Abstract: Certain aspects of the present disclosure provide techniques for summarizing data in a distributed system. Embodiments include generating an ordered list of blocks by iterating through a first group of blocks of a hash chain starting at a last block of the hash chain and adding each of the first group of blocks of the hash chain to the ordered list. Embodiments further include generating summary data by applying a summary function to the first group of blocks based on the ordered list. The summary function may take the ordered list as an input and provide the summary data of the first group of blocks as an output. Embodiments further include generating a summary block comprising the summary data and adding the summary block to a summary chain.

Abstract: Embedding of digital tokens within a digital video can occur cryptographically using a public key in some embodiments. The digital video may be altered in a variety of ways so that the video itself contains an integrated token that can represent various quantities. Audiovisual data can be altered to contain both a token and a perceptible user auditory or visual cue as to the presence of the encrypted digital token. A video with an embedded digital token may be sent to users on the Internet. A video recipient may be able to view the video and also take additional action or gain additional functionality from the digital token embedded in the video. Tokens can be embedded by altering video metadata so that the perceptible video content itself is not changed in some embodiments.

Abstract: A method of performing secure end to end communication between users, the method includes registering a plurality of devices corresponding to a first user having a first user profile stored within a repository, each device having a unique asymmetric public-private key pair, publishing the public key of each device of the first user on the first user profile, storing the private key of each device on corresponding device of the first user, using the published public keys, a second user encrypting and sending a secure message to the first user, and receiving and decrypting the encrypted secure message from the second user on all registered devices corresponding to the first user stored within the repository using the stored private key on each device.

Abstract: A lateral movement application identifies lateral movement (LM) candidates that potentially represent a security threat. Security platforms generate event data when performing security-related functions, such as authenticating a user account. The disclosed technology enables greatly increased accuracy identification of lateral movement (LM) candidates by, for example, refining a population of LM candidates based on an analysis of a time constrained graph in which nodes represent entities, and edges between nodes represent a time sequence of login or other association activities between the entities. The graph is created based on an analysis of the event data, including time sequences of the event data.

Abstract: A user equipment (UE) has both cellular and non-cellular links. The network sends it a first indication to maintain using a first set of security keys generated from a parameter specific to a source access node after the UE hands over the cellular link to a target access node without changing a wireless termination (WT) that is connected with the UE via the non-cellular link. The network uses that key to maintain the non-cellular link with the UE after the cellular link handover. From the UE's perspective it uses that key to authenticate its non-cellular link prior to the cellular link handover, but this handover does not change the WT which communicates with the UE via the non-cellular link so the UE can, only in response to receiving a first indication associated with the handover, use that same key to maintain that non-cellular link after the handover.

Abstract: A protected link between a first computing device and a second computing device is set up, wherein communication over the protected link is to comply with a communication protocol that allows packets to be reordered during transit. A plurality of packets are generated according to a packet format that ensures the plurality of packets will not be reordered during transmission over the protected link, the plurality of packets comprising a first packet and a second packet. Data of the plurality of packets are encrypted for transmission over the protected link, wherein data of the first packet is encrypted based on the cryptographic key and a first value of a counter and data of the second packet is encrypted based on the cryptographic key and a second value of the counter.

Abstract: A machine learning method comprises: receiving input data comprising a set of feature variables each indicating features of a plurality of entities; encoding partial order relations between entities of the plurality of entities as a set of logic rules; constructing a hypergraph comprising a plurality of vertices representing the entities of the plurality of entities and a plurality of hyperlinks linking similar entities of the plurality of entities; adding directed edges to the hypergraph to represent partial order interactions between entities to form a partial order hypergraph; representing the partial order hypergraph as a set of matrices; forming an objective function using the logic rules and matrices of the set of matrices; minimizing the objective function to obtain a prediction function; and outputting an indication of the prediction function.

Abstract: A graph neural network to predict net parasitics and device parameters by transforming circuit schematics into heterogeneous graphs and performing predictions on the graphs. The system may achieve an improved prediction rate and reduce simulation errors.

Abstract: Techniques are described herein for performing key rotation and key replacement. In an embodiment, a request is received that specifies key names. A first set of messages is generated, where each message identifies a table that is associated with the encrypted-data locations, and stored in a queue for processing by a first plurality of worker processes. Each worker process retrieves a message from the queue and generates a second message that identifies a subset of encrypted data records from the table. Each second message is stored in a distinct queue which is assigned to a worker process of a second plurality of worker processes. Each worker process retrieves the message from the assigned queue, decrypts the subset of encrypted data records, re-encrypts the decrypted data records using a new encryption key that corresponds to a new key name, and stores the re-encrypted data records in a database.

Abstract: A method and a system for providing location-based augmented reality (AR) administration and management are described herein. An AR engine of a computing device receives login credentials from a user, identifies the user based on the login credentials and a privilege level associated with the user, and grants the user access to the AR engine based on the identity of the user and the privilege level associated with the user. The AR engine also selects the user to have enhanced privileges based on the identity of the user and the privilege level associated with the user. The enhanced privileges comprise granting the user increased interaction capabilities with digitally created content by the AR engine. The AR engine engages a GPS engine and/or a camera of the computing device to create a defined area in the real world for the user. If the GPS engine determines that the user is within the defined area, the user is provided the enhanced privileges.

Abstract: An information processing system including a communication unit that acquires information related to an interaction between objects from a sensing device that detects the interaction between the objects, an emotion information database constructed by accumulating an evaluation value used when an emotion value of each object generated based on the information related to the interaction between the objects is calculated, a certification unit that certifies the sensing device and issues certification information to the sensing device, and an authentication unit that authenticates the information related to the interaction transmitted from the sensing device based on the certification information issued to the sensing device.

Abstract: Some examples relate generally to managing and storing data, and more specifically to the real-time detection of ransomware, system (or insider) threats, or the misappropriation of credentials by using file system audit events.

Abstract: Disclosed examples include during basic discovery, provide information from a local device to a first remote trusted device, the information to indicate the local device supports trusted discovery and to establish the local device as a second remote trusted device; during the trusted discovery, access, by the local device, a trusted discovery message received from the first remote trusted device; in response to verifying security credentials identified in the trusted discovery message for the first remote trusted device: add the first remote trusted device to a trusted network including the local device; and index, by the local device, a first service hosted by the first remote trusted device in a registry, the registry to identify second services available to the local device and corresponding locations of the second services.

Abstract: Various embodiments provide for tag-based application of a masking policy, which can be used in connection with a data platform. In particular, various embodiments enable enforcement of one or more masking policies against an entity (e.g., object) of a data platform, such as a database, a table, a row, or a column, based on one or more tags associated with the entity.

Abstract: A method is provided for determining command-to-process correspondence. The method includes identifying, by the hardware processor, initial processes resulting from executions of container immutability change events for each of multiple containers in a cluster, based on an execution time, a process identifier and a process group identifier for each of the container immutability change events. The method further includes checking, by the hardware processor, if an initial process from among the identified initial processes matches an entry in a database that stores external container commands and at least one respective process resulting from executing each of the external container commands.

Abstract: Methods and systems disclosed herein describe using machine learning to lock and unlock a device. Machine learning may be trained to recognize one or more features. Once the device has been trained to recognize one or more features, a user may define an unlock condition for the device using the one or more trained features. After defining the unlock condition, the device may be locked by verifying the one or more features that the user defined as the unlock condition using machine learning. When verification is successful, the device may be unlocked and the user allowed to access the device.

Abstract: A method for generating a secret key at a first node for data communication between the first node and a second node. A channel estimate of a communication channel between the first and second nodes is obtained. A time-frequency matrix associated with the communication channel is then obtained based on the time-frequency transformation of the channel estimate. The secret key is then produced based on the time-frequency matrix. Furthermore, a corresponding key generator may be provided for generating a secret key.

Abstract: A device management service at a provider network may assign a contextual identity to a newly installed device at a client network based on proximity of other devices to the new device. When a new device is installed on a client network, the device broadcasts a request for proximity data. When another device receives the request, it generates proximity data. For example, it may measure a strength of the radio signal received from the new device, which varies depending on how close the devices are. The new device receives proximity data from the other devices on the client network. The new device then transmits the proximity data to a device management service. The device management service uses an algorithm to determine an estimated location of the new device based on the proximity data. The device management service determines a contextual identity of the new device based on the estimated location.

Abstract: Disclosed is a method for secured communication by a V2X communication device. A method for secured communication by a V2X communication device comprises the steps of: receiving a message on the basis of V2X communication; extracting adaptive certificate pre-distribution (ACPD) target information when the message includes the ACPD target information; pre-authenticating a short-term certificate; and transferring the pre-authenticated short-term certificate so that the pre-authenticated short-term certificate can be broadcasted at a predicted position.

Abstract: A device may load a process under test into virtual memory associated with the device. The virtual memory may include a plurality of memory pages. The device may insert a malware inspection element and a memory tracking element into the process under test and may provide a notification of an event associated with the process under test to a memory tracking element. The device may identify, using the memory tracking element, one or more memory pages of the plurality of memory pages. The one or more memory pages may be assigned to, and used by, the process under test. The device may generate, based on identifying the one or more memory pages, a memory map, associated with the process under test, that may include information identifying the one or more memory pages as being assigned to, and used by, the process under test.