Abstract: The invention is a system that provides cybersecurity comprising: several devices connected to a wireless network; a monitoring device that monitors all the devices connected to a wireless network; wherein the monitoring device can remove a device from the wireless network; wherein the monitoring device detects any new devices attempting to join the wireless network; wherein the monitoring device determines whether a new device should be allowed to join the wireless network; wherein the monitoring device calculates the physical location of any new device attempting to join the wireless network; wherein the monitoring device can use the physical location of any new device in order to determine whether the new device is new or anomalous; and wherein the monitoring device keeps a registry of an electronic signature from each of the devices the monitoring device has approved to be on the wireless network.

Abstract: The invention relates generally to systems and methods for a medical data marketplace where de-identified medical data can be offered for sale or licensing, and prospective customers can search for the medical data using various criteria. The marketplace facilitates clinical research activities, clinical trials, medical research, medical technology development, and the like, while preserving HIPPA privacy protections, and allows medical data owners to monetize the data in an efficient manner.

Abstract: Techniques are disclosed relating to malware clustering based on execution-behavior reports. In some embodiments, a computer system may access malware information that includes a plurality of reports corresponding to a plurality of malware samples. In some embodiments, each of the malware reports specifies a set of features relating to execution behavior of a corresponding malware sample. The computer system may, in various embodiments, process the plurality of reports to generate a plurality of vectors that includes, for each of the malware samples, a corresponding vector indicative of the execution behavior of the corresponding malware sample. Based on the plurality of vectors, the computer system may generate similarity values indicative of a similarity between ones of the plurality of vectors. Further, based on the similarity values, the computer system may assign each of the plurality of malware samples to one of a plurality of clusters of related malware samples.

Abstract: An example computer-implemented method of providing security for a software container includes discovering credentials that a software container is expected to use at runtime. The discovering is performed prior to instantiation of the software container from a container image, and is based on one or more of credentials stored in the container image, credentials stored in runtime configuration data for the software container, and credentials from a secrets management service. An unsafe credential set is determined that includes one or more of the discovered credentials that do not meet predefined credential safety criteria. A runtime request is intercepted from the software container. A credential violation is detected based on the intercepted runtime request attempting to use a credential from the unsafe discovered credential set. A corrective action is performed for the software container based on the detected credential violation.

Abstract: A method for preparing a credential package includes providing access to a credential record of a plurality of credential records stored in a database system. The credential record includes information identifying a credential candidate and credential information associated with the credential candidate. The method further comprising receiving a credential document associated with the credential information, receiving credential document information associated with the credential document, and storing the credential document in a distributed ledger system comprising a plurality of nodes.

Abstract: A distributed database encrypts tables using table encryption keys protected by a client master encryption key. The client may revoke authorization to access the client master encryption key. Subsequent to a revocation of authority to access the client master encryption key, the distributed database generates interim snapshots of the table using the table encryption key. Also subsequent to the revocation, the distributed database generates a backup of the table using a backup encryption key protected by the client master encryption key.

Abstract: A Trustonic DRM Plug-in is provided that can be downloaded and operate in conjunction with an Android framework. The solution also includes a PVP with the downloadable DRM. The system includes components that can be added by Trustonic based on the Android 4.3 Framework in addition to current t-base 300 that can be used by any DRM vendor. The system enables the DRM to be downloaded in the field since all DRMs could use the standard API services of the Android 4.3 OS. With a codec component employed like H.264 or HEVC that can use the PVP with the downloaded DRM component, the Android video player can use the component to satisfy HD content security requirements.

Abstract: Systems and methods are described for a data breach detection based on snapshot analytics. The described systems and methods identify a plurality of snapshots of a data structure, identify a plurality of leaf nodes of the data structure for each of the snapshots, generate a vector of data attributes for each of the leaf nodes, assign a weight to each of the vectors to produce a set of weighted vectors for each of the snapshots, compute a distance metric between each pair of the snapshots based on the corresponding sets of weighted vectors, and detect an abnormal snapshot among the plurality of snapshots based on the distance metrics.

Abstract: Embodiments relate to a computer system, computer program product, and method to prevent unauthorized file dissemination and replication. A file parameter is defined, with the defined file parameter including a file dissemination characteristic. The file is encoded with the defined file parameter as file metadata. Dissemination and replication of the file is managed responsive to the encoded file parameter. The defined parameter is assessed along with a physical replication destination. The file is selectively replicated or transmitted responsive to the file parameter and the destination assessment.

Abstract: A system and a method for a supply-chain hardware integrity for electronics defense (SHIELD) dielet embedded over a component of a device, a radio frequency identification (RFID) probe system coupled to the SHIELD dielet, and a secure server system communicating with the RFID probe system that can enable security services is provided. Embodiments include a multi-function SHIELD software defined, hardware enabled security system that provides hardware identity, anti-tamper, encryption key generation and management, trusted platform module services, and cryptographic software security services for a device.

Abstract: Systems and methods include determination of a first value to be blinded, determination of a first key value, generation of a first composite value based on the first value and the first key value, performance of a hash operation on the first composite value to generate a first hash value, seeding of a pseudorandom generator with the first hash value to generate a first pseudorandom value, truncation of the first hash value based on the first pseudorandom value to generate a first truncated value, and generation of a blinded value associated with the first value based on a blinding function comprising the first value and the first truncated value.

Abstract: Methods, systems, and devices for wireless communications are described. Aspects include a device generating data to be sent to a receiving device and determining to provide provenance for the data. The device may generate a data identifier based on an identifier generation key and encrypt the data using an encryption key generated from a key associated with an owner of the device. The device may sign they encrypted data transmission using a signing key where the signing key is based on the encrypted data and the data identifier. In some cases, the device may send the data to a receiving device via one or more proxy devices. In some cases, multiple device may send signed data transmissions to a proxy device and the proxy device may process the multiple data transmission and send the processed data to the receiving device. The receiving device may verify provenance of the data.

Abstract: A technique includes accessing data representing a state of a given investigation of a potential security threat to a computer system by a security analyst. The state includes a result of a current investigative step of the investigation, and the analyst conducting the investigation uses an investigation graphical user interface (GUI). The technique includes applying machine learning that is trained on observed investigations to determine a recommendation to guide the analyst in a next investigative step for the given investigation. The technique includes communicating the recommendation through an output provided to the investigation GUI.

Abstract: Provided is an apparatus for managing user authentication in a blockchain network and the apparatus comprises a processor configured to transmit, to a server, a request for a snapshot identifier (ID) with user data comprising at least one of one-time password, biometric data, context data, routine data, or device metadata, receive the snapshot ID generated based on the user data, initiate a transaction with the snapshot ID in the blockchain network comprising a blockchain server which authenticates the snapshot ID, and output blockchain transaction data associated with the transaction based on the authentication of the snapshot ID.

Abstract: The present embodiment relates to a machine-to-machine communication (M2M) technique, and to a method for a receiver processing a request message sent by a transmitter, and a device therefor. One embodiment provides a method and a device for an M2M device processing a message, the method comprising the steps of: receiving, from another M2M device, a request message including an operation parameter, a receiving-side parameter, a transmitting-side parameter and a request identification parameter; processing, according to an operation indicated by the operation parameter, a resource being processed including attribute information for indicating resource information; and transmitting a response message including response information for the request message.

Abstract: The present disclosure provides a method, system, and device for securely updating a software release across a network. To illustrate, a server may compile a transaction log that includes information corresponding to one or more nodes in the network to which the software release has been transmitted. The server may analyze one or more files based on vulnerability information to identify at least one file of the one or more files that poses a risk. The server may also identify at least one node of the network at which the at least one file is deployed. Based on identifying the at least one node, the server may transmit a corrective action with respect to the at least one node.

Abstract: The present disclosure relates to highly secure, high speed encryption methodologies suitable for applications such as media streaming, streamed virtual private network (VPN) services, large file transfers and the like. For example, encryption methodologies as described herein can provide stream ciphers for streaming data from, for example, a media service provider to a plurality of users. Certain configurations provide wire speed single use encryption. The methodologies as described herein are suited for use with blockchain (e.g. Bitcoin) technologies.

Abstract: Broadly speaking, the present technique provides methods, apparatuses and systems for performing a TLS/DTLS handshake process between machines in a manner that reduces the amount of data sent during the handshake process.

Abstract: An operating system of a mobile device defines an interface for an MDM to ensure security of the device. A private personal MDM (PPMDM) instead interfaces with the operating systems and one or more enterprise MDMs (EMDM) implement security policies through the PPMDM subject to user control. Data may be flagged as associated with an EMDM based on source or location to enable deletion due to theft or disassociation with an enterprise. Blocks or threat detection according to an EMDM policy may be reported to an EMDM in a non-invasive manner.

Abstract: A method comprises receiving an image of an update for a software module, a rate parameter, an index parameter, and a public key, generating a 32-byte aligned string, computing a state parameter using the 32-byte aligned string, generating a modified message representative, computing a Merkle Tree root node, and in response to a determination that the Merkle Tree root node matches the public key, forwarding, to a remote device, the image of the update for a software module, the state parameter; and the modified message representative.