Abstract: Provided is an integrated physical security and cyber security intrusion and anomaly detection method for determining physical or electronic ingress/egress of a person/device and/or data/information from a home/facility/premise. The method includes processing data and information obtained from physical security system sensors, wired/wireless network traffic, and third-party sources, and creating sensor and network traffic profile, baselines and detecting anomalies and writing all related data to either a local database or a remotely managed database at a monitoring center.

Abstract: A data security system, including a security manager computer using network application programming interface (API) calls to services that perform data exchange transactions for end users of an enterprise, and to security layers that perform preventive actions on data exchange transactions that prevent incoming and/or outgoing data exchange transactions from reaching their respective destinations, the API calls remotely monitoring the security layers to identify preventive actions on data exchange transactions performed by the security layers, wherein the security layers are provided by respective different security applications, and a data reporter operative to provide to an administrator of the enterprise a unified report of data exchange transactions that are under preventive action by at least one of the security layers, and to provide a unified interface to an end user enabling the end user to request that a preventive action applied to a selected data exchange transaction be undone.

Abstract: A system and method for establishing a bootstrap bridge via a network interface device at an information handling system to provide a transitive bootstrapping process for an untrusted (new) information handling system, wherein the bootstrap bridge comprises a temporary network enabler for communicating with the untrusted (new) information handling system and a secure gateway for communicating with a trusted core network, and wherein the bootstrap bridge receives an authentication request from the untrusted (new) information handling system via the temporary network enabler, wherein the authentication request includes an untrusted (new) information handling system identification (ID) with temporary authentication data loaded to the untrusted (new) information handling system upon manufacture, and the network interface device to transmit a request for challenge for the untrusted (new) information handling system ID to the trusted core network via the secure gateway on behalf of the untrusted (new) information h

Abstract: An information processing apparatus detects an unauthorized attack and transmits attack detection information concerning the detected attack to a communication control device. The communication control device selects an attack countermeasure instruction associated with an attack detection content that matches the attack detection information and an attack countermeasure function of the information processing apparatus by using the transmitted attack detection information and the attack countermeasure information stored in advance, decides a countermeasure method to be executed against the attack, and transmits the attack countermeasure instruction information including the decided countermeasure method to the information processing apparatus. The information processing apparatus is characterized to decide the countermeasure method to be executed against the attack from the received attack countermeasure instruction information and to execute the decided countermeasure method against the attack.

Abstract: The present invention provides a means for efficiently and securely collecting, storing, and sharing all types of personal, electronic information from, for and between individuals and business users using software that runs on multiple personal, business and cloud computing systems. The information of a primary user is stored in an encrypted relational database which associates the private data with private data fields needed by secondary users or various business users. Each entity is assigned one unique user identity to ensure consistency in data privacy and sharing. Attributes for data groups exist to define the secondary users and business users who the primary user has authorized for access to or master sourcing of certified data. Change lists, including conditions for implementation, are created to facilitate management, scheduling and distribution of changes. Collection, storage, and distribution of personal data is assisted by robotic process automation algorithms.

Abstract: A microcontroller includes a memory, direct memory access (DMA) controllers and a microprocessor. The microprocessor maintains one or more memory protection (MP) configurations to control access to protected memory areas of the microcontroller. In response to a secure service call of an unsecure user-application, the microprocessor executes a state machine which disables interrupt requests, determining whether DMA controller configurations and MP configurations satisfy secure-service criteria. When the secure-service criteria are satisfied, at least one secure operation associated with the secure service call is performed, and memory areas accessed during the execution of the at least one secure operation are cleaned. The interrupt requests are re-enabled and a response to the secure service call is generated.

Abstract: A highly secure networked system and methods for storage, processing, and transmission of sensitive information are described. Sensitive, e.g. personal/private, information is cleansed, salted, and hashed by data contributor computing environments. Cleansing, salting, and hashing by multiple data contributor computing environments occurs using the same processes to ensure output hashed values are consistent across multiple sources. The hashed sensitive information is hashed a second time by a secure facility computing environment. The second hashing of the data involves a private salt inaccessible to third parties. The second hashed data is linked to previously hashed data (when possible) and assigned a unique ID. Data dictionaries are created for particular individuals provided access to the highly secure information, e.g. researchers.

Abstract: A computer security monitoring system and method are disclosed that feature, in one general aspect, monitoring on an ongoing basis for evidence of the presence of infected systems in one or more networks that are each associated with a monitored organizational entity possessing digital assets, continuously updating risk profiles for the entities based on information about intrusion features from the monitoring, aggregating risk scores for the entities, and electronically reporting the aggregated risk score to an end user. In another general aspect, a method is disclosed that includes acquiring and storing data relating to interactions with malware controllers over a public network, acquiring and storing a map of relationships between networks connected to the public network, extracting risk data from the stored interaction data and the stored relationship map by cross-referencing the acquired interaction data against the map of relationships, and issuing security alerts based the extracted risk data.

Abstract: Disclosed herein are an apparatus and method for preventing a security threat to a virtual machine. The apparatus includes one or more processors and executable memory for storing at least one program executed by the one or more processors. The at least one program is configured such that a hypervisor for virtualization in a host kernel executes a virtualization instruction corresponding to the service requested by a virtual machine of a host application and such that a hypervisor for monitoring interrupts the virtualization instruction in response to a security threat event occurring in the monitoring area of the hypervisor for virtualization and controls the process and thread of the host kernel. The hypervisor for monitoring is located in an area separate from the area in which the hypervisor for virtualization is located in the host kernel.

Abstract: Rapid verification of executing processes includes receiving a seed from a verification unit. A checksum is generated at least in part by using a processor. The processor is coupled to a hierarchical memory, the hierarchical memory comprising an instruction cache, a data cache, and a shared memory accessible by both the instruction cache and the data cache. The shared memory is configured to store an executing program. A size of at least one of the instruction cache and the data cache is insufficient to store the entire executing program. The checksum is transmitted to the verification unit.

Abstract: A network access credential change request is received onto a network access credential updating system. The network access credential change request is a request to update access credentials of a network near a vehicle charge station. The new credential in the request is communicated to an electric vehicle. The network is updated with the network access credential. The vehicle is able to connect to the network with the updated credential after the network has been updated. In one embodiment, the network access credential updating system includes an application. A charge station operating entity communicates a network access credential change request for a particular network to the application. After sending the request, the charge station operating entity updates the network access credential for the network in accordance with a credential update agreement. The credential update agreement tends to afford adequate opportunity for vehicles to receive updated credentials before networks are updated.

Abstract: A method for constructing behavioral software signatures. The method includes: embedding execution traces of a set of software in a vector space, an execution trace of a software agent including at least one event and being representative of the execution of the software, the embedding representing an event of the execution trace by a vector encoding a context for occurrence of the event; partitioning the vectors associated with the software of the set to generate a data group representative of a behavior, a behavioral label being associated with the data group; associating a behavioral label with a vector, which is representative of the data group to which the vector belongs, and associating a trace of behavioral labels with a trace of vectors, the trace of labels being representative of execution of a software agent, and extracting in the trace of labels at least one behavioral signature associated with the software.

Abstract: Various embodiments of the present invention generally relate to identity authentication and/or recognition. Some embodiments provide a method for determining when a user may engage in a restricted activity, including engaging in an initial contact with a user via a medium for exchange, receiving a request to engage in an activity, determining an activity trust threshold required for the activity, determining an initial identity trust score for the user, and comparing the initial identity trust score with the activity trust threshold. Based on the comparison, the user is either allowed to engage in the activity, rejected from engaging in the activity, or additional identifying information is collected.

Abstract: A system and method of anti-malware analysis including iterative techniques. These techniques are used to create a file attribute tree used by a machine learning analyzer to identify malicious files.

Abstract: A secure integrated circuit comprises a lower logic layer, and one or more memory layers disposed above the lower logic layer. A security key is provided in one or more of the memory layers for unlocking the logic layer. A plurality of connectors are provided between the one or more memory layers and the lower logic layer to electrically couple the memory layer(s) and lower logic layer.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing blockchain-based data authorization. One of the methods includes receiving, by a blockchain node, a data acquisition transaction submitted by a data user for obtaining target data possessed by a data owner, determining, by the blockchain node, that the data user has obtained authorization of the target data, and executing, by the blockchain node, a smart contract invoked by the data acquisition transaction to issue an authorization token to the data user in response to determining that the data user has authorization of the target data, where the authorization token is sent to a privacy computing platform.

Abstract: Methods and systems are disclosed for improvements in cloud services by sharing estimated and actual usage data of cloud services recipients with the cloud services provider. The sharing of this data allows the cloud services provider to better apportion cloud resources between multiple cloud services recipients. By analyzing information included in the shared data (e.g., information about one or more applications that use the cloud resources), the cloud services provider may categorize the applications and/or the functions of those applications into authorized and unauthorized uses, the determination of which, is used to further efficiently apportion the cloud services resources.

Abstract: An anomalous vehicle detection server includes an anomaly score calculator that detects a suspicious behavior different from a predetermined driving behavior based on pieces of vehicle information that are received from a plurality of vehicles, respectively, and are each based on a vehicle log including the content of an event that has occurred in a vehicle system provided in the vehicle, and acquires an anomaly score of each of the plurality of vehicles that indicates a likelihood that reverse engineering is performed on the vehicle; and an anomalous vehicle determiner that determines whether one vehicle of the plurality of vehicles is an anomalous vehicle based on the anomaly score of the one vehicle and a statistical value of the anomaly scores of two or more vehicles of the plurality of vehicles.

Abstract: A method and system for updating and applying a ruleset used for determining and mitigating malware threats. Communications of computing devices are monitored and first data file extracted. A first and second set of features are extracted. A first rule is applied to the first set of features of the first data file to determine a non-match. A second rule is applied to the second set of features to determine a match. A third rule is generated based on the first set of features, non-match, and match. Communications of a particular computing device are monitored and second data file extracted. A first set of features of the second data file are extracted. The third rule is applied to the first set of features of the second data file to determine a match. The second data file is disabled, blocked, or deleted based the match determination by the third rule.

Abstract: Synthetic training sets for machine learning are created by identifying and modifying functional features of code in an existing malware training set. By filtering the resulting synthetic code to measure malware impact and novelty, training sets can be created that predict novel malware and to seek to preemptively exhaust the space of new malware. These synthesized training sets can be used in turn to improve training of machine learning models. Furthermore, by repeating the process of new code generation, filtering and training, an iterative machine learning process may be created that continuously narrows the window of vulnerabilities to new malicious actions.