Abstract: Time randomizing information protocol language encryption, provides systems, methods, computer programs and algorithms for encrypting communications. Provided by software in devices or firmware in networking hardware cooperates between at least two systems. Ciphers are randomly timed and replaced after a random period rendering eavesdropper decryption efforts ineffective and/or uneconomic. Ciphers may be based on common seed data sets, or on pointers to an array containing seed data. These seed data values, or pointers to them may be used in communications in shared transient languages. Languages may include number bases from binary on upwards, and characters used in human or machine languages. One implementation may convert human speech to text, then encrypt and transmit it, for decryption and conversion to synthetic speech in secure battlefield communications, or secure identity protected communications as may suit intelligence agencies.

Abstract: Embodiments of the present disclosure may provide a data clean room allowing encryption based data analysis across multiple accounts of different database users. The data clean room may also restrict which data may be used in the analysis and may restrict the output. A requesting user's data can be encrypted using a key and a provider user can generate a shareable database function that accepts the key to decrypt the data to generate the results data without exposing each others' data.

Abstract: A method for searchable encryption with a public key includes receiving an operation request from a user device associated with a user requesting that encryption of data associated with the user. The data includes a corpus of documents stored on a remote storage device. The method also includes receiving a public key associated with the user. The public key includes an asymmetric cryptographic public key. The method also includes generating a random data key. The data key includes a symmetric cryptographic key. The method also includes encrypting, using the data key, a search index for the corpus of documents based on keywords within the corpus of documents. The method also includes encrypting, using the public key, the data key and sending the encrypted data key to a user device associated with the user.

Abstract: Systems and methods are disclosed for aggregating and indexing a patient operational longitudinal record and extracting statistics therefrom. In one example, a system for storing and indexing entries in a patient operational longitudinal record may include at least one memory storing instructions and at least one processor configured to execute the instructions to: receive a health update from an authenticated device; map the health update to a health record; apply at least one stored rule to the health update and the health record to determine additional operational data; index and store the health update and the additional operational data in association with the health record; and allow access to the health record based on an associated security protocol.

Abstract: A webshell detection method and apparatus are provided. The apparatus obtains first web traffic of a protected host; generates a web page visit record of the protected host based on the first web traffic, where the web page visit record is used to save at least one uniform resource locator (URL), an IP address visiting each URL, and a total quantity of visits to each URL; determines a suspicious URL from the at least one URL based on the web page visit record, where a total quantity of visits to the suspicious URL is less than a first threshold, and a ratio of a quantity of different IP addresses visiting the suspicious URL to the total quantity of visits to the suspicious URL is less than a second threshold; and determines whether a web page identified by the suspicious URL contains a webshell signature.

Abstract: Computer-implemented methods, systems and computer program products leveraging collection and analysis of anonymized biological data, location data, individual IDs and time data from groups of individuals within a surrounding environment. The anonymized data can be combined with sources of map data and available historical data to help provide context about the surrounding environment of the users and stored for analysis and decision-making that physically impacts and alters the surrounding environment. At periodic or sporadic intervals, the collected data is extracted and analyzed. Based on the analysis of the anonymized data, physical changes are dynamically implemented within the physical environment, including remotely altering the physical environment by instructing changes to surrounding environment over a computer network such as modifying one or more settings of IoT devices positioned within the surrounding environment analyzed.

Abstract: A method for processing electronic documents comprises an iteration including: (i) applying, by a computer device, a first statistical test process to a first subset of the documents, the first statistical test process estimating whether or not content of the documents of the first subset comply with a predefined criterion; (ii) in response to a result of the first statistical test process, estimating, by the computer device, that the documents of the first subset do not comply with the criterion, selecting, by the computer device, a part of the documents of the first subset, and moving, by the computer device, the part of the documents to a second subset of the documents; and (iii) applying, by the computer device, a second statistical test process to the second subset of the documents, the second statistical test process calculating at least one statistical metric related to the documents of the second subset.

Abstract: The disclosure generally relates to systems and methods for detecting personally identifiable information (PII). The present systems and methods solve the problem of detecting the PII and the PII column names in the customer database with enhanced accuracy, by developing a PII classification model trained with an enhanced and effective training dataset. An enhanced sub-metadata from the metadata having the plurality of the column names is obtained by using highest match distance values, the string comparator values, and the is PII indicator values. The enhanced sub-metadata comprising the column names that can be easily differentiated as PII columns or non-PII columns. Hence the training dataset and the testing dataset obtained from the enhanced sub-metadata improves the accuracy of the PII classification model. Preventive measures can be taken to protect such detected PII present under the PII columns by employing various data privacy and protection techniques.

Abstract: An endpoint in a network periodically generates a heartbeat encoding health state information and transmits this heartbeat to other network entities. Recipients of the heartbeat may use the health state information to independently make decisions about communications with the source endpoint, for example, by isolating the endpoint to prevent further communications with other devices sharing the network with the endpoint. Isolation may be coordinated by a firewall or gateway for the network, or independently by other endpoints that receive a notification of the compromised health state.

Abstract: According to an embodiment, a system includes an electronic device, a server, and an output device. The electronic device may perform user authentication together with the server. The server may specify first content based on the user authentication and may transmit first metadata of the first content to the electronic device. The electronic device may visually output a first object representing the first content based on the first metadata, and transmit, when at least one object is selected of the output objects by the user, identification information of content represented by the selected object to the server. The server may output content corresponding to the identification information through the output device. Moreover, various embodiment found through the present disclosure are possible.

Abstract: Implantable devices, such as artificial organs, increasingly incorporate hardware, software, firmware, and/or wireless communication capabilities. For example, such implantable devices can utilize wireless technology to allow for efficient configuration, maintenance, and operational analysis. As these implantable devices become more connected, electronic security will become more important. This disclosure relates to implantable devices that may utilize a secure boot process and secure communication, both between artificial devices in the human body and between these devices and the external world. This disclosure provides secure communication approaches for maintaining the digital privacy and integrity of artificial devices, for protecting the individual from malicious hacking of data, and for controlling of such implantable devices.

Abstract: The disclosed embodiments relate to systems and methods for securely associating an application installation with an account of a service. The computer implemented method may include an inviting device with authenticated access to an account provided by a service having data stored therein. An invite code may be generated in response to a request to enable another device to have access to the service account without identifying the other device. The inviting device may provide the invite code to an invited device. The disclosed embodiments enable an inviting device to provide secure and convenient authenticated account access to multiple devices.

Abstract: In a communication system, a first mediation apparatus includes a first control device. The first control device stores in a memory a correlation database correlating a mediation apparatus ID of the second mediation apparatus with a first device ID of a device. The first controller requests a management server to register the first device ID, and receives a first command from the management server. The first controller transmits a second command to the second mediation apparatus through the firewall by using a series of procedures. The second command includes second instruction information based on the second command. The first controller transmits a first response to the management server. The second mediation apparatus includes a second control device to initiate the series of procedures and transmits a third command based on the second command to the device, and transmits a second response as to the first mediation apparatus through the firewall.

Abstract: A gateway of a vehicle is connected to a telematics control unit (TCU) and a plurality of electronic control units (ECUs). The gateway is programmed to receive a command from the TCU, the command specifying an electronic serial number (ESN) of a target ECU of the ECUs, and forward the command to the target ECU responsive to confirmation that the ESN of the target ECU is included in the web of trust.

Abstract: A system and method are described. An illustrative method includes receiving content associated with a digital original work from a user device, where the associated content includes an object contained therein; determining an attribute-value pair for the content or the object contained within the content; linking the attribute-value pair to the associated content or the object contained within; determining that a second user is interested in the associated content; and causing the associated content to be transmitted to a second user device.

Abstract: According to one configuration, a wireless access service provider selects and assigns a particular authentication option amongst multiple different authentication options to an entity such as a wireless access point or a sub-network supported by the wireless access point. When a communication device attempts to use the corresponding wireless access point provided by the wireless access service provider, a wireless access gateway receives information from the wireless access point indicating the particular authentication option assigned to authenticate the communication device. The wireless access gateway communicates the notification of the particular authentication option to an authentication manager, which provides the wireless access gateway with network address information indicating a captive portal in which to authenticate the communication device.

Abstract: Generating verification codes includes selecting at least two verification code generators from a verification code generator set comprising a plurality of verification code generators to compose a current use set, executing each verification code generator in the current use set to obtain corresponding partial verification codes, composing a current verification code from the partial verification codes, outputting the current verification code to a user, receiving a user response that is made in response to the current verification code, and comparing the current verification code and the user response to determine whether the user is verified.

Abstract: A method for real-time detection of and protection from steganography in a kernel mode comprises detecting transmission of a file via a firewall, an operating system, or an e-mail system. A size of the file is determined. From a file system, a stored filesize of the file is retrieved. The determined size of the file is compared to the stored filesize of the file. Responsive to the determined size of the file being larger than the stored filesize of the file, steganography detection analytics are executed on the file. Responsive to the steganography detection analytics indicating presence of steganography in the file, a steganography remediation action is executed, and information is transmitted describing the steganography to a client device.

Abstract: A security platform uses a sensor-event-analysis-response methodology to iteratively adapt to a changing security environment by continuously creating and updating entity models based on observed activities and detecting patterns of events that deviate from these entity models.

Abstract: A form of the invention is applicable for use in conjunction with a security credential management system that produces and manages pseudonym digital certificates issued to vehicles and used by vehicles to establish trust in vehicle-to-vehicle communications, the security credential management system including a pseudonym certificate authority processor entity which issues pseudonym digital certificates to vehicles, a registration authority processor entity that validates, processes and forwards requests for pseudonym digital certificates to the pseudonym certificate authority processor entity, and a misbehavior authority processor entity that receives misbehavior reports from reporter vehicles that include information about the reporter vehicles and suspect misbehaving vehicles and is responsible for producing a list of revoked credentials; the pseudonym certificate processor entity and registration authority processor entity participating in producing linkage values to be contained within the issued pseudon