Abstract: Example data security processing methods and apparatus are described. One example method includes setting up a first PDU session. A first base station derives a first user plane key based on a received base key and performs security processing on user plane data in the first PDU session by using the first user plane key and a security algorithm. A second PDU session is set up. The first base station derives a second user plane key based on the base key and performs security processing on user plane data in the second PDU session by using the second user plane key and the security algorithm. The user plane key includes a user plane encryption key and/or a user plane integrity protection key.

Abstract: A method for protecting data includes encrypting information to generate a first tweak, combining a data block with the first tweak, encrypting the tweaked data block to form encrypted data, combining the encrypted data with the first tweak, and providing the combined encrypted data for storage in a memory address. Storing the combined encrypted data at the memory address generates a first stimulus different from a second stimulus generated by storing same encrypted data combined with a second tweak at the memory address. The first stimulus is generated based on the first tweak and the second stimulus is generated based on the second tweak.

Abstract: Provided is a method of protecting an application from reverse engineering. The method includes registering, in an electronic device, a handler capable of being called as a preset fault is generated in the application, after the handler is registered, executing a protection code for generating the preset fault in the application, determining whether an environment where the application is executed is an abnormal environment, based on whether the handler has been called as the protection code is executed, and performing an operation for protecting the application, based on a result of the determination.

Abstract: A security module, such as a cryptographic adapter, is reserved for a secure guest of a computing environment. The reserving includes binding one or more queues of the security module to the secure guest. The one or more queues are then managed based on one or more actions relating to the reservation.

Abstract: Embodiments are directed to generating and training a distributed machine learning model using data received from a plurality of third parties using a distributed ledger system, such as a blockchain. As each third party submits data suitable for model training, the data submissions are recorded onto the distributed ledger. By traversing the ledger, the learning platform identifies what data has been submitted and by which parties, and trains a model using the submitted data. Each party is also able to remove their data from the learning platform, which is also reflected in the distributed ledger. The distributed ledger thus maintains a record of which parties submitted data, and which parties removed their data from the learning platform, allowing for different third parties to contribute data for model training, while retaining control over their submitted data by being able to remove their data from the learning platform.

Abstract: A certificate obtaining method, an authentication method, and a network device, where a certificate is used for permission authentication when an application APP accesses an application programming interface (API) of a controller. The certificate includes one or more of: (a) information about operation permission of the APP on N application programming interfaces APIs of the controller, (b) identifiers of L APIs that are of the N APIs and that the APP has permission to operate, or (c) identifiers of R APIs that are of the N APIs and that the APP does not have permission to operate.

Abstract: A determination can be made that an item of confidential information has been removed from a record. A determination can be made that the record has the item of confidential information. The item of confidential information can be represented by an original value. A replacement value can be calculated. The replacement value can be a value of a transformation function applied to the original value. The replacement value can be testable for an existence of a digital signature, the digital signature to be derived from the replacement value. The record, in which the original value has been replaced by the replacement value can be used for a test. The test can be of a characteristic of an application. An ability to derive the digital signature from the replacement value can be an indication that the item of confidential information has been removed from the field.

Abstract: An underwater vehicle system includes a data security system. The data security system includes a data pod including persistent storage. The persistent storage stores encrypted data. The security system includes a watchdog. The watchdog includes at least one processor. The security system includes a watchdog key. The watchdog key is stored in volatile storage. The watchdog key is configured to be used to decrypt the encrypted data. The data security system is configured to remove the watchdog key from the underwater vehicle system, thereby preventing access to the encrypted data on the data pod.

Abstract: An improved method or security solution for securing cryptographic keys in a virtual machine RAM. A security solution is proposed to hide cryptographic keys in the cloud, without the necessity of any architectural modifications. The present solution requires the availability of a Trusted Platform Module (TPM) capable of creating and holding a protected public/private key pair. It lends itself to security-as-a-service scenarios where third parties perform encryption or decryption on behalf of data owners. This allows the present solution to be easily integrated and coupled with other existing cloud architectures. A decrypt-scatter or gather-decrypt solution which allows users to carry out encryption or decryption while protecting keys from unauthorized peeks by the cloud administrators is proposed.

Abstract: System and method for performing a remote attestation for creation of a trusted execution environment (TEE) using a virtual secure enclave device running in a virtualized environment utilizes a trusted bootloader appliance in a TEE virtual computing instance, which is created in response to a request for a TEE from a software process running in the system. The trusted bootloader appliance manages the provisioning of a TEE in the TEE virtual computing instance for the software process. The remote attestation includes performing a first stage attestation on the trusted bootloader appliance by a hardware platform of the computer system and performing a second stage attestation on the provisioned TEE by the trusted bootloader appliance.

Abstract: Provided is a system and method for executing an encrypted software program within a host platform. The execution may be bifurcated among a trusted module and an untrusted area of the host platform. In one example, the method may include receiving bytecode and encrypted data of a software program, decrypting, via a secure memory area, the encrypted data into decrypted data, executing, via the secure memory area, instructions from the bytecode on the decrypted data to generate execution results, encrypting the generated execution results, and transmitting the encrypted execution results to a remote computing device.

Abstract: Aspects of the disclosure relate to visualization of lateral movements of an intruder on a network by connecting to computers and/or resources under investigation. A first computer is identified for investigation. Logs regarding incoming and outgoing connections to the computer are extracted and can be prefiltered based on specific IDs or other criteria. Maps of incoming and outgoing connections are stored in memory along with event information. Each subsequent computer to which the computer connected or resource accessed is identified. The map is updated based on logs from that computer or resource. A graphical image showing each applicable host, its connections, the chronology, and/or contextual information is generated and displayed. Individual hosts and other displayed data can be user-selectable to drill down and/or provide additional information. The process can repeat until all hosts, from patient zero to all endpoints, have been identified and rendered.

Abstract: Provided is an anonymous account authentication method, apparatus and storage medium. The method may include receiving, from a user, an anonymous account authentication request, requesting a resource owner to perform authentication on a use permission of a resource using an anonymous account, obtaining a first version number of the resource owner according to the anonymous account authentication request, the first version number representing an identification number of a current version of an authentication policy table, obtaining a linear policy table based on the first version number matching a second version number, the second version number representing an identification number of a current version of the linear policy table, obtaining an authentication policy set associated with the resource from the linear policy table, and performing authentication by using the authentication policy set, the authentication policy set comprising at least one authentication policy.

Abstract: Methods, systems, and computer readable media for asset-based security are described. Some implementations relate to a system for asset-based detection of zero-day attacks or other attacks. The system can monitor critical assets for a violation of one or more security requirements and raise an alarm when a violation of one or more of the critical assets is detected. Further, the system can perform an information collection phase in which (a) information about the critical assets corresponding to the one or more security requirement are captured, and (b) generating a reachability graph representing one or more interrelationships between one or more of the critical assets and one or more other objects in the system.

Abstract: Systems and methods for selecting cryptographic settings based on computing device location are disclosed. According to an aspect, a method includes determining a location of a client of a server. The method also includes selecting, at the server and based on the location of the client, one of several different cryptographic settings for communication with the client or data management. The method may also include implementing, at the server, the selected cryptographic setting.

Abstract: In a method for electronically documenting license information via the granting of a license and the use of said license in a network of several electronic data processing devices, the license information is added with a new transaction block to a decentralized transaction database and is managed using blockchain technology. When a license is granted to a licensee, a licensor generates new license information with a licensing input, the licensing input contains at least one license identification, and before, during or after use of the license granted by the licensor the licensee generates new license information with a license use input, and the license use input contains at least the license identification of the licensing input and a use identification. The licensing input can contain a license key encrypted with a public key of the licensee, with which the licensor and the licensee can generate and decrypt encrypted information.

Abstract: A machine learning-based system and method for identifying digital threats includes a threat service that: implements a unified threat model that produces a unified threat score that predicts both of: a level of threat of a piece of online content, and a level of threat that a target user will create a harmful piece of online content; wherein: implementing the unified threat model includes: receiving event data comprising historical content data for the target user and content data of the pending piece of online content and historical user digital activity data and real-time user activity data; and providing input of content feature data and user digital activity feature data to the unified threat model; and the unified threat model produces the unified threat score based on the content and the user digital activity data; and computes a threat mitigation action based on an evaluation of the threat score.

Abstract: A method, network system and computer storage medium for DDoS defence in a packet-switched network are provided. The method is performed by a network system and includes: measuring a plurality of network parameters in incoming network traffic; ranking the plurality of measured network parameters based on machine learning; measuring a subset of the plurality of network parameters in incoming network traffic; determining an incoming network packet to be part of a DDoS attack or not by machine learning of the subset of the plurality of network parameters; and blocking an incoming network packet when the incoming network packet is determined to be part of a DDoS attack.

Abstract: The present application discloses systems and methods in which sound wave information associated with a data transmission is monitored within a predetermined distance from the client device, where the sound wave information including predetermined security information. In response to detecting sound wave information associated with a data transmission, the sound wave information is parsed to obtain the predetermined security information included in the detected sound wave information. Pattern information is generated based on the predetermined security information and data information to be sent. The generated pattern information is then displayed so that a second device can obtain the generated pattern information.

Abstract: A computer-implemented method comprises: committing a transaction amount of a transaction with a commitment scheme to obtain a transaction commitment value, the commitment scheme comprising at least a transaction blinding factor; generating a first key of a symmetric key pair; encrypting a combination of the transaction blinding factor and the transaction amount t with the first key; and transmitting the transaction commitment value T and the encrypted combination to a recipient node associated with a recipient of the transaction for the recipient node to verify the transaction. The first key is a symmetrical key generated with Diffie-Hellman (DH) key exchange protocol that can be used to encrypt/decrypt the random numbers and the plaintext balances, thus providing convenient management. The method provides a robust privacy protection for transaction amounts, asset values, and blinding factors in commitment schemes.