Abstract: A system and method for enhancement of device security using machine learning and a set of rules is provided. The system acquires log data from an electronic device configured to communicate data via a network. The system prepares a feature set based on the log data. The feature set corresponds to one or more parameters associated with a cybersecurity of the electronic device. The system determines security incidents associated with the electronic device based on at least one of an application of one or more incident detection rules and/or one or more ML models on the feature set. The system collects information associated with the determined security incidents and determines a set of measures to be implemented on the electronic device to mitigate or prevent issues associated with the security incidents. Thereafter, the system controls execution of the determined set of measures on the electronic device.

Abstract: Disclosed are a CPK-based digital bank, a digital currency and a payment method. The digital currency is a core component of the digital bank. The digital currency is realized by means of a CPK digital signature, and a payer provides an account authenticity certification, an amount authenticity certification and a fund allocation authenticity certification, thereby effectively preventing crimes inside or outside a bank. The digital currency directly takes an account identifier as an account number. The digital currency can be used in on-line operations, as well as off-line operations, thereby satisfying face-to-face trade requirements between a great number of retail accounts. The CPK digital bank is realized by means of a CPK chip without support of other devices, such that everyone can check the authenticity of the digital currency.

Abstract: One example method includes dynamically monitoring a stream of image portions that have been classified by a segmentation model of a video surveillance system, evaluating the image portions, based on the evaluating, determining that an attack on the video surveillance system is occurring, or has occurred, and implementing, or causing the implementation of, a remedial action with regard to the attack. The image portions may be image portions that have been classified by a segmentation model.

Abstract: Blockchain systems operate over a network of computing devices. Proof of space blockchain consensus systems utilize data stored in storage devices across the computing devices within the network. These storage devices are utilized to generate and store proof of space consensus data. This data is then accessed at a later time to respond to challenges issued across the blockchain network. In order to limit successful submissions of these challenge responses, one or more filters are utilized. These filters result in only a fraction of the stored data on a storage device to be useable for solving the blockchain challenge. Attackers may attempt to circumvent this filter to increase their odds of submitting an approved solution to the blockchain challenge. In order to address this, additional data structures are stored within the storage device and are registered at the time of creation on the blockchain to make these filters more robust.

Abstract: A system for detecting Denial-of-Service (DoS) attacks on one or more user profiles collects a number of invalid sign-on attempts on the one or more user profiles during every time interval. The system determines a number of invalid sign-on attempts on every user profile since the start of the first time interval. The system detects a first DoS attack on a particular user profile if a first number of invalid sign-on attempts on the particular user profile exceeds a single-user profile. The system detects a second DoS attack on multiple user profiles during the first time interval if the increase in the total number of invalid sign-on attempts since the last time interval exceeds a scan-level threshold number. The system detects a third DoS attack on multiple user profiles if the total number of invalid sign-on attempts detected during combined time intervals exceeds a third threshold number.

Abstract: A confidential computing (CC) apparatus includes a CPU and a peripheral device. The CPU is to run a hypervisor that hosts one or more Trusted Virtual Machines (TVMs). The peripheral device is coupled to the CPU and to an external memory. The CPU includes a TVM-Monitor (TVMM), to perform management operations on the one or more TVMs, to track memory space that is allocated by the hypervisor to the peripheral device in the external memory, to monitor memory-access requests issued by the hypervisor to the memory space allocated to the peripheral device in the external memory, and to permit or deny the memory-access requests, according to a criterion.

Abstract: Described are techniques for asset management using an asset management identification key. The techniques include populating, based on input to a front-end portal, a plurality of fields including a plurality of attributes and a serial number of a device. The techniques further include hashing each of the plurality of fields. The techniques further include hashing a contiguous sequence of the hashed plurality of fields to generate an asset management identification key. The techniques further include transmitting the asset management identification key to a blockchain and authenticating the device using the asset management identification key stored on the blockchain.

Abstract: Systems and methods for sending and receiving communications securely between a human interface keyboard and a computer terminal are described. In some embodiments, the keyboard includes a human interface display and a processor to encrypt keystrokes entered by a user. Synchronization between the keyboard and the computer terminal is maintained by the devices, by encrypting and decrypting a signal according to the same randomized negotiated ASCII CharSet, which is generated by the computer terminal.

Abstract: A method of verifying resource protection statuses for resources for address-based resources may include receiving a request for verification of resource protection from a client device for an address-based resource. The request includes an address of a resource. The intermediate system is programmed to receive resource protection verification requests from a plurality of client devices, and to receive resource protection verifications from a plurality of resource protection systems that are in communication with the intermediate system. The method also includes determining that none of the resource protection systems in the plurality of resource protection systems currently protect the resource; retrieving information that is securely stored for the resource and a user associated with the request; and sending the information to one or more of the plurality of resource protection systems as a request to protect the resource.

Abstract: A database system includes: a distributed processing apparatus 1; and a plurality of database apparatuses 2, in which the distributed processing apparatus 1 includes: a generation unit 12 that generates an execution plan for a query related to the database apparatuses 2 based on a security policy; a transmission unit 13 that divides the query in accordance with the execution plan and transmits instructions to the corresponding database apparatuses 2, the instructions including divided queries obtained by dividing the query and transfer destinations of execution results of the divided queries; and an output unit 14 that receives the execution result of the query, from the database apparatus 2, and outputs the execution result, the database apparatuses 2 each include an execution unit 22 that executes the divided query included in the instruction received from the distributed processing apparatus 1, and transmits the execution result to another database apparatus or the distributed processing apparatus serving

Abstract: In a user credential control system, an access control server includes a token issuing unit that issues, to a service provider server, a token in which a user credential that can be acquired by the service provider server is described according to the company name and the type of a service of the service provider server described in an electronic certificate, a policy registration unit that registers a policy of an access authority of the service provider server to the user credential based on the company name or the type of the service of the service provider server, and a notification reception unit that, when the user credential of the user terminal has been changed, acquires the service provider server with the access authority to the user credential from a token according to the registered policy to notify the service provider server of the change of the user credential.

Abstract: Methods and systems are described herein for a transfer authorization system that may monitor for transfer requests for secondary cryptographic addresses maintained for one or more primary cryptographic addresses. When a transfer request is received, the transfer authorization system may determine that the transfer request is for a secondary cryptographic address. Based on that determination, the transfer authorization system may determine that the source cryptographic address of the request is authorized to receive control of cryptographic tokens from the secondary cryptographic address and that the request is associated with the source cryptographic address. The transfer authorization system may then transfer control of one or more cryptographic tokens from an associated primary cryptographic address to the secondary cryptographic address, and upon the successful transfer, may also transfer control of the one or more tokens to the requestor.

Abstract: A system for providing forensic tracing of memory device content erasure and tampering is disclosed. The system uses a special command that enables forensic tracing in a secure memory device. Once the forensic tracing is enabled, firmware of the memory device tracks the data stored on the memory device. The command specifies whether the tracking and tracing is for the entire memory device or for a region of the memory device. The firmware confirms that the forensic tracing is enabled, and a target protection region is defined. Once an authenticated command for an operation to access, modify, or erase data of the memory device is received from a host, the system enables the operation to proceed. The system creates a trace of the operation and the metadata of the target region that is modified within a secure memory region of the memory device that is not addressable by the host device.

Abstract: Systems and methods for redacted statement delivery to third-party institutions are disclosed. A method may include: receiving a request for a statement from a third-party backend; retrieving a list comprising a plurality of available statements; providing the list of the plurality of available statements to the third-party backend; retrieving a selection of one of the plurality of available statements; identifying metadata for data fields in a statement template; generate the selected statement using the statement template and embedding the metadata in data fields of the statement; identifying a redaction reason; identifying redaction metadata associated with the redaction reason; redact data fields in the statement having metadata matching the redaction reason metadata; storing the redacted statement in a temporary store; and returning a path for the temporary store to the third-party backend, wherein the third-party backend may retrieve the redacted statement from the temporary store.

Abstract: A client application sends DNS requests to a threat protection service when a mobile device operating the client application is operating off-network. The application is configured to detect network conditions and automatically configure an appropriate system-wide DNS resolution setting. Preferably, DNS requests from the client identify the customer and the device to threat protection (TP) service resolvers without introducing a publicly-visible customer or device identifier to the DNS requests or responses. The TP system then applies the correct policy to DNS requests coming from off-network clients. In particular, the resolver recognizes the customer for requests coming for off net clients and apply the customer's policy to such request. The resolver is configured to log the customer and the device associated with requests from the TP off-net client. Request logs from the TP resolver are provided to a cloud security intelligence platform for threat intelligence analytics and customer visible reporting.

Abstract: The technology disclosed herein provides network bound encryption that enables a node management device to orchestrate workloads with encrypted data without sharing the decryption key. An example method may include: obtaining an asymmetric key pair comprising a public asymmetric key and a private asymmetric key; establishing a symmetric key using a key establishment service, wherein the symmetric key is established in view of the private asymmetric key of a first computing device and a public asymmetric key of the key establishment service; transmitting sensitive data encrypted using the symmetric key to a persistent storage device accessible to a second computing device; initiating a creation of an execution environment on the second computing device; and providing, by the first computing device, the public asymmetric key and the location data to the second computing device, wherein the location data corresponds to the key establishment service.

Abstract: A lifelong learning intrusion detection system and methods are provided. The system may capture network data directed to a host node. The host node may include a honeypot. The honeypot may emulate operation of a physical or virtual device to attract malicious activity. The system may classify, based on a supervised machine learning model, the network data as being not malicious or not malicious. The system may classify, based on an unsupervised machine learning model, the network data as being anomalous or not anomalous. The system may alter operation of the honeypot to induce malicious activity. The system may determine, after operation of the honeypot is altered, the honeypot is accessed. The system may retrain the supervised machine learning model and/or unsupervised machine learning model based the network data.

Abstract: Systems and methods are described that enable trusted communications between two entities. In one implementation, a controller of a vehicle may include one or more processors configured to receive data and a controller signature from a second controller of the vehicle. The controller signature may be generated based on at least a first portion of the data. The one or more processors may be further configured to transmit the data and the controller signature to a gateway of the vehicle and receive a gateway signature from the gateway. The gateway signature may be generated based on at least a second portion of the data and transmitted to the controller after the gateway verified the controller signature. In addition, the one or more processors may be configured to verify the gateway signature and process the data.

Abstract: An enterprise security system is improved by taking remedial actions responsive to detecting attempts at tampering with computing resources. When a tamper detection instrument detects an attempt at tampering, information about the attempt at tampering may be used to identify one or more candidate types of threats and/or candidate threats. One or more remedial actions associated with the threat or type of threat can be identified and applied in ten enterprise network environment.

Abstract: Various methods, apparatuses/systems, and media for programmatically generating and rotating secrets for applications to read them to connect to various services are disclosed. A processor determines, in a preconfigured time interval, whether secrets/credentials corresponding to a service provider has been changed; calls a first API to retrieve the changed secrets/credentials from the corresponding service provider; stores the changed secrets/credentials to a corresponding predefined location; causes an application to call a second API to retrieve the changed secret or the credential from the corresponding predefined location; and automatically establishes a connection between the application and the corresponding service provider based on a determination that the changed secrets/credentials retrieved from the predefined location matches with the changed secrets/credentials retrieved from the corresponding service provider during the preconfigured time interval.