Abstract: Analysis of samples for maliciousness is disclosed. A sample is executed and one or more network activities associated with executing the sample are recorded. The recorded network activities are compared to a malware profile. The malware profile comprises a set of network activities taken by a known malicious application during execution of the known malicious application. A verdict of “malicious” is assigned to the sample based at least in part on a determination that the recorded network activities match the malware profile.

Abstract: Hierarchical scanning begins with communicating probes over the Internet to ports and networks addresses to determine publicly accessible devices. Based on responses to those probes, follow-up probes are determined to obtain additional information about the publicly accessible devices. The probes are transmitted from a system that is external to the networks corresponding to the network addresses. This provides an external view of the scanned networks and facilitates a probing paradigm that scales beyond a few networks.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for decentralized data management are provided. One of the methods includes: instructing, by an operator, a client to obtain data from a data source, wherein the operator is not allowed to directly obtain data from the data source; receiving, by the operator, encrypted data from the client, wherein the encrypted data is generated by the client based on the obtained data from the data source and an encryption key of an authorized data consumer; and storing, by the operator, the encrypted data into a data store for the authorized data consumer to access and decrypt, wherein the operator is not allowed to read the saved encrypted data from the data store.

Abstract: A computer device for managing privilege delegation to control creation of processes thereon is described. Creation of a process, in a user account on a computer device, is requested according to first privileges. An agent, cooperating with an operating system of the computer device, intercepts the request. The agent determines whether to create the process according to second privileges, different from the first privileges and if permitted, cause the process to be created accordingly. The agent hooks a query provided by the operating system to identify whether a user account control service is enabled. The agent enquires of the operating system whether to create the process according to the second privileges whereupon the hooked query is invoked. The agent confirms to the operating system that the user account control service is enabled, such that checks by the operating system are performed as if the operating system were enabled.

Abstract: Systems, apparatus, and/or methods to provide memory data protection. In one example, authenticated encryption may be enhanced via a modification to an authentication code that is associated with encrypted data. The authentication code may be modified, for example, with a nonce value generated for a particular write to memory Decrypted data, generated from the encrypted data, may then be validated based on a modified authentication code. Moreover, data freshness control for data stored in the memory may be provided based on iterative authentication and re-encryption. In addition, a counter used to provide a nonce value may be managed to reduce a size of the counter and/or a growth of the counter.

Abstract: A method for securely verifying information pertaining to a target includes generating a request transaction indicating at least (i) a request to verify information pertaining to the target, and (ii) an address, on a blockchain, of a third party to which the request is directed. The method also includes providing the request transaction to a smart contract deployed on the blockchain. Further, the method includes detecting an indication that reply transaction corresponding to the request transaction has been received via the smart contract, and retrieving the reply transaction via the smart contract to determine whether the third party has verified the information.

Abstract: A client system may generate a new key pair for a secrets management process. The client may generate a shared secret using the private key of the new key pair and a public key of a secrets management server. Using the shared secret, the client may derive an encryption key and encrypt a data payload for subsequent decryption by the secrets management server. Upon encryption of the data payload, the client may erase the private key. Subsequently, the client or an associated client may call the secrets management server for decryption of the data payload. The secrets management server may derive the encryption key using the public key associated with the encrypted payload and the private key of the secrets management server and use the encryption key to decrypt the data payload for use by the client or an associated client.

Abstract: A method and system for performing secure database backups with a globally unique identifier to prevent unauthorized access to or restoration of backup data are provided, wherein a first database management system (DBMS) generates an instance of a database and a corresponding globally unique identifier (GUID) to uniquely identify and secure the database instance. The first DBMS uses a hash function to generate a hash of the GUID, which is then stored in association with the database instance. Encrypted backup sets of the database instance are generated by the first DBMS, wherein the GUID is encrypted and stored in association with each backup set. The first DBMS encodes each encrypted backup set to require that a second or subsequent DBMS possess the identical GUID associated with the database instance before any attempt to access or restore the backup set is permitted.

Abstract: A method for implementing blockchain-based transactions includes: determining a to-be-remitted amount for each of a plurality of remitters participating in a transaction and a to-be-received amount for each of a plurality of receivers participating in the transaction, wherein the plurality of remitters include one or more real remitters, the plurality of receivers include one or more real receivers, and the plurality of remitters include one or more cover-up remitters and/or the plurality of receivers include one or more cover-up receivers; generating a commitment of the to-be-remitted amount corresponding to the each remitter and a commitment of the to-be-received amount corresponding to the each receiver; and submitting the transaction to a blockchain for execution, wherein the transaction comprises blockchain account addresses of the remitters and receivers, and the commitments of the to-be-remitted amounts and the to-be-received amounts.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing cryptographic keys based on user identity information. One of the methods includes receiving a request to store identity information and a user key pair to a memory on a chip, the request being digitally signed with a digital signature, the identity information uniquely identifying the user, and the user key pair being assigned to the user; determining that the digital signature is authentic based on a public key pre-stored in the memory; encrypting the identity information and the user key pair; and storing the identity information and the user key pair to the memory.

Abstract: Systems and processes are described for a message service with distributed key caching for server-side encryption. Message requests are received by message handlers of the message service that cache data encryption keys used to encrypt and decrypt messages that are stored to message containers in back end storage. A metadata service obtains the data encryption keys from a key management service, caches the keys locally, and sends the keys to the message handlers upon request, where the keys are cached, again. The key management service may generate the data encryption keys based on a master key (e.g., a client's master key). The message handlers may send both message data encrypted using the data encryption key and an encrypted copy of the data encryption key to be stored together in the data store.

Abstract: An approach is provided for deterring a tampering of content. Content is signed by using an asymmetric key cryptography. The signed content is stored in a distributed ledger which is accessible to a plurality of subscribers of the distributed ledger. The signing of the content using the asymmetric key cryptography together with the storing of the signed content in the distributed ledger provide a non-repudiable identification of an owner of the content and a non-repudiable proof of an ownership of the content.

Abstract: An anti-replay processing method. The method is utilized in a service function path (SFP) to monitor packet count in the SFP to identify replay attack event, and recognizes a segment of the SFP where the replay attack event occurs as an insecure path. The method further initiates a secure path bypassing the insecure path, labels normal SFC packets with an asserted secure flag, and blocks replayed packets without the asserted secure flag at the exit stage of the secure path.

Abstract: Delegating a scope of permission between pairwise DIDs. First, a computing system determines a relationship between the first DID and a second DID. The first DID and the second DID are pairwise DIDs. Based on the relationship, the computing system delegates a scope of permission owned by the first DID to the second DID. In particular, the computing system defines the scope of permission, grants a public key of the second DID the scope of the permission. The delegation of the defined scope of permission is signed by a private key of the first DID, such that the signature is a proof of the delegation. A portion of data related to the delegation is then propagated onto the distributed ledger.

Abstract: For multiuser information exchange management, a processor receives information permissions for a plurality of participants in an electronic forum. The information permissions include an audio permission, a video permission, a file share permission, a drawing permission, and/or a presentation permission for each participant. The processor provides forum information to each participant based on the information permissions. The audio permission is required to receive audio from the electronic forum. The video permission is required to receive video from the electronic forum. The file share permission is required to receive a file from the electronic forum. The drawing permission is required to receive a drawing from the electronic forum. The presentation permission is required to receive a presentation from the electronic forum.

Abstract: A system, method, and computer-readable storage medium is provided for creating first and second blockchain instances, each comprising representative blocks corresponding to steps in first and second multistep processes, respectively; performing a linking operation to link a block in the first blockchain instance to a block in the second blockchain instance; receiving change evidence data pertaining to steps in one of the first and second multi-step processes; and performing an update operation comprising updating one of the first and second blockchain instances based on said change evidence data.

Abstract: A method for secure storage and distribution of account tokens includes: storing blockchain data comprised of a plurality of blocks, each block including at least a block header and one or more data values, where each data value includes at least an identification value, an account token, and one or more usage rules; receiving a login request including at least a specific identification value and a set of credentials; identifying a specific data value included in the blockchain data where the included identification value corresponds to the received specific identification value; validating the set of credentials based on the identified specific data value and access to the account token included in the specific data value based on the included one or more usage rules; and transmitting the account token included in the identified specific data value in response to the login request upon successful validation.

Abstract: The present disclosure includes apparatuses, methods, and systems for using memory as a block in a block chain. An embodiment includes a memory, and circuitry configured to generate a block in a block chain for validating data stored in the memory, wherein the block includes a cryptographic hash of a previous block in the block chain and a cryptographic hash of the data stored in the memory, and the block has a digital signature associated therewith that indicates the block is included in the block chain.

Abstract: Disclosed herein are methods, systems, and processes for scanning unexposed web applications for security vulnerabilities. A web application executing on a client computing device is accessed and a determination is made that elements in a document object model (DOM) associated with the web application are completely loaded. A brute force operation is performed to identify unexposed actionable events associated with the elements in the DOM. The unexposed actionable events identified as part of performing the brute force operation are received from the client computing device, and the web application is scanned for security vulnerabilities based on the unexposed actionable events.

Abstract: Techniques are provided for client-driven shared secret updates for client authentication. One method comprises, in response to a first authentication of a client by a server using a given shared secret, updating, by the client, the given shared secret to generate an updated shared secret and storing the updated shared secret with the server; and submitting the updated shared secret to the server as part of a second authentication of the client. The updating is optionally performed by one or more of a password vault and a browser extension. The client may randomly select the updated shared secret or compute the updated shared secret in a predefined manner. The server may evaluate whether the client stores the updated shared secret with the server in connection with the first authentication and implement one or more predefined steps when the updated shared secret is not stored with the server.