Abstract: Thwarting potentially malicious online activity. In one embodiment, a method may include logging legitimate online user activities performed at a browser. The method may also include receiving a suspicious online activity that was performed at a website. The method may further include comparing the suspicious online activity to the logged legitimate online user activities to determine whether the suspicious online activity matches any of the logged legitimate online user activities. The method may also include, in response to determining that the suspicious online activity does not match any of the logged legitimate online user activities, determining that the suspicious online activity is a potentially malicious online activity, and thwarting the potentially malicious online activity by performing a remedial action at the website to protect the website from the potentially malicious online activity.

Abstract: A method begins by determining, by an authenticated device of a dispersed storage network (DSN), whether an access request from a requesting device is affiliated with an anonymous user or an authenticated user. When the requesting device is affiliated with the anonymous user, the method continues by determining, by the authenticated device, status of the anonymous user where the status of the anonymous user includes one of minimal threat, non-minimal threat, and significant threat. The method continues by processing, by the authenticated device, the access request in accordance with the status of the anonymous user.

Abstract: An example operation may include one or more of splitting an encrypted file into a plurality of file fragments, distributing the file fragments to a plurality of storing peers for storing the file fragments off-chain, splitting an encryption key used to encrypt the file into a plurality of key fragments, encrypting each key fragment using a public key of a different storing peer, and storing the respectively encrypted key fragments on the distributed ledger such that each encrypted key fragment is associated with the encrypted file.

Abstract: A method may include obtaining, from a runtime system that executes code, a source value at a source point of the code and a sink value at a sink point of the code, identifying a potential taint flow from the source point to the sink point by performing a series of taint inferences that each infer a relationship between the source value and the sink value, and determining whether the potential taint flow is an actual taint flow by performing a series of taint checks that each analyze the execution of the code using the source value and the sink value.

Abstract: Various embodiments are directed to a password security warning system. An artificial neural network or other types of models may be used to determine whether a password that is created, input, or proposed by a user via an interface includes one or more predictable or typical transformations or combinations of characters derived from user-specific information. Based on the determination, a warning may be provided to the user.

Abstract: Techniques for multifactor authentication as a network service are disclosed. In some embodiments, a system, process, and/or computer program product for multifactor authentication as a network service includes monitoring a session at a firewall, applying an authentication profile based on the new session, and performing an action based on the authentication profile.

Abstract: A system for identifying a wireless security threat on a vehicle. The system includes a broadband controller including a data processor and memory in which the broadband controller provides a network within the vehicle. The system includes a vehicle WAP in communication with the broadband controller in which the WAP broadcasts an SSID for use by a PED to establish a wireless communication link and transmit and receive data wirelessly over the network via the WAP. An SSID scanner periodically scans for SSIDs broadcast in the vehicle in which SSIDs detected during scans are communicated to the broadband controller. For a detected SSID corresponding to the vehicles WAP SSID, logic executed by the data processor compares the BSSID of the vehicle WAP with the BSSID from the detected SSID and if the BSSIDs do not match, the logic identifies a security threat.

Abstract: The disclosed computer-implemented method for protecting a cloud storage against suspected malware may include (1) receiving a backup of one or more encrypted files over a network, (2) determining that the one or more encrypted files match one or more criteria associated with suspected malware, and (3) performing a security action that protects a computing device against the suspected malware. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In an example, a computing system is configured to monitor for changes to a cloud environment that includes a configuration management system and one or more nodes to operate one or more first host-based firewall configurations, respectively, the host-based firewall configuration(s) generated based on code provided by the configuration management system; in response to a detection of a change, increment a version count associated with the cloud environment; identify a request from one of the nodes, the request including version information for a corresponding one of the host-based firewall configuration(s); compare the version information from the request to a current value of the version count; and in response to the comparison indicating a mismatch, control the node associated with the request to converge with the configuration management system to cause the node associated with the request to operate with a second host-based firewall configuration.

Abstract: A method for detecting an unauthorized activity on a computer system involves obtaining current time stamps for a first type of access event related to the computer system, determining a current count of the first type of access event using the current time stamps, and predicting an expected count of the first type of access event using a current count of time stamps and a predictive model. The method further involves obtaining an actual count of the first type of access event, executing a first comparison of the actual count with the expected count, determining, based on a test comprising the first comparison, that the unauthorized access to the computer system occurred, and issuing an alert indicating the unauthorized activity occurred.

Abstract: This application discloses a private key generation method and system, and a device. The method includes: sending, by a first network device, a first request to a second network device, where the first request includes a first parameter set; receiving, by the first network device, a first response message returned by the second network device, where the first response message includes a first sub-private key and a second parameter set, the first sub-private key is generated based on the first parameter set, and the first sub-private key is generated for a terminal device; generating, by the first network device, a second sub-private key based on the second parameter set, where the second sub-private key is generated for the terminal device; and synthesizing, by the first network device, the first sub-private key and the second sub-private key into a joint private key according to a synthesis formula.

Abstract: A device includes an array including a plurality of bit generating cells arranged in a plurality of rows and columns and a PUF generator. The PUF generator includes a plurality of column multiplexers, each column multiplexer coupled to a plurality of the columns from the array; a plurality of sense amplifiers, each sense amplifier being associated with a respective one of the column multiplexers; and a plurality of de-biasing circuits, each de-biasing circuit associated with a respective column multiplexer and coupled to an output of a respective one of the sense amplifiers. Each de-biasing circuit is operable to provide an output for generating a PUF signature that is dependent on more than one sensed bit from the bit generating cells associated with the columns coupled to the de-biasing circuit's respective column multiplexer, whereby a sensing bias of the sense amplifier to which the de-biasing circuit is coupled is reduced.

Abstract: The disclosure relates to a method and a system for data protection. The system provides a key server and a software sequence executed in a user device. The software sequence renders the method. In the method, a user value associated with a user's registered data in the key server is provided according to the user's input data; a server value is generated by the key server when the key server identifies the user; and a device value is generated according to the hardware information of the user device. The data in the user device can be effectively protected by an encryption process using the user value, the server value and the device value. A data protection mechanism with high-level security can be achieved when the data is protected in the encryption process incorporating the user-related user value, the device-related device value, and the server-related server value.

Abstract: Methods, systems, and devices for mass encryption management are described. In some database systems, users may select encryption settings for storing data records at rest. A database may receive a request to perform an encryption process on multiple data records corresponding to a user, for example, based on a user input or a change in encryption settings. A database server may partition the data records for encryption (e.g., encryption, decryption, key rotation, or scheme modification) into one or more data record groups of similar sizes, and may perform the encryption process on one record group at a time (e.g., to reduce overhead in the system). The database server may additionally support restricting user access to the data records being actively processed, estimating resources needed for the processing, determining data record encryption statuses to be displayed by a user device, or some combination of these features.

Abstract: A system and method for song management may include a digital vault receiving a song submitted by a user, the song comprising music in digital form; the digital vault uploading the song data to a song repository; the digital vault receiving and storing song metadata associated with the song; the digital vault sending a message to a reviewing user, inviting the reviewing user to access the song; and the digital vault capturing event metadata when the reviewing user gains access to the song, the event metadata comprising identification of the reviewing user and an activation timestamp.

Abstract: A communications device has a first communications port via which secure messages are received, and a second communications port via which non-secure messages are received. In response to detecting that a secure message has been received, the device determines whether the second communications port is in a state that enables non-secure messages to be received. If the second communications port is in the enabled state, the device autonomously disables the second communications port to preclude non-secure messages received at that port from being processed.

Abstract: A system, device and method for enforcing privacy during a communication session with a voice assistant are disclosed. In response to a determination that an environment of a first voice assistant device is not private, a first secure communication session between the first voice assistant device and an application server is suspended. In response a determination that one or more other voice assistant devices have been authorized for communication with the application server is made and input to transfer the first secure communication session, a second secure communication session between a second voice assistant device and the application server is initiated. The first secure communication session between the first voice assistant device and the application server is terminated in response to successful initiation of the second secure communication session.

Abstract: A method and a terminal for enhancing information security, where the method includes receiving, by a terminal, an open instruction of a sensitive application, starting a security policy of the sensitive application, displaying prompt information that a notification message arrives when the notification message related to the sensitive application is received, and displaying a prompt for entering a password when an instruction for opening the notification message is received. Hence, a preset security policy is automatically started when the sensitive application is used. When the notification message related to the sensitive application is received, a corresponding password needs to be entered. This enhances information security, facilitates use by a user, and improves user experience.

Abstract: A encrypted verification system and method includes detecting an attempt to access a service requiring multi-factor authentication from a first user computing device, requesting a trusted platform module (TPM) public key of a second user computing device, the second user computing device being coupled to the first user computing device, generating a nonce in response to receiving the TPM public key of the second user computing device, sending the nonce for signature by a TPM private key of the second user computing device, receiving a signed nonce, wherein the signed nonce is signed by the TPM private key and decrypted using the TPM public key of the second user computing device, and determining that a value of the signed nonce matches a value of the nonce to authenticate the first user computing device and allowing access to the service.

Abstract: A processing system may obtain an operations set associated with database sources of a database system from a client entity, the operations set including a statement, the statement including a query, identify data sets from the operations set, transmit, a request to a first owner to permit access to a first data set, and a request to a second owner to permit access to a second data set, and receive approvals from the first and second owners. The processing system may retrieve a first portion of data stored in the first data set and a second portion of data stored in the second data set in accordance with the approvals, execute the operations set in accordance with the first portion of data and the second portion of data to generate a result set, and provide the client entity access to the result set.