Abstract: A computer-implemented method comprising receiving, based on a first user interface of a first application executing on a first device, user input that indicates a recipient, the recipient associated with registration information that indicates a method of communication with the recipient and an encryption key associated with the method of communication. The method causing an encrypted message to be generated based on the encryption key, the encrypted message encrypting clear data based on received user input, causing the encrypted message to be formatted into an encrypted package, that is in an application format compatible with a second application corresponding to the method of communication, wherein the application format is compatible with the second application by at least being a format that is allowed to be sent or to be processed by the second application, and providing the encrypted package to the second application to be sent to the recipient.

Abstract: A computer platform includes an artificial neural network (ANN) as well as a classifier. The ANN is configured, after a learning phase, to transform an input data vector into a discriminating feature vector having a smaller dimension. A user then generates, from a plurality of reference data vectors, the same plurality of reference feature vectors, which are encrypted in an encryption module using the public key of a homomorphic cryptosystem and stored in a reference database of the platform. When the user requests the classification of an input data vector, the ANN, or a copy thereof, provides the classifier with a corresponding discriminating feature vector (y). Distances from the vector to the different reference feature vectors are calculated in the homomorphic domain and the index of the reference feature vector closest to y, i.e. the identifier i0 of the class to which it belongs, is returned to the user.

Abstract: Techniques for preventing ransomware from encrypting files on a target machine are disclosed. In some embodiments, a system/process/computer program product for preventing ransomware from encrypting files on a target machine includes monitoring file system activities on a computing device; detecting an unauthorized activity associated with a honeypot file or honeypot folder; and performing an action based on a policy in response to the unauthorized activity associated with the honeypot file or honeypot folder.

Abstract: A method allows access to computer resources to authorized native applications on a client device. An authorization server receives, from a native application on a device, an initial authorization grant, a public key of a private/public key pair generated on the device, and an attestation of authenticity of the native application. The authorization server receives, from the native application on the device, a refresh token and a digital signature of the refresh token that is created with the private key. The authorization server recognizes the refresh token only if the refresh token is verified with the public key that has been previously registered. The authorization server validates the digital signature of the refresh token, and transmits a new access token and a new refresh token to the native application on the device, thus allowing the native application on the device to access the computer resource.

Abstract: A method is disclosed and includes authenticating a first stage boot loader and authenticating a second stage boot loader in response to authentication of the first stage boot loader. The method also includes executing the second stage boot loader in response to authentication of the second stage boot loader. Executing the second stage boot loader includes loading an operating system, a first set of machine-readable instructions, and first configuration information associated with the first set of machine-readable instructions onto a non-transitory computer-readable medium, wherein the first set of machine-readable instructions and the first configuration information are associated with one or more priority partitions. Executing the second stage boot loader includes authenticating the operating system and the first set of machine-readable instructions.

Abstract: Systems and methods of defending against stack-based cybersecurity attacks that exploit vulnerabilities in buffer overflows. The embodiments disclosed herein propose hijacking program flow in a program binary by insert call checking CFI code before calling a target. Examples of a target can be a function within the program binary, a register, or a memory location. If the call target is a valid call target (e.g., included in a global list of addresses), normal program flow resumes and the program flow is transferred to the target. On the contrary, if the call target is not a valid call target (e.g., not included in a global list of addresses), the program binary is deliberately crashed.

Abstract: Systems and methods for identifying sensitive content in electronic files are disclosed. In an embodiment, a request is received to determine whether an electronic file contains sensitive content. The electronic file is preprocessed based on a file type of the electronic file, resulting in a first input file and a second input file. The first input file is inputted to a first machine learning engine, which classifies the first input file for numerical items in the sensitive content. The second input file is inputted to a second machine learning engine, which classifies the second input file for textual items the sensitive content. A report is generated based on a combination of a first output from the first machine learning engine and a second output from the second machine learning engine, where the report indicates items of the sensitive content that are contained in the electronic file.

Abstract: Aspects of the disclosure include a method and associated network device. The method includes authenticating an identity of a user of a client device after the client device is associated with an access network provider. Authenticating the identity of the user comprises receiving, from an identity provider, a credential associated with the identity, and receiving, from the identity provider, information identifying a network-based service to be applied to network traffic with the client device. The method further includes establishing, using the credential and the received information, a secure connection between the access network provider and a service provider that is capable of providing the network-based service. The method further includes receiving network traffic from the service provider. Packets of the network traffic include an assurance value that enables the client device to determine that the network-based service is being provided by the service provider.

Abstract: Discloses a method and an apparatus for visual construction of a knowledge graph system. In the present disclosure, data permission of a distributed client is determined through a central server. The central server obtains a master template of a knowledge graph system and sends it to the distributed client. The distributed client receives a natural language inputted by a user and parses to generate an abstract syntax tree. The user completes customization of a subtemplate of the knowledge graph system through visual operation. The distributed client encrypts the subtemplate and then sends it to the central server. When the knowledge graph system is to be used, any knowledge concept is inputted, the central server calls and decrypts the subtemplate and then searches a database, and a tree structure knowledge graph is generated and sent to the distributed client.

Abstract: Aspects of the present disclosure involve a method, a system and a computer readable memory to perform a cryptographic operation that includes identifying a first set of mutually coprime numbers, obtaining a second set of input numbers coprime with a corresponding one of the first set of mutually coprime numbers, obtaining an output number that is a weighted sum of the second set of input numbers, each of the second set of input numbers being taken with a weight comprising a product of all of the first set of mutually coprime numbers except the corresponding one of the first set of mutually coprime numbers, and performing the cryptographic operation using the output number.

Abstract: A system for tracking clusters in an immutable sequential listing is disclosed. The system includes at least a processor and a memory communicatively connected to the at least a processor, the memory containing instructions configuring the processor to receive a new record, obtain a sub-listing of an immutable sequential listing, wherein the sub-listing comprises a biological extraction cluster description posting of a biological extraction cluster and a cluster key, update the biological extraction cluster description posting using the new record, generate a new sub-listing and update the new sub-listing to the immutable sequential listing.

Abstract: A communication method and a communications apparatus, where the method includes: after receiving an RRC resume request message from a UE, determining, by a target access network device, a first user plane security protection method between the target access network device and the UE based on a context information obtaining response from a source access network device; determining a first user plane security key between the target access network device and the UE; when receiving first uplink user plane data from the UE, performing user plane security deprotection on the first uplink user plane data based on the first user plane security key and the first user plane security protection method, to obtain uplink user plane data; and sending the uplink user plane data.

Abstract: A system method for quantum key includes providing an initial key in a first data processing device and a second data processing device; providing, in the second data processing device, a quantum signal comprising a plurality of quantum states; determining, in the second data processing device, a plurality of quantum measurement parameters, a raw signal by quantum measuring the plurality of quantum states employing the plurality of quantum measurement parameters; generating with the initial key, in the second data processing device, an encrypted signal; determining, in at least one of the first data processing device and the second data processing device, a reconciled signal from the encrypted signal; determining, in at least one of the first data processing device and the second data processing device, a shared key from the reconciled signal by correcting the first reconciled signal.

Abstract: A central asset registry and associated satellite registries tie Digital Asset Management (DAM) repositories and satellite repositories into a unified enterprise system. The system removes rights and asset relationship tracking from the DAMs and the satellites by gathering asset metadata tags and capturing digital asset rights and relationships between assets to improve speed, scalability, and flexibility in analyzing and traversing networks of rights and relationships of digital assets. The central asset registry and the satellite registries use a pluggable architecture and track and store multi-dimensional relationships as an asset hierarchy. The asset hierarchy and rights model depicts rights and relationship data between the assets and provides a flexible array of asset types and properties for addition of new assets, new asset types, and new rights without re-factoring the other data, nodes, and edges. The system uses asset metadata to create edge relationships between the assets.

Abstract: A method for securing a plurality of compute nodes includes authenticating a hardware architecture of each of a plurality of components of the compute nodes. The method also includes authenticating a firmware of each of the plurality of components. Further, the method includes generating an authentication database comprising a plurality of authentication descriptions that are based on the authenticated hardware architecture and the authenticated firmware. Additionally, a policy for securing a specified subset of the plurality of compute nodes is implemented by using the authentication database.

Abstract: A wireless device according to an embodiment of the present disclosure may receive a mirroring request for a screen sharing service from an external device, may determine whether a transmission condition of a content image is satisfied according to the received mirroring request, and, when the transmission condition is satisfied, to transmit content image data corresponding to the content image and OSD image data corresponding to an OSD image to the external device through a wireless communication interface.

Abstract: Performing shadow stack functionality for a thread in an audit mode includes initiating execution of a thread at the processor. Execution of the thread includes initiating execution of executable code of an application binary as part of the thread and enabling shadow stack functionality for the thread in an audit mode. Based at least on the execution of the thread in the audit mode, at least a portion of the shadow stack is enabled to be a circular stack. In response to determining that usage of the shadow stack has reached the defined threshold, one or more currently used entries of the shadow stack are overwritten, preventing the shadow stack from overflowing.

Abstract: Aspects of subject technology provide systems and methods for generation and distribution of a stable identifier associated with multiple aliases of a user account. The stable identifier may be provided to various electronic devices by a server, responsive to requests associated with communications to those devices from one of the associated aliases. In this way, messaging applications can utilize the stable identifier to merge conversations from a single user having multiple aliases, and secure access to a secure device can be provided to an authorized user, even if the authorized user attempts access from an unauthorized account alias.

Abstract: Disclosed are various embodiments for providing access to a recovery key of a managed device and rotating the recovery key after it has been accessed. In one example, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to authenticate a user on the computing device in order to unlock an operating system based on a first recovery key. A key rotation command can be received from the management service. The key rotation command can include an instruction to rotate the first recovery key. The computing device can generate a second recovery key and transmit the second recovery key to the management service.

Abstract: An electronic musical instrument, method for a musical sound generation process and a non-transitory computer readable medium that stores an electronic musical instrument program are provided. The program causes a computer provided with a storage part to execute a musical sound generation process using sound data. The program causes the computer to execute: acquiring, from the storage part, first sound data and first user identification information indicating a user who has acquired the first sound data from a distribution server; acquiring second user identification information indicating a user who causes the musical sound generation process to be executed using the first sound data; determining whether or not the first user identification information matches the second user identification information; and inhibiting execution of the musical sound generation process using the first sound data in a case when the first user identification information does not match the second user identification information.