Abstract: Disclosed herein are a terminal apparatus, a server apparatus, and a method for FIDO universal authentication using a blockchain. The method includes sending, by the terminal apparatus, a FIDO service request for any one of FIDO registration, FIDO authentication, and FIDO deregistration for an application service provided by the server apparatus to the server apparatus; verifying, by the blockchain, a FIDO service response message, which is created as a result of local authentication of a user in the terminal apparatus in response to the FIDO service request; and processing, by the server apparatus, the FIDO service request based on whether the FIDO service response message is successfully verified by the blockchain.

Abstract: Disclosed herein are systems and methods for enabling the automatic detection of executable code from a stream of bytes. In some embodiments, the stream of bytes can be sourced from the hidden areas of files that traditional malware detection solutions ignore. In some embodiments, a machine learning model is trained to detect whether a particular stream of bytes is executable code. Other embodiments described herein disclose systems and methods for automatic feature extraction using a neural network. Given a new file, the systems and methods may preprocess the code to be inputted into a trained neural network. The neural network may be used as a “feature generator” for a malware detection model. Other embodiments herein are directed to systems and methods for identifying, flagging, and/or detecting threat actors which attempt to obtain access to library functions independently.

Abstract: Systems and methods for using encryption keys to manage data retention are described. In one embodiment, the systems and methods may include receiving data such as user data from a host of the storage drive, encrypting the data using an encryption key, writing the encrypted data to the storage drive, and retaining the encrypted data on the storage drive based at least in part on a validity of the encryption key.

Abstract: Described is an automatic anomaly detector that receives a time-series of normal and abnormal activities that include features related to entities within a computing system. A feature coherence graph for the features is constructed, with the graph then clustered such that feature spaces of entities are expanded to include features that live within a same cluster but belong to separate entities. The feature spaces are unified by mapping representations of the features spaces into a Euclidean space of feature vectors. The feature vectors related to each feature are then aligned. Sets of clusters of related abnormal activities are then generated by regressing each feature vector over only those features that it possesses. The sets of clusters are used to detect anomalous behavior. The system then identifies a node within the computer system generating the anomalous behavior and initiates an action to minimize a threat posed by the node.

Abstract: Systems and methods for decryption of payloads are disclosed herein. In various embodiments, systems and methods herein are configured for decrypting thousands of transactions per second. Further, in particular embodiments, the systems and methods herein are scalable, such that many thousands of transactions can be processed per second upon replicating particular architectural components.

Abstract: Methods and apparatuses are described for automated secure software development management, risk assessment and risk remediation. A server generates security requirements for a software application under development based upon a plurality of technical attributes and a threat model. The server creates a first set of development tasks based upon the generated security requirements. The server scans source code to identify one or more security vulnerabilities and creates a second set of development tasks based upon the identified vulnerabilities. The server generates a security risk score based upon the generated security requirements and the identified vulnerabilities. The server deploys the software application under development to a production computing system upon determining that the security risk score satisfies a criterion.

Abstract: Disclosed is an approach to implement a new layer of security within mobile devices using an encryption SDK, which implements a standalone component for applications to encrypt, decrypt, and view sensitive data on the device. A security layer is implemented on the device, wherein the security layer manages encryption for data retrieved onto the device from a cloud-based environment. Encrypted content is then generated at the security layer before storing the encrypted content by receiving the content object from the cloud-based environment and encrypting the content object with an encryption key that is password protected. The encrypted content is stored within an encrypted filesystem for presenting the content on the device.

Abstract: Some examples detect malicious activity on a computing device. A processor in kernel mode detects an event on the computing device. The processor provides a validation request on a kernel-level bus. A bidirectional bridge component transmits the request to a user-level bus. The processor in user mode determines that the event is associated with malicious activity and provides a validation response on the user-level bus. The bridge component transmits the validation response to the kernel-level bus. In some examples, the processor in user mode receives security-relevant information from a system service of the computing device, and analyzes the event based at least in part on the security-relevant information. In some examples, the processor in user mode receives a security query, queries the kernel mode via the bridge component, and responds to the security query indicating that the data stream is associated with malware.

Abstract: A device may generate versions of a first executable process that is associated with deterministically defined parameters. The device may run the versions of the first executable process, and may monitor device parameters of the device or the first executable process when running the versions of the first executable process. The device may determine, based on monitoring the device parameters of the device or the first executable process, a variance to a parameter of the deterministically defined parameters relative to an expected value for the parameter, and may provide information indicating a presence of malware in connection with the device based on determining the variance to the parameter.

Abstract: Static and dynamic embodiments are presented for generating chaff passwords for use in a password-hardening system. Chaff passwords are generated by modifying portions of base passwords based on a distribution with which particular strings of digits and symbols appear in user passwords. Location oblivious chaff passwords are generated from a chaff set of passwords obtained from a chaff generation method by applying a random permutation over the elements of the obtained chaff set of passwords.

Abstract: In one embodiment, a computing device provides a feature vector as input to a random decision forest comprising a plurality of decision trees trained using a training dataset, each decision tree being configured to output a classification label prediction for the input feature vector. For each of the decision trees, the computing device determines a conditional probability of the decision tree based on a true classification label and the classification label prediction from the decision tree for the input feature vector. The computing device generates weightings for the classification label predictions from the decision trees based on the determined conditional probabilities. The computing device applies a final classification label to the feature vector based on the weightings for the classification label predictions from the decision trees.

Abstract: As disclosed herein is a tool for enabling dynamic watermarking on a client, including a computer determining a negotiated watermarking algorithm that identifies at least one location on a web page for a placed watermark, and initiating a web communication by requesting a web page. The computer receives the web page, and verifies the authenticity of the web page using the negotiated watermarking algorithm prior to displaying of the web page. Also disclosed herein is a tool for enabling dynamic watermarking on a server which includes determining a negotiated watermarking algorithm that identifies at least one location on a web page for a placed watermark, receiving a request for a web page from a client, and identifying the client.

Abstract: Disclosed herein is a device and method for validating users, such as for entry into a given area. The method includes transmitting a plurality of access control tokens from an access control system to a portable device, and detecting proximity a user portable device associated with one of the plurality of access control tokens to the portable device. A symbolic representation of the access control token associated with the user portable device is generated by and displayed on the portable device. Selection of the displayed symbolic representation is accepted at the portable device. The access control system is notified of selection of the displayed symbolic representation, thereby indicating identification of a user associated with the access control token symbolically represented by the symbolic representation. The venue symbolic representation includes at least one pictograph.

Abstract: Systems and methods for decryption of payloads are disclosed herein. In various embodiments, systems and methods herein are configured for decrypting thousands of transactions per second. Further, in particular embodiments, the systems and methods herein are scalable, such that many thousands of transactions can be processed per second upon replicating particular architectural components.

Abstract: Disclosed are various examples of systems and methods for transferring data between applications executing in sandboxed environments. In one example, a first application is in a first sandbox. A request for access to data is transmitted from the first application to a second application in a second sandbox. The data is stored in the second sandbox. The request is transmitted using a sandbox communications framework. The data is received using the sandbox communications framework. The data is encrypted. An encryption key is retrieved from an access-restricted data store.

Abstract: Some embodiments provide a method for identifying unnecessary firewall rules for a distributed firewall of a logical network. The method identifies a firewall policy for network traffic of the logical network. The firewall policy includes a set of firewall rules. The method generates a set of data for implementing the firewall policy on a set of managed forwarding elements that implement the logical network. The method analyzes potential network traffic based on the generated set of data to identify a subset of unnecessary data. The method identifies a subset of unnecessary firewall rules of the set of firewall rules that corresponds to the subset of unnecessary data.

Abstract: A computer-implemented method for enforcing privacy in cloud security may include (i) identifying, by a computing device, a set of files in a backup process for a cloud service, (ii) determining, by the computing device, that at least one file in the set of files is a private file, (iii) modifying, by the computing device encrypting the private file, the set of files in the backup process, (iv) completing the backup process for the cloud service with the modified set of files, and (v) enforcing a security policy of the cloud service based on a scan of file hashes. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems, devices and automated processes detect piracy of broadcast television signals through selective delay of decrypted code words that are used to render satellite or other received television signals. Smart cards or similar access control hardware are programmed to selectively delay delivery of cryptographic code words based upon the identity of the receiver device. The delayed delivery of the code words produces intentional glitches in the content rendered by the receiver, thereby allowing viewers of the rendered content to ascertain the identity of the device.

Abstract: A computer-implemented method includes: establishing a connection between a user device of a user and a system onboard a vehicle being driven by the user; requesting access, through the established connection, to user information on the user device; in response to a grant of access, retrieving at least a portion of the user information from the user device, the portion of user information including a digital identification document of the user that had been issued by an entity after having vetted the user, the digital identification document including a digital biometric of the user as well as a digital watermark indicating the issuing entity; and retaining, on the system onboard the vehicle, data encoding the digital identification document of the user on the vehicle such that when the vehicle is inspected by a third-party agent, the digital identification document of the user is presented to the third-party agent.

Abstract: An online identity verification application may be provided. According to an exemplary embodiment, an online identity verification application may utilize photographic, biometric, and documentation identification protocols. The verification application may use a multi-tier verification process based on identification protocols to verify the owner of a verification account and subsequently verify any linked accounts.