Abstract: The present disclosure discloses encrypting, by a user device, a folder based at least in part on utilizing a symmetric key to determine an encrypted folder, the encrypted folder being stored on the user device; encrypting, by the user device, the symmetric key, to determine an encrypted symmetric key, based at least in part on utilizing an assigned public key associated with the user device; decrypting, by a trusted device to determine the symmetric key, the encrypted symmetric key based at least in part on verifying biometric information, wherein, the decrypting includes transmitting a request to a trusted device, the request identifying a trusted key to be utilized to decrypt the encrypted symmetric key; and decrypting, by the user device, the encrypted folder based at least in part on utilizing the symmetric key. Various other aspects and techniques are contemplated.

Abstract: A method, in an external meshnet device in communication with a first meshnet device and a second meshnet device, includes determining, based on comparing (i) a first range of first subnet IP addresses associated with a first LAN connected to the first meshnet device and (ii) a second range of second subnet IP addresses associated with a second LAN connected to the second meshnet device, a conflict that a first subnet IP address assigned to a first LAN device in the first LAN is the same as a second subnet IP address assigned to a second LAN device in the second LAN; mapping, based on determining the conflict, an alternate IP address to correspond with the first subnet IP address; and communicating with the first LAN device based on utilizing the alternate IP address instead of the first subnet IP address is disclosed. Various other aspects are contemplated.

Abstract: A method including activating, by a virtual private network (VPN) server, a first exit internet protocol (IP) address for communicating data associated with a user device having an established VPN connection with the VPN server; deactivating, by a VPN server, the first exit IP address from communicating the data associated with the user device based at least in part on determining that an amount of data communicated utilizing the first exit IP address satisfies a data threshold; and reactivating, by the VPN server at a later time, the first exit IP address for communicating the data associated with the user device based at least in part on determining that the amount of data communicated utilizing the first exit IP address fails to satisfy the data threshold is disclosed. Various other aspects are contemplated.

Abstract: First metadata associated with a communication originating from a client device and directed to a target is received from a service provider. Based on a subscriber identification module (SIM) security service, service information is transmitted to a point of presence. The service information includes the first metadata and second metadata associated with the client device.

Abstract: A method including enabling, by an infrastructure device, a mesh network including a first device and a second device such that the first device and the second device communicate meshnet data utilizing a meshnet connection between the first device and the second device; and determining, by the infrastructure device, an initiating device from among the first device and the second device, the initiating device being responsible for initiating optimizing the meshnet connection. Various other aspects are contemplated.

Abstract: A cyber security method and system for detecting malware via an anti-malware application employing a fast locality-sensitive hashing evaluation using a vantage-point tree (VPT) structure for the indication of malicious files and non-malicious files. The locality-sensitive hashing evaluation using the VPT structure can be performed prior to initiating the deeper, more computationally intensive evaluation and is used to identify with high confidence a scanned file or data object being a malicious file, a non-malicious file, or a low confidence measure of the two.

Abstract: A method of generating a machine learning model for detecting malicious connections between two or more computing devices includes executing, within a secure operating environment, a plurality of known malicious software applications and a plurality of known non-malicious software applications, generating a dataset of known handshake parameters by monitoring connections between the plurality of known malicious software applications and one or more target servers, and the plurality of known non-malicious software applications and the one or more target servers, training a machine learning model using the dataset of known handshake parameters to predict a maliciousness of a connection between two or more computing devices based on handshake parameters between the two or more computing devices, and distributing the machine learning model to one or more client devices.

Abstract: The disclosure discloses an infrastructure device that configures a first server to determine an encrypted authentication packet including (i) a crypted code field that indicates a type of the encryption authentication packet, (ii) a crypted payload field that includes an encrypted initial authentication packet, determined by utilizing a nonce, an encryption key, and an encryption algorithm, and (iii) a data length field that indicates a length of the encrypted authentication packet, the length including a sum of a length of the crypted code field, a length of the crypted payload field, and a length of the data length field. The infrastructure device may also configure the first server to transmit, to a second server, the encrypted authentication packet to enable the first server and the second server to conduct an authentication process. Various other aspects are contemplated.

Abstract: A virtual private network (VPN) client receives data including a pre-shared key (PSK). The VPN client decrypts the data based on a short-term key pair to obtain a ciphertext. The VPN client then decrypts the ciphertext based on a short-term quantum-resistant key pair to obtain the PSK. A VPN tunnel is then established between the VPN client and a VPN server based on the PSK.

Abstract: A method determining, by a manager device that is responsible for managing network services provided by an infrastructure device, a manager request including (i) action description information that indicates an action to be performed by the infrastructure device, and (ii) path information that indicates an API to be utilized by the infrastructure device to enable performance of the action; transmitting, by the manager device to the infrastructure device, the manager request to request performance of the action; and receiving, by the manager device from the infrastructure device, an authorization message indicating successful authorization of the manager request, whereby indicating performance of the action, wherein the successful authorization is based at least in part on a verification that a time difference between a point in time when the manager request was determined and a current time satisfies a predetermined duration of time is disclosed. Various other aspects are contemplated.

Abstract: A method including receiving, by an infrastructure device from a first user device, encrypted content and an encrypted first private key for storage in association with a first account registered by the first user device with the infrastructure device; receiving, by the infrastructure device from the first user device, identification information identifying a second user device; receiving, by the infrastructure device from the second user device, a restoration request to access the first account based at least in part on a determination that the first user device is unable to access the stored encrypted content; and enabling, by the infrastructure device based at least in part on receiving the identification information and the restoration request, access of the second user device to the encrypted content and the encrypted first private key to enable the second user device to decrypt the encrypted content is disclosed. Various other aspects are contemplated.

Abstract: According to some embodiments, a method of controlling access to network resources includes: receiving an authentication request from a user device to a core security service; if the user is authenticated, authorizing the user device to connect to a private cloud, and connecting the user device with the private cloud and retrieving user-specific segmented firewall rules stored in the private cloud; routing, through the firewall rules, a request by the user device to access an outer resource; evaluating the request against the firewall rules; if the request meets the firewall rules, routing the request through security measures of the firewall; and if the request does not meet the firewall rules, denying the user device access to the outer resource.

Abstract: The present disclosure discloses encrypting a folder stored on a user device based on utilizing a symmetric key; encrypting, based on utilizing a public key associated with the user device, the symmetric key to determine a single-encrypted symmetric key; transmitting, to a biometric unit available to the user device, a request to capture biometric information; verifying the biometric information based on a comparison of the biometric information with stored biometric information; selectively transmitting, to a trusted device located on the user device and based on successful verification of the biometric information, an encryption request to encrypt the single-encrypted symmetric key based on utilizing a trusted key that is generated by the trusted device, thereby determining a double-encrypted symmetric key; and storing the single-encrypted symmetric key and the double-encrypted symmetric key in a memory. Various other aspects and techniques are contemplated.

Abstract: The disclosure discloses a first server determining an encrypted authentication packet including (i) a crypted code field that indicates a type of the encryption authentication packet, (ii) a crypted payload field that includes an encrypted initial authentication packet, determined by utilizing a nonce, an encryption key, and an encryption algorithm, and (iii) a data length field that indicates a length of the encrypted authentication packet, the length including a sum of a length of the crypted code field, a length of the crypted payload field, and a length of the data length field. The method may also include transmitting, by the first server to a second server, the encrypted authentication packet to enable the first server and the second server to conduct an authentication process. Various other aspects are contemplated.

Abstract: A request is received from a user device. In response to the request, respective penalty scores for VPN servers are calculated. At least some of the VPN servers are associated with respective exit internet protocol (IP) addresses. A respective penalty score for a VPN server is calculated based on a ratio of the respective exit IP addresses determined as being compromised. One or more of the VPN servers are selected based on the respective penalty scores. Respective IP addresses of the one or more of the VPN servers are transmitted to the user device.

Abstract: A method in a virtual private network (VPN) environment, the method including determining that a VPN service provider is unreachable via utilization of original domain information, the VPN service provider being associated with providing VPN services to the user device; determining, based at least in part on determining that the VPN service provider is unreachable, substitute domain information to be utilized for transmitting a connection request, the substitute domain information including alphanumeric characters that identify the VSP service provider; and transmitting the connection request to the VPN service provider based at least in part on utilizing the substitute domain information is disclosed. Various other aspects are contemplated.

Abstract: The present disclosure discloses an infrastructure device for configuring a user device to (i) establish a first parallel VPN connection with a first VPN server and a second parallel VPN connection with a second VPN server; (ii) transmit a first service request for a VPN service to the first VPN server over the first parallel VPN connection and a second service request for the VPN service to the second VPN server over the second parallel VPN connection; (iii) determine the first VPN server as an optimal VPN server when the first VPN server provides the VPN service before the second VPN server, or the second VPN server as the optimal VPN server when the second VPN server provides the VPN service before the first VPN server; and (iv) transmit subsequent service requests for VPN services to the optimal VPN server. Various other aspects are contemplated.

Abstract: A method and apparatus for generating a content detection dataset using file creation dates. The method accesses a database comprising data files. The files are analyzed by a machine learning model to determine file creation dates. The creation dates are used to identify relevant content files. The most relevant files are included into a content detection dataset as content samples. The dataset may be used for training machine learning based content detectors.

Abstract: A cyber security method and system for detecting malware via an anti-malware application employing a fast locality-sensitive hashing evaluation using a vantage-point tree (VPT) structure for the indication of malicious files and non-malicious files. The locality-sensitive hashing evaluation using the VPT structure can be performed prior to initiating the deeper, more computationally intensive evaluation and is used to identify with high confidence a scanned file or data object being (i) a malicious file, (ii) a non-malicious file, or a low confidence measure of the two.

Abstract: An intermediary system between an access network and a target may receive a communication originating from a client and directed to the target. The intermediary system may generate, based a subscriber identification module (SIM) security service, a secure communication. The intermediary system may provide the secure communication to the target.