Abstract: A data monitoring system comprising a server communicatively coupled to a client device and a data module via a network. The server is configured to store a private key of a public-private key pair associated with the data module, receive a request from the client device for authenticated access to the data module, and generate an authentication key based at least on the private key and a time. The client device is configured to generate the request for authenticated access to the data module and transmit the request to the server. The data module is configured to store the private key of the public-private key pair associated with the data module, generate the authentication key based at least on the private key and the time, and grant access to the data module if the authentication key generated by the data module and the authentication key generated by the server match.

Abstract: A user identity authentication method includes: receiving first information input by a user, and obtaining intermediate information of the user from a block-chain; generating second information by using the first information and the intermediate information; and obtaining a matching result by determining whether the second information matches result information stored in the block-chain, and determining whether user identity of the user is valid according to the matching result.

Abstract: Method and apparatus for protecting against a jitter attack upon a cryptographic processing device. In some embodiments, the cryptographic processing circuit is configured to perform a cryptographic function on a set of input data to generate a corresponding set of transformed output data. An input line supplies an input signal used by the cryptographic processing IC during execution of the cryptographic function. A monitor circuit monitors the input signal, and temporarily disables the cryptographic processing IC when time-varying changes to the input signal indicate a jitter attack may be taking place. The input signal may be a source voltage, and voltage transitions in the source voltage can be monitored. Alternatively, the input signal may be a clock signal, and frequency variations in the clock signal can be monitored. The monitor circuit may be arranged on a power island to maintain power during power fluctuations.

Abstract: Granting guest devices access to a network using out-of-band authorization including receiving, over an out-of-band network, a password for an in-band network from a guest device, wherein the password is generated on the guest device; storing the password received over the out-of-band network as an authorized password for the in-band network; receiving, from the guest device using an in-band protocol, a request to join the in-band network, wherein the request to join the in-band network comprises the password previously received from the guest device over the out-of-band network; and granting the guest device access to the in-band network based on a determination that the password received in the request to join the in-band network matches the password previously received from the guest device over the out-of-band network.

Abstract: It is known in the art to route client traffic to a network security gateway using the domain name system, or DNS. More specifically, a local DNS resolver on a private network may apply security intelligence to client DNS lookup requests, based on the domains that clients are seeking to resolve. If a requested domain represents a known security threat, the client can be blocked or directed to the network security gateway instead of to the desired host. This routing of the client request to the network security gateway can be accomplished by giving the client the IP address of the network security gateway instead of the actual IP address corresponding to the domain name, in response to a given DNS name query from the client. Request routing can be accomplished using other techniques, such as IP layer routing, as well.

Abstract: According to an embodiment, there is provided a method for authorizing use of an application on a device. The method includes: identifying a plurality of device identifiers of the device; determining authorization information based on predetermined one or more of the plurality of device identifiers; and determining authorization for use of the application on the device in response to the authorization information.

Abstract: A wireless mouse includes a mouse body and a wireless receiver. The wireless receiver is connected with a computer host. When the mouse body is operated by a user, an original information is generated. The original information is encrypted and converted into an encryption information by the mouse body. The wireless receiver receives the encryption information from the mouse body. After the encryption information is received by the wireless receiver, the encryption information is decrypted by the wireless receiver. Consequently, the encryption information is restored into the original information. After the computer host receives the original information through the wireless receiver, the computer host performs a corresponding operation.

Abstract: Disclosed are various embodiments providing automated management of security operations centers. In one embodiment, a correlation and decision engine correlates event data generated by a plurality of monitoring services with a plurality of alerts generated by a plurality of threat intelligence services. The engine then adjusts at least one rule of one or more threat intelligence services with respect to at least one event based at least in part on a corresponding frequency of at least one of the plurality of alerts meeting a threshold, where the adjusted alert(s) are associated with the event(s).

Abstract: In a post-quantum asymmetric key generation method and system, a processing unit generates, based on a prime and an arithmetic function or a classical string, a prime vector which has an infinite number of components; generates a prime array based on the prime vector; generates an associated matrix based on the prime array; obtains, based on the associated matrix and a first reference prime, a first reference inverse prime array that serves as a private key; and obtains a public key that is paired with the private key based on a second reference inverse prime array. The second reference inverse prime array is obtained based on the associated matrix, the first reference prime, a second reference prime, and a randomization array.

Abstract: Embodiments of the present invention provide systems, methods, and computer storage media directed to optimizing the generation, evaluation, and selection of tensor circuit specifications for a tensor circuit to perform homomorphic encryption operations on encrypted data. A computing device having an improved compiler and runtime configuration can obtain a tensor circuit and associated schema. The computing device can map the obtained tensor circuit to an equivalent tensor circuit, adapted to perform fully homomorphic encryption (FHE) operations, and instantiated based on the obtained associated scheme. The computing device can then monitor a flow of data through the equivalent FHE-adapted tensor circuit utilizing various tensor circuit specifications determined therefor.

Abstract: Systems and methods for key generation for secure communication between a first user computing device and a second user computing device without requiring direct communication during key generation. The method using a plurality of privacy providers and a first private table and a second private table. The method including: performing by the second user computing device: receiving indexes each associated with a value in the second private table, each index received from the respective privacy provider sharing those values, each index associated with a value that matches an indexed value in the first private table received by the respective privacy provider from the first user computing device; and generating a common key for the secure communication by combining the indexed values of the second private table.

Abstract: A cyber monitored control system includes a controller with a first processing resource operable to execute a control application for a controlled system. The cyber monitored control system also includes a cyber monitor with a second processing resource isolated from the first processing resource. The cyber monitor is operable to evaluate a plurality of inputs to the cyber monitored control system with respect to a cyber threat model, apply trending using the cyber threat model to distinguish between a fault and a cyber attack, and isolate one or more subsystems of the cyber monitored control system based on identifying the cyber attack.

Abstract: A global locality sensitive hash (LSH) database stores global locality sensitive hashes of files of different private computer networks. Each of the private computer networks has a corresponding local LSH database that stores local locality sensitive hashes of files of the private computer network. A target locality sensitive hash is generated for a target file of a private computer network. The global and local LSH databases are searched for a locality sensitive hash that is similar to the target locality sensitive hash. The target file is marked for further evaluation for malware or other cybersecurity threats when the target locality sensitive hash is not similar to any of the global and local locality sensitive hashes.

Abstract: According to various aspects, systems and methods are provided for improving a computer system's resistance to tampering. A PUF may be one component of a system. Other components of the system may not have the same level of protection against tampering as the PUF. According to one aspect, tamper protection provided by the PUF may be extended to one or more other components of the system, thus creating a network of tamper-resistant components. The system may include a tamper detection circuit that receives signals from the component(s). The tamper detection circuit generates an output signal based on the received signals that indicates whether any of the components has been tampered with. The PUF may be configured to use the output signal to generate secret information. If the output signal indicates that one of the components has been tampered with, the PUF may prevent generation of the correct secret information.

Abstract: The present innovative solution increases security to interceptor attacks and loss of cipher-characters, while not negatively impacting the processing resource and time requirements of cryptography processes. A novel Synchronous and Self-Synchronous Random Position Cipher (RPC) with arbitrary length key cryptography methodology and apparatus are presented which are based on a novel Aperiodic Pseudo-Random Number Generator (APRNG) using large seed numbers. The RPC does not replace plaintext characters with encryption characters but with the number of pseudo-random numbers that need to be generated by the APRNG to match the ASCII codes of the characters in the plaintext. Decryption uses the number of pseudo-random numbers that need to be generated by the APRNG to match the ASCII codes of the plaintext characters.

Abstract: Embodiments of the present application disclose a user management method and apparatus of a hybrid cloud. The user management method of a hybrid cloud is performed by a management platform of the hybrid cloud. The method includes the steps of: obtaining user data in a role-based access control (RBAC) system; determining, according to a historical record, historical user data that has been distributed to a cloud platform in the hybrid cloud; obtaining incremental data of the user data relative to the historical user data; and sending the incremental data to the cloud platform in the hybrid cloud.

Abstract: A method for configuring mobile online services for use with a transportation vehicle including providing a configuration system which assigns data contents to a data release class, providing a selection possibility for a user by the configuration system by which selection possibility the user allows one or more mobile online services to use the data contents of a data release class, selecting a data release class for the one or more mobile online services, and releasing the data contents of the selected data release class for use by the mobile online service by the configuration system. The method provides for enabling transparent and conveniently usable data protection configuration for the use of mobile online services together with a transportation vehicle which leads to increased trust of customers and potential buyers in the transportation vehicle manufacturer and in the offered mobile online services.

Abstract: Techniques are disclosed of enabling projects to be managed for grouping artifacts about related network activity. A graphical interface can be provided to enable users to create both public and private projects with information including names, descriptions, collaborators and monitoring profiles. A project can include context and history of the project so multiple users can collaborate within a project to view the analysis process as assets are identified in the project. Information is retrieved for identified assets in separate projects and is available for display in the graphical interface.

Abstract: Systems and methods of dynamic management of private data during communication between a remote server and a user's device, including receipt of a request for retrieval of at least one data packet from the user's device, wherein the user's device is configured to provide a response corresponding to the received request, determination of at least one communication data type of the at least one data packet corresponding to the received request, receipt of a privacy preference for the user's device, wherein the privacy preference comprises a list of allowed data packet communication types for sharing during communication, modification of data packets corresponding to requests for sharing of responses that are not compatible with the received privacy preference and maintenance of communication between the remote server and the user's device, with sharing of the modified data packet.

Abstract: In one example embodiment, a computing device has a processor that executes a processor instruction stream that causes the processor to perform one or more operations for the computing device. The computing device generates one or more trace data packets including a first instruction pointer of the processor instruction stream, a second instruction pointer of the processor instruction stream subsequent to the first instruction pointer, and a string of characters derived from instructions associated with a control flow transfer between the first instruction pointer of the processor instruction stream and the second instruction pointer of the processor instruction stream. The computing device determines whether the one or more trace data packets are consistent with a secure processor instruction stream known or determined to be secure from malicious processor instructions and, if not, generates an indication that the processor instruction stream is not secure.