Abstract: A method is disclosed, comprising dividing an outgoing message into a plurality of shards, and generating an error correction code corresponding to the outgoing message. The method may also include transmitting a first shard and a second shard of the plurality of shards to a core network via a radio access network (RAN). The first shard and the second shard are encrypted and the second shard is transmitted after a configurable time interval after transmitting the first shard.

Abstract: Systems and techniques for bi-directional voice authentication are described herein. A first audio segment and a first description of the first audio segment may be received. An authentication token may be created using the first audio segment and the first description. An authentication request may be received from the user. The first audio segment may be transmitted to the user. A second description of the first audio segment may be received from a device of the user in response to the transmission of the first audio segment. The second description may be compared to the first description. The authentication token may be selected based on the comparison. The authentication token may be transmitted to the device. Requests of the user for secure information may be authenticated using the authentication token for a duration of an interaction session between the user and the device.

Abstract: Decoy network ports and services are projected onto existing production workloads to facilitate cyber deception, without the need to modify production machines. The approach may be implemented in a production network that includes two segments. A production machine is reachable via the first segment, while a decoy machine that offers the network service expected from the production machine is reachable via the second segment. A deception router is configured in front of the two segments, and it is not visible on the link and network layers. The router inspects network traffic destined for the production machine. Based on a set of one or more conditions being met, the router determines whether to relay network packets to the production machine, or to redirect the packet to the decoy machine.

Abstract: A system is provided which uses unique device and user identifiers to perform authentication of a user, device, and/or transaction. In particular, the system may use a heterogeneous blockchain system comprising a series of non-uniform blockchain nodes that may differ in functionality and/or positions of hierarchy. Said non-uniform nodes may further be organized into groups and/or subgroups with custom weight inputs/outputs which alter the degree to which the nodes, groups, and/or subgroups influence the blockchain consensus. In this way, the system increases the security of device authentication by helping to prevent unauthorized access to computing devices.

Abstract: Embodiments of the present disclosure may provide a data clean room allowing secure data analysis across multiple accounts, without the use of third parties. Each account may be associated with a different company or party. The data clean room may provide security functions to safeguard sensitive information. For example, the data clean room may restrict access to data in other accounts. The data clean room may also restrict which data may be used in the analysis and may restrict the output. The overlap data may be anonymized to prevent sensitive information from being revealed.

Abstract: Introduced here are security management platforms configured to identify, assess, and monitor organizational vulnerability to security threats. By monitoring netflow data regarding the traffic traversing the Internet, a security management platform can identify security threats that would otherwise go undetected. Such action can be performed instead of, or in addition to, monitoring netflow data regarding the traffic traversing a local network (also referred to as an “internal network”) associated with an organization under examination. Thus, rather than monitor the traffic leaving public-facing Internet Protocol (IP) addresses residing on the local network, the security management platform can instead monitor traffic traversing the Internet and then filter the traffic to identify flows originating from the local network, flows destined for the local network, or any combination thereof.

Abstract: A data analysis system receives potentially undesirable electronic communications and automatically groups them in computationally-efficient data clusters, automatically analyze those data clusters, automatically tags and groups those data clusters, and provides results of the automated analysis and grouping in an optimized way to an analyst. The automated analysis of the data clusters may include an automated application of various criteria or rules so as to generate an ordered display of the groups of related data clusters such that the analyst may quickly and efficiently evaluate the groups of data clusters. In particular, the groups of data clusters may be dynamically re-grouped and/or filtered in an interactive user interface so as to enable an analyst to quickly navigate among information associated with various groups of data clusters and efficiently evaluate those data clusters.

Abstract: An electronic device is provided. The electronic device includes a memory configured to store contents, a display configured to output the contents, and a processor operatively connected with the memory and the display. The memory is further configured to store instructions that, when executed, cause the processor to, in response to a first user input, select at least one contents satisfying a specified condition among a plurality of contents stored in the memory, output a first screen composed of the selected at least one contents in the display, and if a second user input to end the output of the first screen is received, output a second screen for verification of a user of the electronic device in the display.

Abstract: A mechanism to share cryptographic material across entities that may not have a direct trust relationship between or among each other, or no network connectivity, or some combination thereof, but where participating entities do share a trust relationship (or trusted connection(s)) with a common entity, sometimes referred to herein as a “conduit” entity. This technique enables such entities to leverage their trust relationship with a common “conduit” entity to share cryptographic material between or among themselves.

Abstract: An endpoint computer system monitors data relating to a plurality of events occurring within an operating environment of the endpoint computer system. The monitoring can include receiving and/or inferring the data using one or more sensors executing on the endpoint computer system. The endpoint computer system can store artifacts used in connection with the plurality of events in a vault maintained on such endpoint computer system. The endpoint computer system, in response to a trigger, identifies and retrieves metadata characterizing artifacts associated with the trigger from the vault. Such identified and retrieved metadata is then provided by the endpoint computer system to a remote server.

Abstract: An identity management system is augmented to provide for automated provisioning of user accounts. A user account is autoprovisioned based on detected attribute patterns. A set of existing account information is retrieved. A software module resident in a computer memory performs pattern matching on the retrieved set of existing account information to extract attribute information in the retrieved set of existing account information and on the extracted attribute information to discover a first attribute pattern. Next, an account template is generated according to the discovered attribute patterns. Using the generated account template, a new account on the first target is created giving the first user access to the target.

Abstract: Systems and methods for managing digital identities. In some embodiments, a method is provided, comprising acts of: receiving a request to validate at least one statement about a user; identifying, from the request, a reference to a distributed ledger, the reference comprising an identifier for the distributed ledger and an identifier for a transaction recorded on the distributed ledger; identifying, based at least in part on the identifier for the distributed ledger, at least one node of a network of nodes managing the distributed ledger; and communicating with the at least one node to validate the at least one statement about the user.

Abstract: A computer device, having at least two long-range wireless profiles and coupled with a communication bus of a vehicle, receives a notice that a vehicle-centric download for the computer device, or for a vehicle device coupled to the communication bus, is pending from a remote server. The vehicle computer device determines the size and security requirement associated with the pending download, and a current operational state of the vehicle. If the size or security requirement is low, a consumer-centric profile may be used for the download even if the vehicle is currently being used. If the download file size is large or requires very high security, or if a user is currently using the computer device according to the consumer-centric profile, the computer device may schedule the download to occur after receiving a trigger event occurrence message.

Abstract: A device that is capable of sending/receiving telephony-based messages may communicate with a blockchain network without having a direct connection (e.g., internet connection) to the blockchain network. A message may be communicated via a telephony network to a telephony carrier system. The telephony carrier system may translate the telephony-based message into a blockchain-based communication and provide the blockchain-based communication to the blockchain network. In addition, an entity on the blockchain network may communicate with a device that does not have an internet connection to the blockchain network. The entity may initiate a blockchain-based communication that is received by an on-chain interface of a telephony network carrier. In response, the telephony network carrier may generate a telephony-based message and communicate the telephony-based message to the user device.

Abstract: Various embodiments are directed to a system for accessing a self-encrypting drive (SED) based on a blind challenge authentication response mechanism (BCRAM). An SED may be authenticated within a system, for example, upon resuming from a sleep state, based on a challenge generated within the SED, signed using a private key by a trusted execution environment (TEE) and authenticated using a corresponding public key within the SED.

Abstract: There is disclosed in one example, a computing apparatus, including: a hardware platform including a processor and a memory; a network interface; a data exchange layer (DXL) application programming interface (API), the DXL API including instructions to communicatively couple the apparatus to a DXL bus and provide a DXL abstraction layer on top of a TCP/IP-based communication network; and a reputation engine including instructions encoded within memory to instruct the processor to: receive a plurality of DXL messages from a first DXL endpoint; compute a composite reputation for the first DXL endpoint; receive from a second DXL endpoint a DXL message requesting a reputation for the first DXL endpoint; establish a private topic on the DXL bus between the computing apparatus and the second DXL endpoint; and publish the composite reputation to the private topic.

Abstract: Systems, methods, and other embodiments associated with cloud-based multi-layered security testing of a target application with multiple cloud-based security scanners using a single cloud-based graphical user interface are described. In one embodiment, a method includes receiving a request via a security testing interface to perform the cloud-based multi-layered security test on the target application. A single set of security test instructions to perform the cloud-based multi-layered security test on the target application using the selected cloud-based security scanners is generated and executed to initiate multiple security tests on the target application. A single set of scan results for the target application is generated based upon the execution of the multiple security tests, and is displayed by the single cloud-based graphical user interface.

Abstract: A computer-implemented method, computer program product and computer system include a processor(s) receiving request from a first client for an attribute of a first service node to utilize to access the service provided. The processor(s) provides the attribute of the first service node to the first client. The processor(s) accepts an access to the service by the first client, based on the first client utilizing the attribute to connect to the first service node. The processor(s) identifies attributes of one or more clients accessing the service via the first service node, including the first client. The processor(s) experiences an event indicating a need to change security protecting access to the service. The processor(s) redistributes the one or more clients to at least two additional service nodes.

Abstract: Aspects of the disclosure provide systems and methods for recognizing an assigned passenger. For instance, dispatching instructions to pick up a passenger at a pickup location are received. The instructions include authentication information for authenticating a client computing device associated with the passenger. A vehicle is maneuvered in an autonomous driving mode towards the pickup location. The client device is then authenticated. After authentication, a set of pedestrians within a predetermined distance of the vehicle are identified from sensor information generated by a sensor of the vehicle and location information is received over a period of time from the client device. The received location information is used to estimate a velocity of the passenger. This estimated velocity is used to identify a subset of set of pedestrians that is likely to be the passenger. The vehicle is stopped to allow the passenger to enter the vehicle based on the subset.

Abstract: A system and method for authenticating a user that requests access to services of a computer network, including using a unique communication address for authentication and identification. One of the methods includes globally assigning unique communication addresses to users and devices, the devices being uniquely associated with respective users. Unique communication addresses associate with the users are used for authenticating and identifying the users. A login function is used through the devices, the devices each being mapped to a unique communication address using a hardware identity configured for sending and receiving information over a network.