Abstract: A personal information anonymization method is disclosed. Each of a plurality of data including personal information is classified into any one of a plurality of groups based on a degree of commonality of the personal information. An anonymization process, that standardizes the personal information of each of data belonging to each of the groups, is performed for each of the groups. A total number of the data belonging to each of the groups is calculated for each of the groups. The plurality of the groups are classified based on the total number of the sets of the data. A classification result is output.

Abstract: Systems, methods, and non-transitory computer readable media providing build and deploy a known file and identify unknown files found on the system. The method provides, deploying a file, creating a unique hash tag identifier and metadata associated with the file. A database entry is created for the hash tag identifier and metadata associated with the file. An unknown file is discovered on the system, a unique hash code identifier is generated and searched for in the database. If the unique hash code identifier is found the metadata is retrieved and returned for display, however if the hash code identifier is not found the unknown file is marked as a candidate for removal and deleted from the system.

Abstract: A processor of an aspect includes a decode unit to decode an instruction. The instruction to indicate a first structure in a protected container memory and to indicate a second structure in the protected container memory. The processor also includes an execution unit coupled with the decode unit. The execution unit, in response to the instruction, is to determine whether a status indicator is configured to allow at least one key to be exchanged between the first and second structures, and is to exchange the at least one key between the first and second structures when the status indicator is configured to allow the at least one key to be exchanged between the first and second structures.

Abstract: Systems, apparatuses and methods may provide for detecting an attempt by an operating system (OS) to access a non-OS managed resource and injecting, in response to the attempt, an access event into a platform security component via a guest kernel associated with the OS. Additionally, a response to the attempt may be made based on a policy response from the platform security component. In one example, the attempt is detected with respect to one or more extended page table (EPT) permissions set by a security virtual machine monitor (SVMM). Moreover, injecting the access event into the platform security component may include invoking a previously registered policy callback.

Abstract: An example process includes: identifying, by one or more processing devices, candidate code in executable code based on a static analysis of the executable code, where the candidate code includes code that is vulnerable to attack or the candidate code being on a path to code that is vulnerable to attack, where information related to the attack is based, at least in part, on the candidate code; customizing, by one or more processing devices, a healing template based on the information to produce a customized healing template; and inserting, by one or more processing devices, the customized healing template into a version of the executable code at a location that is based on a location of the candidate code in the executable code, where the customized healing template includes code that is executable to inhibit the attack.

Abstract: A digital credential is generated for a user device. The digital credential is transmitted to the user device via an optical wireless communication access point (OWC AP). The user device is located in a coverage area of the OWC AP. The digital credential is provided to a wireless local area network (WLAN AP) associated with the OWC AP for authentication of a request from the user device to access the WLAN.

Abstract: A method for masking content to be displayed on the electronic device is provided. The method includes receiving, by a processor in the electronic device, the content to be displayed on the electronic device, determining, by the processor, that at least one portion of the content is objectionable content based on a semantic signature of a content filter, and masking, by the processor, the at least one portion of the content displayed on the electronic device based on the detection.

Abstract: A key distribution service operated by a signature authority distributes one-time-use cryptographic keys to one or more delegates that generate digital signatures on behalf of the signature authority. The key distribution service uses a root seed value to generate subordinate seeds. The subordinate seeds are used to generate a set of cryptographic keys. Hashes are generated for each key, and the hashes are arranged into a Merkle tree with a root hash controlled by the signature authority. In response to a request from a delegate, the signature authority provides a subordinate seed to the delegate. The delegate uses the subordinate seed to generate one or more cryptographic keys. The cryptographic keys are used to generate digital signatures which are verifiable up to the root hash of the Merkle tree. Additional subordinate seeds may be distributed to entities by the signature authority when appropriate.

Abstract: A signature authority generates revocable one-time-use keys that are able to generate digital signatures. The signature authority generates a set of one-time-use keys, where each one-time-use key has a secret key and a public key derived from a hash of the secret key. The signature authority generates one or more revocation values that, when published, proves that the signature authority has the authority to revoke corresponding cryptographic keys. The signature authority hashes the public keys and the revocation values and arranges the hashes in a hash tree where the root of the hash tree acts as a public key of the signature authority. In some implementations, the one-time-use cryptographic keys are generated from a tree of seed values, and a particular revocation value is linked to a particular seed value, allowing for the revocation of a block of one-time-use cryptographic keys associated with the particular seed.

Abstract: An identity authentication method is provided.

Abstract: A service provider provides virtual computing services using a fleet of one or more host computer systems. Each of the host computer systems may be equipped with a trusted platform module (“TPM”). The service provider, the host computer systems, and the virtual computing environments generate attestations that prove the integrity of the system. The attestations are signed with a one-time-use cryptographic key that is verifiable against the public keys of the service provider, a host computer system, and a virtual computing environment. The public key of the host computer system is integrated into a hash tree that links the public key of the host computer system to the public key of the service provider. The public key of the virtual computing environment is signed using a one-time-use graphic key issued to the host computer system that hosts the virtual computing environment.

Abstract: A first collection including a first feature vector and a Q&A feature vector is constructed. A second collection is constructed from the first collection by inserting noise in at least one of the vectors. A third collection is constructed by migrating, at least one of a vectors of the second collection with a corresponding vector of a fourth collection. The second and the fourth collections have a property distinct from one another. Using a forecasting configuration, a vector of the third collection is aged to generate a changed feature vector, the changed feature vector containing feature values expected at a future time. The changed feature vector is input into a trained neural network to predict a probability of the cyber-attack occurring at the future time.

Abstract: An organizational signature authority delegates signature authority to one or more subordinate signature authorities by rolling up public keys from the subordinate signature authorities into a public key for the organization. A subordinate signature authority of the organizational signature authority generates cryptographic keys for use by the subordinate signature authority, and cryptographically derives a public key for the subordinate signature authority based at least in part on the cryptographic keys. In some examples, the subordinate signature authority acquires public keys from a lower subordinate signature authority, and the public key of the subordinate signature authority is cryptographically derived in part from the public key of the lower subordinate signature authority. The public key of the subordinate signature authority is provided to the organizational signature authority.

Abstract: A privacy protection method and a terminal device are provided. The privacy protection method in a terminal device includes receiving a user input of designated multimedia content that is stored in the terminal device, detecting an activation of a privacy mode on the terminal device, determining a set of private multimedia content stored in the terminal device based on the designated multimedia content, and preventing the set of private multimedia content from being displayed on the terminal device.

Abstract: In one aspect, a vehicle includes an engine, a drive train and chassis, a battery, a wireless transceiver, and a vehicle computing system that controls the engine, drive train, chassis, battery, and wireless transceiver. The vehicle computing system includes a cryptographic processor that has program instructions to communicate with a device separate from the vehicle to provide authentication information to the device via the wireless transceiver.

Abstract: A signature authority generates a master seed value that is used as the root of a seed tree of subordinate nodes. Each subordinate node of the seed tree is generated from the value of its parent node using a cryptographic hash or one-way function. The signature authority selects subordinate seed values which are distributed to one or more key generators, each of which generates a set of one-time-use cryptographic keys. Each key generator generates a hash tree from its set of one-time-use cryptographic keys, and the root of its hash tree is returned to the signature authority. The signature authority integrates the hashes provided by the key generators into a comprehensive hash tree. The root of the comprehensive hash tree acts as a public key for the signature authority.

Abstract: Methods and apparatus for Network Monitoring System with Remote Access (10) are disclosed. A secured customer network (12) comprises computing resources that are connected together in an internal network (16). The secured customer network (12) is protected by a security perimeter (13) which prevents access by unauthorized devices outside the perimeter (13). This internal network (16) is connected to a secured customer network monitor 18, which is, in turn, connected to an intelligence engine (20) and to a security broker (22).

Abstract: This application discloses an authentication and association method and system. An access point AP receives an authentication request sent by a station STA that needs to establish a connection to a service device; the AP establishes authentication with the STA; after the STA sends an association request to the service device, the AP receives an authentication result query request sent by the service device, and sends a result of the authentication result query request to the service device, so that the service device determines whether to establish an association with the STA; if the result shows that the STA is authenticated by the AP, the service device can establish an association with the STA; or if the result shows that the STA fails to be authenticated by the AP, the STA cannot establish an association with the service device.

Abstract: Client devices detect malware based on a ruleset received from a security server. To evaluate a current ruleset, an administrative client device initiates a ruleset evaluation of the malware detection ruleset. A security server partitions stored malware samples into a group of evaluation lists based on an evaluation policy. The security server then creates scanning nodes on an evaluation server according to the evaluation policy. The scanning nodes scan the malware samples of the evaluation lists using the rulesets and associate each malware sample with a rule of the ruleset based on the detections, if any. The security server analyzes the associations and optimizes the ruleset and stored malware samples. The security server sends the optimized ruleset to client devices such that they more efficiently detect malware samples.

Abstract: The disclosed computer-implemented method for detecting unknown vulnerabilities in computing processes may include (1) monitoring a computing environment that facilitates execution of a computing process by logging telemetry data related to the computing process while the computing process is running within the computing environment, (2) determining that the computing process crashed while running within the computing environment, (3) searching the telemetry data for evidence of any vulnerabilities that potentially led the computing process to crash while running within the computing environment, (4) identifying, while searching the telemetry data, evidence of at least one vulnerability of the computing process that is not yet known to exist within the computing process and then in response to identifying the evidence of the computing process's vulnerability, (5) performing at least one security action to hinder any potentially malicious exploitation of the computing process's vulnerability.