Abstract: Disclosed techniques provide a permission framework to control access to operations performed by cryptoprocessor. The techniques can identify a permission policy linked to a cryptographic operation. The permission policy can include data identifying the cryptographic operation and data identifying permission information for the cryptographic operation. The permission policy can be evaluated to determine whether to allow or deny execution of the cryptographic operation.

Abstract: A collection of documents or other files and the like within an enterprise network are labelled according to an enterprise document classification scheme, and then a recognition model such as a neural network or other machine learning model can be used to automatically label other files throughout the enterprise network. In this manner, documents and the like throughout an enterprise can be automatically identified and managed according to features such as confidentiality, sensitivity, security risk, business value, and so forth.

Abstract: A method of data acquisition includes activating a local server proxy in a preset application program; acquiring a preset connection function, and replacing a destination address in the preset connection function with a target address corresponding to a local server proxy, to establish a connection between the preset application program and the local server proxy; establishing a connection between the local server proxy and a real server corresponding to the target address based on connection information received from the preset application program via the local server proxy; acquiring data during a procedure of data forwarding between the real server and the preset application program via the local server proxy.

Abstract: A method includes: accessing a corpus of messages previously sent from a user account; correlating sequences of words, in the corpus of messages, with behavior signals; aggregating the behavior signals into a behavioral model representing combinations of behavior signals characteristic of behavior in messages sent from the user account; later, accessing a message outbound from the user account to a recipient account, the message including a document associated with a document tag; correlating sequences of words, in the message, with behavior signals; retrieving a data access policy including a threshold at which access to a document associated with the document tag is restricted; and in response to detecting a difference between the behavioral signals from the message and the behavioral model exceeding the threshold, restricting access, by the recipient account, to the document in the message.

Abstract: A cloud-based service monitoring device includes a criteria database and an exceptions database. The criteria database includes predefined configuration criteria corresponding to approved operating parameters of each cloud-based service being monitored. The exceptions database includes predefined configuration exceptions such that, for a given instance, each configuration exception corresponds to a different instance-specific criteria than the associated configuration criteria for the cloud-based service. The monitoring device extracts configuration settings from instances of the cloud-based service and compares the settings to the configuration criteria of the cloud-based service. If a suspect setting is identified that does not satisfy the configuration criteria at the service level, the monitoring device compares the suspect setting to instance-specific criteria.

Abstract: A method for determining the authenticity of an identity document is provided that includes the steps of capturing, by an electronic device, image data of a PDF417 barcode, where the PDF417 barcode is located on an identity document including textual data. Moreover, the method includes the steps of extracting data from the PDF417 barcode, determining a class to which the identity document belongs using the extracted data, and identifying in the extracted data, data unique to the determined class. The unique data is in addition to the textual data. Furthermore, the method includes the steps of comparing the identified unique data against unique data of any authenticated identity document belonging to the determined class, calculating an authenticity score based on the comparison, and determining the identity document is authentic in response to determining the authenticity score satisfies a threshold score.

Abstract: A method at a system including a firewall and at least one application, the method including obtaining, at the at least one application, a new address for a service provider for the at least one application; triggering a firewall update; obtaining a new firewall configuration; and updating the firewall, wherein the updating the firewall allows a connection from the at least one application to the new address for the service provider.

Abstract: A method for obtaining a valid global state for a distributed database, wherein the distributed database includes main nodes storing a complete dataset, and a plurality of subsets of nodes configured to store a part of the dataset, including: a. receiving a request for providing a valid global state of the distributed database, b. determining a first local state for each subset based on status information of nodes of the respective subset regarding the respective part of the dataset, c. combining these first local states of all subsets to a first combined state, d. determining a global state by the main nodes based on status information of the main nodes regarding the stored dataset, e. verifying the first combined state by matching the first combined state with the global state and f. outputting the first combined state as valid global state for the distributed database depending on the verification.

Abstract: A packet-filtering network appliance such as a threat intelligence gateway (TIG) protects TCP/IP networks from Internet threats by enforcing certain policies on in-transit packets that are crossing network boundaries. The policies are composed of packet filtering rules derived from cyber threat intelligence (CTI). Logs of rule-matching packets and their associated flows are sent to cyberanalysis applications located at security operations centers (SOCs) and operated by cyberanalysts. Some cyber threats/attacks, or incidents, are composed of many different flows occurring at a very high rate, which generates a flood of logs that may overwhelm computer, storage, network, and cyberanalysis resources, thereby compromising cyber defenses.

Abstract: An open source library rating is generated for an open source library based on dependencies of the library, vulnerabilities of the library, an age of the library, a popularity of the library, a history of the library, or any suitable combination thereof. The rating of a specific version of a library may be generated based on a base score for all versions of the library and a version score for the specific version of the library. An authorization system receives a request from a developer to add a library to a software application. In response, the authorization system accesses a rating for the library. Based on the rating, the authorization system approves the request, denies the request, or recommends an alternative library.

Abstract: An extended enterprise browser installed on an endpoint device provides protection from ransomware attacks to SaaS and private enterprise applications. The extended enterprise browser monitors for alternate browser installed on the endpoint device. The extended enterprise browser may take one or more actions to block the spread of ransomware by the alternate browser.

Abstract: The present disclosure provides a method for encryption programming, including: selecting an encrypted programming file that matches the programmer from a target folder; loading the selected encrypted programming file; if a current number of times for programming of the programmer is greater than or equal to a maximum number of times for programming, destroying the selected encrypted programming file and ending programming; otherwise, decrypting the selected encrypted programming file; if the current number of times for programming of the programmer is less than an initial number of times for programming, replacing the current number of times for programming of the programmer with the initial number of times for programming, otherwise, re-encrypting the decrypted encrypted programming file and programing the re-encrypted programming file into a target chip. A programmer is further provided.

Abstract: Fingerprint encryption method and device, fingerprint decryption method and device, storage medium and terminal are provided. The fingerprint encryption method includes: acquiring a fingerprint image; dividing the fingerprint image into a plurality of block images according to a preset window, wherein a size of the block image is the same with a size of the preset window; determining identifiers of the plurality of block images, wherein the identifiers of the plurality of block images have a first preset order; and determining, according to the identifiers of the plurality of block images and a received encryption order, a plurality of encrypted block images to obtain an encrypted fingerprint image. Security of fingerprint storage or fingerprint transmission is enhanced.

Abstract: A threat actor identification system that obtains domain data for a set of domains, generates domain clusters, determines whether the domain clusters are associated with threat actors, and presents domain data for the clusters that are associated with threat actors to brand owners that are associated with the threat actors. The clusters may be generated based on similarities in web page content, domain registration information, and/or domain infrastructure information. For each cluster, a clustering engine determines whether the cluster is associated with a threat actor, and for clusters that are associated with threat actors, corresponding domain information is stored for presentation to brand owners to whom the threat actor poses a threat.

Abstract: Described herein are systems, methods, and software to manage the deployment and use of application identifier tokens in a distributed firewall environment. In one implementation, a computing environment generates tokens associated with application types executing on virtual nodes in the computing environment. After generating the tokens, the computing environment provides at least one token of the tokens to each of the virtual nodes based on at least one application type executing on the virtual node. When a communication is identified in the virtual node associated with an application, the virtual node may encapsulate the communication and a corresponding token in a packet and forward the packet via a virtual network interface associated with the virtual node.

Abstract: A modifier infrastructure that takes digital device behaviors and allows them to enact channel behaviors instead. This infrastructure preferably extends to address issues of channels connected to channels for controlling and managing identities, privileges, and the encryption and decryption of valuable information. Embodiments of the present invention provide methods for computer authentication—particularly for component authentication, human-component authentication, and/or network cryptography.

Abstract: A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).

Abstract: An information processing system includes a file acquirer that acquires a file used in a meeting, an authentication processor that selects, if a password is set to the file acquired by the file acquirer, an authentication scheme of the password, based on meeting information about the meeting, and executes a process of authenticating the password by the selected authentication scheme, and a file executer that executes the file if the password is authenticated by the authentication processor.

Abstract: The present disclosure provides a remote host monitoring method based on chip-level privacy-preserving computation (PPC), including: S1: allowing monitoring software in a user-side host to start in a chip-level trusted execution environment (TEE); S2: determining whether the user-side host locally stores valid private data, directly going to step S4 if yes, or otherwise, going to step S3; S3: establishing a secure connection with a supervisor and capturing private data; and S4: allowing monitoring software running in the TEE to execute a related monitoring instruction based on the private data, encrypting and signing a monitoring result, and transmitting the monitoring result to the supervisor. The present disclosure ensures validity, tamper resistance and security of monitoring information of the user with a TEE based on PCC, encrypts and signs the monitoring information based on an encryption key and a signature key of the supervisor, can locally store the monitoring information.

Abstract: The present disclosure relates generally to authentication of voice communications. Methods performed by a user device for mutually authenticated communications can include creating a first communication channel with a backend, creating a secure session across a second communication channel with the backend, receiving a first identification message from the backend via the second communication channel, receiving a second identification message from the backend via the first communication channel, sending an attestation that the second identification message matches the first identification message to the backend via the second communication channel, receiving a second step authorization instruction from the backend via the second communication channel, assessing the identity of the user, and delivering an authorization response to the backend via the second communication based of the assessed identity of the user.