Abstract: A method for securing and authorizing sensitive operations is described. A computing device may receive a first authentication factor from a second computing device based on a request from the second computing device to authorize an operation; upon validating the first authentication factor, send to at least the second computing device and a third computing device, a request for a second authentication factor; and authorize the operation based on validating the second authentication factor from the second computing device or from the third computing device, or from both.

Abstract: Management of IoT devices through a private cloud. An IoT device is coupled to a gateway. A request from the IoT device to connect to a private cloud, wherein the private cloud is used to manage IoT devices, is received at a private cloud control center agent. An identification of the IoT device is determined. The IoT device is onboarded, using the identification, for management through the private cloud. A device profile of the IoT device is generated. The flow of data to and from the IoT device is regulated through application of IoT rules according to the device profile of the IoT device.

Abstract: A machine-assisted method for verifying a video presence that includes: receiving, at a computing device of an identity provider, an authentication request initially sent from a requester to access an account managed by a relying party, different from the identity provider; retrieving, from the authentication request, at least a portion of a video stream feed initially from the requester, to the computing device, the portion of video stream feed portraying a face of the requester; extracting the face of the requester from the portion of the video stream feed; providing a directive to the requester soliciting a corresponding gesture; and receiving a response gesture from the requester.

Abstract: The described embodiments relate to data protection methods, systems, and computer program products. A process-based encrypted data access policing system is proposed based on methods of encrypted data file management, process authentication and authorization, Trojan detection for authorized processes, encryption key generation and caching, and encrypted-file cache management. The process-based encrypted data access policing system may be implemented as a kernel level file system filter and a user-mode filter companion application, which polices the reading/writing of encrypted data in either a server system or an endpoint computer and protects data from data breaches and known or unknown attacks including ransomware and/or phishing attacks.

Abstract: A method and apparatus for using a dynamic security certificate. The method analyzes a browser to access browser information and generates a dynamic security certificate based on the browser information. The method modifies a configuration file for the browser to cause the browser to trust the dynamic security certificate and inserts the dynamic security certificate into the browser to enable a client application to access encrypted data available to the browser. The method may be performed solely upon a user device or have portions thereof performed by a user device and a server.

Abstract: A video gateway device at a worksite (or other location) automatically locates cameras on the network, authenticates the gateway device with the cameras, and initiates streaming of a video stream (and/or other camera sensor data) from the cameras. For example, a worksite with existing cameras from multiple manufacturers, models, and/or capabilities may all be automatically registered with the video gateway devices through a series of automated communication and authentication attempts.

Abstract: A system and method for operating a terminal facility handling containers may comprise: a sensor set sensing containers entering and/or exiting the facility for providing container identification data and location data to a relational database; and container handling equipment having a sensor set for providing container identification data and location data to the database when a container is grasped and/or released. Sensors may sense when the equipment grasps and/or releases a container for storing a record thereof in the database, and/or geo-tagged identification data and location data relating to carriers that are to pick up and/or to deliver a container is received and stored as records in the database. The relational database contains records representing the current location of each container and each container handling equipment substantially in real time and can estimate arrival time.

Abstract: Techniques described herein can allow users to share cached results of an original query with other users while protecting sensitive information. The techniques described herein can check whether the other users have access to the underlying data queried before allowing those users to see the stored query results. That is, the system may perform privilege checks on the shared users before giving them access to the stored query results but without having to re-run the original query.

Abstract: A method for securing data in a storage grid is provided. The method includes generating a storage key from key shares of at least two storage clusters of a storage grid having at least three storage clusters and generating a grid key from the storage key and an external secret. The method includes encrypting data with the grid key to yield once encrypted data and encrypting the once encrypted data with the storage key to yield twice encrypted data. The method includes storing the twice encrypted data in a first storage cluster of the storage grid and storing the twice encrypted data in a second storage cluster of the storage grid, wherein at least one method operation is performed by a processor.

Abstract: An approach for detecting anomalous flows in a network using header field entropy. This can be useful in detecting anomalous or malicious traffic that may attempt to “hide” or inject itself into legitimate flows. A malicious endpoint might attempt to send a control message in underutilized header fields or might try to inject illegitimate data into a legitimate flow. These illegitimate flows will likely demonstrate header field entropy that is higher than legitimate flows. Detecting anomalous flows using header field entropy can help detect malicious endpoints.

Abstract: In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for mapping the existence of target data within computing systems in a manner that does not expose the target data to potential data-related incidents. In accordance with various aspects, a method is provided that comprises: receiving a source dataset that comprises a label assigned to a data element used by a data source in handling target data that identifies a type of target data and data samples gathered for the data element; determining, based on the label, that the data samples are to be anonymized; generating supplemental anonymizing data samples associated with the label that comprise fictitious occurrences of the type of the target data; generating a review dataset comprising the supplemental anonymizing data samples intermingled with the data samples; and sending the review dataset to a review computing system.

Abstract: A method at a network element for monitoring user plane traffic for a user equipment, the method including configuring a set of characteristics and a range of values for each of the set of characteristics for user plane traffic between the user equipment and the network element; monitoring user plane traffic for the user equipment at the network element, the monitoring determining whether at least one characteristic of the user plane traffic falls outside of the configured range of a values, resulting in a characteristic violation; and if the at least one characteristic of the user plane traffic falls outside the configured range of a values, performing an action resulting from the characteristic violation.

Abstract: A cybersecurity solution that includes a system, method, or computer program for detecting and remediating malicious code in a communicating device on a computer network that connects to the Internet through a proxy server. The solution includes an operating system arranged to monitor all computing resource (CR) processes on an operating system kernel on the communicating device, determine process parameters for each CR process, determine whether each CR process is a connecting CR process by determining whether it is connecting to the proxy server, compare at least one of the process parameters for each connecting CR process with a whitelist, generate an event notification when at least one process parameter for a connecting CR process does not match the whitelist, and remediate the connecting CR process that has the at least one process parameter.

Abstract: Methods for detecting insider threats are disclosed. A method includes collecting server access data and application access data, based on the server access data and the application access data, determining nearest neighbors of an employee, and based on the nearest neighbors of the employee, determining a peer group of the employee, determining an average rank distance (ARD) of the nearest neighbors based on a ranking of the nearest neighbors in a plurality of time periods, identifying ARD gaps between the nearest neighbors, and generating scores corresponding to the ARD gaps between the nearest neighbors. One or more employees are identified that represent an internal threat to an organization based on the scores corresponding to the ARD gaps.

Abstract: Systems, methods, and software products, determine permission profiles for computer executable functions (functions). The systems, methods and software products, utilize both static analysis and dynamic analysis, in order to determine the minimal set of permissions based on the inter-relations between these two analysis methods, i.e., static analysis, and dynamic analysis, to determine the permission profiles for computer executable functions (functions).

Abstract: A cluster visualization apparatus is disclosed. A cluster visualization apparatus according to the present disclosure includes a state detector configured to obtain state information of a cluster configured with a plurality of boxes, a display, and a controller configured to display a three-dimensional model image configured with a plurality of layers corresponding to a plurality of network layers and to display an image corresponding to each of the plurality of boxes over at least one layer of the plurality of layers, based on the state information.

Abstract: An attack/abnormality detection device includes: a command extraction unit configured to extract elements having the same command destination as a command destination of an additionally received actual manufacturing command from among each of a set of normal manufacturing commands and a set of actual manufacturing commands, which contain information on a command destination and an arrival order, and are stored in a command storage region; and a detection unit configured to detect an attack or an abnormality by comparing details of the commands with each other for each arrival order of both extracted elements.

Abstract: Embodiments of the present disclosure may provide a data clean room allowing secure data analysis across multiple accounts and across different regions and cloud providers. The data clean room may also restrict which data may be used in the analysis and may restrict the output. The overlap data may be anonymized to prevent sensitive information from being revealed. A version of a provider account can be created that is similar to a client account, such as in the same cloud type or the same region as the client database account. The client account can share data that is replicated to the provider account to complete client requests using an anonymized data and the cross reference table.

Abstract: An industrial control system (ICS) communicates via ICS protocols. A model is deployed in an information technology (IT) and operation technology (OT) network. Security policies are dynamically updated as the particular IT and OT network are used, patched, and modified. A deep packet inspection is used to enforce ICS constraints and ICS behaviors defined by the initial model. A state of the deep packet inspection is reported for situational awareness and debugging purposes. An alert is transmitted when anomalies are detected when ICS protocol traffic traverses ICS firewall network paths that execute ICS policies.

Abstract: An information processing device according to the present invention includes: a memory; and at least one processor coupled to the memory. The processor performs operations. The operations includes: extracting, based on a first data extraction policy being a policy for extracting first processing data to be used for counting a first frequency related to a transmission source from communication data, the first processing data from the communication data; counting, based on a first counting policy being a policy for counting the first frequency relating to the transmission source in the first processing data, the first frequency related to the transmission source in the first processing data; and extracting, based on a first transmission-source extraction policy being a policy for extracting the transmission source and the first frequency, the transmission source.