sensitive data input field element. The method may also include inserting dummy data into the sensitive data input field element and intercepting a form submit request from the webform to a destination. The method may further include determining whether the destination is a trusted destination, and when the destination is determined to be the trusted destination, modifying the form submit request to allow the real input data to be sent to the trusted destination. The method may also include sending the form submit request to the destination. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Embodiments detect identity attacks by comparing usage of compromised passphrases or other weak credentials in failed sign-in attempts to access restriction conditions. A restriction threshold amount of weak credential failed sign-ins (WCFSI) or a WCFSI increase indicates an identity attack, such as a password spray attack. Going beyond the mere number of failed sign-ins by also considering credential strength allows embodiments to detect attacks sooner than other approaches. An embodiment may also initiate or impose defenses by locking accounts, blocking IP addresses, or requiring additional authentication before access to an account is allowed. Weak credentials may include short passwords, simple passwords, compromised passwords, or wrong usernames, for instance. Password strength testing may be used for attack detection in addition to preventive use on passwords proposed by authorized users. Familiar and unfamiliar traffic source locations may be tracked, as sets or individually.

Abstract: In general, this disclosure describes techniques for replacing target cryptographic primitives in executable binary files with other, potentially more secure, cryptographic primitives. In some examples, a computing system for augmenting cryptographic executables includes a locator to determine if an executable program in an executable binary file includes a target cryptographic primitive. The computing system can include a patch generator to generate patch instructions in response to a determination by the locator that the executable program includes the target cryptographic primitive. The patch instructions cause the executable program to execute a replacement cryptographic primitive instead of the target cryptographic primitive. A rewriter engine of the computing system can modify, based on the patch instructions, the executable program to generate a modified executable binary file.

Abstract: Example subscription information configuration methods and a communications device are described. One example method includes receiving a first device identifier by a network device from a first terminal device in a first access mode and receiving a second device identifier from a second terminal device in a second access mode. The network device determines whether the first device identifier matches the second device identifier to identify legality of the first terminal device. If the first device identifier matches the second device identifier, it indicates that the first terminal device is a legal terminal device. The network device sends subscription information of the first terminal device to the first terminal device in the first access mode, so that the first terminal device successfully accesses a network by using the subscription information.

Abstract: Methods and systems for managing distributed systems are disclosed. The distributed systems may include any number of data processing systems that may contribute to the functionality of the distributed system. To contribute to the functionality of the distributed system, each of the data processing systems may need to be configured to positively contribute to one or more functions. To manage configuration of data processing system, intermediate representations of roles may be used to flexibly manage system configuration. The roles may be taken on by independent and dependent data processing systems.

Abstract: Aspects of the disclosure relate to providing a secure collaboration between one or more PCIe accelerators and an enclave. An example system may include a PCIe accelerator apparatus. The PCIs accelerator apparatus may include the one or more PCIe accelerators and a microcontroller configured to provide a cryptographic identity to the PCIe accelerator apparatus. The PCIe accelerator apparatus may be configured to use the cryptographic identity to establish communication between the PCIe accelerator apparatus the enclave.

Abstract: A request to contact a service provider may be received from a client machine. The request may be associated with an identity claim and including a service identifier. The identity claim may be validated via a distributed identity service that includes a plurality of identity nodes in communication via a network. Validating the identity claim may include determining a designated network identifier associated with a distributed identity account shared among the plurality of identity nodes. A service query that includes the service identifier and the designated network identifier may be sent to a plurality of customer relations management services. A communication session may be established between a service provider remote computing system and the client machine. The service provider may store customer relations management information at a designated one of the plurality of customer relations management services.

Abstract: Provided a method for setting up an authorization verification for a first device, for example a field device in an automation system, wherein the first device is configured by configuration data transmitted to the first device from a configuration module that is detachably connected to the first device and, for example, is implemented in the form of an SD card or a USB stick, having: detection of a connection of a configuration module to the first device, reading configuration module-specific device information from the configuration module, requesting configuration module-specific authorization verification for the configuration model-specific device information from the first device in an authorization device, and storing the requested configuration module-specific authorization verification on a security storage unit of the first device.

Abstract: An allowed client server, that is authorized to access a resource server over a given port, receives a client request, from a client computing system, to access the resource server. The allowed client server authenticates and authorizes the request, using an authentication and authorization mechanism, and selects a port with which to communicate with the client computing system. The identity of that port is provided to the client computing system, and a port forwarding mechanism forwards traffic between the client computing system and the resource server, through the client-facing port and to the given port on the resource server.

Abstract: A blockchain smart contract rewriting framework system has a vulnerability detection tool, a rewriter tool, and a deployment component. The deployment component obtains a permission to upgrade the smart contract, which granted by a smart contract creator/owner. The contract rewriting framework system retrieves the smart contract from the blockchain network, and passes it to the vulnerability detection tool. The vulnerability detection tool detects a vulnerability in the smart contract, and determines a type of the vulnerability and an instruction location of the vulnerability. The rewriter tool rewrites the smart contract to include a patch for fixing the vulnerability, a patched smart contract being generated by the rewriter tool based on the type of the vulnerability and the instruction location of the vulnerability.

Abstract: Certain aspects of the present disclosure provide techniques for privacy preserving sharing and validation of sensitive information in a computing environment. An example method generally includes generating a hashed value of a sensitive data item. A set of modulo values is calculated for the hashed value of the first sensitive data item using a set of prime numbers between an upper bound number and a lower bound number. A request to validate the first sensitive data item is transmitted to a target computing system. The request includes the set of prime numbers and the set of modulo values. An indication of whether a match was found for each respective modulo value in the set of modulo values is received from the target computing system, and a request associated with the first sensitive data item is processed based on the indication.