Abstract: A computer-implemented method, system, and program product is disclosed for anonymized user authentication that dissociates a user's identify from a report submission after successful authentication. The method authenticates field personnel using organization-specific credentials and one-time passcodes, then establishes mathematically anonymous sessions that permanently dissociate user identity from report submissions. Field compliance data including geolocation, equipment status, environmental conditions, and photographic evidence is captured with complete offline capability. The system generates timestamped cryptographic hashes representing each report and records them immutably on distributed ledger networks, while maintaining full report data in encrypted off-chain storage. The system enables regulatory compliance documentation and litigation defense evidence generation, while maintaining complete reporter anonymity through cryptographic guarantees.

Abstract: Examples described herein provide a method that includes providing a joint test action group interface of an engine control, the joint test action group interface being in a disabled state to prevent a device connected to the joint test action group interface from communicating with the engine control. The method further includes detecting whether a control access card is inserted into a port of the engine control. The method further includes, responsive to detecting that the control access card is inserted into the port of the engine control, performing an authentication using a credential stored on the control access card. The method further includes, responsive to successfully completing the authentication, enabling the joint test action group interface of the engine control to enable the device connected to the joint test action group interface to communicate with the engine control.

Abstract: An analysis engine receives data characterizing a prompt for ingestion by a generative artificial intelligence (GenAI) model. The analysis engine, using a prompt injection classifier determines whether the prompt comprises or is indicative of malicious content or otherwise elicits malicious actions. The prompt injection classifier can be trained using a dataset generated by populating benign content and malicious content into a plurality of different prompt attack structures at pre-defined locations. Data characterizing the determination is provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Abstract: Embodiments of the present invention provide a method and apparatus for remotely accessing a computer system or network to identify storage devices and to retrieve metadata from the storage devices that are respectively unique to files stored in the storage devices. An agent is executed by the computer system and receives scanning instructions from a server. A scanning tool compares the metadata retrieved from the computer system or network to a database or list of known metadata of known restricted content. Metadata retrieved from the computer system or network that matches metadata from the database or list of known restricted content is flagged and the file associated with the matching metadata is flagged and reported as potentially storing restricted content. During the scanning, restricted content itself is not scanned, not copied, not transferred and not stored.

Abstract: An electronic device (e.g., smartphone) identifies digital content and classifies the digital content as confidential digital content via one or more machine learning models. The electronic device automatically stores the confidential digital content in a secure digital storage. The secure digital storage maintains the confidential digital content separately from digital content that is not classified as confidential digital content. Access to the secure digital storage is controlled by the electronic device such that the confidential digital content within the secure digital storage is not exposed outside of the secure digital storage.

Abstract: A healthcare data system. The system comprises a data protection entity configured to: sign at least a portion of a routing header of a data packet with a private key held by the data protection entity, the data packet including a payload and a routing header, the payload including healthcare data and the routing header indicating an intended consumer of the data packet; and transmit the data packet on towards the intended consumer. The healthcare data system further comprises one or more data receivers, each configured to: receive the data packet; and verify the signed routing header.

Abstract: A method and system for defending AI agents against prompt injection attacks is provided. The method and system include: monitoring, in real-time, a plurality of prompts and a plurality of action sequences for a plurality of AI agents, wherein an action sequence is a series of actions intended to be performed by the AI agent based on at least a corresponding prompt; and for each AI agent, computing a semantic distance metric between each prompt and each action sequence, comparing the computed semantic distance metric to a learned baseline semantic distance computed for the AI agent; and causing an execution of a mitigation action when the computed semantic distance metric deviates from the baseline semantic distance.

Abstract: The present invention concerns the verification and authentication of independent digital wallets and, particularly, the linking of regulated and unregulated digital wallets on a public blockchain. An unregulated trading system has a public certificate module arranged selectively to write NFTs into specific unregulated accounts. A public ledger database of the blockchain system stores unregulated accounts which each contain: (i) a document type identifier having a related minted unique non-transferable NFT linked to an externally generated certificate hash and where each non-transferable NFT is obtained via writing of a smart contract and each non-transferable NFT is a permanent record for a description of the document type; and (ii) a link to a private wallet of a regulated account of a regulated trading platform. The link relates directly to the minted non-transferable NFT issued from the certificate module.

Abstract: Systems and methods for quick start-up of playback in accordance with embodiments of the invention are disclosed. Media content may be encoded in a plurality of alternative streams and a quick start-up stream. The quick start-up stream may include media content that is encoded at a lower quality that the alternative streams and may be encrypted with a different, less secure encryption process than that of the alternative streams. During a start-up of playback, the playback device streams the media content from a quick start-up stream until a metric, such as a decryption key for the alternative streams is met. The device then streams the media content from the alternative streams in response to the metric being met.

Abstract: A method for implementing a fast UBDM transform includes receiving a first, input vector via a processor, and partitioning the first vector to produce a magnitude vector and a sign vector. A second vector, including a modified magnitude vector and a modified sign vector, is generated by: applying a permutation to the magnitude vector to produce the modified magnitude vector, converting the sign vector, based on an algorithm, into an intermediate sign vector, and applying nonlinear layers to the intermediate sign vector. Each nonlinear layer includes a permutation, an S-box transformation, a diffusive linear operation and/or an Xor operation. Multiple linear layers are applied to the second vector to produce a third vector, the third vector being a transformed version of the first vector. A first signal representing the third vector is sent to at least one transmitter for transmission of a second signal representing the transformed data vector.

Abstract: A storage network operates by: obtaining audit records, wherein each of the audit records indicates: a timestamp for a corresponding message, at least one event type code selected from a plurality of event type codes for a corresponding audit event of the corresponding message, and an identifier for a corresponding system entity associated with at least one event corresponding to the at least one event code; aggregating a number of audit records over a period of time; generating an audit file to include the number of audit records and integrity information; and facilitating storage of the audit file by utilizing a name of the audit file.

Abstract: A set of one or more permissions associated with an identity is determined. One or more risk metrics and corresponding usage associated with the one or more permissions associated with the identity are determined. Access associated with at least one permission from the set of one or more permissions associated with the identity is modified based on the one or more determined risk metrics and corresponding usage associated with the one or more permissions associated with the identity.

Abstract: A technique to stop lateral movement of ransomware between endpoints in a VLAN is disclosed. A security appliance is set as the default gateway for intra-LAN communication. Message traffic from compromised endpoints is detected. Attributes of ransomware may be detected in the message traffic, as well as attempts to circumvent the security appliance. Compromised devices may be quarantined.

Abstract: A method and computer system for submitting and receiving data relating to a first digital content element. A search query comprising at least a portion of a first digital content element is derived at a first entity, the search query being based on a first number of possible search results in a set of search results. The search query is transmitted to a second entity which comprises a content database, the content database comprising a plurality of digital content elements. A set of search results is obtained based on the search query, the set of search results comprising any digital content elements of the content database matching the search query. The search results may be transmitted to the first entity and Matched with the first digital content element or it may be transmitted to a third entity which may be a law enforcement organisation.

Abstract: Examples of analytics systems may include a cloud based no-touch auto-update mechanism that may have access to ransomware signatures. For example, the service may pull ransomware signatures from a centralized public datastore through APIs and update the ransomware signatures on file servers subscribed to the analytics system.

Abstract: An electronic device comprises: a first processor operating in a general non-secure environment; a second processor operating in a secure environment; a first memory allocated to the general non-secure environment; a second memory allocated to the secure environment; and a third memory shared in the general non-secure environment and the secure environment, wherein the second processor is configured to: encrypt at least a portion of secure data to generate an encrypted portion, the secure data generated by a trusted application executed in the secure environment, store the encrypted portion in the third memory, and store first information used to encrypt the at least a portion of the secure data and second information generated while encrypting the at least the portion of the secure data in the second memory, and wherein the first processor is configured to, store the encrypted portion stored in the third memory in the first memory.

Abstract: The disclosure provides a configuration method, data integration method, apparatus, device and storage medium of data integration strategy. The method includes obtaining a data structure of a data source based on an access credential of the data source; and configuring a data structure of an external object for the data structure of the data source, wherein there is a mapping relationship between the data structure of the external object and the data structure of the data source.

Abstract: A device may receive, from an organization user, a request for support associated with a cloud computing environment utilized by the organization user, and may provide the request for support to a support user. The device may receive, from the support user, credentials of the support user and a login request to access the cloud computing environment, and may determine whether the credentials of the support user satisfy a domain check, a virtual private network (VPN) check, a role check, and a secure group check. The device may selectively deny the login request based on the credentials failing to satisfy one or more of the domain check, the VPN check, the role check, or the secure group check, or may approve the login request based on the credentials satisfying the domain check, the VPN check, the role check, and the secure group check.

Abstract: An interface circuit is coupled to first and second peripheral circuits. A register of the interface circuit stores a state parameter. The interface circuit is configured to: receive a write or read access request originating from a processor and directed towards a destination address in the first peripheral circuit; and generate a write and/or read operation at the first and/or the second peripheral circuit, the operation and its destination being selected according to the state value and the destination address.

Abstract: Examples described herein are generally directed towards generating, allocating, and assigning consistent file server user identifiers (IDs) (also described herein as a global identifier (GID)) domains subscribed to by file server(s) within a distributed file server environment. In operation, a virtualized file server of a distributed file server system may scan for and identify a trusted domain subscribed to by the virtualized file server. The virtualized file server may allocate to the trusted domain a range of file server user IDs. The virtualized file server may store a mapping between local user security identifiers (SIDs) in the trusted domain and a respective file server user IDs within the allocated range. The virtualized file server may provide the mapping to a replication target, such as during a replication, migration, and/or a disaster recovery event.