Abstract: Methods and systems of identifying and remediating at-risk resources in a computing environment are provided. A method includes periodically determining respective infrastructure topologies of a computing environment that changes over time, wherein the determining is performed by a computer system communicating with the computing environment. The method also includes: identifying, by the computer system, an intrusion event in the computing environment; determining, by the computer system, at-risk resources in the computing environment based on the determined intrusion event and a corresponding one of the infrastructure topologies; and performing, by the computer system, remediation action for the at-risk resources.

Abstract: An architecture and methods for self-sovereign digital identity is described. The method mimics the handling of identities in the physical world, by provisioning unique digital identities to people. Digital identities and consent tokens are said to be self-sovereign because they are tightly controlled by their owners using identity engines installed on personal devices. Identity engines are interoperable, establishing a web identity layer. Self-sovereign digital identities are used to identify their holders, sign and encrypt transactions, and create digital seals that cannot be repudiated. Digital seals affix the identities and attestations of collaborating parties to digital identities, consent tokens, transactions, documents, and other artifacts. Self-sovereign digital identities can be exchanged securely, verified using proof-of-possession and proof-of-custody tests when collaborating synchronously, and verified using a proof-of-existence identity registry when collaborating asynchronously.

Abstract: A method and system for providing GTP acceleration for secure cellular backhaul over satellite (CBoS). A satellite terminal receives request from a first entity to establish a security association with a second entity, and establishes a first secure tunnel to a gateway. A second secure tunnel is then established between the gateway and the second entity based on a certificate belonging to the first entity. A third secure tunnel is established between the satellite terminal and the first entity based on a certificate belonging to the second entity. The contents of encrypted traffic between the first entity and the second entity are examined so that GTP acceleration may be applied to eligible traffic transmitted over the first secure tunnel.

Abstract: Disclosed embodiments relate to systems and methods for dynamically analyzing and enrolling virtualized execution instances. Techniques include identifying a request for enrollment for a virtualized execution instance configured to be deployed on a host in a virtual computing environment, the request including a result of a privileged configuration inspection for the virtualized execution instance; determining, based on the result of the privileged configuration inspection, to automatically enroll the virtualized execution instance; and including the virtualized execution instance in a group of enrolled virtualized execution instances, the group being available for secure communications with one or more clients in a manner that is isolated from the host.

Abstract: A system for mitigation of cyberattacks employing an advanced cyber decision platform comprising a time series data store, a directed computational graph module, an action outcome simulation module, and observation and state estimation module, wherein the state of a network is monitored and used to produce a cyber-physical graph representing network resources, simulated network events are produced and monitored, and the network events and their effects are analyzed to produce security recommendations.

Abstract: Novel tools and techniques for an IoT shell are provided. A system includes an internet of things (IoT) device, a database, and a license manager. The database may include one or more sets of authorized licenses, each set of authorized licenses associated with a respective vendor software. The license manager may be in communication with the IoT device and the database, and further include a processor and a non-transitory computer readable medium comprising instructions executable by the processor. The license manager may be configured to receive a request to reserve a license for a first vendor software, determine an availability of the license associated with the first vendor software, register a unique identifier of the IoT device in association with the license, and grant the license to the IoT device.

Abstract: A system for user device profiling that includes operations such requesting an acoustic profile from a user device. Receiving the acoustic profile from the user device and comparing the received acoustic profile with a stored acoustic profile.

Abstract: Techniques for mobile equipment identity and/or IoT equipment identity and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for mobile equipment identity and/or IoT equipment identity and application identity based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a device identifier for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the device identifier and the application identifier.

Abstract: Provided is an apparatus including a pulse generation device and a memory. The pulse generation device includes: an emitter, which includes a radioisotope containing a number of atoms greater than a total number of identification targets; and a detector, which is configured to detect an ? particle and others emitted from the emitter due to spontaneous decay of an atomic nucleus to generate electric pulses. The memory stores a number of electric pulses obtained by measuring, in advance, for a given period of time, the electric pulses that are generated in the pulse generation device (initial pulse count), a date of the measurement, and an identification numerical value obtained by digitizing a pulse interval between the electric pulses (initial identification numerical value).

Abstract: Systems, methods and apparatus for authenticating and verifying an electronic communication are provided. Systems, apparatus and methods determine which emails pose a threat and which are benign. Systems, apparatus and methods filter malicious emails from non-malicious emails. Systems, apparatus and methods prevent receipt of bulk unsolicited and/or otherwise undesirable communications. Systems, apparatus and methods authenticate an identity of a sender of an electronic communication. Systems, methods and apparatus may involve biometric authentication.

Abstract: A method may include receiving an outbound communication directed to one or more recipient addresses from a communications infrastructure hosting the true address for the user. A server or similar intermediary may generate an alias address for each recipient address in an outbound communication so that each recipient may communicate with the true address using a unique reply channel. A discrete security state may be assigned as a security attribute to each such alias address. The discrete security state, which can be controlled by the user and stored, e.g., at the intermediate server, establishes rules for controlling communications from one of the recipient addresses through the communications infrastructure to the true address via one of the alias addresses. Once an alias and a security state are assigned in this manner to facilitate handling of responsive communications, the outbound communication may be forwarded to recipient addresses through the communication network.

Abstract: An example operation may include one or more of storing encrypted IoT data as transactions in a blockchain, the IoT data being captured by one or more edge devices of an IoT network, receiving an identification of an event, and in response, retrieving encrypted IoT transaction data stored in the blockchain which is associated with the event, decrypting, via a blockchain node, the retrieved IoT transaction data associated with the event and generating anonymized data of the event from the decrypted IoT transaction data in which personally identifiable information is anonymized, and outputting information concerning the anonymized data of the event to one or more of a user device and a display device.

Abstract: Methods and systems for detecting a potential compromise of cyber security in an industrial network are disclosed. These methods and systems comprise elements of hardware and software for generating and analyzing vectors indicative of network behavioral states to establish thresholds for anomalous behavior in the industrial network.

Abstract: System and methods for improving data movement perimeter monitoring and detecting non-compliant data movement within a computing environment include generating a forwarding configuration associated with activity logs, such as activity logs associated with a test environment. The forwarding configuration includes specific fields and file types or the contents of those specific fields and files that facilitate perimeter monitoring or otherwise determining which activity log data elements are needed by an operational intel tool to reduce the amount of data input or analyzed by the operational intel tool, and thus, to reduce its processing load. The forwarding configuration is input into the operational intel tool. Mainframe data is normalized and analyzed to identify abnormal data flows and to generate electronic alerts to facilitate perimeter monitoring. False positives are identified before the alerts are communicated.

Abstract: A system and method to identify and prevent cybersecurity attacks on modern, highly-interconnected networks, to identify attacks before data loss occurs, using a combination of human level, device level, system level, and organizational level monitoring.

Abstract: Systems, methods, and software for sensitive data handling frameworks for user applications are provided herein. An exemplary method includes receiving subsets of structured user content consolidated into associated flattened representations, the associated flattened representations having a mapping to the structured user content and accompanied by at least lengths and offset information relating to the mapping. The method includes individually parsing the subsets of structured user content to classify portions as comprising sensitive content corresponding to one or more predetermined data schemes and, for each of the portions, identifying an associated offset and length for the portion relating to the subsets of structured user content, and indicating at least the associated offset and length to the user application for marking of the sensitive content in a user interface to the user application.

Abstract: A system, method and computer-readable storage medium with instructions for protecting an electronic device against fault attack. Given a data represented as an input codeword of a systematic linear error correcting code, the technology provides the secure computation of the output codeword corresponding to the result of the non-linear function applied to this data. Other systems and methods are disclosed.

Abstract: Embodiments of the present invention provide an authenticating service of a chip having an intrinsic identifier (ID). In a typical embodiment, an authenticating device is provided that includes an identification (ID) engine, a self-test engine, and an intrinsic component. The intrinsic component is associated with a chip and includes an intrinsic feature. The self-test engine retrieves the intrinsic feature and communicates it to the identification engine. The identification engine receives the intrinsic feature, generates a first authentication value using the intrinsic feature, and stores the authentication value in memory. The self-test engine generates a second authentication value using an authentication challenge. The identification engine includes a compare circuitry that compares the first authentication value and the second authentication value and generates an authentication output value based on the results of the compare of the two values.

Abstract: A distributed ledger, e.g., blockchain, enabled operating environment includes a user device that accesses services of a service device by leveraging the decentralized blockchain. For example, a user device can lock/unlock a door (e.g., service device) by interfacing with a smart contract stored on the decentralized blockchain. The user device provides parameters, such as payment, that satisfies the variables of the smart contract such that the user device can access the service device. The service device regularly retrieves information stored in the smart contract on the decentralized blockchain. For example, the retrieved information can specify that the user device is authorized to access the service device or that the service device is to provide a service. Therefore, given the retrieved information, the service device provides the service to the user device.

Abstract: Provided are a smart key device and a working method. When a register requesting command is received, the smart key device obtains a key handle, an authentication certificate and a first signing result and forms a response data of the register requesting command according to the second key pair, the key handle, the authentication certificate and the first signing result; when an authentication requesting command is received, the smart key device determines a current user legitimated by authenticating according to the authentication requesting command, obtains a second signing result according to the authentication requesting command and a current authenticating times, and forms a response data of the authentication requesting command according to the second signing result and the current authenticating times. Fast identity authentication can be implemented and security of online transaction can be enhanced by the present invention.