Abstract: A system and method for generating a cryptographic key using a sequence of data segments selected by a user from one or more data resources. Raw data from the one or more data resources corresponding to each of the selected data segments, and the sequence in which such data segments are selected, is extracted and processed to generate a key. The key can be used for any cryptographic and authentication purpose. By enabling a user to select the sequence of data segments from the one or more data resources in any manner the user desires, the user can create a strong key, but also easily remember the underlying data resource and chosen sequence. This technique provides enhanced security while maintaining ease of creation and use of such security.

Abstract: A method for storing encrypted data in a non-volatile memory device, that includes receiving, by a processor, an indication of a power interruption event; disabling, based on the indication, decryption of encrypted data read from a volatile memory module; copying the encrypted data from the volatile memory module to cache; and copying the encrypted data from the cache to the non-volatile memory device.

Abstract: A public key infrastructure (PKI) ecosystem includes a first organization computer system having a first processor, a first memory, and a first organization process including instructions that are (i) encoded in the first memory, and (ii) executable by the first processor. The ecosystem further includes a second organization computer system having a second processor and a second memory, a digital ledger, and domain name system security extensions (DNSSEC). When executed, the first instructions cause the first processor to create at least one public/private PKI keypair for a first domain name, in the DNSSEC, register the first domain name and create a certificate authority (CA), register the CA in the blockchain, using the CA, create a certificate for a first entity, register the certificate in the blockchain and/or the DNSSEC, and assert, to the second organization computer system, trust in the first entity based on the registered certificate.

Abstract: Systems and methods for verifying proofs generated from shared data without revealing the shared data are provided. In one aspect, a method comprises receiving, from a first node, a first proof generated from a first private key associated with the first node and data shared between the first node and a second node; receiving, from the second node, a second proof generated from a second private key associated with the second node and the shared data; verifying, without revealing the shared data, the first proof and the second proof were both generated from the shared data with a first public key mathematically related to the first private key, and a second public key mathematically related to the second private key; and preforming an action based on the verification of the first proof and the second proof both being generated from the shared data.

Abstract: A method for storing database security audit records, comprises: S1, when a database server recognizes an auditable event to generate one database security audit record, identifying the database security audit record with a hashed value so that each database security audit record corresponds to a unique hashed value respectively; S2, packaging multiple database security audit records into a database security audit record block; and S3, transmitting the database security audit record block in encrypted way by adopting a peer-to-peer protocol for direct network communication between two nodes, and verifying an ownership of the database security audit record block. The disclosure has the beneficial effects that through an encryption mechanism and a consensus mechanism, storage of database security audit records is achieved in a peer-to-peer network, thereby ensuring that the database security audit records cannot be tampered and forged.

Abstract: The present disclosure is related to implementations of computing systems. In particular, it is related to the use of an array of PUFs to enhance security of distributed elements that use security systems.

Abstract: A method of selecting a distributed framework includes identifying, by a selection device coupled to a memory, at least a first remote device of a plurality of remote devices, wherein identifying the at least a first remote device further comprises and evaluating a secure proof generated by the at least a first remote device, and identifying the at least a first remote device as a function of the secure proof, assigning, by the selection device, a confidence level of the at least a first remote device, and selecting, by a selection device, a distributed framework from the plurality of remote devices as a function of the confidence level, and assigning a task to the distributed framework.

Abstract: Requests submitted to a computer system are evaluated for compliance with policy to ensure data security. Plaintext and associated data are used as inputs into a cipher to produce ciphertext. Whether a result of decrypting the ciphertext can be provided in response to a request is determined based at least in part on evaluation of a policy that itself is based at least in part on the associated data. Other policies include automatic rotation of keys to prevent keys from being used in enough operations to enable cryptographic attacks intended to determine the keys.

Abstract: An apparatus includes a first feed-forward PUF, a second feed-forward PUF and an exclusive-or circuit configured to perform an exclusive-or operation of an output of the first feed-forward PUF and an output of the second feed-forward PUF.

Abstract: A select processor obtains a request to perform a requested operation. The request includes encrypted data and a protected key. The protected key is to be used by the select processor on behalf of an entity unauthorized to use the protected key. The encrypted data is decrypted using the protected key to obtain decrypted data. The requested operation is performed on the decrypted data to obtain resulting data. The resulting data is encrypted (e.g., using the protected key) to obtain encrypted resulting data. The encrypted resulting data is provided to a requestor of the request.

Abstract: A memory card locking device is provided. The memory card locking device includes an external card reader having a card slot in which a memory card is allowed to be inserted. The external card reader includes a main controller. The main controller is configured to receive a locking instruction from an application, and execute a locking program on the memory card to lock the memory card according to the locking instruction. When the memory card is locked, any device other than the external card reader cannot read and identify the memory card, and thus cannot look up and access data stored in the memory card.

Abstract: Provided is an intrusion detection technique configured to: obtain kernel-filter criteria indicative of which network traffic is to be deemed potentially malicious, determine that a network packet is resident in a networking stack, access at least part of the network packet, apply the kernel-filter criteria to the at least part of the network packet and, based on applying the kernel-filter criteria, determining that the network packet is potentially malicious, associate the network packet with an identifier of an application executing in userspace of the operating system and to which or from which the network packet is sent, and report the network packet in association with the identifier of the application to an intrusion-detection agent executing in userspace of the operating system of the host computing device, the intrusion-detection agent being different from the application to which or from which the network packet is sent.

Abstract: Techniques described herein relate to a methods and systems for asset classification, which may include: identifying, in a backup domain, a first asset and a second asset; performing a first analysis of the first asset to determine a set of first asset characteristics; performing a second analysis of the second asset to determine a set of second asset characteristics; creating a first asset group based on the first analysis and the second analysis, the first asset group comprising the first asset and the second asset; and assigning a first backup policy to the first asset group.

Abstract: A method at a computing device within an Intelligent Transportation System, the method comprising: determining, at the computing device, whether a short-term certificate is available to sign a message; if the short-term certificate is available, signing the message with a private key associated with the short-term certificate; if the short-term certificate is not available, signing the message with a private key associated with a long-term certificate; and sending the message to a recipient.

Abstract: Ransomware attack (RWA) detection is performed during an incremental or differential backup of a system of folders or directories of a computer or network of computers via an electronic network. The RWA detection includes processing incremental or differential backup metadata acquired during the incremental or differential backup to determine whether a RWA alert is issued. RWA remediation is performed at least in part on the RWA alert being issued. The RWA alert may be issued based on processing of the incremental or differential backup metadata to identify candidate new files and candidate deleted files in which the candidate new files are candidates for being encrypted copies of the candidate deleted files. RWA alert criterion may be based on counts of new versus deleted files in a folder or directory, and comparison of file sizes of the new versus deleted files.

Abstract: An illustrative method includes a data protection system determining that a total amount of read traffic and write traffic processed by a storage system during a time period exceeds a threshold, the read traffic representing data read from the storage system during the time period and the write traffic representing data written to the storage system during the time period, determining that the write traffic is less compressible than the read traffic, and determining, based on the total amount of read traffic and write traffic exceeding the threshold and on the write traffic being less compressible than the read traffic, that the storage system is possibly being targeted by a security threat.

Abstract: A cloud-native global file system, in which one or more filers are associated with a volume of a versioned files system in a private, public or hybrid cloud object store, is augmented to include a rapid ransomware recovery service. Upon detecting a ransomware attack associated with one or more files or directories of the volume, read and write access to the volume is restricted. A recovery filer is then activated or designated in the cloud. A restore operation is then initiated at the recovery filter. Following completion of the restore operation, a new clean (healthy) snapshot of the volume is then created using the recovery filer For any filer other than the recovery filer, a determination is made whether the filer has completed a merge operation with respect to the new clean snapshot. If so, read and write access to the volume is re-enabled from that filer.

Abstract: System, method, and device of detecting identity of a user and authenticating a user; as well as detecting a possible attacker or impostor, and differentiating among users of an electronic device or of a computerized service. A mobile or portable electronic device is utilized to capture a self-taken image or video of a user, which is utilized as a user-authentication factor. The accelerometer and gyroscope or device-orientation sensor of the mobile device, sense and measure spatial and physical device properties during, before or after the submission of the self-taken image or video. Based on such spatial and physical device properties, in combination with computer-vision analysis of the content shown in the self-taken image or video, the system determines liveness of the user and freshness of the submitted self-taken image or video, and differentiates between a legitimate user and an attacker.

Abstract: A system comprises a data storage service includes a web service interface operating as a proxy to the data storage service. Data obtained at the data storage service is analyzed by one or more criteria of a data loss prevention policy, the data is encrypted by a key that is inaccessible to a remote service, and then the encrypted data is transmitted to the remote service.

Abstract: Embodiments are directed to monitoring network traffic associated with networks to provide metrics. A monitoring engine may determine an anomaly based on the metrics exceeding threshold values. An inference engine may be instantiated to provide an anomaly profile based on portions of the network traffic that are associated with the anomaly. The inference engine may provide an investigation profile based on the anomaly profile such that the investigation profile includes information associated with investigation activities associated with an investigation of the anomaly. The inference engine may monitor the investigation of the anomaly based on other portions of the network traffic such that the other portions of the network traffic are associated with monitoring an occurrence of the investigation activities. The inference engine may modify a performance score associated with the investigation profile based on the occurrence of the investigation activities and a completion status of the investigation.