Abstract: A decentralized security system and associated methods are implemented by a distributed set of security controllers that independently detect threats and implement attack protections for endpoints based on cumulative threat states that are synchronized across the distributed set of security controllers in a decentralized manner. A particular security controller receives different states associated with different hashed identifiers from the other security controllers, and also receives a request from a client that is directed to a particular endpoint. The particular security controller generates a hashed value from hashing an identifier from the request that identifies the particular endpoint, updates a first state based on the first hashed value matching a hashed identifier that is associated with the first state, and implements a protective action in response to an updated value generated from updating the first state violating a security rule.

Abstract: Systems and methods of defending against stack-based cybersecurity attacks that exploit vulnerabilities in buffer overflows. The embodiments disclosed herein propose hijacking program flow in a program binary by insert call checking CFI code before calling a target. Examples of a target can be a function within the program binary, a register, or a memory location. If the call target is a valid call target (e.g., included in a global list of addresses), normal program flow resumes and the program flow is transferred to the target. On the contrary, if the call target is not a valid call target (e.g., not included in a global list of addresses), the program binary is deliberately crashed.

Abstract: An encryption key management method includes: receiving a data registration request from a supplier terminal, determining a data identifier associated with the content data, encrypting a master key with a public key of the supplier terminal, and providing the supplier terminal with the master key encrypted with the public key of the supplier terminal, the data identifier, and a key update count value; receiving a subscription application related to the data identifier from a first subscriber terminal, encrypting the master key with a public key of the first subscriber terminal, and providing the first subscriber terminal with the master key encrypted with the public key of the first subscriber terminal and the key update count value; receiving encrypted content data encrypted with the symmetric key and a hash for the content data from the supplier terminal; and transmitting the encrypted content data and the hash to the first subscriber terminal.

Abstract: A threat monitoring and vulnerability management system is disclosed. The system includes one or more sensors configured to scan a frequency spectrum of a project 25 (P25) network and to collect data on the P25network.

Abstract: A network-accessible service provides an enterprise with a view of identity and data activity in the enterprise's cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. Based on identity and audit data received from a set of cloud deployments, and according to a cloud intelligence model, a set of permissions associated with each of a set of identities are determined. For each identity, and based on a set of identity chains extracted from the cloud intelligence model, a set of identity account action paths (IAAPs) are then determined. An IAAP defines how the identity obtains an ability to perform a given action in a given account. Using the identity account action paths together with context information, one or more roles, groups and accounts in the enterprise that are propagating permissions within the public cloud environment are then identified.

Abstract: A stent apparatus, system, and method that senses wall shear stress by measuring fluid flow at localized areas within the stent, that processes measured information through an integrated circuit, and selectively sends power to mechanically controllable stent surfaces which results in localized geometric changes. In various embodiments the stent apparatus, system, and method sends data to outside the body in real time.

Abstract: Disclosed is a method and apparatus for performing steps to cause encoded information to be stored at a client device during a first network session between a server and the client device. To cause encoded information to be stored at a client device, the server first determines a set of network resource requests that encode the information. These network resource requests may include requests for one or more specific URLs and/or requests for one or more files. The server then causes the client device to initiate the network resource requests. The server may cause this initiation by, for example, redirecting the client device to the network resources. The client device initiating the network resource requests causes data representative of the network resource requests to be stored at the client device.

Abstract: A Merkle tree-based data management method may comprise: aligning data into two-dimensional square matrix; calculating a hash value of each node of the two-dimensional square matrix; calculating hash values of each row of the two-dimensional square matrix; generating an additional column with nodes having the hash values of each row; calculating hash values of each column of the two-dimensional square matrix; generating an additional row with nodes having hash values of each column; and calculating a Merkle root by concatenating the hash values of the additional column and the hash values of the additional row.

Abstract: Embodiments include a computing device that executes software routines and/or one or more machine-learning architectures providing improved omni-channel authentication solutions. Embodiments include one or more computing devices that provide an authentication interface by which various communication channels may deposit contact or session data received via a first-channel session into a non-transitory storage medium of an authentication database for another channel to obtain and employ (e.g., verify users). This allows the customer to access an online data channel and enter the contact center through a telephony communication channel, but further allows the enterprise contact center systems to passively maintain access to various types of information about the user's identity captured from each contact channel, allowing the call center to request or capture authenticating information (e.g.

Abstract: A network-accessible service provides an enterprise with a view of all identity and data activity in the enterprise's cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. The service enables an enterprise to model all activity and relationships across cloud vendors, accounts and third party stores. Display views of this information preferably can pivot on cloud provider, country, cloud accounts, application or data store. Using a domain-specific query language, the system enables rapid interrogation of a complete and centralized data model of all data and identity relationships. User reports may be generated showing all privileges and data to which a particular identity has access. Similarly, data reports shown all entities having access to an asset can be generated.

Abstract: An access control server may store a private cryptographic key. The private cryptographic key corresponds to a public cryptographic key. The public cryptographic key is stored on a blockchain as part of an autonomous program protocol. The access control server may receive access control setting related to the autonomous program protocol. The access control server may receive a request for accessing the autonomous program protocol stored on the blockchain. The access control server may review the request. The access control server may determine the request is in compliance with the policies specified in the setting. The access control server may create, using the private cryptographic key, a digital signature for the request and generate a response including the digital signature. A successful verification of the digital signature using the public cryptographic key stored in the autonomous program protocol is required by the autonomous program protocol to process the request.

Abstract: A validation device in a communication network is configured to communicate control information bidirectionally via a control plane of the network and access message data via a production plane of the network. The validation device receives key data via the control plane, and accesses a message received via the production plane by a message receiving device. The message includes a signature derived from the first key data. The validation device uses the first key data to check validity of the signature.

Abstract: Embodiments described herein provide for a fraud detection engine for detecting various types of fraud at a call center and a fraud importance engine for tailoring the fraud detection operations to relative importance of fraud events. Fraud importance engine determines which fraud events are comparative more important than others. The fraud detection engine comprises machine-learning models that consume contact data and fraud importance information for various anti-fraud processes. The fraud importance engine calculates importance scores for fraud events based on user-customized attributes, such as fraud-type or fraud activity. The fraud importance scores are used in various processes, such as model training, model selection, and selecting weights or hyper-parameters for the ML models, among others. The fraud detection engine uses the importance scores to prioritize fraud alerts for review.

Abstract: A system for detecting suboptimal performance of security check operations. The system may include a sensor operable to output sensor data indicative of physical characteristics of a security check environment, an output device, and a processing device comprising a processor and a memory. The security check environment may include at least one of a prohibited object detector, a human patron, an object carried by the human patron, and a human security officer. The processing device may be operable to: determine, based on the sensor data, that security check operations at the security check environment are being performed in a suboptimal manner; and in response to determining that the security check operations are being performed in a suboptimal manner, output alarm data to the output device to cause the output device to output an alarm signal indicative of the suboptimal manner in which the security check operations are being performed.

Abstract: Embodiments described herein provide for passive caller verification and/or passive fraud risk assessments for calls to customer call centers. Systems and methods may be used in real time as a call is coming into a call center. An analytics server of an analytics service looks at the purported Caller ID of the call, as well as the unaltered carrier metadata, which the analytics server then uses to generate or retrieve one or more probability scores using one or more lookup tables and/or a machine-learning model. A probability score indicates the likelihood that information derived using the Caller ID information has occurred or should occur given the carrier metadata received with the inbound call. The one or more probability scores be used to generate a risk score for the current call that indicates the probability of the call being valid (e.g., originated from a verified caller or calling device, non-fraudulent).

Abstract: Security systems for microelectronic devices physically lock the hardware itself and serve as a first line of defense by preventing overwriting, modification, manipulation or erasure of data stored in a device's memory. Implementations of the security systems can respond to lock/unlock commands that do not require signal or software interactivity with the functionality of the protected device, and which therefore may be consistent across devices.

Abstract: A method includes: generating a manifest of assets during the target time interval; labeling each asset in the manifest of assets with a set of attributes exhibited by the asset during the target time interval; defining a first attribute category exhibiting a first combination of attributes; assigning a first action to the first attribute category; identifying a subset of assets in the manifest of assets matching the first attribute category, each asset in the subset of assets exhibiting a set of attributes including the first combination of attributes; and executing the first action on the first subset of assets.

Abstract: Disclosed are systems and methods including computing-processes, which may include layers of machine-learning architectures, for assessing risk for calls directed to call center systems using carrier signaling metadata. A computer evaluates carrier signaling metadata to perform various new risk-scoring techniques to determine riskiness of calls and authenticate calls. When determining a risk score for an incoming call is received at a call center system, the computer may obtain certain metadata values from inbound metadata, prior call metadata, or from third-party telecommunications services and executes processes for determining the risk score for the call. The risk score operations include several scoring components, including appliance print scoring, carrier detection scoring, ANI location detection scoring, location similarity scoring, and JIP-ANI location similarity scoring, among others.

Abstract: Embodiments described herein provide for detecting whether an Automatic Number Identification (ANI) associated with an incoming call is a gateway, according to rules-based models and machine learning models generated by the computer using call data stored in one or more databases.

Abstract: Systems and methods are provided for creating, managing and implementing data encryption and key management in a software application through an application programming interface (API) via a SAAS-based API-based platform. A developer can quickly and easily build encryption into any application with an API accessed through an API-based platform that allows the developer to enter basic information about an application, generate encryption keys, download a client library and implement the encryption into the application based on the application information and encryption keys with only two calls to the API. The encryption is built into the software layer and the keys are managed remotely, providing security and simplicity for implementing and executing encryption.