Abstract: Systems, methods, and devices of the various embodiments may enable distributed prefix signing by including a signature in a transitive Border Gateway Protocol (BGP) attribute of a new prefix announcement, and sending the new prefix announcement to peer components. The peer components may query an address and routing parameter area (ARPA) record to obtain nameserver information for an entity associated with the received prefix announcement in response to determining that the received prefix announcement includes a transitive BGP attribute that includes the signature, retrieve a public key from a Domain Name System (DNS) text record, and determine whether the signature included in the transitive BGP attribute of the received prefix announcement is valid based on the public key retrieved from the DNS text record.

Abstract: Embodiments of the present application disclose a method and a device for connecting to a wireless access point. A specific implementation of the method includes: receiving a request for connecting to a wireless access point sent by a terminal device; sending an address of a router to the terminal device, in which the router is a node in a blockchain, and the address of the router is an address of the node to which the router in the blockchain belongs; receiving verification information sent by the terminal device to the address of the router; generating a verification result based on the verification information; and if the verification result indicates that verification is successful, granting the terminal device a permission to connect to the wireless access point. The implementation provides a new method for connecting to a wireless access point, thereby enriching methods for connecting to a wireless access point.

Abstract: A system including at least one processor; and at least one memory having stored thereon computer program code that, when executed by the at least one processor, controls the at least one processor to: receive an email addressed to a user; separate the email into a plurality of email components; analyze, using respective machine-learning techniques, each of the plurality of email components; feed the analysis of each of the plurality of email components into a stacked ensemble analyzer; and based on an output of the stacked ensemble analyzer, determine whether the email is malicious.

Abstract: Disclosed are a neural network model update method and device, and a computer storage medium. The method includes: randomly generating a preset number of sub-neural network models as nodes in a blockchain; using a ring signature to share a local data set in the blockchain, and uniformly dividing a data set in the blockchain to generate a training set and a test set; training each node through the training set to generate a trained model, packaging the trained model as a model transaction and sharing the model transaction in the blockchain; using the test set selected by voting to test the model transaction and generating a test result; when the test result is greater than a benchmark evaluation, taking the sub-neural network model corresponding to the test result as a valid vote; and voting a previous block corresponding to the valid vote, selecting a consistent block, and updating all nodes.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for PQC. An example method includes transmitting a first portion of an electronic communication to a client device over a non-PQC communications channel, wherein the client device comprises a PQC shim circuitry. The example method further includes transmitting one or more communications between a PQC callback circuitry and the client device over a PQC communications channel, wherein the client device is a non-PQC device. The example method further includes transmitting a second portion of the electronic communication to the client device over a PQC communications channel.

Abstract: A client device for use with a gateway device (or a Wi-Fi APD) with a key stored therein and an external server where an original singe sign on (SSO) password is stored. The client device transmits a one time password (OTP) request to the external server, obtains the OTP from the external server, transmits the OTP to the external server to authenticate the client device, transmits an encrypted SSO password request to the external server, onboards the gateway device using a temporary password, receives the encrypted SSO password from the external server, obtains the key from the gateway device, decrypts the encrypted SSO password using the key to obtain the SSO password, and changes the temporary password of the gateway device to the original SSO password.

Abstract: An information processing system for receiving a service using an electronic device, the information processing system includes an acquisition section configured to acquire a license key for using the service issued by a server system and a processing section. The license key includes setting information to be used when the electronic device uses the service. The processing section acquires the setting information included in the acquired license key and performs setting processing of the electronic device based on the acquired setting information.

Abstract: Representative embodiments of secure authentication to a resource in accordance with a predefined, electronically stored quorum-based authentication policy include causing electronic interaction among multiple devices that constitute a quorum in accordance with the policy, computationally determining whether the interaction satisfies the policy, and if so, electronically according access to the resource to one or more individuals associated with the interacting device(s).

Abstract: Aspects of the disclosure provide methods and apparatuses for storing data. In some examples, an information processing apparatus that includes processing circuitry is provided. The processing circuitry is configured to receive data and determine a target blockchain based on an attribute associated with the data and blockchain correspondence information. The blockchain correspondence information indicates attributes associated with a plurality of blockchains. Further, the processing circuitry is configured to store a first block that is generated based on the received data in the target blockchain.

Abstract: Data may be stored by receiving the data to be stored, determining whether the data is regulated in a jurisdiction, and, responsive to the determination, selecting between a regulated storage scheme, requiring that the data be stored and/or processed in the jurisdiction in accordance with one or more laws pertaining to the jurisdiction, and an unregulated storage scheme, in which the data is not required to be stored in the jurisdiction and/or is not required to be stored in accordance with the one or more laws. Further, the regulated storage scheme may be followed by initiating storage of the data in the jurisdiction in accordance with the one or more laws.

Abstract: The present disclosure relates to network security software cooperatively configured on plural nodes to provide authenticated and authorized communication, node protection, and prevention of a compromised node from contaminating other nodes.

Abstract: Systems and methods are provided for establishing a secure communication link between a first client and a second client. One exemplary computer-implemented method for establishing a secure communication link between a first diem and a second client includes accessing, from a storage, identification information of a user of the first client. The method further includes receiving a Domain Name Service (DNS) request from the first client requesting a secure network address corresponding to a secure domain name associated with the second client. The method further includes authenticating the user based on the user identification information. The method also includes transmitting the secure computer network address in response to the DNS request based on a determination that the user has been authenticated. A secure communication link between the first diem and the second client is established based on the secure computer network address.

Abstract: Various techniques for detecting homographs of domain names are disclosed. In some embodiments, a system, process, and/or computer program product for detecting homographs of domain names includes receiving a DNS data stream, wherein the DNS data stream includes a DNS query and a DNS response for resolution of the DNS query; applying a homograph detector for each domain in the DNS data stream; and detecting a homograph of a domain name in the DNS data stream using the homograph detector.

Abstract: A computer readable medium, a system, and a method for providing data security through identity access management using a transaction classifier to classify transactions according to a set of transaction data associated with the transaction and mitigate abnormal transactions. The transaction classifier is trained using a set of training data and updated after each transaction. The identity access management may also include a mitigation policy that is used to determine a mitigation technique for each transaction.

Abstract: There is provided a system and a computerized method of remediating one or more operations linked to a given program running in an operating system, the method comprising: querying a stateful model to retrieve a group of entities related to the given program; terminating at least a sub set of the group of entities related to the given program; generating a remediation plan including one or more operations linked to the given program, the one or more operations being retrieved based on the group in the stateful model; and executing the remediation plan by undoing at least part of the one or more operations linked to the given program thereby restoring state of the operating system to a state prior to the given program being executed. There is further provided a computerized method of detecting malicious code related to a program in an operating system in a live environment.

Abstract: The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

Abstract: Systems, computer program products, and methods are described herein for dynamically tracking resources using non-fungible tokens. The present invention is configured to electronically receive, over a distributed computing network from a computing device of a user, a request for a non-fungible token (NFT) for a resource, wherein the resource is a physical object; initiate a non-fungible token (NFT) generator on the resource in response to receiving the request; extract resource information from the resource; generate, using the NFT generator, the NFT, wherein the NFT comprises at least the resource information; and record the NFT for the resource on a distributed ledger.

Abstract: This disclosure relates generally to data anonymization and more particular y risk-aware data anonymization. Conventional data anonymization systems either replace PII/sensitive attributes with random values or shuffles them, that causes huge data distortion affecting the data utility. The goal of publishing data is best achieved when privacy is balanced with utility of data, Moreover, to ensure privacy, assessing the risk of disclosure is important. The proposed system provides a pipeline for analysis of data patterns to understand the associated risk level of re-identification of records. Further, based on the identified risks with the records the system anonymizes the data following a pattern based anonymization approach wherein data is clustered and for each cluster distinct patterns are identified such that the information loss is minimal.

Abstract: Aspects of the disclosure provide techniques for using egocentric and allocentric information for providing and restricting access to a secure network and its assets to a user entity. The system may include capturing user habits and fingerprinting with ability to detect abnormalities through artificial intelligence/machine learning (AIML) using mobile and wearable device applications.

Abstract: Systems are methods are provided for implementing cloud survivability which mitigates the loss of secure communication via a cloud orchestrated IPsec tunnel, due to a loss of connectivity to a cloud service. For example, devices can establish IPsec tunnels which are orchestrated by a cloud service, such as SD-WAN Tunnel Orchestration. Then, according to the disclosed cloud survivability techniques, if the connection to the cloud service fails, a cloud survivability phase can be triggered which fails-over from IPsec tunnel to a survivability tunnel. In some implementations, a method includes: determining, by an initiator device, whether there is a loss of connectivity of the initiator device or the responder device with a cloud service. Further, in response to determining that there is a loss of connectivity, automatically establishing a survivability communication link between the initiator device and the responder device.