Abstract: This disclosure describes a technique to determine whether a client computing device accessing an API is masquerading its device type (i.e., pretending to be a device that it is not). To this end, and according to this disclosure, the client performs certain processing requested by the server to reveal its actual processing capabilities and thereby its true device type, whereupon—once the server learns the true nature of the client device—it can take appropriate actions to mitigate or prevent further damage. To this end, during the API transaction the server returns information to the client device that causes the client device to perform certain computations or actions. The resulting activity is captured on the client computing and then transmitted back to the server, which then analyzes the data to inform its decision about the true client device type.

Abstract: Fully homomorphic encryption integrated circuit (IC) chips, systems and associated methods are disclosed. In one embodiment, a method of operation for a number theoretic transform (NTT) butterfly circuit is disclosed. The (NTT) butterfly circuit includes a high input word path cross-coupled with a low word path. The high input word path includes a first adder/subtractor, and a first multiplier. The low input word path includes a second adder/subtractor, and a second multiplier. The method includes selectively bypassing the second adder/subtractor and the second multiplier, and reconfiguring the low and high input word paths into different logic processing units in response to different mode control signals.

Abstract: Systems and methods of the present disclosure include receiving an electronic request to exchange data items. A digital asset associated with the exchange of the data items is generated including a vault unique identifier, and an asset owner. An exchange block is generated on an exchange chain to record the electronic request. An asset copy is generated on the exchange ledger chain to record a non-permissioned copy of the digital asset independent from the vault unique identifier. An asset block is generated on an asset ledger chain to record an authoritative copy of the digital asset associated with the exchange of the data items on the exchange chain; where the asset block header includes an asset block hash concatenated with the vault unique identifier associated with the digital asset. The authoritative copy of the digital asset associated with the electronic request is displayed in response to a user selection.

Abstract: Techniques for provisioning a key server to facilitate secure communications between a web server and a client by providing the client with a first data structure including information on how the web server may obtain a target symmetric key are presented. The techniques can include: provisioning the key server with a second data structure including information on how the key server may generate the first data structure; receiving a request on behalf of a web server for a third data structure comprising information on how the client may obtain the first data structure from the key server; and obtaining the third data structure, such that the third data structure is published in association with an identification of the web server, and such that the client uses the third data structure to obtain the first data structure and uses the first data structure to communicate with the web server.

Abstract: Provided are methods and systems for unpacking and analyzing malware for purposes of identification and investigation. A malicious executable or an application containing malicious code is executed in sandboxed memory to unpack the executable. The memory is then dumped to disk and one or more post-processing operations are performed to generate a new version of the executable, including identifying an initial entry point of the executable, recreating the relocation table, and recreating the import address table, export table, and other tables of the executable. Various types of analyses, such as static analyses, which could not be performed on the malicious executable, are able to be performed on the new version of the executable.

Abstract: A method for evaluating a scope of cyber-attack incidents, the method may include detecting original compromised assets and malicious external machines that are related to each of the cyber-attack incidents; classifying potentially compromised assets to different classes based on (a) similarities between the potentially compromised assets and the original compromised assets, (b) a level of accessibility from the original compromised assets and malicious external machines to the potentially compromised assets, and (c) volumes of traffic between the potentially compromised assets and each one of the malicious external machines and the original compromised assets; wherein the different classes comprise compromised and non-compromised; and generating an alert that is indicative of the compromised assets and of potentially compromised assets that were classified as compromised.

Abstract: A computer-implemented method includes receiving a request to authenticate a user to remotely access a secure device and establishing, in response to the user being granted remote access to the secure device, a remote user session for the user. The computer-implemented method further includes identifying a plurality of actions performed during the remote user session. The computer-implemented method further includes comparing a first combination of actions in the plurality of actions to a plurality of policies for malicious intent. The computer-implemented method further includes determining a level of risk for malicious intent for the first combination of actions. The computer-implemented method further includes generating, in response to the level of risk of the first combination of actions exceeding a given threshold level, one or more preventive actions. A corresponding computer system and computer program product are also disclosed.

Abstract: A data storage device including a non-volatile memory and a micro-controller is provided. The non-volatile memory stores a firmware file. The micro-controller is coupled to the non-volatile memory, and performs an encryption procedure on the firmware file. The encryption procedure includes: using a first key and a first algorithm to encrypt the firmware file to generate a signature, using the first key and a second algorithm to scramble the signature to generate a scrambled signature, and attaching the scrambled signature to the firmware file.

Abstract: A secret sharing value of a value represented by a “first target bit string” is used to obtain a secret sharing value of a value represented by a “first check bit string” obtained by setting a value of the most significant bit of the “first target bit string” to a value of a “first check bit” that is lower than the most significant bit. Here, the “first target bit string” corresponds to a null value when the most significant bit is 1 and corresponds to a real number when the most significant bit is 0. Next, the secret sharing value of the value represented by the “first check bit string” is used to obtain secret sharing values of bit values of the least significant bit to “first check bit” of the “first check bit string”.

Abstract: Techniques for distributing a symmetric key using the Domain Name System (DNS) are presented. The techniques can include receiving, at a first key server and from a first computer, a request for first information sufficient for the first computer to obtain, and second information sufficient for a second computer to obtain, a symmetric key for securing at least one communication sent from the first computer to the second computer, and providing, by the first key server and to the first computer, the first information and the second information, such that the first computer secures at least one communication sent from the first computer to the second computer using at least the symmetric key for securing at least one communication sent from the first computer to the second computer.

Abstract: A method and a sensitive data discovery engine (SDDE) are provided for discovering substantial sensitive data in source systems spanning across similar and variant data sources and applications. The SDDE configures a scanning pathway for scanning data based on a predefined or configurable unique data classification. The scanning pathway defines a sequence of one or more match operations including master data field, dictionary, code, pattern and exact data matches to be performed on the data for the unique data classification. The SDDE executes the match operations in the scanning pathway on the data based on a scan level, scores the data, and determines sensitive data. The SDDE generates a sensitive data discovery map report including locations of the sensitive data and discovery metadata including information of users and programs that access the sensitive data, generated by inspecting application codes, for use in downstream data protection and governance operations.

Abstract: A computerized system and method may include, in response to receiving a blockchain via a communications network that includes information associated with an event, parsing, by a blockchain parsing engine being executed by a blockchain node, the information to identify a status state of an item related to the event. The blockchain may be inclusive of the information along with the status state of the item may be stored in a storage unit. An event tracking engine may determine from the parsed information that the status state of the item transitioned from a first state to a second state. Responsive to the event tracking engine determining that a qualifying state is satisfied by the item being in the second state, automatically executing, by the blockchain node, a smart code inclusive of initiating communications between a first party and a second party.

Abstract: A system, method, and computer program product are provided for providing seamless data access from different internet service providers. In operation, a master modem receives a ping from a device for requesting an encrypted key associated with an internet session corresponding to one of a plurality of Internet Service Providers (ISPs). The master modem authenticates the device and responds with the encrypted key. The master modem notifies an Internet Service Provider (ISP) system associated with the internet session with the encrypted key before beginning the internet session with the device. The ISP system verifies parameters to determine whether to allow the session to begin, in response to the notifying. The master modem receives authorization to begin the internet session from the ISP system. The master modem sets a port and speed associated with the master modem to aid in maintaining Quality of Service (QoS) for the internet session.

Abstract: The present teaching relates to exchanging a key with a device. In one example, a secret value is generated. A message is transmitted to the device. The message includes information related to the secret value based on which the device is to create a cryptographic key. A visual code displayed on the device is captured. The visual code includes a first piece of information and a second piece of information. A key value is generated based on the first piece of information and the secret value. A test value is calculated based on the key value. It is determined whether the device is securely connected based on the test value.

Abstract: The present disclosure relates to generating composite user identities in a distributed computing system. According to one embodiment, an example method generally includes transmitting, to a plurality of identity providers, a request for user identity information. A service provider receives, from a subset of the plurality of identity providers, the user identity information and selects a subset of the received user identity information to be used in verifying an identity of a user based, at least in part, on a reputation score associated with each identity provider in the subset of identity providers. The service provider generates a composite user identity based on the selected subset of the received user identity information. The service provider takes one or more actions to enable use of a service based on the generated composite user identity.

Abstract: Mechanisms for detecting fraudulent activity based on hardware events are provided. In accordance with some embodiments of the disclosed subject matter, the method comprises: receiving a request for advertising content to be placed on a website; receiving data describing physical activity at one or more user input hardware devices; receiving data describing interactions with the website; correlating the data describing interactions with the website with the data describing physical activity at one or more user input hardware devices; determining whether at least a portion of the interactions with the website are indicative of fraudulent behavior based on the correlation; and responding to the request for advertising content on the website by inhibiting the advertising content to be transmitted to the website in response to the determination that at least a portion of the interactions with the website indicates fraudulent behavior.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprises an authentication server for authentication leveraging multiple audio channels. The server receives an authentication request regarding a user upon the user interacting with a first electronic device. The server requests the first device to transmit a first audio file of an audio sample to the server. The audio sample may be the user's audio command or a machine-generated audio signal. The server requests a second electronic device to transmit a second audio file that is the recording of the same audio sample to the server. The second electronic device is a trusted device in proximity of the first device and executes an authentication function to enable the recording and transmitting of the audio sample. The server determines a similarity score between the first audio file and the second audio file and authenticates the user based on the similarity score.

Abstract: A resource security system may generate access rules for use in determining whether to grant or deny a request for access to a resource. In order to generate the access rules, the resource security system may select certain access request parameters and determine conditions associated with those parameters. The resource security system may generate mutually exclusive segments associated with a condition of each of the parameters. The resource security system may generate independent access rules based on the segments. The resource security system may then evaluate the performance of each of the access rules based on validity information corresponding to previously received access requests that satisfy the conditions of a particular access rule.

Abstract: A non-rule based security detection system and method is described. The method includes identifying a plurality of data sources. The method then proceeds to generate a baseline for each data source. The baseline includes a plurality of data source outputs that are evaluated over a time period. A plurality of data source anomalies are detected, in which each data source anomaly is associated with at least one data source output exceeding a threshold for the data source baseline. A geolocation for each data source anomaly is then identified. A plurality of correlations between the plurality of data source anomalies and the geolocation for each data source anomaly are generated. At least one correlation is associated with a security event.

Abstract: A vehicle processing device authenticates that an authorized user has requested an action by the vehicle and generates an authentication acknowledgement message. At least two security devices being present within the cabin of, or close to, the vehicle during a predetermined period following an authentication trigger event that occurs while the user performs a predetermined sequence of authentication activities (i.e., button presses, operating the vehicle or a part of it, etc.) provides a basis for the authentication acknowledgement message. Typically, information unique to each security device has been associated with the vehicle at a service provider's server. The authentication acknowledgement may include an activation code that results from processing the information, unique to each security device, received from the security devices and other random information, such as date.