Abstract: Techniques for implementing an infrastructure orchestration service are described. In certain embodiments, a cloud infrastructure orchestration system (CIOS) is disclosed that generates customized flock configurations for services to be deployed to different regions supported by the CIOS. The CIOS receives generic configuration information describing a set of infrastructure assets associated with a service and identifies first portions of the generic configuration information for deploying the set of infrastructure assets associated with the service that are configurable. The CIOS receives region configuration information for configuring the generic configuration information and updates the generic configuration information based on the region configuration information. The CIOS then transmits the updated configuration information to set of regions managed by the CIOS.

Abstract: Some embodiments are directed to a blockchain management device (100) configured to distribute a new block of a secondary blockchain to at least one further blockchain management device that manages the secondary blockchain, and to distribute a transaction to at least one blockchain management device that manages a primary blockchain, said transaction comprising an identification of a set of transactions in the new block.

Abstract: The system collects startup commands associated with network-attached computing devices. A startup command is automatically executed by a device on which the startup command is stored upon startup of the device and is associated with a device identifier for the device. For each startup command, a corresponding command tag is determined for the startup command using a verb list. Using the device identifier associated with each startup command and the command tag determined for each startup command, a proportion of the plurality of devices is determined that are associated with each command tag. Based on the determined proportion of the plurality of devices that are associated with each command tag, a suspicious command tag is determined. A report is stored that includes the suspicious command tag, suspicious startup command(s) associated with the suspicious command tag, and the device identifier associated with each suspicious startup command.

Abstract: A method, system and non-transitory computer readable instructions for application patching comprising, concatenating uncompressed data into a continuous data set and dividing the continuous data set into variable sized data chunks. Compressing each of the variable sized data chunks and dividing each of the variable sized data chunks into fixed size data blocks. Encrypting the fixed size data blocks to generate encrypted fixed size data blocks and sending the encrypted fixed size data blocks over a network.

Abstract: A technique to stop lateral movement of ransomware between endpoints in a VLAN is disclosed. A security appliance is set as the default gateway for intra-LAN communication. Message traffic from compromised endpoints is detected. Attributes of ransomware may be detected in the message traffic, as well as attempts to circumvent the security appliance. Compromised devices may be quarantined.

Abstract: A technique to stop lateral movement of ransomware between endpoints in a VLAN is disclosed. A security appliance is set as the default gateway for intra-LAN communication by overwriting the DHCP responses. Message traffic from compromised endpoints is detected. Attributes of ransomware may be detected in the message traffic, as well as attempts to circumvent the security appliance. Compromised devices may be quarantined.

Abstract: Concealed monitor communications from a task in a trusted execution environment (TEE) are disclosed. A first task executing in a first trusted execution environment (TEE) implemented on a processor device determines that a monitor communication is to be sent to a monitor task, the first task being configured to generate response messages in response to requests from requestor tasks, the response messages having a predetermined characteristic. The first task generates the monitor communication, the monitor communication having the predetermined characteristic and an encoded monitor communication report. The first task sends the monitor communication toward the monitor task.

Abstract: A system for web traffic control is provided that is based on information related to a user's previous online activity. In one embodiment, the system is able to collect information about incoming traffic, compare the information to a generated ruleset, and make and implement a decision about how to handle each request/user interaction. In one embodiment, the ruleset is based on e-commerce rules. An e-commerce rule is a unit of decision making logic based on the user's previous online activity on the e-commerce platform, e.g. “If request is to add an item to user's cart, and if user already added something to their cart less than one second ago, then block request”. In some embodiments, the rules may be executed at the firewall and/or in a web application on the e-commerce platform. In some embodiments, one or more rules may be recommended to a merchant.

Abstract: Appropriately sharing user information. An information sharing system includes: a specific information acquisition unit that acquires specific information of each terminal from a plurality of user terminals which are carried by users; a user information acquisition unit that acquires user information from the plurality of user terminals; an information management unit that encrypts the user information that is acquired by the user information acquisition unit on the basis of the specific information that is acquired by the specific information acquisition unit; a state acquisition unit that acquires the specific information of a user terminal that accesses a network including a sharing device from the sharing device that is a terminal other than the user terminals; and a sharing unit that shares the user information by decoding the user information that is encrypted by the information management unit with the specific information that is acquired by the state acquisition unit.

Abstract: Systems, methods, and devices for obfuscation of browser fingerprint data are disclosed. In one embodiment, in an information processing apparatus comprising at least one computer processor, a method may include: (1) receiving an electronic communication from an electronic device to a destination; (2) identifying a raw device fingerprint value in the electronic communication from an electronic device; (3) selecting at least one replacement value for the raw device fingerprint value; (4) replacing the raw device fingerprint value with the replacement value in the electronic communication; and (5) sending the electronic communication with the replacement value to the destination.

Abstract: Techniques to securely and effectively implement a referral process between service providers. A platform may be generated to provide secure communication and information transmission between multiple authorized users. Authorized users may view information and communicate securely on an interactive dashboard. The platform can facilitate tracking of a client through a referral process. Particularly, the platform can allow for selective access to client information as a client is referred from a service provider to a referred service provider (or a “specialist”). The platform can securely share and store client information between the service provider and referred service provider. Further, the platform increases engagement between the client and service providers during the referral process.

Abstract: A trusted communications environment includes a primary participant with a group creator and a distributed ledger, and a secondary participant with communication credentials. An Internet of Things (IoT) network includes a trusted execution environment with a chain history for a blockchain, a root-of-trust for chaining, and a root-of-trust for archives. An IoT network includes an IoT device with a communication system, an onboarding tool, a device discoverer, a trust builder, a shared domain creator, and a shared resource directory. An IoT network includes an IoT device with a communication system, a policy decision engine, a policy repository, a policy enforcement engine, and a peer monitor. An IoT network includes an IoT device with a host environment and a trusted reliability engine to apply a failover action if the host environment fails. An IoT network includes an IoT server including secure booter/measurer, trust anchor, authenticator, key manager, and key generator.

Abstract: A file transferring method is disclosed. The method includes activating a transferring area on a displayed user interface in response to triggering of file transferring; tracking drag trajectory according to a triggered dragging instruction on the user interface on which the transferring area is activated, and detecting, when the dragging is released, that the transferring area and a file icon overlap; and transferring a corresponding file in response to the file icon overlapping with the transferring area.

Abstract: One embodiment of the present invention provides a system. During operation, the system determines a first set of ciphers supported by a name server based on a name lookup response message. The system then inserts an entry associated with the name server in a data structure stored in a local storage device. Subsequently, the system identifies a second set of ciphers supported by a local name server in a name lookup query message destined to the name server. The system then selects the name lookup query message for an update operation based on the entry in the data structure. The update operation includes removing ciphers from the name lookup query message except a common cipher, which is present in both the first and second sets of ciphers. The system determines an egress port corresponding to the name server for the updated name lookup query message.

Abstract: An endpoint agent configured, when executed on an endpoint device, to: access outgoing and/or incoming packets via a local traffic access function of the endpoint device, the outgoing packets sent from a network interface of the endpoint device to a packet-switched network and carrying outbound payload data generated by one or more processes executed on the endpoint device, the incoming packets received at the network interface from the packet-switched network and carrying inbound payload data for processing by the one or more processes; extract network traffic telemetry from the outgoing and/or incoming packets, the extracted network traffic telemetry summarizing the outgoing and/or incoming packets; and transmit, to a cybersecurity service, a series of network telemetry records containing the extracted network traffic telemetry for use in performing a cybersecurity threat analysis. Further aspects pertain to the “deduplication” of telemetry records when network traffic is monitored by multiple sources.

Abstract: A method for storing data establishes a blockchain network, a plurality of data blocks being stored on nodes of the blockchain network. The plurality of data blocks is stored in batches to form a plurality of data segments according to a preset storage period. Each data segment written to the blockchain network is encrypted and newly added data blocks are synchronized with the data blocks which are not stored in the data segment. The newly added data blocks, together with the data blocks not yet stored as the data segment are stored after the commencement of the storage period. A data storage device is also provided.

Abstract: An electronic communication security system is typically configured for tracking and monitoring user activity of a user, identifying a trigger based on monitoring and tracking the user activity, communicating with back-end system to extract information associated with a resource entity that is associated with the trigger, communicating with the back-end systems to identify user agreement associated with the user and the resource entity, identifying one or more supplemental resources provided by the resource entity, based on the user agreement, prompting the user to authorize transfer of anonymized user data to the resource entity to receive the one or more supplemental resources, anonymizing the user data and transmit the anonymized user data to the resource entity, in response to transmitting the anonymized user data to the resource entity, receiving the one or more supplemental resources from the resource entity, and transmitting the one or more supplemental resources to the user device.

Abstract: A technique to stop lateral movement of ransomware between endpoints in a VLAN is disclosed. The security appliance may be implemented on-prem or in cloud data center environments. A security appliance is set as the default gateway for intra-LAN communication. Message traffic from compromised endpoints is detected. Attributes of ransomware may be detected in the message traffic, as well as attempts to circumvent the security appliance. Compromised devices may be quarantined.

Abstract: A method to assign a service flow classification for a client device that is performed at a network interface device includes accessing a configuration file having an interface mask, and correlating interface mask bit values with at least one port of the network interface. The network interface device associates the client device with the at least one port of the network interface device and assigns a service flow classification based on the interface mask bit values for an access request received by the network interface device from the client device. The network interface device then communicates with a virtual local area network mapping device using the service flow classification. The virtual local area network mapping device maps the service flow into a VLAN for the service flow of the client device.

Abstract: Use of a validation data structure in order to securely communicate an encrypted claim that has a decentralized identifier as a subject. The sending system generates the validation data structure and presents the validation data structure to a user that owns the decentralized identifier. The sending system encrypts the claim using at least the validation data structure, and constructs a message that includes the encrypted claim, but which does not include the validation data structure. The relying party receives the message. However, without separately receiving the validation data structure from the user, the relying party computing system cannot decrypt the encrypted claim. If the user wishes the relying party computing system to have access to the claim, the user may communicate the validation data structure to the relying party computing system.