Abstract: A system and method for performing inspection of a reachable code object of a cloud computing environment is presented. The method includes detecting a network path for each resource of a plurality of resources deployed in a cloud computing environment, wherein the network path includes at least a portion between an external network and the cloud computing environment; determining reachability parameters of each resource of the plurality of resources for which a network path is detected; accessing a code repository including a plurality of code objects; actively inspecting the network path of a resource to determine if the network path is a viable network path; mapping each resource having a viable network path to a code object of the plurality of code objects; inspecting a mapped code object for a cybersecurity object; and initiating a remediation action based on the cybersecurity object.

Abstract: The invention relates to systems, methods, network devices, and machine-readable media for encrypting and decrypting messages in a decentralized multi-authority attribute-based encryption (MA-ABE) scheme for a non-trivial class of access policies whose security is based in the random oracle model solely on the Learning With Errors (LWE) assumption. In some embodiments, any party can become an authority and there is no requirement for any global coordination other than the creation of an initial set of common reference parameters.

Abstract: Disclosed herein is a method for detection of a cyber-threat to a computer system. The method is arranged to be performed by a processing apparatus. The method comprises receiving input data associated with a first entity associated with the computer system, deriving metrics from the input data, the metrics representative of characteristics of the received input data, analysing the metrics using one or more models, and determining, in accordance with the analysed metrics and a model of normal behavior of the first entity, a cyber-threat risk parameter indicative of a likelihood of a cyber-threat. A computer readable medium, a computer program and a threat detection system are also disclosed.

Abstract: A method for cryptographic signature of a datum comprises determining: a signature point equal to the addition of elements equal to a derived first point and of number equal to a first scalar; a second scalar by subtracting, from the product of the first scalar and of a selected scalar, the product of a third and of a fourth scalar; another signature point equal to the addition of elements equal to a selected point and of number equal to the second scalar, and of elements equal to a derived second point and of number equal to the fourth scalar; and a signature portion based on a private key, on the first scalar, on a coordinate of the signature point and on the datum. The derived first and second point are respectively equal to the addition of elements equal to a generator point and of number equal to a fifth and to the third scalar.

Abstract: Aspects of associative cryptography key operations are described. In one embodiment, a first cryptographic function is applied to secret data to produce a first encrypted result. The first encrypted result is transmitted by a first device to a second device. The second device applies a second cryptographic function to the first encrypted result to produce a second encrypted result. At this point, the secret data has been encrypted by two different cryptographic functions, each of them being sufficient to secure the secret data from others. The two different cryptographic function can be inversed or removed, in any order, to reveal the secret data. Thus, the first device can apply a first inverse cryptographic function to the second encrypted result to produce a first result, and the second device can apply a second inverse cryptographic function to the first result to decrypt the secret data.

Abstract: A system for security key rotation in a cloud computing environment is disclosed. The system performs steps to at least initiate, at a predetermined interval, a call to determine whether to initiate generation of a public-private key pair for a client application. The system determines whether to initiate generation of the public-private key pair for the client application and based on determining to initiate generation of the public-private key pair for the client application, transmits a control signal requesting generation of the public-private key pair The system generates the public-private key pair and transmits a private key associated with the public-private key pair to a secure storage location for later retrieval by the client application and transmits a public key associated with the public-private key pair to a public key service for later retrieval by a client associated with the client application.

Abstract: Aspects of the invention include a computer-implemented method of executing a hybrid quantum safe key exchange system. The computer-implemented method includes initially retrieving an authenticated random value from a trusted source, generating a first Z value using a first elliptic curve (EC) private key and a first certified form of an EC public key with an EC Diffie-Hellman (ECDH) algorithm, deriving a shared key using the authenticated random value and the first Z value with a key derivation function, decrypting the authenticated random value using a quantum safe algorithm (QSA) private key, generating a second Z value using a second EC private key and a second certified form of the EC public key with the ECDH algorithm and deriving the shared key using the authenticated random value and the second Z value with the key derivation function.

Abstract: A consensus network includes Messagenodes and Validators. The Messagenodes add transactions to pre-built blocks of a blockchain. The Validators validate the transactions added to the blocks by the Messagenodes. Validators individually sign blocks in a pre-commit phase and if a block receives a threshold number of signatures, the Validators verify the signatures in a counting phase and commit the block to the blockchain. When a block is committed, it is linked to the previous sealed block in the blockchain.

Abstract: A device, system, and method are provided for detecting an email phishing attack by training graph neural network to detect phishing emails based on hypertext markup language (HTML) tags and cascading style sheets (CSS) included in an email. Noise is added during the training of the graph neural network to make the trained graph neural networks more robust against small changes in the training data.

Abstract: In one embodiment, a device may obtain an identifier of a proof of location process (PLP) and an identifier of a node where the PLP is executed. The device may receive a query from a compliance engine for a proof of location of the node where the PLP is executed. The device may identify, based on the identifier of the PLP and the identifier of the node, a physical location of the node. The device may provide, to the compliance engine, a response to the query that is indicative of the physical location of the node, wherein the compliance engine enforces one or more data compliance policies with respect to a workload executed by the node and based on the physical location of the node.

Abstract: A method includes receiving, at a broker processor and from a prover processor, a user request, a user token, and a user cryptographic zero-knowledge proof associated with a user characteristic. The method also includes receiving, at the broker processor, from a service processor, and based on the user request, a requirements specification and the user token. The method also includes generating, via the broker processor, a broker cryptographic zero-knowledge proof based on the requirements specification and the user cryptographic zero-knowledge proof. The method also includes transmitting, via the broker processor and to the service processor, the broker cryptographic zero-knowledge proof to cause the service processor to fulfill the user request.

Abstract: A system and method for voting including vote casting and vote counting. The system provides a paper ballot having a main section and a shreddable section. The main section includes a ballot ID, a ballot public key of a ballot public and private key pair, a set of voting options, and a machine-readable code at an end of the main section. The machine-readable code is configured to instruct a scanner device to stop scanning. The shreddable section includes a ballot private key of the ballot public and private key pair printed thereon. A scanner can read the information on the marked paper ballot, read the private key from the shreddable section, and shred the shreddable section. Scanner digitally signs image data using the ballot private key and scanner private key and applies “publicly solvable puzzle-based encryption” to the same. Scanner can transmit the encrypted image data to a blockchain server.

Abstract: A system includes at least one processor to receive a second public key, a first random number, and a second random number, and store the second public key, the first random number, and the second random number in an installation record, perform key agreement with a first private key and the second public key to determine a MasterSecret, perform key expansion with the MasterSecret, the first random number, and the second random number to generate a client authentication key, a server authentication key, a client encryption key, and a server encryption key, and store the client authentication key, the server authentication key, the client encryption key, and the server encryption key and delete the MasterSecret.

Abstract: A method for providing challenges to a device comprising (i) compiling a first challenge based on a first random value and a parameter; (ii) compiling a second challenge based on a second random value, the parameter and based on the first challenge or any intermediate result thereof; and (iii) providing the first challenge and the second challenge to the device.

Abstract: Various embodiments include systems and methods of implementing a machine learning model for calculating confidence scores associated with potential security vulnerabilities. The machine learning model is trained using vulnerability data associated with a set of previously identified vulnerabilities, where the vulnerability data indicates whether a previously identified vulnerability is a true positive or a false positive. In some embodiments, scan traffic data may be obtained. The scan traffic data may be associated with potential security vulnerabilities detected via scan engine(s) that implement application security testing. The machine learning model may be used to determine respective confidence scores for each potential security vulnerability. According to some embodiments, responsive to a request for scan findings associated with a particular application, the respective confidence scores may be displayed via a vulnerability analysis graphical user interface.

Abstract: This invention enables asynchronous encrypted communication under a protection of a simple password which must be communicated out-of-band. The password is easily communicable in-person, by telephone or by a text message. The invention assumes that one of the parties has an online device, such as a smartphone. After the encrypted session has been established, it can be used for a variety of cryptographic applications, such as encrypting or decrypting messages, sharing of cryptographic keys, and verifying data. The invention also has the secondary benefit of authenticating both parties to each other.

Abstract: Systems and methods of improving public key infrastructure using PUF arrays are disclosed. The systems and methods are usable to improve PKI based on Lattice and Code cryptography. In the disclosed system, a client device includes an enrolled PUF array, and a server device acting as a Certification Authority includes an image of the PUF array including previously measured responses data for the devices in the PUF array. The CA sends a set of addresses to the client device, which generates a public key from measuring the response of PUF devices with the addresses. The CA receives the generated public key, and determines that the enrolled PUF was used to generate the key.

Abstract: The invention provides methods and apparatus for detecting when an online session is compromised. A plurality of device fingerprints may be collected from a user computer that is associated with a designated Session ID. A server may include pages that are delivered to a user for viewing in a browser at which time device fingerprints and Session ID information are collected. By collecting device fingerprints and session information at several locations among the pages delivered by the server throughout an online session, and not only one time or at log-in, a comparison between the fingerprints in association with a Session ID can identify the likelihood of session tampering and man-in-the middle attacks.

Abstract: Methods, systems, and devices for facilitating joint submissions. In an example embodiment, a system may facilitate a joint submission from multiple devices. For example, a primary device may receive data for a joint submission with a peripheral device, and the data may be segmented into sensitive and non-sensitive data.

Abstract: Examples describe data security for communication systems. One example includes validating a user device using secure user data and generating a long term token for the user device, where the long term token is generated with a randomized unique token system. The method further includes receiving a transaction communication associated with a secure transaction, the transaction communication including the long term token, generating a transaction token that is different than the long term token for the transaction communication using the long term token from the transaction communication, and facilitating the secure transaction using the transaction token and the long term token.