Abstract: A method for implementing automated threat alert triage via data provenance includes receiving a set of alerts and security provenance data, separating true alert events within the set of alert events corresponding to malicious activity from false alert events within the set of alert events corresponding to benign activity based on an alert anomaly score assigned to the at least one alert event, and automatically generating a set of triaged alert events based on the separation.

Abstract: A secure communication management (SCM) computer device for providing secure data connections in an aviation environment which, includes safety of flight information, is provided. The SCM computer device includes a processor in communication with a memory. The processor is programmed to receive, from a first user computer device, a first data message for a first aircraft. The first data message is in a standardized data format. The processor is also programmed to analyze the first data message for potential cybersecurity threats. If the determination is that the first data message does not contain a cybersecurity threat, the processor is further programmed to convert the first data message into a first data format associated with the first aircraft and transmit the converted first data message to the first aircraft using a first communication protocol associated with the first aircraft.

Abstract: An electronic system includes a plurality of hardware devices and an authenticated circuit. The authenticated circuit is integrated, as fixed hardware, in the electronic system together with the plurality of hardware devices during a manufacturing process of the electronic system, the authenticated circuit configured to verify system integrity based on a system identification code provided from inside of the electronic system by at least one of the plurality of hardware devices, the system integrity indicating that a combination of the authenticated circuit and the plurality of hardware devices has not been modified since the manufacturing process, the authenticated circuit configured to perform a mining operation to generate a next block, the next block to be linked to a blockchain only in response to the authenticated circuit verifying the system integrity. Indiscriminate mining competition may be prevented or reduced in likelihood of occurrence.

Abstract: In one embodiment, an apparatus comprising a memory to store a first value of a cryptographic key state; and a processor to generate a request to commit the first value of the cryptographic key state into a block of a blockchain, the blockchain to synchronize the cryptographic key state for a plurality of security modules; and generate a one-time cryptographic key based on the first value of the cryptographic key state responsive to a determination that the first value of the cryptographic key state has been committed to the blockchain.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for a virtual reality (VR)-based service verification method are provided. One of the methods includes: detecting a target service triggered by a visual focus of a user in a VR scene, wherein the target service requires security verification; acquiring, by eye recognition hardware, one or more eye physiological features from the user; comparing one of the acquired eye physiological features with a corresponding pre-stored eye physiological feature samples; and determining whether the security verification of the target service has succeed based on a comparison result. This method improves the accuracy and speed of security verification of a service in a VR scene.

Abstract: Systems and computer program products implement methods for detecting a man-in-the-middle (MITM) during HTTPS communications. The methods include establishing a TCP connection for the retrieval of a web page from a domain name using an alternate IP address that is different from the IP address of the target domain where receipt of the target web page in response to a HTTP GET message indicates that a MITM is present, using a domain name as the SNI in a TLS connection and an alternate domain name in a HTTP GET message where receipt of a target web page of the alternate domain name indicates that a MITM is present, and generating an alternate domain name using a domain generation algorithm and using the generated alternate domain name as the SNI in the TLS message where receipt of a certificate for the generated alternate domain name indicates that a MITM is present.

Abstract: A method for converting data via a centralized application programming interface (“API”) is provided. The method may include retrieving data files from two or more data repositories and transmitting the data files to the centralized API. For each of the data files, the method may include selecting a conversion application and executing the conversion application to convert the data files into secure data files. The executing may include converting sensitive data strings into fictional data strings. Each of the sensitive data strings may include a first sub-set of characters and a second sub-set of characters. The converting may include, for each of the sensitive data strings, replacing the first sub-set of characters with a third sub-set of characters and maintaining the second sub-set of characters. Following the converting, the method may include transmitting the secure data files to an external network.

Abstract: A user name, password and associated domain are stored for each account managed by a password manager on a computing device. A device-level network extension filters network traffic. Passwords are identified in outbound network traffic. Target domains to which identified passwords are being transmitted are compared to stored domains associated with the identified passwords. Based on results of these comparisons, it is determined whether attempts to transmit passwords to target domains are legitimate or not. In response to determining that a specific attempt to transmit a password to a target domain is legitimate, the transmission is allowed to proceed. Responsive to determining that a given attempt to transmit a password to a target domain is not legitimate, a corresponding security action is taken. For example, the connection over which the non-legitimate password transmission attempt is being made can be terminated, or the transmission attempt can be blocked.

Abstract: A method for establishing secured connection on an apparatus, comprising: connecting to a network; retrieving a last known block header hash corresponding to a last known block in a last known blockchain; connecting to a plurality of trusted peers via the network; in response to each trusted peer being successfully connected, downloading a latest block header of the trusted peers; based on the last known block header hash, determining whether the latest block header of each trusted peers is referenced to the last known block; and in response to a first number exceeding a threshold number, verifying the latest block header to form a latest version blockchain, wherein the first number is a number of peers in the plurality of trusted peers being successfully connected, and the peers have the latest block header being referenced to the last known block.

Abstract: Embodiments provide traceability of edits to a document, i.e., a verifiable and immutable provenance chain for the document. Systems and methods enable traceability of edits, by encoding, for states of the document, a fingerprint (e.g., a cryptographic hash of the document's contents) and an edit history within a block written to a distributed ledger (e.g., a blockchain). The ledger is maintained via a self-organizing peer-to-peer distributed ledger network. Once added to the ledger, the contents of a block (e.g., the document's fingerprint and edit history) are immutable and the integrity of the edit history encoded in the ledger is secure. The algorithm that generates the fingerprint is sensitive to edits of the document. The non-corruptible fingerprint encoded in the ledger is employable to detect any edits that are not included in the encoded edit history and/or inconsistent with a currently available version of the document.

Abstract: The disclosed computer-implemented method for enforcing secure shared access on computing devices by context pinning may include recording, on the computing device, one or more actions performed on one or more applications, determining, based on the recorded actions and applications, a context that defines permitted actions and applications for a guest user of the computing device, monitoring, based on the context, user activity on the computing device, detecting an activity that violates the context, and performing, in response to the detection, a security action. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present disclosure includes apparatuses, methods, and systems for block chain validation of memory commands. An embodiment includes a memory, and circuitry configured to receive a command that is included in a block in a block chain for validating commands to be executed on the memory, wherein the command includes an anti-replay portion that is based on a previous command included in a previous block in the block chain, validate the command using the anti-replay portion of the command, and execute the command on the memory upon validating the command.

Abstract: In an aspect of the invention, a network node configured to enable authentication of a user of a client device based on biometric data captured by the client device is provided, which network node receives a request to authenticate a user of a client device, the authentication request comprising a user identifier, fetch at least one set of enrolled transformed biometric data corresponding to the user identifier and a secret feature transform key with which the biometric data was transformed at enrolment of the transformed biometric data at the network node, and submit the transformed biometric data and the secret feature transform key over a secure communication channel to the client device.

Abstract: Systems and methods are described for the generation of domain names that may be associated with a particular user device and may be encrypted to obfuscate the domain names of content requested by the user device.

Abstract: An example operation may include one or more of receiving a request to commit a blockchain request to a hash-linked chain of blocks stored on a distributed ledger, extracting governance policies which are encoded within a data block of the hash-linked chain of blocks on the distributed ledger, determining if the blockchain request satisfies the extracted governance policies of the hash-linked chain of blocks on the distributed ledger, and in response to the blockchain request satisfying the extracted governance policies, executing the blockchain request and storing the executed blockchain request within another data block of the hash-linked chain of data blocks on the distributed ledger.

Abstract: A blockchain transaction manager implements a method of managing submission of blockchain transactions to a node in a blockchain network by validating a received blockchain transaction and enqueuing the validated received blockchain transaction in a transaction queue, preparing at least one transaction attribute of the received blockchain transaction and placing the received blockchain transaction in a persistence queue, digitally signing or certifying the received blockchain transaction, attempting to submit the digitally signed or certified blockchain transaction to the node, and polling a blockchain status of the submitted blockchain transaction. Processes are provided for automatically recalculating blockchain transaction processing fees in the blockchain transaction attributes. Processes are also provided for repairing transaction attributes when the blockchain transaction has been rejected and submitting the repaired blockchain transaction to the node.

Abstract: Disclosed is a system and method to create an encrypted file system on a block chain. The system creates the block chain controlling an access to the encrypted file system. The block chain defines a user permission to access at least a portion of the encrypted file system. The system creates the encrypted file system by recording a unique file ID in the block chain, where the unique file ID stores a chunk index including memory locations of multiple chunks storing portions of a file in the encrypted file system. The system encrypts the file using a channel session key and a file encryption key. The channel session key includes a cryptographic key computed based on information known to users granted at least a temporary access to the file, and the file encryption key includes a cryptographic key used to encrypt each file in the encrypted file system.

Abstract: A method for network authentication of wireless devices at a gateway is provided that includes scanning a wireless network by the gateway to discover unjoined wireless devices, joining a discovered wireless device to the gateway using a non-internet protocol implemented by the wireless device, wherein the joining results in an encrypted connection between the gateway and the wireless device, and authenticating the discovered wireless device to the gateway via the encrypted connection, wherein authentication is performed according to an authentication protocol of a network protocol management layer of the gateway.

Abstract: Examples of the present disclosure describe systems and methods for behavioral threat detection definition. In an example, a behavior rule comprising a set of rule instructions is used to define one or more events indicative of a behavior. For example, a set of events from which one event must be matched may be defined or a set of events from which all events must be matched may be defined. In some examples, events are matched based on an event name or type, or may be matched based on one or more parameters. Exact and/or inexact matching may be used. The set of rule instructions ultimately specifies one or more halt instructions, thereby indicating that a determination as to the presence of the behavior has been made. Example determinations include, but are not limited to, a match determination, a non-match determination, or an indication that additional monitoring should be performed.

Abstract: Disclosed herein are systems and method for storing media authentication data using a distributed ledger. In one aspect, an exemplary method comprises, receiving, by a processor of a computing node of a plurality of computing nodes, one or more hashes associated with a media content and a timestamp, the computing nodes being communicatively linked, generating a data block that contains at least one of the received hashes, the data block being generated by hashing a hash corresponding to a previous data block of the distributed ledger together with the at least one hash, the at least one hash corresponding to the media content of the data block being generated, transmitting to the plurality of computing nodes, a message reporting an addition of the generated data block, wherein at least some of the plurality of computing nodes maintain at least a partial copy of the distributed ledger.