Abstract: A system and method detects malware by processing notifications from an intrusion detection system and baseline snapshots from an image capture utility. The image capture utility constructs an image of the suspected malware intrusion and links the suspected malware intrusion to the baseline snapshots. The system and method propagates the image of the suspected malware intrusion across multiple networks before it distinguishes malicious code, device state, and files from benign code, device state, and files. Some systems and methods include a malware recovery system that executes machine learning instructions and heuristics to revert a client and/or a remote server to one or more baseline snapshots.

Abstract: Embodiments of the disclosure provide a method of establishing a user profile using multiple channels. Embodiments allow compatibility of the user profile across several authentication systems. The user profile is created upon registration and is updated with attributes after authenticating and authorizing the user according to a pre-defined assurance level. The user profile contains attributes pertaining to the user and user device. The attributes can be analyzed by authentication systems to optimize data security.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for hiding copyright information in a display screen. One of the methods includes generating, by a computing device, a unique identifier (ID) based on copyright information associated with a digital content, wherein the copyright information and the digital content are recorded on a blockchain of a blockchain network; determining one or more attributes associated with the display screen; and converting the unique ID to a digital watermark based on the one or more attributes, the digital watermark not being apparent to an unaided human eye when displayed in the display screen and enables retrieval of the copyright information from the blockchain based on the unique ID.

Abstract: Methods performed by a system on a computer device, such as a smart phone, i.e., locally, for protecting against network-based attacks. These methods inspect all traffic to every application and web browser on the device.

Abstract: A system and method for facilitating establishing a secure connection between a client application and a content provider. An example method includes employing a security gateway to authenticate a client for communications therewith; maintaining, for the client, security credentials for a data provider via a security configuration module, wherein the security credentials are associated with a description of data, which is associated with a data provider; using the gateway to determine which of the security credentials to use to fulfill the request message received by the security gateway from the client based on the request; and employing the selected security credentials to selectively retrieve data from and deliver the data to the client application. The example method may further include generating the request message when a User Interface (UI) control displayed in a UI display screen of a browser client is selected or activated.

Abstract: A computer-implemented user classification method includes: obtaining, by a target terminal device, an initial user classification model from a server, in which the initial user classification model is provided by the server to multiple terminal devices, the multiple terminal devices including the target terminal device; obtaining first operation data of a registered user of the target terminal device; updating the initial user classification model based on the first operation data, to obtain an updated user classification model that is personalized for the registered user; and classifying, based on the updated user classification model, an identity of a current user of the target terminal device.

Abstract: A parent cryptographic key associated with a blockchain object is obtained. A number of parties (N) to share control over the blockchain object is obtained. N child cryptographic keys are generated based on the parent cryptographic key by applying a predetermined algorithm to the parent cryptographic key, wherein N is an integer greater than or equal to 2, and wherein the N child cryptographic keys are collectively configured to enable reconstruction of the parent cryptographic key.

Abstract: Example embodiments for controlling access in a network system based on a distributed ledger are presented. In an example embodiment, a plurality of nodes of a computer network capture information describing requested data transactions in the computer network. At least some of the nodes construct transaction blocks for a distributed ledger, with each of the transaction blocks including information describing one or more of the requested data transactions. The nodes publish the transaction blocks to other nodes. The nodes receiving the transaction blocks add those of the transaction blocks that do not include a disallowable requested data transaction to copies of the distributed ledger. One or more arbitrator nodes approve those of the requested data transactions represented in transaction blocks added to the copies of the distributed ledger by a consensus of the nodes.

Abstract: A sensor network for use in an aircraft, including a plurality of wireless nodes. A first wireless node of the plurality of wireless nodes is arranged to communicate with at least one other wireless node of the plurality of wireless nodes. The communication is via a secure communications channel and is on the basis of a control message received at the first wireless node. The at least one other wireless node is arranged to perform an operation on the basis of the control message.

Abstract: Automatically discovering attribute permissions is provided. A profile indicating a set of attributes that can be converted into permissions for a new target instance is provided. In response to detecting that the new target instance is being added, a convertible set of attributes for the new target instance is searched for based on the profile. Search results for the convertible set of attributes are displayed. Ones of the convertible set of attributes are selected as a set of attribute permissions for the new target instance for access control to the new target instance.

Abstract: An authentication system is provided using one-time passwords (OTPs) for user authentication. An OTP key may be stored on a different device than the device on which the OTP is generated. In an embodiment, the system described herein enables a combined authentication system, including the two separate devices communicating over a non-contact interface, to provide advantageous security features compared to the use of a single device, such as a hardware OTP token. One device may be a personal security device and the other device may be a reader device coupled to a host device via which access is being controlled.

Abstract: A system and method for controlling access to a resource by an application are provided. The system includes a server that includes a memory and a processor. The memory includes instructions executable by the processor to execute the application by a development system configured to use one of a tracking mode and an enforcement mode. If the development system is configured to use the tracking mode, the system updates an access log for the resource responsive to the application accessing the resource, and creates an application manifest using the access log. The application manifest is configured for use in controlling access to the resource by the application executing on a production system.

Abstract: Methods and systems for encrypting and decrypting data comprising sending sensitive information to a first cryptographic processing system in a first cloud region for encryption with a first key encryption key generated by and stored by the first cryptographic processing system. The first encrypted sensitive information received from the first cryptographic processing system is stored in a first database. The sensitive information is also sent to a second cryptographic processing system in a second cloud region different from the first cloud region for encryption with a second key encryption key generated by and stored by the second cryptographic processing system. The second encrypted sensitive information received from the second cryptographic processing system is stored in a second database. If the first encrypted sensitive information cannot be decrypted by the first cryptographic processing system, the second encrypted sensitive information is sent to the second cryptographic processing system.

Abstract: A parent cryptographic key associated with a blockchain object is obtained. A number of parties (N) to share control over the blockchain object is obtained. N child cryptographic keys are generated based on the parent cryptographic key by applying a predetermined algorithm to the parent cryptographic key, wherein N is an integer greater than or equal to 2, and wherein the N child cryptographic keys are collectively configured to enable reconstruction of the parent cryptographic key.

Abstract: Methods and systems are configured to store user data and control access to the user data, wherein the data is stored remotely from the user (such as external to a user's computing device) and the user's data is maintained anonymously. Content is stored in association with a user identifier and access by third parties is controlled by linked third party identifiers.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for hiding copyright information in a display screen. One of the methods includes generating, by a computing device, a unique identifier (ID) based on copyright information associated with a digital content, wherein the copyright information and the digital content are recorded on a blockchain of a blockchain network; determining one or more attributes associated with the display screen; and converting the unique ID to a digital watermark based on the one or more attributes, the digital watermark not being apparent to an unaided human eye when displayed in the display screen and enables retrieval of the copyright information from the blockchain based on the unique ID.

Abstract: The life cycle of one or more containers related to one or more containerized applications is managed by determining that a predefined retention time for a first container of the plurality of containers has elapsed; in response to the determining, performing the following honeypot container creation steps: suspending new session traffic to the first container; maintaining the first container as a honeypot container; and identifying communications sent to the honeypot container as an anomalous communication. Alert notifications are optionally generated for the anomalous communication.

Abstract: In one illustrative example, a network node may receive, from a user equipment (UE), a message indicating a token authorization request for access to a custom, enterprise private network slice of a 5G network. The message may include a token provided to the UE by an enterprise server of an enterprise private network of the enterprise. The network node may perform a token validation procedure and, based on a successful token validation, send a message for causing a provisioning of one or more rules in a forwarding entity of the 5G network, for causing enterprise user plane (UP) traffic of the UE to be forwarded to an anchor UPF of the private network slice. The enterprise UP traffic communication may be used for the remote control and/or monitoring of elements in a private 5G network of the enterprise.

Abstract: Some embodiments provide non-transitory machine-readable medium that stores a program which when executed by at least one processing unit of a device synchronizes a set of keychains stored on the device with a set of other devices. The device and the set of other devices are communicatively coupled to one another through a peer-to-peer (P2P) network. The program receives a modification to a keychain in the set of keychains stored on the device. The program generates an update request for each device in the set of other devices in order to synchronize the set of keychains stored on device with the set of other devices. The program transmits through the P2P network the set of update requests to the set of other devices over a set of separate, secure communication channels.

Abstract: An example communications apparatus includes a plurality of communicatively-interconnected communication domains and an electronic switch, integrated as part of a first domain of the plurality of communicatively-interconnected communications domains. The electronic switch effects secure communications of data over the one or more channels specific to the first domain, by using a first circuit and a second circuit. The first circuit is used to obtain and process sampled channel properties associated with the one or more channels specific to the first domain. The second circuit is used to generate, in response to the first circuit, a domain-specific code that is generated pseudo-randomly using the processed sampled channel properties, the domain-specific code being used for coding data conveyed over the one or more channels specific to the first domain.