Abstract: Disclosed is a biometric authentication method capable of securely managing template pieces of biometric information with encryption. The Template for Registration of biometric information of this invention is divided into template pieces for management, but it is periodically encrypted with periodically changed encryption algorithm to enhance security. It presents a method of reassembling the template pieces into the original template to performing the authentication process.

Abstract: An image processing apparatus includes: a primary communication circuit for communication with an external device via a primary line; a secondary communication circuit for communication with a specific device via a secondary line; a transmission/reception processor communicating with the external device via the primary line or the specific device via the secondary line to acquire virus definition information from the external device or the specific device; a virus checker performing a virus check using the acquired virus definition information; and a line selector selecting communication using the primary communication circuit or communication using the secondary communication circuit. In a state where the communication via the primary line can no longer be established, the line selector selects the secondary line. In the case where the updated virus definition information is acquired via the secondary line, the virus checker performs the virus check by using such virus definition information.

Abstract: Failures in authentication credentials are detected by a user prior to presentation of successful credentials. Responsive to the authentication credentials failure, a geo-location for a new geo-location of the user is checked. Responsive to a new location detection, expiration of a verification link is detected. Responsive to failure of the link verification, a failure of a token OTP verification is detected. Access is granted responsive to successful verification. Access can be granted to a digital asset or a physical asset.

Abstract: Methods, storage systems and computer program products implement embodiments of the present invention for protecting a computing device, which includes a processor and a memory and is coupled to a storage device storing a set of one or more files. In embodiments of the present invention, a call to a specified function for execution by the processor is detected, and a stack trace for the call to the specified function is generated in the memory. Upon detecting, in the stack trace, a stack frame including a return address referencing a shellcode region in the memory, wherein the shellcode region includes executable code that was not loaded from any given file on the storage device, then the referenced executable code is compared to a list of malicious shellcode. Finally, a preventive action is initiated upon detecting a match between the referenced executable code and one of malicious shellcodes in the list.

Abstract: A method for performing an application migration operation includes initiating the application migration operation to migrate an application from a source device to a target device, where the source device includes a source data migration agent and the target device comprises a target data migration agent. The method also includes initiating an active scan of network traffic at a transmission control protocol layer. The method further includes establishing a secure data path between the source device and the target device. In addition, the method includes beginning migration of the application from the source device to the target device using the secure data path. Moreover, the method includes making a first determination, using the active scan, that a data packet is associated with suspicious activity and rejecting the data packet based on the first determination.

Abstract: A method can include capturing biometric data of a subject via at least one computing device. The method can include rendering, on a display of the at least one computing device, at least one shape overlay. The method can include, during capture of the biometric data, receiving, via the at least one computing device, a tracing input of the at least one shape overlay. The method can include receiving the biometric data the at least one computing device. The method can include comparing the tracing input and the at least one shape overlay. The method can include, based on the comparison, determining that the biometric data satisfies at least one liveness threshold.

Abstract: Preserving web page functionality through dynamic analysis of host web pages. Web pages accessed by a user device may be monitored. The web browser may apply a blocking policy that blocks an external domain from loading functional content into the web page, which results in a breakage in the web page. The breakage in the web page may be identified through a dynamic analysis of the web page and correlated with the functional content from the blocked external domain. Once identified and correlated, the blocking policy may be modified to allow the external domain to load the functional content and reloading the web page.

Abstract: A system and method for securely obtaining access to a program operating on a remote device via a local smart pass program transmitting a local cryptographic key specific to a local user device.

Abstract: A system and method for modelling a cyber-physical system to act as a honeypot for cyberattacks. The method including: building a virtual instance of the cyber-physical system including a physical layer and a cyber layer that controls the physical layer; generating a safety set defined by control barrier functions, the safety set delineates the bounds within which the cyber-physical system can operate safely; receiving a cyberattack payload from an attacking device; simulating physical dynamics of the physical layer and operation of the cyber layer; projecting whether the cyberattack payload can force the cyber-physical system to exit the safety set based on the simulated physical dynamics; and performing a safety action on the cyber-physical system when the physical system is projected to exit the safety set due to the cyberattack payload.

Abstract: An anti-abuse system is provided for a data-platform. An anti-abuse scanner of the data-platform detects a creation of an application package by a provider of content to the data platform where the application package includes a set of files for deployment on the data platform. The anti-abuse scanner performs a review o the set of files to detect malicious content where the review is based on a set of analysis rules and generates a deployment decision for the application package based on a result of the review.

Abstract: In one embodiment, a method includes receiving, by a network component, application performance data. The application performance data is associated with one or more applications. The method also includes determining to transform, by the network component, the application performance data into application security data, generating, by the network component, a baseline for the application security data, and detecting, by the network component, an anomaly in the baseline. The method further includes determining, by the network component, a potential security threat based on the anomaly.

Abstract: A request is received to scan a package integration for a malicious dependency. A subset of dependencies of the package integration is determined that, if executed by an application, would be used. A known package cache is referenced to determine that at least a portion of a file of the subset was not previously scanned. A graph representation of the portion is generated, the graph representation including a tree with edges that connect the portion with one or more further dependent files that depend from the portion. The portion and its further dependent files are scanned for malware, and the known package cache is updated with the tree and with results of the scan. It is determined whether malware is within the package integration using the known package cache and the results of the scan, and an alert is output where malware is detected.

Abstract: A computer implemented method is provided for creating and using a secret zero by multiple participants in a group. The secret zero is representative of a master secret that protects other secrets. The method includes creating, by a computing device of each participant, a message comprising a second public key, a commitment to a polynomial, a plurality of encrypted private key shares assigned to the other participants, a plurality of signatures associated with the private key shares assigned to the other participants, and a commitment of a symmetric key. The method also includes broadcasting, by the computing device of each participant, an encrypted version of the message to the group of participants. The method further includes broadcasting, by the computing device of each participant, the symmetric key to the group after all other participants have completed broadcasting their messages.

Abstract: According to some embodiments of the disclosure, a method includes receiving an electronic communication directed to a data resource, determining, by a machine learning (ML) web application firewall (WAF), an attack probability of the electronic communication based on a plurality of features, wherein subsets of the plurality of features are arranged in a plurality of feature groups, adjusting the attack probability based on respective feature weights of the plurality of feature groups.

Abstract: Information characterizing a security event is received from an agent executing on an endpoint computing device. The received information identifies a plurality of files encrypted as part of a ransomware attack and key material used when encrypting each of the files. Based on the received information, a surveyor package is generated which includes decryptor logic to decrypt at least a portion of the files. The surveyor package is deployed to the agent so that it can be unpacked and executed to decrypt at least a portion of the files. Once these files are decrypted, then can be transported to a safe computing environment Related apparatus, systems, techniques and articles are also described.

Abstract: A system for conducting a security recognition task, the system comprising a memory configured to store a model and training data including auxiliary information that will not be available as input to the model when the model is used as a security recognition task model for the security recognition task. The system further comprising one or more processors communicably linked to the memory and comprising a training unit and a prediction unit. The training unit is configured to receive the training data and the model from the memory and subsequently provide the training data to the model, and train the model, as the security recognition task model, using the training data to predict the auxiliary information as well as to perform the security recognition task, thereby improving performance of the security recognition task. The prediction unit is configured to use the security recognition task model output to perform the security recognition task while ignoring the auxiliary attributes in the model output.

Abstract: A method for creating a collection with optimized family-specific signatures for protecting from malware includes collecting statistics of potential signatures for chosen sample attribute vectors, the statistics of potential signatures being collected for clean files and malware files, estimating a probability to find a potential signature in the clean files, grouping malware files with the same signature in clusters (families), choosing the most optimal signature for the malware family files based on a predefined target function, and exporting a collection with optimized family-specific signatures configured to be implemented by scan engines.

Abstract: Physimetric-based data security for coded distributed temperature sensing (DTS) in which physimetric information is extracted from a coded-DTS interrogator which is unique for each interrogator at each operating run time—and used to reconstruct a final temperature determination from DTS data. The physimetric information includes coded-DTS pulse code and coded-DTS pulse profile information as a key to permit secure sharing with authorized users. The pulse code and pulse profile information are encrypted and made available to an authorized user. The authorized user can then decrypt the pulse code and pulse profile information and subsequently use this key information (pulse profile and pulse code files) to retrieve temperature information from for example, a remote computer providing a continuous raw data feed—without being susceptible to eavesdropping.

Abstract: Methods and systems for managing the operation of data processing systems are disclosed. To manage the operation of data processing systems, diagnostic data may be collected. The diagnostic data may include information regarding the operation of the data processing systems usable to diagnose issues impacting the operation of the data processing systems. The diagnostic data may also include sensitive data that may be undesirable to disclose to third parties. To manage risk associated with distribution of the diagnostic data, the diagnostic data may be subjected to partial redaction and/or dual encryption to manage access to the sensitive data included therein. By redacting and/or dual encrypting portions of the sensitive data, access to the sensitive data after the diagnostic data is distributed may be prevented and/or limited to those parties to which an operator of a data processing system elects to provide decryption data.

Abstract: Embodiments disclosed herein include an apparatus with a processor configured to receive an indication of a function call to an identified shared library and configured to perform an identified function. The processor is configured to insert a function hook in the shared library. The function hook is configured to pause the execution of the shared library when called. In response to the function hook, the processor is configured to identify a source location in one or more memories associated with an origin of the function call to the shared library. The processor is configured to scan a range of memory addresses associated with the source location in the one or more memories, and identify, based on the scanning, a potentially malicious process within the range of memory addresses.