Abstract: A system includes a retrieval engine, an authentication engine, an extraction engine, a determination engine, and an export engine. The retrieval engine receives a request for a data report from a user via a user device. The retrieval engine receives reporting data from one or more data servers. The authentication engine determines whether the user is authorized to receive the customized data based on an authentication token. The extraction engine configured to extract one or more report requirements from the request and extract customized data from the reporting data based on report requirements and metadata. The determination engine determines one or more presentation generation tools based on the report requirements and the customized data. The export engine communicates the customized data and a routine to the one or more presentation generation tools.

Abstract: Systems, apparatuses, and methods are provided for fast format-preserving encryption. An input string can be divided into blocks (potentially of varying length). An arrangement of cryptographic pipelines can perform operations on different blocks, each pipeline providing an output block. The cryptographic pipelines can interact such that the output blocks are dependent on each other, thereby providing strong encryption. The pipelines can operate efficiently on the block and operations can occur partly in parallel.

Abstract: Multi-node resiliency may provide two or more points in a blockchain architecture from which a restarted peer can synchronize its local ledger with local ledgers of other peers that collectively form a distributed ledger. Storage-based resiliency may include providing storage that is separate from the nodes on which peers execute, and configuring a peer to store a copy of a synchronized local ledger to storage prior to restart, and synchronizing a new instance of a local ledger with the synchronized copy from storage upon restarting the peer. Peer-based resiliency may include obtaining a synchronized local ledger or genesis block from a first peer after restarting a second peer. Another point of resiliency may be provided by an orderer cluster that distributes blocks to the peers for committing to their local ledger. A peer may access obtain a synchronized ledger or genesis block from the orderer cluster upon restart.

Abstract: A configurable load balancer can be utilized in a multi-tenant environment, where the load balancer can incorporate, or utilize, an account management service operable to perform security tasks such as authentication, authorization, and session management. Customers can utilize the load balancer to control access that users have to resources associated with those customers, without having to build and maintain a dedicated user management system. By implementing security functionality at the load balancer level, traffic can be managed before reaching the resources, which can help to reduce traffic and load on the resources, and can also help to prevent attacks and secure sensitive information. Visibility into the traffic through the load balancer also allows for behavior and usage monitoring, which is helpful for tasks such as billing and usage limit enforcement.

Abstract: Systems, methods, and software can be used to detect security risks in binary software code. In some aspects, a computer-implemented method comprises: receiving, at an electronic device, a set of binary software code to be loaded onto the electronic device; disassembling, by the electronic device, the set of binary software code into a set of assembly code; determining, by the electronic device, a number of occurrences of an assembly instruction in the set of assembly code; and determining, by the electronic device, whether the set of binary software code has a security risk based on the number of occurrences of the assembly instruction.

Abstract: Techniques are described for metadata processing that can be used to encode an arbitrary number of security policies for code running on a processor. Metadata may be added to every word in the system and a metadata processing unit nay be used that works in parallel with data flow to enforce an arbitrary set of policies. In one aspect, the metadata may be characterized as unbounded and software programmable to be applicable to a wide range of metadata processing policies. Techniques and policies have a wide range of uses including, for example, safety, security, and synchronization. Additionally, described are aspects and techniques in connection with metadata processing in an embodiment based on the RISC-V architecture.

Abstract: A device for removal of personally identifiable data receives monitoring data acquired by a sensor. The monitoring data including personally identifiable data relating to one or more individuals being monitored. The system processes the acquired monitoring data to remove the personally identifiable data by at least one of abstraction or redaction while the monitoring data is located on the device. The processed monitoring data having the personally identifiable data removed can thereby be transmitted external to the device with reduced security risk.

Abstract: An authentication system includes a vehicle onboard ECU, an update tool for vehicle control software, and an authentication server for the update tool. The update tool substitutes predetermined-constant and first-random-number into predetermined-function to generate first-value and send it to the authentication server. The authentication server signs the first-value using secret-key and send it to the update tool. The update tool transmits the first-value and signature to the ECU upon connection. The ECU verifies the signature using public-key and substitutes the predetermined-constant and second-random-number into the predetermined-function to generate second-value and send it to the update tool. The update tool substitutes the second-value and first-random-number into the predetermined-function to generate third-value. The ECU substitutes the first-value and second-random-number into the predetermined-function to generate fourth-value upon verification of the signature.

Abstract: Systems and methods are disclosed for providing personnel status tracking in crisis situations, using crisis communications management systems. In particular, the systems and methods implement personnel status tracking using unified crisis notification management to multiple users and event management.

Abstract: An example system receives certificate requests from clients. Each request can indicate a number of computerized devices needing certificates; a timestamp indicating when the request was transmitted; and a client identifier. The system includes a Quality of Service (QoS) manager that: distributes the requests from the clients across client queues, each of the client queues corresponding to a particular client; and divides requests into smaller subgroups of entries corresponding to a subset of the computerized devices needing certificates. The system can also transmit retrieved entries from the client queues to a certificate management service.

Abstract: A device includes a processor configured to detect that a mobile device is within a coverage area of a wireless transceiver. The processor is also configured to select, based at least in part on a mobile device identifier of the mobile device, a data package identifier from a plurality of data package identifiers. The device also includes the wireless transceiver. The wireless transceiver is configured to transmit a command instructing the mobile device to access a data package corresponding to the selected data packet identifier. The command includes authorization data indicating that the processor is a trusted source.

Abstract: Systems, methods, and media for determining access privileges are provided. More particularly, in some embodiments, systems for determining access privileges of a user to access a secure node are provided, the systems comprising: a memory; and a hardware processor configured to: receive a username of the user, a secure node identifier of the secure node, a secure node key of the secure node, and a biometric signature sample of the user; validate the secure node identifier and the secure node key; validate the biometric signature sample; and cause the user to gain access to the secure node in response validating the secure node identifier and secure node key and validating the biometric signature sample.

Abstract: Temporal key generation devices and methods are described. One such device of a first domain receives a “seed” to generate a private key associated with a public key for use in a second domain. The device uses the private key in cryptographic operations with the second domain. When the device loses power or is no longer connected to the second domain, the private key may be erased or no longer stored on the device.

Abstract: It is possible to reduce singling overhead in a radio access network by coordinating authentication of a group of UEs (e.g., IoT devices, etc.) via a master device. In particular, the master device may aggregate UE identifiers (UE_IDs) for UEs in the group, and send an identity message carrying the UE_IDs and a master device identifier (MD_ID) to a base station, which may then relay the identity message to a Security Anchor Node (SeAN). The SeAN may send an authentication data request carrying the UE_IDs and MD_ID to a Home Subscriber Server (HSS), which may return an authentication data response that includes a group authentication information. The group authentication information may then be used to achieve mutual authentication between the SeAN and each of the master device, group of UEs, and individual UEs.

Abstract: Security policies can be dynamically updated in response to changes in endpoints associated with those policies. A user can indicate one or more regions or networks from which access is to be granted under a specific security policy. The user can subscribe to receive notifications upon a change relating to those endpoints, such as the addition or removal of one or more endpoints. When a change is detected, new policy information can be generated automatically and published for subscribed policies, which can then have the updates applied automatically or provided for manual review and application. Such a process enables access determinations to be made based upon up-to-date endpoint information.

Abstract: A new approach is proposed that contemplates systems and methods to provide identification and mitigation of malware attack via Web assets hosted on a Web application, site, or platform in an automated and proactive manner. From the moment the Web assets are hosted on the Web application platform and protected by a Web application security device, the hosted Web assets are constantly monitored and assessed for potential risks. Whenever there is a new instance or a modification of a Web asset, a copy of the Web asset is automatically downloaded and analyzed for potential vulnerabilities. If a suspicious indicator of malicious contents in the Web asset is detected during the analysis, a plurality of security policies are created and applied to the Web application security device to mitigate threats of the Web asset and protect users of the Web application against malware attacks via the tampered Web asset.

Abstract: Concept 6) A computer-implemented method, computer program product and computing system for: obtaining consolidated platform information to identify current security-relevant capabilities for a computing platform; determining comparative platform information that identifies security-relevant capabilities for a comparative platform; and generating comparison information that compares the current security-relevant capabilities of the computing platform to the comparative platform information of the comparative platform to identify a threat context indicator.

Abstract: An automated process is disclosed for improving the functionality of computer systems and electronic commerce in user identity-proofing. Steps include verifying that a user who is electronically seeking identity proofing is on an electronic directory of persons eligible for such identity proofing; creating an attest list for the user that includes associates who can vouch for his or her identity; collecting a video or other data from the user; sending the video or data to the associates and asking them for a confirmation or a disavowal of the identity of the user; deriving a biometric from the video or data upon receiving the confirmation; and saving the biometric as an identity-proofed biometric.

Abstract: Methods, systems, and computer readable media for packet monitoring in a virtual environment are disclosed. According to one method executed at a virtual tap element residing in between a first virtual machine and a second virtual machine in a virtual network environment, the method includes obtaining cryptographic key information from either the first virtual machine or the second virtual machine and detecting an encrypted packet flow being communicated in the virtual network environment between the first virtual machine and the second virtual machine via the virtual tap element. The method further includes decrypting the encrypted packet flow using the cryptographic key information, generating a decrypted packet flow set comprising at least a portion of the decrypted packet flow, and sending the decrypted packet flow set to a packet analyzer.

Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.