Abstract: Detecting, mitigating and isolating a Signaling Storm, particularly in 5G communication networks. A Control Plane signal probe is connected at a first network node located between a Radio Access Network and a 5G Core Network, to monitor control messages originating from 5G-capable devices. A User Plane signal probe is connected at a second network node located between the 5G Core Network and remote entities to which the 5G-capable devices are sending messages, to monitor control messages passing through the second network node. An Inventory Management sub-system stores data correlating between 5G-capable devices and IMSI numbers. A Protector Unit is configured to receive (i) data collected by the Control Plane signal probe, and (ii) data collected by the User Plane signal probe, and (iii) a subset of IMSI numbers. The Protector Unit performs Machine Learning analysis, and detects and quarantines particular 5G-capable devices that are compromised or malfunctioning.

Abstract: Systems are provided herein for communications bus signal fingerprinting. A security module monitors a plurality of voltage lines of at least one electronic control unit (ECU) electrically coupled to a communications bus. A voltage differential across at least two of the plurality of voltage lines of the at least one ECU is measured. The voltage differential is compared to a plurality of predetermined signal fingerprints associated with the at least one ECU. A variance in the compared voltage differential is identified relative to one or more of the plurality of predetermined signal fingerprints. Data characterizing the identified variance is provided.

Abstract: Aspects of the invention include a computer-implemented method, including performing simulations of a form of cyber-attack based on different input parameters to determine a respective time to perform each cyber-attack on a plurality of features of a sensor-based device. Additionally, performing simulations of a plurality of mitigating processes for each cyber-attack based on different input parameters to determine a respective time to perform each mitigating process. An associated risk level of each cyber-attack is determined based at least in part on the simulations. A mitigation process is selected based at least in part on the associated risk levels.

Abstract: The disclosure proposes a novel method for generating public polynomials. The method simplifies key exchange processes, reduces the time required for key exchange and reduces the bandwidth required for data transmission from a server to a client. Secondly, the method keeps the calculation processes at both sides synchronized through a novel data exchange solution, particularly through handshaking signals, to ensure that the server and the client are always in the same key exchange process. In addition, the method further reduces a transmission bandwidth by sending information of the client twice. A state synchronization mechanism of the client and the server is proposed in the disclosure to ensure that Trivium modules at both sides are in the same state at the beginning of each key exchange, thereby avoiding reinitializing the modules and improving the operation efficiency of the whole system.

Abstract: A system may include a traffic interception module configured to intercept network traffic of a host device. A traffic virtualization module may be configured to generate a virtual file on the host device containing the intercepted network traffic. A security system interface module may be configured to provide the virtual file to a secure digital security system over a virtualized file interface coupling the host device to the secure digital security system, and to receive instructions to allow or to deny the network traffic from the secure digital security system over the virtualized file interface. A traffic access management module may be configured to allow or to deny the network traffic based on the instructions.

Abstract: Cryptographic key management systems configured to provide key management services for the secure and decentralized control and storage of private cryptographic keys and other information. Asset private keys, seeds, passphrases, and other digitized information may be split into a plurality of subkeys and distributed to a group of people to allow the group to gain control of the asset private key if and when a specified condition has occurred. In some examples, the group of people receive less than a threshold number of the subkeys required to restore the asset private key and one or more of the subkeys required to restore the asset private key are defined as validator subkeys, the validator subkeys separately and securely stored. In some examples, the validator subkeys are encrypted and the encrypted validator subkeys stored on a blockchain platform.

Abstract: In an approach to managing obfuscation of regulated sensitive data, one or more computer processors detect content for display on a computing device. One or more computer processors analyze the content for sensitive data. One or more computer processors retrieve one or more applicable regulations, where the regulations are associated with displaying sensitive data. One or more computer processors determine a location on the display for obfuscating the sensitive data in the content, based on the retrieved one or more applicable regulations. One or more computer processors identify one or more context rules applicable to the sensitive data in the content. One or more computer processors determine the one or more context rules override the one or more applicable regulations. One or more computer processors display the sensitive data in the content.

Abstract: A method comprising executing, by a core of a processor, a first instruction requesting access to a parameter associated with data for storage in a main memory coupled to the processor, the first instruction including a reference to the parameter, a reference to a wrapping key, and a reference to an encrypted encryption key, wherein execution of the first instruction comprises decrypting the encrypted encryption key using the wrapping key to generate a decrypted encryption key; requesting transfer of the data between the main memory and the processor core; and performing a cryptographic operation on the parameter using the decrypted encryption key.

Abstract: A method for hash chain migration includes detecting a version update of an object that includes a hash chain that stores fields of the object. Sub chains are identified from the hash chain. Migration sub chains are generated from the plurality of sub chains using a plurality of processes. Container blocks are generated from the plurality of migration sub chains. A migration chain is generated from the plurality of container blocks. The object is accessed using the migration chain.

Abstract: Systems and methods are disclosed for prioritizing a list of applications. The systems and methods include identifying, with a messaging application, a list of applications that are configured to share authentication information with the messaging application; determining a priority value of each application on the list of applications; generating for display, with the messaging application, a graphical user interface that represents a selection of applications from the list of applications based on the priority value of each application on the list; and for each application represented in the graphical user interface, generating for display a user-selectable option to authorize the messaging application to share authentication information with the respective application.

Abstract: Embodiments of a multi-party secure computation method applicable to any one computing node deployed in a distributed network are provided. A plurality of computing nodes are deployed in the distributed network, the plurality of computing nodes jointly participate in a secure multi-party computation based on respectively held private data, and the computing node that performs the method is connected to a trusted random source. The method includes: obtaining a trusted random number from the trusted random source; performing an operation on the held private data based on the obtained trusted random number to obtain an operation result; and transmitting a computing parameter comprising at least the trusted random number to other computing nodes participating in secure multi-party computation, so that the other computing nodes perform the secure multi-party computation based on collected computing parameters transmitted by the computing nodes participating in the secure multi-party computation.

Abstract: Embodiments of the present invention provide a system for secure communication of information that may be used to authorize communications or transfer of resources by use of a transient pliant encryption mechanism in conjunction with an indicative nano-display. The provided systems, methods, and computer program products are designed to select and apply multiple encryption algorithms in a varied fashion and update displayed information on a nano-display. Credentials for a user may be stored and securely communicated via a transient nano-display that is updated at a configured interval of time and is indecipherable to unauthorized third parties.

Abstract: There are provided systems and methods for detection of fraudulent displayable code data during device capture. A user may utilize a computing device to capture data at a certain location, such as imaging a QR code or reading an RFID reader. However, without knowing that those codes or devices are safe, the user make risk a computing attack on their device. Thus, processes herein provide a manner to detect when codes or devices are unsafe based on the additional data detected when encoded data is captured. In such instances, those codes and devices may be detected as fraudulent and the user may receive a warning of malicious computing attacks. Additionally, the user may be guided to valid codes and devices to utilize and may further receive information on removing such computing attacks.

Abstract: An account identification apparatus sets browsing authority for each of accounts such that browsing permission/prohibition is different for each of Web pages. Furthermore, the account identification apparatus causes a user terminal having accessed a predetermined Web site to transmit a request to each of the Web pages so as to acquire information about browsing permission/prohibition for each of the Web pages with regard to the user terminal and uses the acquired information about browsing permission/prohibition to identify an account with which the user terminal has logged in.

Abstract: A least-privilege role is automatically assigned to a service principal in order to ensure that a service principal is able to perform actions on a resource of a subscription in a multi-tenant environment as intended without additional access and usage rights. The assignment of the least-privilege role is based on actions previously performed on the resources of a subscription by the service principal that match those actions within a role having the bare minimum permissions needed to perform those actions.

Abstract: In one example, a method performed by a processing system of a server includes sending an instruction to a controller installed on an integrated circuit chip of a remote computing device, wherein the instruction requests that the controller issue a challenge to the integrated circuit, receiving a first signature of the integrated circuit chip from the controller, wherein the first signature is derived by the controller from a response of the integrated circuit chip to the challenge, comparing the first signature to a second signature that is stored on the server, wherein the second signature was derived through testing of the integrated circuit chip prior to the integrated circuit chip being deployed in the remote computing device, and generating an alert when the first signature fails to match the second signature, wherein the alert indicates that the integrated circuit chip may have been tampered with.

Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to receive an original collection of symbols. A single use coding function is applied to the original collection of symbols to form a new collection of symbols. Encryption keys associated with a user are formed. The new collection of symbols is encrypted to form a recoded encrypted symbol file stored at a network accessible memory location. A distributed ledger entry with a data control signature is formed using the single use coding function encrypted with a private key. The distributed ledger entry is written to a distributed ledger. The distributed ledger entry is accessed. The recoded encrypted symbol file is read from the network accessible memory location. The data control signature and a symmetric key are used to convert the recoded encrypted symbol file to the original collection of symbols.

Abstract: A method for controlling exposure of sensitive data though a logging system is provided. The method comprises: upon receiving a request by the request handler, determining sensitive data as part of the request by applying a rule, converting the data into a transformed format, and registering the data together with a related data field label with a log handler. Then, upon receiving by the log handler a log entry, converting each expression of the log entry into the transformed format, and comparing each transformed expression with each of the sensitive data in the transformed format. Upon determining a match of one of the transformed expressions with one of the sensitive data in the transformed format, the method comprises issuing an alert indicating that the log entry comprises sensitive data.

Abstract: The disclosure concerns a method of protecting a calculation on a first number and a second number, including the steps of: generating a third number including at least the bits of the second number, the number of bits of the third number being an integer multiple of a fourth number; dividing the third number into blocks each having the size of the fourth number; successively, for each block of the third number: performing a first operation with a first operator on the contents of a first register and of a second register, and then on the obtained intermediate result and the first number, and placing the result in a third register; and for each bit of the current block, performing a second operation by submitting the content of the third register to a second operator with a function of the rank of the current bit of the third number, and then to the first operator with the content of the first or of the second register according to state “0” or “1” of said bit, and placing the result in the first or second re

Abstract: A method, non-transitory compute r readable medium, device, and system that receives telemetry data collected based on instrumentation code executed at one of a plurality of client computing devices with a requested transaction with one of a plurality of web server systems. Identifying signal data (IDSD) usable to identify the one of client computing devices is determined based on the received telemetry data. Any matching telemetry data in a telemetry data set for a plurality of prior transactions between one or more of the client computing devices and one or more of the web server systems is identified based on any stored IDSDs that match the received IDSD. A security score associated with the one of the client computing devices is generated based on the identified matching telemetry data. A response to the requested transaction to the one of client computing devices is managed based on the generated security score.