Abstract: A system, a method, and a computer program for protecting data traffic from a communication device against fingerprinting or privacy leakage. The method can include receiving data traffic from a communication device connected to a network, parsing a device identification value for the communication device from the received data traffic, and determining at least one of (i) a data transmission rate based on a first portion of the device identification value, (ii) a number of destinations based on a second portion of the device identification value, and (iii) a data payload size based on a third portion of the device identification value. The method can include generating forged data traffic for the communication device based on the determined at least one of data transmission rate, number of destinations and data payload size, and transmitting the forged data traffic to an external communication device that is located outside the network.

Abstract: The disclosed computer-implemented method for protecting user data privacy against web tracking during browsing sessions may include (i) detecting a user request, including a private domain, for a website in a web browser address bar during a browsing session, (ii) separating, utilizing a browser container, a user browsing state associated with the private domain from other domains during the browsing session, (iii) routing the user website request to one or more servers in a random order to run the browsing session, (iv) performing a browsing state security action that protects against cross-website tracking by discarding user browsing state data collected during the browsing session, and (v) performing a web isolation security action that protects against use of browser fingerprint data for conducting malicious attacks based on the routing of the user website request to the servers in the random order. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Aspects of the disclosure relate to real-time classification of content in a data transmission. A computing platform may detect, in real-time and via a computing device, a plurality of data transmissions between applications over a communications network. Then, the computing platform may retrieve, for a particular data transmission of the plurality of data transmissions, a content of the particular data transmission. The computing platform may then analyze, via the computing device, the content. Subsequently, the computing platform may determine, in real-time via the computing device and based on the analyzing, a security classification for the content. Then, the computing platform may cause, in real-time via the computing device, the content to be marked with the determined security classification.

Abstract: A computing system includes an anonymizer server. The anonymizer server is communicatively coupled to a data repository configured to store a personal identification information (PII) data. The anonymizer server is configured to perform operations including receiving a repository configuration request comprising an anonymized data schema, and creating an anonymized data repository clone based on the anonymized data schema. The anonymizer server is also configured to perform operations including anonymizing the PII data to create an anonymized data by applying a one-way data masking, a one-way data morphing, or a combination thereof, and storing the anonymized data in the anonymized data repository clone.

Abstract: Presented here is a system that manages secured file system, and an authority to the secured file system, by granting access only to a user who is authorized to access the file system. The user within the system is identified using a unique key unique to each user. The user's authority is recorded in a linear sequence distributed among multiple devices each of which independently verifies the validity of each block in the linear sequence. The validity of the linear sequence is guaranteed by preventing certain operations from being performed on the linear sequence, such as branching of the linear sequence, deletion, and modification of the blocks within the linear sequence. Prior to adding a new block to the linear sequence, the validity of the block is independently computed by each of the devices.

Abstract: Presented here is a system that manages secured file system, and an authority to the secured file system, by granting access only to a user who is authorized to access the file system. The user within the system is identified using a unique key unique to each user. The user's authority is recorded in a linear sequence distributed among multiple devices each of which independently verifies the validity of each block in the linear sequence. The validity of the linear sequence is guaranteed by preventing certain operations from being performed on the linear sequence, such as branching of the linear sequence, deletion, and modification of the blocks within the linear sequence. Prior to adding a new block to the linear sequence, the validity of the block is independently computed by each of the devices.

Abstract: A system on a chip (SoC) includes a security processor configured to form a Boolean mask, to form a shifted-row Boolean mask from the Boolean mask, and to add the shifted-row Boolean mask to cipher text to form Boolean-masked cipher text. The SoC includes a decryption engine configured to apply a shift rows operation to the Boolean-masked cipher text to form byte-aligned Boolean-masked cipher text, to apply a product of the Boolean mask and a multiplicative mask to the byte-aligned Boolean-masked cipher text to form multiplicatively masked cipher text, to perform an inverse byte substitution operation on the multiplicatively masked cipher text by applying a product of the Boolean mask and an inverse of the multiplicative mask to the multiplicatively masked cipher text to form Boolean-masked intermediate data, and to apply mix columns logic to the Boolean-masked intermediate data to form byte-shifted Boolean-masked output data.

Abstract: In some examples, a method comprises determining, at an electronic device having a first component of a first component type, a unique identifier associated with the first component. In some examples, in accordance with a determination that the unique identifier does not match the expected identifier of the component of the first component type in the electronic device, determining that the first component associated with the unique identifier satisfies one or more eligibility criteria. In some examples, in accordance with the determination that the first component associated with the unique identifier satisfies the one or more eligibility criteria, authenticating an association of the first component with the electronic device, including updating an installation counter associated with the first component, and updating the expected identifier for the component of the first type based on the unique identifier of the first component.

Abstract: A hardware memory includes at least one memory cell, peripheral circuitry and randomization circuitry. The memory cell(s) store data, which may be written to, read from and held in the hardware memory. The peripheral circuitry reads and writes data to the memory cell(s) and may perform other functions necessary for facilitating the data read, write and hold. The randomization circuitry randomizes operations performed by the peripheral circuitry to reduce a correlation between the data and the current consumed by the hardware memory.

Abstract: This disclosure describes a technique to determine whether a client computing device accessing an API is masquerading its device type (i.e., pretending to be a device that it is not). To this end, and according to this disclosure, the client performs certain processing requested by the server to reveal its actual processing capabilities and thereby its true device type, whereupon—once the server learns the true nature of the client device—it can take appropriate actions to mitigate or prevent further damage. To this end, during the API transaction the server returns information to the client device that causes the client device to perform certain computations or actions. The resulting activity is captured on the client computing and then transmitted back to the server, which then analyzes the data to inform its decision about the true client device type.

Abstract: Aspects of the present disclosure involve systems, methods, devices, and the like for user authentication. In one embodiment, the user authentication occurs using a multi-provider platform. The multi-provider platform enables the use and retrieval of user information from the given provider for the use and assessment of information associated with the user. User information may also be received over a web link communicated at least in part by a risk checkpoint component to a user device, wherein the user information received and that retrieved may be jointly used for determining user authentication.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

Abstract: Some implementations may provide a machine-assisted method for determining trustworthiness of a requested transaction, the method including: receiving, from a relying party, a request to determine a trustworthiness of a particular transaction request, the transaction request initially submitted by a user to access data managed by the relying party; based on the transaction request, summarizing the particular transaction request into transactional characteristics, the transactional characteristics devoid of source assets of the transaction, the source assets including credential information of the user, the credential information of the relying party, or information content of the requested transaction; generating first machine readable data encoding transactional characteristics of the underlying transaction as requested, the transactional characteristics unique to the particular transaction request; submitting a first inquiry at a first engine to determine an access eligibility of the user submitting the tra

Abstract: A device may include a processor configured to select a quantum key distribution transmission; identify an optical fiber path via which the quantum key distribution transmission is to be performed; determine one or more values for at least one transmission parameter for the identified optical fiber path; and select a pulse script for the optical fiber path based on the determined one or more values for the at least one transmission parameter. The processor may be further configured to perform the quantum key distribution transmission via the identified optical fiber path using the selected pulse script.

Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). The system may be configured to identify particular data assets and/or personal data in data repositories using any suitable intelligent identity scanning technique.

Abstract: A method of authenticating a network device may include receiving an authentication message from a third party server, the authentication message identifying a network device. The method may also include receiving a zero touch provisioning request comprising a certificate from the network device. The method may additionally include, determining the network device is associated with a third party that manages the third party server based on the certificate. The method may include transmitting a redirect message comprising a root certificate chain indicating that the network device is to send the zero touch provisioning request to the third party server.

Abstract: A relay server, an authentication system, and a relay method. The relay server receives an authentication request including authentication parameters from a device, determines whether the authentication parameters included in the authentication request are sufficient for an authentication process performed at an authentication server, assigns one or more missing authentication parameters to the authentication request when the authentication parameters included in the authentication request are determined to be insufficient, and relays the authentication request to the authentication server.

Abstract: Some embodiments of the invention provide a method for performing intrusion detection operations on a host computer. The method receives a data message sent by a machine executing on the host computer. For the data message's flow, the method identifies a set of one or more contextual attributes that are different than layers 2, 3 and 4 header values of the data message. The identified set of contextual attributes are provided to an intrusion detection system (IDS) engine that executes on the host computer to enforce several IDS rules. The IDS engine uses the identified set of contextual attributes to identify a subset of the IDS rules that are applicable to the received data message and that do not include all of the IDS rules enforced by the IDS engine. The IDS engine then examines the subset of IDS rules for the received data message to ascertain whether the data message is associated with a network intrusion activity.

Abstract: Signal, data transmission, and/or encryption units generating a cryptographic code using a cryptographic key before writing to a pseudorandom noise buffer memory. The PRN code generator comprises a first processor generating a PRN code from initial data using a cryptographic key. A second processor generates sections of the PRN code for integrity check purposes through computation using the same cryptographic key and initial data. Within the PRN code generator and before temporary storage of the PRN code in the buffer memory, there is a comparison device for comparing at least one duplicated section of the PRN code sequence cryptographically generated by the first processor with the section computed by the second processor. A blocking, stop and/or alarm function is activated in the comparison device and triggered on the basis of a predefined degree of matching between the section obtained through duplication and the computed section.

Abstract: A method and structure uses a decentralized network to connect and manage multiple devices. The method includes the steps of: applying for a decentralized identity in the decentralized network, and binding the decentralized identity with a digital identity; storing a correspondingly generated binding information in the decentralized network; authorizing one of the devices, to which the digital identity is allowed to connect, and an allowable account; storing a correspondingly generated authorization information in the decentralized network; when necessary, updating and storing an authentication information of the bound digital identity in the decentralized network; retrieving the authentication information from the decentralized network through a terminal device to process certification for connecting the one of the devices.