Abstract: Methods and systems for providing data manifests as a service (DMAAS) are described herein. a first computing system, may generate a first data manifest comprising a first count parameter and a first hash parameter associated with a first data exchange transaction between the first computing system and a second computing system, store the first data manifest to a blockchain data store and transfer a data payload of the first data exchange transaction. The second computing system may analyze the data payload received via the transport mechanism, generate a second data manifest including a second count parameter and a second hash parameter and store the second data manifest to the blockchain data store. A DMAAS computing system facilitates access to the blockchain data store, identifies transmission errors, and triggers acceptance of data at the second computing system upon a successful data exchange transaction.

Abstract: Simulating user interactions during dynamic analysis of a sample is disclosed. A sample is received for analysis. Prior to execution of the sample, a baseline screenshot of a desktop is generated by accessing frame buffer data stored on a graphics card. The sample is caused to execute, at least in part using one or more hypervisor instructions to move a pointing device to an icon associated with the sample. A current screenshot of the desktop is generated by accessing current frame buffer data stored on the graphics card.

Abstract: Data masking is provided by, for at least one predetermined data item in data to be sent, applying a one-way function to that data item to produce a first value, producing a masked data item by encrypting the first value via a deterministic encryption scheme using a current encryption key for a current epoch, and replacing that data item by the masked data item. A data-provider computer sends the masked data to the data-user computer. On expiry of the current epoch, the data-provider computer generates a new encryption key for the encryption scheme in a new epoch, produces mask-update data, dependent on the current and new encryption keys, and sends the mask-update data to the data-user computer. The mask-update data permits updating, at the data-user computer, of masked data items produced with the current encryption key into masked data items produced with the new encryption key.

Abstract: A set of high level test logic is configured to include a set of insertion points. The high-level test logic can be controlled to insert test conditions into a data center configuration. It can also be configured to execute remediation actions that are to be taken, and validation actions to be performed in order to determine whether the remediation action works against the test conditions. Different instances of the high-level test logic can be configured for different environments and different test conditions.

Abstract: A system for verifying control history of an unmanned aerial vehicle according to one embodiment of the present disclosure includes an authentication unit for collecting personal information from a pilot who controls an unmanned aerial vehicle to authenticate the pilot, a storage unit storing control information regarding the pilot's control of the unmanned aerial vehicle, and an encryption unit for sealing and encrypting data of the personal information and the control information; and is capable of controlling and managing an indiscriminate use of the unmanned aerial vehicle and providing a control time, flight history, etc., to an organization which needs such information.

Abstract: A framework to accurately and quickly verify the ownership of remotely-deployed deep learning models is provided without affecting model accuracy for normal input data. The approach involves generating a watermark, embedding the watermark in a local deep neural network (DNN) model by learning, namely, by training the local DNN model to learn the watermark and a predefined label associated therewith, and later performing a black-box verification against a remote service that is suspected of executing the DNN model without permission. The predefined label is distinct from a true label for a data item in training data for the model that does not include the watermark. Black-box verification includes simply issuing a query that includes a data item with the watermark, and then determining whether the query returns the predefined label.

Abstract: Embodiments of the present invention provide a system for authenticating process operations on a network using context locked progressive session tokens. The system is configured for receiving a first request associated with a first process operation from a user device, authorizing the first request, generating a first session token associated with the first process operation, transmitting the first session token to the user device, wherein the first session token is used to validate a second process operation associated with the application, receiving a second request associated with the second process operation from the user device, authorizing the second request, generating a second session token associated with the second process operation using at least the first session token, and transmitting the second session token to the user device, wherein the second session token is used to validate subsequent process operation associated with the application.

Abstract: Certain aspects of the present disclosure relate to methods and apparatus for wireless communication, and more specifically to advertising discovery information, relaying discovery information, and to the secure relay of discovery information in wireless networks. Various frame structures are provided for such transmitting and relaying of discovery information. According to certain aspects of the present disclosure, security is provided for relaying discovery information. According to certain aspects of the present disclosure, compensation may be provided to a device that relays discovery information (e.g., when the relaying results in a transaction).

Abstract: A disclosed method includes a data distribution computer receiving a data packet comprising a plurality of data values in response to an interaction between a resource provider and a user. The data distribution computer can then determine a data item for each data value of the plurality of data values and associate each data value to a processing computer using the data item for each data value. The data distribution computer can generate a plurality of authorization request messages comprising at least one data value. The data distribution computer can then transmit the plurality of authorization request messages to a plurality of processing computers adapted to process the data values in the respective authorization request messages, wherein the plurality of processing computers process the data values in the respective authorization request messages. The plurality of authorization request messages are subsequently forwarded to the authorization computer.

Abstract: Disclosed is a method and system for detecting malicious entities and malicious behavior in a time evolving network via a graph framework by modeling activity in a network graph representing associations between entities. The system utilizes classification methods to give score predictions indicative of a degree of suspected maliciousness, and presents a unified graph inference method for surfacing previously undetected malicious entities that utilizes both the structure and behavioral features to detect malicious entities.

Abstract: One example method and correspond apparatus extracts a model of a computer application during load time and stores the model of the computer application in a database. This example method and corresponding apparatus also inserts instructions into the computer application to collect data at runtime. This example method and corresponding apparatus then analyzes the data collected at runtime against the stored model of the computer application to detect one or more security events and tracks the one or more security events using a state machine.

Abstract: A system, method, and computer program product for implementing a phishing assessment of a target computer network that includes a phishing assessment platform for generating parameters for the phishing assessment; generating the phishing assessment parameters includes identifying a target domain name for the phishing assessment; identifying a pseudo domain name based on the target domain name; generating a pseudo web page using one or more features and attributes of an entity; and implementing the phishing assessment using the pseudo domain name and pseudo web page.

Abstract: A method for authenticating a user of a terminal equipment connected to a communication network, for access from this terminal equipment to a remote service hosted by a server equipment connected to the network. The method includes the following steps, implemented by the server: authenticating the user from credentials; in the event of successful user authentication, authenticating the client equipment from credentials stored in a first memory of the server in association with the user's credentials, including a command to render a first pattern, the command including parameters describing the first pattern and rendering the first pattern received from the client equipment, so-called reference pattern; deciding on authenticating the client equipment according to the evaluated score, a successful authentication being decided when the match score is greater than a predetermined threshold; and following the authentication decision, updating the credentials of the terminal equipment.

Abstract: In one example, a network entity obtains a network packet including data. The network entity performs a deterministic mathematical computation on the data to produce a string of characters derived from the data and inserts an indication of the string of characters into the network packet. The network entity provides the indication of the string of characters to a distributed ledger based on a secret unique identifier of the network entity. The distributed ledger stores the indication of the string of characters and records an indication of a time at which the indication of the string of characters was stored in the distributed ledger. The network entity obtains, from the distributed ledger, the indication of the time and inserts the indication of the time into the network packet. The network entity provides the network packet towards a destination.

Abstract: An apparatus including a processor and a memory configured to provide an SEE and an REE. The processor is configured to provide a client application configured to execute at a user privilege level and a hypervisor configured to execute at a hypervisor privilege level. The user privilege level is more restrictive than the hypervisor privilege level. The processor is further configured to provide a trusted application configured to execute within the SEE. The trusted application provides secure services to the client application. The processor is configured to send a request for secure services from the client application to the trusted application, send a measurement request to the hypervisor, generate within the hypervisor a measured value based on the client application, return the measured value to the trusted application, and determine whether the client application is authorized to access the secure services. The authorization determination is based on the measured value.

Abstract: In one respect, there is provided a system for classifying malware. The system may include a data processor and a memory. The memory may include program code that provides operations when executed by the processor. The operations may include: providing, to a display, contextual information associated with a file to at least enable a classification of the file, when a malware classifier is unable to classify the file; receiving, in response to the providing of the contextual information, the classification of the file; and updating, based at least on the received classification of the file, the malware classifier to enable the malware classifier to classify the file. Methods and articles of manufacture, including computer program products, are also provided.

Abstract: A method for controlling access to one or more of a plurality of target systems includes receiving profile data that defines one or more features associated with a plurality of individuals with one or more entitlements of those individuals. Each entitlement is indicative of target system access. The method further includes generating a model that relates the one or more features and the one or more entitlements of the plurality of individuals. Profile data that defines one or more features associated with a target individual is received from a first user management system. A listing that includes one or more entitlements associated with the target individual, and confidence values associated with the one or more entitlements is generated based on the profile data and the model. Each confidence value is indicative of whether the target individual should be granted a corresponding entitlement.

Abstract: A system for authenticating a user at an automated teller machine (ATM) includes an ATM and a server. The ATM captures a facial image of the user in response to a request to conduct an ATM transaction. The ATM further analyzes the captured facial image and transmit facial image data to the server. The server, upon receiving the facial image data, compares the received facial image data with reference facial image data for similarity. If the server determines that a level of similarity between the facial image data corresponding to the captured facial image and the stored reference facial image data is at or above predetermined threshold, the ATM authenticates the user and dispense cash to the user.

Abstract: A method and system monitors activity of a user of a data management system and detects a trigger event in the activity of the user. The method and system generates a support case responsive to the trigger event. The support case includes support rules defining what types of the user's personal data will be accessible to an assistance agent when the user requests assistance related to the trigger event. The method and system utilizes machine learning processes to determine what types of user related data should be accessible to assistance agents in support cases.

Abstract: A cloud device is configured in an email transmission pathway. The cloud device receives an email attachment whose maliciousness status is determined to be unknown. The cloud device encrypts the email attachment and delivers the encrypted attachment to the recipient. When the recipient attempts to access the encrypted attachment, the cloud device re-determines the maliciousness status of the attachment. If the re-determined maliciousness status is benign, the cloud device allows the encrypted attachment to be decrypted and opened locally on the recipient's device. If the re-determined maliciousness status is still unknown, the cloud device provides a cloud-based viewing solution to the recipient using an isolation service.