Abstract: Disclosed herein is a system architecture that structures commodity heterogeneous interconnected computing platforms around universal object abstractions, which are fundamental system abstractions and building blocks that provides practical and provable end-to-end guarantees of security, correctness, and timeliness for the platform.

Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for enhanced secure resource transmissions based on image capture via a resource processing terminal device. The invention provides a secure platform for transformation and structuring of resource data at a resource instrument device, and authentication of resource data, prior to initiation of a resource activity at the resource processing terminal device. Specifically, the invention is structured to construct an authorized credential element for processing of a resource activity at a first time interval prior to initiation of the resource activity. The invention is structured to execute a first resource processing activity at a subsequent time interval using the first authorized credential element, upon determining that the authorized credential element is compatible with the activity, and that the authorized credential element is pre-authenticated.

Abstract: The present invention discloses a watermark embedding method based on service invocation data, comprising obtaining service invocation data, and preprocessing the invocation data, then, obtaining the key data through screening the preprocessed invocation data based on relevant weights, then, adding timestamps to the key data to obtain enhanced data, after that, selecting the contribution degree of the enhanced data to obtain high-quality data, and encoding the high-quality data to generate encoded data, then, constructing a data watermark embedding model by employing the encoded data, and inputting the service invocation data to be embedded into the data watermark embedding model, and thus the embedding results can be output. This method can not only improve the accuracy of watermark embedding for service invocation data, but also provides good interpretability, making it directly applicable to watermark embedding systems.

Abstract: A system and method detect a row hammer attack on the memory media device and generates a hardware interrupt based on the detection of the row hammer attack. This row hammer interrupt is communicated to an operating system of a host computing device, which in turn performs an interrupt service routine including generating a command to perform a row hammer mitigation operation. This command is provided to the memory controller which performs the row hammer mitigation operation in response to the command such as activating victim row(s) of the memory media device or throttling data traffic to the memory media device.

Abstract: According to an example embodiment, a technique for data acquisition is provided, comprising: receiving, from an intermediate apparatus, a trusted aggregate data object comprising aggregate data object that comprises aggregate data comprising a respective trusted source data object for one or more data source apparatuses mapped to the intermediate apparatus and an intermediate apparatus quote that is descriptive of one or more aspects of a configuration of the intermediate apparatus upon production of the aggregate data, and an intermediate apparatus signature comprising a digital signature derived based on the aggregate data object using a first key assigned to the intermediate apparatus; and verifying, based at least in part on information received in the trusted aggregate data object, integrity of data included in the trusted aggregate data object and integrity of the intermediate apparatus.

Abstract: Systems and techniques for security content delivery based on tagged personas are described herein. User data may be obtained for a user of a network file system. Attributes may be extracted from the user data to establish a user persona. Event data may be obtained for a security event experienced by the network file system. The security event may be associated with the user. A set of available remediation content items may be identified using the event data. A content item may be selected from the set of remediation content items using the user persona. A transmission medium may be determined for transmission of the content item to the user using the user persona. The content item may be transmitted to the user via the transmission medium.

Abstract: A system determines, in a graph which represents a system of components: vulnerability nodes representing known vulnerabilities to the system, including exposed and non-exposed vulnerability nodes associated with an exploitation likelihood; and dependency nodes representing components in the system, including direct and indirect dependency nodes associated with an exposure factor indicating an amount of degradation based on exploitation of an associated vulnerability. The system calculates, across all non-exposed vulnerability nodes and all direct dependency nodes, a score which indicates an attack volume based on at least: a respective second likelihood associated with a non-exposed vulnerability node; an exposure factor associated with a dependency node which represents a component directly degraded based on exploitation of a vulnerability; and a loss of utility of the component.

Abstract: A method of multi-factor authentication, the method comprising computer executed steps, the steps comprising: from a computer of a cloud service, receiving data identifying a user logged-in to the cloud service after being successfully authenticated using a first authentication factor, communicating with a client device of the logged-in user, for receiving a second authentication factor from the logged-in user, determining whether the second authentication factor received from the logged-in user is valid, based on a result of the determining, determining a first user-permission policy for the logged-in user, and communicating the determined first user-permission policy to the computer of the cloud service, for the cloud service to base a restriction of usage of the cloud service by the logged-in user on.

Abstract: Disclosure are techniques for allocating aggregation devices in a lawful intercept system. In an embodiment, a method includes maintaining a list of point of interception aggregation (PAG) functions in a network function repository function (NRF) of a cellular network upon instantiation of the PAG functions; receiving a lawful intercept (LI) request; querying the NRF to determine a respective PAG function; and associating a point of interception (POI) function with the respective PAG function.

Abstract: One or more first servers can implement an example method including storing, at a memory accessible by the first one or more servers, a primary email address for a user. The method further includes detecting a request, from a client device associated with the user, to access a network resource hosted at a second one or more servers, wherein the network resource is associated with an online service. The method also includes automatically generating a secondary email address for the user that is unique to the online service; and transmitting the secondary email address to the second one or more servers such that the online service receives the secondary email address for the user without receiving the primary email address for the user, thereby enabling the online service to transmit emails to the user despite not receiving the primary email address for the user.

Abstract: A system for providing updatable secure content resource. A content server may pay a content resource on the content author for an access by a requester. The content server receives a session request call from the requester prior to accessing the content resource. In response to the session request, the content server generates a session for the requester. The content server generates a payload that includes a location identifying the content resource on the content author and embeds the embedded cryptographic content. The content server transmits the generated payload to the requester. A resource server may receive an authentication access request in response to the embedded cryptographic content. In response to authenticating the authentication access request, the resource server provides the access to the requester.

Abstract: Embodiments of the present disclosure provide a method, a system and a non-transitory computer-readable medium to securely pass a message. The method includes executing, by a processing device, a floating persistent volumes service (FPVS) to allocate and attach persistent volume (PV) to a first node in a mesh network to pass a payload in the PV to the first node; and sending a first message to the first node to inform the first node to read data from the payload in the PV.

Abstract: An information processing apparatus includes: an acquisition unit configured to acquire learning data containing a plurality of items, the learning data being assigned a first level and a second level whose threat level is higher than the first level; a first feature value detection unit configured to detect a first feature value of a specific character string from learning data belonging to the first level; a second feature value detection unit configured to detect a second feature value of the specific character string from learning data belonging to the second level; a difference detection unit configured to detect a difference between the first and second feature values; and a selection unit configured to select, when there is the difference, learning data of an item to which the specific character string belongs.

Abstract: The invention is related to security systems and methods for proactively informing a user about an artifact associated with a clickable object on a user interface with which the user is interacting, where such information is provided to the user prior to selection of the clickable object. The information includes a safety assessment of the clickable object, details about the underlying artifact, such as the contents of an archive file, and general information helpful in assisting the user with making a decision as to whether to select the clickable object.

Abstract: An integrated method for uploading data on a blockchain comprising: receiving an editable text data or an editable form data by the data source computer device; determining whether a file update time of the editable text data or the editable form data is later than a last change time stored by the service server and corresponding to the data by the data source computer device; sending the data to the service server when the data source computer device determined that the file update time is later than the last change time by the data source computer device; executing a corresponding service that is able to access data of a blockchain and upload the data to the blockchain according to the data from the data source computer device by the service server. Therefore, the data can be efficiently and quickly uploaded to the blockchain.

Abstract: A quantum block-chained authentication solution with quantum authentication processes for data transmissions passing through a peer-to-peer (P2P) network including a plurality of agent nodes comprises a system that is capable of not only performing a smart contract on a block-chained virtual-machine mechanism for transmitting a data from an agent node to another agent node passing through a plurality of paths in a secure way implemented via proprietary quantum authentication processes, but also detecting and reacting to a malicious behavior within a transmission in time.

Abstract: Techniques are presented for physically incapacitating data storage functionality of a computer data storage device for preventing access of data stored on the device. A security breach can be detected of a device housing a component communicable with a computer and where digital data is storable on the component. A mechanism can be activated for physically disabling the component in the device, in response to the detecting of the security breach. The incapacitating of the component can be a result of the mechanism physically contacting the component, in response to the activation of the mechanism, and the incapacitating of the component renders digital data stored on the component unretrievable by a computer.

Abstract: Methods, systems, and devices for wireless communications are described for physical layer signature feedback to enhance security in wireless communications. A user equipment (UE) and a network entity may apply a physical layer signature, such as an artificial physical layer impairment, to one or more physical layer signals that may be measured to identify a physical layer signature of the associated physical layer signal. The UE, upon receipt of a physical layer signal, may check if the identified signal includes a physical layer signature of a set of valid physical layer signatures. If the received physical layer signature matches a valid physical layer signature, the UE may operate in accordance with procedures associated with the signal. If the received physical layer signature does not match a valid physical layer signature, the UE may transmit a message to the network entity that indicates an unmatched physical layer signature.

Abstract: In one embodiment, a method herein comprises: receiving, at a device, a registration request from a telemetry exporter that transmits telemetry data; generating, by the device, a telemetry configuration file for the telemetry exporter, the telemetry configuration file defining a policy for transmission of telemetry data from the telemetry exporter and an authentication token for the telemetry exporter; sharing, by the device, the policy with a security enforcer; and sending, by the device, the telemetry configuration file to the telemetry exporter, wherein the telemetry exporter is caused to connect with the security enforcer using the authentication token, send the telemetry configuration file to the security enforcer, and transmit collected telemetry data to the security enforcer, and wherein the security enforcer is caused to create a dynamic publish-subscribe stream for publishing the collected telemetry data received from the telemetry exporter based on the telemetry configuration file and the policy.

Abstract: This disclosure describes systems and techniques for using controlling access to user information using ephemeral user identifiers. In one aspect, a method includes determining, for a given domain, engagement by a user with content provided by the given domain for display by an application at a client device of the user. A determination is made, based on the engagement by the user, to extend, for the given domain, a linkage between user identifiers for a user of the application. In response to determining to extend, for the given domain, the linkage between the user identifiers for the user of the application, one or more future domain-specific ephemeral user identifiers for the user and the given domain are obtained. An attestation record that includes a current domain-specific ephemeral user identifier and the one or more is generated and sent to the given domain.