Abstract: Disclosed are a system of defending against a DDoS attack based on an SDN and a method thereof. According to the present invention, when the HTTP Request message suspected for the attack arrives at the web server, the web server sends the HTTP Request message to the SDN controller located in the network, and the SDN controller determines the DDoS attack instead of the web server which is the attack target and blocks the traffic from the attacker through the nodes on the network according to the determination result of the SDN controller. Thereby, the traffic suspected as the DDoS attack that exhausts available connection resources of the web server is input to the SDN controller instead of the web server. Thereby the web server can be protected from the DDoS attack and the maintenance of the normal operation of the web server can be secured.

Abstract: Technologies are provided in embodiments to protect private data. Embodiments are configured to intercept a network flow en route from a server to a client device, identify a request for a private data item in an object of the network flow, identify the private data item in a data store, provide, to the client device, a modified object including an authorization request, and send the private data item to the server when valid authorization information is received. Embodiments are also configured to receive authorization information from the client device, determine whether the authorization information is valid, and obtain the private data item if the authorization information is determined to be valid. Embodiments may also be configured to determine an unlocking mechanism for the private data item, and create a modified object including the authorization request based, at least in part, on the unlocking mechanism.

Abstract: A method consistent with embodiments of the present disclosure may begin with retrieving a message to be electronically transmitted. The method may proceed with digitally securing the message by generating a first digital signature for the message. The first digital signature may be added to a list of digital signatures for inclusion in the message. A list of allowed anticipated changes may be retrieved. In accordance to embodiments disclosed herein, the message may be pre-signed for the allowed anticipated changes. Pre-signing the message may comprise editing the message with each allowed anticipated change, generating a subsequent digital signature for the message edited with the allowed anticipated change, and adding the subsequent digital signature to the list of digital signatures for inclusion in the electronic message. This process may be repeated for each allowed anticipated change in the allowed anticipated changes.

Abstract: An information processing system provides a web service to an information processing device having personal information from a server device providing the web service. The server device includes: an issuing unit that issues an access token in response to a request from the information processing device; an authentication unit that receives a service provision request from the information processing device and authenticates the access token; and a transmission unit that transmits a command for using the personal information to the information processing device when the access token is authenticated. The information processing device includes: a registration requesting unit that requests the server device to register the information processing device; a provision requesting unit that transmits the service provision request to the server device using the issued access token; and a utilization unit that uses the personal information in accordance with the command.

Abstract: A method can include detection of policy anomalies in packets on a 1553B bus of an airborne system. A computer network defense (CND) capability message is decoded and indicates an interface to monitor. The interface is a 1553B bus of the airborne system. A CND command message, associated with the CND capability message, is decoded and includes a policy set. Packets are received from the 1553B bus. The 1553B packets are analyzed based on the policy set to determine anomalies. Non-anomalous 1553B packets are allowed to reach destinations of the non-anomalous 1553B packets. Anomalous 1553B packets are discarded such that the anomalous 1553B packets do not reach respective destinations of the anomalous 1533B packets.

Abstract: Distributing and executing software upon devices by providing a computer program; dividing the computer program into a set of shreds; improving the communications fault tolerance of the shreds; encrypting the shreds; and distributing individual shreds to a shadow processor of a device for assembly and execution.

Abstract: A method for securely accessing a hardware storage device connected to a computer system, the hardware storage device having a unique hardware identifier and the computer system including a processor, the method comprising: an agent software component receiving the identifier of the storage device to authenticate the storage device, wherein the agent executes in an unrestricted mode of operation of the processor such that the agent is a trusted software component; in response to the authentication, the agent accessing a secure data key for encrypting and decrypting data on the storage device, wherein the data key is accessible only to trusted agents executing in the unrestricted mode of the processor such that software executing in a user mode of the processor stores and retrieves data on the storage device only via the agent.

Abstract: Disclosed is a neural network enabled interface server and blockchain interface establishing a blockchain network implementing event detection, tracking and management for rule based compliance, with significant implications for anomaly detection, resolution and safety and compliance reporting.

Abstract: Systems and methods for determining a pictograph password sequence and association phrase are provided. In some example embodiments, an assigned pictograph sequence request is received from a client device, with the request causing the system to generate a template pictograph sequence, generate an association phrase based on the template pictograph sequence, store the template pictograph sequence and associated phrase on a memory, and transmit instructions to cause a display of the template pictograph sequence and the association phrase. In some example embodiments, the system requires an input of a pictograph sequence that matches the template pictograph sequence in order for a user to view content. In some example embodiments, the template pictograph sequence may be replaced by a user pictograph sequence.

Abstract: A system is described for controlling access to resources using an object model. Users can specify use cases for accessing resources. The user may be granted access if the user satisfies qualifications required for accessing the resource, selected a use case permissible for accessing the resource, and satisfies qualifications required for the use case. Use cases, qualifications, resources, and/or links between them can be implemented using an object model. The system can be used in addition to authentication and authorization.

Abstract: A server and method for providing a content selection is provided. The server receives content targeting parameters and obtains content items from at least one content site based on the content targeting parameters. The server can further identify content descriptors for the content items and generate a first content cluster from a subset of the content items based on the content descriptors. The server can further generate a second content cluster from a second subset of the content items based on the content descriptors and rank the first and the second content clusters in an order of usefulness. The ranking of the content clusters can be based on at least one of an importance of content, a recentness of the content items and a size of the content cluster.

Abstract: A system, method, computer program product and apparatus provide an improvement to administration and management of security certificates in enterprise scale networks. An exemplary embodiment integrates a network device manager (NDM) with Simple Certificate Enrollment Protocol (SCEP) for administration and management of network equipment and for handling certificates for enterprise-scale implementation. The network device manager may control the settings and is configured to communicate with the firmware of end devices. The SCEP thus has a medium in the network device manager through which the SCEP features can be communicated to the end devices. In an exemplary embodiment, aspects of the system may for example, automatically check expiration of and renew certificates that are expiring.

Abstract: Embodiments implement leakage-free order-preserving encryption by assigning a distinct ciphertext for each plaintext, including repeated plaintext whose ciphertext is randomly inserted. In order to conceal insertion order, the randomized ciphertexts are compressed to minimal ciphertext space. A uniform distribution is achieved by rotating about a modulus on the ciphertexts rather than the plaintexts. The resulting ciphertext distribution has no leakage from the ciphertexts—even if an adversary has perfect background knowledge on the distribution of plaintexts. The encryption may be further secured even against passive query monitoring attacks by hiding the access pattern using ?, ?-differential privacy, such that the adversary observing a sequence of queries will not learn the frequency of plaintext. The leakage-free order-preserving encryption may be converted into an adjustable encryption scheme to allow querying (e.g., on a remote server).

Abstract: An implantable medical device (IMD) includes communication circuitry that enables the IMD to communicate via a network such as the Internet. A security routine is executed on the IMD to determine whether the IMD is capable over communicating via the network. If so, the IMD requests an identifier of current firmware stored on a server that is connected to the communication network. The identifier of the current firmware is compared to an identifier of firmware that is installed on the IMD. If the installed firmware is the same as the current firmware on the server, a timer is reset, but if the installed firmware cannot be verified as matching the current firmware on the server (e.g., because the IMD is not capable of communicating via the network), the timer continues to run. When the timer expires, the IMD is prevented from communicating via the network until further action is taken.

Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for identification of normal state authenticity indicators for user authentication into applications in real-time to prevent misappropriation at the point of authenticity. In this way, the system provides decomposition of streaming transactions through a matrix of engines giving the system the ability to profile different characteristics of streaming data. Furthermore, providing strategies to respond based on the output of the decomposition. As such, requests for identification, authentication, or access to secure locations along with historical data through multiple vectors that are specialized in specific misappropriation identification to output a complete misappropriation profile from the vectors for recommended actions for the authenticity of the user. The results from each engine are cross compared to generate a complete misappropriation profile that covers a range of factors for the input.

Abstract: The present disclosure provides systems and methods for organizations to use forensic to generate a risk scores associated with potential compromise based on clustering and/or similarities with other organizations that have or may have been compromised. For example, specific attributes or marks, such as low fidelity indicators of compromise can be used to create a similarity score rank over time that may be used as a similarity and risk measurement to generate a continual/dynamic score, which can change and/or be updated as new data is created or arrives to detect or prevent threats and/or malicious attacks.

Abstract: A method for controlling personal content on a media device includes establishing, at the media device, a wireless connection with a mobile user device using a wireless communication circuit of the media device; receiving, from the mobile user device, account information for an account associated with personal content, the personal content of the account accessible by the media device from a server computer over a communication network or from a memory of the media device; receiving, from the mobile user device, a usage term for accessing or using the personal content of the account; and controlling access to or usage of the personal content of the account by the media device based on the received account information and the usage term.

Abstract: The invention relates to a method for anonymization of event data collected within a system or network providing a service for subscribers/customers wherein each event data set is related to an individual subscriber/customer of the system/network and includes at least one attribute wherein the method counts the number of event data sets related to varying individual subscribers having identical or nearly identical values for at least one attribute. The invention further relates to a method for anonymization of static data related to individual subscribers of a mobile communication network wherein each static data set consist of different attributes and the method identifies specific profiles derivable form the static data and drops one or more respective attribute of the static data sets and/or classifies two or more static data sets to a certain group having at least one matching attribute.

Abstract: Aspects of the disclosure relate to assessing and adjusting robustness to cyber-attacks of a computer system. The capability of defending against cyber-attacks by cyber-tools (via protection methods) is mapped to one or more attack vectors. One or more cyber-tools may be activated based on the capability mapping. Based on protection data generated by the computer system, an assessment computing device determines a cyber-robustness metric for the one or more cyber-tools and may invoke a reconfiguration of the cyber-tools to increase the cyber-robustness of the computer system. A machine learning machine may process the protection data, such as log data, to detect one or more patterns to determine an effectiveness of the activated cyber-tools. With some embodiments, the machine learning machine groups the protection data using a subset of variables and forms meta structures from the subset.

Abstract: A method of performing an operation on a data storage for storing data being encrypted with a key KD associated with an owner of the data is provided. The method includes deriving, for each authorized client Cj, a first key KCj and a second key KTj, providing the client Cj with the first key KCj, and providing a Trusted Third Party (TTP) with the second key KTj. The method further includes, at a Policy Enforcement Point, receiving a request for performing the operation on the data storage from a client Ck of the authorized clients, acquiring a first key KCk from the client Ck, acquiring a second key KTk from the TTP, deriving the key KD from the first key KCk and the second key KTk, and performing the operation on the data storage using the derived key KD. The disclosed trust model uses two-part secret sharing.