Abstract: A method and a system of responding to a cybersecurity incident are disclosed. The method comprises: receiving incident data of at least one incident from a given computer system; analyzing the incident data of the at least one incident, including determining whether the at least one incident has been prevented before; in response to determining that the at least one incident has not been prevented yet in the given computer system, determining, based on the incident data, a threat severity of the at least one incident; and in response to the threat severity of the at least one incident exceeding a predetermined threat severity threshold, determining, based on the incident data, one or more responses to the at least one incident for responding thereto in the given computer system.

Abstract: The present invention relates to data rights management and more particularly to a secured system and methodology and production system and methodology related thereto and to apparatus and methodology for production side systems and are consumer side systems for securely utilizing protected electronic data files of content (protected content), and further relates to controlled distribution, and regulating usage of the respective content on a recipient device (computing system) to be limited strictly to defined permitted uses, in accordance with usage rights (associated with the respective content to control usage of that respective content), on specifically restricted to a specific one particular recipient device (for a plurality of specific particular recipient devices), or usage on some or any authorized recipient device without restriction to any one in specific, to control use of the respective content as an application software program, exporting, modifying, executing as an application program, viewing,

Abstract: A method for checking an incoming message. In the method, based on the message authentication code, an authentication of the useful data is performed by a hardware security module and the hardware security module is subjected to a function check.

Abstract: A method for symbolic analysis of a software program is described. The method comprises constructing a control flow graph (CFG), for a software program procedure, the CFG comprising nodes representing basic blocks reachable within the software program procedure, the basic blocks represented as respective functions from a first machine state on entry to a said basic block to a second machine state on exit from that basic block. The method further describes simplifying the CFG to a single node representing the software program procedure as a function from an input machine state on entry to the software program procedure to an output machine state on exit from the software program procedure, comparing said function to a rule set identifying vulnerabilities based on effects on the machine state; and determining a vulnerability within the software program procedure based on the comparing.

Abstract: A data provider encrypts source data to obtain a ciphertext of the source data, and uploads the ciphertext of the source data to a data storage platform for storage. Subsequently, in response to a data application request of a data consumer, the data provider encrypts a storage address of the ciphertext of the source data by using a public key of the data consumer, and uploads the encrypted storage address to a blockchain network. The data consumer obtains the ciphertext of the source data from the data storage platform. In the process, a blockchain decentralization capability is used to implement secure and trusted data exchange by using a smart contract that is public and commonly visible to a plurality of parties.

Abstract: Various techniques and mechanisms for sharing remote resources among a trusted group are disclosed. A credential management agent utilizes a resource credential for a first user to access a secure resource corresponding to the first user for a second user by at least validating a second user and validating a consent of the first user to allow the second user to access the secure resource using the resource credential for the first user. The secure resource resides on a remote server system accessible via one or more application program interfaces (APIs). A platform management agent provides an interface for shared resource-agnostic credential sharing. The platform management agent validates credentials for the second user as belonging to a trusted group and forwards a request for access to the secure resource for the second user to the credential management agent.

Abstract: A monitoring method and system for secure conveying are provided. In a process of conveying a confidential document or item by a secure conveying device, a conveying path of the secure conveying device can be monitored in real time, and a distance between the secure conveying device and an accompanying person can also be monitored in real time. In a case where the secure conveying device neither deviates from a predetermined path nor is separated from the accompanying person, safe opening of the secure conveying device is ensured through a combination of open time, an open position, and open authorization information, thereby ensuring security of the confidential document or item conveyed by the secure conveying device.

Abstract: A computer implemented method for remote intrusion monitoring of a networked device. The method includes: receiving, by an intrusion detection engine connected to a network, a network communication to a first networked device; transmitting, via the intrusion detection engine, a duplicate of the network communication to a second networked device, wherein the second networked device hosts at least one virtual model of the first networked device; applying the duplicated network communication to the at least one virtual model of the first network device hosted by the second networked device; and monitoring, using a monitoring engine, the at least one virtual model of the first networked device upon reception of the duplicated network communication by the at least one virtual model.

Abstract: Arrangements for providing multi-party exchange functions are provided. In some aspects, a request for exchange may be received by a computing platform. The request for exchange may include identification of parties involved in the exchange, identification of goods, services, property, or the like, involved in the exchange, and the like. In some examples, the computing platform may determine a value of property, goods, or services associated with the exchange. The computing platform may request additional exchange data from one or more other parties. For instance, data associated with the exchange and another party to the exchange may be requested and received. In some examples, unique exchange identifiers may be generated linking each party to the exchange to the goods, services or property being exchange, a value, or the like. An indication of acceptance may be received and one or more exchange processing functions may be executed.

Abstract: A differentially private security system communicatively coupled to a database storing restricted data receives a database query from a client. The database query includes a relation specifying a set of data in the database upon which to perform the query and privacy parameters associated with the query. The differentially private security system determines a worst-case privacy spend for the query based on the privacy parameters and the relation. The differentially private security system performs the query upon the set of data specified by the relation and decrements the determined worst-case privacy spend from a privacy budget associated with the client. The differentially private security system records the worst-case privacy spend and the query at a log and determines a privacy budget refund based on queries recorded in the log. The differentially private security system applies the determined privacy budget refund to the privacy budget associated with the client.

Abstract: A computer-implemented method to enable short-range wireless communication via a webpage on a computing device includes receiving, via a web-browser executing on the computing device, from the webpage, a first request to execute a computer-executable instruction, the computer-executable instruction requests data from an enterprise server. The method also includes triggering, in response to a second request from the enterprise server to authenticate the first request, the web-browser to execute a predetermined computer program. The method also includes scanning, by the predetermined computer program a cryptogram from a contactless card to authenticate the cryptogram and cause the enterprise server to send the data. The method also includes executing, via the web-browser, the computer-executable instruction from the first request in response to receiving the data sent by the enterprise server.

Abstract: A user device generates an initiate interaction request message comprising a state commitment. The user device provides the initiate interaction request message to a first server computer, which creates a verify state request message comprising an interaction index, an interaction index commitment, and a first commitment signature formed from the state commitment and the interaction index commitment. The user device receives the verify state request message, then generates a modified verify state request message comprising a user device public key, the state commitment, the interaction index commitment, and the first commitment signature. The user device provides the modified verify state request message to a second server computer. The second server computer verifies the state commitment, verifies the first commitment signature, and creates a second commitment signature formed from the state commitment and the interaction index commitment.

Abstract: A network device for providing a LAN GUI to a client device. The network device receives a request for access by the client device to the LAN GUI. The network device analyzes a LAN GUI access whitelist and determines whether the client device is in the LAN GUI access whitelist. The client device is granted access to the LAN GUI without receiving a password from the client device when the client device is determined to be in the LAN GUI access whitelist. An address entry page may be presented to add the MAC address of the client device to the LAN GUI access whitelist and a password page may be presented to display the LAN GUI password. When the client device is not in the LAN GUI access list, a login page is presented for entering the password to obtain access to the LAN GUI.

Abstract: Techniques are described for using a decentralized group of authentication server nodes to prevent singular dependence upon any given online platform for authenticating avatars. For each epoch duration of time, a consensus protocol operating on a blockchain is used to elect an authentication server node. The elected node can then act as an authentication server on behalf of the online platform for that fixed epoch duration of time. Within this epoch of time, a client device (e.g., used by a user to access an online platform) performs a periodic heartbeat authentication with the elected authentication server node using an efficient authentication protocol that relies on a keyed-hashing mechanism. A client device can use the described system and authentication methods concurrently with multiple different online platforms (e.g., separate metaverses or other virtual worlds).

Abstract: Systems and methods for providing collaboration rooms with dynamic tenancy and role-based security are disclosed herein. An example method includes establishing a digital collaboration room for an entity, generating a token for a first user, receiving a request to perform an action on a portion of the data, performing a hierarchical permissions analysis to determine if the first user has permission to perform the action and access the portion of the data and determine if the user currently has permission to enter the digital collaboration room. The method includes retrieving the portion of the data from the database for the digital collaboration room and allowing the first user to perform the action when the user currently has permission to enter the digital collaboration room and the user has permission to perform the action and access the portion of the data.

Abstract: According to an embodiment of the disclosure, there is provided a biometrics-based user authentication method including: obtaining a user's biometric image, obtaining a shallow biometric feature from the user's biometric image by using a first neutral network of a learning network model, obtaining a deep biometric feature from the user's biometric image by using a second neutral network of the learning network model, determining a similarity between the shallow and deep biometric features and a valid user's biometric features stored in advance, and determining whether the user matches the valid user, based on the determined similarity.

Abstract: An approach to allow cloud-based positioning systems to use their own identity provider. An extra field is included in a token that is used to look up the identity provider for token verification for each user. Each access claim of the access token is checked for invalidity. If no invalid claims are found, accepting the authorization request. If an invalid claim is found, rejecting the authorization request.

Abstract: The present invention relates to a method and a system for providing processing data to a numerically controlled machine tool (100), comprising: providing processing data (S301) to a data processing device (300), wherein the processing data comprises numeric control data, in particular one or more NC programs, on the basis of which a processing of a workpiece on the numerically controlled machine tool (100) can be carried out; specifying encryption specifications (S302) on the data processing device (300), which indicate specifications for encrypting the processing data and/or the execution data; specifying authentication specifications (S303) on the data processing device (300), which indicate specifications for authentication of the numerical machine tool and/or of an operator of the machine tool; specifying execution specifications (S304) on the data processing device (300), which indicate specifications for the machining of the workpiece on the numerically controlled machine tool; generating execution dat

Abstract: An electronic device and a method of operating the electronic device are provided. Data corresponding to a user input is received through a user interface of the electronic device. The data is stored in a normal area of a memory of the electronic device. A quantity of information in the stored data is identified. At least one key is selected from a plurality of keys stored in the memory, based on at least the quantity of information. The data is encrypted using the at least one key. The encrypted data and information indicating the at least one key are transmitted to a secure area of the memory, which requires access authority.

Abstract: A computer-implemented method, computer program product and computing system for importing threat data from a plurality of threat data sources, thus generating a plurality of raw threat data definitions. The plurality of raw threat data definitions are processed, thus generating a plurality of processed threat data definitions. The plurality of processed threat data definitions are processed to form a master threat data definition. The master threat data definition is provided to one or more client electronic devices.