Abstract: A Pervasive Intermediate Network Attached Storage Application (PINApp) enables users to digitally assign (pin) a folder or drive to a public cloud storage service for the purpose of sharing their digital content with others. The PINApp enables users to engage the cloud storage services without the need to upload the digital content to the cloud in order for it to be viewed or shared. The Asynchronously Rendered Conduit (ARC) allows content owners to create rules to govern the private and public usage of digital content across users, devices, networks, and realms.

Abstract: A method for protecting a device from information attacks, in which received from the at least one device are checked by a security device, included in the at least one device, for an information attack, and for the case that the received data are associated with an information attack, characteristic data concerning the information attack are stored in the at least one device and transmitted via a communication interface to a unit in communicative connection with a plurality of devices, and the unit evaluates the characteristic data transmitted from the at least one device and outputs a warning message to at least a portion of the devices in communicative connection with the unit as a function of at least one predefined criterion.

Abstract: A computer storage array detects and counters denial of service (DoS) attacks and provides one or more remote initiators with access to one or more storage devices connected to the computer storage array. computer storage array includes: a computer processor configured to run an operating system for managing networking protocols; a networking device configured to monitor and route network traffic, at a packet level to, and from the storage devices; a baseboard management controller (BMC) configured to detect a DoS attack based on monitoring of statistics of the network traffic by the networking device; a PCIe switch connecting the BMC with each of the storage devices via a PCIe bus; and a computer motherboard to which the computer processor, networking device, BMC and PCIe switch are installed.

Abstract: Technologies relating to converting an alphanumerical string that comprises personally identifying data (PID) into a signature for the string are described herein. The string is partitioned into several substrings, where each substring includes at least one character. For each substring, a sequence of bits that is uniquely mapped to the substring is retrieved from a mapping table. Thereafter, at least one bit is removed from each sequence of bits to create updated sequences of bits, and the updated sequences of bits are ordered based upon their values. For each updated sequence of bits, a substring that is uniquely mapped to the updated sequence of bits is retrieved from the mapping table. The retrieved substrings are concatenated in the order corresponding to the updated sequence of bits.

Abstract: A system and method for botmaster discovery are disclosed. The system and method may be used in a network that has a plurality of known malicious domains, a plurality of servers each having a known malicious internet protocol (IP) address in which each server is associated with one or more of the plurality of domains, a plurality of hosts associated with one or more of the plurality of servers wherein the host is one of a bot which is compromised host and involved as a part of resource for cyber-crime purpose and a botmaster which involves bots for cyber-crime purpose.

Abstract: Data packets passing from a source to a destination in a network according to a Service Function Chain (SFC) are processed by an ordered sequence of at least one service function (SF). For each SF in the SFC in order, a current value of a function, such as a hash function, is recursively computed including, as input values, at least current identifying data that identifies a corresponding current one of the SFs, and a value of the function output from an immediately preceding SF. After computing the current value of the function for a selected SF in the SFC, the current value of the function is compared with an expected value. If the value of the function for the selected SF is the same as the expected value, the data packet is allowed to be transmitted to a subsequent processing stage; if not, then an error response action is taken.

Abstract: In some embodiments, upon detecting malicious activity associated with a user account, a content management system can identify other user accounts related to the malicious user account. The content management system can identify related user accounts by comparing authentication information collected for the malicious user account with authentication information collected for other user accounts. Authentication information can include IP address information, geographic information, device type, browser type, email addresses, and/or referral information, for example. The content management system can compare the content items associated with the malicious user account to content items associated with other user accounts to determine relatedness or maliciousness. After identifying related malicious user accounts, the content management system can block all related malicious user accounts.

Abstract: Bringing a non-isolated computer application into an isolation layer with an isolated computer application. In one embodiment, a method may include isolating a first computer application by executing the first computer application as a virtualized first computer application in an isolation layer. The method may also include receiving a request, from the virtualized first computer application, to share a computer object with a second computer application that is not executing in the isolation layer. The method may further include, in response to the receiving of the request, several acts. These acts may include executing, in real-time, at least a portion of the second computer application as a virtualized second computer application in the isolation layer. These acts may also include creating a virtualized computer object based on the computer object in the isolation layer. These acts may further include sharing the virtualized computer object in the isolation layer.

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

Abstract: Disclosed are systems, methods and computer program products for performing data backup using an unmanned aerial vehicle (UAV). An example method includes in response to detecting a data backup request from a user device, determining a geographic location of the user device and dispatching the UAV to the geographic location; controlling the UAV to obtain user data from the user device; and controlling the UAV to navigate to a data center to back up the obtained user data onto a cloud storage.

Abstract: Blockchain encryption techniques are provided. An exemplary method includes sending a signed transaction with at least two users to a blockchain; obtaining, by a first user, a public key of a second user from the blockchain; generating, by the first user, a symmetric key by combining a private key of the first user and the public key of the second user; encrypting, by the first user, a data item using the symmetric key; and providing the encrypted data item to the blockchain. The second user obtains the encrypted data item and a public key of the first user from the blockchain, and decrypts the encrypted data item using the symmetric key generated, by the second user, by combining a private key of the second user and the public key of the first user.

Abstract: Users desire a system that provides for the setting of custom, content-agnostic, permissions at a message, document, and/or sub-document-level through a communications network. Such a system may also allow the user to apply customized privacy settings and encryption keys differently to particular parts of a document. Customized encryption keys may be applied to particular parties (or groups of parties) to enhance the security of the permissions settings. In the case of structured document file types, dynamically-rendered content can present a challenge to accurately display to viewers, because one or more of the document's values referred to by the dynamically-rendered content may be encrypted or otherwise unavailable to the recipient—even though the dynamically-rendered content itself is viewable by the recipient.

Abstract: A method includes transmitting, by a user device, an encrypted user profile to a locking device, the encrypted user profile including a user key and encrypted by a server using a lock key; decrypting, by the locking device, the encrypted user profile using the lock key to generate a decrypted user profile and obtain the user key from the decrypted user profile; generating, by the user device, an encrypted firmware update command, the encrypted firmware update command encrypted using the user key of the user profile; transmitting, by the user device, the encrypted firmware update command to the locking device; decrypting, by the locking device, the encrypted firmware update command using the user key to generate a decrypted firmware update command; and installing, by the locking device, a firmware update in accordance with the decrypted firmware update command in response to successfully decrypting the encrypted firmware update command.

Abstract: A system and method for controlling manufacturing of one or more items may include providing a first 3D design representation, the first 3D design representation usable by a manufacturing device for manufacturing the item; encrypting the first 3D design representation to produce an encrypted 3D design representation; associating a set of tokens with the encrypted 3D design representation and providing the encrypted 3D design representation. A method or system may include obtaining a token and including the token in a request to manufacture the item; using the token to determine whether or not to provide a decryption key; and, if determining to provide the decryption key, using the decryption key to produce a second 3D design representation, the second 3D design representation usable by a manufacturing device for manufacturing the item.

Abstract: In some embodiments, an encryption system secures data using a homomorphic encryption. The encryption system encrypts a number by encrypting a number identifier of the number and combining the number and the encrypted number identifier using a mathematical operation to generate an encrypted number. The encrypted numbers may be stored at a server system along with their number identifiers. The server system can then generate an aggregation (e.g., sum) of the encrypted numbers and provide the aggregation, the encrypted numbers, and the number identifiers. The encryption system can then separate the aggregation of the numbers from the aggregation of the encrypted numbers using an inverse of the mathematical operation used in the encryption to effect removal of an aggregation of the encrypted number identifiers of the numbers from the aggregation of the encrypted numbers. The separated aggregation of the numbers is an aggregation of the plurality of the numbers.

Abstract: An analysis system that is able to obtain correct encryption key is provided. The analysis system includes a processing circuitry configured to function as a cryptanalysis processing unit. The cryptanalysis processing unit includes: a key candidate extraction unit that is configured to extract, from second data, one or more candidates of key data that include an encryption key that enables to decrypt first data encrypted by a specific encryption scheme, based on data indicating a feature of the key data; and a decryption unit that is configured to extract, from the extracted candidates of key data, correct key data that enables to correctly decrypt the encrypted first data, based on a result of decrypting the first data by use of the extracted candidates of key data.

Abstract: An information discriminating device includes an information acquiring unit, an information discriminating unit, and an information superimposing unit. The information acquiring unit acquires private information to be privately used by a user of the information discriminating device. The information discriminating unit discriminates a public information portion that is also usable as public information accessible by a special majority in the private information acquired by the information acquiring unit from a private information portion unusable as the public information. The information superimposing unit superimposes the private information portion on the public information.

Abstract: The embodiments herein provide a secure computing resource set identification, evaluation, and management arrangement, employing in various embodiments some or all of the following highly reliable identity related means to establish, register, publish and securely employ user computing arrangement resources in satisfaction of user set target contextual purposes.

Abstract: Apparatus and methods for balancing public and personal security needs in a computing device (1). In an apparatus embodiment, the device (1) has two partitions: a first partition (310) in which only applications (312) authorized by a protected application approval entity can execute; and a second partition (205, 210) in which applications that execute are accessible by an authorized external access entity (500). Coupled to the partitions (310, 205, 210) are protection modules (215, 250, 290) configured to protect data used by applications (312) authorized to execute in the first partition (310), and to prevent even authorized external access entities (500) from accessing protected data used by applications (312) authorized to execute in the first partition (310).

Abstract: A computing device computes a risk score for a user using a device based on a peer group identifier. Network activity measures characterize use of the device by the user. For each unique peer group identifier included in netflow records, a mean value is computed of each network activity measure. For each unique IP address and user identifier combination included in the netflow records, the mean value of each network activity measure is selected for a peer group identifier of the user; a risk score is computed by comparing each network activity measure for the unique IP address and user identifier combination to the selected mean value for the respective network activity measure; and when the risk score exceeds a predefined alert threshold, a high risk alert indicator is set indicating that the device is being used in an anomalous manner relative to other devices monitored by the computing device.