Abstract: A format-preserving Just Encrypt 1 (JE1) system and method provides significant performance advantages over known FPE methods for longer character strings due to the technical improvements.

Abstract: Embodiments are directed to memory protection with hidden inline metadata. An embodiment of an apparatus includes processor cores; a computer memory for the storage of data; and cache memory communicatively coupled with one or more of the processor cores, wherein one or more processor cores of the plurality of processor cores are to implant hidden inline metadata in one or more cachelines for the cache memory, the hidden inline metadata being hidden at a linear address level.

Abstract: Presented herein are methodologies for implementing a system and apparatus to estimate a network disruption index and undertake a mitigation action accordingly. A method includes calculating a network disruption index based on at least a disruption score associated with a service request measure, an end-of-life measure, a security incident response measure and a return material authorization measure for respective hardware devices in a network, comparing the network disruption index to a predetermined threshold, and when the network disruption index is above the predetermined threshold, identifying one or more of the hardware devices in the network for a mitigation action and implementing the mitigation action.

Abstract: A computer security system with enhanced whitelisting includes administrative interfaces that accept user inputs to create and modify entries in a whitelist that define which programs are allowed to execute on one or more target computer systems. Upon an attempt to run a program, the entries in the whitelist are used to determine if the program is allowed to run. If an entry in the whitelist indicates that the program is allowed to run, the program is run. Otherwise, at a later time, an administrative interface is used to either block future execution of the program or to create an entry in the whitelist that allows execution of a class of programs or only that the program in the future until revoked. The whitelist is for a single target computer or many computers.

Abstract: In some implementations, sequences of time series values determined from machine data are obtained. Each sequence corresponds to a respective time series. A plurality of predictive models is generated for a first time series from the sequences of time series values. Each predictive model is to generate predicted values associated with the first time series using values of a second time series. For each of the plurality of predictive models, an error is determined between the corresponding predicted values and values associated with the first time series. A predictive model is selected for anomaly detection based on the determined error of the predictive model. Transmission is caused of an indication of an anomaly detected using the selected predictive model.

Abstract: A method for securely encrypting and decrypting data in a blockchain, wherein a node member of a network involved in executing a state transition function for the blockchain, uses a key derived from a sequence of digits in an irrational number. The irrational number can derive from a ratio and/or a root, and preferably a square root of a non-perfect square. A key might or might not utilize the entirety of the sequence of digits. For example, the key might utilize every other or every third digit in the sequence. A key might alternatively include some or all of the sequence, with one or more additional characters or digits added to the beginning or end of the sequence, or included elsewhere within the sequence. A key might even utilize non-consecutive members of the sequence of digits, or perhaps a reverse or partially reversed sequence.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for securing data. One of the methods includes receiving one or more network data packets. The one or more network data packets include a token that identifies stored sensitive data. The one or more network data packets are desanitized, by: identifying and extracting, from the one or more network data packets, the token; requesting, from a distributed file system, the stored sensitive data, based upon the token; and receiving, in response to the request, the stored sensitive data as received stored sensitive data.

Abstract: A method for storing time-sensitive secrets in a network is provided. The method includes receiving a first encryption key from multiple encryption keys, the multiple encryption keys associated with a first time window and accessing a data packet encoded according to the encryption keys. The method also includes writing a decrypted data packet to a block in a blockchain when the first encryption key matches a first time-sensitive value, and writing the decrypted data packet to the block in the blockchain when a second encryption key, received from the content provider, matches a second time-sensitive value after the first time-sensitive value has lapsed, wherein the first time-sensitive value and the second time-sensitive value are a non-overlapping time sequence in the first time window. A system and a non-transitory, computer-readable medium storing instructions to perform the above method are also provided.

Abstract: A method and apparatus encrypting data for use by an application includes receiving a first clear data in a security application running concurrently with the application. The security application encrypts the first clear data to generate a first encrypted package and distributes the encrypted package for use by the application or by other applications running concurrently with the application. The security application also receives and decrypts encrypted packages from the application or one of the other applications to provide clear data for use by the application. The security application may be implemented as a data entry utility that can be accessed directly by the application.

Abstract: A spammy app detection system may search a database for any new social media application discovered during a recent time period. A spammy app detection algorithm can be executed on the spammy app detection system on an hourly basis to determine whether any of such applications is spammy (i.e., posting to a social media page anomalously). The spammy app detection algorithm has a plurality of stages. When a new social media application fails any of the stages, it is identified as a spammy app. The spammy app detection system can update the database accordingly, ban the spammy application from further posting to a social media page monitored by the spammy app detection system, notify an entity associated with the social media page, further process the spammy application, and so on. In this way, the spammy app detection system can reduce digital risk and spam attacks.

Abstract: A method and apparatus encrypting data for use by an application includes receiving a first clear data in a security application running concurrently with the application. The security application encrypts the first clear data to generate a first encrypted package and distributes the encrypted package for use by the application or by other applications running concurrently with the application. The security application also receives and decrypts encrypted packages from the application or one of the other applications to provide clear data for use by the application. The security application may be implemented as a data entry utility that can be accessed directly by the application.

Abstract: An authentication system includes a first controller that performs wireless communication with a mobile terminal and a first authentication unit that executes authentication of the mobile terminal including ID authentication and code authentication through the wireless communication performed between the first controller and the mobile terminal. The first authentication unit executes the code authentication by determining whether a terminal-side calculation result obtained by the mobile terminal matches a controller-side calculation result obtained by the first controller. The authentication system further includes a second controller that communicates with the mobile terminal and a second authentication unit that applies encryption communication using a portion of the terminal-side calculation result and a portion of the controller-side calculation result to communication performed between the second controller and the mobile terminal and authenticates the encryption communication.

Abstract: Audio visual privacy controls can be provided. A privacy service can be configured to interface with multiple filter drivers that are loaded above components of an AV platform to enable the privacy service to selectively block a particular AV app's access to an AV device based on context. A privacy service may leverage a first filter driver to identify an AV app and may leverage a second filter driver to block the AV app's access. The privacy service may consider different types and combinations of context to determine when access to an AV device's stream should be blocked.

Abstract: A system and method synchronizes accounts across different computer systems using a matching computer system and a network, when the accounts on the source computer system are organized differently than they are on the destination computer system.

Abstract: A CAN device is provided with an encryption function and a decryption function. The encryption function allows messages to be encrypted and put onto a CAN bus. The decryption function allows the messages on the CAN bus to be decrypted. The encryption and decryption functions share keys which change over the course of time.

Abstract: Disclosed are various embodiments for providing access to a recovery key of a managed device and rotating the recovery key after it has been accessed. In one example, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to store a first recovery key for a first managed computing device. The first recovery key is configured to access an encrypted data store of the first managed computing device. A request is received for the first recovery key from a second managed computing device. The first recovery key is transmitted for display on the second managed computing device. A key rotation command is generated for a command queue of the first managed computing device to rotate the first recovery key after transmitting the first recovery key. The second recovery key is received from the second computing device.

Abstract: For building a representation of behavior of a container, an apparatus is able to: inject a probe in an operating system associated with the container to monitor system calls coming from the container, produce records for respective system calls, each record containing an identifier of a system call and a stack size used by the container for the system call, the records being put in an ordered queue, process the records in the ordered queue into a graph comprising nodes respectively associated with used stack sizes and edges respectively associated with identifiers of system call between nodes, wherein an edge from one record is associated with the identifier of the system call of the one record and links a node associated with a previous record to the node associated with the one record.

Abstract: In an aspect, a system and method for generating keys associated with cluster categories including receiving at least a biological extraction, classifying the biological extraction to a biological extraction cluster, generating a plurality of biological extraction cluster s to biological cluster categories, and producing a cluster description posting where the cluster description posting generates a digest that is signed with a cluster key.

Abstract: Techniques for providing a secure clock source in a communication network are disclosed. For example, a method comprises participating in a bi-directional authentication with a network entity in a communication network, sending a clock service request message to the network entity, receiving a clock service accept message in response to the clock service request message when the apparatus is eligible to use a clock service, and receiving one or more secure clock signals from the network entity. Another method comprises participating in a bi-directional authentication with a requesting device in a communication network, receiving a clock service request message from the requesting device, verifying the eligibility of the requesting device to request a clock service, and sending one or more secure clock signals to the requesting device in response to successfully verifying the requesting device.

Abstract: Various communication systems may benefit from appropriate security measures. For example, mobile networks may benefit from the flexible selection of security features. A method can include receiving an attach request. The method can also include sending a response to the request. The response can include information configured to allow selection of a control plane integrity algorithm independently of a user plane integrity algorithm.