Abstract: An information handling system operating a data integration protection assistance system may comprise a processor linking first and second data set field names identified within a previous execution of a data integration process for transferring a data set field value identified by the first data field name at a source geographic location to a destination geographic location for storage under the second data field name. The processor may receive a user instruction to associate data set field names labeled as sensitive private individual data with a barred geographic location, determine the second data set field name is labeled as sensitive private individual data and the destination storage location matches the barred geographic location. A graphical user interface may display a notice that the data set field value was stored during the previously executed integration process within the barred geographic location.

Abstract: Access to secured items in a computing system is requested instead of being persistent. Access requests may be granted on a just-in-time basis. Anomalous access requests are detected using machine learning models based on historic patterns. Models utilizing conditional probability or collaborative filtering also facilitate the creation of human-understandable explanations of threat assessments. Individual machine learning models are based on historic data of users, peers, cohorts, services, or resources. Models may be weighted, and then aggregated in a subsystem to produce an access request risk score. Scoring principles and conditions utilized in the scoring subsystem may include probabilities, distribution entropies, and data item counts. A feedback loop allows incremental refinement of the subsystem. Anomalous requests that would be automatically approved under a policy may instead face human review, and low threat requests that would have been delayed by human review may instead be approved automatically.

Abstract: An information processing apparatus connectable with a terminal via a network to manage a license of a package including applications assignable to a device includes circuitry configured to display a first screen for displaying a device list, the license of the package being assignable to and cancellable from the device in response to receiving a first request, receive a selection of a specific device in the device list and any one of an operation of assigning and cancelling the license of the package, assign the license of the package to the selected specific device in response to receiving the selection of the specific device and the operation of assigning the license of the package, and cancel the license of the package from the selected specific device in response to receiving the selection of the specific device and the operation of cancelling the license of the package.

Abstract: In an example, systems and methods enable automatic implementation of intent-based security policies in a network system, such as a software-defined wide area network system, in which network segment prefixes for network segments at one or more sites are dynamically learned. A service orchestrator controller translates an intent-based security policy input by a user to a security policy for a first site. The security policy for the first site specifies a segment-specific queryable resource associated with a second site. To implement the security policy, a device associated with the first site queries the segment-specific queryable resource associated with the second site, and updates one or more forwarding tables of the device with the network segment prefixes associated with one or more network segments at the second site received in response to the query. The first site forwards network traffic to the second site based on the updated forwarding tables.

Abstract: The application provides a data encryption and decryption method, device, storage medium, and encrypted file, and relates to the technical field of data processing. The method for data encryption includes: obtaining a first key, and performing an obfuscation operation on the first key and data to be encrypted to obtain obfuscation operation result data; obtaining a second key, and obtaining a first signature of the obfuscation operation result data according to the second key; obtaining a third key, and encrypting the first key, the data to be encrypted and the first signature using the third key to obtain a target ciphertext; obtaining a fourth key, and obtaining a second signature of the target ciphertext according to the fourth key; generating an encrypted file including the target ciphertext and the second signature. With the technical solutions of the application, security of data protection can be improved.

Abstract: A system obtains data logs from a set of applications that each output data of different data types and in different formats. Data is obtained from the applications as an input message stream and processed into an output message stream with messages in a standardized format for processing by an engine. The data source is detected from analysis of the data and a corresponding filter is applied to generate the output message stream. An alert is provided to an administrative interface when a pattern indicative of malicious activity is detected in the output data steam.

Abstract: Methods and system for managing partial private keys for cryptography-based, storage applications used in blockchain operations and/or facilitating secure authentication when conducting blockchain operations using cryptography-based, storage applications. For example, the methods and system may perform a plurality of blockchain operations for digital assets stored in a first cryptography-based, storage application, wherein the first cryptography-based, storage application corresponds to a first partial private key, and wherein the first partial private key is stored on a first user device, and wherein the second partial private key is not accessible to platform service facilitating the first cryptography-based, storage application.

Abstract: An input device for inputting a user operation includes a data-for-authentication holding unit that holds data for authentication regarding one or more registered users, a fingerprint sensor that accepts fingerprint information of a user, and a fingerprint authentication unit that checks the accepted fingerprint information against the data for authentication regarding the one or more registered users. When the fingerprint authentication unit 84 succeeds in biometric authentication, a communication unit transmits a network account of the user to an information processing device. The information processing device includes a user authentication unit that checks the received network account against network accounts of registered users held in a registered user information holding unit.

Abstract: Systems and methods are provided for imposing self-exclusion preferences for data access. One example computer-implemented method includes, in response to a request by a user to impose a self-exclusion preference on a digital identity of the user, requesting a token for the digital identity. The method also includes receiving and storing the token and a secret associated with the token in a record associated with the user and assigning the self-exclusion preference to the token. The method then includes receiving a request to share an identity attribute of the user's digital identity with a relying party, where the request includes the token, and retrieving the self-exclusion preference assigned to the token. And, in response to validation of the request to share the identity attribute, based on the self-exclusion preference, authorizing a mobile device of the user to share the at least one identity attribute with the relying party.

Abstract: Systems and methods are described for Uniform Resource Locator (“URL”) pattern-based high-risk browsing and anomaly detection. In an example, a user device can compare URLs in a browser's history to URL patterns in a provided list to identify matches. The user device can calculate a browsing risk score based on the percentage of entries in the browsing history that match each URL pattern and a risk score associated with the URL pattern. Security policies can be enforced at the user device if the browsing risk score exceeds a threshold. The user device can also detect potentially dangerous anomalous browsing behavior. The user device can calculate a deviance score based on variations between recent browsing history and historical browsing behavior at the user device. Security policies can be enforced at the user device if the deviance score exceeds a threshold.

Abstract: The technology includes a method performed by a system of a telecommunications network to manage network traffic of a 5G network. The system can instantiate a security system to sort incoming or outgoing network traffic at a perimeter of the 5G network into multiple groups that are each uniquely associated with multiple traffic types and multiple security levels. The system can inspect segments of data included in the incoming network traffic and sort multiple portions of the network traffic into the groups based in part on the inspection of the segments of the data. The system can dynamically adjust an available bandwidth of the 5G network based on each load of each of the groups and dispatch the portions of the network traffic in accordance with a traffic type and a security level of each of the groups.

Abstract: A method for authenticating a user is provided. The method comprises: providing first biometric enrollment data of the user to a first enrollment system of a plurality of enrollment systems; receiving a first enrollment identifier identifying the first enrollment system; storing the first enrollment identifier identifying the first enrollment system into a digital wallet of the user; in response to a request to access content on a relying party system, providing a biometric marker of the user and the first enrollment identifier from the digital wallet of the user to the relying party system; based on the relying party system identifying the first enrollment system using the first enrollment identifier and verifying the biometric marker of the user with the first enrollment system, accessing the requested content associated with the relying party system.

Abstract: Methods, systems, and computer program products are provided for improving a network by modeling control strength of network nodes. Design and implementation (DIS) scores are calculated for each of a plurality of nodes. An initial strength (InitCS) corresponding to any control performed by the node is determined. n-subgraphs are generated based on a network graph. For each node in the subgraph of the n-subgraphs, a modified control strength (ModCS) corresponding to a combination of the InitCS, a weakening factor derived from a combination of a ModCS of a plurality of upstream nodes, and a reliance coefficient (RC) of each node-to-node relationship of the plurality of upstream nodes, is determined. A risk mitigation process is performed based, in part, on any one or a combination of: DIS, InitCS and ModCS.

Abstract: One example method includes obtaining hop information of a metadata path for backup metadata, obtaining content sensitivity information indicating a relative sensitivity of backup data to an attack, based on the hop information and the content sensitivity information, selecting an encryption to be applied to the backup metadata, and applying the encryption to the backup metadata. The backup data may be encrypted with the same encryption algorithm that was used to encrypt the backup metadata.

Abstract: In an example embodiment, access to a data set in a data lake can be specified using several approaches, based on the metadata and information attached. The metadata may be replicated from the original data source of the underlying data, and additional metadata may be modeled and stored to construct linkage information between data types. This linkage information may be used to automatically grant access to users to additional objects that are linked to objects that the user has explicit access to.

Abstract: The subject disclosure provides systems and methods for providing secure data access for electronic devices. The secure data access can allow processes, such as scripts, at a device to be executed to obtain and process restricted data locally on the device without requesting user authorization for the access and processing. The secure data access can prevent the processes from exporting the data, and/or data derived from the data, from an execution space of the processes, whether locally on the device or externally from the device, without obtaining user authorization for the exportation. In this way, user authorizations can be obtained for securing restricted data, in a way that is efficient for the device, for the processes accessing and processing the data, and for the user.

Abstract: Aspects of the subject disclosure may include, for example, obtaining a first user profile associated with a first user, the first user profile comprising a first privacy rule; obtaining a second user profile associated with a second user, the second user profile comprising a second privacy rule; determining which of the first privacy rule or the second privacy rule is more restrictive; setting for a first extended reality (XR) communication session a third privacy rule, the third privacy rule being set to the first privacy rule in a first case that the first privacy rule has been determined to be more restrictive than the second privacy rule and the third privacy rule being set to the second privacy rule in a second case that the second privacy rule has been determined to be more restrictive than the first privacy rule; creating the first XR communication session, the first XR communication session comprising one or more environments, the one or more environments supporting the first user and the second user

Abstract: A system and method for controlling access to an on-device machine learning model without the use of encryption is described herein. For example, a request is received from an application executing on a device of a user. The request is to download a machine learning model to the device that enables a feature of the application, and the request includes information associated with the user and/or the device. The information is used to create an obfuscation key, and a derivative model can be generated using a reference copy of the machine learning model and the obfuscation key. The derivative model and the obfuscation key are then sent to the application. When the obfuscation key is provided to the derivative model at runtime, values derived from the obfuscation key are provided as additional inputs that enable the derivative model to function properly.

Abstract: A system that includes memory and a microcontroller including an analog-to-digital converter (ADC) and in communication with the memory. The microcontroller is configured to define a fingerprint that includes a baseline measurement of side-channel traces of a side-channel retrieved from the ADC, during an enrollment period of the system, wherein the enrollment period includes measuring voltage prior to runtime operation, receive a runtime measurement from the ADC that includes voltage of at least the separate microcontroller during runtime, compare the runtime measurement to the fingerprint, and in response to the measurement exceeding a threshold, executing a countermeasure operation against software ran by the separate processor.

Abstract: The present invention discloses a provenance graph-oriented host intrusion detection method and system, and a storage medium, which relates to the field of cyber security.