Abstract: Techniques are described selecting consensus nodes in a blockchain. A voting process is performed by a plurality of shareholder nodes to generate a voting result for each shareholder node. The voting process comprises each shareholder node voting for a plurality of expected nodes, and the expected nodes and the plurality of shareholder nodes comprise a group of nodes associated with a blockchain. A shareholder node is a node that owns at least one share. A voting result is verified for each shareholder node. After the voting process, a number of shares owned by each node of the group of nodes id determined based on the voting result. A plurality of consensus nodes are selected from shareholder nodes based on the number of shares owned by each of the shareholder nodes.

Abstract: A method for associating a communicating object with at least one user. A remote server receives a signal requesting an association between an user identifier and an object identifier. The server verifies an authorization for the association between the object identifier and the user identifier, including verification of whether or not there is pre-existing association of the object identifier with at least one other user identifier. If association is authorized, the object identifier is associated with the user identifier in a database which can be accessed by the remote server. The database includes at least one user identifier list and one object identifier list.

Abstract: A secure method for establishing communications to provision modules in an industrial control system generates a certificate signing request to obtain a signed security certificate. A mobile device is located proximate to the module with the certificate signing request, and the mobile device has previously established itself as a secure communication interface on the network. The mobile device establishes a first connection between the module and the mobile device via a short-range protocol and a s second connection between the mobile device and a signing server via a network. The mobile device retrieves the certificate signing request via the first connection and transmits the certificate signing request to the signing server via the second connection. Because the mobile device has previously established itself as a secure interface, the transmission of the certificate signing request to the signing server may be made via a secure connection.

Abstract: Systems, methods, and software can be used to generating security manifests for software components using binary static analysis. In some aspects, one computer-implemented method includes performing a binary static analysis of a binary software component to determine one or more security characteristics of the binary software component; generating a security manifest for the binary software component including the determined one or more security characteristics of the binary software component; and providing the security manifest to a software management system configured to determine whether to deploy the binary software component based on the security manifest.

Abstract: A computer-implemented technique is described herein for removing sensitive content from documents in a manner that preserves the usefulness of the documents for subsequent analysis. For instance, the technique obscures sensitive content in the documents, while retaining meaningful information in the documents for subsequent processing by a machine-learning engine or other machine-implemented analysis mechanisms. According to one illustrative aspect, the technique removes sensitive content from documents using a modification strategy that is chosen based on one or more selection factors. One selection factor pertains to the nature of the processing that is to be performed on the documents after they have been anonymized.

Abstract: Techniques are described related to for generating/distributing state machines that are implemented within a security zone to obtain private information from one or more resources within the security zone. In various implementations, an automated assistant client implemented by processor(s) within the security zone may receive a free form natural language query (“FFNLQ”) that is answerable using private information available from resource(s) within the security zone. Data indicative of the FFNLQ may be provided to a semantic processor outside of the security zone, and the online semantic processor may return a state machine that is implemented by processor(s) within the security zone to obtain the private information from resource(s) within the security zone. Based on the state machine and the obtained private information, natural language output may be generated and presented to convey information responsive to the FFNLQ.

Abstract: Disclosed are various embodiments for a social networking behavior-based identity system that employs social networking data that a user has elected to share through an opt-in procedure. An assertion of a user identity is received from a client. It is determined whether the assertion of the user identity specifies a correct security credential. Social networking data identifying a circle of friends is received. It is determined whether the user identity belongs to a user at the client based at least in part on a reputation of one or more members of the circle of friends and whether the assertion of the user identity specifies the correct security credential.

Abstract: A method including extracting, from initial data transmitted on a network, multiple events, each of the events including a user accessing a resource. First and second sets of records are created, each first set record including a sub-group of the events of a user, each second set record including a sub-group of the events of a multiple users during respective sub-periods of a training period. Safe labels are assigned to the first set records and suspicious labels are assigned to the second set records. An analysis fits, to the first and the second set records and their respective labels, a model for predicting the label for a given record. The model filters subsequent network data to identify, in the subsequent data, sequences of events predicted to be labeled suspicious by the model, and upon detecting a given sequence of events predicted as suspicious by the model, an alert is generated.

Abstract: Method, device, and system of detecting a mule bank account, or a bank account used for terror funding or money laundering. A method includes: monitoring interactions of a user with a computing device during online access with a banking account; and based on the monitoring, determining that the online banking account is utilized as a mule bank account to illegally receive and transfer money. The method takes into account one or more indicators, such as, utilization of a remote access channel, utilization of a virtual machine or a proxy server, unique behavior across multiple different account, temporal correlation among operations, detection of a set of operations that follow a pre-defined mule account playbook, detection of multiple incoming fund transfers from multiple countries that are followed by a single outgoing fund transfer to a different country, and other suitable indicators.

Abstract: The present disclosure includes systems and methods for quorum-based data recovery, in which data is recovered provided at least a minimum number of quorum data portions are presented. In exemplary embodiments, a predetermined minimum number of versions of original data is received, and the original data is reconstructed from the received versions, wherein the original data cannot be reconstructed without loss unless a predetermined minimum number of versions is received. In other embodiments, erroneous or corrupted quorum data portions are detected and associated participants presenting said erroneous or corrupted quorum data portions are identified.

Abstract: A method, system and computer-usable medium for performing an adaptive security operation comprising: performing an authentication operation via a first device, the authentication operation analyzing an obligation performed by a first user; establishing access to a protected resource by the first device based upon the obligation performed by the first user; generating an attribute list comprising at least one attribute of the first device; analyzing a second device to determine whether the second device comprises an attribute corresponding to the at least one attribute of the first device; and, allowing access to the protected resource by the second device when the second device comprises the attribute corresponding to the at least one attribute of the first device.

Abstract: A system and method of evaluating one or more cybersecurity vulnerabilities to establish a priority metric for each of the one or more cybersecurity vulnerabilities, the method including: constructing a cybersecurity attack schema for each of the one or more cybersecurity vulnerabilities; determining, for each of the plurality of malicious actions of each of the one or more cybersecurity vulnerabilities, one or more resource metrics; obtaining, for each of the one or more cybersecurity vulnerabilities, one or more final resource metrics based on evaluating each of the one or more resource metrics; obtaining, for each of the one or more cybersecurity vulnerabilities, an impact metric that is indicative of a degree of damage that can be caused by the cybersecurity vulnerability; and calculating, for each of the one or more cybersecurity vulnerabilities, a cybersecurity priority level based on the impact metric and the one or more final resource metrics.

Abstract: A method and apparatus of a device that stores an object on a plurality of storage servers is described. In an exemplary embodiment, the device shares an object between a first user and a second user stored in a secure virtual storage space. In this embodiment, the device storing an object in a secure virtual storage space, where the object is encrypted using an object key and is stored as a first plurality of different randomized bit vectors stored in a first plurality of storage servers in the secure virtual storage space. In addition, the device retrieves a private first user key from a client and retrieves a public second user key from the secure virtual storage space. Furthermore, the device creates a datagram key from the private first user key and the public second user key. The device additionally encrypts the object key using the datagram key to generate a datagram.

Abstract: A method in one example implementation includes extracting a plurality of data elements from a record of a data file, tokenizing the data elements into tokens, and storing the tokens in a first tuple of a registration list. The method further includes selecting one of the tokens as a token key for the first tuple, where the token is selected because it occurs less frequently in the registration list than each of the other tokens in the first tuple. In specific embodiments, at least one data element is an expression element having a character pattern matching a predefined expression pattern that represents at least two words and a separator between the words. In other embodiments, at least one data element is a word defined by a character pattern of one or more consecutive essential characters. Other specific embodiments include determining an end of the record by recognizing a predefined delimiter.

Abstract: A key ceremony application creates bundles for custodians encrypted with their passphrases. Each bundle includes master key share. The master key shares are combined to store an operational master key. The operational master key is used for private key encryption during a checkout process. The operational private key is used for private key decryption for transaction signing in a payment process. The bundles further include TLS keys for authenticated requests to create an API key for a web application to communicate with a service and to unfreeze the system after it has been frozen by an administrator.

Abstract: Apparatus and methods are provided for tracking and validating behavior and communication patterns of sensors on an Internet-of-Things (“IoT”) network. Preferably, a tracking node is assigned to monitor activity of a target node. The tracking node may hand-off monitoring responsibility to another node on the network. A tracking node may intercept communications of a target node. A first tracking node may monitor activity of the target node in a first geographic location. A second tracking node may monitor activity of the target node in a second geographic location. Two or more tracking node may monitor activity of the target node in a geographic location.

Abstract: Embodiments disclosed herein provide systems and methods for mitigating attacks on a WebRTC system at the edge of an enterprise network. In a particular embodiment a method provides obtaining access criteria regarding access to a WebRTC system in the enterprise network, wherein the access criteria comprise instructions for allowing WebRTC connections with the WebRTC system. The method further provides receiving WebRTC signaling associated with WebRTC connections between the WebRTC system and endpoints having network addresses outside the enterprise network and blocking at least one connection associated with the WebRTC signaling from participating in WebRTC communications with the WebRTC system based on the access criteria.

Abstract: A process receives a specification of a finite-state machine and an encrypted language element of a language over an input alphabet for the finite-state machine. The received encrypted language element is encrypted with a selected public key of a plurality of public keys. The process decrypts the encrypted language element using each private key of a plurality of private keys corresponding to the public keys. The decrypting provides a plurality of decrypted language elements and the process applies each decrypted language element to the finite-state machine. The process identifies a decrypted language element that that is accepted by the finite-state machine. The process identifies a private key, of the private keys, used in the decrypting that provided the decrypted language element identified as being accepted by the finite-state machine. The process receives from the message sender an encrypted message, and uses the identified private key in decrypting the encrypted message.

Abstract: Methods and systems for neutralizing malicious locators. Threat actors may shut down their web pages or applications (i.e., resources) that serve malicious content upon receiving request(s) configured to be perceived by the resource as non-browser requests. Therefore, initiating (large-scale) non-browser requests, or requests that are at least perceived as non-browser requests, may effectively act to inhibit, or even nullify, intended attack vectors.

Abstract: Embodiments are directed to monitoring network traffic associated with networks to provide metrics. A monitoring engine may determine an anomaly based on the metrics exceeding threshold values. An inference engine may be instantiated to provide an anomaly profile based on portions of the network traffic that are associated with the anomaly. The inference engine may provide an investigation profile based on the anomaly profile such that the investigation profile includes information associated with investigation activities associated with an investigation of the anomaly. The inference engine may monitor the investigation of the anomaly based on other portions of the network traffic such that the other portions of the network traffic are associated with monitoring an occurrence of the investigation activities. The inference engine may modify a performance score associated with the investigation profile based on the occurrence of the investigation activities and a completion status of the investigation.