Abstract: The various implementations described herein include methods and devices for creating and using trust binaries and blockchains. In one aspect, a method includes accessing a trust store for the computing device, including obtaining a blockchain for the trust store. A first change to the trust store is identified. In response to identifying the first change, a first block is generated and inserted into the blockchain, where the first block includes a first encrypted digest for the first change and a first block digest. A second change to the trust store is identified. In response to identifying the second change, a second block is generated and inserted into the blockchain, where the second block includes a second encrypted digest for the second change, a second block digest, and the first block digest.

Abstract: Techniques and systems for optimizing and cleaning rules for network-based authentication transactions are provided herein. A network-based authentication system may determine a plurality of rules that were previously used to evaluate a plurality of transactions. The network-based authentication system may also generate a false positive rate for one or more of the plurality of rules, A cleaning coefficient for a first rule of the plurality of rules may be generated by the network-based authentication system. Based on the cleaning coefficient and the false positive rate, the network-based authentication system may identify one or more rules from the plurality of rules to eliminate from the plurality of rules. The network-based authentication system may eliminate the one or more rules to generate a modified set of rules. Using the modified set of rules, the network-based authentication system may authenticate a network transaction.

Abstract: Methods for synchronizing a source document repository with a target document repository include monitoring documents of the source document repository to detect changes to the documents. A last processed time is stored in association each changed document that indicates a time when the document was last processed. A transaction item is added to a synchronization queue each time a document is changed, and a queue time is stored in association with each of the transaction items that indicates when the transaction item was added to the queue. The transaction items are processed by comparing the queue time of the transaction item with the last processed time of the document pertaining to the transaction item. If the queue time is earlier than the last processed time, the transaction item is ignored.

Abstract: Systems and methods are provided for organizing communications of multiple communication services. Specifically, techniques are described for organizing data according to detected identities represented aggregate accounts across multiple communication services, as opposed to merely on the basis of accounts on such services. An identity-aware data management system is disclosed that can generate, on the basis of communications of a first party among multiple communication services, a reduced connection graph of the first party. The reduced connection graph of the first party can reflect second parties with whom the first party has communicated, each second party representing an aggregation of multiple accounts of a second party across communication services. The identity-aware data management system may then enable the first party to search, filter, or organize communications according to the reduced connection graph.

Abstract: A storage control system manages a storage metadata structure which comprises first and second tree structures. The first tree structure is configured to accumulate metadata entries associated with newly written data items, and sort the accumulated metadata entries by index keys. The second tree structure is configured to organize metadata entries using an index structure that enables random-access to the metadata entries using the index keys. The storage control system performs a merging process to merge metadata entries in leaf levels of the first and second tree structures, and performs a tree construction process to construct a third tree structure by populating a leaf level of the third tree structure with merged metadata entries from the leaf levels of the first and second tree structures. The storage metadata structure is updated to comprise the first tree structure, and the third tree structure in place of the second tree structure.

Abstract: A method for maintaining user privacy in advertisement networks may include receiving first persona data associated with a first user from at least one publisher system. The first persona data may be generalized to form first generalized persona data. A session key may be generated. The first generalized persona data and the session key may be encrypted with a first public key of an advertisement network system to form a first ciphertext. The first ciphertext and first user identity data may be communicated to a mediator system. The first user identity data may be associated with first user's identity. A first encrypted targeted advertisement may be received based on the first generalized persona data from the advertisement network system via the mediator system. The first encrypted targeted advertisement may be decrypted with the session key to form a first targeted advertisement. A system and computer program product are also disclosed.

Abstract: Some embodiments are directed to a categorization system for categorizing a sensitive data field in a dataset, e.g., a disease classification according to the ICD classification. A client device is to obtain categories for one or more records of the dataset. The client device determines categorization data for the categorization. The categorization data comprises homomorphic encryptions of possible values of the sensitive data field and encodings of the categories associated to the respective possible values, thus keeping the categorization secret. A data provider device stores the dataset and determines homomorphic encryption indicating differences between the value of the sensitive data field for a record and respective possible values. A categorization device determines which of those encryptions indicates a match and provides a category encoding associated with a matching possible value to the client device. The client device associates the encoded category to the record.

Abstract: Disclosed herein are systems and method for adjusting data protection levels based on system metadata. A method may include monitoring a computing device for a cyberattack, wherein a kernel driver of the computing device is configured to allow access to kernel control paths and hash tables in accordance with a first protection level, and detecting that the cyberattack is in progress. While the cyberattack is in progress, the method may include identifying kernel control paths and hashes of software objects that will be affected by the cyberattack, and configuring the kernel driver to disable access to the identified kernel control paths and hashes of the software objects in accordance with a second protection level, wherein the second protection level includes greater access restrictions to the computing device than the first protection level.

Abstract: Implementations of the present disclosure include providing a graph representative of a network, a set of nodes representing respective assets, each edge representing one or more lateral paths between assets, the graph data including configurations affecting at least one impact that has an effect on an asset, determining multiple sets of fixes for configurations, each fix having a cost associated therewith, incorporating fix data of the sets of fixes into the graph, defining a set of fixes including one or more fixes from the multiple sets of fixes by defining an optimization problem that identifies one or more impacts that are to be nullified and executing resolving the optimization problem to define the set of fixes, each fix in the set of fixes being associated with a respective configuration in the graph, and scheduling performance of each fix in the set of fixes based on one or more operational constraints.

Abstract: Embodiments assess security vulnerability of an application. An embodiment runs one or more static and dynamic analysis tools on the application to generate a static vulnerability report and a dynamic vulnerability report. In turn, code of the application is decompiled to identify code of the application that accepts user input. One or more vulnerabilities of the application are determined using the identified code of the application that accepts user input and a vulnerability report is generated that indicates the one or more vulnerabilities of the application determined using the identified code of the application that accepts user input. A final static vulnerability report and a final dynamic vulnerability report are generated based on the static and dynamic vulnerability reports and the generated vulnerability report indicating the one or more vulnerabilities of the application determined using the identified code of the application that accepts user input.

Abstract: A synthetic full backup of a source volume is retrieved, the synthetic full having been created from merging a backup chain including an incremental backup into a full backup. The full backup corresponds to a state of the source volume at a first time. The synthetic full corresponds to a state of the source volume at a second time, after the first time. A bitmap embedded into a snapshot of the source volume taken at the second time is retrieved. The bitmap identifies data from the source volume copied to secondary storage for the incremental backup. The backup chain is regenerated by copying from the snapshot the data identified by the bitmap to a regenerated incremental backup.

Abstract: Systems and methods for secure distribution of biometric matching processing are provided. Certain configurations include homomorphic encrypting of captured biometric information. In some configurations, the biometric information is classified without decryption between a first identity class and a second identity class. The biometric information may be formed as a feature vector. A homomorphic encrypted feature vector may be formed by homomorphic encrypting of the biometric information.

Abstract: A method of securely encrypting data whereby a computing device can utilize a seed and a pin to generate a mantissa of an irrational number. The computing device can then utilize a portion of the mantissa as a one-time pad to encrypt data. The seed can be transmitted to a recipient via a graphical code to enable secure decryption by a recipient's computing device.

Abstract: This application discloses a password verification method and a password setting method. The password verification method includes: in response to a detected operation of requesting for password verification, collecting at least one first image by using a camera of a mobile terminal; obtaining matching information when a result of matching between the at least one first image collected by the mobile terminal and at least one first preset image satisfies a first preset matching condition, where the matching information includes at least one of the following: location information of the mobile terminal, motion information of the mobile terminal, at least one second image collected by the camera of the mobile terminal, and network connection information of the mobile terminal; and performing matching between the obtained matching information and a second preset matching condition, where the password verification succeeds when the matching is successful.

Abstract: Systems and methods are described for improving portability of checkpoints of an application using central processing unit (CPU)-specific features. In an example, a system includes a source computing system and a destination computing system. The source computing system may be configured to: cause a first execution of an application that includes a function associated with a plurality of implementations; receive a request to resolve an implementation decision for the function; select, based on a set of source CPU-specific features, a source-specific implementation for the first execution of the function; patch, by rendering a resolved callsite table, a call site associated with the function with an address of the source-specific implementation; and send, to a destination computing system, a checkpoint of the application that includes the resolved callsite table.

Abstract: An electronic processor of a wireless fob is configured to establish a first communication link between the wireless fob and an external device, and receive, over the first communication link, first identification information and credential information of a power tool device from the external device. The electronic processor is further configured to receive, via the wireless transceiver, an identification signal including second identification information from the power tool device. The electronic processor is further configured to identify the power tool device by determining that the first identification information matches with the second identification information. The electronic processor is further configured to transmit the credential information to the power tool device to establish a second communication link between the wireless fob and the power tool device and transmit, over the second communication link, a command to the power tool device to control an operation of the power tool device.

Abstract: Disclosed are methods and systems for secure data communication amongst computer systems. Encrypted data in a first format is accessed over a secure communication channel from a first source for a first subject. Encrypted data in a second format is accessed over a secure communication channel from a second source for the first subject. The encrypted data in the first format from the first source and in the second format from the second source is decrypted. The decrypted data in the first format from the first source and in the second format from the second source is converted to a third format. At least partly in response to the request for information from a first system, at least a portion of the data from the first source and the second source is accessed from a database The accessed data is transmitted in encrypted form to the first system.

Abstract: In various examples there is a session border controller, SBC, connected between two communications networks. The SBC comprises a store holding statistics of events in the networks. The SBC also has an ingress receiving messages from the first communications network, the ingress having a memory storing an ingress message manipulation function MMF comprising a plurality of rules. The SBC has a session border controller processing unit connected to the ingress and receiving the messages from the ingress. The SBC has an egress connected to the session border controller processing unit, the egress receiving the messages from the session border controller processing unit and forwarding the messages, to the second communications network, the egress having a memory storing an egress message manipulation function MMF comprising a plurality of rules. At least some of the rules of the ingress MMF or egress MMF are for computing and storing the statistics.

Abstract: An apparatus and method for providing cyber security defense in digital environments are provided. The apparatus includes a processor and a memory communicatively coupled to the at least a processor. The memory contains instructions configuring the at least a processor to receive a cyber profile associated with a digital environment. The processor is also configured to receive a risk profile associated with the cyber profile and analyze the cyber profile and risk profile. In addition, the processor is configured to generate a user interface data structure configured to display the determined risk score. A graphical user interface (GUI) is communicatively connected to the processor and the GUI is configured to receive the user interface data structure for the cyber-attack defense assessment and display the cyber-attack defense assessment.

Abstract: In some examples, a networked computing system comprises a backup node cluster of a backup service in communication with a host database node cluster of a host, a host database at least initially undiscovered by the backup node cluster, one or more processors coupled with memory storing instructions that, when executed, perform operations comprising at least installing a backup agent on at least one node of the host database node cluster, registering the host at the backup service, based on the host registration, triggering a host database discovery process to discover the undiscovered database automatically, the discovery process including a discovery call, in response to the discovery call, receiving metadata relating to the discovered database, and communicating with the discovered database.