Abstract: A method for mitigating network abuse includes obtaining a first set of network traffic messages of network traffic currently received by a network service and determining, via a first model, whether network abuse is occurring based on the first set of network traffic messages. When the network abuse is occurring, the method includes obtaining a second set of current network traffic messages. The method also includes, for each network traffic message in the second set of network traffic messages, labeling, via a second model, the network traffic message as an abusing network traffic message or a non-abusing network traffic message. The method also includes generating, via a third model, at least one network traffic rule. Each network traffic rule, when implemented, reduces an effect of the abusing network traffic messages.

Abstract: One or more computing devices, systems, and/or methods are provided. Event information associated with a plurality of events may be identified. The plurality of events may be associated with first entities corresponding to a first entity type and second entities associated with a second entity type. A first network profile associated with the first entities and the second entities may be generated based upon the event information. An arrangement of particles corresponding to the first entities and the second entities may be generated. Charges associated with the particles may be determined based upon the first network profile. The particles may be rearranged to a second arrangement of particles based upon the charges. One or more clusters of particles in the second arrangement of particles may be identified. One or more coalition networks associated with fraudulent activity may be identified based upon the one or more clusters of particles.

Abstract: A method for hyper security encoding includes receiving data to be encrypted, and padding the data to be encrypted with padding data to avoid un-obfuscated bits after encryption. The method also includes encrypting, with a Mojette Transform, the data to be encrypted after the data to be encrypted is padded with the padding data, and outputting a result of the encryption as encrypted data.

Abstract: Systems and methods are described that enable trusted communications between two entities. In one implementation, a controller of a vehicle may include one or more processors configured to receive data and a controller signature from a second controller of the vehicle. The controller signature may be generated based on at least a first portion of the data. The one or more processors may be further configured to transmit the data and the controller signature to a gateway of the vehicle and receive a gateway signature from the gateway. The gateway signature may be generated based on at least a second portion of the data and transmitted to the controller after the gateway verified the controller signature. In addition, the one or more processors may be configured to verify the gateway signature and process the data.

Abstract: A method for providing access to media content from a media content provider is performed at an electronic device. The method includes receiving, from a client device, a request for access to a media item. The request for access includes a self-describing user-identifier. The method includes, in response to the request for access to the media item, initiating an analysis to determine whether the client device is authorized to access the media item, the analysis including an examination of a media consumption log associated with the client device. The media consumption log stores data representing self-describing user-identifiers. The analysis includes, based on the examination of the media consumption log, detecting multiple requests from different self-describing user identifiers corresponding to the client device to determine whether the client device has reached an access limit and, when the client device has reached the access limit, terminating access to the media item.

Abstract: Methods and systems are provided for identifying suspect Internet Protocol (IP) addresses, in accordance with embodiments described herein. In particular, embodiments described herein include obtaining a set of login pairs comprising login identifiers (e.g., user identifiers) and IP addresses used in attempts to login to a source. A set of IP clusters is generated using the set of login pairs. Each IP cluster can include one or more IP addresses identified as related based on a login identifier being used to attempt to login to the source via multiple IP addresses or an IP address being used to attempt to login to the source via multiple login identifiers. Thereafter, it is determined that a particular IP cluster exceeds a threshold amount of IP addresses. Each of the IP addresses within the particular IP cluster is designated as a suspect IP address.

Abstract: In one example, a non-transitory computer readable medium for component verification and revocation includes instructions for a processor to verify that a component in a device is valid using a verification service and consequently enable a premium service. The processor may later use information from the verification service that the component is no longer valid and consequently alter the premium service.

Abstract: Provision of a virtual secure cryptoprocessor (VSC) for a guest virtual machine (VM), part of a first guest, of a hypervisor of a computer system, includes (i) storing guest VM state and VSC state together in an encrypted virtual hard disk drive file, (ii) storing a decryption key in a sealed partition, of a second guest, sealed against a physical secure cryptoprocessor, (iii) based on verifying that a host computing environment of the computer system is in a trusted state and on booting the hypervisor thereon, unsealing the sealed partition of the second guest, the unsealing providing the decryption key, and decrypting the encrypted virtual hard disk drive file using the decryption key, where the decrypting decrypts the stored guest VM state for execution of the guest VM and decrypts the VSC state to provide the VSC for use by the guest VM.

Abstract: Techniques in electronic systems, such as in systems including a processing chip and one or more external memory chips, provide improvements in one or more of system security, performance, cost, and efficiency. In some embodiments, the processing chip includes immutable hardware that is enabled, without a use of any CPUs, to determine and/or confirm an expected configuration of one or more external memory chips (such as with a Serial Presence Detect operation), and/or to enable communication with the one or more external memory chips. The immutable hardware is further enabled to copy executable code from a non-volatile one of the one or more external memory chips to another of the one or more external memory chips so that a CPU of the processing chip is able to securely boot by fetching initial instructions from the copy of the executable code.

Abstract: A technique for generating a diversified encryption key for a contactless legacy magnetic stripe card is disclosed. The diversified key can be generated using a master key, a key diversification value and an encryption algorithm. In one example embodiment, the key diversification value can be provided by the user as a fingerprint, numeric code or photo. The user can provide the key diversification value to the card or a cellphone. The card can generate the diversified key using the user provided key diversification value. The card or the cellphone can transmit the user provided diversification value to the server and the server can regenerate the diversified key using the user provided diversification value.

Abstract: A computer system detects that a digital certificate is set to expire within a threshold amount of time. In response to detecting that the digital certificate is set to expire, the computer system generates an update to cause a second computer system to perform operations to indicate an upcoming expiration of the digital certificate. The computer system provides the update to the second computer system to cause the second computer system to perform the operations.

Abstract: In some embodiments, there is provided a method for updating a gateway in a substation. The method includes receiving, at a gateway from a server, an update package assigned with a first identifier, the update package including at least one of: a configuration associated with at least one monitoring device connected to the gateway; and an application configurable to collect data from the at least one monitoring device; in response to receiving the update package, determining whether the first identifier matches a second identifier of the gateway; and in response to determining that the first identifier matches the second identifier of the gateway, updating the gateway with the received update package.

Abstract: Systems and methods for detecting network anomalies are described. These may include determining burst scores for external network resources, determining burst scores for internal network resources, and using the burst scores to construct a burst graph where the edges are weighted by the number of connections between each resource. The graph is then analyzed by a graph convolutional neural network to identify patterns from which anomalous network traffic can be detected and from which corrective action can be taken. These techniques can allow for better detection and mitigation of abusive network traffic, improve computer network security, and provide more robust access to networked computer resources.

Abstract: A user authentication device includes a user authentication setter that enables or disables a predetermined plurality of authentication methods, and a user authenticator that accepts user authentication by the authentication method that the user authentication setter enables, and a controller that controls the user authentication setter and the user authenticator. When the user authentication setter accepts a setting that enables a single authentication method among the plurality of authentication methods, the controller controls the user authentication setter to disable all authentication methods other than the single authentication method, and the user authenticator accepts only user authentication by the single authentication method.

Abstract: A system for data protection includes a first computing device comprising a security module; and a storage device coupled to the first computing device via a network interface. The security module comprises at least one of Software Root of Trust (SRoT) and Hardware Root of Trust (HRoT). The security module is further configured to: establish a trust channel between the first computing device and the storage device or storage service; monitor the first computing device and the storage device; create and enforce multi-dimensional data access control by tightly binding data access and permissions to authorized computing devices, users, applications, system services, networks, locations, and access time windows; and take over control of the storage device or storage service in response to a security risk to the system.

Abstract: A method for hosted payload operations comprises transmitting, by a hosted payload (HoP) operation center (HOC), encrypted hosted commands to a host spacecraft operations center (SOC). The method further comprises transmitting, by the host SOC, encrypted host commands and the encrypted hosted commands to a vehicle. Also, the method comprises reconfiguring a host payload according to unencrypted host commands, and reconfiguring a hosted payload according to unencrypted hosted commands. Additionally, the method comprises transmitting host payload data to a host receiving antenna. Also, the method comprises transmitting hosted payload data to a hosted receiving antenna and/or the host receiving antenna. Additionally, the method comprises transmitting, by a host telemetry transmitter, encrypted host telemetry to the host SOC; and transmitting, by a hosted telemetry transmitter, encrypted hosted telemetry to the host SOC.

Abstract: Assessing a consumer's risk of harms related to a data breach includes determining, for the particular data breach, a data breach score, referred to as a Breach Clarity™ (BC) score, indicative of the risk of harm related to the particular breach. A data structure pairs a breached information element with at least one potential harm. Algorithms assign a harm risk score to the harm, determine an element risk score for the information element-harm pair, and determine a BC score using the harm risk and element risk scores, and an exposure rating. The BC score can be modified by a scaling algorithm to generate a relative BC score. The system identifies and rank orders mitigation actions for the breach and outputs these with the BC score to the consumer. A consumer's demographic and/or behavioral characteristics can be factored into the exposure rating and ranking of the mitigation actions.

Abstract: A method of setting a surveillance camera includes the steps of recognizing a readable object in an image captured by the surveillance camera, updating a set value of one or more set items of the surveillance camera associated with the readable object, and transmitting the set value of an at least one set item to an external device in response to receiving a request therefrom.

Abstract: Plural Internet of Things (IoT) gateways detect, secure against and remediate malicious code with an autonomous communication of tokens between the IoT gateways on a time schedule. Detection of an invalid token or a token communication outside of a scheduled time indicates that malicious code may have interfered with token generation or communication. Once malicious code is verified on an IoT gateway, the failed gateway is remediated to an operational state, such as with a re-imaging by another IoT gateway through an in band communication or a re-imaging by a server information handling system through an out of band communication.

Abstract: In some implementations, a method includes retrieving data from multiple sensors in a computing device, and the multiple sensors comprise different types of sensors. The sensor data is analyzed based on a predictive model, and the predictive model is trained to detect malware. Initiation of malware is determined based on the analysis. In response to the determination, the malware is terminated.