Abstract: Traffic is received at an interface of a compute server. Identity information associated with the traffic is determined including an identifier of a customer to which the traffic is attributable. An egress policy configured for the first customer is used to determine whether the traffic is allowed to be transmitted to a destination where that destination is a resource of a second customer. If the traffic is allowed to be transmitted, the traffic and identity information is transmitted over a cross-customer GRE tunnel to a namespace of the second costumer on the compute server. An ingress policy configured for the second customer is used to determine whether the traffic is allowed to be transmitted to the destination, and if it is, then the traffic is transmitted.

Abstract: Approaches for detecting and rectifying the malware in the computing systems are described. In an example, a request by a process or is intercepted by the malware detection module. Relevant information and characteristics pertaining to the request are extracted and on the based on the extraction, operational attributes are generated. These extracted operational attributes are analyzed and compared with the baseline attributes and if there are any anomalies present, the susceptible code or process originating from the intercepted request is ascertained as malicious.

Abstract: An active feedback control method for a quantum communication system based on machine learning is disclosed. In the transmission process of a quantum key distribution system, the present invention uses a pre-trained double-layer LSTM network to predict, according to a real-time ambient temperature, humidity and laser light intensity fluctuation, as well as voltage changes in the past moment, a zero-phase voltage value of a phase modulator at a receiving end at the next moment, and updates the network at a fixed time interval, so that the LSTM network can accurately predict for a long time, ensuring that the quantum key distribution system operates stably and efficiently for a long time. The present invention greatly improves the transmission efficiency of the quantum key distribution system by method of active prediction and feedback control.

Abstract: Concepts and technologies are disclosed herein for providing an electronic document processing system, an electronic document generation mechanism, an encrypted digital certificate generator, a tool for coordinating the processing of electronic documents, a packaging mechanism for finalizing and authenticating electronic documents, a tracking log for recording relevant electronic document information, and a transferring protocol for transferring the ownership of electronic documents. The present disclosure also is directed to an electronic authentication system including an electronic document authentication watermark seal or signature line for confirming a document's signing within the view.

Abstract: A method for anonymizing documents before publication is provided. The method includes identifying regular expressions configured to match strings to be anonymized in a document, selecting a readable identifier as an anonymized reference for a string replacement, searching the document for a match string that fits the regular expression, hashing the match string using a collision resistant, deterministic, non-inverting cryptographic hashing function, and comparing a cryptographic hash of the match string with a database including multiple previous hashes and multiple corresponding readable identifiers. When none of the previous hashes matching the cryptographic hash, the method includes creating a new database record including the cryptographic hash, incrementing a counter in the readable identifier and associating the readable identifier with the new database record, and replacing the match string with the readable identifier, throughout the document.

Abstract: A method including determining, by a device, an assigned key pair including an assigned public key and an assigned private key; determining, by the device for a group associated with a folder, a group access key pair including a group access public key and a group access private key; encrypting, by the device, the group access private key by utilizing the assigned public key; and accessing, by the device, the folder based at least in part on decrypting the group access private key. Various other aspects are contemplated.

Abstract: Techniques for providing application-independent access control in a cloud-services computing environment are provided. In one embodiment, a method for providing application-independent access control is provided. The method includes obtaining a user identity for accessing the cloud-services computing environment and receiving a user request to perform a task using an application. The method further includes collecting process-related data for performing the task using the application and obtaining one or more network routing addresses. The method further includes determining, based on the user identity, the process-related data, and the one or more network routing addresses, whether the task is to be performed. If that the task is to be performed, the task is caused to be performed using the application; and if the task is not to be performed, the user request is denied.

Abstract: According to an aspect, a method is performed by a first controller for providing security for second controllers in an in-vehicle network. An inherent information request is transmitted to a suspicious controller of the plurality of second controllers for an inherent information of the suspicious controller. The inherent information request includes a certificate assigned to the first controller. An encrypted inherent information of the suspicious controller is received from the suspicious controller and a decrypted inherent information is compared with a pre-stored inherent information. The suspicious controller is determined to be an anomalous controller when the decrypted inherent information is different from the pre-stored inherent information. In response to receiving an update request from a backend server for a specified controller out of the plurality of second controllers, the inherent information request including the certificate assigned is transmitted to the specified controller.

Abstract: A technique of identifying hosts suspected of being sources of ransomware infection includes initiating a tracking interval in response to a data storage system detecting a suspected ransomware attack. During the tracking interval, write requests received by the data storage system are analyzed and ransomware attributes for those write requests are generated. The ransomware attributes of the write requests indicate risks of ransomware infection and are associated with hosts from which the respective write requests originate. A particular host is identified as a suspected source of ransomware infection based at least in part on the ransomware attributes associated with that host.

Abstract: A system and method to filter potentially unwanted traffic from trackers, third-party cookies, malicious websites or other sources and present the aggregated results of said filtering to the VPN user. One of the embodiments enables a VPN user to opt-in or opt-out from the filtering activities while being able to access the aggregated information about filtering. In another embodiment, the user can choose to customize the filtering parameters to add or remove specific targets from the filtering policies.

Abstract: Described systems and methods allow carrying out privacy-preserving DNS exchanges. In some embodiments, a client machine engages in a private information retrieval (PIR) exchange with a nameserver. In response to receiving an encrypted query from the client, the query formulated according to a domain name, the nameserver may extract a record (e.g., an IP address) from a domain name database without decrypting the respective query. Some embodiments achieve such information retrieval by the use of homomorphic encryption.

Abstract: A root-of-trust device includes one or more processors configured to receive a candidate block identifier corresponding to a block number of a candidate block of a distributed electronic ledger; receive one or more verified block identifiers each corresponding to a block number of one or more verified blocks; compare the received candidate block identifier with a block identifier in the stored one or more verified block identifiers; and in the case that the comparing of the candidate block identifier to the block identifier in the stored one or more verified block identifiers satisfies a predetermined condition, verify the candidate block corresponding to the candidate block identifier and send data corresponding to a verified block of the distributed electronic ledger.

Abstract: A first computing device may authenticate itself to a second computing device by providing a verifier value based on a private key. The verifier value may be sent to the second computing device, and a session key may be determined based on the private key. A secure message may comprise routing information associated with the first computing device and a hash value based on the routing information and the session key, and the first computing device may communicate with the second computing device using the session key.

Abstract: Systems and methods for determining consumer eligibility for a gated offer using verification data from a verification source, while reducing exposure of the verification data, are herein disclosed. In one example, a method for a verification source comprises, generating a seed hash from a pre-determined data specification, aggregating verification data based on one or more data fields indicated by the data specification to produce aggregated verification data, hashing the aggregated verification data using the seed hash to produce hashed verification data, receiving hashed customer data from a verification platform, receiving a comparison request from the verification platform, comparing the hashed customer data with the hashed verification data; and returning a result to the verification platform indicating if the hashed customer data matches the verification data.

Abstract: The present invention relates to a zero-knowledge proof-based certificate service method using a blockchain network, the method comprising: (a) a step in which, if a certificate registration request transaction including user trap information generated by using at least one user personal information corresponding to a user and a private key of the user is acquired from a user terminal, a certification support server confirms whether or not the user personal information included in the certificate registration request transaction is authentic; (b) a step in which, if it is confirmed that the user personal information corresponds to the user, the certification support server computes the user personal information and the user trap information included in the certificate registration request transaction by using a commitment scheme, thereby generating a user commitment corresponding to the user personal information; and (c) a step in which the certification support server transmits a certificate transaction incl

Abstract: Technologies for systems, methods and computer-readable storage media for reducing the time to complete authentication during inter-technology handovers by reusing security context between 5G and Wi-Fi. Assuming, that the administrative domain for Wi-Fi and 5G match (and belongs to an enterprise for instance), using an already established security context in one technology to do fast authentication in the other technology during handover. Specifically, if UE is on Wi-Fi and handing over to 5G, use its Wi-Fi security context to do fast security setup in 5G, which includes a corresponding method for use when the UE goes from 5G to Wi-Fi.

Abstract: A method for atomic exchange of assets on multiple blockchains using transient key pairs includes: generating, by a first computing device, a proposal message, the proposal message including at least a first transaction value, a first network identifier corresponding to a first blockchain, a second transaction value, a second network identifier corresponding to a second blockchain, and a swap public key of a swap cryptographic key pair; generating, by the first computing device, a first digital signature for the proposal message; encrypting, by the first computing device, the first digital signature using the swap public key and a first private key of a first cryptographic key pair; appending, by the first computing device, the encrypted first digital signature to the generated proposal message; and transmitting, by the first computing device, the generated proposal message with appended encrypted first digital signature to a second computing device.

Abstract: Systems and methods for managing keys in a computer memory are described. In some embodiments, location addresses are determined for two key elements. A periodic time interval that is based on a time duration for performing a transaction involving a distance between the key elements is determined. One key element may be stored at a location address and then relocated to another location address after the periodic time interval has passed. In some embodiments, areas the computer memory may remain static during relocation of the key element.

Abstract: A unified network service that connects multiple disparate private networks and end user client devices operating on separate networks is described. The multiple disparate private networks and end user client devices connect to a distributed cloud computing network that provides routing services, security services, and performance services, and that can be controlled consistently regardless of the connection type. The unified network service provides uniform access control at the L3 layer (e.g., at the IP layer) or at a higher layer using user identity information (e.g., a zero-trust model). The disparate private networks are run on top of the distributed cloud computing network. The virtual routing layer of the distributed cloud computing network allows customers of the service to have private resources visible only to client devices (e.g.

Abstract: Methods, systems and media for presenting information related to an event based on metadata are provided.