Abstract: Embodiments of the present disclosure provide improved systems (200, 400) and methods (500, 600, 700, 800) of identifying and managing unmanned (230) and manned (120a-b) air traffic. The systems and methods of the present disclosure allow for the establishment of communications that both protects and shares identity and other informational data. The exemplary system is a dynamic secure identification network system enabling users of the system, including aircraft and aircraft operators 250, to engage with all users of the system and share identification information through a permission-based network system, for example, a blockchain based system. The system enables varying levels of identity and other information to be communicated about each aircraft system located within the ecosystem and being queried by a user. Aircraft systems may include operated and/or autonomous aircraft systems.

Abstract: The present disclosure relates to systems and methods for identifying highly sensitive modules and taking a remediation or preventative action if such modules are accessed by malicious software. For example, the likelihood that a module is used for an exploit, and is thus sensitive, is categorized as high, medium, or low. The likelihood that a module can be used for an exploit can dictate whether, and to what degree, an application accessing the module is “suspicious.” However, in some instances, a sensitive module may have legitimate reasons to load when used in certain non-malicious ways. The system may also consider a trust level when determining what actions to take, such that an application and/or user having a higher trust level may be less suspicious when accessing a sensitive module as compared to an application or user having a lower trust level.

Abstract: The disclosure provides a method for verifying authenticity of a component in a product. The method may comprise collecting data relating to a characteristic of the component. The method may further comprise comparing the data to a profile for the component. The profile may comprise an expected characteristic for the component. The method may further comprise determining whether the collected data matches the expected characteristic. The disclosure further provides an apparatus and program.

Abstract: A cloud management server comprises processing circuitry configured to access a device database storing information identifying a storage device in association with information identifying an owner thereof; access a license database storing license information of a license for a cloud storage, information identifying a license subscriber of the license, and information identifying a license sharer; receive setting information about a first license from a first license subscriber; refer to the device database to acquire information identifying a first storage device; set an update authority of the setting information to at least one of the first license subscriber and a first license sharer; and receive update instructions of the setting information, to refer to the update authority of the setting information, to confirm that the update instructions are given by the first license subscriber or the first license sharer having the update authority, and update the setting information.

Abstract: Network traffic inspection is disclosed. An application executing on a client device as an operating system that uses a virtual private network (VPN) stack of the operating system intercepts a first IP packet. The application determines that a policy should be applied to the intercepted first IP packet. The policy is applied to the intercepted first IP packet.

Abstract: Aspects of the present invention disclose a method for calculating a risk resulting from a network of networks that includes unknown relationships in a privacy preserving manner. The method includes one or more processors determining a set of conditions corresponding to a user of a network. The method further includes transmitting a compliance request corresponding to the set of conditions to one or more members of the network utilizing a privacy preserving algorithm. The method further includes determining a respective risk factor of one or more members of the network, wherein the respective risk factor corresponds to a response of each of the one or more members to the compliance request. The method further includes determining an overall risk of the network based at least in part on the risk factors of the one or more members.

Abstract: Provided are a security protection method and apparatus. The security protection method includes: generating software versions based on diversity compilation, and constructing a software version pool using the software versions as heterogeneous functional equivalents; and dynamically deploying a software version on a network element according to the software version pool.

Abstract: A hardware security module (HSM) client processes a request to store data in a set of HSMs. The HSM client determines a property of the data indicative of a sensitivity classification of the data. As a result of determining the data lacks a classification as sensitive, the HSM client transmits the data to a data store outside the set of HSMs and updates a database used by the HSM client to associate an identifier of the data with a reference to a location in the data store.

Abstract: A search apparatus includes processing circuitry configured to extract fingerprints that are combinations of first communication data corresponding to requests and second communication data corresponding to responses to the requests, from communication data obtained by executing known malware, give degrees of priority corresponding to degrees of maliciousness of the malware, to the fingerprints, generate probes that are requests based on the first communication data included in the fingerprints and signatures based on the second communication data included in the fingerprints, decide, based on information about communication of sending-out destinations, search-target sending-out destinations from among the sending-out destinations, send out the probes generated to the search-target sending-out destinations decided in order according to the degrees of priority given, and determine whether the search-target sending-out destinations are malicious or not, based on whether responses to the probes sent out match th

Abstract: A method for accessing customer data includes receiving an access request requesting access to customer data stored on a storage abstraction. The access request includes a justification that specifies a purpose/reason for requesting access to the customer data. The method also includes validating the justification, and after validating the justification, transmitting the justification to an external key management service associated with a customer of the customer data. The external key management service is configured to grant or deny access to the customer data based on the justification. The method also includes receiving an approved access token from the external key management service when the external key management service grants access to the customer data and accessing the customer data stored on the storage abstraction using the approved access token received from the external key management service.

Abstract: Cryptographic-related processing is facilitated by obtaining multiple input operands, and packing the multiple input operands together to form a packed integer. The packed integer is an n-bit integer including multiple slots, where input operands of the multiple input operands are packed into every other slot of the multiple slots, and each slot of the multiple slots has a bitwidth k. Further, the process includes providing the packed integer as input to an n-bit accelerator to facilitate performing one or more predefined operations using the packed integer, to transform the packed integer into result data which facilitates cryptographic-related processing.

Abstract: Disclosed herein are systems and methods for protecting a user's devices based on types of anomalies. In one aspect, an exemplary method comprises, determining, by a feature determiner, one or more values of features of a user's activity performed using at least one of the user's devices, detecting, by an anomaly detector, anomalies indicative of at least one threat to information security of the user's devices based on the one or more values of the features, for each detected anomaly, identifying, by the anomaly detector, a type of the anomaly and at least one device that is a source of the anomaly, wherein the type of anomaly is identified using an anomaly classifier and one or more values of features, and for each user's device, modifying, by a device protector, one or more information security settings of the user's device based on the identified type of the anomaly.

Abstract: A tracking device can use a permanent encryption key pair to encrypt a temporary private key that corresponds to a set of diversified temporary public keys. When a community mobile device subsequently detects the tracking device, the central tracking system provides a diversified temporary public key to the community mobile device. The community mobile device uses the diversified temporary public key to encrypt location data representative of a location of the community mobile device, and provides the encrypted location data to the central tracking system. When a user subsequently requests a location of the tracking device from the central tracking system, the central tracking system provides the encrypted temporary private key and the encrypted location data to a device of the user, and the device can decrypt the encrypted temporary private key using the permanent encryption key pair, and decrypt the encrypted location data using the decrypted temporary private key.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for generating signed addresses. One of the methods includes receiving, by a component from a device, a plurality of first requests, each first request for a physical address and including a virtual address, determining, by the component, a first physical address using the virtual address, generating a first signature for the first physical address, and providing, to the device, a response that includes the first signature, receiving, from the device, a plurality of second requests, each second request for access to a second physical address and including a second signature, determining, by the component for each of the plurality of second requests, whether the second physical address is valid using the second signature, and for each second request for which the second physical address is determined to be valid, servicing the corresponding second request.

Abstract: A computer program product includes one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media, the program instructions include program instructions to authenticate an application as authorized to perform encryption and program instructions to receive data at an authenticated encryption layer. The program instructions include program instructions to encrypt the data using an encryption key, wherein the encryption key is not available to the application, and program instructions to generate a watermark token of the encrypted data. The program instructions include program instructions to generate a watermark of the encrypted data using the watermark token and a watermark key and program instructions to send the encrypted data, the watermark token, and the watermark to a storage system. The storage system is configured to verify the encrypted data for storage using the watermark key.

Abstract: A method for providing and searching a searchable encrypted database. The system obtains plain text data and first and second encryption keys. The plain text data is parsed using a priori knowledge of the plain text data structure to identify data blocks and associated metadata components. The data blocks are encrypted using the first encryption key to provide encrypted data blocks. The metadata components are encrypted with the second encryption key to provide encrypted metadata components. The encrypted data blocks and encrypted metadata components are stored in a storage vault to provide a searchable encrypted database whilst discarding the plain text data and the first encryption key. A search term is encrypted with the second encryption key to provide an encrypted search term used to search the searchable encrypted database to determine whether it matches one or more of the encrypted metadata components, and a search result is returned.

Abstract: A detecting device (10) acquires information related to communication by an IoT device. The detecting device (10) inputs data representing a feature of the information related to the communication to a generative model which generates output data on the basis of a latent variable which is a random variable according to a mixed Gaussian distribution and input data, and calculates the output data. The detecting device (10) calculates an anomaly score on the basis of the output data and detects an anomaly in the IoT device when the anomaly score exceeds a threshold value.

Abstract: Multimedia content may be delivered to content consumer devices via a content-delivery network. Encrypted content and cryptography keys for decrypting the content may be distributed from a data center to various nodes of the content-delivery network, each node acting as a semi-independent content-delivery system. Each content-delivery system is capable of delivering received content to end-users and implementing a key-management scheme to facilitate secure content-delivery and usage tracking, even when the content-delivery system is disconnected from the data center. In other words, the disclosed systems and methods facilitate the operation of nodes which may operate in “autonomous mode” when disconnected from a larger content-delivery network, thus maintaining content-delivery capabilities despite having little if any connectivity to external networks.

Abstract: A parameter checking method includes substituting a plurality of initial parameters into a data integrity algorithm to obtain syndrome data using a processor, and using a hardware cipher to calculate a calculation result based on the data integrity algorithm based on a plurality of calculation parameters corresponding to the initial parameters. Moreover, when the processor determines that the syndrome data is not the same as the calculation result, the processor outputs a hacker attack message, indicating that at least one of the calculation parameters has been tampered with.

Abstract: One embodiment provides a method, including: receiving, at a database proxy acting as an intermediary between a plurality of database clients and a service provider providing data management services for the plurality of database clients, a set of queries, of at least one of the plurality of database clients, for data stored at the service provider in an encrypted form, wherein the database proxy maintains a security budget defining a maximum threshold amount of data leakage for the plurality of database clients; batching the set of queries into query batches; transforming, for each query batch, each query within the query batch, wherein the transforming includes changing the query to reduce data leakage; performing, responsive to transforming each query within the query batch, a transformation on each of the query batches to reduce data leakage; executing, at the database proxy and utilizing an order-preserving encryption algorithm, the query batches; and calculating a remaining security budget based upon da