Abstract: A security system detects anomalous activity in a network. The system logs user activity, which can include ports used, compares users to find similar users, sorts similar users into cohorts, and compares new user activity to logged behavior of the cohort. The comparison can include a divergence calculation. Origins of user activity can also be used to determine anomalous network activity. The hostname, username, IP address, and timestamp can be used to calculate aggregate scores and convoluted scores.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for parallel-processing blockchain transactions are provided. One of the methods includes: obtaining a plurality of candidate transactions for adding to a blockchain; grouping the candidate transactions into one or more transaction groups; creating one or more copies of at least a portion of a data structure of a latest block of the blockchain; associating the one or more transaction groups respectively with the one or more copies of the data structure; executing the candidate transactions in each of the transaction groups and updating the associated copies of the data structure; and merging the updated copies of the data structure to obtain at least a portion of a new data structure of a new block to add to the blockchain.

Abstract: Systems and methods for authenticating presumptively incompatible elements in a digital network are provided. A method may include receiving an access request from a client node in the network. The access request may be requesting access to an application in the network. The access request may be associated with a uniform resource identifier (“URI”). The method may include extracting a target application from the URI. The method may include determining an authentication protocol that is supported by the target application. The method may include generating, based on the authentication protocol, a series of one or more authentication tests that, in combination, satisfy the authentication protocol. The authentication tests may satisfy the authentication protocol even when the client node natively supports a different authentication protocol. The method may include executing the series of authentication tests to authenticate the client node vis-à-vis the target application.

Abstract: Network firewalls operate based on rules that define how a firewall should handle traffic passing through the firewall. At their most basic, firewall rules may indicate that certain network traffic should be denied from passing through a network firewall or indicate that certain network traffic should be allowed to pass through the network firewall. Manners of handling network traffic beyond simply allowing or denying the network traffic may also be defined by the rules. For instance, a rule may indicate that certain network traffic should be routed to a specific system. Thus, if an administrator of a network firewall determines that certain network traffic should be handled in a certain way by a network firewall, the administrator need only implement a firewall rule defining how that network traffic should be handled in the network firewall.

Abstract: A blockchain-based data processing method and apparatus are provided. The method comprises: by a node device of a service acceptance platform, receiving service processing application data of a target user; generating a first service processing result; encrypting the first service processing result using a public key of a node device of a service processing entity; and sending, a first transaction to a blockchain for the first transaction to be recorded in a distributed database of the blockchain upon verification of the first transaction by a plurality of node devices associated with the blockchain according to a consensus mechanism, wherein: the first transaction comprises the encrypted first service processing result, and the plurality of node devices associated with the blockchain comprises the node device of the service acceptance platform and the node device of the service processing entity.

Abstract: A method for physically unclonable function (PUF) cell-pair remapping includes combining PUF cell-pairs between PUF cells in a first array and PUF cells in a second array, acquiring physical parameters for each of the PUF cell-pairs, selecting PUF cell-pairs based on a comparison of the acquired parameters with a first reference, and remapping the selected PUF cell-pairs.

Abstract: There is provided mechanisms for verifying a log entry in a communications system. A method is performed by a host server. The method comprises obtaining a log entry of a service access tracker. The log entry indicates access to a service during a client session, the service being tracked by the service 5 access tracker. The method comprises providing the log entry to a trusted third party for digital signing thereof using a digital trusted timestamping scheme. The method comprises verifying that the log entry has been digitally signed by the trusted third party. The method comprises providing a new aggregate comprising the digitally signed log entry and a previous aggregate 10 of previously digitally signed and aggregated log entries to the trusted third party for digital signing thereof using the digital trusted timestamping scheme. The method comprises verifying that the new aggregate has been digitally signed by the trusted third party.

Abstract: A method is provided for transmitting encrypted packets from a first node to a second node of a communication network. The first node pads each plaintext packet with a respective padding content. The padded plaintext packets are then encrypted and transmitted to the second node. For each plaintext packet, the first node randomly selects the padding size in a range comprised between a minimum padding size and a maximum padding size. If the size of a plaintext packet is lower than a predefined minimum packet size, the minimum padding size is set equal to the difference between predefined minimum packet size and the plaintext packet size.

Abstract: A system and method for securing a resource includes a combination code generator configured to receive a first input sequence and a first panel context and generate a first computed combination code. A second computed combination code is generated from a received second input sequence and a second panel context. A set panels module receives the first computed combination code and the first panel context and re-orders the panels of the first panel context to set the second panel context. a hash key generator converts the received second panel context and the second combination code into a first hash key.

Abstract: Methods and systems are provided for automatically generating malware definitions and using generated malware definitions. One example method generally includes receiving information associated with a malicious application and extracting malware strings from the malicious application. The method further includes filtering the malware strings using a set of safe strings to produce filtered strings and scoring the filtered strings to produce string scores by evaluating words of the filtered strings based on word statistics of a set of known malicious words. The method further includes selecting a set of candidate strings from the filtered strings based on the string scores and generating a malware definition for the malicious application based on the set of candidate strings. The method also includes performing one or more security actions to protect against the malicious application, using the malware definition.

Abstract: Method for encoding/decoding a signal at a first and second communication node (N1; N2) in a road vehicle. A signal (1) from an on-board sensor (10) is encoded using a first encoding scheme (a), encoding the formed single encoded sensor signal (1a) using a second encoding scheme (b), decoding this double encoded sensor signal (1ab) in the second communication node (N2) based on the second encoding scheme (b), forming a decoded single encoded sensor signal (1a?). In the first communication node (N2), performing a comparison analysis, comprising at least one of the following: comparing the decoded single encoded sensor signal (1a?) with a stored single encoded sensor signal (1a), or after encoding the decoded single encoded sensor signal (1a?) with the second encoding scheme (b) comparing (110) the thus formed double encoded sensor signal (1a?b) with a stored double encoded sensor signal (1ab).

Abstract: A method provides a firmware update to an electronic device, to code signing for firmware updates of electronic devices, and a system therefor. In particular, the system and method for updates firmware that is authenticated through a public key infrastructure. The method includes an electronic device receiving a firmware update provided with a signature of a signing key, a signing certificate with a signature of a master key, and a revision number. The device verifies the signature of the master key on the signing certificate of the signing key, checks the revision number on the signing certificate of the signing key against a roll back counter, and verifies the signature of the signing key on the firmware update. The device then rejecting or accepting the received firmware update based on the outcome of the above verifying and checking.

Abstract: The present disclosure relates to a technology for a sensor network, machine to machine (M2M) communication, machine type communication (MTC), and Internet of things (IoT). The present disclosure relates to an operation method of a first device in a communication system, the operation method comprising a step of receiving, from a server, security information of a second device associated with the first device, wherein the security information includes a first parameter associated with an operation of the second device, and attribute information associated with the first parameter.

Abstract: The present teaching relates to method, system, medium, and implementation for biometric authentication in secure data management. Authentication is initiated for a person claiming to be a record owner prior to a transaction between the record owner and a service provider. Biometric based authentication of the person is performed by detecting liveness of the person and authenticating an identity of the person based on biometric information of the person. Upon successful authentication of the person, a trusted party processes a request directed to a trusted entity to validate one or more data items related to the record owner in order to proceed with the transaction and forward a cloaked identifier obtained based on the request, where the cloaked identifier is to be used by the service provider to seek a validation response with regard to the one or more data items from the trusted party.

Abstract: An apparatus is provided. The apparatus includes a set of chips designed to form an integrated chipset. Each of the chips has a Physically Unclonable Function (PUF) uniquely identifying each of the chips as part of the integrated chipset. The apparatus further includes a certification circuit, in signal communication with the chips, for certifying each of the chips as belonging to the integrated chipset and detecting any spy chips unbelonging to the integrated chipset, based on challenge-response results obtained using the PUF with respect to an expected chip count.

Abstract: A method for decreasing the risk of unauthorized access to an embedded node in a secure subsystem of a process control system includes receiving a message comprising a message header and a message payload, and determining that the message is an unlock message configured to access one or more protected functions of the embedded node, at least by analyzing a bit sequence of one or more bits in the message header. The method also includes determining whether a manual control mechanism has been placed in a particular state by a human operator, and, based upon those determinations, either causing or not causing the embedded node to enter an unlocked state in which one or more of the protected functions are accessible.

Abstract: A method for encrypting database data includes generating an encryption key for a first file stored in a data store, wherein a table in a database comprises an entry pointing to the first file. The method includes generating a second file by encrypting the data the first file in the data store using the encryption key without modifying the first file. The method includes, in response to generating the second file, modifying the entry in the table to point to the second file, wherein the modification of the entry is performed atomically. A process for rekeying from the first file to the second file may happen in the background without blocking, interfering, or otherwise obstructing user interaction with a database system.

Abstract: A method for encrypting plaintext data is enclosed that includes operations of receiving the plaintext data, the plaintext data including a plurality of data portions, encrypting each of the plurality of data portions using a specific key for each data portion, merging each of the plurality of data portions together to form a single data stream, generating a data map of the single data stream, appending the data map to the single data stream, and performing a master cipher to form an encrypted distributable stream. Operations of the encrypting include: an additive operation on each byte of the first data portion using the additive table, an XOR operation on each byte of the first data portion as modified by the additive operation, a substitution operation on each byte of the first data portion using the substitution table as modified by the XOR operation.

Abstract: Computer system security can be threatened by users who manipulate their software to avoid detection of malicious activities—such as account takeover. Web browser software, for example, can be altered so the browser will report false information about the browser itself and/or the system on which it is running. By providing such false information, a user can try to avoid his system being fingerprinted (e.g. identified) so that the user can more effectively instigate electronic attacks without being detected. This disclosure describes techniques that allow for detection of when a user has tampered with their web browser (e.g., by overriding native code functions in the browser). Detecting that a browser has been tampered with can allow a computer server system to take mitigation actions against potentially malicious users, thus improving computer security.

Abstract: Disclosed herein are representative embodiments of methods, apparatus, and systems for facilitating the use and exchange of customized third-party content in a distributed computing environment that allows for third-party hosting. Embodiments of the disclosed technology concern an application store within an application (e.g., an “in-app app store”). The application store can offer downloadable digital content and/or roaming entitlements to a user of the application. Further, in particular embodiments, the downloadable content and/or entitlements are generated by a third party (e.g., a party different than the provider/publisher of the application and the user of the application). Also disclosed are methods and mechanisms for copy-protecting such content.