Abstract: A computer implemented method of improved security of an application for deployment to a virtualized computing environment, the method including receiving configuration information for the application; accessing a set of configuration descriptors for a known security attack, each descriptor encoding at least a portion of an application configuration so as to identify one or more descriptors matching at least part of the configuration information, each descriptor in the set having a probability that the security attack will occur in a deployed application having a configuration consistent with the descriptor; evaluating a risk score for a risk of occurrence of the security attack, the risk score evaluated from the probabilities associated with the identified descriptors; identifying a set of compatible alternative configurations for the application; evaluating a risk score for a risk of occurrence of the security attack for each alternative configuration; selecting an alternative configuration having a risk sc

Abstract: An event graph associated with a root cause for a change in security state on an endpoint is used to facilitate malware detection on other endpoints.

Abstract: A client application and a local security controller (LSC) executing on a host computing device use a Multiparty Computation (MPC) cryptographic key generation technique to create two fragments of a split private key, which are held by the client application and LSC, respectively. The client application generates a certificate signing request (CSR). The client application and LSC sign the CSR with the split private key using an MPC technique. The LSC then signs a token from the client application to indicate that the private key corresponding to the CSR is MPC-backed. A package with the CSR and the first and second signatures is then sent to a remote device acting as a certificate authority. The remote device verifies the two signatures and issues a certificate to the client application. The second signature is verified using information sent to the remote device from the LSC during a registration process.

Abstract: A system described herein may utilize artificial intelligence/machine learning (“AI/ML”) or other suitable techniques to automatically identify blocks added to or proposed to be added to a blockchain, with conflicting and/or otherwise incompatible information, and to automatically remediate the blockchain based on the identified conflict and/or incompatibility. The model may associate different types of conflicts and/or incompatibilities with different types of remedial measures. The remedial measures may include the rejection of a proposed block, recording a new block that takes precedence or priority over a previously recorded block, or other suitable remedial measures.

Abstract: A risk rating method and system that predicts the risk likelihood, the risk impact, and the risk rating of certain threats and vulnerabilities from exploiting different component groups. In some embodiments, the system's predictions (also referred to herein as inferences) are generated based on data elements provided by a user about its organization's information systems. In further embodiments, the method and system utilizes data mining, historical records, and an AI Engine to provide the predictions for the risk likelihood, the risk impact, and the risk rating posed by the various threat occurrences.

Abstract: A network device may include a memory and one or more processors configured to analyze execution of suspicious data; detect one or more states of execution of the suspicious data; determine that the one or more states of execution are to be assigned a priority level; and extract at least a portion of the suspicious data from one or more locations based on determining that the one or more states of execution are to be assigned a priority level.

Abstract: An endpoint security system having a Secured Authentication For Enterprise (SAFE) server is enhanced with an auxiliary service. The auxiliary service receives a request to run a job on an endpoint of an enterprise computer network, queues up the job in a central job store, and monitors whether an agent on the endpoint has checked in with the SAFE server. Responsive to the agent on the endpoint checking in with the SAFE server, the auxiliary service establishes, through a secure connection with the SAFE server, a connection with the agent on the endpoint and determines whether the agent has any jobs queued up in the central job store. If so, the auxiliary service dispatches the job from the central job store to the agent on the endpoint through the secure connection with the SAFE server and starts the job by the agent on the endpoint.

Abstract: Methods and systems for offload of data from a wireless sensing device to a gateway device. A certificate that is generated by the management server in response to a determination that the gateway device is associated with a wireless sensing device is received during an initial connection with the management server. In response to confirming, based on the certificate, that the gateway device is authorized to connect to the wireless sensing device, the certificate is transmitted to the wireless sensing device; and data is received from the wireless sensing device in response to confirming that the wireless sensing device is authorized to connect with the gateway device based on the certificate.

Abstract: A quantum key distribution (QKD) system comprising: an emitter (110) adapted to generate a QKD free-space signal, a transmitter station (220) adapted to receive the free-space signal from the emitter (110), and a remote QKD receiving station (250) supporting a QKD receiver (160) located at a different location than the transmitter station, wherein the transmitter station is adapted to receive said free space signal from the emitter and to forward said signal through a fiber link (400) to the QKD receiver (160) in said remote QKD receiving station (250).

Abstract: A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files. When a security event is detected, an event graph may be generated based on these causal relationships among the computing objects. For a root cause analysis, the event graph may be traversed in a reverse order from the point of an identified security event (e.g., a malware detection event) to preceding computing objects, while applying one or more cause identification rules to identify a root cause of the security event. Once a root cause is identified, the event graph may be traversed forward from the root cause to identify other computing objects that are potentially compromised by the root cause.

Abstract: Technologies for secure collective authorization include multiple computing devices in communication over a network. A computing device may perform a join protocol with a group leader to receive a group private key that is associated with an interface implemented by the computing device. The interface may be an instance of an object model implemented by the computing device or membership of the computing device in a subsystem. The computing device receives a request for attestation to the interface, selects the group private key for the interface, and sends an attestation in response to the request. Another computing device may receive the attestation and verify the attestation with a group public key corresponding to the group private key. The group private key may be an enhanced privacy identifier (EPID) private key, and the group public key may be an EPID public key. Other embodiments are described and claimed.

Abstract: A lock node for storing data and a protected storage unit. The lock node includes an input section which provides a plurality of key maps, each corresponding to one of a plurality of primary keys, respectively, applied to the input section, each key map including at least one main key, a variable lock section producing a derived key from a logical operation on the main keys corresponding to the primary keys applied to the input section, and an output section producing the data in response to the derived key.

Abstract: Methods and a system of generating a master seed using location-based data. The system includes a pseudo-random number generator configured to generate a random number and a global positioning system module configured to determine a location of the system. The system also includes an encryption module configured to generate a signing request message. The signing request message includes the random number and the location. The system further includes a communication device configured to transmit the signing request message to a location authority for authorization. The communication device further configured to receive a signature from the location authority upon authorization of the signing request message. The system is further configured to generate a master seed based on the signature.

Abstract: According to an example aspect of the present invention, there is provided a method comprising, receiving, by an intermediary network function, a subscription request from a network function consumer requesting data of a network function producer, wherein the subscription request comprises a client credential assertion of the network function consumer and an access token, authorizing and authenticating, by the intermediary network function, the network function consumer upon successful validation of the access token and the client credential assertion validation and transmitting, by the intermediary network function, an access token request to an authorization server to get another access token, wherein said another access token is to be used to validate the network function consumer to access services of the network function producer, and the access token request comprises the client credential assertion of the network function consumer requesting data of the network function producer.

Abstract: An automotive gateway includes one or more interfaces and one or more processors. The one or more interfaces are configured to communicate with electronic subsystems of a vehicle. The one or more processors and configured to host one or more guest applications, to associate both (i) the hosted guest applications and (ii) a first subset of the electronic subsystems of the vehicle with a non-secured domain, to associate a second subset of the electronic subsystems of the vehicle with a secured domain, and to control communication traffic between the secured domain and the non-secured domain of the vehicle in accordance with a security policy.

Abstract: Embodiments are disclosed for a quantum key distribution enabled intra-datacenter network. An example system includes a first vertical cavity surface emitting laser (VCSEL), a second VCSEL and a network interface controller. The first VCSEL is configured to emit a first optical signal associated with data. The second VCSEL is configured to emit a second optical signal associated with quantum key distribution (QKD). Furthermore, the network interface controller is configured to manage transmission of the first optical signal associated with the first VCSEL and the second optical signal associated with the second VCSEL via an optical communication channel coupled to a network interface module.

Abstract: A sound-based method and system of performing an authentication of a person in order to permit access to a secured resource is disclosed. The system and method are configured to collect audio data from an end-user in real-time that corresponds to ambient sounds for their alleged location. The audio data is compared to verified audio data for the actual location. The system can determine whether there is a match between the user audio data and audio data previously collected and stored in a database or obtained from an audio service provider. If there is a match, the system verifies an identity of the person and can further be configured to automatically grant the person access to one or more services, features, or information for which he or she is authorized.

Abstract: A method and system are disclosed to audit smart contracts. The method includes: publishing, with a processing server, a smart contract bytecode with metadata on a blockchain; retrieving, with the processing server, the published smart contract bytecode with metadata from the blockchain; extracting, with the processing server, the smart contract bytecode from the published smart contract bytecode; and verifying the smart contract bytecode by comparing a computed hash of a high-level source code of the published smart contract bytecode with the metadata retrieved from the blockchain.

Abstract: In an embodiment, a threat score prediction model is generated for assigning a threat score to a software vulnerability. The threat score prediction model may factor one or more of (i) a degree to which the software vulnerability is described across a set of public media sources, (ii) a degree to which one or more exploits that have already been developed for the software vulnerability are described across one or more public exploit databases, (iii) information from one or more third party threat intelligence sources that characterizes one or more historic threat events associated with the software vulnerability, and/or (iv) information that characterizes at least one behavior of an enterprise network in association with the software vulnerability.

Abstract: A principal successfully authenticates for a communication session with a target device. One or more Domain Specific Language (DSL) statements/records assigned to the principal are provided to the target device. The target device translates the DSL statements/records into code, which is executed on the target device to custom set security roles of the principal on the target device during the session. In an embodiment, the one or more DSL statements/records are provided to the target device as an optimized JavaScript® Object Notation (JSON) Web Token (JWT); a payload of the optimized JWT comprising the one or more DSL statements/records as a compressed and enhanced JSON object.