Abstract: Security systems and methods continuously monitor for known threats and proactively pursue information on emerging or unknown threats on devices and data. Efforts for spying, attacks from spyware, phishing, and vishing, among other threats, are used by bad actors to attack devices and data. The security systems and methods protect devices and/or data, and any associated devices and/or data, such as by anonymizing client devices and data through deconstruction and scattering data, assigning the data to one or more qubits and distributing the qubits over a blockchain. In some examples, algorithms are scanned to identify whether inputs are intended to or inadvertently targeting specific races or genders. These inputs may be used to draw particular conclusions about the individual's race, economic status, the area's economic state, etc. As such, an algorithm scanning engine protects against algorithmic biases with respect to race, gender, economic status, etc.

Abstract: According to one or more embodiments, a system can comprise a processor and a memory that can store executable instructions that, when executed by the processor, facilitate performance of operations. The operations can include establishing a wireless connection to a wireless network. The operations can further include receiving, via the wireless connection, data from a gateway device, that has been communicated via a network device of a publicly accessible network, wherein the data has been compared, by the gateway device, to a template of anomalous activity.

Abstract: A first set of features associated with a neural network are parameterized. A decision tree is generated from the first set of features. One or more adjustments for the neural network are received at the decision tree. A second set of features associated with the adjustments at the decision tree are parameterized. The parameterized first and second set of features are combined into a plurality of parameters. From the plurality, an adjusted neural network is generated.

Abstract: A control method includes: receiving first information pertaining to a first contract from a first terminal used by a first user who is one of two parties who have agreed to the first contract; when consent of a party aside from the two parties is required to validate the first contract, identifying a second user as the party aside from the two parties with reference to a ledger storing information pertaining to a past contract, and transmitting the first information to a second terminal operated by the second user; obtaining second information in which a confirmation result indicating whether the second user consents to the first contract and a digital signature of the second user are added to the first information; and confirming the second information, and when the confirmation result indicates consent, setting the first contract as a valid contract and storing the second information in the ledger.

Abstract: A method for scalable vulnerability detection is provided. The method includes selecting at least a workload of a plurality of workloads deployed in a first cloud environment for inspection, wherein the workload includes a first volume; generating in a remote cluster an inspection node, the inspection node including at least a first disk, wherein the remote cluster provisions inspection nodes in response to demand for inspection nodes; generating a persistent volume (PV) on which the at least a first disk is mounted, wherein the at least a first disk is generated from a snapshot of the first volume; and generating a persistent volume claim (PVC) of the PV for an inspector workload, wherein the inspector workload is configured to inspect the PV for an object, and wherein inspector workloads are provisioned in response to demand for inspector workloads.

Abstract: Implementations of the present disclosure include receiving, by a database system, a query, providing, by the database system, a set of checker objects including one or more inner checker objects and an outer checker object, each checker object corresponding to a nested sub-query of the query, providing, by the database system, an authorization list associated with the outer checker object, and executing an authorization check on the query at least partially by: adding collected objects of each inner checker object to the authorization list, adding collected objects of the outer checker object to the authorization list, and determining authorization of an entity based on the authorization list.

Abstract: An exemplary blockchain-based decentralized computing system and method are disclosed for industrial analytics applications. The exemplary system and method leverage blockchain technology to deliver and execute privacy-preserving decentralized predictive analytics, machine learning, and optimization operations for various industrial applications using a set of self-contained analytics block smart contracts that can be readily utilized and in analytics applications to deploy across multiple sites.

Abstract: Methods and systems for a device identification system may be provided. The device identification system may determine an identity of a user device associated with a transaction. The identity may be determined by network address information, hard link information, soft link information, and/or other such information. The network address information may include IPv4 information, IPv6 information, a device ID, and/or other such information. The identity of the user device may be determined and a transaction conducted from the user device may be assigned a fraudulent transaction risk score according to the information. Transactions that are determined to be at a high risk of fraud may be reviewed or otherwise flagged and/or canceled.

Abstract: Method and apparatus for secure access control in wireless communications are disclosed. In an example, a method includes receiving a broadcast message including system information, identifying a first set of hashed identifiers (IDs) and a first random number based on the system information, and each ID of the first set of hashed IDs is individually hashed using at least the first random number. The method also includes calculating a first hash value for each ID of a second set of IDs using at least the first random number, determining whether at least a hashed ID of the second set of IDs matches a hashed ID of the first set of hashed IDs, and sending a request message based on a determination that at least a hashed ID of the second set of IDs matches a hashed ID of the first set of hashed IDs.

Abstract: Systems and methods for network security testing of target computer networks using AI neural networks. A command and control server controls a number of geographically separated processors running a number of neural networks. A central data hive is accessible to all the processors. The processors are organizable into logical hemisphere groupings for specific tasks and/or projects. For security testing, hemisphere groupings are created for the project. Based on data for the target system on the data hive, attacks are formulated by a hemisphere grouping and these potential attacks are tested against known characteristics of the target network. Validated potential attacks and, in some cases, random attacks, are executed and data generated by the executed attacks are stored in the data hive for use in formulating and executing other further attacks. Potential attacks may involve mining social media networks for data on users of the target system.

Abstract: A method including configuring, by an infrastructure device, a virtual private network (VPN) server to install an initial operating system on a volatile memory associated with the VPN server; configuring, by the infrastructure device, the VPN server to execute the initial operating system from the volatile memory to receive a VPN operating system; configuring, by the infrastructure device, the VPN server to install the VPN operating system on the volatile memory; and configuring, by the infrastructure device, the VPN server to execute the VPN operating system from the volatile memory to provide VPN services. Various other aspects are contemplated.

Abstract: A software defined (SD) process control system (SDCS) includes a control container having contents which are executable during run-time of the process plant to control at least a portion of an industrial process. The SDCS also includes a security service associated with the control container and including contents which define one or more security conditions. The security service executes via a container on a compute node of the SDCS to control access to and/or data flow from the control container based on the contents of the security container.

Abstract: The application discloses methods and corresponding systems and network devices and/or nodes for enabling user equipment belonging to a home network to access data communication services in a visited network of a wireless communication system. By way of example, there is provided a method that comprises the step of obtaining at least one cryptographic token originating from a network node of the home network of the user equipment and cryptographically signed by a private key associated with the home network, wherein the at least one cryptographic token represents means for accessing data communication services via user data transport functions of the visited network.

Abstract: Embodiments of system and methods for providing centralized management of a software defined automation (“SDA”) system are disclosed. The SDA system comprises of a collection of controller nodes and logically centralized and yet physically distributed collection of compute nodes by monitoring activities of the compute nodes. In accordance with some embodiments, one or more components of the system monitor execution, network and security environments of the system to detect an event in a first environment. In response to the detected event, at least one component in the first environment is remediated, the remediation of the first environment creating a trigger to cause remediation of at least one component in each of a second and third environments.

Abstract: A method for generating digital certificates for anonymous users in blockchain transactions includes: storing a blockchain comprised of a plurality of blocks, each block including a block header and transaction values, where each transaction value includes data related to a blockchain transaction including a sending address, recipient address, and transaction amount; receiving a certificate request from a computing device, the request including a user public key of a cryptographic key pair; identifying a subset of transaction values in the blockchain where the sending address or recipient address was generated using the user public key; determining a confidence level based on the data included in each transaction value included in the subset; generating a digital certificate based on the determined confidence level; and transmitting the generated digital certificate to the computing device.

Abstract: A responder device receives, from an initiator device, a request to initiate a cryptographic tunnel between the initiator device and the responder device. The responder device does not include a static private key to be used in an asymmetric cryptography algorithm when establishing the tunnel. The responder device transmits a request to a key server that has access to the static private key and receives a response that is based on at least a result of at least one cryptographic operation using the static private key. The responder device receives from the key server, or generates, a transport key(s) for the responder device to use for sending and receiving data on the cryptographic tunnel. The responder device transmits a response to the initiator device that includes information for the initiator device to generate a transport key(s) that it is to use for sending and receiving data on the cryptographic tunnel.

Abstract: Techniques are provided for secure data management in a network computing environment. A security management system receives data from a device which operates in a device network that is managed by the security management system. The security management system performs a data classification process to determine a data sensitivity level of the received data. The security management system determines a type of encryption to apply to the received data based on the determined data sensitivity level. The type of encryption is determined from a plurality of different types of encryption that are supported by a cloud system. The security management system sends the received data to the cloud system to at least one of store the data and perform secured data analytic processing of the data, in a format according to the determined type of encryption.

Abstract: Systems and methods for multi-factor authentication are based on validation of an inherence factor and a possession factor obtained in a “frictionless” or almost frictionless manner. A method conducted at a software application executing on a user device associated with a user and connected to a server computer, includes obtaining signing or encryption of a set of data elements using a cryptographic key securely stored for exclusive use by the software application and transmitting the signed or encrypted data elements to the server computer. The method includes transmitting, to the server computer, a payload including contextual data which includes behavioural data collected via one or more contextual data sources. The signed data elements represent a possession factor and the payload including contextual data represents an inherence factor for validation and multi-factor authentication by the server computer.

Abstract: The invention relates to a method and a system for computer-assisted maintenance of a device to be maintained, comprising a storage in a first system, which storage is implemented progressively when in use an operating system comprising the device to be maintained, of operational data associated with the said operating system. For a maintenance processing method, which is to be implemented by the second system (8) by applying a processing algorithm (38) to a set of operational data, the maintenance system uses a homomorphic or partially homomorphic cryptosystem (28) to obtain a modified maintenance processing algorithm (40) which makes it possible to obtain an item of predictive or corrective maintenance information in encrypted form, from a set of protected operational data comprising a first subset of encrypted operational data ((D1)H) by a means of a cryptosystem encryption method (28), and a second subset of plain data (D2) from the said set of operational data.

Abstract: Systems and methods that update configuration parameters on a UE using control plane functionalities. In one embodiment, an AMF element of a mobile network receives a control plane message from a UDM element that includes a UE configuration parameter update for the UE. The UE configuration parameter update is security protected via a secured packet, integrity protection, etc. The AMF element is configured to transparently send the UE configuration parameter update to the UE. Thus, AMF element inserts the UE configuration parameter update (that is security protected) in a container of a Non-Access Stratum (NAS) message, and sends the NAS message to the UE. The UE may then update its configuration parameters based on the update when security checks are complete.