Abstract: A method and system are described for secure communication. The system receives a first secure protocol data packet during an authenticated session to communicate with a user computing device using a secure protocol. The encrypted linked data in first secure protocol data packet is decrypted using a secure key that is dependent on encrypted linked data and user credentials. The system retrieves a second secure protocol data packet from a distributed ledger network that is associated with first secure protocol data packet. The encrypted linked data in second secure protocol data packet is decrypted. The system identifies changes between decrypted linked data of first secure protocol data packet and decrypted linked data of second secure protocol data packet and if changes are identified then first secure protocol data packet is considered as tampered and actions in first secure protocol data packet are not executed, thereby preventing fraudulent execution of transactions.

Abstract: The disclosed computer-implemented method for crowd-storing encryption keys may include (i) sending, from a client computing device and to a server, a recovery request, (ii) creating a first public-private key pair, (iii) receiving a plurality of encrypted shares of an encryption key from the server in response to the recovery request, where the encrypted shares are encrypted with a first public key of the first public-private key pair, and (iv) performing a security action including (A) decrypting the plurality of encrypted shares of the encryption key with a first private key of the first public-private key pair and (B) recovering the encryption key from the decrypted plurality of shares of the encryption key. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Apparatus, systems, methods, and computer program products for determining an authentication procedure are disclosed. One apparatus includes a processor for an information handling device and a memory that stores code executable by the processor. The code is executable by the processor to detect either one of a usage state or a usage environment of the information processing device, select available authentication modules of a plurality of authentication modules in response to detecting either one of the usage state or the usage environment, wherein the authentication modules perform user authentication based on different information from one another, and inform a user of at least one of the available authentication modules selected in response to selecting the available authentication modules.

Abstract: A synthetic identity network for detecting synthetic identities may receive a first request for credit including one or more user attributes, compare the one or more user attributes to one or more stored user identities, create a new user identity, flag the new user identity as a potentially synthetic identity based on comparing the one or more user attributes to the one or more stored user identities, receive a second request for credit including or more second user attributes, compare the one or more second user attributes to the one or more user attributes associated with the potentially synthetic identity, prepare a notice including the potentially synthetic identity and a credit request identifier, and transmit the notice to one or more servers.

Abstract: A method, a system and/or an apparatus for decentralized identity management, authentication and authorization of applications is disclosed. The method, system and/or apparatus enables a machine/application to identify any other machine/application in a network without requiring a central server or authority. The method, system and/or apparatus involves controlling the data access and communication between machine/applications in a blockchain network by authorizing the communication only when there exists authorization permissions. The authorization permission of application/machine and user are stored in distributed ledger only if quorum is achieved as per the consensus algorithm present in the smart contract defined by the admin, making the system more secure.

Abstract: A radio frequency identification interface integrated with a baseboard management controller is provided for secure data extraction from the baseboard management controller. The radio frequency identification interface includes a passive radio frequency identification circuit in direction communication with the baseboard management controller, an antenna to receive a radio-frequency signal when the baseboard management controller is in a standby powered-off status, and a connector to connect the radio frequency identification circuit to the antenna.

Abstract: A communication system and method for managing guest user network connections includes: a first communicator configured to communicate with a terminal apparatus; an authentication unit configured to transmit an authentication screen for inputting authentication information by a guest user accessing the terminal apparatus; a connection guiding unit configured to connect communication made from the terminal apparatus via the first communicator to the authentication unit; a display unit configured to display the authentication information input to the authentication screen and output by the terminal apparatus that has been connected to the authentication unit by the connection guiding unit and to which the authentication screen has been transmitted; and a connection control unit configured to permit connection of the terminal apparatus to a network via a second communicator in accordance with a host user input received by the input unit according to a display by the display unit.

Abstract: A malicious code detection module identifies potentially malicious instructions in volatile memory of a computing device before the instructions are executed. The malicious code detection module identifies an executable file, including an .exe file, in memory, validates one or more components of the executable file against the same file stored in non-volatile storage, and issues an alert if the validation fails.

Abstract: A method for information interaction includes: when an access request sent by a webpage to a preset domain name is received by a browser component, resolving the preset domain name into a designated access address, the access request being sent by the webpage when the webpage is required to interact with an operating system of a terminal, and the designated access address being an access address that has not been occupied; sending the access request to the designated access address as a destination address; and when a firewall detects that the destination address of the access request is the designated access address, redirecting the access request to a local web service, the local web service being configured for information interaction with the operating system of the terminal.

Abstract: Methods and apparatus to facilitate certificate and trust management across a distributed environment are disclosed.

Abstract: A malicious code detection module identifies potentially malicious instructions in memory of a computing device. The malicious code detection module examines the call stack for each thread running within the operating system of the computing device. Within each call stack, the malicious code detection module identifies the originating module for each stack frame and determines whether the originating module is backed by an image on disk. If an originating module is not backed by an image on disk, the thread containing that originating module is flagged as potentially malicious, execution of the thread optionally is suspended, and an alert is generated for the user or administrator.

Abstract: A computer-implemented method for discovering network attack paths is provided. The method includes a computer generating scoring system results based on analysis of vulnerabilities of nodes in a network configuration. The method also includes the computer applying Bayesian probability to the scoring system results and selected qualitative risk attributes wherein output accounts for dependencies between vulnerabilities of the nodes. The method also includes the computer applying a weighted-average algorithm to the output yielding at least one ranking of nodes in order of likelihood of targeting by an external attacker.

Abstract: In one embodiment, a set of feature vectors can be derived from any biometric data, and then using a deep neural network (“DNN”) on those one-way homomorphic encryptions (i.e., each biometrics' feature vector) can determine matches or execute searches on encrypted data. Each biometrics' feature vector can then be stored and/or used in conjunction with respective classifications, for use in subsequent comparisons without fear of compromising the original biometric data. In various embodiments, the original biometric data is discarded responsive to generating the encrypted values. In another embodiment, the homomorphic encryption enables computations and comparisons on cypher text without decryption. This improves security over conventional approaches. Searching biometrics in the clear on any system, represents a significant security vulnerability. In various examples described herein, only the one-way encrypted biometric data is available on a given device.

Abstract: A computer system performs tracking of security context for confidential or untrusted values input from sources in an executing application to sinks in the executing application. The security context includes indications of sources and declassifier methods corresponding to the values and has been previously defined prior to the tracking. Prior to release of a selected confidential or untrusted value by a sink in the executing application, security context is fetched for the selected confidential or untrusted value. A selected declassifier method is caused to be used on the selected confidential or untrusted value prior to release of the selected confidential or untrusted value to the sink. The selected declassifier method obfuscates the selected confidential or untrusted value and is selected based on the security context for the selected confidential or untrusted value. The obfuscated confidential or untrusted value is caused to be released to the sink in the executing application.

Abstract: A locking and unlocking system includes: a mobile terminal; and a key unit, wherein the mobile terminal includes a terminal transmission unit configured to transmit first authentication information and a first request signal to the key unit, the key unit includes: a key unit reception unit configured to receive the first authentication information and the first request signal from the mobile terminal; a first authentication unit configured to perform authentication; and a locking and unlocking processing unit configured to perform a process of unlocking or locking the door, and the first authentication unit is configured to prohibit the authentication of the mobile terminal in a case where the first authentication unit has once performed the authentication.

Abstract: The decentralized and distributed architecture of blockchain makes it challenging to store secret data. A Secure Document Access Control System (SEDACS) can store secret data using distributed components without compromising on the distributed security features of the blockchain. SEDACS can include a Secret Store, a blockchain, and a decentralized file system. The blockchain can store rules and permissions for documents that contain the secret data. The Secret Store can generate secret keys that can be used to access the documents. The decentralized file system can store the documents that are encrypted using the secret keys. A user can retrieve the encrypted document provided that the user has the permission to do so. The user can decrypt the encrypted document by decrypting the secret key and using the decrypted secret key to decrypt the document.

Abstract: Described herein is a system that detects ransomware infection in filesystems. The system detects ransomware infection by using backup data of machines. The system detects ransomware infection in two stages. In the first stage, the system analyzes a filesystem's behavior. The filesystem's behavior can be obtained by loading the backup data and crawling the filesystem to create a filesystem metadata including information about file operations during a time interval. The filesystem determines a pattern of the file operations and compares the pattern to a normal patter to analyze the filesystem's behavior. If the filesystem's behavior is abnormal, the system proceeds to the second stage to analyze the content of the files to look for signs of encryption in the filesystem. The system combines the analysis of both stages to determine whether the filesystem is infected by ransomware.

Abstract: A cross-domain information transfer system includes a key distribution center that generates private encryption keys and a signature key pair as a secret signing and secret verifying key for an attribute associated with a given domain. A sender device generates ciphertext from plaintext based upon the private encryption key, appends an attribute for a given domain to the ciphertext, generates ciphertext with a concealed attribute based upon the secret signing key and broadcasts the ciphertext with the concealed attribute. Domain gateway devices each receive a respective secret verifying key for an associated attribute, receive the ciphertext with the concealed attribute from the untrusted network, and use the secret verifying key to determine if the concealed attribute matches the attribute associated with the domain gateway device, and, when so, pass the ciphertext to at least one receiver device coupled with the domain gateway device.

Abstract: A computing device implements a key management system (KMS), and includes an interface, memory, and processing circuitry that executes operational instructions to maintain structured key parameters and a generating procedure associated with associated with a structured key. The generating procedure produces the structured key from an Oblivious Pseudorandom Function (OPRF) output, and the structured key parameters. The computing device receives a blinded value associated with the structured key from a requesting computing device, processes the blinded value using an OPRF secret to generate a blinded OPRF output, and returns the blinded OPRF output, the generating procedure, and the structured key parameters to the requesting computing device, which uses that information to generate the requested structured key.

Abstract: In some aspects, the disclosure is directed to methods and systems for providing coordinative security among network devices across multi-level networks. Shared cryptographic secrets among the network devices are used as the basis for mutual security authentication and peering among these devices. The cryptographic secrets can be embedded in the SoC devices for these devices or dynamically generated based on unique identification information and attributes of these SoC devices. The messages for authentication and peering can be communicated directly among the network devices or indirectly via a cloud security portal entity that acts as a messaging proxy. The mutual authentication and peering process can be carried out coordinately among the network devices and a cloud security portal in a one-to-one mesh relationship, or in a transitive layering relationship, where each network entity authenticates and peers with its direct subordinates in a multi-level network.