Abstract: A computer-implemented method, computer program product and computing system for establishing connectivity with a plurality of security-relevant subsystems within a computing platform; receiving an initial notification of a security event from one of the security-relevant subsystems, wherein the initial notification includes a computer-readable language portion that defines one or more specifics of the security event; processing the initial notification using a generative AI model and a formatting script to produce a summarized human-readable report for the initial notification, wherein the summarized human-readable report defines one or more recommended next steps; and automatically executing some or all of the recommended next steps to define one or more recommended actions.

Abstract: Methods and systems for managing operation of data processing systems are disclosed. To manage the operation of the data processing systems, access to information regarding the operation of hardware components of the data processing systems may be provided. The access may be provided by configuring the internal communication topology of the data processing systems. The topologies may be configured to limit access to unvalidated entities, and provide access to validated entities.

Abstract: Disclosed are various embodiments for generating and verifying stateful hash-based signatures. A message hash of a message is generated using a cryptographic hash function. Then, the message hash is split into a predefined number of parts of equal size. Next, a value of a signature debt is calculated for each of the predefined number of parts of the message hash. Subsequently, a respective signature part is calculated for each of the predefined number of parts of the message hash by applying the cryptographic hash function to a respective portion of a private key for a number of times equal to the value of the signature debt. Next, the respective signature parts are concatenated to generate a signature for the message.

Abstract: A method, device and non-transitory computer-readable medium for analysing a data package received by a recipient, using a framework. The framework comprises at least one adjuster; and a processing component for processing the received data package using the at least one adjuster. The at least one adjuster is configured to obtain payload data of the received data package and analyse the payload data for recipient-interactive content, wherein the recipient-interactive content provides access to remote content. The recipient-interactive content is substituted with sanitised recipient-interactive content, and recipient interaction with the sanitised recipient-interactive content is detected. A content check is performed when recipient interaction with the sanitised recipient-interactive content is detected. The content check comprises analysing the remote content, and determining, based on the content check whether the data package represents a security threat.

Abstract: Described embodiments provide systems and methods for identifying malicious attempts to detect vulnerabilities in an application. At least one processor may determine a mean and a standard variation of character counts of each of a plurality of characters from a plurality of sets of data. The at least one processor may determine a distance metric for each of the characters in each of the sets of data. For a corresponding set of data, the at least one processor may determine a number of outliers to determine whether the corresponding set of data is anomalous.

Abstract: A detection system 1 includes a control device 10 and a monitoring device 20 communicably connected to the control device 10. An acquisition unit 10A of the control device 10 acquires a target's observation value by a sensor 30. A first-noise-output unit 10B outputs a first-noise-value changing with time and less than a resolution of the sensor 30. An integration unit 10C outputs an integrated value obtained by integrating the first-noise-value and the observation value. A transmission unit 10D transmits the integrated value to the monitoring device 20. A separation unit 20A of the monitoring device 20 separates the integrated value from the control device 10 into the observation value and the first-noise-value. A second-noise-output unit 20B outputs a second-noise-value as the first-noise-value. A detection unit 20C detects whether the integrated value is a replay attack using the spatial distance between the first-noise-value and the second-noise-value.

Abstract: The invention relates to efficient zero knowledge verification of composite statements that involve both arithmetic circuit satisfiability and dependent statements about the validity of public keys (key-statement proofs) simultaneously. A method is disclosed for a prover proving to a verifier that a statement is true, while keeping a witness (w) to the statement a secret, and a verifier using a reciprocal method to verify the proof. The prover sends, to the verifier, data including a statement represented by an implemented function circuit, individual wire commitments and/or a batched commitment for the function circuit of the statement, a given function circuit output, and a proving key. Based on the sent data, the verifier is able to determine satisfiability of the function circuit, calculate an elliptic curve point, and validate the statement, thus determining that the prover holds the witness to the statement and ensuring the data complies with the statement.

Abstract: The present disclosure relates to a system, method, and computer program for graph-based multi-stage attack detection in which alerts are graphically visualized in the context of tactics in an attack framework. The method enables the detection of cybersecurity threats that span multiple users and sessions and provides for the display of threat information in the context of a framework of attack tactics. Alerts spanning an analysis window are grouped into tactic blocks. Each tactic block is associated with an attack tactic and a time window. A graph is created of the tactic blocks, and threat scenarios are identified from independent clusters of directionally connected tactic blocks in the graph. The threat information is visualized graphically in the context of a sequence of attack tactics in the attack framework. A user can toggle between graphical visualizations of a cluster as a whole and the individual threat scenario paths in the cluster.

Abstract: A terminal device verification method and an apparatus are provided. The method includes: a first network device receiving a first message from a first terminal device. Then, the first network device verifies a pairing relationship between the first terminal device and a second terminal device. After the verification on the pairing relationship between the first terminal device and the second terminal device succeeds, the first network device sends a second message to the first terminal device, where the second message include first indication information, and the first indication information is used to indicate a pairing result of the first terminal device and the second terminal device. The pairing relationship between the first terminal device and the second terminal device is verified, so that the first terminal device and the second terminal device can be securely paired, to improve use security of the first terminal device and the second terminal device.

Abstract: A prover chip uses a key multiplier value generated by a proof-of-work function from a challenge value, a random number, and elliptic curve cryptography (ECC) techniques to generate a one-time (or ephemeral) use private key. Similarly, a verifier chip uses the key multiplier value generated by an equivalent proof-of-work function, a public key received from the prover, and ECC techniques to derive a one-time use public key that corresponds to the ephemeral private key generated by the prover chip. The prover chip uses the ephemeral private key to sign the second challenge value and send this signed second challenge value to the verifier chip. The verifier verifies the value it receives using the one-time use public key and if the signature on the second challenge value is valid, authenticates the prover chip to a system.

Abstract: Two main methods exist today to enforce access control in a network fabric: soft zoning and hard zoning. However, each of these approaches has some significant drawbacks. Accordingly, presented herein are new and improved systems and methods to perform access control enforcement, which is stronger than soft zoning, and does not need to interact with the fabric switches, as required by hard zoning. In one or more embodiments, an authentication verification entity (AVE) is provided with access control or authorization information. In one or more embodiments, the AVE uses this information to cause an authentication verification failure for connections between hosts and subsystems that are not allowed according to configurations (e.g., zoning configurations) of the fabric.

Abstract: A computer system is disclosed that provides purpose-based control of user actions and access to electronic data assets. For example, the computer system may perform operations including: receiving, from a user, a request to perform an action; determining any checkpoint config objects associated with the action; displaying checkpoint dialog based on checkpoint config object; determining whether criteria associated with the checkpoint object are satisfied; and in response to determining that the criteria associated with the checkpoint object are satisfied: generating a checkpoint record object; and proceeding to perform the action.

Abstract: A digital file forensic accounting and management system collects forensic data for a digital file that is stored and accounted for in a datastore. The digital files and the associated forensic data may be retrieved from the datastore by a third party to verify the authenticity of the digital file. An interface program is utilized to collect forensic data about a file upon creation of the file and/or when the file is transferred to the datastore. An interface program may be a framework that is operated on a file producing program that a file provider used to create a digital file. An interface program may be an origination driver that is operated on the file providing computer. An interface program may be a directory monitoring program that transfers the digital file and forensic data to the datastore upon saving the file to the monitored directory.

Abstract: Disclosed is an electronic device comprising: a memory in which instructions are stored; and a processor electrically connected to the memory. The processor, when the instructions stored in the memory are executed: acquires a command for installation of a first application signed with a first key; checks information relating to the first key in a key storage of the electronic device; if the first key is determined to be valid, installs the first application; and if the first key is determined to have been revoked, controls to prohibit installation of the first application.

Abstract: A computerized method for restricting communications between virtual private cloud networks comprises creating a plurality of security domains. Each of the plurality of security domains identifies gateways associated with one or more virtual private cloud networks. Also, the method features generating transit routing data stores in accordance with each of the plurality of security domains; determining whether a connection policy exists between at least a first security domain and a second security domain of the plurality of security domains; and precluding communications between gateways associated with the first security domain and gateways associated with the second security domain in response to determining that no connection policy exists between the first security domain and the second security domain.

Abstract: Methods and systems for inference generation are disclosed. To manage inference generation, a system may include an inference model manager and any number of data processing systems. The inference model manager may represent an inference model as a bipartite graph in order to obtain portions of the inference model. Each portion of the inference model may be distributed to one data processing system so that the data processing systems may collectively generate inferences usable by a downstream consumer. Portions of the inference model may be obtained so that each portion matches the available computing resources of a data processing system throughout the distributed environment. In addition, the portions may be obtained in order to reduce inter-data processing system communications during execution of the inference model.

Abstract: A system, method, and computer-program product includes executing a computer-executable threat hunting protocol for autonomously assessing digital activity data associated with one or more environments of a subscriber, wherein executing the computer-executable threat hunting protocol includes: executing the at least one behavioral sequence model to output an initial set of likely suspicious digital activity that occurred within the one or more environments, assessing the initial set of likely suspicious digital activity outputted by the at least one behavioral sequence model against the at least one auxiliary enrichment dataset to identify a subset of the initial set of likely suspicious digital activity that is not suspicious, and outputting a refined set of suspicious digital activity by removing the subset of the initial set of likely suspicious digital activity from the initial set of likely suspicious digital activity, and surfacing, via a user interface, the refined set of suspicious digital activity.

Abstract: In some embodiments, the present disclosure provides an exemplary method that may include steps of obtaining a trained spam upsurge detection machine learning model that determines when a current frequency associated with spam communications received by a current user exceeds a baseline frequency associated with the current user; receiving a permission indicator identifying a permission by the user to detect communications being received by the computing device; receiving an indication of at least one communication being received; determining the at least one communication as a particular spam communication; updating a frequency at which spam communications have been received by the user based at least in part on the particular spam communication; utilizing the trained spam upsurge detection machine learning model to determine that the frequency exceeds a baseline frequency associated with the user; and initiating a scan of one or more dark web resources.

Abstract: A method for information transmission. In a first transaction step, a first data record is generated by the transmission terminal, and the first data record is transferred to a blockchain. In a first verification step, the first data record in the blockchain is verified and stored as a first verified data record. In a second transaction step, a second data record is generated by the receiver terminal, and the second data record is transferred to the blockchain. In a second verification step, the second data record in the blockchain is verified and stored as a second verified data record. In a data encryption step, encrypted data are generated by the transmission terminal. In a transmission step, encrypted data are transmitted to the receiver terminal. In a data decryption step, a piece of electronic information is made accessible to the receiver.

Abstract: Disclosed in the present invention is an intelligent photo album sorting and privacy protection method. The method is applied to an image recognition model, and includes the following steps: obtaining shooting time and shooting locations of images, and acquiring latitude and longitude information of a shooting device; extracting feature information in the images; performing classification and sorting based on the shooting time and the shooting locations of the images and the extracted feature information in the images, and when a designated classified photo album exists in the shooting device, moving the images into the designated classified photo album; otherwise, creating a designated classified photo album, and moving the images into the designated classified photo album; after moving the images to the designated classified photo album, determining whether the recognition model has been stored in a model.