Abstract: A secure device operating with a secure tamper-resistant platform including a tamper-resistant hardware platform and a virtual primary platform operating with a low level operating system performing an abstraction of resources of the hardware platform, and a secondary platform with a high level operating system providing a further abstraction of resources to applications in which respective internal hosts are embedded, the secure device including an internal host domain including the internal hosts, the secure device including a plurality of physical and/or logical input/output interfaces through which external hosts can access the internal hosts, the virtual primary platform being configured to set interactions between the external hosts and the internal hosts, wherein the internal host domain includes a further set of virtual hosts each configured to operate as a proxy between an input/output interface and an application, each input/output interface being configured to address only one among the virtual hos

Abstract: A system for autonomous risk assessment and quantification for insurance policies for computer and information technology related risks, including but not limited to losses due to system availability, cloud computing failures, current and past data breaches, and data integrity issues. The system will use a variety of current risk information to assess the likelihood of operational interruption or loss due to both accidental issues and malicious activity. Based on these assessments, the system will be able to autonomously issue policies, adjust premium pricing, process claims, and seek re-insurance opportunities with a minimum of human input.

Abstract: Techniques are described herein for using special session identifiers to defer additional authentication steps (AAS) for at least some restricted application actions. A client session is associated with a special session identifier that is mapped to an authentication tier (AT) achieved for the session based on the satisfied authentication steps. Web servers that are enabled for AAS deferral include context information, which identifies a requested action, with session verification requests to an authentication service. The authentication service determines that AAS is required to perform an action when (a) the AT associated with the action is a higher-security tier than the AT associated with the session, or (b) the session is associated with an AT that is lower than the highest-security AT and there is no context information accompanying the request for session validation, in which case the authentication service assumes that the highest-security AT is required to perform the request.

Abstract: Techniques are described for managing internet-of-things (IoT) devices, such as managing the storage of data generated by the IoT devices, managing the access, to the data, by users, processes, and/or other entities, managing command and control of the devices, and so forth. In some implementations, an IoT platform is provided for IoT device management, and the IoT platform can be agnostic with respect to providers. For example, the IoT platform may provide one or more common interfaces that enable communications with IoT devices that are manufactured by different device providers. In some implementations, a distributed ledger system (DLS) is employed to facilitate IoT device management. For example, the DLS can act as a gateway and/or overall interface to control access of users, processes, devices, IoT device providers, and/or other entities to the IoT devices and/or to an IoT platform.

Abstract: Systems and methods enable automated and scalable obfuscation detection in programming scripts, including processing devices that receive software programming scripts and a symbol set. The processing devices determine a frequency of each symbol and an average frequency of the symbols in the script text. The processing devices determine a normal score of each symbol based on the frequency of each symbol and the average frequency to create a symbol feature for each symbol including the normal score. The processing devices utilize an obfuscation machine learning model including a classifier for binary obfuscation classification to detect obfuscation in the script based on the symbol features. The processing devices cause to display an alert indicting an obfuscated software programming script on a screen of a computing device associated with an administrative user to recommend security analysis of the software programming script based on the binary obfuscation classification.

Abstract: A full blockchain node for preserving privacy of a lightweight blockchain client in a blockchain network includes at least one computer device having an operating system. A trusted execution environment is installed on the at least one computer device such that code is executable by the trusted execution environment in isolation from the operating system. The trusted execution environment is configured to communicate with the lightweight blockchain client for performing blockchain transactions in a blockchain network.

Abstract: A social network system that includes tools and technologies to keep the identities of the users of the system anonymous is provided. The system requires that some users use usernames that are not associated in any way with their legal names. In addition, other identifying content such as photographs are disallowed in certain circumstances. The system includes the tools to review and remove disallowed content from being published on the social network. The system also provides tools for its users to express themselves while engaging in creative endeavors such as creating artwork, creating music, creating videos, singing, journaling and creative writing, acting, inventing, interviewing, and hosting and other endeavors. In this way, the system provides a social platform that promotes creativity, unity, inclusion, self-growth, support, and healing.

Abstract: A system for autonomous issuance and management of insurance policies for computer and information technology related risks, including but not limited to losses due to system availability, cloud computing failures, current and past data breaches, and data integrity issues. The system will use a variety of current risk information to assess the likelihood of operational interruption or loss due to both accidental issues and malicious activity. Based on these assessments, the system will be able to autonomously issue policies, adjust premium pricing, process claims, and seek re-insurance opportunities with a minimum of human input.

Abstract: Concepts and technologies directed to scrubbed internet protocol domain for enhanced cloud security are disclosed herein. In various aspects, a system can include a processor and memory storing instructions that, upon execution, cause performance of operations. The operations can include exposing an application to a service provider network that provides an internet connection, where the application is provided by a datacenter that communicates with the service provider network. The operations can include monitoring traffic flows to the application during an observation time period, where the traffic flows include probe traffic that attempts to reach the application. The operations can include constructing a scrubbed internet protocol domain such that detected probe traffic is prevented from reaching a plurality of virtual machines provided by the datacenter.

Abstract: A method of initiating a transaction in a blockchain system includes receiving, by a processing device, biometric data associated with a first party of a transaction to be added to a block of a blockchain system. The method further includes providing the biometric data to a validation node of the blockchain system. The method further includes determining that the biometric data has been validated by the validation node. The method further includes, in response to determining that the biometric data has been validated, recording, by the processing device, the biometric data in the block of the blockchain system.

Abstract: The present disclosure relates to a process-based virtualization system comprising a data processing unit. The system comprises a computer readable storage media, wherein a first memory component of the computer readable storage media is configured for access by an OS, secure and non-secure applications and the firmware, and wherein a second memory component of the computer readable storage media is configured for access by the firmware and not by the OS and the non-secure application. The data processing unit is configured to operate in a first mode of operation that executes a non-secure application process using the OS, and to operate in a second mode of operation that executes the secure application using the firmware, thereby executing application code using the second memory component.

Abstract: Systems and methods include a method for detecting and identifying access points. Signals transmitted by access points in one or more mobile telecommunications networks within range of a mobile wireless scanning system are received by the mobile wireless scanning system. A presence of the access points is detected by the mobile wireless scanning system. Locations of the access points are determined by the mobile wireless scanning system using the signals transmitted by the access points. The locations of the access points are logged by the mobile wireless scanning system. Location and identifying information for the access points are provided by the mobile wireless scanning system to a receiving client.

Abstract: Described herein are methods, systems, and software to handle verification information in a content node. In one example, a method of operating a content node includes receiving a secure content request from an end user device and determining the availability of verification information stored on the content node to service the secure content request. The method further provides, if the verification information is available, verifying the end user device based on the verification information. The method also includes, if the verification information is unavailable, querying an origin server to verify the end user device.

Abstract: A first device nonce and a first Hash based Message Authentication Code (HMAC) of the first device nonce using an old password as a key is received. The received first HMAC is compared to a computed second HMAC of the received first device nonce using a stored old password as the key for a match. In response to the match, a third HMAC of a second device nonce using the stored old password as the key is computed. A change password acknowledgement message is sent to the first device that comprises the second device nonce and the third HMAC. A final secret is computed using a second device secret and the first device nonce. A new password using a key derivation function that uses the old password and the final secret is computed. Thus, a new password is generated without sending the password over a network.

Abstract: A security establishment method includes generating a pair of keys via mutual authentication between a terminal device (110) and a serving network, and the terminal device (110) and the serving network sharing KASME by using the generated pair of keys (Steps S50 and S100), the terminal device (110) and a roaming destination network of the terminal device (110) generating, by using the KASME, KSEAF mapped with SEAF (50) (Steps S140 and S150), and the terminal device (110) and the roaming destination network generating, by using at least the KSEAF and SUPI used to recognize a subscriber in the serving network, KAMF mapped with AMF (60) (Steps S140 and S150).

Abstract: A peripheral device package for use in a host computing device has a plurality of compute elements and a plurality of resources shared by the plurality of compute elements. A datastructure is stored in a hidden memory of the peripheral device package. The data structure holds metadata about ownership of resources of the peripheral device package by a plurality of user runtime processes of the host computing device which use the compute elements. At least one of the user runtime processes is a secure user runtime process. The peripheral device package has a command processor configured to use the datastructure to enforce isolation of the resources used by the secure user runtime process.

Abstract: An apparatus may include a processor that may be caused to access a distribution of a plurality of values, each value of the plurality of values quantifying an event of an event type in a computer network. The processor may determine a mean of the plurality of values and a second highest value of the plurality of values, generate an expected maximum of the distribution based on the mean and the second highest value, and access a first value quantifying a first event of the event type in the computer network. The processor may further determine that the first event is an anomalous event based on the first value and the expected maximum.

Abstract: The present disclosure is generally directed to systems and methods for providing privacy to a user of a user device that is used for interacting with a networked software platform. A server computer coupled to the user device receives a hashed device ID of the device and generates a unique user ID in the form of a unique number. The user ID can be used by the server and other entities to gather information related to the activities of the user with respect to the networked software platform, which can be, for example, a video game platform, a social media platform, or a health-related diagnostic tool. The identity of the user remains anonymous during the information gathering procedures because neither the device ID nor the identity of the user is transmitted over the network when the user is participating in activities of the networked software platform.

Abstract: An intelligent electronic device (IED) of an electric power distribution system includes processing circuitry and a memory that includes a tangible, non-transitory, computer-readable comprising instructions. The instructions, when executed by the processing circuitry, are configured to cause the processing circuitry to receive operating data associated with the electric power distribution system, determine whether the operating data matches with expected operating data, generate a connectivity association key (CAK) based on the operating data in response to a determination that the operating data matches with the expected operating data, and establishing a connectivity association based on the CAK.

Abstract: Techniques are described for enabling resources within a cloud computing system to interact with each other. In certain embodiments, a token renewal mechanism is provided for extending the duration in which a first resource can access another resource. The token renewal mechanism can involve the first resource periodically causing a new credential to be generated for itself and then communicating the new credential to an identity and access management (IAM) system. The new credential may be generated for compliance with a credential rotation policy specifying that credentials should be changed after a certain period of time. The IAM system may associate a digital access token with the new credential so that for subsequent requests, the IAM system will only recognize the resource principal based upon the new credential. The digital token can be invalidated if a new credential is not changed within the specified period of time.