Abstract: System and method to predict risk of re-identification of a cohort if the cohort is anonymized using a de-identification strategy. An input anonymity histogram and de-identification strategy is used to predict the anonymity histogram that would result from applying the de-identification strategy to the dataset. System embodiments compute a risk of re-identification from the predicted anonymity histogram.

Abstract: Techniques related to preventing large-scale data breaches utilizing differentiated data object (DO) protection layers are described. A security gateway placed within a communication path between client end stations and servers receives DO access requests from the client end stations. The DOs are divided into a first subset that are currently classified as active and a second subset that are currently classified as inactive based upon a likelihood of further legitimate access to the DOs. Those of the DO access requests for DOs determined to be in the first subset are subjected to a first protection layer utilizing zero or more protection mechanisms. Those of the plurality of DO access requests for DOs not in the first subset are subjected to a second protection layer utilizing one or more protection mechanisms. Large-scale data breaches are efficiently prevented without disruption to legitimate DO access requests.

Abstract: One embodiment provides an accelerator circuitry. The accelerator circuitry includes accelerator processor circuitry; accelerator memory circuitry; processor trace (PT) decoder circuitry and control flow integrity (CFI) checker circuitry. The PT decoder circuitry is to at least one of receive and/or retrieve PT data from a host device. The PT decoder circuitry is further to extract a target instruction pointer (TIP) packet from the PT data and to decode the TIP packet to yield a runtime target address. The CFI checker circuitry is to determine, at runtime, whether a control flow transfer of an indirect branch instruction to the runtime target address corresponds to a control flow violation based, at least in part, on control flow (CF) information (info) stored to an accelerator CF info store.

Abstract: The disclosed computer-implemented method for protecting personally identifiable information during electronic data exchanges may include (i) receiving, from a computing device, an authentication token for a proposed electronic data exchange, (ii) preventing the user's personally identifiable information from entering the proposed electronic data exchange by identifying the user using the anonymized identifier rather than using the user's personally identifiable information, (iii) authenticating the user identified in the data exchange information, and (iv) in response to authenticating the user, authorizing completion of the proposed electronic data exchange. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present invention relates to a system for simultaneous forensic acquisition and analysis of data from a target data repository. The system comprises a source agent in communication with the target data repository. The source agent is incapable of writing to the target data repository and is configured to read a portion of the target data repository. The system further comprises an investigator computer having a processor configured to send at least one prioritized read command to the source agent to schedule a read of the target data repository based on a predetermined priority. A data sink is configured to store at least a partial forensic image of the target data repository based on the data read by said source agent.

Abstract: In one implementation, a system can include a tenant engine to maintain a plurality of tenant profiles with access to a first set of metrics of a plurality of metrics based on authorization via a certificate, a metrics engine to maintain a plurality of metrics derived from instrumentation of a plurality of applications, and a report engine to provide the first set of metrics in response to a report request when the report request is from a user associated with a first tenant profile of the plurality of tenant profiles and the first tenant profile is authorized to access the first set of metrics based on the certificate associated with a private key used to sign a first application of the plurality of applications.

Abstract: A system is described for controlling an actuating unit that restricts physical access such as a motorized garage door actuator unit. The system comprises a mobile wireless communication device, an electro-mechanical access control security device, and a receiving unit controlling the electro-mechanical access control security device, the receiving unit paired with the mobile wireless communication device for receiving user input for activating the electro-mechanical access control security device via a peer-to-peer communication directly with the mobile wireless communication device, and a pre-authorization of communication of the receiving unit with the mobile wireless communication device, the mobile wireless communication device receiving the pre-authorization from a central security server.

Abstract: A method includes executing a determination process that determines that a setting value is a search key, the setting value being for an item from among a plurality of items in a record identified in a plurality of records, the plurality of records relating to a plurality of pieces of log information that are collected from a plurality of computers; executing a first identification process that identifies, as the record, another record including the search key from among the plurality of records; executing a second identification process that identifies, as the item, a new item from among the plurality of items, the new item being different from an item used to identify the another record in the executing of the first identification process; repeating executing of the processes; and outputting information on at least one computer that is suspected of a cyber-attack, based on the identified records.

Abstract: A method of security and verifiability of an electronic vote, comprising reception of a temporary voting ballot, during which a temporary voting ballot is received by a voting entity, the temporary voting ballot being encrypted by a public voting encryption key; reception of a validation voting ballot, during which a validation voting ballot is received from the voting entity, the validation voting ballot being encrypted by a public validation encryption key; decrypting the validation voting ballot by a private validation key associated with the public validation encryption key; validating a validation request generated from the decrypted validation voting ballot sent to the voting entity; the preceding steps being repeated until the acceptance of the validation request by the voting entity, after which the encrypted temporary voting ballot is registered as a definitive voting ballot awaiting its counting.

Abstract: A method for mutual authentication in an RFID system comprising an RFID reader and an RFID tag, the method comprising requesting an identification from the tag, receiving the identification, using the received identification to select a password associated with the identification, generating a password key based on the selected password, encrypting the selected password using the password key, and transmitting the encrypted password to the tag.

Abstract: A multiple-identity secure device (MISD) persistently stores a single identification code (a “seed identity”). The seed identity need not be a network address, and may be stored in an integral memory of the device, or on an interchangeable card received in a physical interface of the MISD. The MISD is provided with a transformation engine, in hardware or software form, that is subsequently used to generate one or more unique identities (e.g., network addresses) from the stored seed identity using predefined logic. The generated identities may be dynamically generated, e.g., in real-time as needed after deployment of a device into possession of a subscriber/customer/user, etc., or may be securely stored in the MISD for subsequent retrieval. The transformation engine may generate a unique identity in accordance with an addressing scheme identified as a default setting, a global/network setting, or as determined from a received data transmission.

Abstract: Examples include sending and receiving recovery agents and recovery plans over networks. Some examples include receiving a recovery request over a network from a requestor, sending a response to the requestor over the network, sending an executable copy of a recovery agent with a validation measure to the requestor, establishing an encrypted connection with the requestor, receiving a second request from the requester over the encrypted connection, determining a recovery plan that includes a command executable by the recovery agent, and sending the recovery plan to the requester over the encrypted connection. In some examples, the recovery request includes data that identifies the requester and the response and the recovery plan are based on the data identifying the requester.

Abstract: The profiling and fingerprinting of communication and control (C&C) infrastructure is disclosed herein. An initial C&C profile is transmitted to a first network monitoring system. The initial C&C profile includes at least one of: (1) a domain corresponding to a C&C channel, and (2) a C&C pattern corresponding to a C&C channel. At least in part in response to information received from a second network monitoring system, the initial C&C profile is revised. An updated C&C profile is transmitted to the first network monitoring system.

Abstract: Methods and systems are provided for proxying data between an application server and a client device. One exemplary application system includes an application server to generate a virtual application and a proxy server coupled to the application server over a network to provide the virtual application to a client device. The proxy server receives input data from the client device and provides the input data to the application server, wherein the application server encodes the input data for an action in response to authenticating the proxy server and provides the data encoded for the action to the proxy server. The proxy server performs the action on the data and provides the result to the client device.

Abstract: A network security analysis system performs anomaly detection with low false positives by implementing a multiple perspective analysis of network data. The analysis system implements natural language processing techniques to examine the content of network and time series data to identify anomalies within new activity.

Abstract: Unique systems, methods, techniques and apparatuses of a substation phasor data concentrator (ssPDC) is disclosed herein. One exemplary embodiment is a method for operating an electrical substation including a merging unit (MU), a phasor measurement unit (PMU), and a substation phasor data concentrator (ssPDC).

Abstract: In some examples, a computing device includes a data port, device memory to store firmware for the computing device, and verification circuitry. The verification circuitry may override operation of the data port responsive to a determination that firmware verification mode criteria are satisfied. The verification circuitry may also extract firmware data from the device memory for verification of the firmware and provide the firmware data to an external device connected to the computing device through the data port.

Abstract: An Identity Exchange that communicates and processes data exchanged between Identity Providers (IdP) and Relying Partys (RP) remains blinded from the attribute values of the data flowing through it. To make this happen each IdP and RP are issued anonymous certificates by a Certificate Authority, using which they perform key exchange with each other to exchange session keys, which are used subsequently to encrypt/decrypt all attribute values they exchange via the Identity Exchange.

Abstract: A method at an authentication server for multi-factor authentication of an electronic device, the method including receiving at the authentication server a request for authentication of the electronic device; sending information to the electronic device; receiving a response based on the information sent to the electronic device, the response further including an authentication time limit; authenticating the response; and storing the response and time limit upon verification of the response.

Abstract: The disclosed apparatus may include a physical processing that (1) receives, at a network device, a packet that is destined for a computing device within a network, (2) performs pattern matching on the packet by (A) comparing at least a portion of the packet with a set of signatures that facilitate pattern matching in connection with network traffic and (B) determining, based at least in part on the comparison, that the portion of the packet matches at least one of the signatures, (3) parses, after performing the pattern matching, at least the portion of the packet to determine whether the packet is malicious based at least in part on the portion of the packet, and then (4) upon determining that the portion of the packet is malicious, performs at least one security action in connection with the packet. Various other apparatuses, systems, and methods are also disclosed.