Abstract: Various automated techniques are described herein for the runtime detection/neutralization of malware executing on a computing device. The foregoing is achievable during a relatively early phase, for example, before the malware manages to encrypt any of the user's files. For instance, a malicious process detector may create decoy file(s) in a directory. The decoy file(s) may have attributes that cause such file(s) to reside at the beginning and/or end of a file list. By doing so, a malicious process targeting files in the directory will attempt to encrypt the decoy file(s) before any other file. The detector monitors operations to the decoy file(s) to determine whether a malicious process is active on the user's computing device. In response to determining that a malicious process is active, the malicious process detector takes protective measure(s) to neutralize the malicious process.

Abstract: A method for encrypting data when a device is offline is disclosed. In the method, a determination is made as to whether a successful connection with a remote server computer can or cannot be made. If a connection cannot be made, then data can be encrypted with an ephemeral public key. Later, then a connection is available, the encrypted data can be transmitted to the remote server computer for processing.

Abstract: A method for performing an encrypted data operation may include generating an encrypted hierarchical path identifier corresponding to a hierarchical data space for at least one plaintext data operation that preserves the hierarchy of the hierarchical data space. The at least one plaintext data operation may correspond to at least one subdivision of the hierarchical data space. The method may further include encrypting the at least one plaintext data operation, and sending a request to perform an encrypted data operation to a server. The request may include the encrypted data operation and the encrypted hierarchical path identifier.

Abstract: A device configured to implement multiple locks to increase security of assets associated with the device including an embedded system, a multi-lock mechanism configured to provide a plurality of locks to prevent an authorized access to the assets associated with the embedded system, each of the plurality of locks of the multi-lock mechanism having an different unlock parameters, a memory configured to securely store at least one of the lock parameters of the plurality of locks of the multi-lock mechanism, the memory further configured to securely store at least one of the unlock parameters of the multi-lock mechanism, and the embedded system further configured to provide access to the assets after each of the lock parameters of the plurality of locks of the multi-lock mechanism is provided the unlock parameters of the multi-lock mechanism.

Abstract: An integrated circuit, comprising: a volatile memory module configured to store a cryptographic key; a capacitor array for providing power to the volatile memory module; and a power switching logic arranged to connect and disconnect the memory module from the capacitor array, the power switching logic being configured to operate in at least one of a first operating mode and a second operating mode, wherein, when the power switching logic operates in the first operating mode, the power switching logic is configured to disconnect the capacitor array from the volatile memory module in response to detecting a change of state of a break line, and, when the power switching logic operates in the second operating mode, the power switching logic is configured to disconnect the capacitor array from the volatile memory module in response to detecting that a voltage at a connection terminal of the integrated circuit exceeds a threshold.

Abstract: A method includes: a) receiving node identifiers from nodes of a plurality of nodes in a computer network; b) determining a plurality of node committees in a sampler graph comprising a plurality of nodes, wherein the node is present in a node committee in the plurality of node committees; c) and i) generating a random string; ii) performing a proof of work process using the random string and a hash function; iii) if the proof of work process yields a solution that is acceptable, then broadcasting the solution to all other nodes in the plurality of nodes, wherein the other nodes verify the solution; and iv) if the other nodes verify the solution, the node is elected to a subcommittee for the node committee, wherein the subcommittee updates the sampler graph; and d) repeating steps b) and c) until a leader committee is determined.

Abstract: Various embodiments are provided for providing real-time context-based detection and classification of data in a computing environment are provided. Data may be received from a user. Contextual information may be learned from the data received from a user using a machine learning operation. The data may be classified according to the contextual classification criteria applied to contextual information derived in real time from the data.

Abstract: A data anonymization pipeline system for managing holding and pooling data is disclosed. The data anonymization pipeline system transforms personal data at a source and then stores the transformed data in a safe environment. Furthermore, a re-identification risk assessment is performed before providing access to a user to fetch the de-identified data for secondary purposes.

Abstract: This application relates to apparatus and methods for automatically determining and enforcing user permissions for applications and application features. In some embodiments, a system includes a server and a user device. The server may determine a user of the user device based on receiving login credential data. The server may further obtain user attributes for the user including, in some examples, a location of the user. The server may further obtain an attribute-based control policy that identifies relationships between a plurality of possible user attributes. For example, the control policy may identify attribute requirements that must be met for enablement of a particular application feature. Additionally, the server may determine user permissions for the user based on the control policy and the user attributes. The server may transmit the user permissions to the user device, and the user device configures the corresponding application according to the user permissions.

Abstract: Protection of a data file to be used by a white-box cryptography software application installed in memory of a device to prevent the malevolent use of a digital copy of the data file by a white-box cryptography (WBC) software application installed in memory of another device. The mechanism includes extracting an unique identifier for the device from the environment of the device and modifying data in the data file according to the unique identifier, the available white-box cryptography software application includes a software security layer to retrieve the unique identifier from the environment of the device in which the software application is installed and to use this unique identifier in combination with the stored data file when executing, the result of the execution being correct only in case where the correct unique identifier has been extracted by the executed WBC software application.

Abstract: A method of using a user terminal to provide secure authenticated registration between a user and a third party, the method comprising: reading a chip to receive chip data stored on the chip (S408); transmitting the chip data, via a network interface of the user terminal, over a network to an authentication server associated with said third party (S410) and in response receiving via said network interface a notification message from the authentication server (S412); determining whether the identification document is authentic based on the notification message from the authentication server (S414), wherein in response to determining that the identification document is authentic, the method further comprising: outputting, via at least one output device of the user terminal, an authentication challenge to the user (S418); receiving image data as a response to the authentication challenge (S420); and transmitting the image data, via the network interface, over the network to the authentication server for authenti

Abstract: Disclosed is an electronic apparatus. The electronic apparatus includes: a non-volatile memory having no internal controller; and a controller configured to: control the non-volatile memory, and transmit, to the non-volatile memory, first data and a generated first message authentication code (MAC). Accordingly, it is possible to efficiently defend against a replay attack in a non-volatile memory having no internal controller.

Abstract: Apparatuses and methods related to logging failed authentication attempts. Failed authentication attempts can be logged in the circuitry by degrading the circuitry. The degradation can signal a fail authentication attempt while an amount of the degradation can represent a timing of the error.

Abstract: A device obtains previously created data content. The device unmasks and extracts one or more chain of custody blocks stored in association with the data content. The one or more chain of custody blocks includes chain of custody data identifying who, when, where, and, with what hardware and/or software, created or edited the data content. The device analyzes the one or more chain of custody blocks and validates an origination of the data content based on the analysis of the one or more chain of custody blocks.

Abstract: A computer-implemented method includes: receiving system information data representing configurations of digital systems; receiving attack information data associated one or more of the digital systems; analyzing the received system information data and attack information data, to associated attack types; identifying, for each identified attack type, correlations and/or causalities between individual system constituents or combinations thereof in the digital systems associated with attacks; determining and assigning, based on the identified correlations and/or causalities, an attack vulnerability value, for each attack, respectively, to each of the systems and/or systems' constituents and/or combinations thereof; and retrievably storing attack vulnerability values associated with the systems, system constituents and/or combinations thereof.

Abstract: In some embodiments, an apparatus includes a memory and a processor. The processor can further be configured to extract a set of scripts from potentially malicious a file. The processor can further be configured to concatenate a representation of each script from the set of scripts with a representation of the remaining scripts from the set of scripts to define a script string. The processor can further be configured to define a feature vector based on the set of n-gram representations of the script string for input of the feature vector to a neural network for output. The processor can further be configured to identify, based on the output from the neural network, a maliciousness classification of the file.

Abstract: A system and method mediate transfer of encrypted data files between local applications and external computer systems. Application containers perform cryptographic operations using stored credentials to decrypt data coming from these external systems and configurably forward them to the local applications, and to encrypt data sent from the local applications to the external systems. Access to this encryption-as-a-service (EaaS) functionality is gated by a fingerprint service that classifies requests by security level, and detects anomalous requests. Security classification is performed by a supervised machine learning algorithm, while anomalous request detection is performed by unsupervised machine learning algorithm. Stored keys are monitored, and when they near expiration or are damaged, embodiments proactively undertake key renewal and key exchange with the external computer systems. Containerization enables key storage in multiple vaults, thereby making such storage vendor-agnostic.

Abstract: A technique includes receiving, by a processor, a security alert that is generated in response to one or more events occurring in a computer system. The technique includes applying, by the processor, machine learning to the security alert to predict a probability that the security alert will be escalated to an incident; and displaying an output on a display to guide processing of the security alert based on the predicted probability.

Abstract: A quantum-attack resistant operating system for use in a key management mechanism which is a full solution of cyber-security for quantum transmission via optical paths, in order to detect and bypass quantum computing attacks, or to perform quantum counterattacks, during various procedures of quantum key managements; wherein the system avoids the attacks of key tampering, destroying, detecting, and blocking, from other quantum systems in a quantum key storage phase; meanwhile, it also avoids the sniffing from other quantum systems on key entangled properties, in a quantum key clearing phase; in addition, in a quantum key recycling phase, facing quantum computing attacks, it not only can disrupt the judgement of other systems on key verification, but also consumes the computing resources on the attacker side; thereby the present invention provides a protection mechanism which cannot be achieved by a conventional PQC (Post-quantum cryptography) solution.

Abstract: Techniques for access point name and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for access point name (e.g., APN) and application identity (e.g., application identifier) based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify an access point name for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the access point name and the application identifier.