Abstract: The embodiments of the present disclosure disclose a method for data transmission, comprising: authenticating, by a target node in a battery management system, a source node in response to a request for data transmission from the source node; selecting, by the target node, any two prime numbers from a pre-stored set of prime numbers if the authentication is passed, generating a public key and a private key according to the two prime numbers, and transmitting the public key to the source node; performing, by the source node, a first encryption byte-by-byte for source data to be transmitted using the public key, performing a second encryption for the first encrypted data using a first encryption algorithm stored by the source node itself, and transmitting the second encrypted data to the target node.

Abstract: The disclosed computer-implemented method for detecting covert channels structured in Internet Protocol (IP) transactions may include (1) intercepting an IP transaction including textual data and a corresponding address, (2) evaluating the textual data against a model to determine a difference score, (3) determining that the textual data is suspicious when the difference score exceeds a threshold value associated with the model, (4) examining, upon determining that the textual data is suspicious, the address in the transaction to determine whether the address is invalid, (5) analyzing the transaction to determine a frequency of address requests that have been initiated from a source address over a predetermined period, and (6) identifying the transaction as a covert data channel for initiating a malware attack when the address is determined to be invalid and the frequency of the address requests exceeds a threshold value. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A customer premises device may include a memory configured to store day 0 configuration instructions, a first network interface to couple to an out-of-band orchestration and management path, a second network interface operatively coupled to a customer network, and at least one processor configured to automatically and without user input execute the day 0 configuration instructions. The at least one processor is configured to establish and maintain a secure tunnel connection with a security gateway device via the out-of-band orchestration and management path and to establish a connection with a configuration platform on the provider network via the secure tunnel connection. Orchestration instructions for configuring one or more VNFs are received from the configuration platform via the tunnel connection.

Abstract: The present invention relates to systems and methods for detecting anomalies in computer network traffic with fewer false positives and without the need for time-consuming and unreliable historical baselines. Upon detection, traffic anomalies can be processed to determine valuable network insights, including health of interfaces, devices and network services, as well as to provide timely alerts in the event of attack.

Abstract: A global unique device identification code distribution method includes obtaining a public key and device information of at least one Internet of things (IoT) device after the blockchain node establishes communication with the at least one IoT device, generating a random code and combining the random code with the public key and device information of the at least one IoT device to generate a global unique device identification code, and sending the global unique device identification code to the IoT device and writing the global unique device identification code and the public key of the IoT device as a pair into the blockchain network. The method is implemented in a blockchain node of a blockchain network.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for identifying, by a file analysis system, a plurality of files that have been uploaded by a user to a particular folder that has been allocated to the user in a file storage service; scanning, by the file analysis system, each of the plurality of files using each of a plurality of antivirus software programs; in response to the scanning, determining that a particular file of the plurality of files is indicated as potentially malicious by a particular antivirus software program of the plurality of antivirus software programs; and providing a notification to a vendor of the particular antivirus software program indicating that the particular file has been indicated as potentially malicious by the particular antivirus software program.

Abstract: In one example a processing device can receive an indication from a software application that an encrypted communication transmitted by a remote device is stored in a memory location. In response to receiving the indication, the processing device can retrieve the encrypted communication from the memory location, decrypt the encrypted communication using a first key to determine a decrypted version of the encrypted communication, and extract a second key from the decrypted version of the encrypted communication. The second key can be different from the first key. And the second key can be configured to decrypt a set of encrypted data stored in a non-volatile memory device that is accessible to the computing device.

Abstract: A cyber attack information processing apparatus includes a memory and a processor configured to, when a first system obtains first information regarding a cyber attack from a first terminal, store the first information in a state that the first information is accessible to a second terminal that is capable of accessing the first system, convert the first information having a first data structure into second information having a second data structure usable by a second system wherein the second information is to be provided for the second system, when the second system obtains third information regarding another cyber attack, convert the third information having the second data structure into fourth information having the first data structure, and provide the second terminal with the fourth information.

Abstract: Disclosed is a secure document management system, for example, for documents pertaining to drug discovery. A document and its metainformation are obtained, and value features are extracted from the document based on identification of concepts associated with the document. An importance score of the document is determined based on the value features and the metainformation. A summarized view of the document is constructed based on the value features, the metainformation, the concepts and the importance score. A unique identifier is generated for the document and associated with the summarized view and the concepts of the document. A search query is processed, and the summarized view of the document is retrieved and displayed based on the query. A request for accessing the document is validated, and document access is allowed when the request is validated successfully. The document management may, for example, be facilitated using a blockchain platform.

Abstract: A server obtains security intelligence data used for classifying whether data associated with user activity in a network is undesirable, and classifies the data based on the security intelligence data. The server provides an initial classifying result of the data to a device associated with the data. At a subsequent time, the server obtains updated security intelligence data and re-classifies whether the first data is undesirable based on the updated security intelligence data. Responsive to a determination that the initial classifying result is changed based on the re-classifying, the server provides an updated classifying result to the device associated with the data.

Abstract: In one embodiment, a protected system, includes a first apparatus disposed on a silicon chip, and to perform a functional process, a second apparatus disposed on the silicon chip, and to perform a protecting process having a verifiable test result, the first and the second apparatus having a physical layout which interleaves at least part of the first apparatus with at least part of the second apparatus so that an attack on the at least part of the first apparatus also attacks the at least part of the second apparatus, a primary controller to signal the second apparatus to perform the protecting process during a time period that the first apparatus is performing the functional process, and an attack handling controller to perform a protective action to protect the functional process responsively to the protecting process failing to verify the verifiable test result providing an indication that the attack is being performed.

Abstract: Digital or “smart” contracts execute in a blockchain environment. Any entity (whether public or private) may specify a digital contract via a blockchain. Because there may be many digital contracts offered as virtual services, the contract identifier uniquely identifies a particular decision table and/or the digital contract offered by a virtual machine, vendor or supplier. The blockchain is thus not burdened with the programming code that is required to execute the decision table and/or the digital contract. The blockchain need only include or specify the contract identifier (and perhaps one or more contractual parameters), thus greatly simplifying the blockchain and reducing its size (in bytes) and processing requirements.

Abstract: Disclosed are various examples for dynamically generating restriction profiles for updated software platforms. A management system can determine that updated restrictions and/or settings are included in an updated or new version of a definition file. The updated settings identified and categorized according to risk for a given enterprise group without administrator input. An updated restriction profile can be generated according to the updated settings and distributed to managed devices.

Abstract: Techniques for analyzing data based on the vulnerability of the corresponding device are provided. A plurality of devices are classified into a plurality of groups based on respective measures of vulnerability associated with each device, and a respective weighting factor is determined for each respective group of the plurality of groups based at least in part on a number of devices included in the respective group. An evidentiary value of data received from a first device of the plurality of devices is modified, based on the respective weighting factor associated with the first device. Further, a probable state of a physical environment is determined, based in part on the data received from the first device.

Abstract: In one embodiment, a security service classifies traffic telemetry data for traffic between an endpoint device and a server as potentially associated with a particular type of remote access Trojan (RAT). The security service constructs a scan message to elicit a type of server response associated with the particular type of RAT. The security service obtains a server response from the server, by sending the constructed scan message to the server. The security service determines whether the endpoint device is infected with the particular type of RAT, by validating whether the server response from the server matches the type of server response associated with the particular type of RAT.

Abstract: A Man in the Middle (MitM) computer receives a first session identifier from a client for a first communication session between the client and a server, and monitors Transport Layer Security (TLS) communication sessions between the client and the server, where the first session identifier is one of an unknown session identifier and an invalid session identifier. In response to receiving the first session identifier from the client, the MitM computer performs one of: requesting a second session identifier from the server for a second communication session if the first session identifier is an unknown session identifier; and transmitting, to the client, an instruction to flush a session cache in the client, where flushing the session cache in the client forces the client and the server to establish a full TLS handshake in order to obtain a session key if the first session identifier is an invalid session identifier.

Abstract: Determining whether to allow access to a message is disclosed. A message is received from a sender. The message is associated with a first time-to-live (TTL) value. A determination is made that the first time-to-live value has not been exceeded. The determination is made at least in part by obtaining an external master clock time. In response to the determination, access is allowed to the message.

Abstract: In one implementation, a method for providing security on externally connected controllers includes receiving, at a server system, operation information for a plurality of instances of a controller, the plurality of instances being installed across a plurality of devices; statistically analyzing, by the server system, the operation information; identifying, by the server system, one or more anomalous controller behaviors based on the statistical analysis; and providing, by the server system, information regarding the one or more anomalous controller behaviors on the controller as potential security threats.

Abstract: A method is provided for protecting a vehicle network of a vehicle against manipulated data transmission, in which the vehicle network includes multiple network nodes, and at least one first network node in the vehicle network in a normal mode checking a first received message as to whether the first received message is a message assigned to the first network node in the normal mode, but which the first network node did not transmit. The first network node in a diagnostic mode further checks a second received message as to whether the second received message is a message assigned to the first network node in the normal mode or in the diagnostic mode, but which the first network node did not transmit.

Abstract: In response to detected attempts to gain unauthorized access to user accounts of an online system, a security module of an online system applies an attack response policy to take actions in response to the attempts. Possible responses of the policy include reordering credential types requested by the online system during multi-factor authentication-enabled login, switching to a mode in which login requests are accepted but login is not permitted for the requesting user, and logging information about the login requests. Logged information may be applied to enhance the ability to prevent future unauthorized accesses, such as adding credential values to a list of common credential values and prohibiting users from associating those values with their accounts, or training a model based on the logged information to predict a probability that a given login request is unauthorized.