Abstract: Various embodiments are generally directed to techniques for multi-voice speech recognition commands, such as based on monitoring a telecommunications channel between first and second devices, for instance. Some embodiments are particularly directed to prompting initiation of a transaction between a first entity associated with a first device and a second entity associated with a second device based on detection of an audible request corresponding to the second entity and an audible response corresponding to the first entity.

Abstract: Methods and systems for security threat detection are disclosed. For example, a virtual machine with a network interface of a plurality of virtual machines includes a plurality of applications including first and second applications. The plurality of applications is associated with a respective plurality of application security modules, including a first and second application security modules associated with the first and second applications. A security policy engine executes on a processor in communication with a network including a network controller. The application security module detects an abnormality with a request to the first application, identifies a source and a mode of the abnormality, and reports the source and the mode to the security policy engine. The security policy engine prevents a further abnormality with the source and/or the mode from affecting the second application and commands the network controller to prevent the source from interacting with the network.

Abstract: A method by one or more network devices communicatively coupled to a web application layer proxy for profiling parameters of web application layer requests received by the web application layer proxy while preserving privacy. The method includes obtaining masked parameter values associated with a parameter in the web application layer requests, where the masked parameter values associated with the parameter are generated by the web application layer proxy based on masking parameter values associated with the parameter while preserving lengths of the parameter values associated with the parameter and character types of characters in the parameter values associated with the parameter, generating the profile of the parameter based on analyzing the masked parameter values associated with the parameter, and providing the profile of the parameter to the web application layer proxy.

Abstract: Verifying a hardware license and controlling hardware features includes receiving a first part of a license payload and a license signature covering the license payload from a CPU, the license signature being generated using a private encryption key; receiving a second part of the license payload from a memory, the CPU being unable to modify the second part of the license payload; generating a hash using the first part and the second part of the license payload; and verifying the license signature using the hash and a public encryption key associated with the private encryption key. When the verifying is successful, communicating with circuitry to enable functionality of the circuitry specified in the license payload.

Abstract: Security policies can be dynamically updated in response to changes in endpoints associated with those policies. A user can indicate one or more regions or networks from which access is to be granted under a specific security policy. The user can subscribe to receive notifications upon a change relating to those endpoints, such as the addition or removal of one or more endpoints. When a change is detected, new policy information can be generated automatically and published for subscribed policies, which can then have the updates applied automatically or provided for manual review and application. Such a process enables access determinations to be made based upon up-to-date endpoint information.

Abstract: Methods and system for embedding digital watermark information into textual data arranged in a table of cells are provided. A first subset of cells are selected and for each primary cell key and cell partition number are determined. A portion of a digital watermark ID code is embedded at an embedding position determined based on the partition number. Methods and systems for extracting digital watermark information from the textual data are also provided. A cell is fetched from the table and the presence of portion of the digital watermark ID code is determined. A primary cell key and cell partition number are determined. A portion of the digital watermark ID code is extracted at the embedding position within the cell, the embedding position determined based on the cell partition number. The digital watermarking systems and methods provide tracking for unauthorized copying of the data while modifying only a subset of the data.

Abstract: A method for selectively providing, to a subset of authorized user accounts, wake-on-demand access to session servers during a period of scheduled unavailability includes receiving, by a service broker machine, from a client machine, at least one credential. The service broker machine requests, from a database, connection information associated with the at least one credential. The service broker machine receives, from the database, connection information. The service broker machine determines that the at least one virtual resource is unavailable. The service broker machine determines whether the received credential indicates that a user of the client machine is authorized to request reactivation of the unavailable at least one virtual resource. The service broker machine directs, reactivation of the unavailable at least one virtual resource. The service broker machine provides, to the client machine, the connection information.

Abstract: Systems and methods for redeeming digital files are disclosed. In particular, the systems and methods relate to localized sharing of digital files such that the digital file is degraded when the file is redeemed. The digital file can include a plurality of bits, and bits of the digital file can be removed upon each transfer and/or access of the digital file. When a quantity of bits in the digital file falls below a predetermined threshold, the digital file can be deactivated. The systems can include an application that degrade the digital file. The degradation can include file compression, bitrate reduction, and/or removal of parity bits from the digital file. Security measures, such as private/public encryption keys, are also disclosed herein.

Abstract: According to an aspect, there is provided a method of operating a first computing node to distribute a computation output, the method comprising: determining a first random mask; providing the first random mask as a private input to a computation by a first evaluator node and a second evaluator node; receiving, from each of the first evaluator node and the second evaluator node, a respective masked computation output, wherein each masked computation output is a function of an output of the computation and the first random mask; if the received respective masked computation outputs match, determining the output of the computation from the received masked computation output and the first random mask; and sending information to the first evaluator node and the second evaluator node to enable the first evaluator node and the second evaluator node to determine the output of the computation from the respective masked computation output.

Abstract: A substitute box includes a target input terminal, an obfuscation input terminal, a first output terminal and a second output terminal. The target input terminal is configured to receive a target input data. The obfuscation input terminal is configured to receive an obfuscation input data unrelated to a plaintext. The first output terminal is configured to output a first output data. The second output terminal is configured to output a second output data associated with the first output data. The first output data and the second output data are generated according to both the target input data and the obfuscation input data.

Abstract: A method for use in a hybrid network ecosystem comprising an enterprise network and a reconciliation network, the method comprising generating, by at least one first computing node in the enterprise network or the reconciliation network, a first digital facilitator, wherein the first digital facilitator enables a first device to use a private key to access data associated with a distributed ledger operation. The method also comprises transmitting, via the reconciliation network, the data from the first computing device to a second computing device, wherein the first computing device and the second computing device are connected via the reconciliation network.

Abstract: Multi-node resiliency may provide two or more points in a blockchain architecture from which a restarted peer can synchronize its local ledger with local ledgers of other peers that collectively form a distributed ledger. Storage-based resiliency may include providing storage that is separate from the nodes on which peers execute, and configuring a peer to store a copy of a synchronized local ledger to storage prior to restart, and synchronizing a new instance of a local ledger with the synchronized copy from storage upon restarting the peer. Peer-based resiliency may include obtaining a synchronized local ledger or genesis block from a first peer after restarting a second peer. Another point of resiliency may be provided by an orderer cluster that distributes blocks to the peers for committing to their local ledger. A peer may access obtain a synchronized ledger or genesis block from the orderer cluster upon restart.

Abstract: Providing streaming of one or more applications from streaming servers onto one or more clients. The computer readable medium includes computer-executable instructions for execution by a processing system. The applications are contained within one or more isolated environments, and the isolated environments are streamed from the servers onto clients. The system may include authentication of the streaming servers and authentication of clients and credentialing of the isolated environments and applications the clients are configured to run. The system may include encrypted communication between the streaming servers and the clients. The system may further include a management interface where administrators may add, remove and configure isolated environments, configure client policies and credentials, and force upgrades.

Abstract: Various methods and systems for securing imaging systems are provided. In one embodiment, a method for an imaging system comprises monitoring usage of the imaging system in real-time while a user is controlling the imaging system, detecting that the usage of the imaging system is an abnormal usage, and performing one or more corrective actions based on the abnormal usage. In this way, an imaging system may be secured from cyber-attacks that may attempt to maliciously execute in an abnormal context while appearing legitimate to typical security controls.

Abstract: Methods and systems disclosed herein describe obfuscating plaintext cryptographic material stored in memory. A random location in an obfuscation buffer may be selected for each byte of the plaintext cryptographic material. The location of each byte of the plaintext cryptographic material may be stored in a position tracking buffer. To recover the scrambled plaintext cryptographic material, the location of each byte of the plaintext cryptographic material may be read from the position tracking buffer. Each byte of the plaintext cryptographic material may then be read from the obfuscation buffer and written to a temporary buffer. When each byte of the plaintext cryptographic material is recovered, the plaintext cryptographic material may be used to perform one or more cryptographic operations. The scrambling techniques described herein reduce the likelihood of a malicious user recovering plaintext cryptographic material while stored in memory.

Abstract: In an aspect, a system for dynamic data injection is presented. A system includes a computing device. A computing device is configured to receive at least a digital media file. A digital media file includes at least a segment comprising a plurality of display quanta. A computing device is configured to select a portion of at least a segment of at least a digital media file as a function of a randomization engine. A computing device is configured to encode identifying data in a selected portion of at least a segment. Encoding includes modifying at least a display quanta of a plurality of display quanta of a selected portion of at least a segment. A computing device is configured to display at least a segment to a user.

Abstract: A database access, monitoring, and control system and method monitor database access, detect suspicious database activities, and react to suspicious database activities by initiating one or more control functions. In at least one embodiment, suspicious database activities include activities related to a number of rows of data retrieved in response to one or more queries within a predetermined threshold window of time. Data retrieval row count above a predetermined threshold that represents an anticipated maximum request for legitimate users can indicate a suspicious database activity. In at least one embodiment, the database access, monitoring, and control system and method detects suspicious database activities even if a data requestor has thwarted other security measures or if the data requestor has authorized access but is potentially accessing data inappropriately.

Abstract: According to an embodiment, an encryption processing device includes a memory and one or more processors. The memory stores a plurality of divided masks to be applied to an input sentence on which mask processing is performed in unit of processing of a predetermined size corresponding to a size of data obtained by dividing target data of encryption processing into a plurality of pieces, the divided masks having a same size as that of data obtained by further dividing the data of the unit of processing. The one or more processors are configured to: read out the plurality of divided masks from the memory at different respective timings, and generate a plurality of first masks by using the read-out divided masks at different respective timings; and execute arithmetic processing on intermediate data of the encryption processing using the plurality of first masks at different respective timings.

Abstract: In a general aspect, a method of protecting a software program against tampering can include: executing, by a processor of a user device, an executable code of the software program, the executable code comprising integrity check code sections; during execution of one of the integrity check code sections of the executable code, computing by the processor an integrity check result applied to a code segment of the executable code; transmitting by the processor to a server a message containing the integrity check result and an identifier of the code segment; and when the integrity check result does not correspond to a reference result for the code segment of a genuine version of the software program, receiving by the processor from the server a signal that prevents an operation of the software program from being executed by the processor.

Abstract: Aspects of the subject disclosure may include, for example, a processing system including a processor; and a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations, including requesting a license for software from first equipment of a license holder; receiving a passed ledger associated with the license from the first equipment of the license holder, wherein the passed ledger comprises a latest block; receiving a hash value for the latest block from a software vendor of the software; calculating a hash value for the latest block; and responsive to the hash value provided by second equipment of the software vendor matching the hash value calculated for the latest block: executing the software. Other embodiments are disclosed.