Abstract: Disclosed are some implementations of systems, apparatus, methods and computer program products for providing contextually relevant recommendations based on a context of the user. The context of the user may be determined according to a set of privacy settings of the user, where the set of privacy settings indicates contextual features for which values are permitted to be accessed by a recommendation system. The contextual features may include user-related features and/or tenant features pertaining to a tenant of a multi-tenant database.

Abstract: The system comprises of a meeting organizer, host data processing system, at least one participant and participant data processing system and a server. The host data processing system is configured to create the meeting, list of participants, generate key for the participants and then communicate the key to the participants. The participant data processing system is configured to receive the credentials, communicate credential and key to the server and communicate the location information of the participant data processing system to the server. The server is configured to authenticate the participant, verify the identity of the participant, and determine whether the participant data processing system is located in a secured or unsecured location.

Abstract: The present disclosure relates to software tampering resistance. In one aspect, a method for generating protected code is provided, comprising identifying a primary function in code to be obscured, the primary function being a function used to verify the integrity of the code run-time. The method then comprises generating a finite state machine from the primary function, wherein a state of the finite state machine at a given instance defines an element of the primary function to be executed. The method then comprises distributing the finite state machine throughout the code to obscure one or more areas of the code.

Abstract: A computer-implement method comprises: selecting a trusted computing node via smart contract on a blockchain; completing remote attestation of the selected trusted computing node; writing secret information to an enclave of the selected node; causing a thin device to establish a private connection with the selected node without revealing the secret information; and causing the selected node to act as a proxy on the blockchain for the device. Another method comprises: receiving a signed device access request from a device owner; validating, by the verification node, the received request; executing, by a verification node, a smart contract on a blockchain based on the received request; and producing, based on the executed smart contract, an output command to access the device for the device to validate, decrypt and execute.

Abstract: A system and method for pairing two devices for secure communications. A user selects a first device to pair with a second device. The first and second devices have the ability to securely communicate with each other through the use of encrypted communications. An encryption key is written to the first device and then burned into the encryption module on the first device. A corresponding decryption key is written to the second device and then is burned into the decryption module of the second device.

Abstract: Examples disclosed herein relate to a method for defining an ingress access policy at an ingress network device based on instructions from an egress network device. The egress network device receives data packets directed to a first entity from a second entity connected to an ingress network device. Each data packet transmitted includes a source role tag corresponding to the second entity. At the egress network device, the data packets may be dropped based on the enforcement of an egress access policy. When the number of data packets that are being dropped increases beyond a pre-defined threshold, the egress network device transmits a command to the ingress network device instructing the ingress network device to create a restriction on the transmission of subsequent data packets. The command is transmitted in a Border Gateway Protocol (BGP) Flow Specification (FlowSpec) route.

Abstract: A system, a method, and a computer program are provided for securely isolating access by one or more users in a group of network users to an enterprise network implementing Multi-Protocol Label Switching (MPLS). The security system includes an MPLS Layer-3 VPN (L3VPN) instance created for a group of users to be isolated, and a remote and mobile enterprise access (RMEA) gateway with secure socket layer virtual private network (SSL-VPN) and two-factor user authentication capabilities. A de-militarized zone (DMZ) is positioned in the network to security scan data traffic between the L3VPN and RMEA gateway. The security protocol involves two-factor user authentication and establishing, on top of the L3VPN instance, an SSL-VPN session between the user and the RMEA gateway, which provides the authorized user access to the network. Additionally, data traffic to/from the user is routed through the RMEA and the DMZ.

Abstract: This document describes techniques for expanding user groups while preserving user privacy and data security. In one aspect, a method includes receiving, by a content platform and from a client device of a user, a request for a digital component that also includes a user identifier. A determination is made that the user identifier is included in a user list that includes multiple user identifiers respectively corresponding to multiple users in a user action group. In response to determining that the unique identifier is included in the user list, a digital component of the entity for which the user list is generated is selected and provided to the client device of the user for display to the user of the client device.

Abstract: A modification to an applied ruleset intended for consumption by intrusion detection systems (IDSs) is detected. A service event that is configured to push the applied ruleset to a set of test network sensors associated with the IDSs is triggered. A service subscribed to the service event updates the set of test network sensors with the applied ruleset and designates a configuration version to the applied ruleset. A notification is received from the set of test network sensors that the applied ruleset has been tested and is ready for deployment to other network sensors and a request is received to deploy the applied ruleset to a set of network sensors. A determination is made whether the request includes the configuration version designated to the applied ruleset by the service. If the request includes the configuration version designated to the applied ruleset, the request to deploy the applied ruleset to the set of network sensors is authorized.

Abstract: A pattern detector circuit is provided in a security chip, wherein the pattern detector circuit monitors accesses of a plurality of configuration registers, each of the plurality of configuration registers having a corresponding address. In response to receiving from a host a predefined sequence of accesses of the plurality of configuration registers for one or more operations to the plurality of configuration registers, a processor in the pattern detector circuit determines a value indicative of a current version of a netlist for the security chip. The determined value is made available to be obtained by a read operation by the host at a specific configuration register address.

Abstract: Automatic preparation of data related to session initiation protocol (SIP) based traffic flows in a lawful interception (LI) scenario is disclosed. The dataset that is obtained may, e.g., be used for machine learning-based (ML) and artificial intelligence (AI) tools that can identify lawfully intercepted SIP-based traffic cases. Such preparation of data reduces the 5 risk of misunderstandings between a communications service provider (CSP) and a law enforcement agency (LEA), which reduces the time dedicated by both parties in understanding the correctness of LI data provided by the CSP to the LEA.

Abstract: Disclosed examples include accessing a search term from a client device; accessing a first identifier, the first identifier corresponding to a first database proprietor, the first identifier to access first user information corresponding to a user of the client device; accessing a second identifier, the second identifier corresponding to a second database proprietor, the second identifier to access second user information corresponding to the user of the client device; providing the search term, the first identifier, and the second identifier in a message; and transmitting the message to a server.

Abstract: According to various embodiments, a cryptographic processing device is described comprising a processor configured to determine a masking component, generate a masked version of a secret first element by masking multiple components of the secret first element with the masking component, determine a first share of the product of the secret first element and a second element by multiplying the second element with the masked version of the secret first element, determine a second share of the product of the secret first element and the second element by multiplying the second element with the difference of the secret first element and the masked version of the secret first element and continue with a lattice-based cryptography operation using the first share and the second share of the product.

Abstract: A named function network (NFN) system includes a routing node, a function generation node, and a server node. The routing node receives requests for new functions, the requests including data values for generating the new functions. The function generation node receives the data values from the routing node and generates a new function for the NFN using the data values. The server node receives a request from the routing node to execute the new function, executes the new function, and transmits results of the execution to the routing node.

Abstract: Systems and methods for determining network topology by implementing the security parameter index (“SPI”) to map network nodes that are behind a network address translation (“NAT”) address are disclosed.

Abstract: A blockchain-based network security system is a decentralized anti-attack network constructed by means of blockchain. The anti-attack network includes a blockchain network system and a server system wherein both system are disposed independently and the data link between them is connected via a switch. A plurality of block nodes in the blockchain network system are provided with anti-attack servers, and each anti-attack server is provided with at least one sub-server. When the sub-server of the anti-attack server encounters an abnormal access event, the path information in the access event is loaded into the blockchain network system via the switch connected to the anti-attack server. In one example, the path information in the abnormal access event is loaded into the blockchain network system for distributed processing so as to prevent the resource depletion of the anti-attack server in which the attacked sub-server is located.

Abstract: Techniques are described for providing software developers with secure software project development environments via cloud-based or locally installed integrated development environments (IDEs). A cloud provider network provides a project development environment policy service that enables users to configure project development environment policies associated with various software projects and to deploy configured policies to users' project development environments as appropriate. A project development environment policy can include rules related to monitoring and controlling version control system actions, monitoring the content of project source code pushed to version control repositories, among other software project governance-related configurations.

Abstract: One example of a system comprises using a processor for identifying a model to be validated that is stored in a repository; automatically computing and recording one or more model metrics for the model to be validated in a tamper-proof manner; comparing the computed tamper-proof metrics with one or more encoded rules and policies to determine if the model to be validated complies with the one or more encoded rules and policies; and outputting a notification to a device indicating a validation status of the model to be validated based on the comparison of the computed tamper-proof metrics with the one or more encoded rules and policies.

Abstract: An information processing system includes a first device and a second device. The first device generates first encrypted data by applying a first encryption with respect to the original data stored in a shared storage area, and causing the first encrypted data to be stored in the shared storage area. The second device generates second encrypted data by applying a second encryption with respect to the first encrypted data stored in the shared storage area, and causes the second encrypted data to be stored in the shared storage area. The first device deletes the original data and the first encrypted data from the shared storage area.

Abstract: After installation, a device may be asleep. A light signal device may send a message to the sleeping device to wake it up. This wake-up message may comprise the light signal device sending programmed light signals, the programmed light signals in modified morse code. An authentication part may also be included in the message. The light signal device may request an authentication message from the sleeping device.