Abstract: There is provided a method and apparatus for controlling a privacy setting of at least one sensor. A signal is acquired from one or more sensors. A characteristic of one or more subjects is detected in the acquired signal. A privacy level is set based on the detected characteristic of the one or more subjects. A privacy setting of at least one sensor is controlled based on the set privacy level.

Abstract: Embodiments are directed to memory protection with hidden inline metadata. An embodiment of an apparatus includes processor cores; a computer memory for the storage of data; and cache memory communicatively coupled with one or more of the processor cores, wherein one or more processor cores of the plurality of processor cores are to implant hidden inline metadata in one or more cachelines for the cache memory, the hidden inline metadata being hidden at a linear address level.

Abstract: In one or more embodiments, the present invention is directed to a blockchain secured, software-defined network and monitoring system comprising: a multi-controller software-defined network (SDN) network layer; a blockchain based security and autonomy layer; a deep learning-driven decision making layer comprising the one or more computational centers and a horizontal data plane layer. In some embodiments, the present invention is directed to methods for ensuring the integrity of a control commands and optimizing performance and security using the blockchain secured, software-defined network and monitoring system. In various embodiments, the present invention relates to methods for extracting useful features from said labelled and non-labelled data contained in the horizontal data plane layer in the blockchain secured, software-defined network and monitoring system using a knowledge domain-enabled hybrid semi-supervision learning method.

Abstract: Systems and methods for obfuscating keyboard keys against interception are provided. In an example, a protected application is dynamically virtualized in user space, wherein the virtualization comprises an isolated keyboard path. Keystrokes are injected to the isolated keyboard path, wherein the injected keystrokes are associated with a respective timestamp, and user input keystrokes are obfuscated with the injected keystrokes and the obfuscated keystrokes are passed to a low level hook. The obfuscated keystrokes passed to the low level hook are separated according to tags associated with the obfuscated keystrokes to obtain the user input keystrokes. The user input keystrokes are transmitted to a target window of the protected application.

Abstract: A remote control-based method for protecting information on a device screen is provided. A controlling terminal controls a controlled terminal through a remote control system, and the remote control-based method specifically includes the following steps: S1: superimposing a floating layer on a content page of a screen of the controlled terminal; S2: adjusting transparency of the floating layer to allow the content page on the screen of the controlled terminal to be invisible; S3: taking a screenshot of the controlled terminal; and S4: adjusting brightness of the screenshot to restore the content page to be normally visible and displayed at the controlling terminal. The remote control-based method can prevent screen information on a remote device from being disclosed, provide a more secure and private environment for a remote control process, and protect the security of information.

Abstract: Data privacy is a major concern when accessing and processing sensitive medical data. Homomorphic Encryption (HE) is one technique that preserves privacy while allowing computations to be performed on encrypted data. An encoding method enables typical HE schemes to operate on real-valued numbers of arbitrary precision and size by representing the numbers as a series of polynomial terms.

Abstract: Systems and methods for managing membership in a private data exchange are provided herein. In one embodiment, the method includes receiving a request for access to a first listing of a data exchange, each listing of the data exchange comprising version metadata. The method further includes, in response to the request, accessing a first version of a data set referenced by the first listing, wherein the first version of the data set comprises a first structure defined by first version metadata, a second listing of the data exchange references a second version of the data set, the second version of the data set comprising a second structure defined by second version metadata, and the second structure is incompatible with the first structure.

Abstract: Systems and methods are provided for evaluation of communication paths through networks to determine whether communication is permitted across one or more internal network boundaries. The analysis may be used to determine whether a node in one isolated network (e.g., VPC, VPN, client on-premise network, etc.) is able to communicate with a node in another isolated network across region and/or segment boundaries. The automated analysis can allow users (e.g., network administrators) to see what high-level policies (e.g., Cloud WAN policies written in a declarative language) are interfering with or permitting communication between the nodes.

Abstract: The present disclosure relates to a method and device for performing access control by authenticating an electronic device and performing secure ranging. The method may include: receiving, from a server, a device certificate including a first scrambled timestamp sequence (STS) code encrypted by a public key of the electronic device and a second STS code encrypted by an STS key; transmitting the device certificate to a target device; obtaining the first STS code by decrypting the encrypted first STS code by using a secret key of the electronic device; and performing secure ranging with the target device by using the first STS code.

Abstract: Verification of digital identities with a non-repudiable proof of identity maintained in a verification log. The verification log may be generated by a platform for verification of a digital identity of a human user in response a request for verification of a human user's identity from a relying party. Such verification may be performed via online transactions or via an identity verification device. The non-repudiable proof of identity may include records in the verification audit log that may be non-reversible. As such, anonymized records may be maintained that demonstrate proof of identity verification without providing sensitive details. The verification log may be accessible by relying parties and/or end users to provide a record of verifications.

Abstract: A computer security system with enhanced blacklisting includes administrative interfaces that accept user inputs to create and modify entries in a blacklist and a whitelist that define which programs are allowed to execute on one or more target computer systems. Upon an attempt to run a program, if the program is in the blacklist and not in the white list, the program is prevented from running. If the program is prevented from running, at a later time, an administrative interface is used to either block future execution of the program or to create an entry in the whitelist that allows future execution of a class of programs or only that the program until revoked. The whitelists and blacklists are for a single target computer or many computers.

Abstract: Systems and methods are described for a multi-tenant mode of a serverless code execution system. For instance, a method may include maintaining a set of execution environments, wherein each execution environment is associated with a serverless function, wherein the serverless function is associated with a software as a service (SaaS) provider that is a tenant of a cloud services provider, wherein the SaaS provider provides services to sub-tenants, wherein the set of execution environments are partitioned based on sub-tenants of the SaaS provider; receiving a call to execute a serverless function, wherein the call includes a serverless function identifier and a sub-tenant identifier; identifying a sub-tenant-specific execution environment of the set of execution environments that is associated with the sub-tenant; and in response to identifying the tenant-specific execution environment, invoking the serverless function on the sub-tenant-specific execution environment.

Abstract: Instance instrumentation is provided for different data sources by identifying an instance of a function in a program that receives input from an untrusted source; and replacing, at runtime of the program, the instance of the function with an instrumented version of the function that includes a marking function to indicate an output of the instrumented version of the function is tainted by the input received from the untrusted source. Additionally, instance instrumentation can be provided by identifying a second instance of the function in the program that does not receive input from the untrusted source; and leaving, at runtime of the program, the second instance of the function alone, wherein the second instance of the function is not replaced with the instrumented version of the function.

Abstract: A system and method reduces use of restricted operations in a cloud computing environment during cybersecurity threat inspection. The method includes: detecting an encrypted disk in a cloud computing environment, the encrypted disk encrypted utilizing a first key in a key management system (KMS); generating a second key in the KMS, the second key providing access for a principal of an inspection environment; generating a snapshot of the encrypted disk; generating a volume based on the snapshot, wherein the volume is re-encrypted with the second key; generating a snapshot of the re-encrypted volume; generating an inspectable disk from the snapshot of the re-encrypted volume; and initiating inspection for a cybersecurity object on the inspectable disk.

Abstract: A method, computer system, and computer program product are provided for performing policy enforcement, attestation, and network forensics. A universal reference for a computing entity is obtained, wherein the universal reference identifies one or more components of the computing entity by additional universal references assigned to the one or more components. A hierarchical description of the computing entity is determined by enumerating each additional universal reference of the one or more components and additional sub-components, wherein the hierarchical description exhaustively identifies the components and sub-components of the computing entity. The hierarchical description is analyzed by accessing a database to identify mappings of the one or more additional universal references to the one or more components and sub-components.

Abstract: A wireless communication network generates and transfers qubits to a wireless user device. The wireless communication network and the wireless user device determine polarization states for the qubits. The wireless communication network and the wireless user device exchange cryptography information. The wireless communication network and the wireless user device generate cryptography keys based on the polarization states and the cryptography information. The wireless communication network and the wireless user device encrypt and decrypt data that they exchange with one another based on the cryptography keys.

Abstract: A system performs mobile biometric identification system enrollment using a known biometric. The system receives a digital representation of a first biometric for a person. Prior to using the digital representation of the first biometric to identify the person, the system compares a received digital representation of a second biometric for the person to known biometric data for the person. When the digital representation of the first biometric has been thus verified, the system is operative to identify the person using the digital representation of the first biometric.

Abstract: The present disclosure relates to a searchable encrypted data sharing method and system based on blockchain and homomorphic encryption, which protects security of sensitive data on the blockchain and realizes searchable and homomorphic calculation of data ciphertext. According to the present disclosure, a data owner encrypts the generated sensitive data and the keywords extracted according to the data with his own key, and then sends the encrypted transaction information to the cloud server. The cloud server verifies the identity of the data owner. If the verification succeeds, the uploaded ciphertext data is stored on a local server, and a ciphertext index, keyword ciphertext and related evidences of the data storage are uploaded to an alliance chain. The alliance chain node verifies the consistency of the uploaded transaction information, and if the verification succeeds, the transaction information is recorded.

Abstract: Implementations include determining a set of components within the connected vehicle ecosystem, components within the set of components representing at least one layer within the connected vehicle ecosystem, for each component in the set of components: providing a set of facts representative of the respective component, and providing a component digital twin using the set of facts, defining a set of digital twins including digital twins of components in the set of components, generating, using the set of digital twins, at least one AAG representative of potential lateral movement between components of the at least one layer within the connected vehicle ecosystem, the at least one AAG representing a contextual digital twin of components operating within the connected vehicle ecosystem, and evaluating the connected vehicle ecosystem using the at least one AAG.

Abstract: A computer-implemented method comprising receiving, based on a first user interface of a first application executing on a first device, user input that indicates a recipient, the recipient associated with registration information that indicates a method of communication with the recipient and an encryption key associated with the method of communication. The method causing an encrypted message to be generated based on the encryption key, the encrypted message encrypting clear data based on received user input, causing the encrypted message to be formatted into an encrypted package, that is in an application format compatible with a second application corresponding to the method of communication, wherein the application format is compatible with the second application by at least being a format that is allowed to be sent or to be processed by the second application, and providing the encrypted package to the second application to be sent to the recipient.