Abstract: Systems and methods for sending and receiving communications securely between a human interface keyboard and a computer terminal are described. In some embodiments, the keyboard includes a human interface display and a processor to encrypt keystrokes entered by a user. Synchronization between the keyboard and the computer terminal is maintained by the devices, by encrypting and decrypting a signal according to the same randomized negotiated ASCII CharSet, which is generated by the computer terminal.

Abstract: A database system includes: a distributed processing apparatus 1; and a plurality of database apparatuses 2, in which the distributed processing apparatus 1 includes: a generation unit 12 that generates an execution plan for a query related to the database apparatuses 2 based on a security policy; a transmission unit 13 that divides the query in accordance with the execution plan and transmits instructions to the corresponding database apparatuses 2, the instructions including divided queries obtained by dividing the query and transfer destinations of execution results of the divided queries; and an output unit 14 that receives the execution result of the query, from the database apparatus 2, and outputs the execution result, the database apparatuses 2 each include an execution unit 22 that executes the divided query included in the instruction received from the distributed processing apparatus 1, and transmits the execution result to another database apparatus or the distributed processing apparatus serving

Abstract: A method of verifying resource protection statuses for resources for address-based resources may include receiving a request for verification of resource protection from a client device for an address-based resource. The request includes an address of a resource. The intermediate system is programmed to receive resource protection verification requests from a plurality of client devices, and to receive resource protection verifications from a plurality of resource protection systems that are in communication with the intermediate system. The method also includes determining that none of the resource protection systems in the plurality of resource protection systems currently protect the resource; retrieving information that is securely stored for the resource and a user associated with the request; and sending the information to one or more of the plurality of resource protection systems as a request to protect the resource.

Abstract: Methods and systems are described herein for a transfer authorization system that may monitor for transfer requests for secondary cryptographic addresses maintained for one or more primary cryptographic addresses. When a transfer request is received, the transfer authorization system may determine that the transfer request is for a secondary cryptographic address. Based on that determination, the transfer authorization system may determine that the source cryptographic address of the request is authorized to receive control of cryptographic tokens from the secondary cryptographic address and that the request is associated with the source cryptographic address. The transfer authorization system may then transfer control of one or more cryptographic tokens from an associated primary cryptographic address to the secondary cryptographic address, and upon the successful transfer, may also transfer control of the one or more tokens to the requestor.

Abstract: In a user credential control system, an access control server includes a token issuing unit that issues, to a service provider server, a token in which a user credential that can be acquired by the service provider server is described according to the company name and the type of a service of the service provider server described in an electronic certificate, a policy registration unit that registers a policy of an access authority of the service provider server to the user credential based on the company name or the type of the service of the service provider server, and a notification reception unit that, when the user credential of the user terminal has been changed, acquires the service provider server with the access authority to the user credential from a token according to the registered policy to notify the service provider server of the change of the user credential.

Abstract: A system for providing forensic tracing of memory device content erasure and tampering is disclosed. The system uses a special command that enables forensic tracing in a secure memory device. Once the forensic tracing is enabled, firmware of the memory device tracks the data stored on the memory device. The command specifies whether the tracking and tracing is for the entire memory device or for a region of the memory device. The firmware confirms that the forensic tracing is enabled, and a target protection region is defined. Once an authenticated command for an operation to access, modify, or erase data of the memory device is received from a host, the system enables the operation to proceed. The system creates a trace of the operation and the metadata of the target region that is modified within a secure memory region of the memory device that is not addressable by the host device.

Abstract: Systems and methods for redacted statement delivery to third-party institutions are disclosed. A method may include: receiving a request for a statement from a third-party backend; retrieving a list comprising a plurality of available statements; providing the list of the plurality of available statements to the third-party backend; retrieving a selection of one of the plurality of available statements; identifying metadata for data fields in a statement template; generate the selected statement using the statement template and embedding the metadata in data fields of the statement; identifying a redaction reason; identifying redaction metadata associated with the redaction reason; redact data fields in the statement having metadata matching the redaction reason metadata; storing the redacted statement in a temporary store; and returning a path for the temporary store to the third-party backend, wherein the third-party backend may retrieve the redacted statement from the temporary store.

Abstract: A client application sends DNS requests to a threat protection service when a mobile device operating the client application is operating off-network. The application is configured to detect network conditions and automatically configure an appropriate system-wide DNS resolution setting. Preferably, DNS requests from the client identify the customer and the device to threat protection (TP) service resolvers without introducing a publicly-visible customer or device identifier to the DNS requests or responses. The TP system then applies the correct policy to DNS requests coming from off-network clients. In particular, the resolver recognizes the customer for requests coming for off net clients and apply the customer's policy to such request. The resolver is configured to log the customer and the device associated with requests from the TP off-net client. Request logs from the TP resolver are provided to a cloud security intelligence platform for threat intelligence analytics and customer visible reporting.

Abstract: The technology disclosed herein provides network bound encryption that enables a node management device to orchestrate workloads with encrypted data without sharing the decryption key. An example method may include: obtaining an asymmetric key pair comprising a public asymmetric key and a private asymmetric key; establishing a symmetric key using a key establishment service, wherein the symmetric key is established in view of the private asymmetric key of a first computing device and a public asymmetric key of the key establishment service; transmitting sensitive data encrypted using the symmetric key to a persistent storage device accessible to a second computing device; initiating a creation of an execution environment on the second computing device; and providing, by the first computing device, the public asymmetric key and the location data to the second computing device, wherein the location data corresponds to the key establishment service.

Abstract: A lifelong learning intrusion detection system and methods are provided. The system may capture network data directed to a host node. The host node may include a honeypot. The honeypot may emulate operation of a physical or virtual device to attract malicious activity. The system may classify, based on a supervised machine learning model, the network data as being not malicious or not malicious. The system may classify, based on an unsupervised machine learning model, the network data as being anomalous or not anomalous. The system may alter operation of the honeypot to induce malicious activity. The system may determine, after operation of the honeypot is altered, the honeypot is accessed. The system may retrain the supervised machine learning model and/or unsupervised machine learning model based the network data.

Abstract: Systems and methods are described that enable trusted communications between two entities. In one implementation, a controller of a vehicle may include one or more processors configured to receive data and a controller signature from a second controller of the vehicle. The controller signature may be generated based on at least a first portion of the data. The one or more processors may be further configured to transmit the data and the controller signature to a gateway of the vehicle and receive a gateway signature from the gateway. The gateway signature may be generated based on at least a second portion of the data and transmitted to the controller after the gateway verified the controller signature. In addition, the one or more processors may be configured to verify the gateway signature and process the data.

Abstract: An enterprise security system is improved by taking remedial actions responsive to detecting attempts at tampering with computing resources. When a tamper detection instrument detects an attempt at tampering, information about the attempt at tampering may be used to identify one or more candidate types of threats and/or candidate threats. One or more remedial actions associated with the threat or type of threat can be identified and applied in ten enterprise network environment.

Abstract: Various methods, apparatuses/systems, and media for programmatically generating and rotating secrets for applications to read them to connect to various services are disclosed. A processor determines, in a preconfigured time interval, whether secrets/credentials corresponding to a service provider has been changed; calls a first API to retrieve the changed secrets/credentials from the corresponding service provider; stores the changed secrets/credentials to a corresponding predefined location; causes an application to call a second API to retrieve the changed secret or the credential from the corresponding predefined location; and automatically establishes a connection between the application and the corresponding service provider based on a determination that the changed secrets/credentials retrieved from the predefined location matches with the changed secrets/credentials retrieved from the corresponding service provider during the preconfigured time interval.

Abstract: Systems and methods are described that enable trusted communications between two entities. In one implementation, a controller of a vehicle may include one or more processors configured to receive data and a controller signature from a second controller of the vehicle. The controller signature may be generated based on at least a first portion of the data. The one or more processors may be further configured to transmit the data and the controller signature to a gateway of the vehicle and receive a gateway signature from the gateway. The gateway signature may be generated based on at least a second portion of the data and transmitted to the controller after the gateway verified the controller signature. In addition, the one or more processors may be configured to verify the gateway signature and process the data.

Abstract: An anomaly detection system is disclosed capable of reporting anomalous processes or hosts in a computer network using machine learning models trained using unsupervised training techniques. In embodiments, the system assigns observed processes to a set of process categories based on the file system path of the program executed by the process. The system extracts a feature vector for each process or host from the observation records and applies the machine learning models to the feature vectors to determine an outlier metric each process or host. The processes or hosts with the highest outlier metrics are reported as detected anomalies to be further examined by security analysts. In embodiments, the machine learnings models may be periodically retrained based on new observation records using unsupervised machine learning techniques. Accordingly, the system allows the models to learn from newly observed data without requiring the new data to be manually labeled by humans.

Abstract: The disclosure is generally directed to systems and methods for detecting presence of a potential user of a vehicle, validating the potential user with a permissioned blockchain with a plurality of predefined nodes through a consensus among the predefined nodes, determining a level of authentication for the potential user according to the consensus and allowing the potential user to enter the vehicle and denying access to predetermined vehicle systems if the consensus fails to provide the level of authentication above a predefined percentage. The initializing the authentication based on detected presence of the potential user includes detecting the potential user with an exterior sensor coupled to the vehicle and applying the permissioned blockchain to perform facial recognition including performing an initial determination of authentication and requesting confirmation of the initial determination from at least one of the plurality of 63 predefined nodes.

Abstract: A method by a service worker firewall middleware component is disclosed. The method includes causing a service worker firewall associated with a web site to be installed on a web browser, obtaining one or more rules in response to receiving a request from the service worker firewall for rules to be applied by the service worker firewall, sending a response to the service worker firewall, wherein the response includes the one or more rules, a digital signature for the one or more rules, and an indication of when the digital signature expires, wherein the digital signature is generated using a private key associated with the website, and receiving a rules violation report from the service worker firewall, wherein the rules violation report was generated as a result of the service worker firewall applying the one or more rules to cross-origin requests.

Abstract: A content management system comprising one or more processing devices, a network interface, and a memory system configured to store programmatic instructions configured to cause the one or more processing devices to perform the following operations is described. An electronic document may be generated and rendered, where the content management system may configure the electronic document as a mesh document, with both forward links and backlinks to other electronic resources. The forward links and/or backlinks may be to local electronic resources or remote electronic resources. The mesh document may be transmitted to client device over an encrypted channel, and the client device may render the electronic document. In response to an activation of a forward or backlink, the corresponding resource may be accessed from a data store, transmitted via the encrypted channel to the client device, and the client device may render such resource.

Abstract: Systems and methods for providing fleet remediation of compromised workspaces are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive, from a first local management agent configured to provide a first workspace in a fleet of workspaces, an indication that the first workspace has suffered a security compromise, where the first workspace is instantiated based upon a first workspace definition; and in response to the indication, transmit a second workspace definition to a second local management agent configured to provide a second workspace in the fleet of workspaces, where the second workspace is instantiated based upon the first workspace definition, and where the second local management agent is configured to instantiate a third workspace based upon the second workspace definition.

Abstract: Various embodiments relate to a data processing system including instructions embodied in a non-transitory computer readable medium, the instructions for a cryptographic operation using masked coefficients of a polynomial having d arithmetic shares for lattice-based cryptography in a processor, the instructions, including: shifting an arithmetic share of the d arithmetic shares by a first bound ?0; converting the d shifted arithmetic shares to d Boolean shares; securely subtracting the first bound ?0 and a second bound ?1 from the Boolean shares to obtain z?B,k+1 having d shares, wherein k is the number of bits in the masked coefficients of the polynomial; setting the shares of a boundary check bit to a sign bit of z?B,k+1; and carrying out a cryptographic operation using the d arithmetic shares of the polynomial when the d shares of the boundary check bit indicate that the coefficients of the polynomial are within the first bound ?0 and second bound ?1.