Abstract: An approach is disclosed that enforces restrictions to data in a filesystem based on metadata for a file including a name for an attribute, a type, and a location in the file for the type. A file specific metadata includes an owner, contact information, access rights including an owner consent-based access policy, users of the system who can access the file and the type of access allowed by the users based on a purpose for the access. The operating system (OS) enforces an access to attribute entries of the file based on the purpose and selected metadata in the associated metadata. The restrictions for file access are driven by the file structure metadata which identifies types of information, where in the file each type of information is located, and consent information which specifies what type of information is accessible to a requestor retrieving data for a specific purpose.

Abstract: An authentication device includes an acquisition unit that acquires first image data generated at a first timing and indicating a first face of a living creature to be authenticated, age information indicating an age of the living creature at the first timing, second image data generated at a second timing later than the first timing and indicating a second face of the living creature, and aging information indicating a time period from the first timing to the second timing, and a controller that compares the first image data with the second image data. The controller calculates a similarity between the first face and the second face based on the first image data and the second image data, corrects the similarity based on the age information and the aging information, and determines, based on the corrected similarity, whether the living creature in the first image data is identical to the living creature in the second image data.

Abstract: Techniques and systems are presented to facilitate controlling and verifying the behaviors of privacy-impacting devices in alignment with the privacy behavior expectations of individuals and other entities. Accountability and audit mechanisms can verify the control state of IoT and other devices with respect to their privacy behavior preference inputs and can notify device owners and users when devices are compromised by malware and viruses. A trust-enhancing and technically transparent system architecture includes a distributed application network, distributed ledger technology, smart contracts, and/or blockchain technology.

Abstract: There is provided a method for identifying malicious activity that changes the integrity of data sent out from a vehicle, comprising: intercepting, by an output data monitoring agent that monitors data sent out from the vehicle to an external receiving computing unit using a communication interface in communication with a network; intercepting, by at least one sensor data monitoring agent that monitors sensor data outputted by at least one sensor associated with the vehicle; monitoring the integrity of the data sent out by the vehicle by analyzing the data collected by the output data monitoring agent with the sensor data collected by the at least one sensor data monitoring agent to identify a mismatch; and identifying an indication of malicious activity that changed the data sent out from the vehicle relative to the data sensed by the at least one sensor.

Abstract: The technology disclosed herein provides a system for generating a personal unclonable function (PUF) for a user based on a biometric data related to the user. Implementations of the system include a camera to generate a partial image of a user's tongue, a sensor to generate a moisture level in the user's saliva, a PUF generator configured to generate a PUF benchmark of the user based on combination of the partial image of a user's tongue and the moisture level in the user's saliva, and an access control unit configured to control access to one or more user devices based on the PUF benchmark.

Abstract: A method of performing biometric authentication for a first user, the method comprising: performing one or more first tests, wherein for each first test, performing said first test comprises: obtaining a respective first input for said first test based on one or more biometric characteristics of the first user; determining that the first user is not a predetermined user when a respective first log-likelihood ratio for a first likelihood and a second likelihood does not exceed a respective first threshold for said first test, wherein the first likelihood is a likelihood of obtaining the respective first input based on a first model in which input is obtained from the predetermined user, and wherein the second likelihood is a likelihood of obtaining the respective first input based on a second model in which input is obtained from one or more users other than the predetermined user; determining that the first user is the predetermined user when the respective first log-likelihood ratio exceeds a respective seco

Abstract: A media playback system for presenting to a user a composition of a plurality of media streams. It has a media selection component configured to receive a scenario dataset, to receive user input for selecting viewing times defining segments of media and composition selections, and to output a list of segments of media from the scenario dataset that are authorized to be viewed by the user. The system has a playback control component configured to retrieve from media storage at least the segments of media from the output list of segments, to decode the segments of media, and to compile composition instructions. The system has a media playback component configured to receive the rendered media and the composition instructions.

Abstract: Techniques for packet classification for network routing are disclosed. In some embodiments, packet classification for network routing includes receiving packets associated with a new flow at a security controller from a network device, in which the network device performs packet forwarding; classifying the flow; and determining an action for the flow based on a policy (e.g., a security policy). In some embodiments, the network device is a Software Defined Network (SDN) network device (e.g., a packet forwarding device that supports the OpenFlow protocol or another protocol).

Abstract: A method of digital signal feature extraction comprises steps of: (a) segmenting samples of the digital signal to form a set of groupings each comprising a subset of the samples, with each grouping having endpoints spaced apart by a current grouping size; (b) applying an operator, which is associated with the desired feature to be extracted, to the subset of the samples of each grouping to derive a representative value therefor corresponding to the grouping size; and (c) repeating step a), but based on a different grouping size, and repeating step b) on the set of groupings formed based on the different grouping size, with the operator being adapted to correspond to the different grouping size. The set of groupings formed in step a) collectively includes all of the samples of the signal. One endpoint of at least one grouping is intermediate the endpoints of another one of the groupings.

Abstract: Disclosed herein are methods, systems and device for estimating an identity confidence level for a user requesting access to a secure resource, comprising: initiating an authentication session to authenticate the user using a client device to access the secure resource, computing a cumulative identity confidence score in a plurality of iterations and successfully authenticating the user in case the cumulative identity confidence score exceeds a threshold predefined for the secure resource.

Abstract: Systems and methods are presented for performing sandboxing to detect malware. Sample files are received and activated individually in separate sandboxes in one mode of operation. In another mode of operation, sample files are assigned to pools. Sample files of a pool are activated together in the same sandbox. The sample files of the pool are deemed to be normal when no anomalous event is detected in the sandbox. Otherwise, when an anomalous event is detected in the sandbox, the sample files of the pool are activated separately in separate sandboxes to isolate and identify malware among the sample files.

Abstract: A secure programming system can receive a job control package having a security kernel and a target payload of content for programming into a pre-defined set of trusted devices. A device programmer can install a security kernel on the trusted devices and reboot the trusted devices using the security kernel to validate the proper operation of the security kernel. The target payload can then be securely installed on the trusted devices and validated.

Abstract: A system configured for identifying insider threats in source code conducts an automated analysis designed to identify instances of insider threats. The system performs a static analysis on results from the automated analysis to identify instances of keywords related to methods and targets of insider threats, external data being used, code layering is used to obfuscate a content. The system identifies points of correlations between instances found by performing the static analysis and assigns weight values to code portions based on the number of points of correlations found in the code portions. The system identifies code portions having weight values above a threshold value, thereby detecting instances of insider threats in source code.

Abstract: An information processing apparatus includes: an acquisition unit that acquires first group information concerning a user from authentication result information including an authentication result transmitted from an external apparatus in a case where the user is authenticated by the external apparatus; and a permission unit that permits the user to use a service provided by the information processing apparatus within a range of authority set for second group information concerning the user in a case where the acquired first group information is associated with the second group information.

Abstract: An agent on an endpoint computer computes a locality-sensitive hash value for an API call sequence of an executing process. This value is sent to a cloud computer which includes an API call sequence blacklist database of locality-sensitive hash values. A search is performed using a balanced tree structure of the database using the received hash value and a match is determined based upon whether or not a metric distance is under or above a distance threshold. The received value may also be compared to a white list of locality-sensitive hash values. Attribute values of the executing process are also received from the endpoint computer and may be used to inform whether or not the executing process is deemed to be malicious. An indication of malicious or not is returned to the endpoint computer and if malicious, the process may be terminated and its subject file deleted.

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to identify a first domain name associated with a website that served a login form to a web browser. The at least one processor is further configured to identify a one-time password (OTP) entry request served from the website in response to transmitting user credentials to the website. The at least one processor is further configured to identify a second domain name associated with an OTP server that provided an OTP. The at least one processor is further configured to perform a security action in response to determining that the first domain name differs from the second domain name. The security action may include blocking a response to the OTP request from the website, providing a warning, and/or obtaining confirmation for the response to the OTP entry request.

Abstract: An end controller, comprising: a processing resource; and a memory resource storing machine-readable instructions to cause the processing resource to: receive, using internet protocol security (IPSec) messages, a plurality of subnetworks that form a route to a branch device via a branch gateway; transfer the plurality of subnetworks to a layer-2-layer-3 module; transfer the plurality of subnetworks to an open shortest path first (OSPF) module; and publish the plurality of subnetworks that form the route to the branch device to a core router using OSPF link state advertisements (LSAs).

Abstract: An inventory of Internet-facing assets related to a username within a social media site is generated using network data gathered from network data sources. Using data sources of known threats, such as malware, phishing attempts, scam pages, blacklisted sites, and so on, a network analytic system generates analytical information about components that are owned, managed, and/or controlled by a target entity. A measure of identity threat is generated based on a classification model using the analytical information.

Abstract: A system for generating a hash tree with components grouped by component type is provided. Each non-leaf node of the hash tree has a hash of the hashes of its child nodes, and a leaf node has a hash of a component of the hash tree. The system generates, for each component type, a component subtree for that component type based on the leaf nodes that have hashes of the components of that component type. The system then generates a root subtree of the hash tree based on leaf nodes that are the root nodes of the component subtrees. The combination of the root subtree and the component subtrees form the hash tree.

Abstract: A method of preserving privacy for usage of a lightweight blockchain client in a blockchain network includes using, in a full blockchain node of the blockchain network, a trusted execution environment (TEE). A secure communication is established between the lightweight blockchain client and the TEE. The TEE receives a request from the lightweight blockchain client for at least one transaction or address of the lightweight blockchain client. The TEE obtains unspent transaction output (UTXO) information with respect to the request from the lightweight blockchain client from a UTXO database by oblivious database access using an oblivious RAM (ORAM) protocol.