Abstract: A method of real-time data security of a communications bus, the method comprising the steps of: reading at least an early portion of a message being transmitted over a communications bus, determining whether the message is suspicious, according to at least one rule applied on the read early portion of the message, and upon determining that the message is suspicious, corrupting at least a part of the message.

Abstract: A system for one-click two-factor includes a processor and a non-transitory, tangible, computer-readable storage medium having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations including: (i) receiving an access request from a user, the access request including a first authentication factor; (ii) generating a second authentication factor and a hyperlink that includes the second authentication factor; (iii) providing the hyperlink that includes the second authentication factor to a client device associated with the user; (iv) automatically receiving the second authentication factor in response to selection of the hyperlink by the user; and (v) verifying the first authentication factor and the second authentication factor to authenticate the identity of the user.

Abstract: In various embodiments, a method comprises detecting a removable media device coupled to a digital device, authenticating a password to access the removable media device, injecting redirection code into the digital device, intercepting, with the redirection code, a request for data, determining to allow the request for data based on a security policy, and providing the data based on the determination. The method may further comprise selecting the security policy from a plurality of security policies based, at least in part, on the password and/or filtering the content of the requested data. Filtering the content may comprise scanning the data for malware. Filtering the content may also comprise scanning the data for confidential information.

Abstract: An example ECU identifying apparatus transmits and receives CAN data to and from a plurality of ECUs. The ECU identifying apparatus measures a power signal of the received CAN data, generates a multi-class classifier with respect to each of the plurality of ECUs and a one-class classifier with respect to all ECUs, acquires identification information of the received CAN data, acquires a signal of a predetermined area from the measured power signal, calculates a predetermined attribute value based on the signal of the predetermined area which is acquired, identifies an ECU based on the identification information of the CAN data which is acquired and the calculated predetermined attribute value, and determines whether an attack is made based on the identified ECU.

Abstract: A method of a responding entity for creating a secure link with a requesting entity in an embedded universal integrated circuit card (eUICC) environment is provided. The method includes: receiving, from the requesting entity, a secure link creation message including signature information of the requesting entity; verifying the signature information of the requesting entity by using trust information of the requesting entity, the trust information of the requesting entity being generated by a certificate authority (CA) and transferred to the responding entity; generating a shared key used for communication between the responding entity and the requesting entity; and creating the secure link with the requesting entity by using the shared key.

Abstract: When providing a service to a communication terminal, a service providing system causes an authentication system to perform authentication of a user of the communication terminal. The service providing system includes a processor configured to receive, from the communication terminal, terminal identification information to identify the communication terminal, the terminal identification information including a to-be-authenticated section to be used for the authentication of the user and a not-to-be-authenticated section not to be used for the authentication of the user; and transmit, to the authentication system, only the to-be-authenticated section out of the received terminal identification information.

Abstract: A database transaction is executed in a computer of a system of networked computers having secure processing enclaves. Within the secure processing enclave, a database transaction log record for the executed database transaction is generated and cryptographically secured using a private key held in secure storage of the secure processing enclave. A state of the distributed database is recorded in a series of transaction log records which is replicated in distributed computer storage accessible to the networked computers. Consensus messages are transmitted and received via secure communication links between the secure processing enclaves of the networked computers, to incorporate the database transaction log record into the series of transaction log records in accordance with a distributed consensus protocol, which is implemented based on consensus protocol logic held within the secure processing enclave.

Abstract: A network traffic system includes a network traffic mangling application for modifying a signature of packets that are transmitted in the network traffic system. The network traffic mangling application includes a user module control agent and a kernel module for executing the network traffic mangling application. The user control module agent modifies and mangles the behavior of the kernel module and communicates with the kernel module.

Abstract: A communication controller performs route control in a communication system comprising a specific network, a first network configured to accommodate a specific device connected to the specific network, a second network provided between the specific network and the first network, and a filter configured to restrict communication according to a predetermined condition. The communication controller device includes: a route-setting device which controls the path such that a first path of the branched path is set as a path leading to a predetermined address space including an address of the specific device via the filter, and a second path of the branched path is set as a path leading to the first network in which the predetermined address space is excluded from an address space of the first network.

Abstract: Implementations of the present specification provide a computer-implemented method, computer-implemented system, and non-transitory, computer-readable medium. The computer-implemented method includes sending a token acquisition request by a blockchain client to a blockchain node. A commit token fed back from the blockchain node is received by the blockchain client, where the commit token indicates that the blockchain client has permission to submit transaction data to a specific data block in a blockchain. Transaction data is sent by the blockchain client to the blockchain node.

Abstract: Techniques for dynamic selection and generation of detonation location of suspicious content with a honey network are disclosed. In some embodiments, a system for dynamic selection and generation of detonation location of suspicious content with a honey network includes a virtual machine (VM) instance manager that manages a plurality of virtual clones executed in an instrumented VM environment, in which the plurality of virtual clones executed in the instrumented VM environment correspond to the honey network that emulates a plurality of devices in an enterprise network; and an intelligent malware detonator that detonates a malware sample in at least one of the plurality of virtual clones executed in the instrumented VM environment.

Abstract: Systems and methods for privacy in distributed ledger transactions are disclosed. In one embodiment, in an information processing apparatus comprising at least one computer processor for a first node in a computer network comprising a plurality of nodes, a method for generating a key directory in a network comprising a plurality of nodes may include: (1) advertising a public key for a first node to the other nodes; (2) receiving public key information from each of the plurality of nodes; and (3) generating a public key directory that associates each node in the computer network with its public key.

Abstract: Certain example embodiments relate to systems and techniques for a client device outside of a cloud infrastructure to securely access services in the cloud infrastructure by relying on one or more keys that are validated by the cloud infrastructure based on a heartbeat message received from the client device. The heartbeat message may be secured by a certificate generated for the client device.

Abstract: Techniques for privilege escalation protection are disclosed. In some embodiments, a system/process/computer program product for privilege escalation protection includes monitoring a process executed on a computing device, detecting an unauthorized change in a token value associated with the process, and performing an action based on a policy (e.g., a kernel protection security policy/rule(s), which can include a whitelisted set of processes and/or configured actions/responses to perform for other/non-whitelisted processes) in response to an unauthorized change in the token value associated with the process.

Abstract: Systems and methods are described for management of data transmitted between computing devices in a communication network. An administrative component can configure one or more devices in the communication path of messages to be exchanged by devices to interpret codes embedded in the communication messages. A receiving device can review incoming messages for one or more processing codes or instructions that are embedded in the portion of the communication typically utilized solely to identify the subject matter of the communication, generally referred to as the topic portion of the communication. The receiving devices can then process the embedded codes to determine how the communication message will be routed or otherwise processed.

Abstract: A method may include receiving an outbound communication directed to one or more recipient addresses from a communications infrastructure hosting the true address for the user. A server or similar intermediary may generate an alias address for each recipient address in an outbound communication so that each recipient may communicate with the true address using a unique reply channel. A discrete security state may be assigned as a security attribute to each such alias address. The discrete security state, which can be controlled by the user and stored, e.g., at the intermediate server, establishes rules for controlling communications from one of the recipient addresses through the communications infrastructure to the true address via one of the alias addresses. Once an alias and a security state are assigned in this manner to facilitate handling of responsive communications, the outbound communication may be forwarded to recipient addresses through the communication network.

Abstract: Embodiments of the present invention provide a system for mitigating exposures associated with identified unmanaged devices in a network using solution data modelling. The system is typically configured for generating one or more solution data models comprising a plurality of asset systems and a plurality of users, storing the one or more solution data models in a model database, receiving an input from a user to identify unmanaged devices in a network, accessing a first solution data model associated with the network from the model database, identifying the unmanaged devices in the network based on the first solution data model, and displaying information associated with the unmanaged devices to the user.

Abstract: Aspects of the disclosure relate to preventing unauthorized access to secured information systems using advanced pre-authentication techniques. A computing platform may receive, from a local traffic manager, a first enriched access request associated with a first remote computing device. Then, the computing platform may apply a pre-authentication classification model to the first enriched access request associated with the first remote computing device. Thereafter, the computing platform may determine that the first enriched access request associated with the first remote computing device is likely malicious. Then, the computing platform may generate one or more first pre-authentication response commands directing client portal server infrastructure to process the first enriched access request associated with the first remote computing device as a malicious request.

Abstract: The present disclosure provides a device list synchronizing method and apparatus, a device and a computer storage medium, wherein the method comprises: after obtaining a user instruction instructing to discover devices, a smart network system sending, to a developer system, a DeviceDiscoveryRequest including first authorization information; the developer system storing the first authorization information; after obtaining information of update of a device list on a developer side, carrying the first authorization information to invoke an interface of the smart network system to trigger the smart network system to send the DeviceDiscoveryRequest to the developer system.

Abstract: Methods for access control of contract data in a distributed system are provided. The distributed system includes a contract generator, a validation server, a database and a distributed ledger which are in communication via a network, the method including the steps of: at the contract generator, receiving digital contract data from a first electronic device, determining a permission setting for accessing contract content associated with the digital contract data based on the digital contract data, and setting the permission setting to the validation server via the network, obtaining a validation link corresponding to the digital contract data from the validation server, generating contract information for digital contract data according to partial content of the digital contract data and the validation link, and storing the contract information in the distributed ledger.