Abstract: A data management system, method and computer-readable medium for data integration and quality control are described. In some implementations, a computer-implemented method comprises steps of receiving datasets from one or more data sources, storing the datasets belonging to a domain, checking data integrity of the datasets, performing a quality control check on the datasets, receiving selections from the domain on the datasets that are selected to be processed based on one or more reference libraries, processing one or more selected datasets based on the one or more reference libraries to create mapped data, integrating the mapped data with metadata to provide an integrated analysis, and causing to display, at a graphical user interface (GUI), real-time processing status for each of the one or more selected datasets.

Abstract: In an implementation, a method for execution of security rules on a data network is described. The method includes steps of: sensing operations of the data network; generating event objects that record the operations of the data network; storing an event-timestamp that records a first time at which the operations were sensed; storing the event objects in a bulk-memory; storing a reception-timestamp that records a second time at which an event object was received for storage; identifying at least one security-rule to be run on matching event objects, the at least one security-rule specifying a time-length; identifying a time-window having a beginning-time before the event-timestamp and an end-time after the event-timestamp; generating an alert based on the run of the at least one security-rule on the matching event objects; and performing one or more security actions based on the alert to reduce an impact of a security threat.

Abstract: Embodiments include methods and systems for detecting security risks in network pages, comprising providing at least one secure transaction page to a secure transaction provider, the secure transaction page enabling the secure transaction provider to request secure transactions, determining a request rate for the secure transaction page associated with the secure transaction provider, determining a predetermined threshold for a change in request rate for the secure transaction page by the secure transaction provider, determining that the predetermined threshold, for the change in request rate for the secure transaction page by the secure transaction provider, has been exceeded, and providing a notification to the secure transaction provider based on the determination that the predetermined threshold, for the change in request rate for the secure transaction page by the secure transaction provider, has been exceeded.

Abstract: A full-link data security protection method and a system are provided. The method includes: at a data creation and collection stage: building a data security identification; at a data transmission and storage stage: dividing the ciphertext file into blocks to generate ciphertext components; calculating a virtual index and a data label; transmitting the ciphertext components to a distributed hash table (DHT) network; uploading a tuple including the virtual index, the data block, and the data label to a cloud server; at a data processing and exchange stage: applying re-encryption based on a re-encryption key generation algorithm; performing decryption to obtain the signed identifier and a secret value; acquiring a tuple having a ciphertext component associated with the virtual index. Attribute-based proxy re-encryption is used to achieve fine-grained access control for the cloud storage. In the data destruction stage, the DHT network automatic updating utility is leveraged to realize data self-destructing.

Abstract: Disclosed techniques relate to security of backup data. In some embodiments, a method includes receiving, by data protection service running on a cloud computing system, a first encrypted copy of a backup of a first data store that is associated with a first account of an organization, where the first encrypted copy is encrypted using a first custodian cryptographic key that is shared between the organization and the data protection service that is different than a first production cryptographic key that is private and used by the organization to encrypt a non-backup version of the first data store. The method may include generating a second encrypted copy of the backup, including by encrypting the backup using a storage cryptographic key. The method may include storing the second encrypted copy of the backup in a second data store that is associated with the data protection service.

Abstract: Techniques include securely accessing data associated with authorization of an identity, the identity being capable of accessing an access-controlled network resource based on assertion of an authentication credential to an entity associated with the access-controlled network resource; generating a secret data element based on the data associated with authorization of the identity and based on application of a first secret logic algorithm; and making the secret data element available to be embedded in the authentication credential. The entity associated with the access-controlled network resource is configured to: validate the identity based on the secret data element being included in the authentication credential; and access the data associated with authorization of the identity based on application of a second secret logic algorithm to the secret data element.

Abstract: A device implementing a system for providing information corresponding to a user in association with messaging includes a processor configured to receive, by a messaging application on the device, a message and associated metadata from a second device, the associated metadata comprising a record identifier of a data record stored on a server, the data record comprising identifying information corresponding to a user of the second device. The processor is further configured to send, to the server, a request for the data record, the request comprising the record identifier, and obtain, in response to the sending, the data record. The processor is further configured to display the identifying information of the user contained in the data record, together with content of the message in a user interface of the messaging application.

Abstract: An apparatus can include a processor and a vehicular communication component. The vehicular communication component can be configured to generate a vehicular private key and a vehicular public key, provide the vehicular public key to a plurality of external communication components wherein each respective one of the plurality of external communication components is positioned on a different transportation assistance entity, provide data to at least one of the plurality of external communication components, receive, in response to providing the data, additional data from the at least one of the plurality of external communication components, wherein the additional data is encrypted using the vehicular public key, and decrypt the additional data using the vehicular private key.

Abstract: A system may receive a request to migrate a first distributed ledger, maintained by a first distributed ledger management system, to a second distributed ledger management system, and may generate first verification information based on information recorded to the first distributed ledger. The system may instruct the second distributed ledger management system to establish a second distributed ledger, such that the second distributed ledger management system maintains the second distributed ledger. The system may also instruct the second distributed ledger management system to record the information, recorded to the first distributed ledger, to the second distributed ledger. The system may generate second verification information based on the information recorded to the second distributed ledger, and verify that the first distributed ledger has been migrated to the second distributed ledger management system by comparing the first verification information to the second verification information.

Abstract: Techniques are described for providing data such as, for example, keys, connection identifiers, and hashes to network devices using a secure database in order to facilitate client devices remaining connected or reconnecting with network sites when the client device moves among networks and to prevent replay attacks. For example, a method may include receiving, by a network device of a first network, encrypted traffic destined for a network site via the first network from a client device. The method may also include retrieving, by the network device from a database, data related to a previously established connection via a second network of the client device to the network site. In configurations, the data is received by the database from a proxy on the client device. The method may further include based at least in part on the data, passing, by the network device, the encrypted traffic to the network site.

Abstract: A non-transitory computer-readable media, method, and server for detecting and addressing vulnerabilities are described. For example, a server receives a security advisory of a vulnerability of a function in a third-party library, accesses a version control system of the third-party library to identify fix commits that address the vulnerability, determines files corresponding to functions in the third-party library that include the vulnerability, performs a comparison before and after a code change was made to the files, identifies functions that included the vulnerability and have been modified to address the vulnerability, performs a search for component versions that include the individual functions that included the vulnerability, generates an enriched vulnerability description that includes identifiers of package versions that include: fixed versions and vulnerable versions of the functions, and modifies project code in a development system to use the fixed versions of the functions.

Abstract: Methods, systems and computer programs are presented for classifying malware using audio and image signal processing. One method includes an operation for converting a software application to an audio signal and an image signal. Audio features are extracted from the audio signal and image features are extracted from the image signal and are used to classify the software application.

Abstract: The invention is directed toward systems, methods and computer program products that enable end to end user authentication along with encryption to mitigate the risks posed by untrusted or unsecure intermediary entities. The invention (i) enables full end to end encryption of sensitive data that has been input by a user on a terminal device at one end, and the intended or authorized recipient at the other end, (ii) ensures that data entered by the user on the terminal device is not readable by any intermediary entity including a partner application or other software application implemented within the terminal device, and (iii) eliminates the risk of successful local attacks on the terminal device to unauthorizedly access user data, or to unauthorizedly obtain access to encryption/decryption keys that can be used to unauthorizedly access encrypted user data.

Abstract: A device authentication method, an authentication apparatus and a computer-readable storage medium may be provided to authenticate an electronic device. In some implementations, the device authentication method includes: establishing a first connection based on a transparent layer security (TLS) protocol between the electronic device and a first server; sending a first request to the first server to perform identity authentication of the electronic device, the first request being generated on the basis of first information which represents a digital certificate of the electronic device; and on the basis of the first connection, receiving first response information about the first request, the first response information being sent by the first server and carrying a result of the identity authentication of the electronic device performed by the first server.

Abstract: In an example, a portable communication device (PCD) is dynamically configured, providing a profile to the PCD. A portable communication device may be dynamically configured using a profile based on an event. The profile includes data that allows users of PCDs to be provided with one or more logical communication channels for communicating. In an example, an artificial intelligent (AI) assistant is provided for use in connection with a PCD. An example implementation maintains a user profile including one or more profile tags indicative of attributes applicable to respective users. User input is received at an AI assistant executing in association with a PCD and the user input is processed to identify matching profile tag values, permitting one or more tasks to be performed involving related PCDs.

Abstract: Certain aspects of the present disclosure provide techniques for security management of health information using artificial intelligence assistant by receiving, at an artificial intelligence (AI) assistant device from a requestor in an environment, an utterance including a request to provide health information related to a patient and confirming, via a machine learning model hosted by the AI assistant device, whether an unauthorized person is present in the environment with the AI assistant device, where the unauthorized person is not permitted by the patient to receive the health information but is permitted to interact with the AI assistant device. Further, in response to determining that the unauthorized person is present, generating, by the AI assistant device, an audio deferral that does not include the health information that was requested.

Abstract: An electronic device includes processing circuitry and one or more memories, including a non-volatile memory. Ephemeral cryptographic key generation circuitry, in operation, applies a function to code stored in the non-volatile memory, generating an ephemeral cryptographic key. Cryptographic circuitry coupled between the processing circuitry and the one or more memories, in operation, performs one or more cryptographic operations on data using the generated ephemeral cryptographic key. The device may include a register, which, in operation, temporarily stores the generated ephemeral cryptographic key.

Abstract: Computing resources deployed on the cloud can be susceptible to different types of malicious attacks based on vulnerabilities introduced in computer program instructions that define the computing resources. To address these types of attacks, methods, systems, apparatuses, and computer-readable storage mediums are described for identifying a resource attack path. A vulnerability identifier scans a set of computer program instructions to identify a vulnerability therein. A resource mapper generates a resource map that identifies a relationship between a portion of the set of computer program instructions and a resource executing in a cloud. An attack path identifier obtains a log that identifies telemetry events in the cloud. The attack path identifier further identifies an attack path based at least on the identified vulnerability, the resource map, and the log. A security event remediator performs a remediation action in response to the identifying the attack path.

Abstract: The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

Abstract: A system and method for sending end-to-end encrypted messages comprising a sender's web browser, a recipient's web browser, and a server. The system and method avoid both the sender and the recipient having to download encryption programs themselves onto their respective computers. In addition, the system and method ensure that unencrypted messages are never disclosed to the server. The system and method operate by first downloading the web browser files, verifying them and then preventing the web browser page from refreshing, thereby preventing malicious code from entering the web browser each time the web browser page would normally be refreshed. The system and method also provide for securely implementing cryptography using client-side scripting in a web browser.