Abstract: The present invention relates management of security of a computing environment. The method may include; monitoring and learning, through a master computer, a data traffic of the each of the coupled connecting node to alter a security design to speed up the communications; analysing, through the master computer, the data traffic to categorize the each of the coupled connecting node into a first category of node, which is accessed by a human and a second category of node, which is accessed by a bot; utilizing, at the master computer, one or more secured hidden servers for determining a first data communication route to speed up data traffic for the human and a second data communication route to prevent data traffic above a pre-set limit, for the bot.

Abstract: A threat intelligence gateway (TIG) may protect TCP/IP networks from network (e.g., Internet) threats by enforcing certain policies on in-transit packets that are crossing network boundaries. The policies may be composed of packet filtering rules with packet-matching criteria derived from cyber threat intelligence (CTI) associated with Internet threats. These CTI-derived packet-filtering rules may be created offline by policy creation and management servers, which may distribute the policies to subscribing TIGs that subsequently enforce the policies on in-transit packets. Each packet filtering rule may specify a disposition that may be applied to a matching in-transit packet, such as deny/block/drop the in-transit packet or pass/allow/forward the in-transit packet, and also may specify directives that may be applied to a matching in-transit packet, such as log, capture, spoof-tcp-rst, etc.

Abstract: Embodiments are directed to a computing system with permission control via data redundancy. The computing system includes a memory and a permission control circuit coupled to the memory. The permission control circuit encodes a first data vector by using a bit position register with a first permission control code for a first user, writes the encoded first data vector into the memory, and updates content of the bit position register from the first permission control code to a second permission control code for a second user. The encoded first data vector written into the memory is inaccessible for the second user based on the updated content of the bit position register.

Abstract: In a system, computer-readable media and methods for secure ledger assurance tokenization (SLAT), a block content of a first blockchain is audited, which includes accessing, by a request circuit of a SLAT computing system, a retrievably stored cross-reference content and generating an audit result. Generating an audit result includes evaluating, by a SLAT circuit of the SLAT computing system, the cross-reference content such that the audit result is informed at least by the cross-reference content. The audit result is included in a secure ledger assurance token generated by a SLAT generation circuit of the SLAT computing system and stored relationally to the block content of the first blockchain.

Abstract: A driver monitoring system includes internal and external cameras attached to a vehicle. The cameras capture video of the vehicle's driver and the area surrounding the vehicle for later review by a coach or supervisor. To ensure privacy of people who appear in video, portions of the video may be processed to blur faces, license plates, and/or other features. Furthermore, access control mechanisms exist so that only users in specific roles have access to review certain types of video.

Abstract: Systems described herein may dynamically add one or more proxy data protection agents to a cloud data storage system to process a data protection job. Upon completion of the job or at some other appropriate interval, the system can power down and decommission the proxy data protection agents and/or the virtual machines on which the data protection proxies reside according to a cleanup schedule (e.g., at hourly or minute intervals). In order to improve the allocation of computing resources, the system takes into account currently existing proxies or virtual machines when processing a backup request to determine the need for new proxies to service the backup request. In this manner the system can save costs and computing resources through efficient virtual machine deployment and retirement.

Abstract: A computing system that is configured to receive requests to send computer executable programs to a data owner system associated with a data source for execution of the computer executable program by the data owner system. The data owner system may store to a blockchain a permitted list of programming functions, function libraries, function syntax definitions, and execution environment requirements. The computing system may be further configured to retrieve the permitted lists. The computing system may be further configured to evaluate the computer executable program using the permitted lists to determine if the computer executable program may be executed by the data owner system. The evaluation may be performed by generating an abstract syntax tree of the computer executable program. The computing system may be further configured to send the computer executable program to the data owner system if the computer executable program satisfies the conditions of the permitted lists.

Abstract: A communication method and apparatus are disclosed. According to the communication method, corresponding PDCP entities of a first terminal and a second terminal use consistent input parameters when executing security algorithms, thereby ensuring normal communication on a sidelink (SL) and improving communication reliability. In an example embodiment, a first terminal determines a logical channel identifier (LCID) meeting a preset condition, where a first packet data convergence protocol (PDCP) entity of the first terminal is associated with two or more logical channels (LCHs); the first terminal receives a first data packet from a second terminal; and the first PDCP entity of the first terminal parses the first data packet based on the LCID.

Abstract: Discussed herein are devices, systems, and methods for detecting anomalous or malicious processes based on a network flow data. A method for network intrusion detection, the method comprising receiving a network flow data, implementing a topological data analysis (TDA) algorithm to identify respective birth and death of homological classes to which the network flow data maps, appending the respective (birth, death) pairs along with additional TDA-based features to a feature space resulting in an augmented feature space, and determining, using a machine learning algorithm the operates on the augmented feature space as input, whether the network flow data is associated with a network intrusion.

Abstract: A network is described. The network is a peer-to-peer network of nodes. The nodes maintain a distributed ledger. The distributed ledger includes a list of transactions. The list of transactions includes various transactions for maintaining a decentralized root store between the nodes. The decentralized root store includes a list of certificate authorities which are trusted by the nodes in the network. The root certificates may be retrieved from the distributed ledger, validated, and then used to access the certificate authorities.

Abstract: A vehicle head unit comprising a memory configured to store an operating system, and one or more processors may be configured to perform various aspects of the techniques. The one or more processors may obtain an indication of one or more vehicle networks, and execute the operating system that presents a single application programming interface that provides function calls by which to configure the one or more vehicle networks within the operating system. The one or more processors may also configure, via the single application programming interface, one or more network interfaces for the one or more vehicle networks in the operating system by which one or more applications, executing in an application space presented by the operating system, interface with the one or more vehicle networks.

Abstract: Systems and methods for using a kernel module to provide computer security are provided herein. In some embodiments, a method for providing computer security may include launching a kernel module at the kernel-level of a computing device, redirecting, using the kernel module, communications traffic away from a browser executing on the computing device, decoding, using the kernel module, the received traffic to create decoded traffic, analyzing the decoded traffic, using the kernel module, for content having particular characteristics and create analyzed traffic, encoding, using the kernel module, at least a portion of the analyzed traffic to create encrypted traffic, and directing the encrypted traffic to the browser.

Abstract: Zero trust and micro-segmentation techniques may be collectively used to enhance network security. To establish, refine, and enforce a zero-trust least-privileged policy, the network may be segmented to put each device of the network into a respective network of one, which forces all network traffic to pass through a zero-trust gatekeeper. The gatekeeper may then monitor and analyze the traffic to establish, refine, and enforce the zero-trust least-privileged policy, which reduces network access to only a limited set of network actions and/or paths. Using the gatekeeper, network traffic may be monitored to progressively establish the policy as well as to continually refine the policy. Recommended actions may be determined based on the analysis of the monitored network traffic and provided to the user to allow user feedback on the communication rules of zero-trust policy.

Abstract: A digital document protection system is disclosed. The system includes a processor of a stamp generation node connected to at least first user node and to a second user node over a blockchain network; a memory on which are stored machine-readable instructions that when executed by the processor, cause the processor to: receive a digital document from the first user node designated to the second user node; execute a smart contract to: generate a URL referencing a QR code and a unique tiny URL represented by the QR code, embed the QR code onto the document, wherein the document is accessible at the URL, and provide the tiny URL to the second node.

Abstract: Various example embodiments are directed to a fingerprint authentication method and a fingerprint authentication device. The fingerprint authentication method includes acquiring target fingerprint data of a user using at least one fingerprint sensor, determining a preliminary authentication result of the target fingerprint data based on at least one historical fingerprint data stored in memory, performing a matching check on the preliminary authentication result, and determining a final authentication result of the target fingerprint data based on results of the matching check.

Abstract: According to an example aspect of the present invention, there is provided a method, comprising: receiving a first message from a service-consuming second network entity in a second mobile network for a service-providing first network entity in a first mobile network, the first message comprising a first callback resource identifier, generating a second callback resource identifier on the basis of the first callback resource identifier, wherein the second callback resource identifier comprises a domain name of a security edge node in the first network, and transferring a callback message from the first network entity to the security edge node, the callback message comprising the second callback resource identifier.

Abstract: A computer-implemented method for verifying messages in a service-oriented communication system of a vehicle, including receiving a message and a signature in a first entity of the service-oriented communication system, the message and the signature being received via the service-oriented communication system; checking if the message corresponds to a dedicated message and the signature corresponds to a signature belonging to the dedicated message; and verifying the message, if the checking turns out positive. A computer-implemented method for generating predetermined messages in a first entity of a service-oriented communication system of a vehicle, and a service-oriented communication system in a vehicle, which is configured, are also described.

Abstract: Computer-implemented systems, method and products configured for providing one or more restriction groups in a content management system are provided. One or more restriction marks may be associated with the one or more restriction groups. At least a first restriction mark may be associated with a first restriction group. The first restriction mark may be assigned to a first content item stored in the content management system, in response to determining that the first content is associated with the first restriction group, the first content item being associated with metadata indicating user access permissions according to the first restriction mark and a security classification. The metadata associated with the first content item may be updated based on the assignment of the first restriction mark to the first content item to allow or limit user access to the first content item.

Abstract: A method for securely sharing of data by an electronic device is provided. The method includes receiving, by the electronic device, data associated with the at least one application available at the electronic device and obtaining, by the electronic device, secured data by transforming the data associated with at least one application into an unrecognizable format using at least one conceal factor and at least one noise input. Further, the method includes extracting, by the electronic device, a plurality of features from the secured data, and sharing, by the electronic device, the plurality of features extracted from the secured data to a plurality of servers.

Abstract: A system for fully integrated collection of business impacting data, analysis of that data and generation of both analysis driven business decisions and analysis driven simulations of alternate candidate business actions has been devised and reduced to practice. This business operating system may be used to monitor and predictively warn of events that impact the security of business infrastructure and may also be employed to monitor client-facing services supported by both software and hardware to alert in case of reduction or failure and also predict deficiency, service reduction or failure based on current event data.