Abstract: Systems and methods for improved data encryption are provided. The improved data encryption processes may be applied to stored data or transmitted data, and/or may be applied to data on a portable storage device. The system may receive a password input to encrypt a data file. The system may retrieve math functions based on each byte in the password input. The system may apply each math function in turn to each byte in the data file. The application of each math function to the data file may be repeated. The position of the bytes in the data file may be transposed and filler bytes may be added to the data file. The system may also adjust the starting byte position of the data file.

Abstract: A method including determining, by a device, a sharing decryption key based at least in part on an assigned private key associated with the device and a folder access public key associated with a folder; decrypting, by the device, a folder access private key associated with the folder by utilizing the sharing decryption key; and decrypting, by the device, encrypted content associated with the folder by utilizing the folder access private key associated with the folder. Various other aspects are contemplated.

Abstract: A system and method for malware detection uses static and dynamic analysis to augment a machine learning model. At the training step, static and dynamic features are extracted from training datasets and used to train a malware classification model. The malware classification model is used to classify unknown files based on verdicts from both static and dynamic models.

Abstract: A set of redundant industrial control system communications/control modules includes at least a first communications/control module and a second communications/control module.

Abstract: Techniques related to a technique comprising dividing an update into a number of portions, generating, for the first portion, a first portion hash value, generating, for the second portion, a second portion hash value, generating a first branch hash value comprising a hash of a concatenation of the first portion hash value and the second portion hash value, generating a root hash value by concatenating the first branch hash value and a second branch hash value, generating a signature based on the root hash value and a private key, generating an update header comprising the signature, the root hash value, and a hash tree comprising first and second portion hash values, the first branch hash value, and the root hash value, transmitting the update header to a client device for authentication, and transmitting one or more of the number of portions to the client device.

Abstract: A computer-implemented method, a computer system, and computer program product for associating security events. The method includes obtaining a result of implementation of one or more Locality-Sensitive Hashing (LSH) functions to feature data of a first event detected by a first device. The method also includes mapping the result to one or more positions in a data structure. In response to data elements of the one or more positions indicating first information associating with the one or more positions exists in a storage, the method includes obtaining the first information from the storage. The method further includes sending the first information to the first device.

Abstract: Creating compatible anonymized data sets by performing with machine learning equipment that operates a machine learning model by defining data types of variables of a data set; identifying quasi-identifiers for the data set; defining reidentification sensitivity of all or any targeted subset of the individual variables and quasi-identifiers; defining missing data handling rules for the individual variables; defining allowed data transformations including generalization and use of synthesized data; optimizing quasi-identifier selection, use of synthesized data and a choice of data transformations to minimize information loss and maximize privacy metrics based on the data set; the allowed data transformations; and the missing data handling rules; training the machine learning model using the data set according to the defined data types; the optimized quasi-identifier selection; the optimized use of synthesized data; and the choice of data transformations; and anonymizing the data set using the training of the m

Abstract: A first electrical device includes: a second radio signal receiver that receives target device information; a second processor that determines whether or not the first electrical device is included in the target device information and the first electrical device is connected to a network or whether or not a second electrical device capable of communicating with the first electrical device is included in the target device information and the second electrical device capable of communicating with the first electrical device is connected to the network; and a transmitter that, when a result of the determination by the second processor indicates that the first electrical device or the second electrical device is included in the target device information, transmits information indicating that the first electrical device or the second electrical device is the search-target device, as a response using a communication method based on the result of the determination.

Abstract: Systems and methods are disclosed for cryptographic signing of content requests. One method includes receiving, at a content network, a content request from a publisher website, the publisher website purporting to be associated with a publisher domain. At the content network, a public key may be received associated with the publisher domain. At the content network, at least one policy may be received associated with the publisher domain. It may be determined whether the content request comprises a cryptographic signature. If it is determined that the content request does not comprise a cryptographic signature, content may or may not be provided to the publisher website according to the policy from the publisher domain. If it is determined that the content request comprises a cryptographic signature, the cryptographic signature of the request may be validated using the public key.

Abstract: A document management system manages documents of an entity. The document management system monitors for entries in a document that are suspicious. Entries in the document are classified by the document management system as a “suspicious entry” or a “non-suspicious entry.” In one embodiment, a suspicious entry is indicative of potentially suspicious activity at the entity.

Abstract: Aspects of the disclosure relate to using machine-learning models to authenticate users and protect enterprise-managed information and resources. In some embodiments, a computing platform may receive user interaction data from enterprise computing infrastructure and may train one or more authentication models based on this data. Subsequently, the computing platform may receive, from a first application server, a request to authenticate a first user to a first user account in a first usage session hosted by the first application server. In response to receiving this request, the computing platform may identify whether session-specific interaction data for the first usage session is valid based on the one or more authentication models. If the interaction data is identified as being valid, the computing platform may generate and send one or more commands directing the first application server to allow the first user to access the first user account in the first usage session.

Abstract: Systems, computer program products, and methods are described herein for intrusion detection using resource activity analysis. The present invention is configured to receive, from a computing device of a user, an indication that the user has accessed a resource allocation portfolio of a customer; determine a geographic information of the user; retrieve a geographic information of the customer; determine that the geographic information of the user does not match the geographic information of the customer; determine an exposure level associated with the user access of the resource allocation portfolio of the customer; determine that the exposure level is greater than a predetermined threshold; and automatically trigger a transmission of a notification to a computing device of an administrator indicating that the exposure level associated with the user access of the resource allocation portfolio of the customer is greater than the predetermined threshold.

Abstract: An overlay to existing infrastructure that establishes trusted paths in a communication network to fulfill a fundamental need to identify and protect a trusted plane of devices and/or applications on a need specific basis is described. Establishing trusted paths operationally fulfills a fundamental need to identify and protect a trusted plane of devices and/or applications on a need specific basis as an overlay to the existing relatively unsecured network.

Abstract: A simulated process is initiated. The simulated process includes generating, by an emulator, a control signal based on external inputs. The simulated process further includes processing, by a simulator, the control signal to generate simulated response data. The simulated process further includes generating, by a deep learning processor, expected behavioral pattern data based on the simulated response data. An actual process is initiated by initializing setpoints for a process station in a manufacturing system. The actual process includes generating, by the deep learning processor, actual behavioral pattern data based on actual process data from the at least one process station. The deep learning processor compares the expected behavioral pattern to the actual behavioral pattern. Based on the comparing, the deep learning processor determines that anomalous activity is present in the manufacturing system. Based on the anomalous activity being present, the deep learning processor initiates an alert protocol.

Abstract: Computerized techniques to determine and verify maliciousness of an object are described. A malware detection system intercepts in-bound network traffic at a periphery of a network to capture and analyze behaviors of content of network traffic monitored during execution in a virtual machine. One or more endpoint devices on the network also monitor for behaviors during normal processing. Correlation of the behaviors captured by the malware detection system and the one or more endpoint devices may verify a classification by the malware detection system of maliciousness of the content. The malware detection system may communicate with the one or more endpoint devices to influence detection and reporting of behaviors by those device(s).

Abstract: Utilizing a user computing device to remove privacy information. The user computing device may obtain a vehicle identification number associated with a target vehicle that has a target in-vehicle device from which privacy information of a user is to be removed. Using the vehicle identification number, the user computing device may obtain vehicle parameters associated with the target vehicle. The user computing device may obtain a privacy information removal file comprising an instruction set associated with removing privacy data from candidate in-vehicle devices, and may present the instruction set. The user computing device may obtain a user feedback experience. The user feedback experience may include a confirmation of removal of the privacy information from the at least one candidate in-vehicle device, user comments, a voice recording, or an image, captured by a camera of the user computing device, of the at least one candidate in-vehicle device.

Abstract: Embodiments of the present disclosure provide for improved SSD implementations and methods of using the same. Example embodiments utilize any of a myriad of wireless networking mechanisms for enabling access to a solid state storage drive. Some example embodiments include security mechanisms, such as biometric security, software-based authentication, and/or the like, for ensuring accurate user authentication before providing access to the storage. Some example embodiments provide indicators regarding executing functionality to further improve overall device security. Some example embodiments include a touch-adaptive display that provides various renderings associated with accessing the storage, performing storage functionality, configuring one or more aspects of the embodiment, and/or otherwise operating the storage in a manner desired by the user.

Abstract: A method including determining, by a device, an assigned key pair including an assigned public key and an assigned private key; determining, by the device for a folder including encrypted content, a folder access key pair including a folder access public key and a folder access private key; encrypting, by the device, the folder access private key by utilizing the assigned public key; and accessing, by the device, the encrypted content based at least in part on decrypting the folder access private key. Various other aspects are contemplated.

Abstract: A device configured to provide access to a digital document to a user device and to receive an access request for a first masked data element within the digital document. The device is further configured to generate a first blockchain transaction that identifies a machine learning model that is stored in a blockchain. The device is further configured to publish the first blockchain transaction in a blockchain ledger for the blockchain and to receive a second blockchain transaction from the machine learning model in response to publishing the blockchain transaction in the blockchain ledger. The second transaction indicates whether the user is approved for accessing the masked data element. The device is further configured to provide access to the first masked data element on the user device for the user in response to determining that the user is approved for accessing the masked data element.

Abstract: Techniques for securing containerized applications are disclosed. In some embodiments, a system, process, and/or computer program product for securing containerized applications includes detecting a new application container (e.g., an application pod); deploying a security entity (e.g., a firewall) to the application container; and monitoring all traffic to and from the application container (e.g., all layer-7 ingress, egress, and east-west traffic associated with the application container) using the security entity to enforce a policy.