Abstract: In some implementations, a network device may determine, based on a routing table, a plurality of routing paths from the network device to another network device, wherein the plurality of routing paths are respectively associated with a plurality of security classifications. The network device may receive network traffic that is destined for the other network device and that is associated with a particular security classification of the plurality of security classifications. The network device may forward the network traffic based on a particular routing path, of the plurality of routing paths, that is associated with the other network device and the particular security classification.

Abstract: A system and method for inspecting managed workloads in a cloud computing environment for cybersecurity threats improves inspection of managed workload service repositories, by only inspecting bases of managed workload deployed in the cloud computing environment. The method includes discovering a managed workload deployed in a cloud computing environment; determining an identifier of the managed workload, wherein the identifier includes an indicator to a base repository in which a base is stored, and wherein the managed workload is currently deployed in the cloud computing environment, the base repository further storing a plurality of bases, wherein a portion of the plurality of bases do not correspond to a deployed workload; accessing the base repository to pull the base; and inspecting the base of the deployed managed workload for a cybersecurity threat.

Abstract: Time randomizing information protocol language encryption, provides systems, methods, computer programs and algorithms for encrypting communications. Provided by software in devices or firmware in networking hardware cooperates between at least two systems. Ciphers are randomly timed and replaced after a random period rendering eavesdropper decryption efforts ineffective and/or uneconomic. Ciphers may be based on common seed data sets, or on pointers to an array containing seed data. These seed data values, or pointers to them may be used in communications in shared transient languages. Languages may include number bases from binary on upwards, and characters used in human or machine languages. One implementation may convert human speech to text, then encrypt and transmit it, for decryption and conversion to synthetic speech in secure battlefield communications, or secure identity protected communications as may suit intelligence agencies.

Abstract: The presently claimed disclosure is directed to methods that may be implemented at a computer. Methods and systems consistent with the present disclosure may include extending protocols associated with authenticating client (i.e. supplicant) devices and with authorizing those supplicant devices to access a wireless network. These methods may include sending data relating to the failure of an authentication and/or an authorization process to a supplicant device attempting to access a wireless network. Methods discussed within may include securely sending failure codes or reasons to a supplicant device that identify why an authentication or authorization process failed. These methods may include sending messages between a supplicant device, an authenticator device, and an authentication and authorization server. After a first failure, the supplicant device may be able to access the wireless network after a reason or code of that failure has been reported to the supplicant device.

Abstract: A method for enabling a user to define a Life Based VR experience to align with the user's life. The user and partners provide custom information and settings about the user's life state which allows the user to integrate information to the Life Based VR experience. The partners may use the user's information to integrate its information, which is then interacted with in a Life Based VR experience by a user, according to various custom VR parameters. The partners may also use the user's interactions with the Life Based VR experience to assess behavior as compared to the user's life state, and the users may assess the partner's accuracy of information delivery when compared to the user's life state. The method also enables the user and partner to interact in a marketplace to procure the information relating to the user's life, user ratings, and partner ratings.

Abstract: Information associated with a process is received. At least a portion of the received information is used to modify a Process Tree. Modifying the Process Tree includes at least one of: (1) adding a Tag to the Process Tree and (2) modifying a Tag in the Process Tree. An Alert is generated based at least in part in response to determining that a Strategy has been matched.

Abstract: A method and system of providing private data privately when such data is requested from a VCD utilizes a communications network to communicate with a service containing the private data to determine if the data is private. Once the data is determined as being private, instead of being sent to the VCD to be broadcasted audibly, the data may be transmitted to a user's preferred device to be presented privately to the user.

Abstract: A cyber security system for a cloud environment is disclosed. In some embodiments, a method is disclosed. The method comprises utilizing a cloud provider API to access a block storage volume of a workload maintained on a target account in a target system of a cloud storage environment, utilizing a scanner at a location of the block storage volume and on a secondary system other than the target system, scanning the block storage volume for malicious code using the secondary system, identifying malicious code based on the scan, and outputting a notification of a presence of malicious code in the target system from the secondary system.

Abstract: Systems, devices, and methods are provided for determining whether security assurances are satisfied by security policies that are used to control access to resources used by a mainframe application. A system may use a database to store a plurality of security policies that may comprise security polices of various resources used by mainframes, including resources managed by operating systems and database systems. A reference policy that corresponds to the security assurance being sought may be determined. The security policies may be evaluated using a satisfiability modulo theories (SMT) solver to determine whether the security policies are equally or less permissive than the reference policy.

Abstract: Methods and apparatus for allowing an individual to preserve his/her privacy and control the use of the individual's images and/or personal information by other, without disclosing the identity of the individual to others, are described. In various embodiments the individual seeking privacy provides his/her identifying information, images, and sharing preferences indicating desired level of privacy to a control device which is then stored in a customer record. The control device can be queried to determine if an image or other information corresponds to a user who has restricted use of his/her image or other information in a public manner. Upon receiving a query the control device determines using the stored customer record whether an individual has authorized use of his or her image. Based upon the determination a response is sent to the querying device indicating whether the use of the image and/or individual's information is authorized.

Abstract: A first processing device obtains a first copy of software from a repository, the first copy including first computer instructions and first data for indicating a running state of a device. A validation request is sent, which includes a seed, an algorithm identifier, a number of random numbers to generate, and a nonce. The first processing device generates the number of first random numbers using the seed and an algorithm corresponding to the algorithm identifier, and maps the first random numbers to memory blocks, each of which includes a respective first computer instruction of the first copy or the first data. A first hash is calculated from contents of the mapped memory blocks and the nonce. A second hash, calculated using information included in the validation request and a software copy on a second processing device, is received. An action is automatically performed when the hashes do not match.

Abstract: Embodiments of the present disclosure may provide a data clean room allowing encryption based data analysis across multiple accounts of different database users. The data clean room may also restrict which data may be used in the analysis and may restrict the output. A requesting user's data can be encrypted using a key and a provider user can generate a shareable database function that accepts the key to decrypt the data to generate the results data without exposing each others' data.

Abstract: A level of classification for each piece of data of one or more pieces of data is determined. A layer of encryption for each piece of data of the one or more pieces of data is determined. A type of encryption for each piece of data of the one or more pieces of data is determined. Other mechanisms applied to each piece of data of the one or more pieces of data is determined. A first constant for the layer of encryption, a second constant for the type of encryption, a third constant for the other mechanisms applied is determined. A risk factor for each piece of data of the one or more pieces of data is determined.

Abstract: A system controls access to target servers in a network and includes: a user interface accessible to the target servers; a memory storing a database providing information to the interface; and a server implementing a discovery engine discovering user rights stored at the target servers and delivering the stored user rights to the database, and a trigger engine. The trigger engine is invoked by detection of a request to add or delete a user or group to a list of privileged groups from a first target server, updates the user rights at a local cache on the first target server, and delivers the updated user rights to database. The trigger engine modifies the discovery engine based on the detection of the request. A local security account manager database is changed to insert or remove a domain account to a local group, in response to the request.

Abstract: An authentication system may receive a request signature corresponding to a user request to view secure user information on a user device and generate a server-side signature matching the request signature to authenticate the user device to receive the secure user information without authenticating the user. The request signature may include a device identifier corresponding to the device, a token code generated by the authentication system and stored by the user device, a timestamp corresponding to the transmission time of the request signature, and a version of the device identifier, the token code, and the timestamp encrypted using a signature key provided to the user device by the authentication system. The authentication system may generate the server-side signature using the timestamp and stored copies of the device identifier, the token code, and the signature key.

Abstract: Provided is an information processing method in an information processing system including a communication apparatus and an information processing apparatus which respectively include a first communication unit and a second communication unit that perform a wireless communication. In the information processing method, the information processing apparatus reads, by using the second communication unit, key information and first information written into a storage area by the communication apparatus, and performs a registration process for registering the communication apparatus. Regardless of communication with the communication apparatus, the information processing apparatus stores in advance second information. The information processing apparatus performs the registration process if the decryption key is generated from the key information, if the first information is decrypted by using the generated decryption key, and if the decrypted first information corresponds with the second information.

Abstract: A method for automatic key management of network access token public keys for 5GC authorization to mitigate security attacks includes providing, at the NRF, a network access token public key status update notification subscription interface that allows producer NFs to subscribe to receive notifications of updates in status of service access token public keys issued by the NRF. When the NRF determines that an update in status of a service access token public key is required, the NRF updates the status of the public key in its local database and notifies producer NFs that have subscribed to receive the updates. The producer NFs use the public keys to validate service requests from consumer NFs. In one variation, the NRF maintains and updates the status of service access token public keys associated with different service access levels.

Abstract: A computerized system and method to allow patient to control and provide a safe, secure and efficient real-time access to the patient's private health records (PHR) stored in the encrypted uniform format in a Private Health Vault (PHV) database. The system utilizes patient's private encryption key for encrypting and decrypting PHR stored in the PHV. The patient (or patient's appointed agent) controls access to the PHR and authorizes by electronic communications with the PHV server to allow doctors to have access to the centrally maintained and structured medical data in the PHV. The access can be limited in duration. The patient's private keys may be stored in a remote Key Bank database, separately form the PHV database, and the location of the patient's PHV data may also require transmission of the location id from a separate Mapping server.

Abstract: Secure operations can be performed using security module instances offered as a web service through a resource provider environment. State data and cryptographic material can be loaded and unloaded from the instance as needed, such that the instance can be reused for operations of different customers. The material and data can be stored as a bundle encrypted using a key specific to the hardware security module and a key specific to the resource provider, such that the bundle can only be decrypted in an instance of that type of security module from the associated manufacturer and operated by that particular resource provider. The customer is then only responsible for the allocation of that instance during the respective cryptographic operation(s).

Abstract: A password hardcoding checking method and apparatus based on PCA, and a medium. the checking method includes: step one, data collection, involving: collecting function code blocks in which data of password hardcoding that is subject to a false alarm is located; step two, extracting feature values in the function code blocks collected in step one, so as to obtain a feature set; step three, using the function code blocks collected in step one to serve as samples to construct a PCA model; and step four, on the basis of the PCA model constructed in step three and the feature set obtained in step two, detecting whether there is a false alarm in password hardcoding. by means of the method, the false alarm rate of hardcoding checking in code scanning is reduced, and the working efficiency of a developer and a code auditor is improved.