Abstract: A simulated process is initiated. The simulated process includes generating, by an emulator, a control signal based on external inputs. The simulated process further includes processing, by a simulator, the control signal to generate simulated response data. The simulated process further includes generating, by a deep learning processor, expected behavioral pattern data based on the simulated response data. An actual process is initiated by initializing setpoints for a process station in a manufacturing system. The actual process includes generating, by the deep learning processor, actual behavioral pattern data based on actual process data from the at least one process station. The deep learning processor compares the expected behavioral pattern to the actual behavioral pattern. Based on the comparing, the deep learning processor determines that anomalous activity is present in the manufacturing system. Based on the anomalous activity being present, the deep learning processor initiates an alert protocol.

Abstract: An overlay to existing infrastructure that establishes trusted paths in a communication network to fulfill a fundamental need to identify and protect a trusted plane of devices and/or applications on a need specific basis is described. Establishing trusted paths operationally fulfills a fundamental need to identify and protect a trusted plane of devices and/or applications on a need specific basis as an overlay to the existing relatively unsecured network.

Abstract: Computerized techniques to determine and verify maliciousness of an object are described. A malware detection system intercepts in-bound network traffic at a periphery of a network to capture and analyze behaviors of content of network traffic monitored during execution in a virtual machine. One or more endpoint devices on the network also monitor for behaviors during normal processing. Correlation of the behaviors captured by the malware detection system and the one or more endpoint devices may verify a classification by the malware detection system of maliciousness of the content. The malware detection system may communicate with the one or more endpoint devices to influence detection and reporting of behaviors by those device(s).

Abstract: Utilizing a user computing device to remove privacy information. The user computing device may obtain a vehicle identification number associated with a target vehicle that has a target in-vehicle device from which privacy information of a user is to be removed. Using the vehicle identification number, the user computing device may obtain vehicle parameters associated with the target vehicle. The user computing device may obtain a privacy information removal file comprising an instruction set associated with removing privacy data from candidate in-vehicle devices, and may present the instruction set. The user computing device may obtain a user feedback experience. The user feedback experience may include a confirmation of removal of the privacy information from the at least one candidate in-vehicle device, user comments, a voice recording, or an image, captured by a camera of the user computing device, of the at least one candidate in-vehicle device.

Abstract: Embodiments of the present disclosure provide for improved SSD implementations and methods of using the same. Example embodiments utilize any of a myriad of wireless networking mechanisms for enabling access to a solid state storage drive. Some example embodiments include security mechanisms, such as biometric security, software-based authentication, and/or the like, for ensuring accurate user authentication before providing access to the storage. Some example embodiments provide indicators regarding executing functionality to further improve overall device security. Some example embodiments include a touch-adaptive display that provides various renderings associated with accessing the storage, performing storage functionality, configuring one or more aspects of the embodiment, and/or otherwise operating the storage in a manner desired by the user.

Abstract: A method including determining, by a device, an assigned key pair including an assigned public key and an assigned private key; determining, by the device for a folder including encrypted content, a folder access key pair including a folder access public key and a folder access private key; encrypting, by the device, the folder access private key by utilizing the assigned public key; and accessing, by the device, the encrypted content based at least in part on decrypting the folder access private key. Various other aspects are contemplated.

Abstract: Techniques for securing containerized applications are disclosed. In some embodiments, a system, process, and/or computer program product for securing containerized applications includes detecting a new application container (e.g., an application pod); deploying a security entity (e.g., a firewall) to the application container; and monitoring all traffic to and from the application container (e.g., all layer-7 ingress, egress, and east-west traffic associated with the application container) using the security entity to enforce a policy.

Abstract: A device configured to provide access to a digital document to a user device and to receive an access request for a first masked data element within the digital document. The device is further configured to generate a first blockchain transaction that identifies a machine learning model that is stored in a blockchain. The device is further configured to publish the first blockchain transaction in a blockchain ledger for the blockchain and to receive a second blockchain transaction from the machine learning model in response to publishing the blockchain transaction in the blockchain ledger. The second transaction indicates whether the user is approved for accessing the masked data element. The device is further configured to provide access to the first masked data element on the user device for the user in response to determining that the user is approved for accessing the masked data element.

Abstract: A method including determining, by a device, an assigned key pair including an assigned public key and an assigned private key; determining, by the device for a folder including encrypted content, a folder access key pair including a folder access public key and a folder access private key; encrypting, by the device, the folder access private key by utilizing the assigned public key; and accessing, by the device, the encrypted content based at least in part on decrypting the folder access private key. Various other aspects are contemplated.

Abstract: An apparatus for implementing a physically unclonable function via a network of interferometers implemented as a reconfigurable integrated optical circuit. The uncontrollable and non repeating fabrication variation in the manufacturing processes of integrated optics, combined with the sensitivity of interferometers creates inherently unique devices that can be used as reprogrammable physically unclonable function.

Abstract: The invention is a system based on decentralized ledgers to enable compliance with privacy regulations. A consumer identifier (consumer ID) allows consent provenance to be saved in a shared decentralized ledger. The consent ID also empowers consumers to query as to how their data has been moved through the data supply chain. The consumer data itself is not stored in the blockchain, only consents and data transfer events. A consent API allows companies to enter the original consumer consent in a consent ledger; a data transfer API allows companies to record transfers from one to another; and a subscription API allows companies to be notified of changes to a given consent.

Abstract: Systems and methods for managing data are disclosed. One method can comprise receiving a first request for a service, wherein the first request is associated with a first rights package. The first rights package can be processed to determine access to the service. An evaluation key can be generated, wherein the evaluation key represents the determination of access relating to the processing of the first rights package. A second request for a service can be received, wherein the second request is associated with a second rights package. The second rights package can be processed using the evaluation key.

Abstract: A method including determining, by a device, an assigned key pair including an assigned public key and an assigned private key; determining, by the device for a folder including encrypted content, a folder access key pair including a folder access public key and a folder access private key; encrypting, by the device, the folder access private key by utilizing the assigned public key; and accessing, by the device, the encrypted content based at least in part on decrypting the folder access private key. Various other aspects are contemplated.

Abstract: Disclosed are techniques for securing electronic control units (ECUs) in a vehicle. A security platform for a vehicle includes a key distribution center (KDC) for the vehicle. The KDC is configured to verify that a digital certificate associated with a first electronic control unit (ECU) on the vehicle is a valid certificate, where the digital certificate indicates a first security level of the first ECU. The KDC is configured to generate, based on the first security level of the first ECU, one or more security keys for secure communication between the first ECU and a set of ECUs on the vehicle, and provision the one or more security keys to the first ECU and the set of ECUs. In some embodiments, the KDC uses the provisioned keys to authenticate each ECU when the vehicle is powered up.

Abstract: Systems and methods are provided for use in responding to attribute queries related to identifying information for a user. One exemplary method includes receiving a request for an identity code for a user associated with identifying information, where the identifying information includes multiple attributes of the user, and generating the identity code and transmitting it to a computing device associated with the user. The method then includes receiving an identity request for the user from a requesting party including the identity code and at least one query related to at least one of the multiple attributes of the user, identifying the user based on the identity code, compiling a response to the at least one query based on the identifying information of the multiple attributes of the user, and transmitting the response to the requesting party.

Abstract: An agent device for assisting one or more users is provided. The agent device supports a first operation mode in which the agent device is configured to identify individual users. Further, the agent device supports a second operation mode in which the agent device is configured to not identify individual users. The agent device includes a receiver circuit configured to receive, from an external device, a signal indicating that a person in the vicinity of the agent device does not want to be identified. Additionally, the agent device includes a control circuit configured to set an operation mode of the agent device to the second operation mode in response to receiving the signal.

Abstract: Systems, methods, and computer programming products leveraging the use of machine learning, cryptographic keys and blockchain technology for validating blockchain transactions. The disclosed systems, methods and products improve detection of malicious cyberattacks and fraud, while reducing occurrences of falsely invalidated transactions and improving overall blockchain security in both permissioned and permissionless blockchain networks. Classifiers are trained using machine learning and other classification techniques by building a transaction history to learn how to identify suspicious transactions on the blockchain. In permissionless and order-execute models of permissioned blockchains, cryptographic keys are publicly registered to guardians residing out of band, who may co-sign requests and override or resubmit transactions marked as suspicious by the classifiers.

Abstract: A hydrocarbon control system includes a base device, a field device, and a mobile device. The base device includes a key generator configured to generate a temporary key. The field device is configured to restrict or allow access based on verification of a received key. The mobile device is configured to communicate with the base device to receive the temporary key when in proximity of the base device, communicate with the field device to provide the temporary key to the field device when in proximity of the field device, and exchange data with the field device in response to the field device verifying the temporary key.

Abstract: This invention pertains to protecting communications between multiple sensors and emitters or securing data transmission between multiple computers or multiple vehicles. This invention provides a secure method for two or more parties to communicate privately, even when the processor has malicious malware or there is a backdoor in the main processor. In some embodiments, the energy received by the sensor is encrypted before it undergoes an analog to digital conversion. In some embodiments, the encryption occurs inside the sensor. In some embodiments, the encryption hardware is a part of the sensor and creates unpredictable energy changes that interact with the sensor. In some embodiments, there are less than 40 sensors in a communication system and in other embodiments there are more than 1 billion sensors. In some embodiments, the invention provides a method for the sensors of a network of self-driving cars to communicate securely.

Abstract: Mechanisms are provided to detect phishing exfiltration communications. The mechanisms receive an input electronic communication from a data network and process the input electronic communication to extract a structure token that represents the content structure of the input electronic communication. The structure token is input to a machine learning model that is trained to identify phishing exfiltration communication grammars, and relationships between phishing exfiltration communication grammars, in structure tokens. The machine learning model processes the structure token to generate a vector output indicating computed values for processing by classification logic. The classification logic processes the vector output from the machine learning model to classify the input electronic communication as either a phishing exfiltration communication or a non-phishing exfiltration communication, and outputs a corresponding classification output.