Abstract: One example method includes integrating user space applications with kernel space events including primitives. The events are intercepted in kernel space and processed in user space. The events can be stored in a session cache that allows a holistic view of behavior to be determined with regard to resources of the computing system. The events in the session cache can be correlated to user or process behavior by provided a time-based view of the events.

Abstract: A method and apparatus for testing a malware detection machine learning model. The method trains a malware detection model using a first dataset containing malware samples from a particular time period. The trained model is then tested using a second dataset that is a time shifted version of the first dataset.

Abstract: The purposes of the present invention are to improve safety of data transmission and a data transfer rate and to reduce an increase in costs for the improvement. An encryption unit 111 of a transmission device 1 generates encrypted data that allow plain data thereof to be uniquely identified A segmentation unit 121 segments the encrypted data into two types of basal signal point number information on the basis of map data provided by a map management unit 122. A basal signal point number generation unit 113 generates basal signal point number information used as information to be transmitted, on the basis of a set of the two types of information, i.e. horizontal basal signal point number information and vertical basal signal point number information.

Abstract: A system maintains values for secure connection settings for multiple registered users and restricts data resets. Upon receiving a reset request to reset the value of a particular secure connection setting for a specific user, trials are conducted each by: providing a reset tool to the requesting device for input of a requested new value for the secure connection setting; receiving the requested new value from the requesting device; and sending a validation request to a validation system, the validation request including, at least in part, the requested new value for the particular secure connection setting. If a reply from the validation system is deemed a repudiation of the requested new value, a trial count is tolled. If the trial count reaches a predetermined condition, trials are suspended, a denial message is sent to the requesting device, and the specific user is alerted of a attempt to alter their data.

Abstract: A system and method for providing secure access to an organization's internal resources by an application running on an external network. An agent accepts queries from the application which are passed to a relay with a dynamic filter. The relay establishes a secure connection with a connector through the organization's firewall and passes requests from the application to an authentication service running on the internal network to confirm that a user of the application is authorized and issue an authentication ticket which is returned to the application. The application then sends a request to access a specific internal resource based on the authentication ticket, which is passed to a ticket granting service running on the internal network, to verify that said user is authorized to access the specific internal resource, and, if so, issue a service ticket to grant access the application for that resource.

Abstract: A method, a computer program product, and a system for mitigating unauthorized encryptions of filesystem objects stored on a computing system. The method includes allocating a backup memory area for storing pre-encrypted filesystem objects, setting data bits in an encryption register that allow for monitoring a filesystem object marked for ransomware protection. The method also includes calculating an encryption rate of an encryption occurring on the filesystem object and determining that the encryption rate of the filesystem object exceeds an encryption-rate threshold. The encryption-rate threshold can be set by an administrator when marking the filesystem object for ransomware protection. The method further includes generating an alert to an administrator that the encryption rate of the filesystem object exceeds the encryption rate threshold and storing a backup of the filesystem object for a predetermined amount of time in the backup memory area.

Abstract: A calculation device is disclosed. The calculation device includes: a memory storing at least one instruction and identity information; and a processor performing the at least one instruction, wherein the processor may randomly sample small elements, generate a function-processed output value by function-processing the stored identity information, and generate an encrypted text for a message by using a master public key computed using a ring having a dimension (d) represented by a power of 2 and an integer multiplication of 3 or more, the sampled small elements and the function-processed output value.

Abstract: A system, method, and computer-readable medium for performing a communications management operation. The communications management operation includes: providing a data center asset with a connectivity management system client module; setting the data center asset to a disable until claimed status; providing the data center asset with proof of possession information; establishing a connection between the connectivity management system client module and a connectivity management system of a data center monitoring and management console, establishing a secure communication channel between the connectivity management system client module and a connectivity management system aggregator based upon the proof of ownership information; and, setting the data asset center to a claimed status based upon the information exchanged between the connectivity management system client module and the connectivity management system.

Abstract: Autonomous management of risk transfer is provided using an automated underwriting processor that creates a contract block by compiling the request into a computational graph-based format, links the contract block to the requester, stores the contract block into memory, retrieves a plurality of available underwriting agreements from memory, and creates an offer list by perform computational graph operations on the contract block to determine viable risk-transfer agreements; and presenting the offer list to the requester.

Abstract: A resource-based authorization control may be added to a data processing service. A control-plane action requested by an account or entity creates a resource-based authorization policy. The resource-based authorization policy pertaining to respective resources allows recurrent data-plane actions to maintain a data flow in a data pipeline to be authorized independent of a separate authorization service.

Abstract: A client-side electronic device includes a receiver, a processor, and a memory. The receiver communicates with a message server over a communication medium of a communication network. The memory stores computer-executable instructions, which, when executed by the processor, cause the device to receive, from the message server, a broadcast message, a timestamp associated with the broadcast message, and a first digital signature of the broadcast message and a second digital signature of the timestamp. The executed instruction further cause the device to verify an integrity of the broadcast message based the first or second digital signatures, determine a freshness of the broadcast message based on the received timestamp, calculate a trust state of the broadcast message based on the integrity verification and the freshness determination, and store the broadcast message in the memory along with the calculated trust state.

Abstract: Various aspects of methods, systems, and use cases for multi-entity (e.g., multi-tenant) edge computing deployments are disclosed. Among other examples, various configurations and features enable the management of resources (e.g., controlling and orchestrating hardware, acceleration, network, processing resource usage), security (e.g., secure execution and communication, isolation, conflicts), and service management (e.g., orchestration, connectivity, workload coordination), in edge computing deployments, such as by a plurality of edge nodes of an edge computing environment configured for executing workloads from among multiple tenants.

Abstract: A virtual firewall configured with two interfaces assigned different security zones switches between Layer 3 routing and bump-in-the-wire (BITW) modes between sessions. After receiving a packet from a one-arm load balancer, an inner header is determined based on decapsulation which removes an outer header. A route lookup is performed based on the inner header to determine whether to communicate packets of the session with Layer 3 routing or according to the BITW model. The result of the route lookup indicates an egress interface. If the ingress and egress interfaces are the same, the firewall operates according to the BITW model for the session. If the egress and ingress interfaces are different, the firewall routes packets of the session with Layer 3 routing. Upon detection of subsequent packets, the firewall operates according to the determined mode for the session without performing additional inner header route lookups for operation mode determination.

Abstract: Implementations of the subject technology provides analyzing a recording of content within a field of view of a device, the analyzing including recognition of a set of objects included in the content. The subject technology identifies a subset of the set of objects that are indicated as corresponding to protected content. The subject technology generates a modified version of the recording that obfuscates or filters the subset of the set of objects. Additionally, the subject technology provides the modified version of the recording to a host application for playback.

Abstract: Provided are a method and device employing a smart contract to realize identity-based key management. The method comprises: running a smart contract, and executing a key management process, wherein the key management process comprises: when a key of a target user requires an update and the target user is not a supervised user, generating a master public key and a master private key pertaining to the target user; acquiring, from a blockchain, identity information of the target user; generating a first target private key according to the master public key and the master private key pertaining to the target user and the identity information of the target user; and replacing a current private key of the target user with the first target private key.

Abstract: An ownership management system records an article ID, which is unique information for identifying an article, and an owner ID, which is information indicating an owner of the article, on a blockchain in association with each other, and generates a two-dimensional code from a hash value acquired from the blockchain at the time of recording, the article ID, and the owner ID. The ownership management system accepts the two-dimensional code, extracts the hash value, the article ID, and the owner ID from the accepted two-dimensional code acquires the article ID and the owner ID recorded on the blockchain by using the extracted hash value, determines a matching relationship between the article ID and the owner ID extracted from the two-dimensional code, and outputs the extracted article ID and the owner ID when it is determined that the matching is made.

Abstract: Upon an attempt to access a service of a third-party server, full-duplex password-less authentication provides a one-time password to the user displayed at the client device and at a mobile device associated with the user. The user verifies the access by comparing the one-time password displayed at the mobile device and the one-time password displayed at the client device. In some embodiments, the one-time password is displayed as a picture while in other embodiments, a combination of a picture the one-time password is displayed as a picture and a set of alphanumeric characters for ease in making the comparison. The user determines whether to accept or deny the authentication sequence after a simple visual comparison.

Abstract: A learning with errors (LWE) instance management method according to an embodiment may include obtaining, from one or more user devices among a plurality of user devices, one or more learning with errors (LWE) instances and one or more extended LWE instances including reuse tags associated with the LWE instances, storing the one or more extended LWE instances, receiving, from a first device among the plurality of user devices, a request for an LWE instance produced by a second device among the plurality of user devices, and identifying, based on a reuse tag included in each of the one or more extended LWE instances, a target extended LWE instance including an LWE instance produced by the second device among the one or more extended LWE instances, and providing the LWE instance included in the target extended LWE instance to the first device.

Abstract: A method for enhancing detection of fraudulent data is provided that includes the step of analyzing, by an electronic device, voice biometric data captured while the user was speaking to determine whether the captured voice biometric data exhibits anomalies associated with fraudulent voice audio data. Moreover, the method includes the steps of analyzing circumstances under which the voice biometric data was captured, analyzing mannerisms of the user while the voice biometric data was captured, and calculating a risk score based on at least the results of the analyses. Furthermore, the method includes the steps of comparing the risk score against a threshold value, and in response to determining the risk score fails to satisfy the threshold value generating an alert having a risk level corresponding to the risk score.

Abstract: Technologies are shown for secure management of personal information data involving storing personal information data in a personal information data block and committing the personal information data block to a personal information data blockchain and authorizing access to the personal information data by a platform entity by storing a platform identifier corresponding to the platform entity in authorized access data. An access request is received from the platform entity that includes the platform identifier for the first platform entity. If the platform identifier is verified to be in the authorized access data, the personal information data is obtained from the personal information data blockchain and returned to the platform entity. In some examples, the authorized access data includes permissions that identify portions of the personal information data that the platform entity can access. In other examples, the authorized access data is secured on an authorized access data blockchain.