Abstract: Disclosed is an improved approach for identifying security risks and breaches in a network by applying machine learning methods that learn resource access patterns in the network. Specifically, by observing the access pattern of the network entities (e.g. accounts, services, and hosts) from authorization requests/responses, the model through unsupervised learning, organizes the entity relationships into an ensemble of hierarchical models. The ensemble of hierarchical models can then be leveraged to create a series of metrics that can be used to identify various types of abnormalities in the access of a resource on the network. For instance, by further classifying the access request for a resource using abnormality scores into detection scenarios, the model is able to detect both an abnormality and the type of abnormality and include such information in a corresponding alarm when a security breach happens.

Abstract: For zero-touch provisioning of devices at scale using device configuration templates by device type, a secure element, a provisioning wizard, a provisioning client, an enrollment client, an update client, an enrollment service, an update publisher service, signing and encryption certificates, a method including generating device configuration templates for enrollment and update by device type, sending device configuration templates signed with a device owner signing certificate, and a device owner encryption certificate to the device manufacturer, generating a device configuration for a device based on the device configuration templates using a secure element on the device for immutable device identity, an extended configuration for the device, signing the device configuration with a device manufacturer signing certificate and a secure element signing certificate, encrypting the doubly signed device configuration with an owner encryption certificate, configuring bootstrap metadata, and configuring the device

Abstract: A threat monitoring and vulnerability management system is disclosed. The system includes one or more sensors configured to scan a frequency spectrum of a project 25 (P25) network and to collect data on the P25 network.

Abstract: Disclosed herein are methods and systems for an intelligent, interactive, and augmented reality (AR) cloud platform. The platform can be implemented in many applications, such as providing real-time intelligent and interactive control between user input data and the resulting AR data, providing real-time and effective AR-based communication, or providing real-time control of physical devices in a remote network.

Abstract: A computer implemented method of executing a software module includes a machine learning algorithm as an executable software component configurable to approximate a function relating a domain data set to a range data set; a data store; and a message handler as an executable software component arranged to receive input data and communicate output data for the module, wherein the message handler is adapted to determine domain parameters for the algorithm based on the input data and to generate the output data based on a result generated by the algorithm, the method including generating a message as input data for the module, the message including instructions for execution by the module to effect a modification of the machine learning algorithm of the module.

Abstract: An example operation may include one or more of receiving a request associated with a key-value pair stored in a database, determining whether a state of the key-value pair has changed since a most recently received request, and in response to a determination that the state of the key-value pair has changed, generating a data block that includes a changed state of the key-value pair and adding the generated data block to a hash-linked chain of data blocks.

Abstract: An example method includes initializing a configuration file for a machine learning model, wherein the initializing is performed in response to receiving a request from a user, and wherein the configuration file comprises a plurality of sections that is configurable by the user, configuring at least one parameter of a feature engineering rules section of the configuration file, wherein the configuring the at least one parameter of the feature engineering rules section is based on a first value provided by the user, configuring at least one parameter of an algorithm definitions section of the configuration file, wherein the configuring the at least one parameter of the algorithm definitions section is based on a second value provided by the user, and populating the configuration file using the feature engineering rules section as configured and the algorithm definitions section as configured, to generate the machine learning model.

Abstract: A computer-implemented method for team-sourced anomaly vetting via automatically-delegated role definition. The method may include automatically determining that an event of the computing system corresponding to activity of an end user is anomalous. Based on the anomalous event, a permission store of the computing system may automatically be edited to include an access restriction on the end user, and a notification may be automatically generated and transmitted to one or both of the end user and another end user. The notification may provide access to an executable statement including code configured to be executed to remove the access restriction. A call to the executable statement by the other end user may be automatically received. Further, the permission store may be automatically edited to remove the access restriction on the end user.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

Abstract: In an industrial system, a data capture apparatus can be configured to operate as a unidirectional communication connection between a private network and a public network. The data capture apparatus can be further configured to collect raw data from the private network. The raw data can define a data distribution. The data capture apparatus can be further configured, based on the data distribution of the raw data, to generate anonymized or synthetic data that represents the raw data. The anonymized data can be transmitted over the unidirectional communication connection to a receiver machine of the data capture apparatus. In some cases, the receiver machine can send the anonymized data to an analysis system within the public network, such that the raw data can be analyzed by the analysis system, based on the anonymized data that represents the raw data, without the analysis system obtaining the raw data.

Abstract: A method provides a security action based on identity profile scores. One or more processors represent an identity profile as a knowledge graph. The processor(s) associate a set of changes of the identity profile across a plurality of identity networks with a fraud score. The processor(s) then implement a security action based on the fraud score.

Abstract: Provided is a data protection method which includes: receiving transaction data which includes a first hash value obtained from history information of a home; obtaining, from a data server, a second hash value computed by the data server performing computation processing on encrypted history information without decrypting the encrypted history information, the encrypted history information being history information of the home encrypted using a secure computation method which enables computation without decrypting the encrypted history information, the encrypted history information being obtained from the home; verifying the transaction data, and determining whether the first hash value and the second hash value match; and when a validity of the transaction data is verified and the first hash value and the second hash value match, recording the transaction data in a distributed ledger.

Abstract: This specification discloses a quantum public-key cryptosystem. The quantum public-key cryptosystem may use two rotation operators R{circumflex over (n)}(?) and R{circumflex over (m)}(?) satisfying a cyclic evolution. The two rotation operators R{circumflex over (n)}(?) and R{circumflex over (m)}(?) do not have a commutation relation or an anti-commutation relation with each other. The commutation relation or the anti-commutation relation is established when either of the following conditions is satisfied: ?=2i?, ?=2j?, or {circumflex over (n)}·{circumflex over (m)}=1 (i, j=integer), and ?=(2k+1)?, ?=(2l+1)?, or {circumflex over (n)}·{circumflex over (m)}=0 (k, l=integer).

Abstract: The disclosed computer-implemented method may include receiving, from a third party, a portion of data or computer-executable logic that is part of a specified model. Each model may include various portions of independently verifiable computer-executable logic. The method may further include receiving data at a processing engine. The processing engine may be configured to apply the specified model to the received data. The method may then execute the specified model at the processing engine to modify the received data and send the modified data to an application that is configured to process the modified data. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Apparatus and method for device and data authentication in a computer network, such as but not limited to an IoT (Internet of Things) network. In some embodiments, a trust hub device is coupled to an interconnectivity device. The trust hub device includes a controller and non-volatile memory (NVM), and may be a network capable data storage device. The interconnectivity device is configured as an Internet of Things (IoT) or Operational Technology (OT) device, and includes a controller and a sensor. Data from the sensor are transferred from the interconnectivity device to the trust hub device. The trust hub device proceeds to attest a provenance of the data from the sensor to a remote entity associated with the interconnectivity device. The trust hub device includes a firewall to the external network, establishes a root of trust for the local interconnectivity device, and performs enrollment and signing services for the interconnectivity device.

Abstract: Methods and systems are described for a media guidance application that enhances the viewing experiences of users consuming a sequence of media. In particular, the media guidance application may enhance the viewing experiences of users consuming a sequence of media by removing portions of redundant media that were previously consumed by the user.

Abstract: The present disclosure relates to processing operations that execute image classification training for domain-specific traffic, where training operations are entirely compliant with data privacy regulations and policies. Image classification model training, as described herein, is configured to classify meaningful image categories in domain-specific scenarios where there is unknown data traffic and strict data compliance requirements that result in privacy-limited image data sets. Iterative image classification training satisfies data compliance requirements through a combination of online image classification training and offline image classification training. This results in tuned image recognition classifiers that have improved accuracy and efficiency over general image recognition classifiers when working with domain-specific data traffic. One or more image recognition classifiers are independently trained and tuned to detect an image class for image classification.

Abstract: According to various aspects, a blockchain entity is described herein to include a receiver configured to receive a digital signature of a certification entity for a cooperation between the blockchain entity and an off-chain device, a validity checker configured to check whether the digital signature for the cooperation is valid, and a controller configured to perform the cooperation with the off-chain device if the digital signature for the cooperation is valid.

Abstract: Communication circuitry associates a data source with a source Identifier (ID) and a cryptographic key and associates a data target with a target ID, contact token, contact condition, and contact information. The communication circuitry receives and decrypts the encrypted source ID, the encrypted target ID, and the encrypted contact token with the cryptographic key, and in response, authenticates the source ID, authenticates the target ID, and validates the contact token. When the authentication and validation are successful, the communication circuitry selects a portion of the contact information based on the contact condition, encrypts the selected contact information, and transfers the encrypted selected contact information to the data source. The data source uses the selected contact information and the contact token to transfer data to the data target. The data target uses the contact token to validate the data source.

Abstract: A plurality of events associated with each of a plurality of computing nodes that form part of a network topology are monitored. The network topology includes antivirus tools to detect malicious software prior to it accessing one of the computing nodes. Thereafter, it is determined that, using at least one machine learning model, at least one of the events is indicative of malicious activity that has circumvented or bypassed the antivirus tools. Data is then provided that characterizes the determination. Related apparatus, systems, techniques and articles are also described.