Abstract: A system and method prevent a networked computer connected to a secure network from executing malicious code. A data language system labels bits within the secure network; where each bit received from sources outside the secure network is labeled as data. Programs loading onto the networked computer from within the secure network are labeled as program code. A processor of the networked computer is modified to inhibit execution of instructions that have bits labeled as data. For a two-state or three-state bit computer, each bit is labeled by inserting/adding an adjacent label-bit to indicate data or program code. For four and higher bit state computers, two of the bit values (e.g., zero and one) are used for data and other bit values (e.g., two and three) are used for program code.

Abstract: The disclosed computer-implemented method for protecting users may include (i) detecting, at a parental control system, network activity originating from a child computing device operated by a child and (ii) providing, through the parental control system to a guardian computing device operated by a guardian of the child and based on the network activity originating from the child computing device operated by the child, information indicating an overview of activity by the child at the child computing device to enable the guardian to apply, from the guardian computing device, application-specific policies that restrict application activity at the child computing device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Aspects of the disclosure relate to real-time validation of data transmissions based on security profiles. A computing platform may collect, in real-time, information associated with a plurality of data transmissions between applications, where the information may include, for each data transmission, an indication of a source application and a destination application. Then, the computing platform may retrieve, from a repository and for each data transmission, a first security profile associated with the source application, and a second security profile associated with the destination application. The computing platform may then compare, for each data transmission, the first security profile to the second security profile. Subsequently, the computing platform may detect, based on a determination that the first security profile does not match the second security profile, a potentially unauthorized data transmission.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to perform malware detection using a generative adversarial network. An example apparatus includes a first encoder network to encode an input sample into a first encoded sample, the first encoder network implemented using a multilayer perception (MLP) network, a generator network to reconstruct the first encoded sample to generate a reconstructed sample, a discriminator network to, in response to obtaining the first encoded sample and the reconstructed sample, generate a loss function based on the reconstructed sample and the input sample, and an optimization processor to, when the loss function satisfies a threshold loss value, classify the input sample as malicious.

Abstract: A file protecting method having following steps is provided: intercepting a data section in a module file, encrypting the data section according to a dynamic password; integrating other data sections that are not intercepted in the module file to update the module file, and storing the updated module file, the encrypted data section and the dynamic password. A corresponding data processing system is also provided.

Abstract: Example method includes: receiving, by a network device, a connection request to a wireless local area network (WLAN) from a client device; determining, by the network device, that the client device is associated with a particular role indicating that the client device is stolen; and performing, by the network device, a set of special handling operations that facilitates maintaining an active connection between the client device and the WLAN, collecting and reporting information about the client device to an investigation agency.

Abstract: There is provided a method of generating malicious traffic, the method being performed by a computing apparatus and comprising obtaining traffic data transmitted from a first device infected with first malicious code or received by the first device, generating a traffic template of the first device by analyzing the traffic data, and generating a malicious traffic template of a terminal group, wherein the malicious traffic template of the terminal group comprises the traffic template of the first device.

Abstract: Systems and methods for performing a data transfer in a data protection system are disclosed. A user interface is provided that includes a workflow. The workflow is effective to configure a data transfer by identifying the source of the data, the destination of the data, and the data itself. A data control process associated with the data protection system is performed to authenticate the requesting user and determine whether the user is authorized to access the data. The data is transferred in accordance with the data control process of the data protection system.

Abstract: A method for importing a digitally signed assertion to a temporally sequential listing includes receiving, by an evaluating device, at least a communication including a first digitally signed assertion recorded, assigning, by the evaluating device, a confidence level to the first digitally signed assertion, authenticating, by the evaluating device, the first digitally signed assertion as a function of the confidence level, generating, by the evaluating device, a second digitally signed assertion as a function of the first digitally signed assertion, and entering, by the evaluating device, the second digitally signed assertion in at least an instance of a first temporally sequential listing.

Abstract: A security device providing a security function for an image, a camera device including the same, and a system on chip (SOC) for controlling the camera device are provided. An image transmitting device may include an image processor configured to process an image to be transmitted to an external device, and a security circuit including a key shared with the external device. The security circuit may be configured to generate a tag used for image authentication by using data of a partial region of the image and the key based on region information for selecting the partial region of the image. The image transmitting device may be configured to transmit the tag, generated to correspond to the image, to the external device with data of the image.

Abstract: A method and a user device are disclosed for securing streaming content decryption. The method includes receiving at the user device a manifest for requested content, the manifest providing a Content Encryption Key (CEK) that is encrypted using a first public Key Encryption Key (KEK), a corresponding first private KEK being stored in secure storage on the user device; decrypting, inside a secure processing zone on the user device, the CEK using the first private KEK to create a decrypted content key; decrypting, inside the secure processing zone, requested content using the decrypted content key to form decrypted content; and providing the decrypted content to a decoder on the mobile user device.

Abstract: A system including a data retirement engine (DRE) and a method are provided for retiring sensitive data. The DRE receives a sensitive data map generated by a sensitive data discovery engine (SDDE) integrated to the DRE. The sensitive data map includes locations of sensitive data of different data types in multiple data stores. The DRE generates tokens for operational data from the sensitive data map based on selectable data classifications using one or more tokenizers that desensitize the sensitive data, while retaining transactional data. The DRE determines candidates from the operational data in an entirety of a target data store for the tokenization based on rules adjustably configured based on predetermined criteria. The DRE tokenizes the candidates using the tokens on the target data store and facilitates detokenization using a soft delete mode and deletion of the tokens using a hard delete mode.

Abstract: Aspects of the present disclosure are directed to methods and systems for protecting sensitive data in a hosted service system. The system includes a host system and the host system includes a key management system (KMS) and a metadata service system (MSS). The KMS and the MSS are communicatively coupled to each other. The system further includes a database management system (DBMS) having a database, a query pre-parser, and a results handler. The query pre-parser and the results handler are communicatively coupled to the KMS and the MSS, and the system also includes a processing application configured to process at least some data received from a tenant system.

Abstract: A unique identifier id(f) is generated for file f and stored on a content address server. A symmetric encryption key KF is generated for file f. File f is divided into n segments. A unique identifier id(si) is generated for each segment si. Each segment si of the n segments is encrypted using the symmetric key KF using a symmetric encryption algorithm, producing n encrypted segments esi. Each encrypted segment esi is stored with its identifier id(si) on the first peer device and at least one other peer device. For each encrypted segment esi, the identifier id(si) is stored on the content address server with the identifier id(f). A public key KU2 of a second user is retrieved, the symmetric key KF is encrypted with key KU2, producing wrapped key KW2=EAKU2(KF), and key KW2 is stored on the content address server with identifier id(f).

Abstract: A one-way coupling device for the feedback-free transmission of data from the first network with high security requirements into a second network with low security requirements, containing a request unit, an eavesdropping unit and a receiving unit, wherein the request unit is formed so as to provide a first communication link within the first network to at least one device and, moreover, to request first data from the at least one device and then to transmit the first data via a second communication link on a separate line loop of the request unit, and the eavesdropping unit, which is formed so as to eavesdrop on data on the separate line loop and to transmit data to a receiving unit which is arranged in the second network. Also, a corresponding request unit, a corresponding method and a corresponding computer program product is also provided.

Abstract: A method of accessing data sent between a remote resource and a data processing device, the method comprising: caching data uploaded from the remote resource or caching data sent to the remote resource at one or more intermediate network nodes between the data processing device and the remote resource; and accessing the cached data stored at the one or more intermediate network nodes.

Abstract: A system for authenticating a requesting device using verified evaluators includes an authenticating device. The authenticating device is designed and configured to receive at least a first digitally signed assertion from a requesting device, the at least a first digitally signed assertion linked to at least a verification datum, evaluate at least a second digitally signed assertion, signed by at least a cryptographic evaluator, conferring a credential to the requesting device, validate the credential, as a function of the at least a second digitally signed assertion, and authenticate the requesting device based on the credential.

Abstract: This disclosure relates to account management. In one aspect, a method includes receiving a permission query message from a service system. Verification information is obtained from a first client based on the permission query message. The verification information is associated with an identity of the current user. In response to determining that the verification information is valid, proxy permission information for the current user is obtained from a blockchain. The proxy permission information includes at least operation permission information of the current user for the enterprise account. The proxy permission information is sent to the service system. The proxy permission information configured to be usable by the service system to determine whether to authorize the current user to perform an operation on the enterprise account.

Abstract: Embodiments provide for a security information and event management (SIEM) system utilizing distributed agents that can intelligently traverse a network to exfiltrate data in an efficient and secure manner. A plurality of agent devices can dynamically learn behavioral patterns and/or service capabilities of other agent devices in the networking environment, and select optimal routes for exfiltrating event data from within the network. The agent devices can independently, selectively, or collectively pre-process event data for purposes of detecting a suspect event from within the network. When a suspect event is detected, agent devices can select a target device based on the learned service capabilities and networking environment, and communicate the pre-processed event data to the target device. The pre-processed event data is thus traversed through the network along an optimal route until it is exfiltrated from the network and stored on a remote server device for storage and further analysis.

Abstract: An endpoint in a network periodically generates a heartbeat encoding health state information and transmits this heartbeat to other network entities. Recipients of the heartbeat may use the health state information to independently make decisions about communications with the source endpoint, for example, by isolating the endpoint to prevent further communications with other devices sharing the network with the endpoint. Isolation may be coordinated by a firewall or gateway for the network, or independently by other endpoints that receive a notification of the compromised health state.