Abstract: A method for tracing malicious endpoints in communication with a back end may include: providing a reverse proxy to intercept traffic exchanged between a client and the back end; providing a processing unit with an algorithm; intercepting, using the proxy, each TLS Client HELLO directed to the back end and generating a TLS Client HELLO hash using the algorithm; intercepting and processing, using the proxy, each HTTP request to extract a Client User Agent; processing the Client User Agent to generate an Agent hash; processing the HELLO hash and Agent hash by calculating a number of occurrences in which the HELLO hash is associated with the Agent hash to obtain a relative frequency value, to determine whether the HELLO hash is common to or anomalous for the Agent hash of the client; and performing one or more attack protection actions of a Man-in-the-Middle type if the HELLO hash is anomalous.

Abstract: Systems, methods and products for determining the trustworthiness of anonymous sensors, including a sensor health check, a data ballpark check, a reputation comparison, and optional “last resort” procedures. The sensor health check examines sensor operating parameters to see if they fall within an envelope of expected values. If not, the sensor is unhealthy and is not trusted. The data ballpark check determines whether the sensor's traffic data falls within a predefined envelope of values. If the sensor is healthy and the traffic is within expected ranges, the sensor is trusted. If the traffic data is outside expected ranges, the reputation comparison, determines whether IP addresses, domains or other IOCs in the traffic data are found in the reputation list which may corroborate the traffic as trustworthy because it represents malicious or not-in-the-wild traffic. “Last resort” procedures may include applying safelists/blocklists, signature controls etc. to verify sensor/data trustworthiness.

Abstract: In some embodiments, a method receives a packet at an instance of a distributed firewall associated with one of a plurality of workloads running on a hypervisor. Each of the plurality of workloads has an associated instance of the distributed firewall. An index table is accessed for the workload where the index table includes a set of references to a set of rules in a rules table. Each workload in the plurality of workloads is associated with an index table that references rules that are applicable to each respective workload. The method then accesses at least one rule in a set of rules associated with the set of references from the rules table and compares one or more attributes for the packet to information stored for the at least one rule in the set of rules to determine a rule in the set of rules to apply to the packet.

Abstract: In general, embodiments relate to a network device, including network device hardware including a processor; and memory comprising instructions which, when executed by the processor, performs a method for creating segment mapping in a network. The method includes entering a fallback mode in response to detecting a fallback scenario, determining, based on the fallback mode, a segment identification (ID) for a client device of the network, wherein the segment ID identifies a segment of the network including a client device, obtaining an Internet Protocol (IP) address to segment ID mapping, wherein the client device is associated with the IP address, and processing at least one packet from the client device using the IP address to segment ID mapping.

Abstract: In general, the disclosure relates to a method for creating segment mapping in a network, by a network device. The method includes receiving a segment identification (ID) for a client device of the network from an authentication system. The segment ID identifies a segment of the network including the client device and the network device wherein the segment ID is associated with a media access control (MAC) address of the client device. The network device or a network management system (NMS) determines an internet protocol (IP) address of the client device and the network device creates an IP address to segment ID mapping for the client device using the IP address. The IP address to segment ID mapping is provided to the NMS for distribution to remaining network devices of the network. At least one packet of the client device is processed using the IP address to segment ID mapping.

Abstract: An information processing architecture for implementation in a vehicle includes a software segregation unit which is configured to provide a first security domain and a second security domain which are assigned in each case to different operational areas of the vehicle and have their own data processing environments which are segregated from one another to run a multiplicity of computer applications. The software segregation unit is further configured to provide a synchronization instance, wherein the synchronization instance has a central dataset which is synchronized with data generated in the respective security domains independently from one another via data exchange and is selectively readable by both security domains.

Abstract: Embodiments of the present disclosure relate to kernel integrity protection methods and apparatuses. In an embodiment, a method includes: sending, by a first program executing at a first exception level, a request message to a second program executing at a second exception level, wherein the first exception level has lower execution privilege than the second exception level, the request message requests to perform memory access, and wherein the memory access is a preset register access or a preset memory space access, and; in response to receiving the request message, obtaining, by the second program, event information corresponding to the memory access; sending, by the second program, the event information to the first program; and processing, by the first program, the event information.

Abstract: When a user signs-in to a service provider such as a cryptocurrency exchange, the user must undergo a lengthy validation process that involves submitting copies of identity documents or utility bills. Each such service provider requires the same type of documents, and this therefore leads to repetition, inefficiency, loss of time and/or loss of profit when multiple service providers are consulted. The present invention, allows a user's identity to be established before multiple service providers with only one manual validation.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for session authentication. An example method includes determining, by decoding circuitry, a set of quantum bases to use for measurement. The example method further includes receiving, by the decoding circuitry, a series of photons. The example method further includes decoding, by the decoding circuitry and based on the determined set of quantum bases, the series of photons to generate a decoded set of bits. The example method further includes receiving, by the decoding circuitry, a control signal indicative of an instruction to initiate decoding based on the set of quantum bases. The example method further includes, in response to receiving the control signal, decoding, by the decoding circuitry, the series of photons based on the set of quantum bases. The example method further includes generating, by session authentication circuitry, a session key based on the decoded set of bits.

Abstract: A system for preventing communications from detected phishing domains receives a communication associated with a particular domain. The system determines that the particular domain is a phishing domain. In response, in one embodiment, the system registers the particular domain in a Domain Name System (DNS) server to block the communication and future communications associated with the particular domain from being received at computing devices operably coupled with the DNS server. In another embodiment, the system registers the particular domain in the DNS server, such that the communication and future communications associated with the particular domain are re-routed to a particular server to monitor phishing activities implemented on the communications, where the phishing activities comprise attempting to obtain login credentials and private information associated with receivers of the communication and future communications.

Abstract: A multi-level, ensemble network monitoring system for detection of suspicious network activity from one or more a plurality of user computing devices on an external network communicatively connected via a network server to a private communication network is disclosed. In malware detection, the ensemble network monitoring system comprises artificial intelligence (AI) with bidirectional long short-term memory (BDLSTM) recurrent neural networks (RNNs) and natural language processing (NLP) to predict possible security threats and then initiate remedial measures accordingly. Enabling a proactive approach to detection and prevention of potential malicious activity, the BDLSTM RNN may perform real-time monitoring and proactively forecast network security violations to block network communications associated with high-risk user computing devices from accessing a private communication network.

Abstract: A data processing system has a processor and a system memory. The system memory may be a dynamic random-access memory (DRAM). The processor includes an embedded memory. The system memory is coupled to the processor and is organized in a plurality of pages. A portion of the code or data stored in the plurality of memory pages is selected for permutation. A permutation order is generated and the memory pages containing the portion of code or data is permuted using a permutation order. The permutation order and/or a reverse permutation order to recover the original order may be stored in the embedded memory. Permuting the memory pages with a permutation order stored in the embedded memory prevents the code or data from being read during a freeze attack on the system memory in a way that is useful to an attacker.

Abstract: Provided is a process that includes pruning entries in a tamper-evident data store while maintaining tamper-evident properties of prior and subsequent entries after pruning. Operations include traversing a linked list of instances of program state of a smart contract in the tamper-evident data store and pruning identified instances of program state in the tamper-evident data store.

Abstract: A method for certifying an electronic document by a certifying peer device in a network of peers storing copies of a chain of blocks according to a “blockchain”. The method includes: authenticating a peer device issuing this document; generating, for the issuing peer device, a one-time use public key/private key pair; dispatching, to the issuing peer device, a message including the public key and the address of an intelligent contract in the chain; receiving a block of the chain and detecting, in this block, an event representing a writing into the intelligent contract, of an imprint of a document issued by the issuing device and a signature of this imprint; verifying the signature with the private key; dispatching a transaction to the peer devices requesting them to execute a function of the intelligent contract to record in a block of the chain information representing certification by the certifying peer device.

Abstract: Systems and methods for multilayer encryption for user privacy compliance and corporate confidentiality are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: transmit, from a workspace instantiated by a local management agent to a portal managed by an enterprise: (i) a request to store a once-encrypted document, and (ii) an indication that the once-encrypted document is encrypted with a controlvault key; receive, from the portal at the workspace, a request to encrypt the once-encrypted document with an enterprise-issued cryptographic key to produce a twice-encrypted document; and transmit, from the workspace to the portal, a copy of the twice-encrypted document.

Abstract: A container system includes a container server that is configured to host a first container that includes an execution of a first image. The container server is also configured to receive a request to access the first container and receive an indication that the request to access is a potential security threat. In response to receiving the indication, the container server generates a second image that includes a copy of the first image. Additionally, in response to receiving the indication, the container server provides access to a second container that includes an execution of the second image.

Abstract: A conference management system facilitates data compliance in recording conversations between users. A host user can send an electronic invitation for a meeting to participants. Upon accessing the invitation, the participants can be presented with two options to join the conference—a first option using which a participant can join the meeting by providing consent to recording the meeting and a second option using which the participant can join the meeting by opting-out of recording of the meeting. When a participant opts-out of the recording of the meeting, the conference management system ensures that the recording is performed in compliance with a data compliance policy applicable to the participant who opted out of recording.

Abstract: A solution is proposed for verifying authenticity of documents. A corresponding method comprises calculating signatures representative of segments splitting a current document. The signatures are searched in an authoritative memory structure containing corresponding signatures of segments splitting authoritative documents whose content is certified by authoritative sources. Authenticity information of the current document is determined according to a result of this search. A computer program and a computer program product for performing the method are also proposed. Moreover, a system for implementing the method is proposed.

Abstract: An apparatus for traffic security processing in a slicing service of mobile edge computing according to an embodiment of the present invention includes: a plurality of security modules for analyzing a received packet to respectively execute security functions suitable for slicing security of mobile edge computing; a controller for managing a slicing security module list in the mobile edge computing; and a main security module for analyzing a received packet on the basis of the slicing security module list to determine a security function to be executed and priority of the security function to be executed, wherein the controller transmits the received packet to at least one corresponding security module among the plurality of security modules according to the priority of the security function to be executed, which is determined by the main security module.

Abstract: Systems as described herein may implement non-persistent data caching using a dedicated web server. A non-persistent data caching system may determine that an application, executing on a computing device may require access to secure data located on a remote server external to the computing device. The non-persistent data caching system may initiate a dedicated web server on the computing device, retrieve the secure data from the remote server, and store the secure data in a volatile memory of the computing device. The non-persistent data caching system may subsequently redirect a request for at least a portion of the secure data from the application and to the dedicated web server, and the dedicated web server may send the requested portion to the application.