Abstract: Security incident detection based on historian configuration data collected over time is described. Historic configuration data associated with a computing device is updated based on received configuration data indicative of a change in configuration of the computing device in a computer system. The historic configuration data indicates changes to configurations of the computing device over a time period. A determination that relationship between the computing device and an entity of the computer system has changed is made based on the updated historic configuration data. The updated historic configuration data is provided as input to a machine learning (ML) model configured to generate an indication of whether the updated historic configuration data evidences a security incident. In response to the ML model generating an indication that the updated historic configuration data evidences a security incident, a security alert indicative of the evidenced security incident is generated.

Abstract: Aspects of the subject disclosure may include, for example, a device having a processing system including a processor; and a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations including capturing images generated by a fiducial invoked on a user device; determining a context of the fiducial; detect an anomaly in the images based on the context; and responsive to detecting the anomaly, providing a notification of the anomaly. Other embodiments are disclosed.

Abstract: A method for supporting sharing of travel history of travelers in airports includes receiving, by a trusted entity of the distributed ledger system, a registration request from a traveler via a traveler application. The registration request provides personal information of the traveler to the trusted entity. The method further includes generating, by the trusted entity, a public key for the traveler using an identity-based encryption mechanism and sending, from the trusted entity to the global identity blockchain, a registration transaction with respect to the traveler. The registration transaction comprises the public key of the traveler. The method further includes recording a travel history that includes all travel tickets of the traveler, wherein a Merkle tree of all the travel tickets of the traveler is generated. The Merkle tree has a Merkle root, and the Merkle root of the Merkle tree is stored in the global identity blockchain.

Abstract: A framework for efficiently and automatically exploring a data network and accurately identifying network threats, which comprises a plurality of software and hardware-based agents, distributed over the data network. The agents are capable of adjusting or reconfiguring, on the fly, the behavior of the agents and their ability to collect data in a targeted manner, so as to investigate suspicious incidents and alerts and collect data that was not yet collected by the system; collecting forensic data by executing tasks defined in workflows, being distributed threat intercepting programs and reporting about the collected forensic data, back to a Central Control Unit (C&C).

Abstract: Unstructured data items are stored at an object storage service. A filtering requirement to be used to generate a result set for an access request is determined. Using a transformed representation of the filtering requirement, a target set of tokens of the filtering requirement which are to be obfuscated within a log record is identified. A log record that comprises substitute tokens for the target set of tokens is generated and stored.

Abstract: A system, a method and a device for developing a smart contract are provided. A particular embodiment of the system comprises a specification acquisition module configured to acquire specification of a target smart contract interface, a client development module configured to generate, on the basis of the specification of the target smart contract interface, a smart contract client side interface and a smart contract client side agent, the smart contract client side interface and the smart contract client side agent being used to construct a client smart contract application, and a server development module configured to generate, on the basis of the interface specification of the target smart contract, a smart contract server interface and a smart contract server skeleton, the smart contract server interface and the smart contract server skeleton being used to construct a server smart contract.

Abstract: Disclosed herein are techniques for analyzing control-flow integrity based on functional line-of-code behavior and relation models. Techniques include receiving data based on runtime operations of a controller; constructing a line-of-code behavior and relation model representing execution of functions on the controller based on the received data; constructing, based on the line-of-code behavioral and relation model, a dynamic control flow integrity model configured for the controller to enforce in real-time; and deploying the dynamic control flow integrity model to the controller.

Abstract: Disclosed is a zero-knowledge distributed application configured to securely share information among groups of users having various roles, such as doctors and patients. Confidential information may be encrypted client-side, with private keys that reside solely client side. Encrypted collections of data may be uploaded to, and hosted by, a server that does not have access to keys suitable to decrypt the data. Other users may retrieve encrypted data from the server and decrypt some or all of the data with keys suitable to gain access to at least part of the encrypted data. The system includes a key hierarchy with multiple entry points to a top layer by which access is selectively granted to various users and keys may be recovered.

Abstract: Systems and methods are disclosed for security breach notification. In one implementation, an indication of a security breach is received, at a first device with respect to a user account. Based on the indication of the security breach, a processing device generates a security breach notification, the security breach notification including an instruction to initiate at an account repository one or more actions with respect to the user account. An attempt is made to transmit the security breach notification to the account repository via a first communication interface of the first device. In response to a determination that the security breach notification was not successfully transmitted to the account repository, the security breach notification is transmitted to a second device via a second communication interface of the first device.

Abstract: A container corresponding to executable code may be received. In response receiving the container, an assertion value may be stored in an assertion register. A final canary value may be generated based on a cycles combining a prior canary value and a mix value. A determination may be made as to whether the final canary value matches with the assertion value stored in the assertion register. In response to determining that the final canary value matches with the assertion value, one or more privilege registers may be programmed to provide access to hardware resources for the container corresponding to the executable user code.

Abstract: Novel tools and techniques are provided for implementing monitoring and detection of fraudulent or unauthorized use in telephone conferencing systems or voice networks. In various embodiments, a computing system might monitor call activity through telephone conferencing system or voice network. In response to detecting use of the telephone conferencing system or voice network by at least one party based on the monitored call activity, the computing system might identify incoming and/or outgoing associated with a call initiated by the at least one party. The computing system might analyze the identified incoming and/or outgoing call data to determine whether the call initiated by the at least one party constitutes at least one of fraudulent use or unauthorized use of the telephone conferencing system or voice network. If so, the computing system might initiate one or more first actions.

Abstract: A composite device with a high security level is provided. A composite device capable of inhibiting unauthorized use favorably is provided. The composite device includes a control portion, a detection portion, an authentication portion, and a memory portion. The detection portion has a function of detecting a touch and a function of obtaining first fingerprint data of a finger touching the detection portion. The authentication portion has a function of executing user authentication processing. The memory portion has a function of retaining second fingerprint data registered in advance. The control portion has a function of bringing a system into an unlocked state when the authentication portion authenticates a user and a function of comparing the first fingerprint data obtained by the detection portion and the second fingerprint data when the detection portion detects a touch, and bringing the system into a locked state in the case where those data do not match.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for verifying the provenance of a digital object generated by a neural network, such as an image or audio object. Also methods, systems, and apparatus, including computer programs, for training a watermarking neural network and a watermark decoding neural network. The described techniques make efficient use of computing resources and are robust to attack.

Abstract: Disclosed herein is a system architecture that structures commodity heterogeneous interconnected computing platforms around universal object abstractions, which are a fundamental system abstraction and building block that provides practical and provable end-to-end guarantees of security, correctness, and timeliness for the platform.

Abstract: Disclosed is a method and system for authenticating user content authentication. A user content authentication method according to an example embodiment may include authenticating a user that desires to create user content, verifying that the user is directly writing the user content, and creating authentication information on the user content created by the user when it is verified that the user is directly writing the user content.

Abstract: A system is provided which includes at least two production units, which interact in a production process, and a verification module. Each production unit of the at least two production units includes a service module and is configured to transmit first information about one or more features of the production unit to the verification module. The verification module is configured to transmit, to at least one of the at least two production units, second information designating whether the at least two production units exhibit an admissible configuration or whether the at least two production units exhibit no admissible configuration.

Abstract: Systems for providing high-fidelity data management for cross domain analytics may include multiple components. An access management function component may control access to data stored in a data store of a business domain by a user account associated with a search engine domain. A data management function component may select based on at least one of one or more data access privileges for the user account associated with the search engine domain or one or more privacy policies, a data view of multiple data views for viewing the data, and one or more data filters for application to the data. An external API manager component may store in the data store of the business domain cross correlation information that correlates a plurality of machine learning model identifiers of machine learning models of the search engine domain with one or more corresponding business APIs of the business domain.

Abstract: An authentication method and apparatus are provided. In an embodiment, the authentication method includes: receiving, by a first network node, an enrollment request from a second network node; obtaining, by the first network node, position information of the second network node; and authenticating, by the first network node, the second network node according to the obtained position information of the second network node. A flexible simple authentication solution is provided, having low deployment costs.

Abstract: Systems and methods of providing immutable records, and immutable ordering of records, in a computing system are disclosed. The computing system can be a member of a blockchain network of a plurality of blockchains. Each block can include a cryptographic digest (or hash) conforming to a minimum degree of difficulty, a nonce by which the cryptographic digest was generated in conformation with the degree of difficulty, and a list of cryptographic digests of most recent blocks of participating neighbor blockchains. Blocks may be passed between blockchains of the plurality of blockchains, which enables each member of the blockchain network to verify an immutable record of data transactions free of the mutual trust requirement of a typical blockchain environment. In conjunction with the generation of each block, an event record may be entered into an event log of the computing system wherein the block was generated. The event record, which may contain actionable instructions, requests, etc.

Abstract: In a wireless communication network, a wireless access node receives an encrypted slice certificate from a wireless user device and transfers the encrypted slice certificate to a network control-plane. The network control-plane decrypts the encrypted slice certificate and determines a correspondence between expected characteristics and the slice characteristics from the decrypted slice certificate. The network control-plane authorizes the wireless user device for the wireless network slice based on the correspondence. In response to the authorization, the network control-plane transfers user context for the wireless network slice to the wireless access node and a network user-plane. The wireless access node exchanges user data between the wireless user device and the network user-plane per the user context. The network user-plane exchanges the user data between the wireless access node and a data system per the user context.