Abstract: A communication node for use in a distributed communication network, a communication network and a method for monitoring communication and cybersecurity in a distributed communication network are provided. The communication node includes, but is not limited to a communication module, a memory, and a processor. The communication module is configured to communicate with a communication module of another communication node in a distributed communication network and to store a local copy of a blockchain ledger in the memory. The processor is further configured to generate a record to be added to the local copy of the blockchain ledger stored in the memory every time the communication node communicates with any of the plurality of communication nodes in the distributed communication network. The processor is further configured to verify and monitor the permissioned blockchain by consensus computing and previous hash comparisons.

Abstract: A person is automatically identified by a detection device of an observation apparatus. The identified person is shown a personalized symbol. A control action by the person causes data to be retrieved from a personal data source associated with the person and presented on a display panel. The presentation is stopped at the latest when the person leaves a sensing range of the detection device. This allows a particularly convenient and simple data use.

Abstract: Disclosed herein are methods, devices, and apparatuses, including computer programs stored on computer-readable media, for automatic blockchain deployment. One of the methods includes: causing a virtual computing environment to be created at a computer, the computer connecting to a cloud platform; generating an initial block of a blockchain transmitting the initial block of the blockchain to the cloud platform; causing the blockchain to be initialized at the virtual computing environment; and after initialization of the blockchain is completed, monitoring the blockchain based on the cloud platform.

Abstract: The disclosure relates to posting auditable, immutable data to a blockchain. The method includes receiving a blockchain comprised of a plurality of blocks, each block having at least a block header and one or more transaction values, where each transaction value includes at least a transaction hash, and receiving a data file associated with a specific transaction hash included in a block in the blockchain, where the data file includes one or more variables. The method includes modifying at least one of the one or more variables included in the data file, generating a new hash value via application of one or more hashing algorithms to the modified data file, and generating a new transaction value based on at least the generated new hash value and the specific transaction hash. The method includes digitally signing the generated new transaction value, and electronically transmitting the signed new transaction value.

Abstract: A Pervasive Intermediate Network Attached Storage Application (PINApp) enables users to digitally assign (pin) a folder or drive to a public cloud storage service for the purpose of sharing their digital content with others. The PINApp enables users to engage the cloud storage services without the need to upload the digital content to the cloud in order for it to be viewed or shared. The Asynchronously Rendered Conduit (ARC) allows content owners to create rules to govern the private and public usage of digital content across users, devices, networks, and realms.

Abstract: A method for protecting a device from information attacks, in which received from the at least one device are checked by a security device, included in the at least one device, for an information attack, and for the case that the received data are associated with an information attack, characteristic data concerning the information attack are stored in the at least one device and transmitted via a communication interface to a unit in communicative connection with a plurality of devices, and the unit evaluates the characteristic data transmitted from the at least one device and outputs a warning message to at least a portion of the devices in communicative connection with the unit as a function of at least one predefined criterion.

Abstract: A network connection between a server group of a data intake and query system and each of one or more source network nodes is established. The server group includes an indexer server and a model management server. Source data at the server group is received from at least one of the one or more source network nodes. A model management server detects data constraints for a security model. The data constraints include a data element used by the security model and an availability requirement set. Using the timestamped entries, the data constraints are validated to obtain a validation result. The model management server determines a data availability assessment of the security model based on the validation result. The data availability assessment of the security model is stored in computer storage.

Abstract: This invention provides an authentication center system which enables a user to manage the specific account information of the user's accounts at different service parties centrally in one authentication center.

Abstract: A computer storage array detects and counters denial of service (DoS) attacks and provides one or more remote initiators with access to one or more storage devices connected to the computer storage array. computer storage array includes: a computer processor configured to run an operating system for managing networking protocols; a networking device configured to monitor and route network traffic, at a packet level to, and from the storage devices; a baseboard management controller (BMC) configured to detect a DoS attack based on monitoring of statistics of the network traffic by the networking device; a PCIe switch connecting the BMC with each of the storage devices via a PCIe bus; and a computer motherboard to which the computer processor, networking device, BMC and PCIe switch are installed.

Abstract: The method comprising: a) receiving, by an encoding module computer device (103), from a user (100), a message (101) including a content to be encoded; b) generating, by the encoding module (103), a generated encoding (104) of the content of the provided message (101) using encoding information (112); c) sending, by the encoding module computer device (103), the generated encoding (104) to a reception module computer device (106) and verifying, by the reception module computer device (106), that the generated encoding (104) corresponds to the encoding of the content of the message (101) by using a generated verification information (105) and public information (107), wherein the at least one code (102) having a cryptographic relationship with the public information (107) and the message (101), and the public information (107) and the message (101) having a cryptographic or a public relationship.

Abstract: A cognitive security analytics platform is enhanced by providing a computationally- and storage-efficient data mining technique to improve the confidence and support for one or more hypotheses presented to a security analyst. The approach herein enables the security analyst to more readily validate a hypothesis and thereby corroborate threat assertions to identify the true causes of a security offense or alert. The data mining technique is entirely automated but involves an efficient search strategy that significantly reduces the number of data queries to be made against a data store of historical data. To this end, the algorithm makes use of maliciousness information attached to each hypothesis, and it uses a confidence schema to sequentially test indicators of a given hypothesis to generate a rank-ordered (by confidence) list of hypotheses to be presented for analysis and response by the security analyst.

Abstract: System and methods are described for authenticating users across multiple environments within a cloud-computing environment. A system may receive an indication that a user authenticated within a first environment has performed an action specific to a second environment. The system determines whether a previous action was performed by the user specific to the second environment. In response to determining that no previous action was performed, the system retrieves a first token from an authentication database, wherein the first token is associated with authentication of the user within the first environment. The system then validates the first token, and then generates a second token associated with authentication of the user within the second environment.

Abstract: In one embodiment, an agent process associated with a particular application on a computing device intercepts outbound connection calls made by the particular application for a remote target host within a computer network, and determines an application context for the outbound connection call based on the particular application and one or more features of the outbound connection call. The agent process may then compare the application context against a set of application-context-aware firewall policies configured on the agent process, and determines whether to allow or not allow (block) the outbound connection call based on the comparing of the application context to the set of application-context-aware firewall policies.

Abstract: Techniques described herein include systems and methods for biometric authentication utilizing a dynamically updated biometric template derived from social media content of a user. In some embodiments, a service provider computer receives an authentication request that comprises biometric data provided by the user utilizing a user device. Social media content associated with the user may be received by the service provider computer from a social network service computer. In embodiments, the service provider computer may generate a biometric template for the user based on the received social media content where the biometric template is continually updated based on new social media content shared by the user. The service provider computer may determine a confidence score based on a comparison of the biometric data and the biometric template. The service provider computer may verify the authentication request for the user based at least in part on the confidence score.

Abstract: The present invention relates to a user authentication server which mixedly uses both a password and biometric information. The user authentication server comprise: a variable keypad generation unit for generating a variable keypad including password keys and a biometric authentication key, wherein the position of each password key and the position of the biometric authentication key are changed in each generation of the keypad; an authentication information storage unit for storing authentication information of portable terminal users; and an authentication unit for authenticating a user by remotely providing information of generated variable keypad to a portable terminal, and comparing biometric information and information of the positions of the password keys in accordance with the order of input by the user, received from the portable terminal, with the authentication information stored in the authentication information storage unit.

Abstract: Various embodiments are generally directed to utilizing a steganographically encoded image with an offline and/or online verification or authentication protocol. A method for using the steganographic image can include: receiving or utilizing a steganographic image associated with a user at a third-party device, the steganographically encoded image including an identification of a user steganographically encoded with a fingerprint template of the user, and authenticating the user using the steganographically encoded image.

Abstract: Application identification and control in a network device. In one embodiment, a method may include establishing, at a network device, a Virtual Private Network (VPN) tunnel through which all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) traffic sent from or received at the network device is routed. The method may also include monitoring, at the network device, all TCP and UDP traffic sent from or received at the network device through the VPN tunnel. The method may further include extracting, at the network device, payload data from the monitored TCP and UDP traffic. The method may also include analyzing the extracted payload data to identify applications executing on the network device that sent or received the monitored TCP and UDP traffic. The method may further include taking, at the network device, a security action on the network device based on the identified applications.

Abstract: Systems and methods for providing access to media content by connecting, to a public device, a private device that does not have an installed application associated with the media content. A media guidance application may receive a communication from a private device requesting to access content using the public device. In response, the media guidance application may retrieve, at the public device, a public interface application and private interface application from a content provider of the content. The private interface application, which may be configured to control a graphical user interface of the public interface application, may then be transmitted to the private device. Accordingly, the user may be able to access content via the public device when the private device is within a predetermined proximity to the public device.

Abstract: A tenant's clear text data in a multi-tenant storage system can be encrypted using the tenant's cryptographic key to produce encrypted yet compressible data (“cryptographic data”). The cryptographic data can be encrypted using a system cryptographic key that is managed by the multi-tenant storage system and then stored. Use of the system cryptographic key allows for subsequent maintenance activities such as deduplication and compression to be performed on data stored in the multi-tenant storage system without having to access any of the tenants' cryptographic keys.

Abstract: A sign-in method and server based on facial recognition are provided. The method includes: receiving a face image of a sign-in user from a sign-in terminal. According to the face image of the sign-in user, whether a target registration user matching the sign-in user exists in a pre-stored registration set is detected. The registration set includes a face image of at least one registration user. Further, the target registration user is confirmed as signed in successfully if the target registration user exists in the registration set.