Abstract: Arrangements for detecting unauthorized activity based on input method analysis and monitoring are provided. In some aspects, identity information associated with a user may be received and be stored. An input may be received from a computing device of the user. An input pattern of the received input may be determined. Using a machine learning model, the input pattern of the received input may be compared to input patterns of humans and input patterns of machines. Based on the comparison, it may be determined whether the user is a human user or a non-human user. Responsive to determining that the user is a non-human user, a request may be transmitted to the user to provide increased authentication credentials. Responsive to determining that the user is a human user, an identity of the user may be verified by comparing the input pattern of the received input to the stored identity information.

Abstract: Embodiments of the technology described herein identify and mitigate phishing attempts by analyzing user input received at the operating system level. Initially, a credential, such as a username or password, is registered with the threat detection system. The technology described herein intercepts user input at the operating system level, generates a hash of the input, and compares it with a hash of a credential being monitored. The technology described herein will perform a threat assessment when a secret entry is detected. The threat assessment may use the application context and the network context as inputs to the assessment. When the threat assessment results in an unknown classification or when the snapshot is otherwise requested, a snapshot is captured to supplement the threat assessment. Based on user settings, the snapshot is consumed by a snapshot phishing machine learning model. Various mitigation actions may be taken when a threat is detected.

Abstract: An illustrative method for operating an agent configuration may include providing an unprivileged agentless workload scanning configuration to collect non-runtime workload data associated with a workload deployed within a cloud environment, determining one or more properties of the workload based on the non-runtime workload data, and performing an operation with respect to a privileged agent configuration deployed within the cloud environment and configured to collect runtime workload data associated with the workload.

Abstract: Real-time adjustment of the volume of passcode entry authentication attempts is performed based on systematic determinations of the likelihood that the passcode entrant is the rightful holder/user of the active passcode. Specifically, after an entered passcode has been determined to be incorrect, a determination is made as to the likelihood that the passcode entrant is the rightful holder of the active passcode and, based on such a determination, the number of authentication attempts afforded the passcode entrant is either increased, decreased or exhausted. Systematic determination of the likelihood that the passcode entrant is the rightful holder/user of the active passcode is accomplished by applying predetermined mismatched passcode rules and comparing machine learning (ML)-based user authentication behavior patterns to characteristics of the current authentication attempt.

Abstract: A computing system receives encrypted data that can be decrypted by a first secret to obtain data, wherein the first secret is securely stored by the system, determines that the data encodes a second secret and executable code usable to perform cryptographic operations, and run the executable code to perform the cryptographic operations. The first secret may be a one-time pad.

Abstract: Methods and systems for managing policies for data processing systems are disclosed. A management controller for the data processing system may utilize an out of band communication channel to obtain a policy for the data processing system from a trusted management system if the data processing system is reported as lost or stolen by an owner of the data processing system. The management controller may identify a state of the data processing system as powered or unpowered. The management controller may then identify one or more actions specified by the policy and based on the state of the data processing system to be performed. By doing so, the management controller may discourage unintended use of the data processing system by a user other than the owner of the data processing system.

Abstract: A method includes receiving, at a server from a user device, a user query to a large language model (LLM), creating an LLM query from the user query, inserting a system prohibited request into the LLM query to generate a revised LLM query, and sending the revised LLM query to the LLM. The method further includes receiving, from the LLM, a first LLM response to the LLM query, testing the first LLM response to detect whether a prohibited response to the system prohibited request is included in the first LLM response, and setting a prompt injection signal based on whether the prohibited response to the system prohibited request is included in the first LLM response.

Abstract: The invention provides mechanisms for enhancing the security and protection of a computer-based system or network. It relates, in part, to the use of a decoy (which may be termed “honeypot” or “honeynet”) for collecting attacker-related data, and/or diverting malicious behaviour away from legitimate resources. In one embodiment, the invention provides a method comprising the steps of receiving, processing and logging network traffic data of a plurality of users, where the network traffic is received from a plurality of participating users; determining an attacker profile from the network traffic data; determining a honeypot or honeynet configuration based on the attacker profile; and upon receipt of a valid information request from a user of the plurality of users, providing the determined attacker profile and configuration to the user.

Abstract: A method includes receiving, by a first Bluetooth device, an identity resolving key (IRK) from a server, and generating a resolvable private address based on the IRK. The method further includes sending, by the first Bluetooth device, a broadcast message. The broadcast message includes the resolvable private address. The resolvable private address is successfully verified by a second Bluetooth device pre-configured with the IRK.

Abstract: A storage port receives a login request. The storage port configures an audit mode indicator as enabled in a login response to a host port to enter a security enabled mode to indicate to the host port that Input/Output (I/O) operations are to be transmitted from the host port to the storage port even if authentication or security association negotiation with the storage port cannot be completed successfully.

Abstract: A computer-implemented method of generating and distributing keys includes generating, based on a master key, a keyset, wherein the keyset comprises a re-encryption key, generating a key distribution request comprising the keyset, encrypting the keyset using an inbox key associated with a client device to generate an encrypted keyset, sending the re-encryption key to a key manager, and causing to distribute the encrypted keyset to the client device.

Abstract: A digital object is associated with a smart contract that stores a first hash value to represent a user device used to acquire ownership of the digital object. When a request to transfer ownership of the digital object from a first user to a second user is received, a user account of the first user is accessed to retrieve information identifying a user device associated with the user account of the first user. The first hash value in the smart contract is authenticated based on the information representing the first user's device. If the first hash value is determined to match the user device information stored in the first user's account, a token representing the digital object is transferred to a wallet associated with the second user. The smart contract is updated to include a second hash value that represents a user device used by the second user to request the ownership transfer of the digital object.

Abstract: Secure auditability of monitoring processing using public ledgers that are particularly useful for monitoring surveillance orders, whereby an overseeing enforcer (“E”) checks if law enforcement agencies and companies are respectively over-requesting or over-sharing user data beyond what is permitted by the surveillance order, in a privacy-preserving way, such that E does not know the real identities of the users being surveilled, nor does E get to read the users' unencrypted data. Embodiments of the present invention also have inbuilt checks and balances to require unsealing of surveillance orders at the appropriate times, thus enabling accounting of the surveillance operation to verify that lawful procedures were followed, protecting users from government overreach, and helping law enforcement agencies and companies demonstrate that they followed the rule of law.

Abstract: A system generates vector representations of entries of traffic logs generated by a firewall. A first model learns contexts of values recorded in the logs during training, and the system extracts vector representations of the values from the trained model. For each log entry, vectors created for the corresponding values are combined to create a vector representing the entry. Cluster analysis of the vector representations can be performed to determine clusters of similar traffic and outliers indicative of potentially anomalous traffic. The system also generates a formal model representing firewall behavior which comprises formulas generated from the firewall rules. Proposed traffic scenarios not recorded in the logs can be evaluated based on the formulas to determine actions which the firewall would take in the scenarios. The combination of models which implement machine learning and formal techniques facilitates evaluation of both observed and hypothetical network traffic based on the firewall rules.

Abstract: Techniques are provided for aggregate inline deduplication and volume granularity encryption. For example, data that is exclusive to a volume of a tenant is encrypted using an exclusive encryption key accessible to the tenant. The exclusive encryption key of that tenant is inaccessible to other tenants. Shared data that has been deduplicated and shared between the volume and another volume of a different tenant is encrypted using a shared encryption key of the volume. The shared encryption key is made available to other tenants. In this way, data can be deduplicated across multiple volumes of different tenants of a storage environment, while maintaining security and data privacy at a volume level.

Abstract: A system and method for performing machine learning in a mobile computing device which is configured to be coupled with a cloud computing system is disclosed. The method may include activating, on the mobile computing device, a machine learning application, which accesses a local machine learning system including a local machine learning model, periodically updating the local machine learning system based upon updates for the local machine learning system received from a global machine learning system hosted by the cloud computing system, performing machine learning based on received training data, and periodically transmitting changes to the local machine learning system from the mobile computing device to the global machine learning system hosted by the cloud computing system.

Abstract: Disclosed are embodiments for injecting sidecar proxy capabilities into non-sidecar applications, allowing such non-sidecar applications to communicate with a service mesh architecture. In an embodiment, a method comprises receiving a request to instantiate a proxy for a non-sidecar application at a service mesh gateway (SMG). The SMG then instantiates the proxy in response to the request and broadcasts network information of the non-sidecar application to a mesh controller deployed in a containerized environment. Finally, the SMG (via the proxy) transmits data over a control plane that is communicatively coupled to the mesh controller.

Abstract: Systems, apparatuses, and methods related to securing domain crossing using domain access tables are described. For example, a computer processor can have registers configured to store locations of domain access tables respectively for predefined, non-hierarchical domains. Each respective domain access table can be pre-associated with a respective domain and can have entries configured to identify entry points of the respective domain. The processor is configured to enforce domain crossing in instruction execution using the domain access tables and to prevent arbitrary and/or unauthorized domain crossing.

Abstract: A method in a client computing device includes: establishing an association with a communications network in a first connection time period; via an authentication session with an authentication server of a communications network in an authentication time period following the first connection time period, obtaining at least one key value for use in accessing the communications network; storing reauthentication data associated with the at least one key value; responsive to disconnecting from the communications network, discarding the at least one key value and retaining the reauthentication data; responsive to a reconnection command: deriving the at least one key value from the reauthentication data, establishing a further association with the communications network in a second connection time period by sending an association request to the communications network, the association request containing the at least one key value, and accessing network resources via the communications network following the second co

Abstract: Subscriber identity module (SIM) swap scam detection include receiving wireless network data based on passive monitoring of a wireless network; identifying a subscriber identity module, SIM, card change in user equipment, UE, based on changes in identifiers in the wireless network data; identifying a commercial user communication with the UE after the SIM card change; and detecting potentially fraudulent activity for the UE based on a combination of the SIM card change, the commercial user communication, and a time period therebetween. The steps can further include providing an alert of the potentially fraudulent activity identifying the commercial user communication as a possible SIM swap scam.