Abstract: A data file encryption transmission/reception system includes a computer with a registration module that encrypts input data files. The registration module includes a string conversion module that configured to convert the data file to be encrypted to string data, a key generation module that configured to generate a common key, and to divide the common key and the string data into first input information and second input information, a common key encryption module is configured to encrypt the first input information with the common key, to thereby generate common key encrypted data, a searchable encryption module that configured to encrypt the second input information in accordance with searchable encryption with a user secret key set in advance, to thereby generate searchable encrypted data and a communication module is configured to register a set of the common key encrypted data and the searchable encrypted data in the data management server.

Abstract: Techniques for managing the implementation of application-code scanning processes are disclosed. A system scans application code by analyzing metadata associated with the application code to identify a set of data needed to scan the application code with a scanning application. Based on the information obtained from the application metadata, the system identifies extraction processes that are needed to obtain the set of data. The system applies a set of one or more application-code scanners by implementing the extraction processes. The system presents in a graphical user interface (GUI) a set of results from scanning operations.

Abstract: A method includes obtaining a plurality of representative vectors associated with face-related data. The method includes determining an encryption key based on a parameter stored in a record, generating an encrypted vector set by, for each respective vector of the plurality of representative vectors, encrypting the respective vector with a homomorphic encryption operation based on the encryption key, where the encrypted vector set includes a first encrypted vector that is linked to a subset of the face-related data associated with the first plurality of face vectors. The method further includes obtaining an encrypted face search vector using the encryption key to perform homomorphic encryption. The method further includes selecting a first encrypted vector based on the encrypted face search vector and retrieving the subset of the face-related data based on the first encrypted vector.

Abstract: Cyber intrusion detection (CID) and data protection (DP) are coordinated within a storage node to enable the capabilities of DP to be automatically and quickly utilized in response to detected threats to help protect data. CID sends an alert message to DP in response to detection of a ransomware attack or other threat. DP responds to the alert message by implementing at least one countermeasure, such as: generating new targetless snapshots of the storage objects under attack, the version data group of which the storage objects are members, or all storage objects maintained by the storage array; securing and/or preserving some of the targetless snapshots that existed before the infection; changing the targetless snapshot generation and retention schedule; and temporarily halting generation of new targetless snapshots.

Abstract: Methods and systems for assessing risk associated with Artificial Intelligence (AI) models are provided. The method includes receiving a risk parameter among a plurality of risk parameters used for assessing an AI model, from a user associated with the AI model. Further, the method includes generating a preset questionnaire including a plurality of questions corresponding to the risk parameter. Furthermore, the method includes receiving user response data and corresponding evidence data against each of the plurality of questions from the user. The user response data is validated by correlating the user response data with the corresponding evidence data. The validated user response data is compared with preset response data corresponding to each of the plurality of questions. Thereafter, the method includes generating a report including a risk score indicating a risk associated with the AI model corresponding to the risk parameter, using a learning model, based on the comparison.

Abstract: A system and method for a continuous self-improving loop for security of generative artificial intelligence (GenAI) deployed in a system is provided. Prompt(s) are input to a target GenAI to perform security tests. An attack vulnerability report can be generated based on the output generated by the target GenAI in response to the plurality of security tests to a validation module that determines which data in the attack vulnerability report is accurate. For each security test that produced inaccurate output, a first dataset can be generated and can be used to create new security tests. For each breach of security that is accurate, a second dataset can be generated based on the respective security test that caused the breach of security and the target GenAI can be updated by training the target GenAI with the dataset to improve security of the target GenAI in use by the system.

Abstract: Methods, systems, and non-transitory computer readable storage media are disclosed for facilitating modification of components of artificial intelligence computing applications via aggregated risk scores of individual artificial intelligence computing application components. The disclosed system generates data objects representing the artificial intelligence computing application components. The disclosed system determines mappings between the data objects based on relationships of the artificial intelligence computing application components. Furthermore, the disclosed system generates risk scores for the data objects representing the components of the artificial intelligence computing application by administering risk assessments that correspond to a system requirements framework.

Abstract: Providing a risk analysis report for an undesired event includes receiving a request comprising undesired event data defining an undesired event, wherein the undesired event data corresponds to an asset, identifying, from an attack database, one or more sets of attack attributes related to the undesired event data, and identifying one or more protection measures relevant to the asset and the attack attributes. The technique also includes performing a first set of Monte Carlo simulations for the undesired event based on combinations of the attack attributes, the protection measures, and the asset, and performing a second set of Monte Carlo simulations for the undesired event based on a subset of the combinations of the attack attribute. One or more combinations of the attack attributes, the protection measures, and the asset which result in the undesired event are provided in accordance with outcomes.

Abstract: The present disclosure provides techniques for processing a three-dimensional (3D) object file in a privacy-preserving manner. An example method includes obtaining an object file that comprises a specification of a 3D printable object, encrypting the object file using a public key to generate an encrypted object file, and sending, to a remote computing system, the encrypted object file and a request to process the encrypted object file to identify a characteristic of the 3D printable object. The method also includes receiving an encrypted result file from the remote computing system, wherein the encrypted result file comprises an encrypted Minkowski sum of the encrypted object file and an encrypted comparison file. The method also includes decrypting the encrypted result file using a private key corresponding with the public key to generate an unencrypted result file and processing the unencrypted result file to determine the characteristic of the 3D printable object.

Abstract: An object movement method includes receiving a first input of a user, where the first input is used to move a target object in a first space into a second space; and in response to the first input, moving the target object into the second space in a case that the second space is enabled and that a size of a residual space of the second space meets a predetermined condition, where the second space and the first space are independent of each other.

Abstract: A request to activate a service may be received from a user device and a determination may be made as to whether the request is authorized or fraudulent. In particular, a geographical location of the user device may be determined. Whether to activate the service may be determined based on the geographical location of the user device.

Abstract: The retention lock (RL) status for a backup file stored in a storage target is certified by obtaining the RL status and encrypting it using an encryption key process to create a certified RL status. This signs the RL status by the entity storing the backup file, rather than an application setting the retention lock. The certified RL status is provided as a token to backup software of a deduplication backup system, wherein it can be made available for inspection and audit. The data may include opaque data that is data not interpreted by the filesystem. The request for RL status includes the opaque data, which is returned as part of the response, and which can be returned in part as cleartext.

Abstract: Techniques for cybersecurity analysis. A method includes identifying a first set of paths to a first asset. The first set of paths includes a first path which allows for uploading inspection code, a second path which allows for running the inspection code, and a third path which allows for obtaining results of running the inspection code. The first set of paths is selected such that application programming interfaces (APIs) of the first set of paths are at least partially shared with APIs of a second set of paths to each of at least one second asset and, further, selected based on at least one request processing attribute of the at least one API used in order to access the first asset. The inspection code is uploaded via the first path and run via the second path. Outputs of the inspection code are obtained via the third path and analyzed.

Abstract: The retention lock status for a backup file stored in a storage target of a deduplication backup is certified by obtaining the retention lock status and encrypting, in the storage target, the retention lock status information using an encryption key process to create a certified retention lock status. This signs retention lock status by the entity storing the backup file, rather than an application setting the retention lock. The certified retention lock status is provided as a token to a backup software of the deduplication backup system, wherein the retention lock status information is made available for inspection and audit. It is then returned, in response to an audit request, for comparison against a cleartext representation of changes to retention lock status.

Abstract: The retention lock (RL) status for a backup file stored in a storage target is certified by obtaining the RL status and encrypting it using an encryption key process to create a certified RL status. Verification logs are kept by appending the time of certification to a new token that can be audited. Each time a certification is attempted, a log corresponding to the latest attempt and the latest timestamp is added to the end of the verification list. This verification log may be implemented through a verification timestamp is appended to the token, or a verification log that is its own token. The verification log is maintained in a backup system and made available to an auditor for review of the certified RL status of the locked files.

Abstract: Systems and methods generate a first security node hash identifier by performing a first hash operation, such as a one-way hash, on a first data resource identifier associated with a first data resource, such as a data set, produced by a data resource platform. The systems and methods generate a dependent second security node hash identifier by performing a second hash operation on a second data resource identifier associated with a dependent second data resource produced by the data resource platform and on the first security node hash identifier, receive an access request for access to the dependent second data resource; and in response to the access request, grant permission to access the dependent second data resource to a user associated with the access request based on the dependent second security node hash identifier.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for linking remote file storage. An example method includes identifying, by discovery agent circuitry, a set of files for storage from a set of candidate files, and classifying, by file metadata circuitry, each file from the set of files for storage into file usage categories. The example method also includes assigning, by file metadata circuitry, permission categories to each file from the set of files for storage based on the file usage categories, and providing, by communications hardware, the set of files for storage and associated metadata to a file storage host, wherein the associated metadata comprises the file usage categories and the permission categories The example method also includes updating, by the discovery agent circuitry, content stored on the file storage host, the content comprising the set of files for storage.

Abstract: An integrated security analysis data structure and a method for multi-container software projects. A data repository storing containers and a software bill of materials (SBOM) is queried. The SBOM includes first data describing the containers and second data describing software images in the containers. The software images include corresponding components. The SBOM further includes metadata about the containers, the software images, and the one or more corresponding components. A dependency graph, showing dependencies among the software images, of the software images is built automatically. Usage data describing usage of the containers as deployed in an enterprise system is retrieved automatically. The SBOM, the dependency graph, and the usage data are transformed into a SBOM data structure. The SBOM data structure includes a searchable data object that is searchable by: the containers, the software images, the one or more corresponding components of the software images, the metadata, and the usage data.

Abstract: A computing platform may train, using smart contract and file type information, a homomorphic encryption model, which may configure the homomorphic encryption model to identify, for a given input file, a corresponding smart contract defining a corresponding set of parameters, included in the given input file, for display. The computing platform may receive an unencrypted file, and may identify, by inputting the unencrypted file into the homomorphic encryption model, a smart contract defining one or more parameters for display. The computing platform may encrypt, using homomorphic encryption, the unencrypted file to produce an encrypted file, and may store the encrypted file. The computing platform may receive, via an application programming interface (API) at a user device, a request to access the encrypted file. The computing platform may send, based on the smart contract and for display at the user device via the API, the parameters for display.

Abstract: The present disclosures relates to methods and apparatus for managing a blockchain. The method includes executing an initial transaction to obtain an initial transaction execution record; adding the initial transaction execution record to a first transaction execution data set; adding the initial transaction to a first transaction pool; acquiring transaction data from the first transaction pool that contains the initial transaction, the transaction data comprising respective initial transaction execution record corresponding to each transaction in a transaction list containing the initial transaction from the first transaction pool; generating a proposal block based on the transaction list and the transaction data, the proposal block being subject to block consensus with a second consensus node in the blockchain network; and performing block consensus on the proposal block to obtain a block consensus result of the proposal block.